LinkedIn Clickjacking / Open Redirection

LinkedIn Clickjacking / Open Redirection: Posted Sep 15, 2012; Authored by Ajay Singh Negi; LinkedIn suffers from clickjacking and open URL redirection vulnerabilities.; tags | exploit, vulnerability; SHA-256 | b6579358ab8ea2745cc3360e9133088f1110d9aebb005e3b3138404134f48e5f; Download | Favorite | View

LinkedIn Clickjacking / Open Redirection

 Linkedin's Clickjacking & Open Url Redirection Vulnerabilities

# Vulnerability Title: Secondary Email Addition & Deletion Via Click
Jacking in Linkedin
# Website Link:  [Tried on Indian version]
# Found on: 06/08/2012
# Author:  Ajay Singh Negi
# Version: [All language versions would be vulnerable]
# Tested on: [Indian version]
# Reported On: 07/08/2012
# Status: Fixed
# Patched On: 10/09/2012
# Public Release: 15/09/2012




*Summary*

A Clickjacking vulnerability existed on Linkedin that allowed an attacker
to add or delete a secondary email and can also make existing secondary
email as primary email by redressing the manage email page.

*Details*

Linkedin manage email page (a total of 1 page) was lacking X-FRAME-OPTIONS
in Headers and Frame-busting javascript  measures to prevent framing of the
pages. So the manage email page could be redressed to 'click-jack' Linkedin
users. Below I have mentioned the vulnerable Url.


*1. Click Jacking Vulnerable Url:*
https://www.linkedin.com/settings/manage-email?goback=.nas_*1_*1_*1<http://www.google.com/url?q=https%3A%2F%2Fwww.linkedin.com%2Fsettings%2Fmanage-email%3Fgoback%3D.nas_*1_*1_*1&sa=D&sntz=1&usg=AFQjCNGkjluV_mUQz-l0-O4AE2x6J5lKqA>



# Vulnerability Title: Open Url Redirection in Linkedin
# Website Link:  [Tried on Indian version]
# Found on: 05/08/2012
# Author:  Ajay Singh Negi
# Version: [All language versions would be vulnerable]
# Tested on: [Indian version]
# Reported On: 06/08/2012
# Status: Fixed
# Patched On: 07/09/2012
# Public Release: 15/09/2012



*Summary*

Open Url Redirection using which an attacker can redirect any Linkedin user
to any malicious website. Below I have mentioned the vulnerable Url.


*Original Open Url Redirection Vulnerable Url:*

https://help.linkedin.com/app/utils/log_error/et/0/ec/7/callback/https%3A%2F%2Fhelp.linkedin.com%2Fapp%2Fhome%2Fh%2Fc%2Ffrom_auth%2Ftrue



*Crafted Open Url Redirection Vulnerable Url:*
https://help.linkedin.com/app/utils/log_error/et/0/ec/7/callback/http%3A%2F%2Fattacker.in<http://www.google.com/url?q=https%3A%2F%2Fhelp.linkedin.com%2Fapp%2Futils%2Flog_error%2Fet%2F0%2Fec%2F7%2Fcallback%2Fhttp%253A%252F%252Fattacker.in&sa=D&sntz=1&usg=AFQjCNHwFbje3XOKHpKQ48bGat-sG-MjCQ>


POC can be found on below mentioned Url:
http://computersecuritywithethicalhacking.blogspot.in/2012/09/linkedins-clickjacking-open-url.html

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Ubuntu 66 files
Gentoo 33 files
Debian 27 files
Sebastian Hamann 8 files
Jann Horn 7 files
Moritz Abrell 6 files
Jaggar Henry 6 files
Google Security Research 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,929)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (380)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,946)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,612)
SUSE (1,444)
Ubuntu (9,784)
UNIX (9,443)
UnixWare (187)
Windows (6,680)
Other

LinkedIn Clickjacking / Open Redirection

LinkedIn Clickjacking / Open Redirection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

LinkedIn Clickjacking / Open Redirection

Share This

LinkedIn Clickjacking / Open Redirection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems