Linkedin's Clickjacking & Open Url Redirection Vulnerabilities # Vulnerability Title: Secondary Email Addition & Deletion Via Click Jacking in Linkedin # Website Link: [Tried on Indian version] # Found on: 06/08/2012 # Author: Ajay Singh Negi # Version: [All language versions would be vulnerable] # Tested on: [Indian version] # Reported On: 07/08/2012 # Status: Fixed # Patched On: 10/09/2012 # Public Release: 15/09/2012 *Summary* A Clickjacking vulnerability existed on Linkedin that allowed an attacker to add or delete a secondary email and can also make existing secondary email as primary email by redressing the manage email page. *Details* Linkedin manage email page (a total of 1 page) was lacking X-FRAME-OPTIONS in Headers and Frame-busting javascript measures to prevent framing of the pages. So the manage email page could be redressed to 'click-jack' Linkedin users. Below I have mentioned the vulnerable Url. *1. Click Jacking Vulnerable Url:* https://www.linkedin.com/settings/manage-email?goback=.nas_*1_*1_*1 # Vulnerability Title: Open Url Redirection in Linkedin # Website Link: [Tried on Indian version] # Found on: 05/08/2012 # Author: Ajay Singh Negi # Version: [All language versions would be vulnerable] # Tested on: [Indian version] # Reported On: 06/08/2012 # Status: Fixed # Patched On: 07/09/2012 # Public Release: 15/09/2012 *Summary* Open Url Redirection using which an attacker can redirect any Linkedin user to any malicious website. Below I have mentioned the vulnerable Url. *Original Open Url Redirection Vulnerable Url:* https://help.linkedin.com/app/utils/log_error/et/0/ec/7/callback/https%3A%2F%2Fhelp.linkedin.com%2Fapp%2Fhome%2Fh%2Fc%2Ffrom_auth%2Ftrue *Crafted Open Url Redirection Vulnerable Url:* https://help.linkedin.com/app/utils/log_error/et/0/ec/7/callback/http%3A%2F%2Fattacker.in POC can be found on below mentioned Url: http://computersecuritywithethicalhacking.blogspot.in/2012/09/linkedins-clickjacking-open-url.html