Authorization Bypass on LinkedIn

Summary:

LinkedInLinkedIn has a feature called Project wherein you can add project members from your connections. We were able to discover a way to view a LinkedIn member’s project even if he/she is not one of our connections. We were also able to create a new project and add other LinkedIn members to it without their approval. We were able to achieve this by playing around with some HTTP request parameters.

Technical Details
Vulnerability
A malicious user can create a fictitious project say ‘OWASP’ and add any other user of his choice to this project. This way the malicious actor can add famous people to his LinkedIn project and gain popularity.

Proof of Concept:

  • Created one new user with no linked connections.
  • Add a new project and when choosing member, you are allowed to choose a member from his own connection. Here we were able to add any linked member to the project just by knowing the member’s profile id which is easy to retrieve.

Status
Both the issues were immediately addressed by LinkedIn and have been fixed.  I really appreciate the way the LinkedIn team responded to this issue. The issues got fixed in just a week’s time. Wow!!!!

Author


Related Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.