This post is a summary of the Clickjacking bug I had found in LinkedIn. I had responsibly disclosed it to them.
Bug found on: 12th Sep. 2012
Bug Reported on: 14th Sep. 2012
Bug Fixed on : 11th Jan. 2013
Bug Fixed on : 11th Jan. 2013
Bug Details : "Remove Connection" option in LinkedIn is vulnerable to ClickJacking.
Impact : This may potentially trick a genuine user into clicking on something different to what the user perceives they are clicking on, thus potentially deleting some existing connections in their profile while clicking on seemingly innocuous web pages.
Scenario:
The "Remove Connections" section of LinkedIn was vulnerable to clickjacking.
The "Remove Connections" section of LinkedIn was vulnerable to clickjacking.
An attacker could perform a UI redress attack against this vulnerability by designing innocuous seeming web pages and trick a logged in user to remove some of his/her existing connections.
Below I have shown a POC exploiting this vulnerability.
In the News / Mentions :
http://searchsecurity.techtarget.in/photostory/2240164433/nullcon-Delhi-2012-Day-2s-action/14/ClickedIn-Clickjacking-in-LinkedIn
http://news.softpedia.com/news/LinkedIn-Fixes-Clickjacking-Vulnerability-in-Remove-Connections-Section-Video-322122.shtml
http://www.scmagazine.com.au/News/329335,linkedin-shuts-clickjacking-flaw.aspx
Cheers :}
<-- 7h3_j0k3r -->