Friday, 17 May 2013

CSRF vulnerability in LinkedIn 2013

This security company has found an CSRF vulnerability in LinkedIn and they have uploaded an POC on Youtube to show the impact.
The Cross Site Request Forgery attack allows the attacker to access information from an contact without the consent/knowledge of the affected user.
Step 1: visit LinkedIn.com
Sign in with the profile you wish to use.
Step 2:  click add connections.
Step 3: Any e-mail
Step 4: Use an proxy like WebScarab.
Step 5: Delete parameters that are not used/validated:
  • csrfToken
  • sourceAlias
step 6: Use HTTP GET method instead of HTTP POST method.
step 7:

Step 8:

Step 9:

Vulnerability: CSRF Vulnerability in LinkedIn
Score: 4.3/10 (CVSSv2 Base Score)

Business impact: A malicious user can access to the information they share users that have been added to her contacts without his consent/knowledge.

Systema affected: LinkedIn Service

Credits: Vicente Aguilera Díaz

No comments:

Post a Comment