A Clickjacking vulnerability existed on Linkedin that allowed an attacker to add or delete a secondary email and can also make existing secondary email as primary email by redressing the manage email page.
1. Click Jacking Vulnerable Url:
Click Jacking Vulnerability POC Screenshots:
The redressed editor page with frame opacity set to 0 so it is invisible to the user. As the user drags the computer into the trash-bin and clicks the Go button, a new secondary email will be added into the Linkedin user’s account.
Secondary email added successfully into the Linkedin users account.
No X-Frame-Options in servers response header.
Linkedin addressed the vulnerability by adding X-FRAME-OPTIONS in header field which is set to SAMEORIGIN on this page.
# Vulnerability Title: Open Url Redirection in Linkedin
# Website Link: [Tried on Indian version]
# Found on: 05/08/2012
# Author: Ajay Singh Negi
# Version: [All language versions would be vulnerable]
# Tested on: [Indian version]
# Reported On: 06/08/2012
# Status: Fixed
# Patched On: 07/09/2012
# Public Release: 15/09/2012
Open Url Redirection using which an attacker can redirect any Linkedin user to any malicious website. Below I have mentioned the vulnerable Url and also attached the Proof of concept video.
Original Open Url Redirection Vulnerable Url:
Crafted Open Url Redirection Vulnerable Url: