LinkedIn apparently suffered from a clickjacking vulnerability in the Remove Connection section.
cbdc85f0c36ebfa78ceb4ff7ff1c49901f91d95ac5934bb709bdb9180cc87edfClickjacking in LinkedIn :
- Description : The "Remove Connections" section of LinkedIn was
vulnerable to clickjacking. An attacker could perform a UI redress
attack against this vulnerability by designing innocuous seeming web
pages and trick a logged in user to remove some of his/her existing
connections.
- Bug Status - FIXED
- Bug found on: 12th Sep. 2012
- Bug Reported on: 14th Sep. 2012
- Bug Fixed on : 11th Jan. 2013
- Bug Details : "Remove Connection" option in LinkedIn was found
vulnerable to ClickJacking.
- Impact : This would have potentially tricked a genuine user into
clicking on something different to what the user perceives they are
clicking on, thus potentially deleting some existing connections in
their profile while clicking on innocuous looking web pages.
- Fix : LinkedIn implemented the X-Frame-Options
- POC : http://www.youtube.com/watch?v=MtfQtVal_DM&feature=youtu.be
- Other links :
http://jovynlobo.blogspot.in/2012/10/clickedin-clickjacking-vulnerability-in.html
Cheers :}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed