Sunday 26 October 2014

Linkedin Clickjacking




Hello All , Hope you all are well , Today i will show you Linkedin Clickjacking vulnerability which i was found in almost 1 year before ,

Be frank side at the starting of my carrier in information security i liked Clickjacking Vulnerability very much , because its easy to find and exploiting for any attacker,

One day i was searching for some common bugs in linkedin and suddenly i found that one of their share page "https://www.linkedin.com/shareArticle?"  which used for Sharing Cross Domain Content you users profile is vulnerable to Click Jacking , at that time i was able to load that page in an iframe as you can see the POC





Below Is The Hidden Mode




By using this an attacker can trick users to post unwanted post , articles , links etc, which can be used for spamming or phishing :)

Here Is The Full Coverage Article On Thehackernews.com

POC Video




No comments:

Post a Comment