In previous blog we have seen a critical vulnerability in LinkedIn password reset module allowing an attackers to compromise LinkedIn user’s account and how helpless a LinkedIn user in case of an actual compromise of his / her account in real world scenario.
Here is a new vulnerability Cross-Site Request Forgery, CSRF present on LinkedIn Recommendation Section, which allows attacker to delete any Recommendation of Any user.
1. Attacker / malicious LinkedIn user can check the recommendation given by LinkedIn User 1 to LinkedIn User 2.
2. Attacker logs into LinkedIn account, goes to the web page source and search for strings such as “Recommendation for USERNAME”.
Figure: Web page source shows the recommendation details with a unique Id ”515940281” for User 1’s recommendations to User 2.
3. To craft a malicious CSRF link attacker goes to Manage Recommendation area and check for any recommendations he has posted for others. Clicks on it and copy the URL for any one recommendation.
The URL will be
https://www.linkedin.com/recommendations?dep=&recID=515830421&goback=%2Enas_*1_*1_*1%2Eprs
Figure: Analyzing and collecting URL for Displaying and Withdrawing a User’s recommendation.
4. Now same way the URL to withdraw any given recommendation by the attacker is
https://www.linkedin.com/recommendations?wdr=&recID=515830421&goback=%2Enas_*1_*1_*1%2Eprs
The only difference is to change the parameter from ‘dep’ to ‘wdr’.
Craft a URL for removing or withdrawing recommendation from User 1 to User 2 is
https://www.linkedin.com/recommendations?wdr=&recID=515940281
This is the shortest and simplest form of the vulnerable CSRF link.
5. Send this URL to User 1 in an email. More dangerously, the same CSRF link can be send using LinkedIn mail feature.
6. On clicking this link by User 1 the selected recommendation given by User 1 to User 2 will be withdrawn or deleted.
On reporting this issue LinkedIn was prompt to acknowledge the vulnerability and have mitigated it.
More can be read at http://packetstormsecurity.com/files/127259/
Written By,
Attack & PenTest Team,
Varutra Consulting
In today's interconnected digital world, secure authentication is paramount to safeguarding user data and ensuring…
Introduction The manufacturing industry is rapidly evolving with Industry 4.0 technologies like IoT, Big data,…
Introduction In a rapidly evolving business landscape, cybersecurity is paramount amidst frequent cyber-attacks, emphasizing the…
Introduction to Current Cybersecurity Trends Cybersecurity is an ever-evolving landscape, with new threats and vulnerabilities…
Introduction In an era of unprecedented digital transformation, securing sensitive data and communications has never…
Introduction As organizations and individuals rely increasingly on digital systems to communicate and share sensitive…
