National Centre for Information Technology

You are here: Home News NCIT has helped LinkedIn Social Network to fix vulnerability
Tuesday, 11 June 2013 08:41

NCIT has helped LinkedIn Social Network to fix vulnerability

A persistent script code injection web vulnerability was detected in the group’s name add function of the LinkedIn social network application. This vulnerability was identified by Senior Security Developer of NCIT, Ismail Kaleem.

LinkedIn Security Ticket ID: 130429-005211

Report-Timeline:

2013-04-28:     Researcher Notification & Coordination

2013-04-29:     Vendor Notification

2013-04-30:     Vendor Response/Feedback

2013-05-23:     Vendor Fix/Patch

2013-06-08:     Public Disclosure

 

The web-server does not use HTTP only cookies so it is possible for an attacker to hijack cookies or inject frames with malicious context or malware.

 

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. 

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. 

The Vulnerability affects the Group messages in LinkedIn.

An attacker can inject malicious code into the messages in groups and completely take-over the account of an unsuspecting victim.

Example of a Persistent attack 

Mr Xyz posts a message with malicious payload to a linked social network (group).

When Mr Abc goes to the group, Xyz's XSS(payload) steals Abc's cookie.

Mr Xyz can now hijack Abc's session and impersonate Abc.

The malicious code is stored on the Server and gets executed during content processing stage (client-side). It is also possible for an attacker to inject malicious code to compromise the victim by using browser based exploit packs.

Particularly in the case of social networking sites, the code would be further designed to self-propagate across accounts, creating a type of a client-side worm.

Reference:

http://seclists.org/fulldisclosure/2013/Jun/48

http://vulnerability-lab.com/show.php?user=Ismail%20Kaleem

http://packetstormsecurity.com/files/121947/VL-962.txt