Monday, 30 September 2013

[EN] Another XSS at


durning few tests in few different bugbounty programs,
at 19.09 this year I found another persistent XSS in our nice job portal

Durning mails with IT support I think it is patched now, but
if you wanna try - here you have a short list of steps to reproduce:

1. Log-in to your account
2. Go to contact lists, to 'imported contacts'
3. Edit one contact
4. In a new windows, in edited person, surename is vulnerable
to persistent XSS.

Below screen from sample 'attack':

* Update @ 01.10.2013 * 
'Seems to patchet at production.' ;)

* Update @ 04.10.2013 * 

LinkedIn Team once again surprised me about their answer. :)
This is realy good Team!
Good job guys!

Enjoy and remember, do only legal things ;)


No comments:

Post a Comment

What do You think...?