You can now find Cyber Kendra on Google News | Telegram

LinkedIn Vulnerability allow Hacker to Compromise Victims System

World largest professional social network LinkedIn, which have more than 500 millions users was suffering from the vulnerability that allow attacker to bypass it's security restrictions and compromise the users system.

LinkedIn messenger is one of the mostly used platform which helps to professional to Share their skills, Messenger easily send resumes, transfer academic research and share job descriptions from the LinkedIn community.

The security flow that was implemented on LinkedIn messenger which checks the behaviour of attached files before sending or uploading, was can be bypassed just by changing the extension name of malicious file.

How Vulnerability Works?
According to the checkpoint research, attacker can easily upload the malicious PowerShell script into the LinkedIn messenger just by changing its extension to

This Vulnerability Allows to Attacker upload any Malicious file into LinkedIn messenger by Modifying the file Extension of the Malicious file.

Below is the POC image of the POST request made to the server while uploading a malicious file.

On the above image you can clearly see that LinkedIn Security Restriction will be allowed(Virus Not Detected) to upload the Malicious file because of Modifying the File Extension.

so Finally Malicious File will be successfully uploaded without detecting by the LinkedIn security restrictions and once Victims click the file then it will be triggered and successfully infect the victim’s Machine.

Video Demonstration

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.