About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

How we could have deleted any Linkedin post- 1161

Anand Prakash - pingsafePosted 2 Years Ago
  • LinkedIn is a social media site for business professionals.
  • An entity on a website is commonly referenced by an identifier. On LinkedIn, this could be a post, picture or many other things.
  • When using IDs, it is important to validate permissions on these IDs. Otherwise, security problems can occur. In the case of LinkedIn, they were not validated the ID of posts upon deleting them.
  • Practically, this means that any user could have deleted any other users posts. Considering this could be used by competitor businesses or governments to quite people, this is a major problem. It led to 10K in bug bounty money for a simple IDOR.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed