Hi Friends, it been a long time I was struggling to find single valid security bug in a Web Application. When I surfing social media I just came across a post “Let’s Connect” I just opened up a someone’s profile link in the comment section and there is popup to login or signup to view the account.
I thought that it’s the right time to create an account so just fill up the details and click on Agree & Join button it redirects me an URL which look like this which contains the login information.
linkedin.com/authwall?first-name=[FirstName]&last-name=[LastName]&email-or-phone=[Email]&password=[Password]
but the webpage is keep on loading I just like to know why it’s keep on loading, so I opened up the network tab in the browser. I just found out an interesting request which is a third-party tracker that is tracking our current page which leads to password leakage to third-party site.
I just report it to the lisrc@linkedin.com
and got this replay.
Hope you love this blog, will be back soon with another 💖