Abusing Post Service (Create Unlimited Posts)

Ahmad Halabi

Published On: 15 Oct 2019

Abusing Post Service (Create Unlimited Posts)

Rate Limits

Linkedin | Web

---

MEDIUM VALID

In general, A user registered in LinkedIn can create posts in his LinkedIn Profile, friends and connected people can see his posts too. But what if this feature goes to be abused.

Description

The bug was that any user can create unlimited posts without getting blocked or wait for sometime.

Show Image

Impact

This issue will cause bombing a massive and huge amount of posts to the user and server which will consume large resources of the server. Also will cause abusing to users who are connected to the target user and who are following him.

Reproduction Steps

Step
1

1. Navigate to your LinkedIn account.

2. Hit on Create Post and create a post and intercept its request.

3. Send the intercepted request to the intruder in burpsuite -> Launch the attack and observe that large number of posts created successfully.

Timeline

VALID

General Info

Introduction

Description

Impact

Steps

Step 1

Timeline

Initial Re ...
Report Con ...
Report Fix ...

Show All Images