Bypassing LinkedIn's Connection Privacy with a Simple Search Filter
How often do we trust the parameters by the client? Apparently, sometimes a bit too much. By default, we cannot view people’s connections on LinkedIn if we aren’t directly connected, but I found a way around that. Recently, while exploring LinkedIn’s search functionality, I stumbled upon a simple authorization bypass that allowed me to view the connection list of users I wasn’t connected with, which is private information that shouldn’t have been accessible. ...