

[dead] Linkedin's Profile Match Exploit - veritas9
http://uncodeeval.posterous.com/really-linkedins-profile-match-exploit

======
bigethan
The post just went password protected - but it was about LinkedIn exposing the
id's of matches in their source code which could then be added to a standard
URL to view the profile.

Basically circumventing paying them $99 for some pro service.

Given that the site seemed to be from a competitor, it felt a bit scummy, e.g.
"Hey, here's how to rip off the leader in our field!"

------
kongqiu
Basically, it's:

1\. Go to the "Profile Matches" offer tab

2\. View source; the users' ids are right there

3\. Look up those users' profiles directly (e.g., /profile/view?id=xyxyxyxy

------
bryanlarsen
I get this:

This site requires a password for access. Unless you select "Remember me on
this computer", you will be logged out of this site when you close your
browser.

The password can be obtained from the site owner.

------
MattLaroche
When I click through to the Posterous site, I see:

""" This site is password protected

This site requires a password for access. Unless you select "Remember me on
this computer", you will be logged out of this site when you close your
browser.

The password can be obtained from the site owner. """

So I'm flagging this story.

------
damncabbage
"This site is password protected"

No cache available that I can find. The only recoverable snippet:

    
    
      We don't usually like bashing on other companies but
      come on LinkedIn! If you're up selling people on $99 
      product such "Profile Matches" it'd help to hide the ...

