Hello all! My name is Rakesh. I’m a computer science engineering student and a bug bounty hunter. Today I’m going to share one of my findings with you. The name of the vulnerability was Broken link Hijacking(BLH). The target was one of the big eCommerce websites. let’s say target.com due to the company’s disclosure policy.
A small introduction about the broken link hijacking vulnerability for those whom they don’t know about it.
What is Broken Link Hijacking?
Often on websites, we are presented with some buttons which are hyperlinked with external services such as social network buttons, and on clicking those links user is redirected to the social media profiles of the company.
Broken Link: Sometimes the links are broken means there are always some profile IDs to identify the profile of a person or a company page you are visiting but the profile does not exist or the page is not found. you can check the blog for more information here
So without any further ado, let’s get started :)
So as target.com had lots of functionalities for me to play with, I decided to start finding some basic vulnerabilities without doing any recon. I have visited the main page with curiosity to know about their services. then I got to know they are providing various services.
I have visited every page on the website and found that every page contains different social media icons. At that moment I got an idea why not check for broken links on the website. so I started to check the social media icons manually and here as I assumed there is a broken link to their Facebook page.
without any delay, I have created the Facebook page with the company’s username. Then I go back to their website to check whether the Facebook icon successfully navigating to my Facebook page or not and yes it's navigating to my Facebook page. Hence I successfully take over their company’s Facebook page
Impact: An attacker can post all unrelated stuff in the name of the company and impersonate the company.
Takeaway: Always check for links and endpoints in the source code and javascript files there may be expired links and you can buy that and host malicious files.
I made a good report and sent them to the target company. The company patched it within a week as this was an RDP, I didn’t get any bounty for this. If you enjoyed reading this please do clap on it :) If you have any doubts regarding this write-up you can DM me here
Until next time, goodbye and happy hacking!