BOOK THIS SPACE FOR AD
ARTICLE ADExtremely easy bug to find with good bounties.
Happy new year and hello 👋
This is my first bug bounty writeup, so I apologise if I make any mistakes. I hope this helps in your hunting methodology, so let’s get to it.
I have made this writeup to show how easy it is to find this bug and get that sweet bounty. The bug is impersonation via broken link hijacking.
It’s rated a P4 on Bugcrowd’s VRT, and I’m going to walk you through how I found it and some tools to help you find yours.
How i found it:
I was playing around on DropBox’s bug bounty program and noticed that there was a fairly recent update on their site and that there was another company, HelloSign, that had joined DropBox so I started looking into the social media icons and clicking on all of them when I saw that the Twitter account for HelloSign didn’t exist. So i took it over and made an account PoC.
( PoC video)So it’s extremely simple to test for: simply locate the social media icons (usually at the bottom of the page) and click on all of them to see if the accounts exist; if not, you can perform a takeover by signing up in their username.
So I reported it and got $300 from Dropbox, which was cool. After further testing on some of their subdomains, I found the same bug, but this time instead of Twitter, it was Facebook. I performed the exact same steps and reported it and got $200 for it.
So in total a pretty good day with $500 in 5 minutes, so this is a good little bug to look out for.
Looking out for this bug can get annoying if you have a large target with large subdomains, so there is a way to automate the process. There is a tool called SocialHunter that can automate this process. Props to an awesome hunter called at0m for a video on this tool: (https://www.youtube.com/watch?v=NSp4Mv2CfI8)
Tool: https://github.com/utkusen/socialhunter
Thanks for reading hopefully this helps.
Best of luck ~ CoffeeAddict