JUST A SECOND, IS ALL IT TAKES…

In this article i am going to talk about my first bug that i had found recently which is nothing but the broken link hijacking.

Since i am just a newbie i never knew much about this bug until 2months back when my friend reported this bug to a popular website….i dont wanna mention its name for security reasons. I asked him about this bug and he explained it to me.

After knowing about this bug , I was like ok….its got to be worth a try. Then i started hunting for this bug on the domains that i had already touched upon for hunting but i was not able to find this on any of them .

So I tried to shift my focus on a new domain and started hunting fresh from scratch. Let me tell a few lines about this vulnerability.

BROKEN LINK HIJACKING (BLH) :

When you go to any website and scroll down you would most obviously find social media icons on a corner. when you click any of those icons you would get redirected to the website’s social media profile or in other words those icons contains the link of the site’s social media profile and the link will redirect you to their profile.

Now let’s consider a scenario where the link has expired or no longer in use and the attacker takes control of the resource at the other end of such a link somehow and uses it to fulfill his/her motives.

NOTE : The link may not only be the social media profiles it can also be other links which links the site to any third party sites or external resources or even other pages owned by the website.

VULNERABILITY THAT I REPORTED :

Now let me share what exactly i had reported. As I said above I was hunting on a certain site lets take target.com . On first day i was just taking a quick tour on the website to get some sense of what its doing, Its on my 2nd day that i came to know of this vulnerability through my friend….Then after trying this vulnerability on previous sites that i hunted on , I came again to this target.com and tried this on target.com’s instagram icon……

Do you know what happened….IT WORKED!!! I got something like below

Then comes the second step try changing your social media account’s username to the company’s username . If you were able to do this you have successfully hijacked victim’s account.

However, I was not able to change my username to company’s name .…anyway I just reported it because there has been a mistake in website’s functionality….you should get redirected but you were not able to so its definitely company’s fault and so i reported it and the triagers being kind-hearted persons accepted it :) :)

RESPONSE :

After 2 months of reporting, they replied to me that they are accepting this as valid issue and they even rewarded me a T-shirt….my 1st swag.

I cannot say this bug would definitely work but all i can say is its worth trying as it takes just a second after all…..Good luck!!