Broken Link Hijacking

What is Broken Link Hijacking?

Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there ( for example due to an expired domain ), attackers can exploit these links to perform defacement, impersonation, or even to launch cross-site scripting attacks.

To takeover broken link ( Social Media Account )

In every website they give social media account in they are website. Try to open every social media links. Check whether there is any broken link. In this Website the twitter link is broken

If user click the website its shows “This account doesn’t exist”. It differ according to the social media platform. This happens because of in that username account is not there, Whether they delete the account are the change the username in social media. but they didn’t update in they are website. Now to claim the account we want to create an new account with the same username, In this case @ForRmg username.

If user clicks the twitter logo in that website, It will redirect to our account.

“ BLH is not only possible in Social media account. If website using any third party domain and it expires. we can takeover that too. “

How to check for broken links ?

We can test manually, Or we can use extensions like broken link checker. It automatically shows broken link in that current website.

Broken Link Checker: https://addons.mozilla.org/en-US/firefox/addon/find-broken-links/

Impact:

• Defacement using Expired Links.
• Impersonation Due to Expired Domains or link.
• Stored XSS using BLH.