Broken Link Hijacking
Summary : When an web application has any pages, sources, links to external 3rd party services and are broken then the attacker can claim those endpoints to successfully conduct the attack and claim those endpoints on behalf of the target website and impersonate his identity.
Severity : Medium
POST Request :
Complexity : Easy
From : Remote / External
Steps to Reproduce:
1. Attacker finds the vulnerable injection point (broken link)
2. Attacker is able to claim the broken link
3. Attacker is succesfully perfrom the BLH Attack
Impact : An Adversary can carry out BLH attack to trick the victim in clicking the link and visiting the resources which are linked to the website, this way attacker can perfrom identify theft and steal credentials.
Affected IP's : IP Address Port
https://www.india.gov.in/ 443
Recommendations :
Fix all the broken links in the web application to any external resources.
References :
https://medium.com/@iamtess5277/what-is-broken-link-hijacking-o-o-872d821da6fd
https://medium.com/@arbazhussain/broken-link-hijacking-burp-plugin-6918d922c3fb
https://hackerone.com/reports/266908
Proof of Concept :
Attached Screenshot or Video
Call us any time:
+91 9106147779Email us 24/7 hours:
shifa@hacktify.inCopyright © 2023 Hacktify All Rights Reserved.
WhatsApp us