Broken Link Hijack

Broken Link Hijack

By Rohit Gautam
Broken Link Hijacking

Summary : When an web application has any pages, sources, links to external 3rd party services and are broken then the attacker can claim those endpoints to successfully conduct the attack and claim those endpoints on behalf of the target website and impersonate his identity.

Severity :   Medium  

POST Request : 

Complexity : Easy 

From : Remote / External

Steps to Reproduce:

1. Attacker finds the vulnerable injection point (broken link)
2. Attacker is able to claim the broken link
3. Attacker is succesfully perfrom the BLH Attack

Impact : An Adversary can carry out BLH attack to trick the victim in clicking the link and visiting the resources which are linked to the website, this way attacker can perfrom identify theft and steal credentials.

Affected IP's : IP Address	Port	443

Recommendations : 
Fix all the broken links in the web application to any external resources.

References :

Proof of Concept :

Attached Screenshot or Video