0Sec
Elite
Elite0Sec
Elite
Elite0Sec
  • 🥷Whoami
  • 🔐Web_AppSec
    • 😀Reconnaissance
      • Scope
      • Methodology v1.0
    • Features Abuse
      • 2FA
      • CAPTCHA
      • Commenting
      • Contact us
      • File-Upload
    • Technologies
      • WordPress
    • Information Disclosure
    • CSRF
    • CRLF Injection
    • Forgot Password
    • Account Takeover
    • LFI & RFI
    • OAuth Misconfiguration
    • Open Redirect
    • SQL injection
    • SSRF
    • Web Cache Deception
    • Web Cache Poisoning
    • Web AppSec Nots
    • Broken Link Injection
    • Checklist
    • Checklist 1.1
  • 🥷Network-pentest
    • Recon
    • Windows Privilege Escalation
    • Active Directory
      • AD Enumeration
        • Users, Computer, Groups
        • BloodHound Enumeration
        • Credentials
        • Credential Dumping
        • PRIVILEGE ESCALATION
      • AD Techniques
        • MSSQL Injection
        • MSSQL AD Abuse
        • Linked Server Exploitation
        • Domain privEsc
          • Kerberos brute-force
          • AS-REP Roasting
          • Kerberoasting
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • PTH, PTT, Overpth, ptk
          • Silver ticket
          • Golden ticket
          • LLMNR Attack
      • AD Cheat Sheet
    • Red Team Note
    • Notes
Powered by GitBook
On this page
  1. Web_AppSec

Broken Link Injection

Some websites check broken links to find broken link-hijacking vulnerabilities

1- https://ahrefs.com/broken-link-checker

2- deadlinkchecker.com

3- brokenlinkcheck.com

Steps

  1. Manually find and click external links on the target site ( For Example:- Some Links to Social Media Accounts or Some external Media Link)

  2. While Doing Manual work also put broken-link-checker in background using below Command interminal.

    blc -rof --filter-level 3 https://example.com/

    Ouput will be like Something.

    ─BROKEN─ https://www.linkedin.com/company/ACME-inc-/ (HTTP_999)

  3. Now you need to check if company has the page or not , if no then register as the company or try to get that username or url.

Alternate Step

  1. Go to Online Broken Link Checker, Dead Link Checker Or Alternative Online Broken Link Checker

  2. Input the domain name

Reference

  • https://edoverflow.com/2017/broken-link-hijacking/

  • https://medium.com/@bathinivijaysimhareddy/how-i-takeover-the-companys-linkedin-page-790c9ed2b04d

Impact

Content Hijacking Information Leakage Phishing Attacks stored xss Impersonation Damage the company’s reputation

PreviousWeb AppSec NotsNextChecklist

Last updated 7 months ago

🔐