0Sec
Elite
Elite0Sec
Elite
Elite0Sec
  • 🥷Whoami
  • 🔐Web_AppSec
    • 😀Reconnaissance
      • Scope
      • Methodology v1.0
    • Features Abuse
      • 2FA
      • CAPTCHA
      • Commenting
      • Contact us
      • File-Upload
    • Technologies
      • WordPress
    • Information Disclosure
    • CSRF
    • CRLF Injection
    • Forgot Password
    • Account Takeover
    • LFI & RFI
    • OAuth Misconfiguration
    • Open Redirect
    • SQL injection
    • SSRF
    • Web Cache Deception
    • Web Cache Poisoning
    • Web AppSec Nots
    • Broken Link Injection
    • Checklist
    • Checklist 1.1
  • 🥷Network-pentest
    • Recon
    • Windows Privilege Escalation
    • Active Directory
      • AD Enumeration
        • Users, Computer, Groups
        • BloodHound Enumeration
        • Credentials
        • Credential Dumping
        • PRIVILEGE ESCALATION
      • AD Techniques
        • MSSQL Injection
        • MSSQL AD Abuse
        • Linked Server Exploitation
        • Domain privEsc
          • Kerberos brute-force
          • AS-REP Roasting
          • Kerberoasting
          • Kerberos Unconstrained Delegation
          • Kerberos Constrained Delegation
          • PTH, PTT, Overpth, ptk
          • Silver ticket
          • Golden ticket
          • LLMNR Attack
      • AD Cheat Sheet
    • Red Team Note
    • Notes
Powered by GitBook
On this page
  1. Web_AppSec

Broken Link Injection

PreviousWeb AppSec NotsNextChecklist

Last updated 8 months ago

Some websites check broken links to find broken link-hijacking vulnerabilities

1-

2-

3-

Steps

  1. Manually find and click external links on the target site ( For Example:- Some Links to Social Media Accounts or Some external Media Link)

  2. While Doing Manual work also put in background using below Command interminal.

    blc -rof --filter-level 3 https://example.com/

    Ouput will be like Something.

    ─BROKEN─ https://www.linkedin.com/company/ACME-inc-/ (HTTP_999)

  3. Now you need to check if company has the page or not , if no then register as the company or try to get that username or url.

Alternate Step

  1. Go to , Or

  2. Input the domain name

Reference

Impact

Content Hijacking Information Leakage Phishing Attacks stored xss Impersonation Damage the company’s reputation

🔐
https://ahrefs.com/broken-link-checker
deadlinkchecker.com
brokenlinkcheck.com
broken-link-checker
Online Broken Link Checker
Dead Link Checker
Alternative Online Broken Link Checker
https://edoverflow.com/2017/broken-link-hijacking/
https://medium.com/@bathinivijaysimhareddy/how-i-takeover-the-companys-linkedin-page-790c9ed2b04d