Easy Bugs Easy Bounty

Muhammad Mater
3 min readSep 30

--

Hi Hackers
This is a Bug For beginner hackers and Bug Hunters to get their first valid bug or first bounty.
Broken Link Hijacking
Broken Link Hijacking (BLH) is a web-based attack where attackers exploit external links that have become invalid or broken over time.
One common scenario is when a company uses an external link shortening service to create short links for sharing in tweets, emails, or other online platforms.

These short links are easier to share and track, making them popular for
social media and marketing purposes.

However, if the link shortening service goes out of business or discontinues its service, all the previously shortened links become invalid, leading to the original links’ content being inaccessible. This creates an opportunity for attackers to take advantage of the expired short links.

Here’s how an attacker could potentially perform Broken Link Hijacking in this scenario:
Identifying expired short links: Attackers can monitor and identify shortened links that have become broken due to the link shortening service’s closure.

Acquiring the expired domain: Once the attacker identifies the expired short link, they can purchase the domain associated with the link shortening service.
Since the service is no longer active, the domain becomes available for anyone to buy.

Setting up malicious content: After obtaining the expired domain, the attacker can set up their own malicious content or redirect the link to a website under their control.

Take over Social media account :the attacker creates a page or profile for the company on social networking sites that is in the broken link of the target and create a account

Impact of Broken Link Hijacking

Redirecting traffic: When users click on the old shortened link, they are redirected to the attacker’s site instead of the intended destination, leading to potential exposure to harmful content.
The impact of Broken Link Hijacking in this case can be severe:

Reputation damage: If users encounter malicious content after clicking on the old shortened link, they may associate the negative experience with the original company or brand, leading to reputation damage.
User safety and trust: Users may lose trust in the company or brand if they inadvertently end up on a malicious website, which can have lasting effects on customer loyalty and satisfaction.

Phishing and malware risks: The attacker’s website might host phishing pages or distribute malware, putting users’ sensitive information and devices at risk.
Lost opportunities: Expired shortened links can lead to lost opportunities for engagement, traffic, and conversions that were initially intended through the shared content.

--

--

Muhammad Mater

Just a Boy Loves Infosec (REDTEAM, CTI, OSINT, Bug Bounty)