$350 bounty: How I Got It | Broken link Hijacking
I was just looking around the internet for a new target and finally I came to a website.
After spending some time on the website, I made the decision to look at the social media profiles. And after looking around, this is what I found.
I quickly returned to the website, and after 3 to 4 clicks, the outcome remained unchanged.
Then i was like:
I moved to my burp suite, intercepted the request, and noticed the name of the company’s LinkedIn page. Without more delay, I opened my LinkedIn profile and made a page with the company’s name.
It’s test time now, so I clicked the LinkedIn icon on the page after opening it and “BOOM”
The link has been successfully captured.
I reported the problem, and two days later it was fixed, and the next day I received a bounty of 350$.
Thank you for reading…
Takeaways —
- Regularly monitor website analytics for unusual patterns or changes in referral traffic that may indicate broken link hijacking activities.
- Using tools or browser extensions to check the HTTP status codes of links can identify redirects (e.g., 301 or 302 status codes).
- Manually inspect the URL in the browser’s address bar for unexpected changes after clicking a link.