$350 bounty: How I Got It | Broken link Hijacking

Deep SenGupta
2 min readMay 13, 2024

--

I was just looking around the internet for a new target and finally I came to a website.

After spending some time on the website, I made the decision to look at the social media profiles. And after looking around, this is what I found.

I quickly returned to the website, and after 3 to 4 clicks, the outcome remained unchanged.

Then i was like:

I moved to my burp suite, intercepted the request, and noticed the name of the company’s LinkedIn page. Without more delay, I opened my LinkedIn profile and made a page with the company’s name.

It’s test time now, so I clicked the LinkedIn icon on the page after opening it and “BOOM”

The link has been successfully captured.

I reported the problem, and two days later it was fixed, and the next day I received a bounty of 350$.

Thank you for reading…

Takeaways —

  • Regularly monitor website analytics for unusual patterns or changes in referral traffic that may indicate broken link hijacking activities.
  • Using tools or browser extensions to check the HTTP status codes of links can identify redirects (e.g., 301 or 302 status codes).
  • Manually inspect the URL in the browser’s address bar for unexpected changes after clicking a link.

--

--

Deep SenGupta
Deep SenGupta

Written by Deep SenGupta

Just trying to be insane in computers 👾

No responses yet