Easy win with Broken Link Hijacking

What is Broken Link Hijacking?

Often on websites we are presented with some buttons which are hyperlinked with external services such as social network buttons and on clicking those links user is redirected to the social media profiles of the company.

BrokenLink: Sometimes the links are broken means there is always some profile IDs to identify the profile of a person or a company page you are visiting but the profile does not exist or page is not found.

Hi BountyHunters,

I recently found BrokenLink Hijacking issue so let’s discuss about it and get started.

If you enjoy reading my articles, do follow on Twitter: https://www.twitter.com/parasarora06

I was hunting on a private program and could not find much bugs on it so I started looking for low hanging issues.

While Scrolling the application I clicked on social media buttons present on the application (Twitter , Facebook , Instagram , Linkedin) to my surprise

I found that there is an issue with the Linkedin account of the company.

Linkedin Account:

https://www.linkedin.com/in/profilename

Linkedin Page:

https://www.linkedin.com/company/companyname

The url presented to me was having numeric id at the end and the profile was not available.

Since the url was having “/in/id” which means this is the account not the page.

https://www.linkedin.com/in/12345

So, I immediately signed up for one testing account on Linkedin and got some random url for my account.

I was aware that we can customise the URL of our profile

How to do that ?

login > settings&Privacy > Visibility > Edit your public profile

You will see an option of Edit your custom url at the right side.

I just edited the url and inserted 12345 (Id of the account which was linked with target website) and claimed the URL.

If you enjoyed reading the article do clap and follow on Medium and Twitter:

Twitter: https://www.twitter.com/parasarora06

LinkedIn: https://www.linkedin.com/in/parasarora06