Week 39 - Broken Link Hijacking
Last updated
Last updated
This week’s web hacking tip is on Broken Link Hijacking! This attack occurs when a threat actor can take over an obsolete or outdated link to an external resource or URL on your website. It is especially dangerous when the external link is to a JavaScript file that no longer exists. An attacker can register the resource domain/subdomain, upload their own malicious JavaScript file, and instantly have Stored XSS! You can manually check for broken links by opening the Developer Tool’s web console, or use the following tool to automate the process: https://github.com/stevenvachon/broken-link-checker Surprisingly, this type of vulnerability doesn’t get too much attention when it comes to Bug Bounties or Penetration Tests. It’s quick and easy to check for and can be incredibly dangerous when discovered.