Broken Link Hijacking (BLH) #28
Description
Severity: Medium
Description:
Broken Link Hijacking (BLH) occurs when a target system links to an expired domain or page. This vulnerability can exist in two forms: reflected and stored. Attackers exploit BLH by taking control of broken links and impersonating the original entity to perform malicious activities. Despite its exploitation in real-world scenarios, this issue remains under-researched in many bug bounty programs.
Steps to Reproduce:
going on https://btgofficial.org/
Here is the social media are their
open medium as you can see this link is broken and takeover by me
Impact:
In this case, your company links to a broken profile. An attacker could hijack the broken link to create a malicious page that impersonates your organization or employee accounts. This could lead to:
Phishing attacks targeting your users or customers.
Distribution of malicious content.
Reputation damage for your organization.
By leveraging this vulnerability, an attacker can exploit trust in your brand to perform harmful actions under the guise of your company.
note:- Alreday reported this issue on support@btgofficial.org but not responding
poc:-