How I was able to takeover the company’s LinkedIn Page

Hi guys, this is my second blog post related to bug bounty. This vulnerability I have found recently and thought of sharing with the community. The vulnerability I have found is in a private bug bounty program from Bugcrowd. As I cannot disclose the company name will take it as company.com.

When I got the invitation I quickly ran to gather all subdomains. There was one subdomain and will call it as subdomain.company.com.

The vulnerability which I found to takeover Linkedin page of the company is Broken Link Hijacking. Almost everyone has heard of subdomain hijacking but what about broken link hijacking. These two vulnerabilities are very similar the major difference is that one involves a subdomain while the other involves an expired link on a page. Shout out to edoverflow, for explaining this technique in his blog post.

Link: https://edoverflow.com/2017/broken-link-hijacking/

Tools to find broken links: Broken Link Checker

This tool will give you all the links present in the source code of the website which gives 404 status when clicked on that link. After installing the tool just run the below command. Below command will check for the expired links up to the third level.

Command: blc -rof --filter-level 3 https://example.com/

When I ran the above command on the above subdomain I got one result which shows me the LinkedIn page of the company which has 404 Status code page not found. To confirm this I opened that link and it showed me page not found.

URL:

https://www.linkedin.com/company/<company_name>=>404 Not found

Next step is to create a company page with the above company-name in the above URL and takeover that.

Impact: A Hacker can post all bad stuff in the name of the company. As there is a LinkedIn page link of the company when I user clicks on that link he will be taken to Hacker controlled LinkedIn page.

Reported the vulnerability and got a reward of 500$🤑🤑

Takeaway: Always check for links and endpoints in the source code and javascript files there may be expired links and you can buy that and host malicious files.

Thank you.

Twitter: https://twitter.com/fatrat_v2

LinkedIn: https://www.linkedin.com/in/vijaysimha-reddy/

Buy me a Coffee=> https://www.buymeacoffee.com/fatrat

Bug bounty hunter. Everything in this world is vulnerable just you need patience to find the vulnerable part.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store