How I was able to takeover the company’s LinkedIn Page

Vijaysimha Reddy Bathini
Jan 29 · 2 min read

Hi guys, this is my second blog post related to bug bounty. This vulnerability I have found recently and thought of sharing with the community. The vulnerability I have found is in a private bug bounty program from Bugcrowd. As I cannot disclose the company name will take it as company.com.

When I got the invitation I quickly ran to gather all subdomains. There was one subdomain and will call it as subdomain.company.com.

The vulnerability which I found to takeover Linkedin page of the company is Broken Link Hijacking. Almost everyone has heard of subdomain hijacking but what about broken link hijacking. These two vulnerabilities are very similar the major difference is that one involves a subdomain while the other involves an expired link on a page. Shout out to edoverflow, for explaining this technique in his blog post.

Link: https://edoverflow.com/2017/broken-link-hijacking/

Tools to find broken links: Broken Link Checker

This tool will give you all the links present in the source code of the website which gives 404 status when clicked on that link. After installing the tool just run the below command. Below command will check for the expired links up to the third level.

Command: blc -rof --filter-level 3 https://example.com/

When I ran the above command on the above subdomain I got one result which shows me the LinkedIn page of the company which has 404 Status code page not found. To confirm this I opened that link and it showed me page not found.

URL:

https://www.linkedin.com/company/<company_name>=>404 Not found

Next step is to create a company page with the above company-name in the above URL and takeover that.

Impact: A Hacker can post all bad stuff in the name of the company. As there is a linkedin page link of the company when I user clicks on that link he will be taken to Hacker controlled LinkedIn page.

Reported the vulnerability and got reward of 500$🤑🤑

Takeaway: Always check for links and endpoints in the source code and javascript files there may be expired links and you can buy that and host malicious files.

Thank you.

Twitter: https://twitter.com/fatratfatrat

LinkedIn: https://www.linkedin.com/in/vijaysimha-reddy/

Vijaysimha Reddy Bathini

Written by

Bug bounty hunter cybersecurity researcher

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade