Impersonation via Broken Link Hijacking

Impersonation via Broken Link Hijacking

Overview of the Vulnerability

Content spoofing via Broken Link Hijacking is when a malicious attacker can register a link on behalf of the original owner due to a change in the original link. Due to the inherent trust a user has in the business and its brand, a malicious attacker is able to impersonate a credible target or domain to social engineer the user into disclosing data such as usernames, passwords or other sources of sensitive information.

Business Impact

This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.

Steps to Reproduce

1. Use a browser to navigate to: {{URL}}

2. Click on {{value}}

3. Observe that the link is redirected to an impersonate domain owned by the attacker

Proof of Concept (PoC)

The screenshot(s) below demonstrates the broken link hijack attack:

{{screenshot}}

Recommendation(s)

There is no single technique to protect from content spoofing. However, the following best practices should be adhered to:

Validate all input data, including that which is reflected by a request parameter Refrain from passing HTML data via request parameters. Properly encode the HTML before passing it through a request parameter if there is no other way. Refrain from displaying messages via request parameter. It is best practice to use temporary sessions instead.

For more information, please see:

• https://capec.mitre.org/data/definitions/148.html

• https://owasp.org/www-community/attacks/Content_Spoofing

• https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding