Before we get started I have started a slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below:
Almost everyone has heard of subdomain hijacking but what about broken link hijacking. These two vulnerabilities are very similar the major difference is that one involves a subdomain while the other involves an expired link on a page. Shout out to edoverflow, for explaining this technique in his blog post.
Broken link hijacking can be exploited to do many things but I will be talking about how to get stored XSS from expired links. The concept is actually fairly basic.
Broken Link Checker
Before you can take advantage of a broken link you have to find it. The following tool can be used to scan an application for broken links:
Once the tool is downloaded you can run the following command to scan an application:
blc -r –filter-level 2 https://starbucks.com | grep “\.js” | grep “BROKEN”