Broken Link Hijacking
Overview of the Vulnerability:
In a broken link hijacking (BLH) attack, the attacker takes advantage of invalid external links. If your website or web application contains outbound links or is loading resources from external URLs and those resources are no longer available (for example, due to an expired domain), attackers can use these links to perform defacement, impersonation, phishing, or cross-site scripting attacks. BLH attacks are also possible if you employ third-party services like file hosting or link shortening, for example, on social media.
Source: https://www.invicti.com/learn/broken-link-hijacking-blh/
Steps:
After I finished the process of recon, I noticed something very strange.
I logged in to my account, I was directed to:
https://www.[Redacted].com/bookings/en-USand on that page it was just a page for searching for real estate and apartments.
So I read the source code of the page but I noticed an interesting
<div direction="row" spacing="12" wrap="nowrap" class="sc-furwcr fYvbQB"><a href="https://www.[Redacted].us/" data-testid="link" class="sc-gKclnd sc-iCfMLu kOWygQ ktdbzG">This button directs users to another domain “[Redacted].us”.
Then I noticed something else, even more strange, which is that the site’s logo also directs you to the same domain when you click on it
For a moment, I thought it belonged to them, but when I entered to see more information, I found that the domain was not registered at all :)
Impact
This domain can be purchased and exploited by an attacker, stealing customer data and impersonating them through all available attacks.
