Ramalingasamy

How I accidently Found a Bug called Broken Link Hijacking.

Two weeks ago , I got one message request from Instagram . I thought like that was an Fake ID .So , I started a OSINT on that username , I got his/her roll number from their college website .Using that roll number I found a website(test.com). In this website he/she attended the event in past.

So , I can able to retrieve the Information about him/her. Then I go through the website then I reached the end of the first page. I found four social media links found on their website.

And my mind tells go and check every link , When I checked for Instagram , it shows “this page isn’t available” .

Afterwards , I created the Instagram account with the username called test and again go with the website and then I clicked Instagram account it redirects to my account and I was like

As soon as I reported the vulnerability to the test.com.

Thanks for reading my writeup!!.

Happy Hunting!!.

Security researcher | SDE