1
00:00:01,750 --> 00:00:04,480
Hello, everyone, and welcome to this video.

2
00:00:05,330 --> 00:00:12,590
So in this video, we are going to see about an interesting one, lability, which is broken link highjacking,

3
00:00:13,550 --> 00:00:20,750
maybe many of you must not have heard about the broken link highjacking or be alleged because it is

4
00:00:20,750 --> 00:00:27,680
quite uncommon type of vulnerability, which is generally missed by a lot of security researchers.

5
00:00:28,430 --> 00:00:31,700
So why are we going to learn about the edge?

6
00:00:32,240 --> 00:00:40,670
Because it is one of its kind of vulnerabilities which is less identified by many hackers and it rewards

7
00:00:40,730 --> 00:00:42,410
good in different programs.

8
00:00:43,730 --> 00:00:45,850
So what is this vulnerability?

9
00:00:46,220 --> 00:00:53,960
So this vulnerability exists when any web application includes file resources, scripts or any type

10
00:00:53,960 --> 00:01:00,230
of data from another Web server, and the links are not active anymore and available to claim.

11
00:01:01,100 --> 00:01:04,220
So this basically means any target web website.

12
00:01:04,220 --> 00:01:11,180
Let's say example, dot com has a lot of links which are being pointed to, let's say another website

13
00:01:11,180 --> 00:01:12,670
with this example, dot com.

14
00:01:13,070 --> 00:01:18,460
But those links are not functional anymore and they are available to be taken over.

15
00:01:19,070 --> 00:01:21,530
This is broken link highjacking.

16
00:01:21,800 --> 00:01:30,110
In this way, any attacker can claim those particular link which are serving the data and can also serve

17
00:01:30,110 --> 00:01:32,510
malicious content to the users.

18
00:01:32,540 --> 00:01:36,020
So what is the motivation of this untouched winnability?

19
00:01:36,680 --> 00:01:44,900
As you can see, this was a poll done in which hacker and security researchers was asked about a broken

20
00:01:44,900 --> 00:01:45,170
link.

21
00:01:45,170 --> 00:01:51,790
Highjacking do actively look for broken links on BHAVANI programs only to say yes.

22
00:01:52,340 --> 00:01:56,060
And then security researchers said no.

23
00:01:56,510 --> 00:02:01,370
They do not identify a broken link highjacking on many big bounty programs.

24
00:02:02,920 --> 00:02:10,290
Now, this sounds a lot like a subdomain because in which we take over the subdomains of target programs,

25
00:02:10,780 --> 00:02:17,800
but in this we are going to take over not the subdomains, but the resources, the links which are already

26
00:02:17,800 --> 00:02:19,620
there into the Web application.

27
00:02:20,290 --> 00:02:25,690
So let's understand this with the help of a figure, as you can see, onto the left hand side is the

28
00:02:25,690 --> 00:02:31,730
attacker and the right hand side is the server on which there are some links which are vulnerable.

29
00:02:32,410 --> 00:02:40,570
So let's say the attacker sends a request onto the target server where there is a link of the social

30
00:02:40,570 --> 00:02:46,920
media and let's say it is pointing to Lingnan when the attacker receives a response from the server,

31
00:02:47,560 --> 00:02:52,850
it is not found for 04 or your profile does not exist.

32
00:02:53,320 --> 00:02:59,680
This basically means that the link is broken and is not available on Lingnan.

33
00:03:00,070 --> 00:03:08,110
Thus the attacker quickly signs up on LinkedIn platform and takes the same username which have been

34
00:03:08,110 --> 00:03:09,700
pointed on the server.

35
00:03:10,690 --> 00:03:18,400
This way, the attacker can serve a malicious profile on the server and anyone who comes onto the server

36
00:03:18,520 --> 00:03:25,960
and clicks on the social media of LinkedIn will be redirected to the attacker and will be communicated

37
00:03:25,960 --> 00:03:30,630
to the attackers profile, which he has impersonated and made onto.

38
00:03:31,450 --> 00:03:33,640
This is just not limited to LinkedIn.

39
00:03:34,000 --> 00:03:39,490
They can be many broken links to other social media platforms like Twitter, Facebook, Instagram,

40
00:03:39,490 --> 00:03:49,900
etc. to make this more bad, if they can build links that can be hijacked of S3 bucket as well as JavaScript

41
00:03:49,900 --> 00:03:56,660
files to serve malicious content and pop up exercise based on vulnerabilities as well.

42
00:03:57,610 --> 00:04:04,450
So I hope you guys understood how dangerous it is if these types of issues are not fixed and how what

43
00:04:04,450 --> 00:04:07,310
can be the impact of broken link hijacking?

44
00:04:08,410 --> 00:04:13,150
Now let's understand one more example of broken link hijacking.

45
00:04:14,170 --> 00:04:20,740
This can be a dangerous vulnerability because the attacker can serve malicious content to all the users.

46
00:04:21,100 --> 00:04:24,940
As you can see, under the figure on the right hand side, there is an attacker.

47
00:04:25,390 --> 00:04:31,140
Let's say he wants to identify a script onto the target server.

48
00:04:31,300 --> 00:04:37,770
So let's add a script name is programmed, not S.H. So he clicks onto the website and there he sees

49
00:04:37,780 --> 00:04:44,140
a button of download script when he clicks onto that download script and the server sends a request

50
00:04:44,140 --> 00:04:45,700
to its CDN.

51
00:04:45,880 --> 00:04:52,810
Let's say the script is hosted on the AWB S3 bucket, but the link is broken.

52
00:04:53,380 --> 00:05:01,900
Now the attacker can quickly go onto a W.S., make the same bucket name and serve program dot asset

53
00:05:01,900 --> 00:05:06,490
as a malicious content on malicious file to all its users.

54
00:05:07,000 --> 00:05:16,300
This way, anyone who tries to download the file and execute this file will execute not the legitimate

55
00:05:16,300 --> 00:05:20,650
file from the server, but a harmful, malicious file of the attacker.

56
00:05:21,490 --> 00:05:28,510
So this way the attacker can compromise the security of all the users by serving his own malicious,

57
00:05:28,510 --> 00:05:29,730
executable files.

58
00:05:30,700 --> 00:05:37,810
This way, it increases the severity and criticality of this vulnerability, so I hope you guys understood.

59
00:05:38,230 --> 00:05:38,800
Thank you.