1
00:00:01,810 --> 00:00:04,370
Hello, everyone, and welcome to this video.

2
00:00:04,990 --> 00:00:11,260
So this is a very interesting find by one of the security researchers in which he was able to take over

3
00:00:11,260 --> 00:00:13,780
a company's Instagram page in two minutes.

4
00:00:13,990 --> 00:00:17,710
So this is, again, an example of broken link highjacking.

5
00:00:18,580 --> 00:00:24,220
So are you thinking I heard about subdomain hijacking, but what is broken link hijacking?

6
00:00:24,910 --> 00:00:30,370
So there is only one difference between what it involves an expired link onto the target page.

7
00:00:30,610 --> 00:00:31,080
All right.

8
00:00:31,090 --> 00:00:33,190
So we know this now.

9
00:00:33,760 --> 00:00:41,430
When the user came onto the target web application, he came onto one of the order that was Instagram,

10
00:00:41,440 --> 00:00:46,510
as you can see over here, Instagram, dot com target instar one, two, three.

11
00:00:46,990 --> 00:00:50,250
And you can see sorry the speed isn't available.

12
00:00:50,260 --> 00:00:54,250
Message onto the target Instagram page of the target company.

13
00:00:55,810 --> 00:01:04,750
Now we can take over this particular target name, so he successfully created and he was able to take

14
00:01:04,750 --> 00:01:07,780
over the company's Instagram page, so impact.

15
00:01:07,920 --> 00:01:11,740
The issue is more reputational than monetary loss to the company.

16
00:01:12,010 --> 00:01:17,330
Attacker can post bad content in the name of the company as the page is linked into the website.

17
00:01:17,470 --> 00:01:22,570
So whenever a legitimate user comes and clicks will be redirected to the attacker controlled account.

18
00:01:23,110 --> 00:01:29,650
Now, the impact can also be increased in a way that the attacker tries to communicate with the users

19
00:01:29,800 --> 00:01:35,800
through the name of the organization on which the account has been successfully created.

20
00:01:36,160 --> 00:01:39,370
That can also lead to monetary loss.

21
00:01:40,720 --> 00:01:46,970
So this was a very, very simple report that was identified and reported to the target organization.

22
00:01:47,320 --> 00:01:54,730
So this gives you a brief idea of how not to miss these types of vulnerabilities into the social media

23
00:01:54,730 --> 00:01:57,830
handles on any target of application.

24
00:01:58,330 --> 00:01:59,860
So I hope you guys understood this.

25
00:02:00,190 --> 00:02:00,760
Thank you.