How I Got Hall of Fame in just Two Minutes.

Rohit Soni
3 min readJun 29, 2020

--

A short story behind how I got hall of fame in teamster.app by finding my first broken link hijacking in just two minutes.

Hey everyone! I hope you all are doing well!

I am rohit soni and this is my first write-up hope you will enjoy :-)

First of all, What is broken link hijacking.!?

Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. In simple terms, Broken Link Hijacking is process to find expired links and exploiting them.

Wondering how can I find broken/expired links?

Read this amazing blog written by Edoverflow: https://edoverflow.com/2017/broken-link-hijacking/

Let’s hit the bull’s eye. I mean let’s come to the main topic.

While roaming on linkedin feed, I saw one guy posted a picture of hall of fame of teamster.app website. At that time I was free and I read about broken link hijacking 2–3 days ago. So, I just casually visited the website and was trying to find broken links.

I saw their social media links in footer of the website. There were 5 social media links: Facebook, Twitter, Reddit, Instagram and LinkedIn.

I opened all links in new tab. While going through all tabs I saw this.

Company linkedin page was not claimed.

After seeing this I quickly created a company page with the same name “teamsterapp” and boom..!!

Claimed the company linkedin page and taken over the broken link.

I found broken link hijacking vulnerability in just 2 minutes. Yeah.!😎

I quickly informed them about this and as appreciation they added my name in their credits page: https://teamster.app/credits/

Got listed in credits page of teamster.app for reporting broken link hijacking.

FAQs

• Is this all I can do by finding broken links?

No, There are lot more things you can do by exploiting broken links. You can even find stored XSS by finding and exploiting broken links.

• How can I learn more about broken link hijacking?

Read publicly disclosed HackerOne reports.

Read Edoverflow’s blog on broken link hijacking: https://edoverflow.com/2017/broken-link-hijacking/

• How much bounty for broken link hijacking?

Depends on impact. You may get $50 also or $500 also.

Recently my friend ritik sahni found broken link hijacking while hunting on one program. He got $600 for finding and exploiting broken link.

Isn’t it amazing guys.🔥

Hope you enjoyed my story. If you have any questions or suggestions reach me through instagram, twitter or linkedin.

Happy Hunting. :-)

Instagram: @street_of_hacker

Twitter: @streetofhacker

LinkedIn: Rohit Soni

--

--

Rohit Soni

I am just a random bug bounty hunter who is Passionate about learning more and more….🔥