My First Bounty Story$$$

Hello Hackers!!

Hope You’re fine & you’re family too…

Many of us always try to find those Bugs which is so common like XSS, IDOR, CSRF, etc. That’s why I want to share with you something. I believe in Manual Testing than Automation.

Introduction:-

Stored Link Hijacking

Description:-

When a company deletes their social media account they might forget to remove the link from their website. An attacker can create an account on the social media platform with that username and impersonate the company.

How I’m Able to find the BUG?

Step 1:- I Found some Social Media Link of the Target site.

Step 2:- When I click on Instagram Logo. Then I’ll be redirected into Target Instagram Profile.

Step 3:- Yeah the username is valid but the page isn’t available.

Now the question is coming out that what should an attacker do with the Target Company Using this BUG?

Step 1:- An Attacker Creates an Instagram profile using this Target Company username.

Step 2:- When any visitors click on Instagram logo they will be redirected into Attackers Profile.

IMPACT:-

An attacker can host any content and if he hosts any dirty content it will degrade the company’s FAME.

Thanks for taking the time to read my write-up!!!

Initial Severity When I reported P4

#Bug-Bounty #CyberSecurity #Bugcrowd