Broken Link Hijacking

What is Broken Link Hijacking?

So first thing first, let us define broken link hijacking, a very easy bug class. A web page generally loads with a lot of links to both on-site(host isn’t external) and external locations.  Consider this: “a web app say renders links which reference to external websites/domains, some of the links reference or lead a user to say The domain expires and isn’t used but still embeds the link leading its to”. This is what a broken link hijacking means, a link embedded in a web app that is broken (not used) and so anyone can claim it.


The examples of broken links are not limited to domains, it could also be links to social accounts, that could be claimed by other people, project-names that aren’t used and could be used by attackers and thus impersonating legitimate user’s identity. 

How did I find a BLH ?

Since putting it in steps would make it easier to understand, let us understand it piece by piece.

* The following link (not broken BTW) will take you to a new domain that helps in finding broken links:


 I used the same and found a web app at a location was linking to a domain that didn’t exist.


* I bought the domain and claimed the domain it was linking and hence the link (full endpoint).



This is what it looked like:


Step1) Go to and click on a link in NEW TAB

Step2) Buy (.com was claimed BTW) and buy a hosting.

Step3) Create dirs: /blog/abc

Step4) Upload: “This is a broken link hijacking POC” in /blog/abc.

Step5) Repeat Step1.

I attempted to explain this easily so even the novice to the bug bounty can understand, if you still do seem to have any questions, comment below like always. 🙂

One thought on “Broken Link Hijacking

Leave a Reply

Your email address will not be published. Required fields are marked *