Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
Broken-Link Hijacking

Steps

  1. 1.
    Manually find and click external links on the target site ( For Example:- Some Links to Social Media Accounts or Some external Media Link)
  2. 2.
    While Doing Manual work also put broken-link-checker in background using below Command interminal.
    blc -rof --filter-level 3 https://example.com/
    Ouput will be like Something.
    ─BROKEN─ https://www.linkedin.com/company/ACME-inc-/ (HTTP_999)
  3. 3.
    Now you need to check if company has the page or not , if no then register as the company or try to get that username or url.

Alternate Step

Reference

Author:

Copy link
On this page
Steps
Alternate Step
Reference