When I started with bug bounty hunting, I became interested in all bugs related to URLs, one of my favorite and easy to exploit / find bugs, are broken link takeovers.

I have found a few since I started, but all of them were links to nonexistent social media accounts…

--

--

While I was looking at companies to do my internship at, I found a company with a link to an nonexistent Twitter account. I thought it would be original to use this takeover to apply for an internship, and immediately show them that their site has a broken link. So I created the application with a few tweets, and mailed the company to tell them to look at the twitter account linked to on their site.

A few hours later, I noticed the URL on their site was updated, but I never got a reply on my email. I don’t think this company was very happy with my application :).

Takeaways

  • If you apply for a job application via broken link takeover, keep in mind that there is a chance the company wont like your application.

--

--