Add Broken Link Hijacking

[EdOverflow]

Please refer to this technical write-up on "Broken Link Hijacking" (BLH): https://edoverflow.com/2017/broken-link-hijacking/

BLH can be broken down into two main categories: Stored and reflected.

The different (sub)categories can be classified as follows:

Impersonation

This one I am not too sure about, since it really depends on how convincing the attack is. If the link is the main installation button on the homepage it is going to cause more trouble than a little broken Facebook link on a company's "About" page.

External JS or SVG File Hijacking

This is essentially stored XSS. The attacker's malicious code is stored in the page. This should be rated the same as stored XSS:

Information Leakage

This would mainly fall under:

Content Hijacking

This category depends entirely on the content being served, but for the most part I imagine this would belong to:

Reflected

This is the same as reflected XSS.

[jhaddix]

If the takeover can be proven, then yes I'd classify as the highest of these impacts (P2 - Stored XSS). Not sure if I'd create a standalone category though.

[plr0man]

Thanks for the writeup @EdOverflow! I agree with @jhaddix, looks like the existing entries are sufficient to clearly classify every scenario you describe. Please let us know if you would like to propose any improvements though.

[trimkadriu]

Can we re-open for discussion this issue? I feel like this is being overrated, specifically the impersonation part.