1
00:00:00,480 --> 00:00:01,830
And welcome to this video.

2
00:00:02,490 --> 00:00:09,060
So in this video, we are going to see interesting broken link highjacking report in which a security

3
00:00:09,060 --> 00:00:14,560
researcher was able to identify this issue on one of the program on hacker one.

4
00:00:15,150 --> 00:00:22,020
So let's have a closer look onto this report, which was submitted to a bug bounty program, which is

5
00:00:22,020 --> 00:00:22,830
a great pick.

6
00:00:23,730 --> 00:00:30,950
As you can see, the security researcher was able to identify the issue on a subdomain, which is Greatbatch,

7
00:00:30,960 --> 00:00:32,720
not Berrick, not pro.

8
00:00:33,300 --> 00:00:40,480
Now, for those who do not know what is Pyhrric, it is an alternative for Google Analytics suit.

9
00:00:40,920 --> 00:00:49,020
So these are some of the software or services which are used by many of the organizations to keep track

10
00:00:49,020 --> 00:00:58,350
of their data and to keep track of how many users or customers are landing onto their web applications.

11
00:00:58,740 --> 00:01:02,310
So as you can see, this is an alternative to Google Analytics.

12
00:01:02,690 --> 00:01:13,320
Now, what happened here was that Greatbatch had one of its account on Pavic DOT probe, and this led

13
00:01:13,320 --> 00:01:17,620
to this subdomain takeover, as you can see over here.

14
00:01:18,210 --> 00:01:25,360
Now, actually, the root cause of this was which is mentioned by the program owner.

15
00:01:25,710 --> 00:01:31,970
The issue is that we have stopped using Pyhrric, but it still includes the JavaScript on our pages.

16
00:01:32,490 --> 00:01:41,760
Now, due to this, the subdomain, which is Greatbatch dot dot probe, was still available to claim

17
00:01:41,760 --> 00:01:44,820
by the security researcher, as you can see over here.

18
00:01:45,180 --> 00:01:49,390
So this is clearly Bay Pro and you can see the subdomain is available.

19
00:01:49,800 --> 00:01:56,580
Now, the main thing that arises over here is how did the security researcher came to know about this?

20
00:01:57,210 --> 00:02:01,860
It is just because of the broken links into the JavaScript files.

21
00:02:02,430 --> 00:02:11,040
And due to this, the issue came up and the security researcher was quickly able to escalate it to claim

22
00:02:11,040 --> 00:02:15,840
this subdomain free of cost and show the proof of concept.

23
00:02:16,830 --> 00:02:19,260
So this is, again, a very interesting find.

24
00:02:19,260 --> 00:02:26,940
And you should always remember that JavaScript files can be very, very useful to identify manuals and

25
00:02:26,940 --> 00:02:33,750
to track if they are still valid or that in case they are dead, then at a very, very good for us to

26
00:02:33,750 --> 00:02:40,530
claim those particular URLs if they're pointing onto any cloud service or public services that can be

27
00:02:40,530 --> 00:02:46,140
easily claimed and we can decode that to show the criticality and severity of the issue.

28
00:02:46,890 --> 00:02:54,450
So I hope you guys understood this and learn from this bug bounty report that how you should also look

29
00:02:54,450 --> 00:02:57,600
over all the files and do not miss it.

30
00:02:57,990 --> 00:02:58,530
Thank you.