Closed codingo closed 4 years ago
The team voted in favor of this new entry having a baseline of P4. This could be potentially classified as follows:
P4: Server-Side Injection > Content Spoofing > Social Media Account Takeover
This has already been discussed to some degree before (see @EdOverflow's writeup in #84). Let's consider an alternative name for this entry:
P4: Server-Side Injection > Content Spoofing > Impersonation via Broken Link Hijacking
Currently social media account takeovers are being classified as either
high impact subdomain takeover
or alow impact subdomain takeover
. This causes a misalignment of expectation as the impact of a social media account takeover is widely varied and in some cases would beP4
, and in others aP1
depending on how widely the account is still referenced on the website(s) in question.For discussion, a potential new category: