jhaddix
commented
7 years ago If the takeover can be proven, then yes I'd classify as the highest of these impacts (P2 - Stored XSS). Not sure if I'd create a standalone category though.
Closed EdOverflow closed 7 years ago
jhaddix
commented
7 years ago If the takeover can be proven, then yes I'd classify as the highest of these impacts (P2 - Stored XSS). Not sure if I'd create a standalone category though.
plr0man
commented
7 years ago Thanks for the writeup @EdOverflow! I agree with @jhaddix, looks like the existing entries are sufficient to clearly classify every scenario you describe. Please let us know if you would like to propose any improvements though.
trimkadriu
commented
5 years ago Can we re-open for discussion this issue? I feel like this is being overrated, specifically the impersonation part.
Please refer to this technical write-up on "Broken Link Hijacking" (BLH): https://edoverflow.com/2017/broken-link-hijacking/
BLH can be broken down into two main categories: Stored and reflected.
The different (sub)categories can be classified as follows:
Impersonation
This one I am not too sure about, since it really depends on how convincing the attack is. If the link is the main installation button on the homepage it is going to cause more trouble than a little broken Facebook link on a company's "About" page.
External JS or SVG File Hijacking
This is essentially stored XSS. The attacker's malicious code is stored in the page. This should be rated the same as stored XSS:
Information Leakage
This would mainly fall under:
Content Hijacking
This category depends entirely on the content being served, but for the most part I imagine this would belong to:
Reflected
This is the same as reflected XSS.