Broken Link Hijacking — 404 Google Play Store— xxx$ Bounty

Hello Folks 👋 , this is my first write-up and I will tell you how I ended up getting an xxx$ bounty for a simple Broken Link Hijacking with Google Play Store.

What is Broken Link Hijacking?

Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.

And here is my story:

I was on the corporate site of a larger company and fired up my “broken link hijacking” scanner (You can find tools for this at the end of the article). With this, I found several links, but one link piqued my interest a lot. It was a status 404 (not found) link pointing to the Google Play Store. Since I have already developed apps myself, I knew that the Play Store links are unique and correspond to the package name of an app. So I took a closer look at it and was able to adopt the link. After I took over the link, I reported the bug and even got a reward for it.

Steps To Reproduce:

1. I visit the homepage https://redacted.com/about (redacted.com Since I am not allowed to mention the real company name.)
2. Click on “Mobile App for Android”
3. Then the link led to a Status 404 page (not found — see figure…