Broken Link on Urban Company's Vulnerability Submission Form

## Summary: - Urban Company has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user. And then later the malicious user can exploit this issue to deceive new researchers to submit their legitimate findings to the wrong hands. ## Steps To Reproduce: 1.Visit https://hackerone.com/urbancompany/reports/new?type=team&report_type=vulnerability 2.Click on Security Page. 3. The Security Page points to https://hackerone.com/urbanclap but the URL gives a 404. 4.So, I've impersonated your identity by forming a fake account named 'Security page takeover by awararesearcher' on that link. Here just for the PoC purpose, I've taken over that broken link by making an account with that username and added some context to show what impact can be made. Also, I'll surely release that username after your response. ##Reference - https://edoverflow.com/2017/broken-link-hijacking ## Impact - New researchers can be further deceived if they clicked on that hijacked link. - For Example a specific case might be: A malicious user can create a fake account on that broken redirection link and can deceive researchers arriving on that link. For example, the attacker can ask the researcher to submit his report to him first and if he approves, then only he can submit it to your official page. In this way, it can cause huge damage to your company if a report is critical in any case. - Here I've shown a sample impact by adding some info in that impersonated account.