Yahoo! redirects unleashed Copy/Paste from http://hackersblog.org article: Yahoo redirects are and have been continuously used for spam, phishing and black SEO. Even though Yahoo is struggling to solve this problem, they are easy to find. When I say ease i mean seconds not minutes or hours. The whole trick is to know how a patched link looks like. Its not hard at all. All you need is: Firefox Link Gopher add-on A search engine. How does a link that can be used as for a redirect looks like? http://us.ard.yahoo.com/SIG=15temu9ra/M=289534.6253107.7244481.6080815/D=classreal/S=750052198:FOOT/Y=YAHOO/EXP=1232849833/L=BmyXB86.ODX4VzI3SXtvrR9kVmjCm0l7r4kACp1e/B=NoaQBNj8a.0-/J=1232842633729605/K=pIWiCLQq81S96lmhwDqmiw--/A=2650127/R=2/SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html How does a link that can NOT be used as for a redirect to a site outside *.yahoo.com look like? http://rds.yahoo.com/_ylt=AkWscG8XXla3AoABf80g_WeHHwx.;_ylv=0/SIG=11idii63e/EXP=1232929280/**http%3A//hk.knowledge.yahoo.com/ How can we tell which link can be used? Notice this part of the link (from the first example): SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html After /* there follows the unaltered link to a diffrent domain. The second link is a bit diffrent. 1232929280/**http%3A//hk.knowledge.yahoo.com/ Don't mind the number of "stars". This is what tells us that this redirect is useless: http%3A//. All links from redirect that start with http%3A// cannot be used for sites outside yahoo.com. I can bet that there wont be more then a week from now (the moment of posting the article) and this bug will be fixed cause we noticed a sudden love from Yahoo who is kind enough to pay us visits almost every day :) // End of article // Video demonstration: http://www.trilulilu.ro/hackersblog/b07ad9934d9738 http://sla.ckers.org/forum/read.php?3,26259,26259#msg-26259 Wed, 19 Jun 2013 19:32:50 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?3,26259,26357#msg-26357 Re: Yahoo! redirects unleashed http://sla.ckers.org/forum/read.php?3,26259,26357#msg-26357 xc0r3 Full Disclosure Fri, 30 Jan 2009 10:21:43 -0600 http://sla.ckers.org/forum/read.php?3,26259,26259#msg-26259 Yahoo! redirects unleashed http://sla.ckers.org/forum/read.php?3,26259,26259#msg-26259
Yahoo redirects are and have been continuously used for spam, phishing and black SEO. Even though Yahoo is struggling to solve this problem, they are easy to find. When I say ease i mean seconds not minutes or hours.

The whole trick is to know how a patched link looks like. Its not hard at all.

All you need is:

Firefox

Link Gopher add-on

A search engine.

How does a link that can be used as for a redirect looks like? 

http://us.ard.yahoo.com/SIG=15temu9ra/M=289534.6253107.7244481.6080815/D=classreal/S=750052198:FOOT/Y=YAHOO/EXP=1232849833/L=BmyXB86.ODX4VzI3SXtvrR9kVmjCm0l7r4kACp1e/B=NoaQBNj8a.0-/J=1232842633729605/K=pIWiCLQq81S96lmhwDqmiw--/A=2650127/R=2/SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html

How does a link that can NOT be used as for a redirect to a site outside *.yahoo.com look like? 

http://rds.yahoo.com/_ylt=AkWscG8XXla3AoABf80g_WeHHwx.;_ylv=0/SIG=11idii63e/EXP=1232929280/**http%3A//hk.knowledge.yahoo.com/

How can we tell which link can be used?

Notice this part of the link (from the first example):

SIG=11lp7krrc/*
http://docs.yahoo.com/info/copyright/copyright.html

After /* there follows the unaltered link to a diffrent domain.

The second link is a bit diffrent.

1232929280/**http%3A//hk.knowledge.yahoo.com/

Don't mind the number of "stars". This is what tells us that this redirect is useless: http%3A//.

All links from redirect that start with http%3A// cannot be used for sites outside yahoo.com.

I can bet that there wont be more then a week from now (the moment of posting the article) and this bug will be fixed cause we noticed a sudden love from Yahoo who is kind enough to pay us visits almost every day :)


// End of article //

Video demonstration: http://www.trilulilu.ro/hackersblog/b07ad9934d9738]]> 2fingers Full Disclosure Sat, 24 Jan 2009 20:13:16 -0600