Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
our mysterious friend google
Posted by: backbone
Date: July 11, 2007 03:27PM

how it started?
I've been searching for a website to download sqlbftools, and who other to ask than google: http://www.google.com/search?hl=ro&q=Sqlbftools+download&btnG=C%C4%83utare&meta=
And as you can see the 10th link has got some serious issues... What I don't know.

isolating the problem?
a bit of inner file search I found responsible for the bug the following string (hex encoded): %E6%B3%A8%E5%85%A5%E6%94%BB%E5%87%BB%E7%BB%BC%E5%90%88%E8%BD%AF%E4%BB%B6%E5%8C%85

And this code screws up google in the following way: http://www.google.com/search?hl=en&q=%E6%B3%A8%E5%85%A5%E6%94%BB%E5%87%BB%E7%BB%BC%E5%90%88%E8%BD%AF%E4%BB%B6%E5%8C%85&btnG=C%C4%83utare&meta=

I get the same result in unicode (utf-8, utf-16, etc) and Chinese simplified encoding...

---
blog [-] microblog

Options: ReplyQuote
Re: our mysterious friend google
Posted by: rsnake
Date: July 11, 2007 06:39PM

Can you make a screenshot? All I see is Chinese letters.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: our mysterious friend google
Posted by: backbone
Date: July 12, 2007 10:59AM

even better, I uploaded a vid =)

http://www.mediafire.com/?31x2c969neb

---
blog [-] microblog

Options: ReplyQuote
Re: our mysterious friend google
Posted by: rsnake
Date: July 12, 2007 05:30PM

While a compelling video (what did you use to make that, btw?) I cannot reproduce it at all... Maybe it's because I already have the language packs installed? Can anyone else repro it or can you do it on other machines?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Super-Friez
Date: July 12, 2007 07:31PM

Darn Windows. I hate it. "Coded Not Found." Gotta get Ubuntu.

Well, I downloaded the codec. That seems strange. It must have to do with the language packs, because I have the language packs installed, too, and I see it in Chinese, like rsnake. That doesn't seem to be a really bad bug, though, as it doesn't seem to affect anything else but the results.

Options: ReplyQuote
Re: our mysterious friend google
Posted by: rsnake
Date: July 12, 2007 10:47PM

There is a good reason to figure out why that happens though... if you could do it on purpose you could force the other competitive search results down the page. It's great for blackhat SEO.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: our mysterious friend google
Posted by: backbone
Date: July 13, 2007 10:51AM

rsnake Wrote:
-------------------------------------------------------
> While a compelling video (what did you use to make
> that, btw?) I cannot reproduce it at all... Maybe
> it's because I already have the language packs
> installed? Can anyone else repro it or can you do
> it on other machines?

I used VidShot Capturer for the video... and can't reproduce it on other PC's :(

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Super-Friez
Date: July 13, 2007 01:11PM

Do those other PCs have the language packs installed?

I tried using other Google languages (Google Japan, Google China) to view it, and I always get the same result.

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Anonymous User
Date: July 13, 2007 05:23PM

Could someone explains what happens? I cannot play AVI files

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Super-Friez
Date: July 13, 2007 05:59PM

Download the XVid Codec, then it should work. Basically, what it does is move down all the listings on the page significantly.

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Anonymous User
Date: July 13, 2007 06:09PM

[quot]I cannot play AVI files[/quot]
What?

@Super-Friez: Strange video indeed although I couldn't reproduce it either. First I thought I resulted of weird CRLF injections into the meta keywords but that can't be...

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Ivan
Date: July 14, 2007 10:45AM

I can't reproduce bug ...

http://www.security-net.biz/

Options: ReplyQuote
Re: our mysterious friend google
Posted by: darknessends
Date: July 16, 2007 02:34PM

Since Google Uses UTF 8 encoding I tried to convert it to ISO 8859 -1
in text form this is

http://www.google.com/search?hl=en&q=注入攻击综合软件包&btnG=Căutare&meta=

while in URL is

http%3A%2F%2Fwww.google.com%2Fsearch%3Fhl%3Den%26amp%3Bq%3D%E6%B3%A8%E5%85%A5%E6%94%BB%E5%87%BB%E7%BB%BC%E5%90%88%E8%BD%AF%E4%BB%B6%E5%8C%85%26amp%3BbtnG%3DC%C4%83utare%26amp%3Bmeta%3D

I think there is something intresting in meta.

When a character from the reserved set (a "reserved character") has special meaning (a "reserved purpose") in a certain context, and a URI scheme says that it is necessary to use that character for some other purpose, then the character must be percent-encoded. Percent-encoding a reserved character involves converting the character to its corresponding value in ASCII and then representing that value as a pair of hexadecimal digits. The digits, preceded by a percent sign ("%"), are then used in the URI in place of the reserved character.

UTF-8 (ASCII)

%E6 - æ
%B3 - ³
%A8 - ¨
%E6%B3%A8 - 注 (invisible character here)

There are 27 hex and that makes 9 invisible characters, thats 3 hex for each character.


May be this helps somewhere

Options: ReplyQuote
Re: our mysterious friend google
Posted by: Super-Friez
Date: July 28, 2007 01:13PM

Maybe Google does not know how to process invisible characters?

Or maybe your current language packs can't process it?

Options: ReplyQuote


Sorry, only registered users may post in this forum.