Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Yahoo! redirects unleashed
Posted by: 2fingers
Date: January 24, 2009 08:13PM

Copy/Paste from http://hackersblog.org article:

Yahoo redirects are and have been continuously used for spam, phishing and black SEO. Even though Yahoo is struggling to solve this problem, they are easy to find. When I say ease i mean seconds not minutes or hours.

The whole trick is to know how a patched link looks like. Its not hard at all.

All you need is:

Firefox

Link Gopher add-on

A search engine.

How does a link that can be used as for a redirect looks like?

http://us.ard.yahoo.com/SIG=15temu9ra/M=289534.6253107.7244481.6080815/D=classreal/S=750052198:FOOT/Y=YAHOO/EXP=1232849833/L=BmyXB86.ODX4VzI3SXtvrR9kVmjCm0l7r4kACp1e/B=NoaQBNj8a.0-/J=1232842633729605/K=pIWiCLQq81S96lmhwDqmiw--/A=2650127/R=2/SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html

How does a link that can NOT be used as for a redirect to a site outside *.yahoo.com look like?

http://rds.yahoo.com/_ylt=AkWscG8XXla3AoABf80g_WeHHwx.;_ylv=0/SIG=11idii63e/EXP=1232929280/**http%3A//hk.knowledge.yahoo.com/

How can we tell which link can be used?

Notice this part of the link (from the first example):

SIG=11lp7krrc/*
http://docs.yahoo.com/info/copyright/copyright.html

After /* there follows the unaltered link to a diffrent domain.

The second link is a bit diffrent.

1232929280/**http%3A//hk.knowledge.yahoo.com/

Don't mind the number of "stars". This is what tells us that this redirect is useless: http%3A//.

All links from redirect that start with http%3A// cannot be used for sites outside yahoo.com.

I can bet that there wont be more then a week from now (the moment of posting the article) and this bug will be fixed cause we noticed a sudden love from Yahoo who is kind enough to pay us visits almost every day :)


// End of article //

Video demonstration: http://www.trilulilu.ro/hackersblog/b07ad9934d9738

Options: ReplyQuote
Re: Yahoo! redirects unleashed
Posted by: xc0r3
Date: January 30, 2009 10:21AM

cool !

[ Xc0re Security Research Group ]
http://www.xc0re.net

Options: ReplyQuote


Sorry, only registered users may post in this forum.