Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous1234567891011Next
Current Page: 3 of 11
Re: So it begins - Redirects Edition
Posted by: Ghozt
Date: September 29, 2006 09:43PM

https://www.godaddy.com/gdshop/redirect/go.asp?se=%2B&app%5Fhdr=&ci=6629&url=http://ha.ckers.org
http://api.channelcart.com/amdus-buynow/buynow.asp?statsUrl=http://ha.ckers.org



Edited 1 time(s). Last edit at 09/29/2006 10:27PM by Ghozt.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: September 30, 2006 02:44AM

http://www.grisoft.com/linkout.php?doc=14&to=http%3A%2F%2fasdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 01, 2006 09:47PM

http://ad.doubleclick.net/clk;33263492;5516747;o?http://www.asdf.com/

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: digi7al64
Date: October 02, 2006 08:08AM

http://www.scanalert.com/Link.sa?url=http://ha.ckers.org/

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: unsticky
Date: October 02, 2006 06:17PM

XSS for redirrect count? The first one will try to make you download the page contents, depending on the extension, so I gave it a pretty much null redirrect and added my own page contents to redirrect.
Edit: I removed the wiki Header redirrect, as it's actually a wiki bug, and not just limited to that one site, so I'm actually going to report it.
[actifpub.com]



Edited 1 time(s). Last edit at 10/02/2006 07:47PM by unsticky.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: October 02, 2006 06:20PM

It counts, although it's more useful than a redirect alone (since it can do both) and probably belongs in the XSS section.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: unsticky
Date: October 02, 2006 06:34PM

Then I'll post it there too! Just buildin up my post count.. uh huh. Gonna be 5 now!



Edited 2 time(s). Last edit at 10/02/2006 06:50PM by unsticky.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: October 02, 2006 07:17PM

Look at you go! Let's shoot for 6. I think you can do it. ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 02, 2006 09:32PM

it works for most their subdomains it seems.. the only one i found that it didn't work for is finance.google.com

http://www.google.com/local_url?q=http://asdf.com
http://maps.google.com/local_url?q=http://asdf.com
http://eval.google.com/local_url?q=http://asdf.com
http://sketchup.google.com/local_url?q=http://asdf.com
http://browsersync.google.com/local_url?q=http://asdf.com
http://desktop.google.com/local_url?q=http://asdf.com
http://toolbar.google.com/local_url?q=http://asdf.com
http://earth.google.com/local_url?q=http://asdf.com
http://picasa.google.com/local_url?q=http://asdf.com
http://toolbarqueries.google.com/local_url?q=http://asdf.com
etc..

found courtesy of the maps.google one being marked as a phishing site at phish tank .. although i think the www.google one is common knowledge

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 03, 2006 02:21PM

http://www.walmart.com/third_party_redirector.gsp?vendor=LIQUID_AUDIO&service=CATALOG_SERVICE&url=http%3A%2F%2Fgoogle.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 01:32AM

http://www.yourfreevids.com/st/st.php?id=1856&script=1&url=http://asdf.com

found when googling for grandma porn _-_

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: id
Date: October 04, 2006 02:02AM

Thanks for the grandma porn plug, WE WILL BE NUMBER ONE.

-id

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 03:49AM

heh, so it seems that they whitelist google..

http://usa.visa.com/track/dyredir.jsp?rDirl=http://www.google.com/local_url?q=http://asdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: October 04, 2006 10:29AM

Hmmm... nice catch... I'm not even going to ask how you found that, but very clever.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 01:26PM

lol, i have my methods :x ..

http://www.samsung.com.au/myguide/tracking/dyredir.asp?d=rn_mcom002_rp_sec&rdirl=http://asdf.com

and leaving the rdirl= blank, i was amused to find a personal comment on a major site: http://www.samsung.com.au/myguide/tracking/dyredir.asp?d=rn_mcom002_rp_sec&rdirl=

I'm sorry, the link you clicked appears invalid. We will return to your previous page.
<!-- Ryan, you should put back script here... -->
<SCRIPT>


</SCRIPT>

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: October 04, 2006 01:36PM

Hahah.. Ryan isn't a very good programmer it appears. ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 01:47PM

This one has probably already been well known, as its blaringly obvious on the front page

http://www.google.com/url?sa=t&url=http%3A%2F%2Fwww.asdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 02:11PM

And i dunno if this one actually counts.. as it can only direct to other google domains (or maybe others on the whitelist) so it still has to go through another redirect.

https://www.google.com/accounts/Logout?service=ig&continue=http://google.com/local_url?q%3Dhttp://www.asdf.com&cd=US

but.. if you need to log the victim out as part of a CSRF and want confirmation that they were.. this is useful to test by https://www.google.com/accounts/Logout?service=ig&continue=http://google.com/local_url?q%3Dhttp://www.evilsite.com/sploit.php?logout%3Ddone&cd=US

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 02:21PM

the same rules for this, but i'm not sure how it gould be leveraged, aside from making sure theyre logged in, before using CSRF to email yourself their cookies
https://www.google.com/accounts/ServiceLogin?service=ig&passive=true&continue=http://www.google.com/local_url%3Fq%3Dhttp%3A%2F%2Fasdf%2F

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 04, 2006 04:35PM

http://us.ard.yahoo.com/SIG=12jjt2npt/M=533106.8794185.10129908.7714426/D=yahoo_top/S=2716149:SM3/_ylt=ApEw9DLF7tjRDBk0_7EtmP71cSkA/Y=YAHOO/EXP=1160004448/*http://asdf.com

Now, if you notice the EXP parameter in the link: EXP=1160004448/ .. it expires after a while but i have no idea how long of a while that is. Refreshing the page gives a new expiration.. but its somehow related to the other variables, so that helps mitigate phishing somewhat. My guess is it gets hashed and compared to the _ylt .. maybe when yahoo opens it's code they'll reveal their hash function as well ^^

Until then.. goto the front page yahoo.com and ctrl-F in the source for us.ard.yahoo

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: digi7al64
Date: October 05, 2006 02:44AM

http://rds.yahoo.com/_ylt=/**http://example.com << no restrictions

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 02:53AM

ah, outta curiousity, which area did you find it in? i looked at 3/4 of em, but all had whitelist checks :T

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 03:05AM

http://clk.atdmt.com/MSN/go/msnnkwto0060000001msn/direct/01/?href=http://asdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 03:15AM

other random advertisers, http://links.industrybrains.com/click?sid=254&lid=380798&cid=63044&pr=2&tstamp=20061004224622&url=http://www.asdf.com

other parameters seem necessary, may have to update the tstamp=

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 03:19AM

http://dictionary.reference.com/go/http://www.asdf.com/
http://thesaurus.reference.com/go/http://www.asdf.com

-maluc



Edited 1 time(s). Last edit at 10/05/2006 03:20AM by maluc.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 03:25AM

http://portal.spidynamics.com/utility/Redirect.aspx?U=http%3a%2f%2fasdf.com
they should probably know better

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 03:36AM

http://www.nytimes.com/adx/bin/adx_click.html?type=goto&page=homepage.nytimes.com/index.html&camp=nytnyt-Box2&ad=greatread_banners120x90b.gif&goto=http%3A%2F%2Fwww%2Easdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 02:32PM

ah, once again visa fixed the redirect quite fast..

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: maluc
Date: October 05, 2006 09:09PM

another advertiser: http://dynamic.fmpub.net/adserver/adclick.php?bannerid=&dest=http%3A%2F%2Fasdf.com

-maluc

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: digi7al64
Date: October 05, 2006 10:45PM

http://rds.yahoo.com/search/submit/travel/*-http://ha.ckers.org
http://rds.yahoo.com/search/submit/free/*-http://ha.ckers.org
http://rds.yahoo.com/search/submit/mobile_free/*-http://ha.ckers.org
http://rds.yahoo.com/search/submit/mrss_free/*-http://ha.ckers.org/
http://rds.yahoo.com/search/submit/PI/*-http://ha.ckers.org/
http://rds.yahoo.com/search/submit/p4p/*-http://ha.ckers.org/
http://rds.yahoo.com/search/submit/product/*-http://ha.ckers.org/
http://rds.yahoo.com/search/submit/yexpress/*-http://ha.ckers.org/
http://rds.yahoo.com/search/submit/ystd/*http://ha.ckers.org/

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Pages: Previous1234567891011Next
Current Page: 3 of 11


Sorry, only registered users may post in this forum.