MOSEB-30 Bonus: Redirectors #2

22:45 30.06.2007

New bonus vulnerabilities in MOSEB. Today is the day of redirectors, as I wrote in MOSEB-30: Redirectors #1, and I continue to show you redirectors holes in search engines.

The list of redirectors in search engines (part 2).

MSN:

Meta:

Aport:

AOL Search:

Netscape Search:

MetaCrawler:

InfoSpace:

About Google’s redirectors.

I wrote about three Google’s redirectors in MOSEB-30 and I told, that first one already fixed.

This redirector hole worked some time ago, but after security community attracted attention of Google to the issue, they made protection for this hole (using redirect notice page). But Google fixed it poorly, so it is possible to bypass this protection.

You just need to make working link (with necessary hash) and redirector will work :-) . But this hash is temporal, so you need to update it periodically to fresh one.

Or you can use another redirector from Google (it is another version of first redirector and with constant hash):

Moral: clicking on redirecting links can be dangerous.

P.S.

Tomorrow I will total the project’s results. And also I’ll count up votes for all the bugs and find out the best bug of MOSEB. So if you didn’t vote for the bugs yet (in comments) you can do it now, and tomorrow you will see the results.


Leave a Reply

You must be logged in to post a comment.