1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Abusing redirects

Discussion in 'Black Hat SEO' started by mightybh, Mar 7, 2009.

  1. mightybh

    mightybh Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 27, 2008
    Messages:
    1,029
    Likes Received:
    1,714
    Occupation:
    CEO
    Location:
    UK
  2. kieranadvert

    kieranadvert Newbie

    Joined:
    Feb 15, 2009
    Messages:
    49
    Likes Received:
    4
    Occupation:
    Making big $$$
    Location:
    Somewhere :O
    From reading it I found it quite straight forward. Often times sites have redirects for either downloading (getting) files or a script to redirect when a page cannot be found (404). Spammers can exploit this by appending the destination URL as a parameter to the script.
     
  3. sitey

    sitey Newbie

    Joined:
    Mar 8, 2009
    Messages:
    26
    Likes Received:
    1
    I don't know any sites with open redirects like those that were mentioned here, but it's very similar to "search query" sql injection, where you add a link to your site through an sql injection in the search box.
     
  4. mightybh

    mightybh Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 27, 2008
    Messages:
    1,029
    Likes Received:
    1,714
    Occupation:
    CEO
    Location:
    UK
    Ah for some reason I thought it might be something different. In that case you might as well go around injecting your links into website footers and redirecting whole domains. That's not so fun and not so legal.
     
  5. sitey

    sitey Newbie

    Joined:
    Mar 8, 2009
    Messages:
    26
    Likes Received:
    1
    How would you suggest injecting your links into a site's footer else than breaking into the backend system?
     
  6. mightybh

    mightybh Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 27, 2008
    Messages:
    1,029
    Likes Received:
    1,714
    Occupation:
    CEO
    Location:
    UK
    Most scripts out there are vulnerable. Its very easy to knock up a quick script and start selling it however they are not always secure. You can either keep an eye on latest exploits (Eg. milw0rm.com) or search for one yourself. Obviously you will need some knowledge of coding etc.

    -edit-

    Oh sorry, I thought it was somebody else asking a question... I'm a bit hungover ATM.

    I don't know, I thought there would be some clever way. This is why I was asking.
     
  7. autosurf23

    autosurf23 Registered Member

    Joined:
    Feb 24, 2009
    Messages:
    50
    Likes Received:
    2
    interested in knowing too