Every so often I take a look at what the Viagra marketers are doing to rank. I just ran into something that?s got me scratching my head wondering how they did it and I?m hoping someone can tell me how. As of right now the number 4 listing in Google for ?buy Viagra? is the following page: h**p://osdbuforecast.hhs.gov/hhs_services/procurement/details.cfm?id=11363&buy-viagra Now this domain happens to belong to the US Department of Health and Human Services. If you click on the link you will very briefly see the page on that domain and then you are redirected to this guy?s Viagra page on another domain. How the heck do you redirect from a US government website? What?s more, how can you get away with it?
probably an XSS exploit. He probably somehow got a piece of javascript on that site in his profile or something.
yeah, for sites like that they use XSS exploits and others. Then for the redirect its just a simple java code
Thanks to everyone who replied on this. I would have to agree that this is not something you would ordinarily want to try on a US Government website. I noticed that at the time I am writing this post that he is now in the #1 position for "buy Viagra". Any idea on how much someone might be pulling in a day with this ranking for this keyword phrase?
Xss redirects are pretty old now however if you have a scanner for xss exploits you can have limitless redirects. Also pretty stupid to use .gov / .edu's to inject exploit in lol
