How is this redirect done???

Every so often I take a look at what the Viagra marketers are doing to rank. I just ran into something that?s got me scratching my head wondering how they did it and I?m hoping someone can tell me how.
As of right now the number 4 listing in Google for ?buy Viagra? is the following page:

h**p://osdbuforecast.hhs.gov/hhs_services/procurement/details.cfm?id=11363&buy-viagra

Now this domain happens to belong to the US Department of Health and Human Services. If you click on the link you will very briefly see the page on that domain and then you are redirected to this guy?s Viagra page on another domain.

How the heck do you redirect from a US government website? What?s more, how can you get away with it?

 

probably an XSS exploit. He probably somehow got a piece of javascript on that site in his profile or something.

 

yeah, for sites like that they use XSS exploits and others. Then for the redirect its just a simple java code

 

In general using XSS against a government website is very ill-advised.

 

Indeed.

 

Thanks to everyone who replied on this. I would have to agree that this is not something you would ordinarily want to try on a US Government website.

I noticed that at the time I am writing this post that he is now in the #1 position for "buy Viagra". Any idea on how much someone might be pulling in a day with this ranking for this keyword phrase?

 

I wish i knew too.

 

Xss redirects are pretty old now however if you have a scanner for xss exploits you can have limitless redirects. Also pretty stupid to use .gov / .edu's to inject exploit in lol

 

Not everybody wants "Viagra"