1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How is this redirect done???

Discussion in 'Cloaking and Content Generators' started by TipTop, Mar 25, 2009.

  1. TipTop

    TipTop Registered Member

    Joined:
    Jun 26, 2008
    Messages:
    74
    Likes Received:
    53
    Location:
    Ohio
    Every so often I take a look at what the Viagra marketers are doing to rank. I just ran into something that?s got me scratching my head wondering how they did it and I?m hoping someone can tell me how.
    As of right now the number 4 listing in Google for ?buy Viagra? is the following page:

    h**p://osdbuforecast.hhs.gov/hhs_services/procurement/details.cfm?id=11363&buy-viagra

    Now this domain happens to belong to the US Department of Health and Human Services. If you click on the link you will very briefly see the page on that domain and then you are redirected to this guy?s Viagra page on another domain.

    How the heck do you redirect from a US government website? What?s more, how can you get away with it?
     
  2. Barbacamanitu

    Barbacamanitu Power Member

    Joined:
    May 8, 2008
    Messages:
    500
    Likes Received:
    91
    probably an XSS exploit. He probably somehow got a piece of javascript on that site in his profile or something.
     
  3. alderous

    alderous Regular Member Premium Member

    Joined:
    Jul 23, 2007
    Messages:
    325
    Likes Received:
    74
    yeah, for sites like that they use XSS exploits and others. Then for the redirect its just a simple java code
     
  4. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    In general using XSS against a government website is very ill-advised.
     
  5. oldenstylehats

    oldenstylehats Elite Member Premium Member

    Joined:
    Apr 10, 2008
    Messages:
    1,893
    Likes Received:
    1,197
    Indeed.
     
  6. TipTop

    TipTop Registered Member

    Joined:
    Jun 26, 2008
    Messages:
    74
    Likes Received:
    53
    Location:
    Ohio
    Thanks to everyone who replied on this. I would have to agree that this is not something you would ordinarily want to try on a US Government website.

    I noticed that at the time I am writing this post that he is now in the #1 position for "buy Viagra". Any idea on how much someone might be pulling in a day with this ranking for this keyword phrase?
     
    Last edited: Mar 25, 2009
  7. link_36p

    link_36p Newbie

    Joined:
    Mar 13, 2009
    Messages:
    13
    Likes Received:
    1
    I wish i knew too.
     
  8. proscale

    proscale Regular Member

    Joined:
    Mar 9, 2009
    Messages:
    319
    Likes Received:
    98
    Xss redirects are pretty old now however if you have a scanner for xss exploits you can have limitless redirects. Also pretty stupid to use .gov / .edu's to inject exploit in lol
     
  9. z28legend

    z28legend Newbie

    Joined:
    Mar 28, 2009
    Messages:
    16
    Likes Received:
    1
    Not everybody wants "Viagra"