How the hell is this done?

seemayer

Junior Member
Joined
Jan 2, 2009
Messages
108
Reaction score
15
Can anybody work out what is going on here:

hxxp://betweenthecolumns.umd.edu/index.php?rxp=400

Without the parameter it shows a uni of maryland page but with it shows a drug search engine (try in i explore if it doesn't work in firefox)

I guess someone has posted a script into this page somehow

But how??????

Any ideas?
 
quite easily done as he uses a GET parameter to determine what to display. Here is a quick snippet. As you can see in your example he passes rxp=400 so you can check for the rxp GET variable and serve one page. If nothing or any other value is passed in the rxp variable, the else condition is hit and another page is served.

Code:
<?php
$page = $_GET['rxp'];
if ( $page == 400) {
?>
<html>
.
.
.
</html>
<?php
} else {
?>
<html>
.
.
.
</html>
<?php
}
?>

Hope that helps you!
 
Thanks for the reply zone69. I understand how the script would work but was more interested as to how this had been done on a site that is clearly not owned by the person doing this

if you search google for 'generic celebrex' you will find a .edu site that has a drug search engine on it - i assume it is some sort of script injection? The odd thing is it seems to be a different .edu domain each time - also sometimes the url displayed in google doesn't match the final page url

Just thought whatever is going on here is quite clever and i certainly cant figure it out i wondered if anybody on here might be able to crack it!
 
Thanks for the reply zone69. I understand how the script would work but was more interested as to how this had been done on a site that is clearly not owned by the person doing this

if you search google for 'generic celebrex' you will find a .edu site that has a drug search engine on it - i assume it is some sort of script injection? The odd thing is it seems to be a different .edu domain each time - also sometimes the url displayed in google doesn't match the final page url

Just thought whatever is going on here is quite clever and i certainly cant figure it out i wondered if anybody on here might be able to crack it!

This is quite popular technique, people use commonly known holes to exploit web applications, such as WPs, Joomlas and so on. Then they just modify a little bit the source code, it's a bit more sophisticated than zone69 described but the whole idea is the same.

The guy who's created this doorway isn't pretty wise, he didn't notice that in robots.txt he's got:
User-agent: *
Disallow: /

Which means Google will index his pages without descriptions and mostly without titles.

The url displayed in Google doesn't match the final url, beacuse the page uses cloaking. When Google visits such page, it gets a wordpress looking keyword stuffed page with crappy content, when user visits such page, he is redirected to a search engine or just search engine is added in the top of such page.
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock