How the hell is this done?

S

seemayer

Junior Member
Joined
Jan 2, 2009
Messages
108
Reaction score
15
Can anybody work out what is going on here:

hxxp://betweenthecolumns.umd.edu/index.php?rxp=400

Without the parameter it shows a uni of maryland page but with it shows a drug search engine (try in i explore if it doesn't work in firefox)

I guess someone has posted a script into this page somehow

But how??????

Any ideas?
 
Advertise on BHW
quite easily done as he uses a GET parameter to determine what to display. Here is a quick snippet. As you can see in your example he passes rxp=400 so you can check for the rxp GET variable and serve one page. If nothing or any other value is passed in the rxp variable, the else condition is hit and another page is served.

Code: 
<?php
$page = $_GET['rxp'];
if ( $page == 400) {
?>
<html>
.
.
.
</html>
<?php
} else {
?>
<html>
.
.
.
</html>
<?php
}
?>

Hope that helps you!
 
Thanks for the reply zone69. I understand how the script would work but was more interested as to how this had been done on a site that is clearly not owned by the person doing this

if you search google for 'generic celebrex' you will find a .edu site that has a drug search engine on it - i assume it is some sort of script injection? The odd thing is it seems to be a different .edu domain each time - also sometimes the url displayed in google doesn't match the final page url

Just thought whatever is going on here is quite clever and i certainly cant figure it out i wondered if anybody on here might be able to crack it!
 
seemayer said:
Thanks for the reply zone69. I understand how the script would work but was more interested as to how this had been done on a site that is clearly not owned by the person doing this

if you search google for 'generic celebrex' you will find a .edu site that has a drug search engine on it - i assume it is some sort of script injection? The odd thing is it seems to be a different .edu domain each time - also sometimes the url displayed in google doesn't match the final page url

Just thought whatever is going on here is quite clever and i certainly cant figure it out i wondered if anybody on here might be able to crack it!
Click to expand...

This is quite popular technique, people use commonly known holes to exploit web applications, such as WPs, Joomlas and so on. Then they just modify a little bit the source code, it's a bit more sophisticated than zone69 described but the whole idea is the same.

The guy who's created this doorway isn't pretty wise, he didn't notice that in robots.txt he's got:
User-agent: *
Disallow: /

Which means Google will index his pages without descriptions and mostly without titles.

The url displayed in Google doesn't match the final url, beacuse the page uses cloaking. When Google visits such page, it gets a wordpress looking keyword stuffed page with crappy content, when user visits such page, he is redirected to a search engine or just search engine is added in the top of such page.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock