- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (103 Visits)
- Ce servicii de mail folositi? in (42 Visits)
- This is the end in (28 Visits)
- Hackersblog.org is now blog.rstcenter.com in (27 Visits)
- Short news in (22 Visits)
- La multi ani România, la multi ani românilor in (22 Visits)
- Azi este ziua userilor hackersblog.org in (15 Visits)
- Raportare vulnerabilitati in (14 Visits)
- Inca o pierdere de timp in (14 Visits)
- Update in (11 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (313 Visits)
- Hi5.com coders read this in (37 Visits)
- SMS scam (1) in (28 Visits)
- Phishing Bancpost in (12 Visits)
- Dezinformare sau proasta informare? in (11 Visits)
- Si tentativele de phishing pot fi amuzante in (9 Visits)
- Phishing Raiffeisen cu atasament html in (6 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (96 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (54 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (49 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (42 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (34 Visits)
- Virusi in clipuri video [how to] in (33 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (29 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (24 Visits)
- Yahoo! redirects - a big issue (with video) in (14 Visits)
- Ca musca in... in (12 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (173 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (114 Visits)
- Yahoo! epic fail - permanent xss unleashed in (90 Visits)
- Telegraph.co.uk hacked, sql injection in (66 Visits)
- RedTube.com ... The Free Sex Video Community in (59 Visits)
- Kaspersky Thailand hacked by TinKode in (48 Visits)
- Conquiztador Hacked Again in (48 Visits)
- Telegraph.co.uk hacked - when will they learn? in (43 Visits)
- Simona Sensual si profilul ei de hi5 in (40 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (39 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (33 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (30 Visits)
- Digital Photocopiers Loaded With Secrets in (26 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (16 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (11 Visits)
- [Video] The History Of Hacking in (9 Visits)
- OWASP Phishing demo in (9 Visits)
- Christopher "moot" Poole: The case for anonymity online in (9 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (8 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (8 Visits)
- Se poate sparge parola de Yahoo? in (347 Visits)
- phpBB.ro hacked in (105 Visits)
- Experiment social in (71 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (61 Visits)
- Oare cum e pana la urma? in (57 Visits)
- "Hot" de id-uri messenger in (53 Visits)
- Concurs fara premii in (52 Visits)
- Forumul Andreei Balan spart in (47 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (45 Visits)
- Experiment social II - andimoisescu.ro in (44 Visits)
Posted on January 25th, 2009
Acest articol este publicat atat in romana cat si in engleza.
Yahoo redirects are and have been continuously used in spam tehniques, for phishing and black SEO. Even though Yahoo is struggling to solve this problem, they are easy to find. When I say ease i mean seconds not minutes or hours
The whole trick is to know how a patched link looks like.
Its not hard at all. All you need is:
Firefox
Link Gopher add-on
A search engine.
How does a link that can be used as for a redirect looks like?
http://us.ard.yahoo.com/SIG=15temu9ra/M=289534.6253107.7244481.6080815/D=classreal/
S=750052198:FOOT/Y=YAHOO/EXP=1232849833/L=BmyXB86.ODX4VzI3SXtvrR9kVmjCm0l7r4kACp1e/
B=NoaQBNj8a.0-/J=1232842633729605/K=pIWiCLQq81S96lmhwDqmiw–
/A=2650127/R=2/SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html
How does a link that can NOT be used as for a redirect to a site outside *.yahoo.com look like?
http://rds.yahoo.com/_ylt=AkWscG8XXla3AoABf80g_WeHHwx.;_ylv=0/
SIG=11idii63e/EXP=1232929280/**http%3A//hk.knowledge.yahoo.com/
How can we tell which link can be used? Notice this part of the link (from the first example):
SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html After /* there follows the unaltered link to a diffrent domain.
The second link is a bit diffrent.
1232929280/**http%3A//hk.knowledge.yahoo.com/
Don’t mind the number of “stars”. This is what tells us that this redirect is useless: http%3A//.
All links from redirect that start with http%3A// cannot be used for sites outside yahoo.com.
I can bet that there wont be more then a week from now (the moment of posting the article) and this bug will be fixed cause we noticed a sudden love from Yahoo staff who is kind enough to pay us visits almost every day 
Versiunea in limba romana:
Redirecturile Yahoo au fost si sunt in continuare folosite pentru spam, phishing si black seo. Cu toate ca Yahoo se chinuie sa rezolve problema redirecturilor, acestea sunt usor de gasit. Cand spun usor ma refer la secunde nu minute, nu ore.
Toata smecheria sta in cunoasterea aspectului unui link de redirect deja patchuit.
Nu este greu. Aveti nevoie de urmatoarele:
Firefox
Link Gopher add-on
Un motor de cautare
Cum arata un link ce poate fi folosit la redirect?
http://us.ard.yahoo.com/SIG=15temu9ra/
M=289534.6253107.7244481.6080815/D=classreal/S=750052198:FOOT/
Y=YAHOO/EXP=1232849833/L=BmyXB86.ODX4VzI3SXtvrR9kVmjCm0l7r4kACp1e/B=NoaQBNj8a.0-
/J=1232842633729605/K=pIWiCLQq81S96lmhwDqmiw–
/A=2650127/R=2/SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html
Cum arata un link ce NU poate fi folosit la redirect catre un site din afara *.yahoo.com?
http://rds.yahoo.com/_ylt=AkWscG8XXla3AoABf80g_WeHHwx.;_ylv=0/
SIG=11idii63e/EXP=1232929280/**http%3A//hk.knowledge.yahoo.com/
Cum ne dam seama ca acest link poate fi folosit? Observati aceasta portiune:
SIG=11lp7krrc/*http://docs.yahoo.com/info/copyright/copyright.html in cazul primului exemplu. Dupa /* urmeaza linkul nealterat catre un alt subdomeniu.
Cel de-al doilea link este putin deosebit.
1232929280/**http%3A//hk.knowledge.yahoo.com/
Nu luati in calcul numarul stelutelor (*). Ceea ce ne spune ca acest redirect este inutilizabil se afla aici http%3A//.
Toate linkurile din redirect ce incep cu http%3A// nu pot fi utilizate pentru site-uri non-yahoo.com.
Dupa aparitia acestui articol va garantez ca in maxim 1 saptamana se va rezolva in mare parte aceasta problema pentru ca Yahoo a inceput sa ne iubeasca blogul si sa ne viziteze zilnic.
January 25th, 2009 at 4:18 pm
Amuzant si descurajant in acelasi timp sa vezi companii mari cum e Yahoo cu asemenea gauri de securitate… ma rog nu e f. mare gaura dar este o gaura.
January 27th, 2009 at 12:21 am
si cum e gaura .. se poate fute
good job