Full Disclosure mailing list archives
Re: " * " in url
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 13 Jan 2004 22:32:20 +1300
"morning_wood" <se_cur_ity () hotmail com> wrote:
dunno if this is new but.. http://pa.yahoo.com/*http://rd.yahoo.com/hotjbs/*http://example.com
Nope, not new at all. Those (and several other Yahoo pages) have long been known as redirectors, taking whatever comes after the asterisk and redirecting to it. Some appear to work just for URLs to other yahoo.com-hosted pages (and perhaps Yahoo! partner sites?), but some (such as the "hotjobs" one) will redirect to anywhere. I vaguely recall seeing one of these used ages back in a some scam- associated spam, which heavily obfuscated the URL to redirect to with URL-encoding and so on... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- " * " in url morning_wood (Jan 13)
- Re: " * " in url Lan Guy (Jan 13)
- Re: " * " in url Nick FitzGerald (Jan 13)
- Re: " * " in url Suresh Ponnusami (Jan 13)