Full Disclosure mailing list archives
Google URL Redirection
From: satyam pujari <satyamhax () gmail com>
Date: Fri, 8 Apr 2011 16:41:14 +0530
*Hello List,* * * *Here's a Google URL Redirection Vulnerability which could be used in phishing attack. A simple way to bypass Google redirect notice.* ====================================================================================================================================== *1-Open:* *http://www.google.com/url?sa=D&q=http://www.0x.t35.com* *2-Copy Link:* "The previous page is sending you to *http://www.0x.t35.com*" * http://www.google.com/url?q=http://www.0x.t35.com&ei=r7meTaKlF426vwPe2uCRBQ&sa=X&oi=unauthorizedredirect&ct=targetlink&ust=1302249655383154&usg=AFQjCNG4ATH5al6movivnWoeLQJc1ABtSg * * * *3-Send to victim: *(*http://www.0x.t35.com* could be a different (malicious) site hosting an exploit kit/malware which is not blacklisted ye* t)* * http://www.google.com/url?q=http://www.0x.t35.com&ei=r7meTaKlF426vwPe2uCRBQ&sa=X&oi=unauthorizedredirect&ct=targetlink&ust=1302249655383154&usg=AFQjCNG4ATH5al6movivnWoeLQJc1ABtSg * * * In a real attack (phishing) scenario, this one can be used in a "quick targeted" attack as the link (ei/ust/usg params ) "expires" after some time.If the link expires the attacker follows step 2 again. ====================================================================================================================================== Here's one more which can be used effectively in a phishing attack. http://translate.google.com/translate?hl=ko&sl=en&u=http://0x.t35.com<http://translate.google.com/translate?hl=ko&sl=en&u=http://0x.t35.com> I guess, here the content stored in http://0x.t35.com<http://translate.google.com/translate?hl=ko&sl=en&u=http://0x.t35.com> is copied to and executed by http://translate.googleusercontent.com. ====================================================================================================================================== Regards, @Satyamhax http://esploit.blogspot.com/ Gr33tZ @blackhatlinux @alchemist16
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google URL Redirection satyam pujari (Apr 08)