Full Disclosure mailing list archives
Re: Google Search Feature Exploitation Scenario
From: Cal Leeming <cal () foxwhisper co uk>
Date: Tue, 12 Apr 2011 22:11:48 +0100
Actually, the filtering seems to be based on the accuracy of the first hit set. http://www.google.com/search?q=hacker&btnI - win http://www.google.com/search?q=hello+hacker&btnI - fail http://www.google.com/search?q=hello+hack&btnI - win http://www.google.com/search?q=hello+hac&btnI - fail http://www.google.com/search?q=hello&btnI - win See what I mean? On Tue, Apr 12, 2011 at 2:38 PM, satyam pujari <satyamhax () gmail com> wrote:
@Cal Try this... http://www.google.com/search?q=esploit&btnI http://www.google.com/search?q=esploit+zeus&btnI http://www.google.com/search?q=0x+t35&btnI&safe=active some of them didn't work aswell.. http://www.google.com/search?q=0x+t35&btnI http://www.google.com/search?q=hello+hacker&btnI but funny "hello human" works.. http://www.google.com/search?q=hello+human&btnI I bet there's some keyword filter/check at Google's side (but I believe which can be bypassed) So, it's all about playing with the keywords. On Tue, Apr 12, 2011 at 2:39 PM, Cal Leeming <cal () foxwhisper co uk> wrote:Didn't seem to wrok for me:http://www.google.com/search?hl=en&q=easyratemortage+tax+deductible+mortgage+refinancing+strategy&btnI=AaEbK6r0Kz0r9JU4b On Tue, Apr 12, 2011 at 4:05 AM, Leon Kaiser <literalka () gmail com>wrote:I don't see why people are able to directly link to "I'm Feeling Lucky"Google search results in the first place. Can anyone think of a practical use for it?======================================================== Leon Kaiser - Head of GNAA Public Relations - literalka () gnaa eu || literalka () goatse fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 "The mask of anonymity is not intensely constructive." -- Andrew "weev" Auernheimer ======================================================== On Sun, 2011-04-10 at 14:05 +0530, satyam pujari wrote: Thanks for that Nick , good to know , but unfortunately it's stillexploitable in 2011 :)On Sun, Apr 10, 2011 at 2:31 AM, Nick FitzGerald <nick () virus-l demon co uk> wrote:satyam pujari wrote:Here is a simple Google's "I'm Feeling Lucky" search featureexploitationscenario.[...]Yawn... That's _so_ 2007! http://www.virusbtn.com/resources/spammerscompendium/lucky.xml ...and I seriously doubt that was the first time it was done, just when _I_ happened to make a note of it being actively abused in spam. All that other stuff about free hosting sites and IFrames on blogger.com is unnecessary implementation detail that can be achieved multitudinous ways. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google Search Feature Exploitation Scenario satyam pujari (Apr 09)
- Re: Google Search Feature Exploitation Scenario Nick FitzGerald (Apr 09)
- Re: Google Search Feature Exploitation Scenario satyam pujari (Apr 10)
- Re: Google Search Feature Exploitation Scenario Leon Kaiser (Apr 12)
- Re: Google Search Feature Exploitation Scenario Nick FitzGerald (Apr 12)
- Re: Google Search Feature Exploitation Scenario satyam pujari (Apr 12)
- Re: Google Search Feature Exploitation Scenario Cal Leeming (Apr 12)
- Re: Google Search Feature Exploitation Scenario satyam pujari (Apr 12)
- Re: Google Search Feature Exploitation Scenario Cal Leeming (Apr 12)
- Re: Google Search Feature Exploitation Scenario Javier Bassi (Apr 13)
- Re: Google Search Feature Exploitation Scenario Cal Leeming (Apr 13)
- Re: Google Search Feature Exploitation Scenario satyam pujari (Apr 10)
- Re: Google Search Feature Exploitation Scenario Nick FitzGerald (Apr 09)
- Re: Google Search Feature Exploitation Scenario Nick FitzGerald (Apr 12)
- Re: Google Search Feature Exploitation Scenario Valdis . Kletnieks (Apr 12)
- <Possible follow-ups>
- Re: Google Search Feature Exploitation Scenario david.klein () Ipfocus com au (Apr 12)