Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google 302 Exploit Knocks Sites Out

Posted by CmdrTaco on from the that-hurts-me dept.

clsc writes "The exploit: Redirect via 302 to another page of your choice, then watch as the URL of your redirect script replaces the URL of that carefully selected page in Google's search results. Once this happens, feel free to redirect any visitor that is not Googlebot to any other page of your choice. Also applies to other search engines as well (not Yahoo! though)."

30 of 410 comments (clear)

  1. Yikes! by LinuxGeek · · Score: 5, Funny

    Web wide malware. The return of Goatse cannot be far behind... Pun intended.

    --

    Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
    1. Re:Yikes! by Silverlancer · · Score: 5, Funny

      Apparently slashdot has been hit! A mischevious hacker has added a second "your" to the article:

      "The exploit: Redirect via 302 to another page of your choice, then watch as the URL of your your redirect script..."

  2. danger! by Neuropol · · Score: 2, Funny

    #15) Optional: For mischievous webmasters only: For any other visitor than "Googlebot", make the redirect script point to any other page free of choice.

    heh. tubgirl abounds!

    1. Re:danger! by Klar · · Score: 2, Funny

      *puke*

      hah, someone wrote the address to that site on the board in our computing lab in permanent ink. Was funny to see how many people went to it.

      --
      Boxing Equipment Reviews
    2. Re:danger! by Anonymous Coward · · Score: 1, Funny

      I don't see how this post is modded funny, its obviously and insightful post on the uses of permenent ink.

  3. goog by kloidster · · Score: 5, Funny

    SELL SELL SELL SHORT!!!!

  4. yawn by evenprime · · Score: 5, Funny

    boy, sending me to the wrong page is such a scary and horrible thing to do. Luckily my browser came equipped with the special "back button" anti-malware plugin.

    --

    "Weapons should be hardy rather than decorative" - Miyamoto Musashi
    I think that goes for OS's too
    1. Re:yawn by goldspider · · Score: 5, Funny

      Obviously you've never tripped a well-concealed Goatse landmine. No browser is equipped to deal with that kind of damage!

      --
      "Ask not what your country can do for you." --John F. Kennedy
    2. Re:yawn by R.Caley · · Score: 5, Funny
      it will be when your 14 year old boy searches for something for his research paper and gets redirected to pr0n instead.

      God knows, 14 year old boys need to be tricked to make them look at porn.

      --
      _O_
      .|<       The named which can be named is not the true named
    3. Re:yawn by fshalor · · Score: 2, Funny

      Just as long as M$ or someone else doesn't patent the use of the "back" button for evading this sort of ware attack. All it would take was calling it the anti-malware function or something, and we're tanked.

      I'm sure google will straighten themselves out in a few days. It's what they do. :)

      --
      -=fshalor ::this post not spellchecked. move along::
    4. Re:yawn by eno2001 · · Score: 4, Funny

      That's OK. I had mod points and I did it. Oh wait... ;P

      --
      -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
    5. Re:yawn by Gruneun · · Score: 2, Funny

      it will be when your 14 year old boy searches for something for his research paper and gets redirected to pr0n instead.

      Is that what he told you? "No, Dad, I was just trying to do a research paper. I had nothing to do with it!"

    6. Re:yawn by EvanED · · Score: 1, Funny

      I don't think Lynx is "equipped" to deal with that so much as not equipped to do anything else on the web ;-)

    7. Re:yawn by VanillaCoke420 · · Score: 4, Funny

      As a former 14 year old boy I can only say that if I had internet at that age, I would not need to be tricked into going to those websites...

    8. Re:yawn by Anonymous Coward · · Score: 5, Funny

      "I swear Dad, I was just looking up stuff for my... uh... research paper, when suddenly, I was redirect to goatse!"

      "That's fine, but why is that wine bottle shoved in your ass?"

      "It was a one in a million shot, I tell ya..."

    9. Re:yawn by NanoGator · · Score: 4, Funny

      "t will be when your 14 year old boy searches for something for his research paper and gets redirected to pr0n instead."

      "Son! What are you looking at? Is that ... Porn!?!"

      "I told you! I'm working on a report!"

      "With naked women?!"

      "It's a History report, so I hit the History button on your computer!"

      --
      "Derp de derp."
    10. Re:yawn by nacturation · · Score: 4, Funny

      And if you can't, you'll probably have trouble getting/maintaining a real-life GF, which will make you d/l more porn, etc. ad. infinitum.

      At first I thought you wrote "a real-life GIF". Talk about misreading!

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    11. Re:yawn by ltbarcly · · Score: 3, Funny

      I base my morality on the teachings of the tooth fairy.

    12. Re:yawn by Frank+T.+Lofaro+Jr. · · Score: 2, Funny

      They focus on things like sex, drinking, smoking, bad words and homosexuality, but ignore things like lying, cheating, stealing, and greed.

      Sometimes they don't ignore those bad things, but embrace them. Remember the Jim and Tammy Faye Baker scandal?

      --
      Just because it CAN be done, doesn't mean it should!
    13. Re:yawn by Anonymous Coward · · Score: 1, Funny
      My kids feel the wrath of a transparent squid proxy with logging.

      What are you? Some sort of tentacle rape fetishist?

    14. Re:yawn by ms139us · · Score: 2, Funny

      That did not make me a sick pervert: I'm a engineer now

      The distinction between sick pervert and engineer being what?

      Ducks...

  5. Google can't be wrong by Anonymous Coward · · Score: 5, Funny

    Insert MS blame here

  6. Seems like by kc0re · · Score: 4, Funny

    Seems like all the hackers are struggling now-a-days. There are no "good" exploits coming out anymore. No directory Unicode transversals.. No Code Red, No Nimda. Not even SQL Slammer...
    We haven't had a good exploit/0day in how long? Since the Webdav exploit? Or the RPC DCOM? Now we have to use Google, phishing techniques, and URL redirection. We are scraping the bottom of the barrell apparently.

  7. So you mean... by Snaller · · Score: 1, Funny

    ...a webmaster can redirect people on his own site? Wow, the horror. (You can't place redirects on someone elses pages)

    --
    If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
  8. Wait... by zBoD · · Score: 5, Funny

    Do you mean this is not www.kuro5hin.org ??

    --
    BoD
  9. I would read TFA... by eno2001 · · Score: 2, Funny

    ...if I COULD get to the page. But it's being redirected with a 302. ;P

    --
    -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
  10. Re:WTF by slimak · · Score: 3, Funny
    a lot of people use google as a sort of bookmarks page(with keywords they remember)

    I didn't even realize that I did this until I read your post. Not that anyone cares, but I only have 4 or 5 regular bookmarks; the rest of the pages I need to goto I either a) remember because the url is so easy or i go there so much (e.g., slashdot, orderyourrussianwife.com, etc) b) do a search for them as needed (e.g. martin vetterli's homepage), or c) use the url auto-complete in the browser.

  11. Re:Can I use this to knock out a fraudulent site? by That's+Unpossible! · · Score: 2, Funny

    A site registered and hosted using stolen funds from my credit card is still online following phoned and faxed demands for revocation and refund sent to the registrar/host. Can I somehow use this to send an entire domain to a black hole until the hosting/domain are revoked?

    No, only posting their link on Slashdot would have that effect.

    --
    Ironically, the word ironically is often used incorrectly.
  12. Sombody has to say it by marvin2k · · Score: 4, Funny

    *waves hand*
    "This isn't the webpage you are looking for."

  13. But why not use it for good purposes? by MrHanky · · Score: 2, Funny

    It would be nice if someone did something like this to the CherryOS "developers".