| Welcome to WebmasterWorld Guest from 188.8.131.52 |
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
|Pubcon Platinum Sponsor 2014|
|Forcing "I'm Feeling Lucky" by URL extension.|
I just read this security notice from F-Secure [f-secure.com] and something in it caught my eye.
Apparently, if your URL ends in btnI=745, and the link comes up as #1 in the results, it forces the "I'm Feeling Lucky" function to trigger and automatically re-directs the search to the linked page.
I had no idea this was possible, and I'm quite sure that it's a very bad idea to try it.
Am I out to lunch here, IE: the last person to find out about this?
[edited by: tedster at 10:40 pm (utc) on Jan. 10, 2008]
[edit reason] switch to a permalink [/edit]
There are a few other such tricks out there in the wild as well. The extra parameter in the query string turns a link to a google url into a link to the spammer website.
We touched on this last Fall a bit, along with exploits that used the Google Redirector:
I read through that other (very brief) thread, and I'm still unclear as to why G might think that allowing this is a good idea. It seems all too easy to game.
In the case that F-Secure listed, the search query term was so specific as to make it easy to take the #1 spot in order to achieve the desired effect of making the link a re-direct through google.
This makes an easy game for scammers, spammers, and phishers, who can use the method as a way of by-passing e-mail based blacklists.
Why doesn't G just shut it down?
All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved