| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Apr 2011 19:08:30 +0530 From: satyam pujari <satyamhax@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Google Search Feature Exploitation Scenario @Cal Try this... http://www.google.com/search?q=esploit&btnI http://www.google.com/search?q=esploit+zeus&btnI http://www.google.com/search?q=0x+t35&btnI&safe=active some of them didn't work aswell.. http://www.google.com/search?q=0x+t35&btnI http://www.google.com/search?q=hello+hacker&btnI but funny "hello human" works.. http://www.google.com/search?q=hello+human&btnI I bet there's some keyword filter/check at Google's side (but I believe which can be bypassed) So, it's all about playing with the keywords. On Tue, Apr 12, 2011 at 2:39 PM, Cal Leeming <cal@...whisper.co.uk> wrote: > > Didn't seem to wrok for me: > http://www.google.com/search?hl=en&q=easyratemortage+tax+deductible+mortgage > +refinancing+strategy&btnI=AaEbK6r0Kz0r9JU4b > > On Tue, Apr 12, 2011 at 4:05 AM, Leon Kaiser <literalka@...il.com> wrote: >> >> I don't see why people are able to directly link to "I'm Feeling Lucky" Google search results in the first place. Can anyone think of a practical use for it? >> >> ======================================================== >> Leon Kaiser - Head of GNAA Public Relations - >> literalka@...a.eu || literalka@...tse.fr >> http://gnaa.eu || http://security.goatse.fr >> 7BEECD8D FCBED526 F7960173 459111CE F01F9923 >> "The mask of anonymity is not intensely constructive." >> -- Andrew "weev" Auernheimer >> ======================================================== >> >> On Sun, 2011-04-10 at 14:05 +0530, satyam pujari wrote: >> >> Thanks for that Nick , good to know , but unfortunately it's still exploitable in 2011 :) >> >> On Sun, Apr 10, 2011 at 2:31 AM, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote: >> >> satyam pujari wrote: >> >> > Here is a simple Google's "I'm Feeling Lucky" search feature exploitation >> > scenario. >> >> > [...] >> >> Yawn... >> >> That's _so_ 2007! >> >> http://www.virusbtn.com/resources/spammerscompendium/lucky.xml >> >> ...and I seriously doubt that was the first time it was done, just when >> _I_ happened to make a note of it being actively abused in spam. >> >> All that other stuff about free hosting sites and IFrames on >> blogger.com is unnecessary implementation detail that can be achieved >> multitudinous ways. >> >> >> >> Regards, >> >> Nick FitzGerald >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists