Description:
Many sites such as YouTube use a simple redirect link when a user clicks on an outgoing link on their sites. In most cases this is done to understand which links are more popular and clicked more by users. In this simple video, I show how this feature can be abused by Malware authors, Spammers and for Phishing. The funny thing is that this redirection vulnerability has been around for way too long and it's tough to figure out why sites would still wanna use it.
Have a look at these 2 links which I posted on Reddit and Digg as proof of concept. The identified "site" by these websites is YouTube, but after redirection they simply land on SecurityTube.
http://www.reddit.com/r/netsec/comments/bpv5a/this_link_says_its_from_youtube_but_its_not_how/http://digg.com/security/This_link_says_it_s_from_YouTube_But_it_s_NotWatch the video for the demo!
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: