Millions of webmasters are using CPanel. Due to stupid “feature” of cpanel, most of them are always logged in to their cpanels.

I have a script that does this “referer spam” – it sends hundreds of GET requests to a site, AWstats shows them as visits, i make a fake referer value, webmaster clicks on it and goes to a site that has an iframe with src:

http://www.VICTIMSDOMAIN.com:2082/frontend/x/mime/addredirect.html?path=VICTIMSHOMEPAGE&url=MYURL&type=permanent

hope not many ppl actually read this :-)

Millions of webmasters are using CPanel. Due to stupid “feature” of cpanel, most of them are always logged in to their cpanels.

I have a script that does this “referer spam” – it sends hundreds of GET requests to a site, AWstats shows them as visits, i make a fake referer value, webmaster clicks on it and goes to a site that has an iframe with src:

http://www.VICTIMSDOMAIN.com:2082/frontend/x/mi…

hope not many ppl actually read this :-)

You’re right, I probably could not get this amount of control on a .wordpress.com-hosted blog. But on a custom hosted blog, changing the Location header is very simple.

The escaping of comments is caused by a stupid wordpress “feature”. I tried removing the escaping, but every time I edited the message, it got worse!

I agree with what you’re saying with the new captcha. Most measures will be a temporary respite.

You're right, I probably could not get this amount of control on a .wordpress.com-hosted blog. But on a custom hosted blog, changing the Location header is very simple.

The escaping of comments is caused by a stupid wordpress “feature”. I tried removing the escaping, but every time I edited the message, it got worse!

I agree with what you're saying with the new captcha. Most measures will be a temporary respite.

it’s true – it would work… i wrote this script before i even heard about XSS, now it’s my hobby hehe…

but on the other hand – can u really do something like this in practice? i mean – my script serches for .wordpress.com blogs – and u don’t really have that much control over their server responses!

it’s a proof of concept – but I don’t think you could really make it work..

btw. sometthing screwed with escaping ” and ‘ in your comments

btw2. this “new kind of captchas” with math operations… they are very lame – i can write a script to comment spam blogs using it in 5 minutes.. it works – coz it’s new and not too many spammers have scripts for it, but it’s just a matter of time

it's true – it would work… i wrote this script before i even heard about XSS, now it's my hobby hehe…

but on the other hand – can u really do something like this in practice? i mean – my script serches for .wordpress.com blogs – and u don't really have that much control over their server responses!

it's a proof of concept – but I don't think you could really make it work..

btw. sometthing screwed with escaping ” and ' in your comments

btw2. this “new kind of captchas” with math operations… they are very lame – i can write a script to comment spam blogs using it in 5 minutes.. it works – coz it's new and not too many spammers have scripts for it, but it's just a matter of time

I think you were the last person I would expect a comment from. I think we\’re talking about different lines. I couldn\’t find the code online any more, but in google\’s cache, I found the following:

$con=fsockopen($urls[$ind].\".wordpress.com\",80);
fwrite($con,$header.$query);
while(!feof($con))$return.=fread($con,2048);
fclose($con);

if(ereg(\" 302 Found\",$return) and ereg(\"Location: http://\".$urls[$ind].\".wordpress.com/\",$return)){
$spammed=explode(\"\\r\\nContent-type: \",$return);
$spammed=explode(\"Location: \",$spammed[0]);
$spammed=$spammed[1];
print(\"<li><a href=\\\"\".$spammed.\"\\\">\".substr($spammed,0,50).\"...</a></li>\\n\");
}
}

Now, PHP makes my eyes hurt, but as far as I can see, if I send 302 back, you\\\\\\\\\\\\\\\’ll grab everything on the Location: header and push it into a link. This is a perfect place for a XSS attack.

I think you were the last person I would expect a comment from. I think we're talking about different lines. I couldn't find the code online any more, but in google's cache, I found the following:

<pre>
$con=fsockopen($urls[$ind].”.wordpress.com”,80);
fwrite($con,$header.$query);
while(!feof($con))$return.=fread($con,2048);
fclose($con);

if(ereg(” 302 Found”,$return) and ereg(“Location: http://”.$urls[$ind].”.wordpress.com/”,$retu…
$spammed=explode(“\r\nContent-type: “,$return);
$spammed=explode(“Location: “,$spammed[0]);
$spammed=$spammed[1];
print(“<li>“.substr($spammed,0,50).”…</li>\n”);
}
}
</pre>

Now, PHP makes my eyes hurt, but as far as I can see, if I send 302 back, you\\\\\\\'ll grab everything on the Location: header and push it into a link. This is a perfect place for a XSS attack.