Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Google PR Mechanism Possible Vulnerability

from [cumhur onat] Network Security [Permanent Link]
Subject: [Full-disclosure] Google PR Mechanism Possible Vulnerability
Date: Tue, 11 Jul 2006 05:20:54 +0300 
PageRank is a formula developed by Google Search Engine to determine a web
pages "inbound link ranking" which affects its postion in search results.
To keep it basic we can say the more inbound link your webpage has, the
higher is its pagerank.
As you all can guess, the inbound links are calculated during the crawling
process of googlebot. The trick comes to place in this part.
Lets say we have a page A, and a page B which is indexed by Google and
another page C which we dont own.
What if we put some links like below on the "Page B":
<a href="
http://www.pagec.com/somepagewithxss.php?i=%3E%3Ca%20href%3D%22http%3A//www.pagea.com/pagea.html%22%3Euberalle%3C/a%3E
"></a>
As you guess when googlebot will follow the link on Page B and index page C,
it will see a link like:
<a href="http://www.pagea.com/pagea.html";>uberalle</a>
And so inbound link count of "Page A" will increase, which will finally
increase the PR of "Page A" with the repeat of this process with different
pages that contains css flaws.
All this information is theoretic, and I never had time to spend for trying
this.
You can find the original version of this advisory on:
http://www.hoccam.com/pr.html

Cumhur Onat
cumhuronat@php.net
cumhuronat@gmail.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: WebEx Downloader Plug-in Multiple Vulnerabilities + rant, Web Ex
Next by Date:  Re: [Full-disclosure] Google PR Mechanism Possible Vulnerability, bugtraq
Previous by Thread:  [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton), mozilla
Next by Thread:  Re: [Full-disclosure] Google PR Mechanism Possible Vulnerability, bugtraq
Indexes:  [Date] [Thread] [Top] [All Lists]