[SURBL-Discuss] Re: Simon's complex redirection

Justin Mason jm at jmason.org
Tue Apr 27 17:20:44 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Theo Van Dinter writes:
> On Tue, Apr 27, 2004 at 03:46:32PM -0700, Justin Mason wrote:
> > > http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32
> 
> eek!
> 
> > It's double-encoded.  We can catch that easily.  But first, my question --
> > does this *work* in an MUA, ie. should we?  Simon, could you try it?
> 
> I don't know about an MUA, but it doesn't work in any browser I've tried
> so far.  You end up at http://images.google.com/images:
> 
> Information returned from request (not including data):
> <Connection> = <Keep-Alive>
> <Content-Type> = <text/html>
> <Content-length> = <161>
> <Date> = <Tue, 27 Apr 2004 22:59:47 GMT>
> <Location> = <http://images.google.com/images>
> <Server> = <GWS/2.1>
> <Set-Cookie> = <PREF=ID=2342b69354b6a6f5:LD=en:TM=1083106787:LM=1083106787:S=4Q5Kb3zcm_6V0Tjm; expires=Sun,
> 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.ca>
> <code> = <301>

Try http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32

(NOTE: with &amp; replaced with just &)
that works. (although it still uses google's image results page for
the display.)

But just because it ends up at the imgres page doesn't mean we don't
have to worry about it.  This URL:

http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32

also works -- Google redirects it to the target site
http://www.expage.com/manger32 successfully -- but SpamAssassin doesn't
parse it.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAjurMQTcbUG5Y7woRAi2KAKDkGfoSzXWzzP73ggTr0FEZYlbEEgCg7861
JrRcI4laMJDWumLpHAbWaT4=
=/Hlu
-----END PGP SIGNATURE-----



More information about the Discuss mailing list