Google as open forwarder

1 points by daef ↗ HN
I just received a message via skype, no hi or anything - just to the guts - a link to google

https://www.google.com/url?sa=t&url=%68%74%74%70%3A%2F%2F%37%37%37%63%6F%6D%2E%72%75&usg=AFQjCNGC3A0xDe0azxmOzcm5L4UlYlbbtQ&stoke#54009

from a contact I have not had any contact to from a while, which made me suspicious.

Turns out this redirects to some .ru domain (you know how to urldecode)

Don't get me wrong, from another contact I would have clicked this link w/o the blink of an eye.

So it seems some skype?spambot?worm?whatever is using google as open redirector.

I thought OWASP said those aint cool https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards but obv google didn't listen...

tl;dr

Don't click google links unless you _trust_ them.

0 comments

[ 4.5 ms ] story [ 6.3 ms ] thread

No comments yet.