Richi Jennings [RJA] wrote: > Looks like ebay.co.uk has an unsecured redirector.
I recall seeing one of these a few weeks back, and IIRC, my conclusion was that eBay _per se_ does not really have a redirector problem here. In fact, its problem is much worse -- the folk it chooses to do business with... > href=3D"http://cgi1.ebay.co.uk/aw-cgi/ebayISAPI.dll?RedirectEnter&partner=3D25047&loc=3Dhttp%3A//us.ebayobjects.com/2c;47586106;12593038;l?http://72.168.185.82/images/signineBayISAPIdllSignInco_partnerld/=3D2pUserId=3D0pageType=3Dpa1=3Di1=3Dbshowgif=3DUsingSSL/=3Dru=3Dpp=3Dpb2pUserId=3D0pageType=3Dpa1=3Di1=3D/bshowgif=3DUsingSSLSignInUsingSSL=3D1/pUserId=3Dco_partnerId=3D2siteid=3D0ru/eBayISAPI.dll.htm";><FONT > The first redirector (cgi1.ebay.co.uk/aw-cgi/ebayISAPI.dll) (now) matches the domain from the "loc" value to "partner" via some server- side lookup. It doesn't match the whole URL though -- tsk, tsk... The second redirector (us.ebayobjects.com/2c;47586106;12593038;l) is really where the problem lies. It's wide open to abuse, and is very regularly so abused. Sadly, despite the name apparently linking it to eBay, that is DoubleClick, now owned by Google -- two companies whose main business model is primarily based around monetizing redirectors while not caring enough to take the effort to make them NOT open redirectors. I know eBay is aware of this, as I've pointed it out to them several times before, but I guess allowing your brand name to be used by a flagrant net-abuse promoter means you will end looking like a net-abuse promoter yourself, but without the -- ahem -- "benefit" of drawing some marginal revenue therefrom... I suspect that the only way this will get fixed anytime soon is for the abuse RBLs to add ebayobjects.com to their block lists, as the URIs that can be abused are nearly infinitely morphable. Regards, Nick FitzGerald _______________________________________________ phishing mailing list phishing@whitestar.linuxbox.org http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
