SEO Black Hat: SEO Blog and Private Forum

Cumhur manually comment spammed me three times with this. He must really want it read by everyone, so I figured I’d make it post all by itself:

This idea originally belongs to me,
I wrote an advisory about it a few weeks ago.
Here are some links for proof, you can also make a google search about
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0211.html

You could at least give a reference to my advisory..
Cumhur Onat
cumhuronat[at]php.net

 

One of his comments was on a post that I wrote more than a year ago:

http://seoblackhat.com/2005/09/26/inbound-link-authority-sites-exploit/

Notice the 2005 my URL. So, umm . . . Cumhur, you could at least give a reference to my advisory . . .

Disclaimer: The email used in the login was different from the one left in the post, so it’s possible that someone else dropped these comments.

Tagged: XSS, Citation, Cross Site Scripting |

This wonderful time sink at Threadwatch is one of the better flame wars I’ve seen in the SEO space. At first, I thought Danny’s uber smack-down of “The Heel” was going to be the best the thread could come up with:

Then, when I laughed out loud at John Andrew’s denial of existence comment:

c’mon guys. I’ve seen this chatter about this mythical guy Doug Heel and the I Hate You forums for years. Yeah, at first I fell for it. But c’mon, it’s really getting old, isn’t it?

 

I thought it might be tough race after all. Who was going to make the best comment in the thread? Was it going to be the Evil Spammer Jill Whalen? Scottie the researcher? Multiple Personality Aaron?

Well, after tons of great contributions by just about everyone, I think I have to give the thread to JasonD with this comment:

If only Doug could code his client’s sites as well as moaning about others’ legitimate work.

Doug, when will you learn mate?

 

A Dig at a Doug who’s a Heel with an XSS exploit on one of the Heel’s Client’s Site. That just might be the “Best. XSS. Ever.”

Of course, the real take away from this thread is that if are a programmer near Troy New York and want to work for one best and most respected SEOs in the Business, you should read this posting, answer these questions and contact Jim Boykin.

Tagged: funny, XSS |

SEO Egghead has created a security tool to scan your web pages to check for Cross Site Scripting / HTML injection vulnerability.

It’s not designed for you to scan every site on the net. It’s more for checking select pages . . . probably because he doesn’t want his servers to assplode!

Tagged: XSS, Security |

In the spirt of putting more guns in the hands of children, we bring you more ways to create inbound links with cross site scipting.

Rsnake must have finished moving and unpacked his computers because he has created a Grease Monkey Detection Script for XSS (Cross Site Scripting).

Here’s the crappy redirect detection Greasemonkey script. I don’t recommend using it, because it sucks, but it was a good proof of concept.

 

Now granted a good chunk of these do not work, but that actually shouldn’t matter much. Without even testing, sending multiple possible attempts to Google, even if 80% of them fail, it’s not like you are giving anything up, you are sending valid links that probably have some custom error logic. It just looks like you are linking to a lot of custom error pages, potentially. So pruning the redirect attack list may or may not help.

 

SEO by spray and pray. Hat tip to v7n.

Tagged: Tools, XSS |