Blog

Would anyone like some free backlinks?

by

Steady, Matt. We’re not selling them so it’s okay, right? Actually I won’t even be providing them. It’s all down to the good folks at PHP.

Some of us might remember the Month of PHP Bugs in March, which I have to say passed without great fanfare. I think it’s probably because it made us all look bad so less said about that the better. Anyway I was reviewing today’s server patches (via the magical apticron utility) which reminded me that I should probably review the results of the MOPB. Boy am I glad I did!

Take a look at this little doozy

Basically, it’s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies.

Translation?

Well if anyone has a spare phpinfo() for PHP versions 4.4.3 -> 4.4.6 hanging about, try appending this to its URL:

?f[]=%3Ca%20href%3Dhttp%3A//www.davidnaylor.co.uk/%3EDaveN%20Ownz%20j00%3C/a%3E

Then scroll down to “PHP Variables”. If you have an exploitable version, you should get one, clean, un-condomned backlink. Ain’t that precious? So all you would need to do is to get a bunch of them indexed and you’re happy as Larry. However happy he is.

Now would anyone like 60,600 free backlinks?

PS. For those that don’t get it yet, this post was written by Rob, one of Dave’s programmers. In Vim. Proudly.

59 Comments

  • Jeremy Luebke 2216 days ago

    Reply
  • Liam Victor 2216 days ago

    http://www.liamdelahunty.com/tips

    Genie mac, that’s beautiful. You’re a bit of an evil genius aren’t you Rob? I wonder if Bronco’s offices are in an underground bunker.

    Reply
  • Rob Haswell 2216 days ago

    Nah dude, then I wouldn’t be able to come in wearing shorts and sandles! And I’m pretty sure my wireless headphones would get crappy reception on cig breaks.

    Reply
  • Glen 2216 days ago

    http://www.viperchill.com

    Doesnt seem to work, tested on a few sites (linking too them of course ;) )

    Reply
  • Rob Haswell 2216 days ago

    I promise you it works, I’ve tested it on a number of the top ten serps for that query.

    Are you sure they’re running on PHP 4.4.3-6? May I have an example of one that doesn’t work?

    I would post working examples but Dave’s on a black-hat ban for a while. I can only show you the door…

    Reply
  • Glen 2216 days ago

    http://www.viperchill.com

    The links are actually showing as clickable text links and not just an array query showing you Blah in that actual format? (spaces added so it shows)

    And you are just adding that line of code onto the end of the phpinfo.php extension for e.g.

    Reply
  • Alex 2216 days ago

    http://www.future-weapons.net

    Wow, this really works. But how would you go about getting these indexed ? You only get the link if you append the variables, right ?

    Reply
  • Jimmy 2216 days ago

    Nah! Doesn’t work. I tried but then it shows the statement as it is without link :(

    Reply
  • Rob (the author) 2216 days ago

    http://www.davidnaylor.co.uk/

    Ya that’s the point – free backlinks for all!

    Reply
  • Glen 2216 days ago

    http://www.viperchill.com

    Doesnt matter, the example I posted is not how i posted it, it skipped the gaps and formed that anchor text link. The results Im seeing (prefer no linkage) are just showing the plain text version of the link and not the link itself with just as text, no link

    Reply
  • Jeremy Luebke 2215 days ago

    Glen your looking in the wrong spot. Trust me.

    Reply
  • WilliamC 2215 days ago

    http://TheSEOFox

    Now that it has been posted here, you can bet those links wont affect SERPS in a day or three. I mean, be realistic, how hard is it for google, yahoo, msn to filter /phpinfo/

    Very nice find tho Rob.

    Reply
  • Someone 2215 days ago

    When you refresh the link disappears.
    Does it go anywhere else or is it just temporary?

    Reply
  • Joris 2214 days ago

    It works…and all you guys that can’t figure out how to get it in the SEPRS….you don’t belong here ;-)

    Reply
  • Adam Moro 2214 days ago

    http://www.adammoro.com

    Good find! Thanks for sharing, Dave!

    Reply
  • Microdesign 2214 days ago

    http://www.microdesign.nl/diensten/

    Woow interesting, are you doing it?

    Reply
  • ricardo 2213 days ago

    http://www.ricdes.com/

    ’ve been trying to do this but I can only get a pure text… which doesnt help me out alot. Any hints?

    Reply
  • Sausages 2213 days ago

    Hmm… Google API to return all the phpinfo pages as XML, format them as links, scrape a load of content from other sites as page padding and a few well placed referral links to get my page hit a few times…

    What are the chances of someone being slightly upset about all this? lol

    Reply
  • Sausages 2213 days ago

    Add to that an array with a selection of keywords, all randomly pieced together and appended to the injected url :D

    Reply
  • Sausages 2213 days ago

    And don’t limit your backlinks to just an anchor tag either…

    Reply
  • Rob Haswell 2213 days ago

    Ricardo, follow my exact instructions with http://hosting.iptcom.net/phpinfo.php

    Reply
  • Zasxer 2213 days ago

    http://zasxerblogspot.com

    Hilarious…
    You guys kill me…
    I guess the only way to find out is to try it…

    Done…

    Reply
  • Sausages 2213 days ago

    Add a couple of backlinks to each outward link, just specify the array index inside f[]:

    ?f[0]=%3ca%….&f[1]=%3ca%… etc

    Limited to maximum length of querystring (2,083 chars IIRC)

    Reply
  • Rob Haswell 2213 days ago

    2083 characters in internet explorer, but Googlebot doesn’t run on IE :-)

    Reply
  • Sausages 2213 days ago

    “doesn’t run on IE”… what kind of insanity is this :P

    Reply
  • Bill 2213 days ago

    http://www.billhartzer.com

    Good find, Dave. It’s now up to 69,100 backlinks.

    Reply
  • Adam Moro 2210 days ago

    http://www.adammoro.com/blog/

    Here’s a nice little trick for compiling a list of links with this method. Download SEO for Firefox from tools.seobook.com and do Rob’s suggested search for the phpinfo pages. Download the CSV provided by the SEO for FF extension and delete everything but the urls. Now enter the formula below in cell B1:

    =A1&”?f[]=%3Ca%20href%3Dhttp%3A//www.davidnaylor.co.uk/%3EDaveN%20Ownz%20j00%3C/a%3E”

    Now copy the formula down and there you have it. A list of urls ready to post to comments, sigs, etc. Thanks again, Rob! :)

    Reply
  • Rob Haswell 2209 days ago

    Any time mate :-)

    Just because Dave’s on a black-hat ban…

    Reply
  • evilgreenmonkey 2205 days ago

    http://www.evilgreenmonkey.com/

    Nice find Rob – when’s Dave going to let you out of the cage so you can come along to a LondonSEO or conference? Included your find in a blog post as an XSS example, hope you don’t mind.

    Cheers,

    Rob

    Reply
  • john 2202 days ago

    http://www.adstreaminc.com

    search google for only version 4.4.4, less results but each will work

    Reply
  • paul 2200 days ago

    The only problem I see is that it shows your ip address at _SERVER["REMOTE_ADDR"]. How can we block that?

    Reply
  • paul 2200 days ago

    One more question. Is this what the actual url would look like with all of the percent (%) symbols and things? Those type of url’s would be difficult to get indexed wouldn’t they?

    Reply
  • Rob Haswell 2199 days ago

    What? The $_SERVER['REMOTE_ADDR'] only shows the IP of the computer accessing the page – for indexing purposes that’s the spider’s IP only.

    As for the percentage signs: No, that’s just how you need to encode query string parameters. Look up URL encoding.

    Unfortunately mate I reckon you have too great a lack of understanding of the Internet and HTTP to really exploit this one properly.

    Not that exploiting it is going to do anyone any good though.

    Reply
  • Enblogopedia 2188 days ago

    http://www.enblogopedia.com

    as above.
    “Does it go anywhere else or is it just temporary?”

    Reply
  • paul 2188 days ago

    It doesn’t matter. There’s no way the url will ever get indexed.

    Reply
  • Rob Haswell 2188 days ago

    Sure it will – just link to it :-)

    Reply
  • Freelance Website Design 2182 days ago

    http://www.alfredfox.com

    I really don’t see where the confusion lies. I played around with this and came up with a very simple 1 page php script that pulls all of the php 4.4.4 results, paginates them into 20 or so pages (only the first 200 results) and every one has a random bit of text for the actual link to the php page (and this link has whatever link I want appended to the phpinfo.php pages) as well as some random content under the links. Every vestige of google has been stripped out returning only the links to the php pages. It was very simple and if I decided to try it, I’m guessing highly effective.

    Reply
  • Rob Haswell 2182 days ago

    I’m guessing highly effective

    Yeah if you want to get your site banned dude :-)

    Reply
  • Freelance Website Design 2182 days ago

    http://www.alfredfox.com

    Yeah my first thought was it would be a good way to get someone elses site banned (someone you didn’t like). You could very easily fill the internet with illigetimate link backs for any site you want. 60k is a formidable number.

    But my stance is this, I, for painfully obvious reasons, wouldn’t use this, but its very very easy to implement. I doubt the writer of this blog would use it either. But you know what they say, knowledge is power. :) Cheers.

    Reply
  • Lukasz 2163 days ago

    http://www.jedrzej.net

    Everything is ok but how google would find these links if they are not indexed?
    Anyway you have to put it somewhere so what’s the difference between using these links instead your site url?

    Reply
  • Rob Haswell 2163 days ago

    Google finds the links if you link to them. Linking to anything that returns a 200 status line is like creating out of thin air. Remember this.

    The point is that you don’t need to put it anywhere, there’s thousands of them out there.

    Reply
  • Emlak ilanlar 2133 days ago

    http://www.emlakilanlar.com

    google has been stripped out returning only the links to the php pages

    Reply
  • acnecaregal 1987 days ago

    http://http://www.acnetreatmentlab.com

    great one but i like geting backlinks the old fashioned way

    Reply
  • Anonymous 1984 days ago

    Anonymous

    Great way to get backlinks,thanks.

    Reply
  • Jamie 1928 days ago

    http://www.lamelime.com

    You could also go to http://www.lamelime.com and submit a thred with your link in it, your allowed to do that there

    Reply
  • phillip mentor 1827 days ago

    http://www.myfip,net

    how do i get education back links phillip

    Reply
  • Linda 1477 days ago

    I cannot get this to work, but here is my link at any rate, maybe it will generate 1 or 2 back links…
    http://www.webupon.com/Social-Networks/Discovering-Moonbeams.685485

    Reply
  • James 1279 days ago

    http://www.software-dungeon.co.uk

    This seems highly dodgy to me. There are easier and less dangerous methods out there.

    Reply
  • simon 1251 days ago

    http://www.edenmore.co.uk

    HI, I would like 60600 free backlinks? Only thing is, I know nothing about php!

    Would someone be kind enough to send me a back links .php page ready to go?

    Ta :)
    SImon

    Reply
  • Padizine 1195 days ago

    http://www.padizine.com/blog/

    Oh my god this actually works. But I don’t think it’s very safe :-s

    Reply
  • Paul 1182 days ago

    http://www.learn-new-skills-from-home.com

    Excellent infomation.

    Reply
  • Marcus Levy 1175 days ago

    http://content.selfip.com/portal/freebacklinks.php

    Very interesting post about XSS. Although you can’t blame this lot for the fact that there is a flaw in this version of php, so many websites are vulnerable to XSS attacks. It truly bewilders me.

    Reply
  • Sami 1139 days ago

    http://4b8.de

    Great. The best: Even now there are thousands of buggy Sites… Can’t believe it, but will use it ^^ :-)

    Thanks for the info!

    Reply
  • Dave Marshall 1125 days ago

    http://bit.ly/bxt2yx

    Simple XSS backlink in the .gov.uk, I don’t what’s worse, poor coding like http://bit.ly/bxt2yx or using PHP 4 :)

    Reply
  • juust 1084 days ago

    http://www.juust.org
    Reply
  • Juni Daniel 1079 days ago

    http://www.ArticleBanker.com

    I was looking for something like a list.

    Reply
  • Tixik 961 days ago

    http://en.tixik.com

    Well, a perfect topic for spammers and black one guys. But I think such a fast grow in back links is really too easy for search engines to discover a non-standard way and…… a huge ban .]

    Reply
  • kevin blumer 906 days ago

    http://www.kbos2.co.uk/

    soon as everone knows secrets like that they would keep them to themselves

    Reply
  • Web Developer 800 days ago

    http://www.mediahut.co.za

    You gotta be kidding me. Does this still work?

    Reply

Write your comment

Optional

The Bronco Family
Work With Us