Would anyone like some free backlinks?
Steady, Matt. We’re not selling them so it’s okay, right? Actually I won’t even be providing them. It’s all down to the good folks at PHP.
Some of us might remember the Month of PHP Bugs in March, which I have to say passed without great fanfare. I think it’s probably because it made us all look bad so less said about that the better. Anyway I was reviewing today’s server patches (via the magical apticron utility) which reminded me that I should probably review the results of the MOPB. Boy am I glad I did!
Take a look at this little doozy
Basically, it’s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies.
Translation?
Well if anyone has a spare phpinfo() for PHP versions 4.4.3 -> 4.4.6 hanging about, try appending this to its URL:
?f[]=%3Ca%20href%3Dhttp%3A//www.davidnaylor.co.uk/%3EDaveN%20Ownz%20j00%3C/a%3E
Then scroll down to “PHP Variables”. If you have an exploitable version, you should get one, clean, un-condomned backlink. Ain’t that precious? So all you would need to do is to get a bunch of them indexed and you’re happy as Larry. However happy he is.
Now would anyone like 60,600 free backlinks?
PS. For those that don’t get it yet, this post was written by Rob, one of Dave’s programmers. In Vim. Proudly.
Jeremy Luebke 1750 days ago
Haha, gotta love it. How about a couple hundred .edu links
http://www.google.com/search?hl=en&safe=off&q=%22PHP+Version+4.4%22+%22phpinfo%28%29%22+inurl%3A.edu&btnG=Search
Liam Victor 1750 days ago
http://www.liamdelahunty.com/tipsGenie mac, that’s beautiful. You’re a bit of an evil genius aren’t you Rob? I wonder if Bronco’s offices are in an underground bunker.
Rob Haswell 1750 days ago
Nah dude, then I wouldn’t be able to come in wearing shorts and sandles! And I’m pretty sure my wireless headphones would get crappy reception on cig breaks.
Glen 1750 days ago
http://www.viperchill.comDoesnt seem to work, tested on a few sites (linking too them of course
)
Rob Haswell 1750 days ago
I promise you it works, I’ve tested it on a number of the top ten serps for that query.
Are you sure they’re running on PHP 4.4.3-6? May I have an example of one that doesn’t work?
I would post working examples but Dave’s on a black-hat ban for a while. I can only show you the door…
Glen 1750 days ago
http://www.viperchill.comThe links are actually showing as clickable text links and not just an array query showing you Blah in that actual format? (spaces added so it shows)
And you are just adding that line of code onto the end of the phpinfo.php extension for e.g.
Alex 1750 days ago
http://www.future-weapons.netWow, this really works. But how would you go about getting these indexed ? You only get the link if you append the variables, right ?
Jimmy 1750 days ago
Nah! Doesn’t work. I tried but then it shows the statement as it is without link
…
Rob (the author) 1750 days ago
http://www.davidnaylor.co.uk/Ya that’s the point – free backlinks for all!
Glen 1750 days ago
http://www.viperchill.comDoesnt matter, the example I posted is not how i posted it, it skipped the gaps and formed that anchor text link. The results Im seeing (prefer no linkage) are just showing the plain text version of the link and not the link itself with just as text, no link
Jeremy Luebke 1749 days ago
Glen your looking in the wrong spot. Trust me.
WilliamC 1749 days ago
http://TheSEOFoxNow that it has been posted here, you can bet those links wont affect SERPS in a day or three. I mean, be realistic, how hard is it for google, yahoo, msn to filter /phpinfo/
Very nice find tho Rob.
Someone 1749 days ago
When you refresh the link disappears.
Does it go anywhere else or is it just temporary?
Joris 1748 days ago
It works…and all you guys that can’t figure out how to get it in the SEPRS….you don’t belong here
Adam Moro 1748 days ago
http://www.adammoro.comGood find! Thanks for sharing, Dave!
Microdesign 1748 days ago
http://www.microdesign.nl/diensten/Woow interesting, are you doing it?
ricardo 1747 days ago
http://www.ricdes.com/’ve been trying to do this but I can only get a pure text… which doesnt help me out alot. Any hints?
Sausages 1747 days ago
Hmm… Google API to return all the phpinfo pages as XML, format them as links, scrape a load of content from other sites as page padding and a few well placed referral links to get my page hit a few times…
What are the chances of someone being slightly upset about all this? lol
Sausages 1747 days ago
Add to that an array with a selection of keywords, all randomly pieced together and appended to the injected url
Sausages 1747 days ago
And don’t limit your backlinks to just an anchor tag either…
Rob Haswell 1747 days ago
Ricardo, follow my exact instructions with http://hosting.iptcom.net/phpinfo.php
Zasxer 1747 days ago
http://zasxerblogspot.comHilarious…
You guys kill me…
I guess the only way to find out is to try it…
Done…
Sausages 1747 days ago
Add a couple of backlinks to each outward link, just specify the array index inside f[]:
?f[0]=%3ca%….&f[1]=%3ca%… etc
Limited to maximum length of querystring (2,083 chars IIRC)
Rob Haswell 1747 days ago
2083 characters in internet explorer, but Googlebot doesn’t run on IE
Sausages 1747 days ago
“doesn’t run on IE”… what kind of insanity is this
Bill 1747 days ago
http://www.billhartzer.comGood find, Dave. It’s now up to 69,100 backlinks.
Adam Moro 1744 days ago
http://www.adammoro.com/blog/Here’s a nice little trick for compiling a list of links with this method. Download SEO for Firefox from tools.seobook.com and do Rob’s suggested search for the phpinfo pages. Download the CSV provided by the SEO for FF extension and delete everything but the urls. Now enter the formula below in cell B1:
=A1&”?f[]=%3Ca%20href%3Dhttp%3A//www.davidnaylor.co.uk/%3EDaveN%20Ownz%20j00%3C/a%3E”
Now copy the formula down and there you have it. A list of urls ready to post to comments, sigs, etc. Thanks again, Rob!
Rob Haswell 1743 days ago
Any time mate
Just because Dave’s on a black-hat ban…
evilgreenmonkey 1739 days ago
http://www.evilgreenmonkey.com/Nice find Rob – when’s Dave going to let you out of the cage so you can come along to a LondonSEO or conference? Included your find in a blog post as an XSS example, hope you don’t mind.
Cheers,
Rob
john 1736 days ago
http://www.adstreaminc.comsearch google for only version 4.4.4, less results but each will work
paul 1733 days ago
The only problem I see is that it shows your ip address at _SERVER["REMOTE_ADDR"]. How can we block that?
paul 1733 days ago
One more question. Is this what the actual url would look like with all of the percent (%) symbols and things? Those type of url’s would be difficult to get indexed wouldn’t they?
Rob Haswell 1733 days ago
What? The $_SERVER['REMOTE_ADDR'] only shows the IP of the computer accessing the page – for indexing purposes that’s the spider’s IP only.
As for the percentage signs: No, that’s just how you need to encode query string parameters. Look up URL encoding.
Unfortunately mate I reckon you have too great a lack of understanding of the Internet and HTTP to really exploit this one properly.
Not that exploiting it is going to do anyone any good though.
Enblogopedia 1722 days ago
http://www.enblogopedia.comas above.
“Does it go anywhere else or is it just temporary?”
paul 1722 days ago
It doesn’t matter. There’s no way the url will ever get indexed.
Rob Haswell 1721 days ago
Sure it will – just link to it
Freelance Website Design 1716 days ago
http://www.alfredfox.comI really don’t see where the confusion lies. I played around with this and came up with a very simple 1 page php script that pulls all of the php 4.4.4 results, paginates them into 20 or so pages (only the first 200 results) and every one has a random bit of text for the actual link to the php page (and this link has whatever link I want appended to the phpinfo.php pages) as well as some random content under the links. Every vestige of google has been stripped out returning only the links to the php pages. It was very simple and if I decided to try it, I’m guessing highly effective.
Rob Haswell 1716 days ago
Yeah if you want to get your site banned dude
Freelance Website Design 1716 days ago
http://www.alfredfox.comYeah my first thought was it would be a good way to get someone elses site banned (someone you didn’t like). You could very easily fill the internet with illigetimate link backs for any site you want. 60k is a formidable number.
But my stance is this, I, for painfully obvious reasons, wouldn’t use this, but its very very easy to implement. I doubt the writer of this blog would use it either. But you know what they say, knowledge is power.
Cheers.
Lukasz 1697 days ago
http://www.jedrzej.netEverything is ok but how google would find these links if they are not indexed?
Anyway you have to put it somewhere so what’s the difference between using these links instead your site url?
Rob Haswell 1697 days ago
Google finds the links if you link to them. Linking to anything that returns a 200 status line is like creating out of thin air. Remember this.
The point is that you don’t need to put it anywhere, there’s thousands of them out there.
Emlak ilanlar 1667 days ago
http://www.emlakilanlar.comgoogle has been stripped out returning only the links to the php pages
acnecaregal 1521 days ago
http://http://www.acnetreatmentlab.comgreat one but i like geting backlinks the old fashioned way
Anonymous 1518 days ago
AnonymousGreat way to get backlinks,thanks.
Jamie 1462 days ago
http://www.lamelime.comYou could also go to http://www.lamelime.com and submit a thred with your link in it, your allowed to do that there
phillip mentor 1361 days ago
http://www.myfip,nethow do i get education back links phillip
Linda 1011 days ago
I cannot get this to work, but here is my link at any rate, maybe it will generate 1 or 2 back links…
http://www.webupon.com/Social-Networks/Discovering-Moonbeams.685485
James 813 days ago
http://www.software-dungeon.co.ukThis seems highly dodgy to me. There are easier and less dangerous methods out there.
simon 785 days ago
http://www.edenmore.co.ukHI, I would like 60600 free backlinks? Only thing is, I know nothing about php!
Would someone be kind enough to send me a back links .php page ready to go?
Ta
SImon
Padizine 729 days ago
http://www.padizine.com/blog/Oh my god this actually works. But I don’t think it’s very safe :-s
Paul 716 days ago
http://www.learn-new-skills-from-home.comExcellent infomation.
Marcus Levy 709 days ago
http://content.selfip.com/portal/freebacklinks.phpVery interesting post about XSS. Although you can’t blame this lot for the fact that there is a flaw in this version of php, so many websites are vulnerable to XSS attacks. It truly bewilders me.
Sami 673 days ago
http://4b8.deGreat. The best: Even now there are thousands of buggy Sites… Can’t believe it, but will use it ^^
Thanks for the info!
Dave Marshall 659 days ago
http://bit.ly/bxt2yxSimple XSS backlink in the .gov.uk, I don’t what’s worse, poor coding like http://bit.ly/bxt2yx or using PHP 4
juust 618 days ago
http://www.juust.org@Dave Marshall cool
google “site:.edu magpie_debug.php”
http://www.hcs.harvard.edu/currier/rss/scripts/magpie_debug.php?url=http%3A%2F%2Fwww.juust.org%2Findex.php%2Ffeed%2F
Juni Daniel 613 days ago
http://www.ArticleBanker.comI was looking for something like a list.
Tixik 495 days ago
http://en.tixik.comWell, a perfect topic for spammers and black one guys. But I think such a fast grow in back links is really too easy for search engines to discover a non-standard way and…… a huge ban .]
kevin blumer 440 days ago
http://www.kbos2.co.uk/soon as everone knows secrets like that they would keep them to themselves
Web Developer 334 days ago
http://www.mediahut.co.zaYou gotta be kidding me. Does this still work?