Wednesday, May 27, 2009

URL Abuse Example

Today I received a mail from a well-respectful company that suggested me to update my profile and as a bonus I will have access to some report documents (and some ring-tones which is why I was interested in the first place! :)

I completed the on-line form and after clicking the "Submit" button, a new page appeared saying "Success" and some links to get access to the content. The weird thing though that I noticed is the URL part. It was too *big*! After copying and pasting the URL to a text editor I got this:



Obviously they used the URL to encode the Success HTML page(!). I have removed the notices that point to the company name, its not the important thing here. The important thing is that the hell of abuse of the HTTP/URL protocol conventions!

And it is not the first or the last example. The list goes on and on...