Wednesday, May 27, 2009

URL Abuse Example

Today I received a mail from a well-respectful company that suggested me to update my profile and as a bonus I will have access to some report documents (and some ring-tones which is why I was interested in the first place! :)

I completed the on-line form and after clicking the "Submit" button, a new page appeared saying "Success" and some links to get access to the content. The weird thing though that I noticed is the URL part. It was too *big*! After copying and pasting the URL to a text editor I got this:

------------
https://*.com/dct/forms/success-v2-frame.jsp?resText=%3Cp%3E%3Cimg+src%3D%22http%3A%2F%2F.FOO.com%2Foffers%2Fdetails%2FBOO_guide%2Fimages%2Fmasthead.jpg%22+%2F%3E%3C%2Fp%3E%0A%3Ch4%3EThank+you+for+your+interest+in+FOO+and+BOO.%3Cbr+%2F%3E+Get+access+to+your+%0Aoffers+now+%3A%3C%2Fh4%3E%0A%3Cp%3E%3Cbr+%2F%3E%3Cspan+style%3D%22font-family%3A+arial%3B+color%3A+%23e2934d%3B%22%3E%3Cstrong%3E%26%23187%3B%3C%2Fstrong%3E%3C%2Fspan%3E%3Cstrong%3E+Click+below+for+the+blueprint+article%3A%3Cbr+%2F%3E%0A%3Ca+href%3D%22http%3A%2F%2Fwww.FOO.com%2Foffers%2Fdocs%2F820-7350.pdf%22+target%3D%22parent%22%3EBOO+Guide+for+FOO+BOO+7000+FOO+BOO+FOO%3C%2Fa%3E%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E%3Cspan+style%3D%22font-family%3A+arial%3B+color%3A+%23e2934d%3B%22%3E%3Cstrong%3E%26%23187%3B%3C%2Fstrong%3E%3C%2Fspan%3E%3Cstrong%3E+Click+below+to+watch+the+video%3A%3Cbr+%2F%3E%0A%3Ca+href%3D%22http%3A%2F%2FchannelFOO.FOO.com%2Fvideo%2FFOO%2BMachines%2Bfor%2BBOO%2Bbest%2Bopen%2Bweb%2Binfrastructure%2B%2F1900390530%22+target%3D%22parent%22%3EFOO+FOO+for+BOO+Best+FOO+Web+Infrastructure%3C%2Fa%3E%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E%3Cspan+style%3D%22font-family%3A+arial%3B+color%3A+%23e2934d%3B%22%3E%3Cstrong%3E%26%23187%3B%3C%2Fstrong%3E%3C%2Fspan%3E%3Cstrong%3E+Click+%3Ca+href%3D%22https%3A%2F%2Fcommunications.FOO.com%2FFOOSat%2Fc%2Femea_get_music.html%22+target%3D%22parent%22%3Ehere%3C%2Fa%3E+to+access+your+FOO+Music+Sampler+page+and+download+your+gifts!%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3E%3Cspan+style%3D%22font-family%3A+arial%3B+color%3A+%23e2934d%3B%22%3E%3Cstrong%3E%26%23187%3B%3C%2Fstrong%3E%3C%2Fspan%3E+%3Cstrong%3ELast+but+not+least%3A+access+the+%3Ca+href%3D%22http%3A%2F%2Fuk.FOO.com%2Femrkt%2F20090518%2Fwhitepapers%2Findex.jsp%22+target%3D%22blank%22%3E10+MOST+POPULAR+FOO+resources%3C%2Fa%3E+right+now!%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cp%3EYou+will+also+receive+an+e-mail+in+a+few+moments+with+a+link+to+this%0Ablueprint+and+the+video+so+that+you+can+save+them+to+your+system+more%0Aeasily.%3C%2Fp%3E%0A%3Cp%3EClick+here+to+%3Ca+href%3D%22http%3A%2F%2Fwww.FOO.com%2FBOO%22+target%3D%22parent%22%3Elearn+more+about+BOO.%3C%2Fa%3E%3C%2Fp%3E%0A%3Cp%3ELooking+forward+to+keeping+in+touch+with+you!%3Cbr+%2F%3E%0AThank+you%2C%3Cbr+%2F%3E%0AFOO+BOOMachines+%3C%2Fp%3E

------------

Obviously they used the URL to encode the Success HTML page(!). I have removed the notices that point to the company name, its not the important thing here. The important thing is that the hell of abuse of the HTTP/URL protocol conventions!

And it is not the first or the last example. The list goes on and on...