Skip to content

Exploits?

BrandonBrandon Reputation Management Pro
edited March 2013 in Need Help
I really don't like the addition of exploits.  To me this crosses the line from building links to maliciously affecting someone else's web server and might even begin to cross legal lines.

Just my opinion, I also didn't like that it was enabled by default and I had to go in and disable it.

Comments

  • SvenSven www.GSA-Online.de

    It's not enabled by default!

    These are just samples, noone should use them and in the end it's just a URL injection by GET parameters. Nothing to worry about as no data is effected on the remote server.

  • thisisalexthisisalex
    great, where can I turn this on ?
  • BrandonBrandon Reputation Management Pro
    @sven the middle one was enabled by default on most campaigns, I think because they were already running trackbacks.
  • ComputerEngineerComputerEngineer
    i don't think so you can count get method as an exploit :D

    @sven can you provide 1 example ?
    i would like to check what is it like
  • GJPGJP
    You should look one for yourself. I wouldn't want any of my sites be posted publicly with "exploitable" next to it.
  • SvenSven www.GSA-Online.de
    @Brandon the middle one was in referrer category before...so it was checked because you checked it before.
  • spunko2010spunko2010 Isle of Man
    edited March 2013
    Is there a separate thread where we can see what Exploit does? just hovering over each Exploit tells me enough. What tiers are 'safe' to use these on, i.e. am I stupid to use these on Tier1?
  • SvenSven www.GSA-Online.de
    To be honest, you shouldn't use them at all...I just scripted them for fun to show what else might be possible.
  • HeisenbergHeisenberg
    Well thanks for scripting Sven :)
  • ComputerEngineerComputerEngineer
    if only there were 1 example we could determine whether use or not
  • SvenSven www.GSA-Online.de
    Just turn it on and see for yourself?
  • ComputerEngineerComputerEngineer
    @sven i turned it on. but still there is no thing as "exploit" in verified urls csv (after exported)
  • spunko2010spunko2010 Isle of Man
    I tried it, and it added a link to the URL of the php.info file, but didn't add it anywhere in the .php file itself... I wonder if that is the desired behaviour?
  • SvenSven www.GSA-Online.de
    Yes, nothing is harmed on the server. I would not include such engines. It's added because the GET parameters are shown on the page and if you use a <a href...></a> as content in the URL in one parameter, it shows the URL on the page.
  • doubleupdoubleup
    edited April 2013
    @SvenA question on this, in regards to the 3 platforms within 'exploits' that are available. With the 'PHPInfo Exploit', is the inject an actual backlink in the true sense? 

    For example, the domain http://demo.faett.net/ is an exploitable domain under the 'phpinfo' platform, and it's format after GSA SER submits and verifies it's backlink is:
    "http://demo.faett.net/?a[]=<a+href=“URL”>ANCHOR TEXT</a>". 

    When i visited my verified URL, i could see my URL and anchor text within the pages source code, which is good. However, if you change the 'URL' or 'ANCHOR TEXT' text within the URL above, you can customise it as you want, and can see the resultant change within the pages source code, so it doesn't seem to be a genuine backlink? Would this inject then be indexable and is it able to be picked up by google?

  • SvenSven www.GSA-Online.de
    phpinfo, no it's just showing the URL since you submit it by the GET parameter in the URL. It's no danger exploit. It is not changing anything on there server.
  • doubleupdoubleup
    Ok thanks
Sign In or Register to comment.