HomeAbout Patrick AltoftSearch Engine Optimisation consultingSEO from Branded3 Search LtdContact Me

XSS Exploit on Half a Million 123 Reg Parked Domains

By Patrick Altoft on September 5th, 2007

UK registrar 123-reg.co.uk has had a fair few customer relations issues in the past. Today I was digging into an issue for a client site and found some interesting things related to the way 123 Reg handles parked pages.

The problem was that the clients site didn’t open when you missed the www out of the domain. For example visiting this link was OK but this one takes you to a parked page (this site isn’t my client, just an example).

A quick check on how many sites 123 Reg has parked and indexed in Google reveals about half a million so there are plenty of trusted domains to have fun with.

123 Reg has left a nice XSS hole in their parked pages allowing any users to create an unlimited number of links on spam sites like this one and even better this one.

Basically every single one of the half million domains parked with 123 Reg can be injected with links to whatever sites a spammer wants.

123 Reg XSS

Categories: Coding, Design, Search Engine Optimisation

Bookmark: delicious | digg | reddit | StumbleUpon | Google Bookmarks | Sphinn

Read some similar posts
No related posts

Reader Comments leave yours >>

Someone needs to automate this ;-)

skitX   September 6, 2007 4:00 pm | Reply

 

Fixed.

AwayInAManger   September 10, 2007 10:40 am | Reply

 

lol @ using Matt Cutts domain ;-)

Danny @ Blogs For Money   September 24, 2007 7:51 pm | Reply

 

Read our comment policy
We moderate first time commenters

Name (required)
E-mail (required - never shown publicly)
Your website
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> in your comment.

Trackback URI

Design by Patrick, theme by Justin Tadlock & code by Wordpress