OS and Software > Webmasters and Developers > Kasia is not nuts really - She made the Register!

reply to nil

Re: Kasia is not nuts really - She made the Regis

No.. not the same page.. any page someone wants to redirect people to.. could be a porn site.. or something
--
daily madness

Ok. Really, I'm not playing dumb. I think I understand now. So, what they are doing is sniffing out people redirecting them to other sites?

No.

I don't think you understand what a referer is? In terms of an http request anyway.. referer is one of the fields sent by the client to the server basically saying "Hi, this where I'm coming from, so in theory this page is linking to you" Let's say that field is filled with »www.google.com/

So now the web server looks at it and says "Ah, cool, google is linking to me".. and in in the case of some happy blog owner he now has a script generate that on his weblog..

"hey look guys, I"m getting traffic from »www.google.com".. but see, he doesn't actually do this by hand just gets the referring url from the http request.

Now the bad guy takes that request and modifies it to instead of the link have a line of javascript like say.. <script>top.top.location.href=bignastypornsitecom';</script> and goes off and hits the weblog with this modified request (his own request, not someone elses).

The weblog owner has this scripted so he doens't see that this isn't a real referer and happily displays it on his page.. at which points this referer acts like any javascript would when embedded in html.. it redirects.
--
daily madness

Yeah, I know what a referrer is. I've used it before in ColdFusion. I just didn't understand what the javascript code injection was all about. I understand everything you're saying now. Thanks to imp's PM's and you.
--
AZIZAVENUE - For Macromedia Enthusiasts
Bezworks Design
Featured Client

reply to nil
Excellent explanation...I even understood it that time.