You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/04/28 01:20:44 UTC

Re: Simon's complex redirection 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Theo Van Dinter writes:
> On Tue, Apr 27, 2004 at 03:46:32PM -0700, Justin Mason wrote:
> > > http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&amp;imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32
> 
> eek!
> 
> > It's double-encoded.  We can catch that easily.  But first, my question --
> > does this *work* in an MUA, ie. should we?  Simon, could you try it?
> 
> I don't know about an MUA, but it doesn't work in any browser I've tried
> so far.  You end up at http://images.google.com/images:
> 
> Information returned from request (not including data):
> <Connection> = <Keep-Alive>
> <Content-Type> = <text/html>
> <Content-length> = <161>
> <Date> = <Tue, 27 Apr 2004 22:59:47 GMT>
> <Location> = <http://images.google.com/images>
> <Server> = <GWS/2.1>
> <Set-Cookie> = <PREF=ID=2342b69354b6a6f5:LD=en:TM=1083106787:LM=1083106787:S=4Q5Kb3zcm_6V0Tjm; expires=Sun,
> 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.ca>
> <code> = <301>

Try http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32

(NOTE: with &amp; replaced with just &)
that works. (although it still uses google's image results page for
the display.)

But just because it ends up at the imgres page doesn't mean we don't
have to worry about it.  This URL:

http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32

also works -- Google redirects it to the target site
http://www.expage.com/manger32 successfully -- but SpamAssassin doesn't
parse it.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAjurMQTcbUG5Y7woRAi2KAKDkGfoSzXWzzP73ggTr0FEZYlbEEgCg7861
JrRcI4laMJDWumLpHAbWaT4=
=/Hlu
-----END PGP SIGNATURE-----