You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/04/28 01:08:50 UTC

[Bug 3318] New: multiply-encoded URIs missed

http://bugzilla.spamassassin.org/show_bug.cgi?id=3318

           Summary: multiply-encoded URIs missed
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Libraries
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: jm@jmason.org


Simon Byrnand reports (by mail):

 http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32

> it's a 3-level redirect:
>
>     http://images.google.ca/imgres , redirecting to
>     http://www.google.com/url , redirecting to
>     http://www.google.com/url , encoded, redirecting to
>     the real URL, encoded.

we currently don't catch it, because of the second layer of encoding.

> debug: uri found:
>
http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=%68%74%74%70%3A%2F%2F%77%77%77%2E%65%78%70%61%67%65%2E%63%6F%6D%2F%6D%61%6E%67%65%72%33%32
> debug: uri found:
>
http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=http://www.google.com/url?q=http://www.google.com/url?q=http%3A%2F%2Fwww.expage.com%2Fmanger32
> debug: uri found:
>
http://www.google.com/url?q=http://www.google.com/url?q=http%3A%2F%2Fwww.expage.com%2Fmanger32
> debug: uri found:
> http://www.google.com/url?q=http%3A%2F%2Fwww.expage.com%2Fmanger32
>
> It's double-encoded.  We can catch that easily.  But first, my question --
> does this *work* in an MUA, ie. should we?  Simon, could you try it?

What you get is the image preview in google which consists of an image in
the top frame, and the page that it came from in the bottom frame, and in
the bottom frame was a link "click here for ......." so yes it definately
does work...

Regards,
Simon



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.