Open Redirect on Archive.org

2 points

5 years ago

this is being abused on various social networks such as twitter

the high authority of the archive.org domain makes it hard to bloc and the nature of the redirect means spiders cannot crawl it, making better for spamming purposes

Here it is

https://t.co/jyCOKb4E3h?amp=1

It involves a long piece of JavaScript which I have not been able to decrypt what it does but I can modify the exploit to redirect to any page. This piece of JavaScript is able to break the frame in way that is undetectable to archive.org.

Steps to reproduce: You create a webpage with the JavaScript, archive it, and then point to the page like this

http://web.archive.org/web/XXXXXXX/http:yourdomainhere.com

the JavaScript https://jsfiddle.net/hnu4q5bm/

this part "://wi" which is the only obvious readable part of the code can be changed to any url

I have tired emailing archive.og about it no fu3ks given