Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Tom Gallagher (tomSecurityBugHunter.com)
Date: Tue Nov 15 2005 - 03:52:39 CST
This isn't exactly XSS, since you can't run script. They are taking your data
from the 'q' parameter and doing a 302 redirect on it. Like you point out,
this causes some confusion and phishers love stuff like this.
When you test pages that redirect, good test cases to try are HTTP Splitting
cases where you attempt to inject CRLFs.
Quoting Andrew Chan <quicktgmail.com>:
> I tried http://www.google.com/url?q=http://www.microsoft.com and it got
> directed. it seems that I received one such phishing email that makes
> use of this to obfuscate the actual URL lately.