Google URL padding/'sponsorship' ... - Google Blogoscoped Forum

Forum

Google URL padding/'sponsorship' ...
Milly	Tuesday, October 4, 2005 18 years ago
These all work (I'm using underscores instead of spaces to maintain clickable links on this page, but almost any characters work, including spaces) :- http://www.google.com/// http://www.google.com///webhp http://www.google.com//any_text_you_like_can_be_inserted_in_here/ http://www.google.com//any_text_you_like_can_be_inserted_in_here/webhp http://www.google.com///search?q=oddity http://www.google.com//any_text_you_like_can_be_inserted_in_here/search?q=oddity And for the other Google services too. Is this oddity known about? am I the last to notice? Is it a Google quirk or a more general web server quirk? Anything useful or dangerous about it? Here's a half-hearted phishing-like URL, where it's made to look like the search term is one thing [spoofed_word] but in fact it's another [oddity]. A lot more underscores can be used to push the latter part of the URL out of sight, but I've kept the example fairly short. Spaces (or periods, etc) work fine instead of underscores too :- http://www.google.com//search&q=spoofed_word__________any_text_you_like_can_be_inserted_in_here/search?q=oddity Here's a way of sharing a search URL, whilst retaining 'credit' and/or a reminder of it's source :- http://www.google.com//Customised_Google_search_provided_by_www.iMilly.com_/search?q=oddity Or even :- http://www.google.com//[Sponsored_by____http://www.iMilly.com____Your_Premier_Source_of_High_Class_Spondoolics!!___]/search?q=oddity And of course that type of URL construction could easily be built into the morass of browser Toolbars, or even the search tools bundled with the browsers themselves. I hate to imagine what the SEO spammers might do with such subverted Google search URLs. I suppose it might be combined with My Search History spam too (see :- http://blogoscoped.com/forum/8186.html And bloggers sometimes like to (and Bloggers must) use Google's redirector like so :- http://www.google.com/url?&q=http://www.iMilly.com But this works too[1] :- http://www.google.com//_Link_via_Google_Blogoscoped_at_http://blogoscoped.com_/url?&q=http://www.iMilly.com Ooh er, what might I have unleashed ... Any other wrinkles? Milly [1] Though the redirector has always been susceptible to padding in this form anyway :- http://www.google.com/url?&q=http://www.spam.com/?-Buy-Cheap-Spam-Here
Philipp Lenssen	18 years ago #
As for the multi-slashes, as far as I know that's normal server behavior. It works on my Apache as well: try http://blogoscoped.com///forum/ Interesting spoof URLs you found there.
Milly	18 years ago #
Hmm, yes, but on any of these, say, you're serving up an "HTTP/1.1 404 Not Found" response :- http://blogoscoped.com//spooftext/forum/ http://blogoscoped.com//spooftext/forum/10977.html http://blogoscoped.com/forum//spooftext/10977.html I suppose that's what Google ought to be doing? (I'm don't know much about server setups, by any means).

Advertisement

Blog | Forum more >> Archive | Feed | Google's blogs | About

Advertisement

This site unofficially covers Google™ and more with some rights reserved. Join our forum!