Home | Archive | Contact

Who wants 60,600 free backlinks?

A few things before you read this:

1) This is blackhat
2) You do this at your own risk
3) I’m only writing it because I think it’s interesting
4) If you don’t like it, take it as the information it was meant as, not as a recommendation what you should do!

With all that said. There’s an exploit for PHP versions 4.4.3 > 4.4.6 lurking around in the phpinfo() files. You can find all of the affected sites by doing this Google search.

Basically, itâ??s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies. (More info can be found here)

If you find one of the URLs and add this on the end:

?f[]=%3Ca%20href%3Dhttp%3A//WWW.YOURWEBSITE.COM/
%3EYOUR%20ANCHOR%20TEXT%3C/a%3E

Replacing the YOURWEBSITE.COM for your URL an entering YOUR ANCHOR TEXT (with %20 as spaces). Hit enter, then scroll down to “PHP Variables” and you’ll see you’ve injected two of your links on the page. All that you need to do then is get them indexed. Boom, there’s some backlinks.

Like this article? Then subscribe to the feed!


Related Posts:


Next Post:
Increase your SERPs click-through »

Previous Post:

« Exploiting LSI to rank higher

18 responses to “Who wants 60,600 free backlinks?”

  • Brian Chappell says:

    Wow. I have never seen anything like this before. Its tempting, but, it has trouble written all over it.

    Comment by Brian Chappell
    April 27th, 2007 @ 4:37 pm

  • Mark says:

    It sure does :-)

    Comment by Mark
    April 27th, 2007 @ 4:41 pm

  • Mike says:

    Would be interesting to have an automated tool which:

    1. Finds all such sites listed after PR
    2. appends your website + anchor
    3. blog and pings them once

    Number 3 shouldn’t be needed maybe if it’s a high PR site.

    Mike

    Comment by Mike
    April 27th, 2007 @ 9:29 pm

  • Mark says:

    The URLs won’t have PR because you need to get the URLs listed with the query string in. So you need to get them indexed and it’s more about link velocity than weight/authority.

    Comment by Mark
    April 27th, 2007 @ 9:32 pm

  • DMOZ says:

    Dude that dope!

    Comment by DMOZ
    April 28th, 2007 @ 4:13 am

  • tobsn says:

    yeah… great… make more such xss exploits public. great job… 😐

    Comment by tobsn
    April 28th, 2007 @ 7:35 am

  • Mark says:

    Coming from someone who runs “blackhat diary”?

    :)

    I noticed DaveN already posted this, so go moan at him, he has thousands of readers

    Comment by Mark
    April 28th, 2007 @ 8:21 am

  • tyler says:

    In my opinion this goes past what is necessarily morally sound… Aw snap.

    Comment by tyler
    April 28th, 2007 @ 9:12 am

  • dr. says:

    Please, change the typography on the site. It’s very hard for reading. Try using Arial 11px.

    Apart from that, great content man, keep it up!

    Comment by dr.
    April 28th, 2007 @ 11:57 am

  • Mark says:

    Of course it’s past morally sound tyler, that’s why it’s called blackhat!!

    Comment by Mark
    April 28th, 2007 @ 3:34 pm

  • DMOZ says:

    Theres people selling this method on DP, lol

    Comment by DMOZ
    April 28th, 2007 @ 5:48 pm

  • Jason says:

    I’m working on a quick way to automate this…stay tuned!

    Comment by Jason
    May 1st, 2007 @ 1:50 am

  • Jason says:

    My automated tool is 90% done! I will keep you posted.

    Jason

    Comment by Jason
    May 3rd, 2007 @ 3:25 am

  • Page says:

    Wow, I want to see this automated!

    Comment by Page
    November 24th, 2007 @ 5:06 pm

  • Digerati Marketing » Star Wars SEO Link Building For Padawans says:

    […] blackhat, sometimes over confident of their technical abilities will use techniques such as using exploits to grab 60,000 links. Who cares what the cost is? Vader achieves his goal by inflicting his evil onto the web at the […]

    Comment by Digerati Marketing » Star Wars SEO Link Building For Padawans
    December 12th, 2007 @ 9:08 pm

  • Katie says:

    :O that’s so wrong lol but would this really work/count as a backlink?

    Comment by Katie
    August 25th, 2008 @ 10:05 am

  • top typo says:

    this method does work for gaining fast backlinks but the search engines nowa days are on to these black hat techniques and quickly punish sites for such methods

    Comment by top typo
    December 14th, 2008 @ 8:08 pm

  • Mark says:

    @top typo – you may want to read this:

    http://www.digeratimarketing.co.uk/2008/12/12/understanding-optimum-link-growth/

    Comment by Mark
    December 14th, 2008 @ 8:13 pm