Who wants 60,600 free backlinks?
A few things before you read this:
1) This is blackhat
2) You do this at your own risk
3) I’m only writing it because I think it’s interesting
4) If you don’t like it, take it as the information it was meant as, not as a recommendation what you should do!
With all that said. There’s an exploit for PHP versions 4.4.3 > 4.4.6 lurking around in the phpinfo() files. You can find all of the affected sites by doing this Google search.
Basically, itâ??s an XSS vulnerability in the phpinfo() function which gives unescaped output for all user-submitted arrays in GET, POST and Cookies. (More info can be found here)
If you find one of the URLs and add this on the end:
?f[]=%3Ca%20href%3Dhttp%3A//WWW.YOURWEBSITE.COM/
%3EYOUR%20ANCHOR%20TEXT%3C/a%3E
Replacing the YOURWEBSITE.COM for your URL an entering YOUR ANCHOR TEXT (with %20 as spaces). Hit enter, then scroll down to “PHP Variables” and you’ll see you’ve injected two of your links on the page. All that you need to do then is get them indexed. Boom, there’s some backlinks.
Like this article? Then subscribe to the feed!
Related Posts:
Next Post:
Increase your SERPs click-through »
Previous Post:
« Exploiting LSI to rank higher
Wow. I have never seen anything like this before. Its tempting, but, it has trouble written all over it.
Comment by Brian Chappell
April 27th, 2007 @ 4:37 pm
It sure does
Comment by Mark
April 27th, 2007 @ 4:41 pm
Would be interesting to have an automated tool which:
1. Finds all such sites listed after PR
2. appends your website + anchor
3. blog and pings them once
Number 3 shouldn’t be needed maybe if it’s a high PR site.
Mike
Comment by Mike
April 27th, 2007 @ 9:29 pm
The URLs won’t have PR because you need to get the URLs listed with the query string in. So you need to get them indexed and it’s more about link velocity than weight/authority.
Comment by Mark
April 27th, 2007 @ 9:32 pm
Dude that dope!
Comment by DMOZ
April 28th, 2007 @ 4:13 am
yeah… great… make more such xss exploits public. great job…
…
Comment by tobsn
April 28th, 2007 @ 7:35 am
Coming from someone who runs “blackhat diary”?
I noticed DaveN already posted this, so go moan at him, he has thousands of readers
Comment by Mark
April 28th, 2007 @ 8:21 am
In my opinion this goes past what is necessarily morally sound… Aw snap.
Comment by tyler
April 28th, 2007 @ 9:12 am
Please, change the typography on the site. It’s very hard for reading. Try using Arial 11px.
Apart from that, great content man, keep it up!
Comment by dr.
April 28th, 2007 @ 11:57 am
Of course it’s past morally sound tyler, that’s why it’s called blackhat!!
Comment by Mark
April 28th, 2007 @ 3:34 pm
Theres people selling this method on DP, lol
Comment by DMOZ
April 28th, 2007 @ 5:48 pm
I’m working on a quick way to automate this…stay tuned!
Comment by Jason
May 1st, 2007 @ 1:50 am
My automated tool is 90% done! I will keep you posted.
Jason
Comment by Jason
May 3rd, 2007 @ 3:25 am
Wow, I want to see this automated!
Comment by Page
November 24th, 2007 @ 5:06 pm
[...] blackhat, sometimes over confident of their technical abilities will use techniques such as using exploits to grab 60,000 links. Who cares what the cost is? Vader achieves his goal by inflicting his evil onto the web at the [...]
Comment by Digerati Marketing » Star Wars SEO Link Building For Padawans
December 12th, 2007 @ 9:08 pm
:O that’s so wrong lol but would this really work/count as a backlink?
Comment by Katie
August 25th, 2008 @ 10:05 am
this method does work for gaining fast backlinks but the search engines nowa days are on to these black hat techniques and quickly punish sites for such methods
Comment by top typo
December 14th, 2008 @ 8:08 pm
@top typo – you may want to read this:
https://digeratimarketing.co.uk/2008/12/12/understanding-optimum-link-growth/
Comment by Mark
December 14th, 2008 @ 8:13 pm