SEO Egghead Consulting Group

Archived; click post to view.
Excerpt: We all have a mischievous side.  I know I do.  And in that vein, I have a great idea for a PubCon or SES segment.  I'd appreciate some feedback in the form of comments if you'd like to see such a segment.  Then I can approach Danny Sullivan or Brett Tabke with the idea:Title: "Understanding Black Hat SEO: Protecting Yourself From Black Hat Vulnerabilities"The segment would cover the basic black hatter's psyche, and what he's after.  I'd go through the list of common tactics used, and procedures for auditing your application for such vulnerabilities.  Then I'd explain how to solve…

I guess I think like a hacker, because I thought of this before seeing RSnake's post about finding vulnerabilities with Google Code Search.

If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:

lang:php (print\(|echo)\s\$_(GET|REQUEST)

This says "Find all PHP code that calls 'print' or 'echo' to display $_GET or $_POST (likely) without escaping anything.  What a great way to find places to inject stuff!  This is useful to find XSS vulnerabilities as well.

Organizing the world's information is useful — for many things

Archived; click post to view.
Excerpt: I'm a sinner!  I violate Google's TOS daily.  But the guy standing next to me on Yom Kippur made me look like Jill Whalen!  He was a spammer — and a pretty devious one at that.  Some of it was muffled by the sounds of unfed stomachs growling for forgiveness, but I managed to hear these 5 things he said:1. I'm sorry, my Lord, for using 1000s of vulnerable .edus as parasites to promote Viagra, a drug that increases the pleasure and frequency of illicit carnal sin. 2. I'm sorry, my Lord, for causing many of those aforementioned individuals to…

Archived; click post to view.
Excerpt: This recent article mentions that XSS and HTML injection are quickly eclipsing the traditional stack smashing and SQL tainting attacks in popularity.  But why?  I posit that the reason is simple — XSS & HTML injection vulnerabilities are frighteningly trivial to find.  I will demonstrate the relative ease of finding injection points in this article.  I wrote a script that sniffs out hundreds of such vulnerabilities rapidly and automatically, in fact. Both XSS & HTML injection vulnerabilities are the result of similar flaws in web application software.  Typically, a programmer forgets to properly escape or sanitize user-defined data presented in…

Archived; click post to view.
Excerpt: I was playing around with the What is Hosted on that IP? tool I just published, and some of what I found is a bit scary.  I see cases where there are a few relatively legitimate sites nestled on the same IP with hundreds of spammy sites.  Needless to say, this is a liability.Suppose I am a devious SEO who does not like my competitor very much.  My competitor is also a big cheapskate.  He uses the "Beginner Hosting" package from some fly-by-night web hosting company that, like everyone else these days, oversells.  He pays $2.95 USD per month.  That's…

Archived; click post to view.
Excerpt: People have too much faith in Google – even when doing so implies a violation of the principles of computer science.  Many Google-oglers have contended that Google can find applications of JavaScript redirect cloaking with ease.  I'm not a PhD in Computer Science, but I doubt there is any easy way to find this stuff generally.  Yes, even for Google.  Clever spammers will be doing this sort of thing for awhile.  Google will nail the lousy spammers that cut and pre-made paste scripts with a common signature, just as the Feds catch the script kiddies running precompiled exploit scripts…

Archived; click post to view.
Excerpt: Since BigDaddy, many have been screaming about the decreasing quality of Google's index.  Now let's get a few things straight.  Some SEOs (ahem, spammers) may be the last demographic that you want to ask about index quality; but even the whitest of white hats are noticing.  One of earliest cited problems is that Google is kicking many pages out of the main index and into the supplemental index.  Many web masters complained, and Google listened — at least temporarily.  Now Matt Cutts says something ambiguous like "I believe any changes on the [June] 27th were refreshing data used by an…

Archived; click post to view.
Excerpt: Note: the code for the auditing script is located here. As a programmer, I cannot stress it enough. What is it? Escaping all data processed by your web application's code! It's a common security issue, but most people are only accustomed to it, these days, in the context of SQL. Every programmer worth salt knows that he must escape/sanitize data sent to a SQL database. Otherwise, carefully-constructed input can form a totally cool query that exposes and/or vandalizes data. Despite this, many programmers forget to escape SQL input; and even more of them forget to…