Exploit found with redirect.php
Posted: Thu May 16, 2024 4:58 am
I found an exploit with the redirect.php
Quick story I had a friend in my ham radio club tell me he couldn't access my webpage because his security software was blocking out my site. I found out on a reputation search I was being blocked by 2 out of 40 services. and being marked as a phishing site.
After getting some info from one of those companies' support teams, they were telling me my site was redirecting people to porn sites. I do not have any of that on my webpage. Well it turns out those porn sites are coming from a google search all of them share one thing in common it goes like this mydomain dot com /wx/pages/station/redirect.php?url=(bad site here)
Test it yourselves with your own pages. on your weather stations main directory where you see the home page if you use the default it will start with template unless you changed it but after that type in the following /pages/station/redirect.php then after the PHP no spaces or slashes add a ?url= then after the equals type in whatever https:// domain you want and it will redirect you to whatever website you want. Bad part is it makes it look like your webpage is hosing the bad sites.
e.g. /pages/station/redirect.php?url=https://google.com would redirect you to google if you added this to your address bar after your websites home page.
I removed the redirect.php and am currently trying to get google to remove that info from their searches. This didn't show up if I google searched for my website normally but if I did the site: before my domain in the search box it brings up a lot stuff.
Quick story I had a friend in my ham radio club tell me he couldn't access my webpage because his security software was blocking out my site. I found out on a reputation search I was being blocked by 2 out of 40 services. and being marked as a phishing site.
After getting some info from one of those companies' support teams, they were telling me my site was redirecting people to porn sites. I do not have any of that on my webpage. Well it turns out those porn sites are coming from a google search all of them share one thing in common it goes like this mydomain dot com /wx/pages/station/redirect.php?url=(bad site here)
Test it yourselves with your own pages. on your weather stations main directory where you see the home page if you use the default it will start with template unless you changed it but after that type in the following /pages/station/redirect.php then after the PHP no spaces or slashes add a ?url= then after the equals type in whatever https:// domain you want and it will redirect you to whatever website you want. Bad part is it makes it look like your webpage is hosing the bad sites.
e.g. /pages/station/redirect.php?url=https://google.com would redirect you to google if you added this to your address bar after your websites home page.
I removed the redirect.php and am currently trying to get google to remove that info from their searches. This didn't show up if I google searched for my website normally but if I did the site: before my domain in the search box it brings up a lot stuff.