I <3 Bots!
Subscribe to the RSS feed

Keyword - SEO

Entries feed - Comments feed

Friday, December 5 2008

IE7, no Same Origin Policy when the script/file is on your file system

By Romain on Friday, December 5 2008, 10:45 UTC

It's been such a long time since I haven't posted here. I've been quite busy with the new job at Cigital and all the implication.

Anyway, this morning, a collegue of mine show me a piece of javascript he used for create a request to another website (actually, this was just to do a javascript what I did in Python previously). This totally bugged me. He has been able to craft a request (using XHR) from a local file to a distant website... WTF with SOP? After some tests, it seems it's only working with IE7, but well, I didn't test with many browser, only with Firefox 3, Chrome, IE7.

So, I have no idea if this is known for a long time or not, but well, I haven't seen this before.

A simple POC is available here: xhr_SOP_ie7.html

no comment

Tuesday, January 29 2008

Search engine keywords extraction

By Romain on Tuesday, January 29 2008, 10:24 UTC - Tech

For fuckthespam!, I wanted to add a nice feature due to the content of this website: a listing of keywords that people used to come on this website.

Well, the code is pretty simple bust just wanted to share it; it's working for google, msn and yahoo (the 3 most important search engine), I don't really care about having everything and just wanted to share this PHP snippet.

$referer = $_SERVER["HTTP_REFERER"];
if (strpos($referer,"search") > 0) {
	// look for google, yahoo and MSN
	$key = 0;
	if (strpos($referer,"google.") > 0 || strpos($referer,"msn.") > 0)
		$key = "q";
	else if (strpos($referer,"yahoo.") > 0)
		$key = "p";

	if ($key) {
		$parse_url = parse_url (urldecode($referer));
		if (array_key_exists("query",$parse_url)) {
			$query = $parse_url['query'];
			// extract (.+)$key=(.*)&
			$t = explode("&", $query);
			foreach($t as $k=>$e) {
				if ($e[0] == $key && $e[1] == '=') {
					$k = "$key=";
					$keyword = str_replace($k,'',$e);
					if (strlen($keyword) > 2) {
						// $keyword is actually the whole content of the search
					}
					break;
				}
			}
		}
	}
}

no comment

I <3 Bots!