Googlejacking By Example
by J. V.
Lots of noise on the Internet lately about this new phenomenon called "Googlejacking." For those of you who have spent the last month or so in a cave, Googlejacking is when a a website in Google's listing is linked in the Google database to a site that is not on the domain of the original writer of the original page.
For instance, you could have a situation where a page listed in Google's database, say www.cnn.com, is linked on a Google search page to www.thepopeisevil.com/cnn, or even www.hornygirls.com/cnn. The original website description and title will be the same, only the link will be different in the Google database, so when a user clicks on the searched link it will go through the off-CNN page, not the original CNN page.
Danger, Will Robinson
How does this happen? The problem is with the way Google handles 302 redirects and META refreshes with a zero wait time. In other words, Google tries to make it so pages with the "same" content are not in its database. A 302 redirect or a META refresh with zero wait time will redirect the browser to another page, so Google does not want to index both the redirect page and the page you are redirected to.
The zero wait time for a META refresh is important, because otherwise Googlebot will index the redirect page as a page with no content (a blank page) instead of a page that is identical to our target page. Confused? Hopefully when we look at the exploit code it'll all be crystal clear.
This problem isn't restricted to Google. MSN Search is also reported to have this vulnerability, and theoretically any other search engines will have the same problem if they handle 302 and meta redirects the same as Google does.
Exploit Listing and Discussion
There's a lot of other good information already out there (see references at bottom of article), but what I couldn't find was some good code exploiting the vulnerability. I hope to remedy this with "jack_mehada.php", shown below:
If you know a little about PHP and a little about browsers, what this script does should not take long to understand. The If statement checks if the software that requested the page is a bot by checking its "User Agent" string. I didn't just check for Googlebot - MSNbot and a few others are in there. Bots get a redirect to our target page, everyone else gets a redirect to thepopeisevil.com.
You can change the script to redirect non bots to any page you want by changing the line:
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.thepopeisevil.com\">";
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.my-site.com/whateverpageyouwant.html\">";
So if I wanted to redirect it to my favorite porn gallery ever (haha, pure anarchist evil), I'd change the line to:
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://hornygirls.porn-host.org\">";
Save and upload this script to your web host, naming it "jack_mehada.php". Once the script is up on your web host, assuming your host supports php you can jack any page you want by linking the script on an existing web page. I'd do it like this if i wanted to jack cnn.com:
<a href="http://www.my-website.com/jack_mehada.php?url=www.cnn.com">My Jacker Link</a>
Or, like this if I wanted to jack a friends GeoCities page:
When Google rolls around and indexes the page with these links on it, it should also schedule the jacker pages for indexing. Yay!
Tips and Tricks
If you want to have the best chance of your jacked page being listed instead of the original, you need to work around Google's PageRank algorithm. The PageRank algorithm is Google's method for checking the "quality" of a site, and is out of the scope of this article, but check the references below if you want to know more, or look it up on wikipedia.com. Trying to get a better PageRank is not necessary however, since obviously lower PageRanked pages have jacked higher PageRanked pages many, many times. It just helps.
And of course, for best results try the shotgun approach. Jack lots of pages using lots of links, and if you know PHP, edit the script and get creative.
How do you know if you've successfully jacked a page? Search for the page you're trying to jack in Google. If the green URL under the description is your jacker URL instead of the original page URL, you win. Game over man.
Email me at email@example.com if you have questions or figure out something creative to do with/put in to the script. Also email me if you successfully jack something, so we can share a laugh. Flames will of course be forwarded to /dev/null.
Enjoy, and happy jacking!