Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Exposing the URL

Wednesday, July 29, 2009 14:44

Once upon a time URLs, the string of text that act as an address for a web page, were fairly simple. An address like “http://www.isu.edu/security/” was all one needed to get to a web page. As the web has matured URLs (Uniform Resource Locators) have become more complex. The addition of languages like PHP and databases, which allow for more interactive pages, also require more input and therefore more complex addresses like:

"http://www.example.com/page.php?action=edit&page_id=59"

Black-hats, the bad guys, take advantage of this complexity to divert page contents, confuse the user, and trick browsers into opening malicious content.

Before you click that link in your browser or email, check where the link points. To verify the link, hover your pointer over the link and look in the status bar (the bottm frame in most browsers) to read the link. If its too long , most browsers will allow you to right-click (or CTRL+click) andd copy the link to memory and from there you can paste it into a text editor.

Here are a few pointers in decrypting the URL:

  • A question mark (?) indicates a query string of redirection.
  • Ampersands (&) separate data within a query.
  • If your link contains html tags like < script > you could be following a malicious link.