Built with 
Free Website
Sign In
HomeBrave Tech WorldAbout SiteMarcelo CalbucciMy Videos

Brave Tech World

Week 44
SMTWTFS
45678910

November 9, 2006


THU
9
NOV
2006

AOL Search code exposed.

By Marcelo

 

    It is not always that you find a major website built by serious developers exposing an ugly call stackOpen in a new window to their users. But AOL did it for me:

 

javax.servlet.ServletException: TEA: Length of String s is not a multiple of 8.
com.aol.search.mvc.DecryptQueryServletFilter.doFilter(DecryptQueryServletFilter.java:112)
com.aol.search.mvc.TestbedServletFilter.doFilter(TestbedServletFilter.java:104)
com.aol.search.mvc.UserAgentBlockFilter.doFilter(UserAgentBlockFilter.java:218)
com.aol.search.msrp.filters.RequestIDOverrideFilter.doFilterInternal(RequestIDOverrideFilter.java:82)
com.aol.search.gsp.filters.AbstractConfiguredServletFilter.doFilter(AbstractConfiguredServletFilter.java:160)
com.aol.search.mvc.LoggingServletFilterBase.doFilter(LoggingServletFilterBase.java:94)
com.aol.search.gsp.filters.LogonTimestampServletFilter.doFilter(LogonTimestampServletFilter.java:94)
com.aol.search.mvc.UserInfoRedirectFilter.doFilter(UserInfoRedirectFilter.java:242)

    All that I did was to change the "encquery" parameter to a normal string. I wanted to see what type of encoding they were using. Apparently the do some cryptography because the function was called "DecryptQueryServletFilter". Why the heck would they cryptograph this value?

 

    How are websites owners supposed to know what people are looking for on their site if the referer is an encrypted string. If Google had done that from day 1, AdSense and SEO would not exist today.

 

 

 

 

1:10 PM | Permalink | no comments


Comments for "AOL Search code exposed."

No comments posted.
Recent Entries
Monthly Archive
Similar Content
Powered by Google



Sidebar 1
Sidebar 2

Copyright © 2008 Marcelo Calbucci. All rights reserved.    Subscribe to this Site