Friday, July 27, 2007

Get inbound links using XSS

We’ve known for a while that certain search engines will index XSS generated links, possibly improving Page Rank. Though real examples have been relatively limited, however XSS News has some very interesting results from their experiments. Have a look.


Anonymous said...

Pretty known now adays actually. As a matter of fact I did the same experiment 5 years ago :)

- Robert

Anonymous said...

Sorry forgot to point out this sort of thing is widely spoken about in the blackhat SEO world.

Jeremiah Grossman said...

That was sorta my point, the black hats know about it, but not so much anyone else.... the majority. Like the ones who sites are getting used for piggy backing.

Drew Hintz said...

I disagree. I think the experiment does not show that XSS can be used for SEO in this way. Some search engines may very well ignore or discount URLs that appear to contain HTML anchor tags.

A more relevant experiment could be done using an actual link injected via XSS that points at an un-indexed page.

I don't doubt at all that some search engines will include XSS-injected links. However I'd be surprised if the modern-day Google and MSN did not have countermeasures in place.

-- Drew

Jeremiah Grossman said...

Hi Drew, good point, that why said "possibly improving Page Rank" cause that piece of data is inconclusive from what I've seen. But I'm sure the Black Hat SEO guys can answer that right quick otherwise I doubt they'd waste the time.