A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework.
So with a simple modification in the URL you get a Open Redirect attack:
https://touch.www.linkedin.com////www.google.com/%2e%2e
http://developer.yahoo.com////www.google.com/%2e%2e
http://publish.yahoo.com//www.google.com/%2e%2e
Both Yahoo! attacks are still open to attack and working in Firefox and Opera browsers.
I found out that many other sites are vulnerable to this attack including MySpace. Just searching on the official ExpressJS site you can get a list of big companies and start-ups vulnerable to this attack – http://expressjs.com/resources/applications.html
This is a easy fix – just update your Express Framework and you’re done!
They All Fixed it ! 😀 not working now !