If you’re a user of LiveJournal, or receive any correspondence from someone associated with the site, you may be vulnerable to inadvertently clicking a link that appears to reside on the www.livejournal.com domain. The exploit involves a specific URL format that will redirect the victim to a site/file of the malicious user’s choosing. While the exploit itself is simple in nature, its effects could potentially be very harmful.

The exploit involves using part of a LiveJournal URL:
http://www.livejournal.com/misc/get_domain_session.bml?return=*insert your own URL here*

By entering any URL of your choosing at the end, you can creatively disguise a malicious site or even a “gag” link into the URL.

Exploited URL:
http://www.livejournal.com/misc/get_domain_session.bml?return=*insert your own URL here*

If you replace the *insert your own URL here* part with the URL of your choosing, you will see that by visiting the newly-formed URL, it will redirect to the site you entered.
Pretty crazy huh?

Here’s an example:
http://www.livejournal.com/misc/get_domain_session.bml?return=http://stateofidleness.com

While it looks like you’d be going to a page on the www.livejournal.com site, it would actually redirect you to my home page. There’s nothing stopping someone from placing a malicious website or even a link to a self-extracting zip file. Once the victim clicks the link, they might end up somewhere they don’t want to be, or find themselves downloading a file without even knowing it!

For what it’s worth, I’ve already let the LiveJournal team know and they are working on a fix as we speak! (their support is really outstanding!)

That’s my interesting find for the day!
Comments welcome.