MSN.com Redirect Scan

by StankDawg  (StankDawg@hotmail.com)

If you visit MSN.com (which you may do, as it is the default home page in a lot of circumstances) you may notice that the page may be customized based on your settings.

  For example, a Dell system sometimes defaults to the homepage: DellNet by MSN which uses a custom module in the MSN system to deliver Dell information.  I found this both annoying, but at the same time, interesting.

After a little reverse engineering, I discovered that you can either go to these sites directly, or you can be redirected to these sites from: go.msn.com by using the proper URL parameters.  It turns out that it redirects to a specific page customized to a specific company or group based on the parameters passed via the URL.

For example, not only can you type in the direct DellNet address listed above, but you can also use the redirected go.msn.com address listed below to get to the same place.  I decided to hammer through some patterns and see what other sites offer custom services.

The results are listed below:

URL                           Company/Site
http://go.msn.com/0/0/1.asp   Microsoft - IE5.5 SP1 download (redirects to an apology page) 
http://go.msn.com/0/0/2.asp   Dell 
http://go.msn.com/0/1/0.asp   Dell - "ebar" (error page, apparently this no longer exists)
http://go.msn.com/0/1/1.asp   Microsoft - Hotmail 
http://go.msn.com/0/1/2.asp   Dell 
http://go.msn.com/0/3/1.asp   Dell 
http://go.msn.com/0/3/2.asp   MSN - MSN Member 
http://go.msn.com/0/3/3.asp   MSN - Canadian version
http://go.msn.com/0/3/4.asp   MSN - My MSN (customized page)
http://go.msn.com/0/3/5.asp   Best Buy 
http://go.msn.com/0/3/6.asp   Charter Communications - Broadband ISP Home Page
http://go.msn.com/0/3/7.asp   Dell
http://go.msn.com/0/3/8.asp   Disney 
http://go.msn.com/0/3/9.asp   Best Buy
http://go.msn.com/0/3/10.asp  Charter Communications - Broadband ISP Home Page 
http://go.msn.com/0/3/11.asp  Dell 
http://go.msn.com/0/3/12.asp  Disney
http://go.msn.com/0/3/13.asp  MSN - MSN Member 
http://go.msn.com/0/3/14.asp  Qwest 
http://go.msn.com/0/3/15.asp  Staples
http://go.msn.com/0/3/16.asp  Verizon 
http://go.msn.com/0/3/17.asp  Qwest
http://go.msn.com/0/3/18.asp  Staples 
http://go.msn.com/0/3/19.asp  United Airlines 
http://go.msn.com/0/3/20.asp  Verizon 
http://go.msn.com/0/5/1.asp   Verizon - Direct Link to MSN Groups 
http://go.msn.com/0/6/1.asp   Verizon - Direct Link to MSN Shopping 
http://go.msn.com/0/7/1.asp   Verizon - Direct Link to MSN Money Central
http://go.msn.com/0/8/1.asp   Verizon - Direct Link to My MSN (customized page)

This was done manually during a training session, where I sat in the back of the class unchallenged and bored to tears.

I only went through some limited ranges in my testing.  It could easily be scripted to check for a larger series of numbers.  A couple of them seemed interesting, such as the "ebar" page.

Maybe there are some other software download pages that could be interesting.  Maybe there are ways to login or access customized systems that weren't intended for public consumption.  Just think of how many other sites may be out there on the web that may work the same way.  See what others you can find!

Return to $2600 Index