I decided to make a POC to the redirect service by corto.mx, it is a new service that offers url shortening like tinyurl and so on, but the redirect method was not succesfully implemented, which lead into the site compromising.

I was going to do a more "evil" script and take over every possible combination (just like a brute-force posting) but I think this is enough to proof the concept

http://www.corto.mx/mbyte

Zone-H Mirror

I wonder if they imported different labels in each country.