How Hackers Use Google to Find Targets
Google hacks often make a glimpse on Slashdot, Digg, or StumbleUpon and some web admins know what to do when some don’t even have a clue. Well, here we quote some of the hacks which are commonly known.
You can try these out to check the security of your website or if you are looking forward to hack a site:
“My SQL error With Query”
This will get you specific query strings with specifics of the site’s database, for instance column, row and table name. Let’s see if some one is dumb enough to put his password and username in the query strings.
“supplied argument is not a valid MySQL result resource”
Another interesting SQL error which, sometimes, even pops out the architecture of server and the locality of sensitive files. For instance if you get this “/users/cwq00/base/web/system/dbwrappers/db.mysql_db.php on line 114″, you know what to do, right?
inurl:awstats file:txt
Webmasters use Awstats as utility for data importing. And some of them are foolish enough to keep a text copy so that you can find out about their traffic more than they would like you to know.
“This summary was generated by wwwstat”
Above is another great example of stat finder. But this one really comes handy on intranet system and associated servers.
buddylist.blt
You certainly don’t want someone to find about your buddy list on AOL, right? It must be very old though and it’s out of imagination why I still find these buddy lists.
And when the title starts like this “Config {version 1}”, you know you have one lying in there.
intitle:phpinfo “PHP Version”
The information it provides is not an evil thing, because one can easily get his hands on info like this from Netscape. Still, information that pops up is cool. Moreover, the function “the phpinfo()”, is there to dump info like this. But with combo of other methods this could be dangerous in hands of the attacker.
“phpMyAdmin” “running on” inurl:”main.php”
Hey it’s evil to give someone so much fuss to intrude in your site so why don’t we leave our administrator panel open for every body? Sounds great, huh?
“your password is” filetype:log
OMG a few real hits on IRC chat logs. For heavens sake!
ext:inc “pwd=” “UID=”
At this you will get the kind of best hits, connection strings of database. Database details, User ID’s and passwords so, don’t miss out and get your hands on them while they are blazing hot!
Hey if you do these things with high frequency, you might get Google’s nose suspicious and then you won’t able to do anything again. Moreover, while ‘Googleing’, you may have to search the pages thoroughly or all you will see on the top are some forums reflecting discussions about this error.
You might also like
 |
 |
 |
 |
Comments
No comments yet.