Google can be a huge asset for both white-hat and black-hat hackers - with some carefully crafted queries we can help identify various security issues with a website.
I have outlined some of the common ones below.
Identifying publically accessable directory lsitings:
site:website.com intitle:index.of
Identifying configuration files:
site:website.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini
Database files exposed:
site:website.com ext:sql | ext:dbf | ext:mdb
Log files exposed:
site:website.com ext:log
Backups and old files:
site:website.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
Login pages:
site:website.com inurl:login
SQL errors:
site:website.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
Publicly exposed documents:
site:website.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
PHP configuration:
site:website.com ext:php intitle:phpinfo "published by the PHP Group"
No comments:
Post a Comment