| |
wefancyu
Senior Googler
Joined: 23 Oct 2004
Location: UK
2436.35 GC$
Items
|
 Posted: Fri Nov 19, 2004 12:33 pm Post subject: Google: A Hacker's Best Friend |
 |
|
|
I found this quite interesting, never try to "hack" yet but it does help you understand more about google and security....at least i think so...
| Quote: |
Google: A Hacker's Best Friend
In the last few years a number of news articles appeared that warned of the fact that hackers (or
crackers if you will) make use of the google search engine to gain access to files they shouldn't be
allowed to see or have access to. This knowledge is nothing new to some people but personally I have
always wondered how exactly a thing like this works. VNUnet’s James Middleton wrote an article in
2001 talking about hackers using a special search string on google to find sensitive banking data:
"One such posting on a security newsgroup claimed that searching using the string 'Index of /
+banques +filetype:xls' eventually turned up sensitive Excel spreadsheets from French banks. The
same technique could also be used to find password files"[1]
Another article that appeared on wired.com told us how Adrian Lamo, a hacker who made the news
often the last couple of years, explained that google could be used to gain access to websites of big
corporations.
“For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro
database interface -- into Google recently yielded about 200 links, almost all of which led to FileMaker
databases accessible online.”[2]
These articles kept on coming up in the online news. U.S. Military and Government websites were
vulnerable because admin scripts could be found using google, medical files, personal records,
everything suddenly seemed just one google search away. But these articles seemed to show up once
every half year and always talked about it as if it was something new. Another thing was, the articles
never explained how one would actually go about doing this. Almost never an example of a search
string was given. The last time I read one of these articles I decided it was time to find out for myself,
whether google actually could do all they say it can. The following is a report of my findings and a
description of some techniques and search strings one could use.
Andy edit: Please shorten the quote used and provide a link back the original one, thanks! =) |
http://info-x.co.uk/docview.asp?id=91
_________________
http://www.zskin.com
http://www.justadial.com
http://www.justadial.net |
|
| Back to top |
|
|
Arisna
Senior Googler
Joined: 20 Jun 2004
3362.45 GC$
Items
|
| Posted: Mon Nov 22, 2004 2:21 pm Post subject: |
|
|
|
| Frankly, this is the fault of webmasters who don't permission/protect files correctly, perhaps even more so than that of the hackers who pull this stuff. |
|
| Back to top |
|
|
wefancyu
Senior Googler
Joined: 23 Oct 2004
Location: UK
2436.35 GC$
Items
|
|
| Back to top |
|
|
Sponsored Links
|
| Posted: 5 Dec 2008 3:51 am Post subject: Advertisements |
|
|
|
|
|
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Host your free forums with Invision Plus.net forum web hosting with your own subdomain.
alexisBlue v1.2 // Theme Created By: Andrew Charron // Icons in Part By: Travis Carden |
|
|
|
|
