We mentioned the operators of Google advanced searches in our previous articles. These operators allowed us to filter the large search results to reach the results we wanted, and they offered opportunities to access the results faster. However, this situation may cause some security vulnerabilities in sites with configuration problems.
Google constantly visits websites via bots in order to create content for the search engine. It collects data about the sites it visits and adds it to the database. It then indexes this data with its own special algorithms, allowing the sites to rank. During all these operations, it can add pages and files that may create security vulnerabilities on behalf of websites to these indexes. In order to prevent this situation, we should inform search engines how to behave when visiting our site and which files they can and cannot access with the robot.txt file. Otherwise, you may lead to malicious use by indexing the pages that should not be accessed. For example, you can make field permission checks over the robot.txt file using the following use.
Allow: /* .js*
Allow: /* .css*
Since the sites that are not configured properly are indexed by Google, these vulnerabilities of the sites can be detected with the advanced search operators used to make higher quality searches and provide easy access to the desired results. With this concept called google hacking or google dorking, data can be collected from sites and used by malicious users. Parameters created to access some data using search operators are called dork. There are sites under the name of Google hacking database where you can examine these pattern parameters that may cause vulnerabilities to check the security of the sites or to see their deficiencies. For example, by examining the site below, you can protect the security of your own sites against google hacking attacks.
Google Hacking Examples
Let's examine a few examples of dork used in these operations.
- "insertinto" (pass|passwd|password) filetype:sql
- filetype:sql intext:password | pass | passwd intext:username intext:INSERT INTO ‘users’ VALUES
- intext:"şifre|parola" filetype:xls
- intext:"tc kimlik no" filetype:xls
- intext:admin ext:sql inurl:admin
- inurl:mail.txt filetype:txt
- filetype:xls inurl:"email.xls"
- inurl:“id=“ & intext:"Warning: mysql_fetch_array() site:(Ülke kodu)
- inurl:"id=" & intext:"Warning: mysql_result() site: (Ülke kodu)
- inurl:"index.php?id=" intext:"Warning: mysql_num_rows()"
- inurl:"id=*" & intext:"warning mysql_fetch_array()"
- allintext:username filetype:log
- intitle:"index of" inurl:ftp
- intitle:"webcam" inurl:login
- intitle:"WEBCAM 7 " -inurl:/admin.html
There are many more dork like these. By examining them through systems such as Google Hacking Database (GHDB), you can check your own sites on search engines and detect if you have vulnerabilities and take action.