Cabitaş Mühendislik Tic. Ltd. Şti.

What are Google Advanced Search and Tips- 3

  • 29.10.2020

We mentioned the operators of Google advanced searches in our previous articles. These operators allowed us to filter the large search results to reach the results we wanted, and they offered opportunities to access the results faster. However, this situation may cause some security vulnerabilities in sites with configuration problems.


google advanced search


Google constantly visits websites via bots in order to create content for the search engine. It collects data about the sites it visits and adds it to the database. It then indexes this data with its own special algorithms, allowing the sites to rank. During all these operations, it can add pages and files that may create security vulnerabilities on behalf of websites to these indexes. In order to prevent this situation, we should inform search engines how to behave when visiting our site and which files they can and cannot access with the robot.txt file. Otherwise, you may lead to malicious use by indexing the pages that should not be accessed. For example, you can make field permission checks over the robot.txt file using the following use.


User-agent: Googlebot

Disallow: /admin

Disallow: /cgi-bin

Disallow: /login

Disallow: /account

Disallow: /users/replies

Allow: /* .js*

Allow: /* .css*


Since the sites that are not configured properly are indexed by Google, these vulnerabilities of the sites can be detected with the advanced search operators used to make higher quality searches and provide easy access to the desired results. With this concept called google hacking or google dorking, data can be collected from sites and used by malicious users. Parameters created to access some data using search operators are called dork. There are sites under the name of Google hacking database where you can examine these pattern parameters that may cause vulnerabilities to check the security of the sites or to see their deficiencies. For example, by examining the site below, you can protect the security of your own sites against google hacking attacks.

Exploit Database


Google Hacking Examples

Let's examine a few examples of dork used in these operations.

  • "insertinto" (pass|passwd|password) filetype:sql
  • filetype:sql intext:password | pass | passwd intext:username intext:INSERT INTO ‘users’ VALUES
  • intext:"şifre|parola" filetype:xls
  • intext:"tc kimlik no" filetype:xls
  • intext:admin ext:sql inurl:admin
With this kind of dork, there may be deficits about important information such as password and tc identification number on files with sql or xls extensions.


  • inurl:mail.txt filetype:txt
  • filetype:xls inurl:"email.xls"
Information on e-mail addresses can be found.


  • inurl:“id=“ & intext:"Warning: mysql_fetch_array() site:(Ülke kodu)
  • inurl:"id=" & intext:"Warning: mysql_result() site: (Ülke kodu)
  • inurl:"index.php?id=" intext:"Warning: mysql_num_rows()"
  • inurl:"id=*" & intext:"warning mysql_fetch_array()"
Sites with mysql errors can be detected.


  • allintext:username filetype:log
Log files can be accessed.


  • intitle:"index of" inurl:ftp
Ftp servers can be found.


  • intitle:"webcam" inurl:login
  • intitle:"WEBCAM 7 " -inurl:/admin.html
Cameras without IP restrictions can be accessed.


There are many more dork like these. By examining them through systems such as Google Hacking Database (GHDB), you can check your own sites on search engines and detect if you have vulnerabilities and take action.

Cabitaş Ekibi Profile Picture
Cabitaş Ekibi

Bu çalışkan ve yaratıcı ekip, yenilikçi ve özgün fikirleriyle müşterilerimize en iyi hizmeti sunmak için arı gibi çalışır.


This hardworking and creative team works tirelessly to provide our customers with the best service using their innovative and original ideas.

What are Google Advanced Search and Tips- 3

Download link sent to your email address

This website uses cookies to improve your user experience.