Sunday, January 21, 2007

Google hacks security vulnerabilities

Default Resources:
intitle:"Test Page for Apache"

Directory Listings :
intitle:"Index of" admin
return URLs that contain directory listings of /admin.

more queries that take advantage of directory listings:

intitle:"Index of" .htpasswd

intitle:"Index of" stats.html

intitle:"Index of" backup

intitle:"Index of" etc

intitle:"Index of" finance.xls

Error Messages:

"A syntax error has occurred" filetype:ihtml

"ORA-00921: unexpected end of SQL command"

Remote Services:

"VNC Desktop" inurl:5800

intitle:"Terminal Services Web Connection"

Google can also find administrative applications that allow users to configure systems remotely. For example, here is how to locate phpMyAdmin installations:

"phpMyAdmin" "running on" inurl:"main.php"

No comments: