Drucksache: Entwickler Magazin 4.2013 - Google Hacking
Im Entwickler Magazin 4.2013 ist ein Artikel über das "Google Hacking" erschienen: Die Nutzung von Google und anderen Suchmaschinen zur Suche nach allem Möglichen, das eigentlich nicht gefunden werden sollte: Webanwendungen mit Schwachstellen, Schwachstellen in Webanwendungen, Hardware, Software, ...
Als Ergänzung hier noch eine interessante Suchanfrage für Github, die
Georgi Guninski in der vorigen Woche auf der Mailingliste Full-Disclosure
veröffentlicht
hat: Mit der Anfrage
extension:php mysql_query $_GET
finden Sie viele potentielle SQL-Injection-Schwachstellen in PHP-Skripten.
Potentielle wohlgemerkt, denn es sind auch viele harmlose Skripte dabei.
Und hier noch die Links und Literaturverweise aus dem Artikel:
- [1] Google Hacking Database (GHDB) von Johnny Long
- [2] Google Hacking Database (GHDB) der Exploit DB
- [3] Internet Archive Wayback Machine
- [4] GHDB:
"Powered By Dew-NewPHPLinks v.2.1b"
- [5] GHDB:
"Welcome to the CyberGuard unit!"
- [6] GHDB:
¦¦Powered by [ClipBucket 2.0.91]
- [7] GHDB:
intitle:"HtmlAnvView:D7B039C1"
- [8] GHDB:
intext:"~~Joomla1.txt" title:"Index of /"
- [9] GHDB:
intitle:awen intitle:asp.net
- [10] Carsten Eilers: "BackTrack, BOSS & Co.", Entwickler Magazin 6.2011
- [11] GHDB:
inurl:"tiki-index.php" filetype:php "This is TikiWiki 1.9"
- [12] Exploit DB
- [13] GHDB:
"Unable to jump to row" "on MySQL result index" "on line"
- [14] GHDB:
"Warning:" "failed to open stream: HTTP request failed" "on line"
- [15] GHDB:
"Warning: Supplied argument is not a valid File-Handle resource in"
- [16] GHDB:
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help –forum
- [17] Google Project Hosting
- [18] GrepCode
- [19] Ohloh Code Search
- [20] Krugle Open Search
- [21] searchcode ¦ source code search engine
- [22] Carsten Eilers: "Kommentare zu Java, SQL Slammer und GitHub-Geheimnissen"
- [23] GHDB:
intitle:"SpeedStream * Management Interface"
- [24] GHDB:
intitle:"Setup Home" "You will need * log in before * * change * settings"
- [25] GHDB:
"Welcome to the CyberGuard unit!"
- [26] GHDB:
intitle:"hp laserjet" inurl:info_configuration.htm
- [27] GHDB:
allintitle:"SyncThru Web Service"
- [28] GHDB:
"display printer status" intitle:"Home"
- [29] GHDB:
intitle:"EvoCam" inurl:"webcam.html"
- [30] GHDB:
allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR 2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43 "Network Camera"
- [31] GHDB:
inurl:/control/userimage.html
- [32] GHDB:
inurl:cgi-bin/guestimage.html
- [33] Shodan
- [34] GHDB:
inurl:admin inurl:userlist
- [35] GHDB:
intext:webalizer intext:"total usernames" intext:"Usage Statistics for"
- [36] GHDB:
filetype:log username putty
- [37] GHDB:
filetype:reg reg HKEY_CURRENT_USER username
- [38] GHDB:
intitle:"Index of" .bash_history
- [39] GHDB:
"your password is" filetype:log
- [40] GHDB:
"admin account info" filetype:log
- [41] GHDB:
filetype:cfg "radius" (pass¦passwd¦password)
- [42] GHDB:
filetype:sql "insert into" (pass¦passwd¦password)
- [43] GHDB:
filetype:sql "MySQL dump" (pass¦password¦passwd¦pwd)
- [44] GHDB:
filetype:sql "PostgreSQL database dump" (pass¦password¦passwd¦pwd)
- [45] GHDB:
filetype:sql inurl:wp-content/backup-*
- [46] The Web Robots Pages: About /robots.txt
- [47] Google Developers: "Robots meta tag and X-Robots-Tag HTTP header specifications"
- [48] Francis Brown, Rob Ragan: "Pulp Google Hacking - The Next Generation Search Engine Hacking Arsenal", Black Hat USA 2011 (PDF)
- [49] Stach & Liu: Google Hacking Diggity Project
Trackbacks