Web Security Vulnerabilities Exposed by Google Searches (Google Hacking)

Google Hacking ExplainedGoogle Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets. Mostly this information includes configuration and source code files, sensitive data, database information, etc.

This technique makes use of the Google Search engine to search for specific information regarding an individual, a group of individuals or targets in general. This particular hacking technique makes use of advanced operators in the Google search engine in order to discover specific information or strings of text in the search results. The advanced search string could include the version of a vulnerable web application or a specific file-type (e.g. .pwd) in order to further restrict the search. The search can also be restricted to pages on one site or it can search for specific information blindly across all websites, giving a list of sites that contain the information.

For instance, the following search query intitle:index.of filetype:sql will list all the sql files available that have been indexed by Google, whereas inurl:”ViewerFrame?Mode=” will list all public cameras on the web.

Logical operators and symbols in Google Search

Google search allows the AND, NOT and OR logical operators and a variety of symbols such as ~, -, *. The logical operators are case sensitive. The following tables provide additional information on each of these.

Logical operator Description Example
AND The AND operator can be used in cases in which more than one keyword should be included in a single search query. All the keywords need to be found in the results returned. web AND application AND security
NOT The NOT operator can be used to exclude some keywords from the search results. The minus symbol (-) can be used instead as well. web application NOT security
OR The OR operator can be used to include pages where either one keyword or another keyword or both keywords are found on the page. The pipe symbol (|) can be used instead as well. web application OR security
Symbols Description Examples
“~” The tilde is used to include synonyms and similar words in the search. web application ~security . Returns pages talking about security topics such as Firewalls too.
Double quotes are used to search for a particular phrase, error message, string, etc. “Acunetix WVS”
“.” The period can be used as a single-character wildcard. Acunetix .VS
“*” The asterisk can be used as a single-word wildcard, which represents one or more words. * web vulnerability scanner

Advanced Google operators

The advanced Google operators assist the user in refining search results further. The syntax of advanced operators is as follows:

operator:search_string_text

The syntax consists of three parts, the operator, the colon (:) and the desired keyword to be searched. All three parts are considered one long string with no spaces between them.

Google search identifies the above pattern and restricts the search using the information provided. For instance, using the previously mentioned search query, intitle:index.of filetype:sql, Google will search for the string ‘index.of’ in the title of a website and will restrict the search to sql files that have been indexed by Google.

Below is a table which lists some of advanced operators that can be used to find vulnerable websites.

Operator Description Example
site: This operator instructs Google to limit the search query to a specific domain or web site. site:acunetix.com
filetype: This operator instructs Google to restrict the search to text found in a specific file type. password filetype:sql
link: This operator will search for pages that link to the requested URL. Moreover, this operator will tell Google to search for a search string within hyperlinks. link:www.acunetix.com
cache: This operator instructs Google to search and display a version of a desired web page as it was shown when Google crawled/indexed it. cache:testphp.vulnweb.com
intitle: This operator is used when searching of a string text within the title of a page. intitle:index.of
inurl: This operator will tell Google to run the search within the given URI. inurl:passwords.txt

As we have seen, the different operators in Google search allow someone to restrict the search results to specific content, or quickly find new web targets on the web. This is a great tool for hackers who are always on the lookout for insecure and vulnerable web applications on the web.

Acunetix WVS and GHDB

The Google Hacking Database (GHDB) contains various search queries that can be used to retrieve or identify sensitive data. Specifically, it contains a long list of queries that are used to find vulnerable websites with insecure configurations, sensitive data, databases, etc.

Acunetix WVS, among other security vulnerability checks, makes use of the GHDB data to discover if the target website is exposed to this kind of hacking technique. It uses Google hacking search queries such as ‘intitle:’ to execute and discover any information available. Acunetix WVS simulates the behavior of a real attacker that uses this specific hacking technique. Acunetix WVS raises alerts for any pages which are discovered to match search queries found in the GHDB. The alert will show the GHDB message along with the search query and the information that is exposed. This way the user can understand which information can be detected by real hackers and can take any measures to hide or protect it.

During the crawling phase Acunetix WVS will execute the GHDB search queries on each crawled pages and will generate GHDB alerts when a match is found.

GHDB Alert

The above screenshot shows an instance where Acunetix WVS discovered a sensitive file using the GHDB scan. A user can use the search query shown in Google to find the specific phpinfo file on the site. Moreover, Acunetix returns the GHDB category for the specific information. In this particular case, the search string is categorized as “Files containing juicy info”.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross-Site Scripting and other vulnerabilities. The scanner checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. Detailed reports resulting from the scan identify where vulnerabilities exist. The Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

About Acunetix

Acunetix is a market leader in web application security technology, founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Acunetix customers include the US Army, US Airforce, AT&T, KPMG, Telstra, Fujitsu, and Adidas. For more information please visit www.acunetix.com.

References:

http://www.informit.com/articles/article.aspx?p=170880
http://www.wired.com/threatlevel/2013/05/nsa-manual-on-hacking-internet/
http://www.acunetix.com/websitesecurity/google-hacking/
http://en.wikipedia.org/wiki/Google_hacking
http://resources.infosecinstitute.com/google-hacking-the-hidden-face-of-google-2/

Share this post

Leave a Reply

Your email address will not be published.