BreachExchange mailing list archives
Mass website hacking tool alerts to dangers of Google dorks
From: Lee J <lee () riskbasedsecurity com>
Date: Wed, 6 Nov 2013 13:10:55 +1100
http://www.scmagazine.com//mass-website-hacking-tool-alerts-to-dangers-of-google-dorks/article/319672/ Google dorks are not geeks who love the internet-related services and products provider. Google dorks are akin to super-specific searches, which attackers have been known to take advantage of in attempts to expose vulnerable websites. Cyber crime researcher Dancho Danchev recently blogged about a mass, do-it-yourself (DIY) website-hacking tool making the rounds that takes advantage of those Google dorks. “The proxy supporting tool has been purposely designed to allow automatic mass websites reconnaissance for the purpose of launching SQL injection attacks against those websites that are vulnerable,” Danchev wrote. SQL stands for structured query language and is programming terminology designed for managing data. SQL injection typically involves an attacker inputting SQL statements into an entry field that will force the system to execute potentially malicious commands. “Once a compromise takes place, the attacker is in a perfect position to inject malicious scripts on the affected sites, potentially exposing their users to malicious client-side exploits serving attacks,” according to Danchev. Danchev wrote that an escalating number of DIY tools circulating the internet may open the door for novice attackers, but Barry Shteiman, director of security strategy with Imperva, told SCMagazine.com on Tuesday that it is the Google dorks that should be raising alarms. “The reason Google dorks have gotten so popular is because they create the threat landscape of finding targets,” Shteiman said, explaining that he regularly uses Google dorks in his research to see the scale of a particular issue. “If I know of an exploit, Google will find those targets.” The problem is that people want Google to index their websites so it can be found in a regular search, Shteiman said. He explained that website owners can, and should, mask things about their sites by removing certain tags and not letting the public know what kinds of systems run under the hood. “It's a huge a problem,” Shteiman said. “I believe that most hackers use these techniques because they are looking for easy money. Why would I go into a website and start digging when I can do it the other way around. You're reversing the wheel and making your life very easy.” Shteiman most recently took advantage of Google dorks when researching an exploit in certain versions of vBulletin. He discovered that 35,000 websites using the proprietary internet message board software were vulnerable to a flaw that allowed hackers to create new admin accounts.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Mass website hacking tool alerts to dangers of Google dorks Lee J (Nov 07)