Mass website hacking tool alerts to dangers of Google dorks

[Lee J <lee () riskbasedsecurity com>]

http://www.scmagazine.com//mass-website-hacking-tool-alerts-to-dangers-of-google-dorks/article/319672/

Google dorks are not geeks who love the internet-related services and
products provider. Google dorks are akin to super-specific searches, which
attackers have been known to take advantage of in attempts to expose
vulnerable websites.

Cyber crime researcher Dancho Danchev recently blogged about a mass,
do-it-yourself (DIY) website-hacking tool making the rounds that takes
advantage of those Google dorks.

“The proxy supporting tool has been purposely designed to allow automatic
mass websites reconnaissance for the purpose of launching SQL injection
attacks against those websites that are vulnerable,” Danchev wrote.

SQL stands for structured query language and is programming terminology
designed for managing data. SQL injection typically involves an attacker
inputting SQL statements into an entry field that will force the system to
execute potentially malicious commands.

“Once a compromise takes place, the attacker is in a perfect position to
inject malicious scripts on the affected sites, potentially exposing their
users to malicious client-side exploits serving attacks,” according to
Danchev.

Danchev wrote that an escalating number of DIY tools circulating the
internet may open the door for novice attackers, but Barry Shteiman,
director of security strategy with Imperva, told SCMagazine.com on Tuesday
that it is the Google dorks that should be raising alarms.

“The reason Google dorks have gotten so popular is because they create the
threat landscape of finding targets,” Shteiman said, explaining that he
regularly uses Google dorks in his research to see the scale of a
particular issue. “If I know of an exploit, Google will find those targets.”

The problem is that people want Google to index their websites so it can be
found in a regular search, Shteiman said. He explained that website owners
can, and should, mask things about their sites by removing certain tags and
not letting the public know what kinds of systems run under the hood.

“It's a huge a problem,” Shteiman said. “I believe that most hackers use
these techniques because they are looking for easy money. Why would I go
into a website and start digging when I can do it the other way around.
You're reversing the wheel and making your life very easy.”

Shteiman most recently took advantage of Google dorks when researching an
exploit in certain versions of vBulletin. He discovered that 35,000
websites using the proprietary internet message board software were
vulnerable to a flaw that allowed hackers to create new admin accounts.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.