RE: 403 - Forbidden Google Error

["Debasis Mohanty" <mail () hackingspirits com>]

As Google has done this to stop worms attacking vulnerable sites but
probably it has missed out many other filters which can be used by the
worms. 

For example: 
Sanity Worm exploits a flaw in a file called viewtopic.php that allows an
SQL injection exploit. This worm defaces the web site with the phrase "This
site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites
to attack, apparently using Google to locate the target viewtopic.php files.

If you search for inurl:"viewtopic.php" , google will drop such requests and
return back 403 - Forbidden Error but if at the same time a search request
is made for 
"view" + "topic" + ".php"
Or
Viewtopic.php 

Google returns the search result without any drop. 

There are many such ways where existing worms can modified to make use of
various combinations of Google filters to evade any drops. 

I am still working on it. If anyone interested to work on such evasions can
mail me. 


Regards, 
Debasis Mohanty
www.hackingspirits.com 


-----Original Message-----
From: full-disclosure-bounces () lists netsys com
[mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Debasis
Mohanty
Sent: Monday, February 21, 2005 12:17 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] 403 - Forbidden Google Error

Try this and check what google says: 

Search for
inurl:".php" (with quotes)

or 

Click on the following link: 
http://www.google.co.in/search?hl=en&as_qdr=all&q=inurl%3A+%22.php%22&btnG=S
earch&meta=


Regards,
Debasis Mohanty
www.hackingspirits.com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html