Penetration Testing mailing list archives
Website search engine is a hacking tool..
From: Amal Mohammad Al Hajeri <amal () nis etisalat ae>
Date: Mon, 19 Jul 2004 08:06:21 +0400
Hi List, Did you ever thought of the website search engine as a hacking tool? During one of the pen-tests, The website search engine, was a valuable tool to discover interesting directories within the website itself, these directories were not detected by famous website scanners like nikto or SPI dynamics,i managed to get documentation pages about the API application implemented, management login pages, backup files and much more. I leave it to your imagination to search for words like: password,login,oracle,database,administrator, backup...etc Best Regards, ----------------------------------- Amal M. Al-Hajeri E/Network & Information Security Etisalat
Current thread:
- Website search engine is a hacking tool.. Amal Mohammad Al Hajeri (Jul 21)
- Re: Website search engine is a hacking tool.. Gerry Eisenhaur (Jul 22)
- Re: Website search engine is a hacking tool.. Wojciech Pawlikowski (Jul 22)
- <Possible follow-ups>
- RE: Website search engine is a hacking tool.. Drew Copley (Jul 23)
- RE: Website search engine is a hacking tool.. Charles Gillman (Jul 28)
- RE: Website search engine is a hacking tool.. Amal Mohammad Al Hajeri (Jul 28)
- RE: Website search engine is a hacking tool.. Vinicius Moreira Mello (Jul 30)
- RE: Website search engine is a hacking tool.. Mark Curphey (Jul 30)
- RE: Website search engine is a hacking tool.. Charles Gillman (Jul 28)
- Re: Website search engine is a hacking tool.. c0ntex (Jul 28)