Using google to attack on your personal web server

by on November 23, 2006 · 2 comments· Last updated November 23, 2006

According to this document Google can be utilized to attack on your personal web server.
Google can be utilized to hack into websites - actively exploiting them (not information gathering by the use of Google hacking, although that is how most of the sites vulnerable to RFI attacks are found).

By placing a URL on any web page, Google will find it, visit it and then index it. With this mechanism, it is possible to anonymize attacks on third party web sites through Google by the use of its crawler.

Read more at securiteam.com blog... (found via slashdot)

Solution is quite simple put a web server in chrooted jail :D Or use OpenBSD which runs Apache out of box in chrooted jail.



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 2 comments… read them below or add one }

1 Pirkia.lt admin February 2, 2008 at 10:21 pm

Some example hot to use Google to hack some websites, just for fun:

http://www.google.com/search?q=localhost+site%3A.com%2Fconfig.inc

Reply

2 dell October 17, 2009 at 3:40 am

That was great.. how can i get the ip add?

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 12 + 12 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.



Previous post:

Next post: