11
2.7 Google Dork and Finding SQL Vulnerable
Searching something in Google without knowing exactly the right keyword will
cause a
big problem. Sometime the words we choose become ambiguous to Google to perceive,
and the result goggle will give us wrong website. To prevent this thing to happen Google
already
provides
a
Function
code
call
Google
dork.
The
function
of
goggle
dork
is
to
give us the formula of what, where, and how you want to find or in other word giving us
more
complex
option
in
searching
and
making
the
result
closer
to
what
we
want.
For
example
inurl
:Kaskus
the
result
giving
all
of
the
kaskus
title
in
all
website
title.
As
long as we know the pattern, everything
is possible.
But this
is recently
misused by
irresponsible people. These people use Google function code to search for`dork
vulnerabilities
in
a
website
and
hack
the
site
based
on
some
pattern.
As
long
as
they
know the pattern, a website could be hacked easily.
So
Google
hacking is the use of a
search engine, such as Google, to locate a security vulnerability.
There are generally two types of vulnerabilities
to
be
found
on
the
Web:
software
vulnerabilities
and
miss
configurations.
The
vast
majority
of
intruders
start
out
with
a
specific software vulnerability or
common
user
miss-configuration
that
they
already
know how to exploit, and simply try to find or scan for systems that have this
vulnerability.
Google
is of
limited
use
to the
first attacker, but
invaluable
to
the second. When an attacker knew the vulnerability he wants to exploit but has no
specific target,
he employs a scanner.
A
scanner
is a program that automates the process
of examining a massive quantity of systems for a security flaw.
 |