lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: 403 - Forbidden Google Error

As Google has done this to stop worms attacking vulnerable sites but
probably it has missed out many other filters which can be used by the
worms. 

For example: 
Sanity Worm exploits a flaw in a file called viewtopic.php that allows an
SQL injection exploit. This worm defaces the web site with the phrase "This
site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites
to attack, apparently using Google to locate the target viewtopic.php files.

If you search for inurl:"viewtopic.php" , google will drop such requests and
return back 403 - Forbidden Error but if at the same time a search request
is made for 
"view" + "topic" + ".php"
Or
Viewtopic.php 

Google returns the search result without any drop. 

There are many such ways where existing worms can modified to make use of
various combinations of Google filters to evade any drops. 

I am still working on it. If anyone interested to work on such evasions can
mail me. 


Regards, 
Debasis Mohanty
www.hackingspirits.com 


-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Debasis
Mohanty
Sent: Monday, February 21, 2005 12:17 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] 403 - Forbidden Google Error

Try this and check what google says: 

Search for
inurl:".php" (with quotes)

or 

Click on the following link: 
http://www.google.co.in/search?hl=en&as_qdr=all&q=inurl%3A+%22.php%22&btnG=S
earch&meta=


Regards,
Debasis Mohanty
www.hackingspirits.com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ