[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0502271422370.14835@afybt.areqp.hsy.rqh>
Date: Sun, 27 Feb 2005 14:26:10 -0500 (EST)
From: Jordan Wiens <numatrix@....edu>
To: Josh Zlatin-Amishav <josh@...s.co.il>
Cc: bugtraq@...urityfocus.com, pen-test@...urityfocus.com
Subject: Re: Google Getting (even) smarter
Besides case, it also looks like they're using a unicode preprocessor on
the filter too. You used to be able to evade it by "inurl%3Aviewt%6fpic",
for example, (in the url, not the browser; the browser will escape the %)
but now they've fixed that as well.
--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061
On Sun, 27 Feb 2005, Josh Zlatin-Amishav wrote:
> Google has now broadened their filter range. A simple inurl:viewtopic
> gets blocked too with the imfamous message:
>
> ===================================================
>
> We're sorry...
> ... but we can't process your request right now. A
> computer virus or spyware application is sending us
> automated requests, and it appears that your computer
> or network has been infected.
>
> We'll restore your access as quickly as possible, so
> try again soon. In the meantime, you might want to run
> a virus checker or spyware remover to make sure that
> your computer is free of viruses and other spurious
> software.
>
> We apologize for the inconvenience, and hope we'll see
> you again on Google.
>
> ==================================================
>
>
> Notice that there is no mention of php in the query. This is probably in
> response to the recent PhpBB path disclosure vulnerability.
>
> Note: In the old days one could circumvent the php filter by changing
> case (i.e. pHp) but that no longer works. You can still circumvent the
> google filter by using a smarter query like some intext or a different
> inurl phrase.
>
>
Powered by blists - more mailing lists