Google Dorks

Google Dorks
How much you are secure?

In this Lecture
• Google Dorks
• Types of Google Dorks
• SQL injection
• Types of SQL injection
• Defending against SQL injection
Google Dorks
• Google Dorks are nothing but simple
search operators that are used to
refine our search.
• A Google dork is an employee who

unknowingly exposes sensitive corporate
information on the Internet.
Google Hacking
What is Google hacking?
• Google hacking involves using advanced
operators in the google search engine to locate the
specific string of text with in search result.
• Google hacking doesn’t mean that we are going
to hack into the google website, it means we use
operators provided by google to narrow the search
results and to get the specific result as we want.
• Generally we call these operators as google dorks .
We use these dorks with the string that we want to
search.
Google hacks
• Access Secure Webpages
• Download E-books , Videos , Music and
movies for free
• Access Security Cameras
Google Dorks
• We have lot of dorks which we will discuss in this
lecture one by one.
• site
• inurl
• intitle
• allintitle
• allinurl
• filetype or ext
• allintext
• intext
Site
• site dork restricts the results to the
specified domain. We can use this
dork to find all the pages and
subdomains of the specified domain.
Example: site:yahoo.com
inurl
• inurl dork restricts the results to
site whose URL contains all the
specified phrase or word or string.
Example: inurl:admin
allinurl
• allinurl is same as inurl but with some
difference. It restricts results to sites
whose URL contains all the specified
phrases, but inurl can show sites which
contain only single word from the
phrase.
Example: allinurl: admin login

intitle
• intitle restricts results to documents
whose title contains the specified
phrase or word or string.
Example: intitle:engineering
allintitle
• allintitle is almost same as intitle with
little difference. it will restricts results to
document whose title containing all
the specified phrases or collection or
word.
Example: allintitle:engineering books
Intitle vs allintitle
filetype or ext
• It will show all the site which
contain document of the
specified type.
Example: filetype:pdf or ext:pdf
intext
• it will show all the result pages or sites
which contains the specified text or
phrase in the text of site.
Example: intext:hacking
allintext
• allintext is same as intext but it will show
that results which contain all the text
specified in the text of the page or site.
Example: allintext: software engineering

Vulnerable Files
Combining multiple dorks
site:gov inurl:adminlogin
Accessing unprotected camera
inurl:view/index.shtml
Files Containing Juicy Info
Google search: inurl:.com/configuration.php-dist
(Finds the configuration files of the PHP Database on
the server.)
Files Containing Juicy Passwords

Google search: filetype:xls “username | password”
(This search reveals usernames and/or passwords of
the xls documents.)
SQL INJECTION
In this Topic
o What are injection attacks?
o How SQL Injection Works
o Exploiting SQL Injection Bugs
o Mitigating SQL Injection
o Defending Injection Attacks
What is SQL Injection?
• SQL injection is a code injection technique that
exploits a security vulnerability occurring in
the database layer of an application.
• The vulnerability is present when user input is either
incorrectly filtered for string literal escape
characters embedded in SQL statements or user
input is not strongly typed.
• Cause a false positive query result from the
database and grant you access.
SQL Injection
1. App sends form to user. Attacker
Form
2. Attacker submits form with
SQL exploit data. User
3. Application builds string ‘ or 1=1--
with exploit data. Pass
4. Application sends SQL
query to DB.
5. DB executes query,
including exploit, sends Firewall
data back to application.
6. Application returns data to
user.
DB Server
Web Server
SQL Injection Attack
Unauthorized Access Attempt:
password = ’ or 1=1 -- ( 'OR''=‘ )
SQL statement becomes:

select count(*) from users where username = ‘user’
and password = ‘’ or 1=1 --
Checks if password is empty OR 1=1, which is
always true, permitting access.
Injecting into SELECT
Most common SQL entry point.

SELECT columns
FROM table
WHERE expression
ORDER BY expression
Places where user input is inserted:

WHERE expression
ORDER BY expression
Table or column names
Injecting into INSERT
Creates a new data row in a table.

INSERT INTO table (col1, col2, ...)
VALUES (val1, val2, ...)
Requirements
Number of values must match # columns.
Types of values must match column types.
Technique: add values until no error.
foo’)--
foo’, 1)--
foo’, 1, 1)--
Injecting into UPDATE
Modifies one or more rows of data.

UPDATE table
SET col1=val1, col2=val2, ...
WHERE expression
Places where input is inserted

SET clause
WHERE clause
Be careful with WHERE clause
’ OR 1=1 will change all rows
Example (1)
• User ID: ` OR ``=`

• Password: ÒR ``=`
• In this case the sqlString used to create the
result set would be as follows:
select USERID from USER where USERID = `ÒR``=`ànd PWD = ``
OR``=`` TRUE
TRUE
• Which would certainly set the

userHasBeenAuthenticated variable to true.
Example (2)
User ID: ` OR ``=`` --
Password: abc
As anything after the -- will be ignore, the injection

will work even without any specific injection into
the password predicate.
Example (3)
User ID: ` ; DROP TABLE USER ; --
Password: ÒR ``=`
select USERID from USER where USERID = `` ; DROP

TABLE USER ; -- ` and PWD = `ÒR ``=``
I will not try to get any information, I just want to bring

the application down.
Impact of SQL Injection
1. Leakage of sensitive
information.
2. Reputation decline.
3. Modification of sensitive
information.
4. Loss of control of db
server.
5. Data loss.
6. Denial of service.
Mitigating SQL Injection
Ineffective Mitigations
Blacklists
Partially Effective Mitigations

Whitelists
Blacklists
Filter out or Sanitize known bad SQL
meta-characters, such as single
quotes.
o Though it's easy to point out some

dangerous characters, it's harder to point
all of them.
Whitelist
Reject input that doesn’t match your
list of safe characters to accept.
o Identify what is good, not what is bad.
o Still have to deal with single quotes when
required, such as in names.
Defending against SQL Injection
• URL based injection:
o Avoid using clear text when coding in SQL.
• If your database and webpage are constructed in a
way where you can view the data, it’s open to
injection.
o http://mysite.com/listauthordetails.aspx?SSN=172-
32-9999
o As in prior example, you could add a drop, or other
command, to alter the database.
o Passwords, and other sensitive information need to be
either encrypted or one way hashed. There is no full proof
way to defend from injection, but by limiting sensitive
information, you can insure that your information is at least
somewhat protected.
Defending Against Injection ctd.
• Login based injection:
o Restrict input field length. Instead of allowing an
unlimited amount of characters to be entered for
user name and password, restricting them will
make it more difficult for someone to run a
malicious query.
• User privileges:
o Have a “Superuser/Admin” with full rights, but
limit other users to only the things they need to
do. This way, if someone accesses the database,
they’ll have a restricted amount of privileges.
• Use proper escapes strings, generally created
through PHP.
o $SQL = "SELECT * FROM users where username =
"mysql_real_escape_string($POST['user']);
• When someone tries to access the database
using a command like OR 1’”;, their query
would return \’ OR 1\’, because your query
was created to have a defined escape string.
• Firewalls and similar intrusion detection
mechanisms provide little defense
against full-scale web attacks.
SQL injection Conclusion
o SQL injection is technique for exploiting
applications that use relational databases
as their back end.
o Transform the innocent SQL calls to a
malicious call
o Cause unauthorized access, deletion of
data, or theft of information
o All databases can be a target of SQL
injection and all are vulnerable to this
technique.
What we learned

Google Dorks

Uploaded by

Copyright:

Available Formats

Google Dorks

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Google Dorks

Uploaded by

Copyright:

Available Formats

What are Google Dorks and how can they be used?

What are Google Dorks and how can they be used?

What are the different types of Google Dorks discussed?

What are the different types of Google Dorks discussed?

Google Dorks

How much you are secure?

• A Google dork is an employee who

Example: allinurl: admin login

Example: allintext: software engineering

Files Containing Juicy Passwords

SQL statement becomes:

Most common SQL entry point.

Places where user input is inserted:

Creates a new data row in a table.

Modifies one or more rows of data.

Places where input is inserted

• User ID: ` OR ``=`

• Which would certainly set the

As anything after the -- will be ignore, the injection

select USERID from USER where USERID = `` ; DROP

I will not try to get any information, I just want to bring

Partially Effective Mitigations

o Though it's easy to point out some

You might also like