Hacking cu Google Code Search

Ok so just for shits I thought I would do some querys on Google Code Search to see what kind of exploits I could find. Now keep in mind this probably will not show your site but it will show code and versions that you might be running… so once someone locates a exploitable version of code they then could just search for “Powered By X” or whatever fingerprint you could put on the exploitable program/version.

Hmm I wonder If we could find some xss exploits…

lang:php (ECHO|PRINT) .*\$_(GET|POST|COOKIE|REQUEST|FILES)

100,000+ results

How About some SQL Injection exploits?

lang:php query\(.*\$_(GET|POST|COOKIE|REQUEST|FILES).*\)

3000 results

hrmm I wonder how easy it is to find host,user,pass for mysql databases…. Lets try:

lang:php mysql_connect\((”|’)[a-zA-Z0-9_.]+(”|’),(”|’)[a-zA-Z0-9]+(”|’) -localhost -127.0.0.1 -192.168

100 results found.

This query might be a little puzzling for those that are not Google ninjas like me so.. I will explain. Basically we are checking for anything that ends in .php extension. Then we search the file for mysql_connect. If it contains Mysql we look for the pattern of a connection string. lastly we use the minus sign to get rid of all localhost databases (cause we cant access them).

So did we find anything interesting? Well…

Lets just look at the first 10 results:

www.ubio.org/downloads/XID.TAR.gz – Unknown License – PHP
connect.php

$connection = mysql_connect(”RANSOM”,”GlobalWebUser”,”goober8″) or die(”Couldn’t connect.”);
$db_name = “dwf”;

Now in this case RANSOM is probably a local box…

ohh whats this:

$f = mysql_connect(”zeus.mbl.edu”,”tns”,””);
if (empty($limit)) $limit=50;

hrmm intersting….

more?

$db=mysql_connect(”62.149.150.11″,”Sql43254″,”M9dKTz3M”);
$selezione=mysql_select_db(”Sql43254_4″, $db);

I can post tons of other examples but I think I have made my point. Watch your logs for people coming from google code search and always make sure your running the latest version of your software.

Sursa

Cum poti fi vulnerabil? Daca esti inscris in sitemaps si esti pe setarile default.

Specifically using Google code search. Now while this was interesting it still did not explain how the page was even indexed…. ohh wait I use Google Sitemaps and I had it on to index everything (the default setting) OUPS!!

S-a mai cautat si:

 seo articole 258 views

Din familie

Ro Forum Search
Studiu de Caz Rapid: Page Rank 4 Fals
Spamming Google
Google Malware Warning
Cum sa Cresti Veniturile din Adsense prin Relevanta

Scris in Articole seo de retinut :) Ti-a placut? Te abonezi. Click Aici
December 27th, 2006
8 Comments »

Facebook comments:

8 Raspunsuri “Hacking cu Google Code Search”

  1. Ciprian Sorlea Says:
    December 27th, 2006 at 9:54 pm

    Chiar daca userul si parola sunt “publice”… dar userul se poate conecta doar de pe localhost, se cheama ca e inca safe. Ai incercat un connect la DB-urile alea?

  2. Tudor Mateescu Says:
    December 28th, 2006 at 12:37 pm

    pentru asta este -localhost -127.0.0.1 -192.168
    pentru a exlude scripturile care folosesc localhost.

    am incercat doar la una.. a stat ceva dar n-a vrut, n-am mai incercat :D

    cautarile totusi sunt bune pentru exemplificare.

  3. Ciprian Sorlea Says:
    December 28th, 2006 at 5:38 pm

    Ma rog, localhost sau anumit ip… tot aia e. De exemplu, pot sa am access la bazele mele de date doar de acasa sau de la birou. Si chiar daca aflii userul si parola, nu te ajuta cu nimic. Got my point?

  4. Tudor Mateescu Says:
    December 28th, 2006 at 5:57 pm

    corect ;)

  5. Mihai Says:
    January 30th, 2007 at 12:26 pm

    Treaba este ca acestea sunt exemple de cod public. In cazul in care cineva ar fi destul de destept incat sa isi publice codul cred eu ca majoritatea ar scoate partea de conexiuni.

    Exista si exceptii…

  6. NoOne Says:
    March 5th, 2008 at 6:00 pm

    Este de-a dreptul incantator cand descopar articole furate de pe diverse site-uri. Macar de-ar exista pe undeva sursa citata. Sau macar de te-ai fi chinuit sa-l traduci. Dar romanul s-a nasput copy/paste-ist. Si… oricum ii va lua circa 2 secunde sa “SCRIE” un articol de acest gen.

    Bravo dom’le. La mai multe.

  7. Tudor Mateescu Says:
    March 5th, 2008 at 7:49 pm

    bai frate tu vezi acolo penultimul rand unde scrie sursa? Nu e vina mea ca romanul de tine nu vede bine si te-ai nascut bullshitist.

  8. NoOne Says:
    March 5th, 2008 at 9:48 pm

    ho “frate”, ce te umfli atata? te doare ca trei sferturi din ce-am scris e adevarat? apare sursa. mare branza. trebuia sa scrii: copy/paste-uit din urmatoarea sursa. reflecta adevarul.

    macar “romanul de mine” stie sa vorbeste si e atent la ce scrie.

    puteai sa spui direct ca mananc rahat. da’ suna mai bine in engleza, nu moncher?

    vezi ca e-mail notifications-urile iti ajung direct in spam. oare care o fi cauza? poate remediezi, ca-mi place site-ul. ha! ha!

Leave a Reply