Penetration Testing
Website search engine is a hacking tool.. Jul 19 2004 04:06AM
Amal Mohammad Al Hajeri (amal nis etisalat ae) (2 replies)
Hi List,

Did you ever thought of the website search engine as a hacking tool?
During one of the pen-tests, The website search engine, was a valuable
tool to discover interesting directories within the website itself,
these directories were not detected by famous website scanners like
nikto or SPI dynamics,i managed to get documentation pages about the API
application implemented, management login pages, backup files and much
more.
I leave it to your imagination to search for words like:
password,login,oracle,database,administrator, backup...etc

Best Regards,

-----------------------------------
Amal M. Al-Hajeri
E/Network & Information Security
Etisalat

[ reply ]
Re: Website search engine is a hacking tool.. Jul 22 2004 06:35AM
Wojciech Pawlikowski (ducer u-n-f com)
Re: Website search engine is a hacking tool.. Jul 21 2004 07:54PM
Gerry Eisenhaur (GEisenhaur cisco com)


 

Privacy Statement
Copyright 2010, SecurityFocus