If Google is receiving (and indexing) an executable file, that means the web server is incorrectly configured and is serving up the binary file instead of executing it. So, this provides us with a means of getting binary only copies of someone's misconfigured CGI apps. But the app won't actually run, the browser will just invite the user to download it.
This is no different to inviting a sucker to just go ahead and download some malicious app you just coded yourself. It requires a particularly dimwitted victim, and Google's involvement is totally incidental.
What this actually is useful for is finding misconfigured webservers. That _might_ be useful for blackhats loooking for misconfigured servers to attack, in the hopes that the admin has made other mistakes too; or maybe fuzzing their custom CGI in a sandbox to look for vulnerabilities. But it's even more useful for server farm admins checking that they DON'T have any misconfigured servers!
This is no different to inviting a sucker to just go ahead and download some malicious app you just coded yourself. It requires a particularly dimwitted victim, and Google's involvement is totally incidental.
What this actually is useful for is finding misconfigured webservers. That _might_ be useful for blackhats loooking for misconfigured servers to attack, in the hopes that the admin has made other mistakes too; or maybe fuzzing their custom CGI in a sandbox to look for vulnerabilities. But it's even more useful for server farm admins checking that they DON'T have any misconfigured servers!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/248/1209#1209