Using google to hack for you

By Rory2 on November 23, 2006 3:54 PM | No Comments

SecuriTeam Blogs » Anonymizing RFI Attacks Through Google

Interesting post at the Securiteam blog, giving some more details on the idea of using google to hack for you by causing it to spider links which contain exploits.

Of course in addition to the RFI (remote file inclusion) vulnerabilities they're talking about, it would be possible to do SQL injection this way, although you'd need to either understand the app well before the attack or leave footprints all over the site as you work out the correct injection string.

As the comments on the blog point out, this isn't a new attack, but there is some good detail including solid information about this being exploited in the wild, which is interesting as I wasn't aware of it as anything more than a concept...

I wonder how long it is before someone tries to sue Google for "hacking their site" !

Categories:

Leave a comment

Categories

Monthly Archives

Pages

Powered by Movable Type 4.32-en

Search

About this Entry

This page contains a single entry by Rory2 published on November 23, 2006 3:54 PM.

New UK Computer Misuse Act... Yeuch was the previous entry in this blog.

PWDumpX is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.