RE: [Full-Disclosure] 403 - Forbidden Google Error

From: Debasis Mohanty (mail_at_hackingspirits.com)
Date: 02/20/05

  • Next message: Willem Koenings: "Re: [Full-Disclosure] How T-Mobil's network was compromised"
    To: "'Debasis Mohanty'" <mail@hackingspirits.com>, <full-disclosure@lists.netsys.com>
    Date: Mon, 21 Feb 2005 01:05:07 +0530
    
    

    As Google has done this to stop worms attacking vulnerable sites but
    probably it has missed out many other filters which can be used by the
    worms.

    For example:
    Sanity Worm exploits a flaw in a file called viewtopic.php that allows an
    SQL injection exploit. This worm defaces the web site with the phrase "This
    site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites
    to attack, apparently using Google to locate the target viewtopic.php files.

    If you search for inurl:"viewtopic.php" , google will drop such requests and
    return back 403 - Forbidden Error but if at the same time a search request
    is made for
    "view" + "topic" + ".php"
    Or
    Viewtopic.php

    Google returns the search result without any drop.

    There are many such ways where existing worms can modified to make use of
    various combinations of Google filters to evade any drops.

    I am still working on it. If anyone interested to work on such evasions can
    mail me.

    Regards,
    Debasis Mohanty
    www.hackingspirits.com

    -----Original Message-----
    From: full-disclosure-bounces@lists.netsys.com
    [mailto:full-disclosure-bounces@lists.netsys.com] On Behalf Of Debasis
    Mohanty
    Sent: Monday, February 21, 2005 12:17 AM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] 403 - Forbidden Google Error

    Try this and check what google says:

    Search for
    inurl:".php" (with quotes)

    or

    Click on the following link:
    http://www.google.co.in/search?hl=en&as_qdr=all&q=inurl%3A+%22.php%22&btnG=S
    earch&meta=

    Regards,
    Debasis Mohanty
    www.hackingspirits.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Willem Koenings: "Re: [Full-Disclosure] How T-Mobil's network was compromised"

    Relevant Pages

    • Re: How often do you deworm your horse?
      ... some horses will be more-or-less resistant to worms while others will ... Google "images" for the relevant species. ... letting a sheep ...
      (uk.rec.equestrian)
    • Re: RED camera jam
      ... Hope this isn't opening a huge can of worms again, ... first hand experience with this then terrific. ... Harry ... Do a google here with RED and TC, and you will find out that you need ...
      (rec.arts.movies.production.sound)
    • Re: How can I display the calendar - limited user?
      ... This newsgroups are spyed by Google ... and computers infected by Mass Mailing ... worms and other bad software. ...
      (microsoft.public.windowsxp.customize)
    • Re: List of all cars!!!!!!!!
      ... Google might be able to shed some light on the matter. ... Can of worms - what every fisherman wants. ...
      (uk.rec.cars.misc)
    • Re: Turn any trip into a diving vacation!!
      ... What does Google have to do with my posts? ... That advice is in the FAQ (not the Charter) and was written a long time ... the newsgroup's approach to Commercial Advertising has ... "BOYCOT CRETINS WHO ADVERTISE IN USENET GROUPS" ...
      (rec.scuba.locations)