Website search engine is a hacking tool..

• Previous message: Volker Tanger: "Re: Find out the subnetting of a company"
• Next in thread: Gerry Eisenhaur: "Re: Website search engine is a hacking tool.."
• Reply: Gerry Eisenhaur: "Re: Website search engine is a hacking tool.."
• Reply: Wojciech Pawlikowski: "Re: Website search engine is a hacking tool.."
• Maybe reply: Drew Copley: "RE: Website search engine is a hacking tool.."
• Maybe reply: c0ntex_at_open-security.org: "Re: Website search engine is a hacking tool.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Mon, 19 Jul 2004 08:06:21 +0400

Hi List,

Did you ever thought of the website search engine as a hacking tool?
During one of the pen-tests, The website search engine, was a valuable
tool to discover interesting directories within the website itself,
these directories were not detected by famous website scanners like
nikto or SPI dynamics,i managed to get documentation pages about the API
application implemented, management login pages, backup files and much
more.
I leave it to your imagination to search for words like:
password,login,oracle,database,administrator, backup...etc

Best Regards,

 
-----------------------------------
Amal M. Al-Hajeri
E/Network & Information Security
Etisalat

• Previous message: Volker Tanger: "Re: Find out the subnetting of a company"
• Next in thread: Gerry Eisenhaur: "Re: Website search engine is a hacking tool.."
• Reply: Gerry Eisenhaur: "Re: Website search engine is a hacking tool.."
• Reply: Wojciech Pawlikowski: "Re: Website search engine is a hacking tool.."
• Maybe reply: Drew Copley: "RE: Website search engine is a hacking tool.."
• Maybe reply: c0ntex_at_open-security.org: "Re: Website search engine is a hacking tool.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]