Re: Website search engine is a hacking tool..
c0ntex_at_open-security.org
Date: 07/23/04
- Previous message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
- Maybe in reply to: Amal Mohammad Al Hajeri: "Website search engine is a hacking tool.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Jul 2004 21:55:15 -0000 To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20040722063551.GA30017@liderlink.net>
>On Mon, Jul 19, 2004 at 08:06:21AM +0400, Amal Mohammad Al Hajeri wrote:
>> Hi List,
>>
>> Did you ever thought of the website search engine as a hacking tool?
>> During one of the pen-tests, The website search engine, was a valuable
>> tool to discover interesting directories within the website itself,
>> these directories were not detected by famous website scanners like
>> nikto or SPI dynamics,i managed to get documentation pages about the API
>> application implemented, management login pages, backup files and much
>> more.
I wrote a paper on search engine spiders a while back, it is a well known trick now but still a useful method for data mining, as you discovered :)
http://open-security.org/texts/8_Legs.txt
cheers
c0ntex
- Previous message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
- Maybe in reply to: Amal Mohammad Al Hajeri: "Website search engine is a hacking tool.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
