RE: Google Hacking

• Previous message: miguel.dilaj_at_pharma.novartis.com: "Re: Penetration Test Disclaimer?"
• Maybe in reply to: John Madden: "Google Hacking"
• Next in thread: Idol Crash: "Re: Google Hacking"
• Reply: Idol Crash: "Re: Google Hacking"
• Reply: GuidoZ: "Re: Google Hacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 12 Jan 2005 13:50:09 -0600
To: "Da Llorxillo" <dallorx@gmail.com>, <pen-test@securityfocus.com>

That is called a Directory Traversal Attack. You pen-teserst should know
that. =) It happen that it was a cache of a DTA attack or a DTA attempt
using the google web redirector to hide his attack.

> -----Original Message-----
> From: Da Llorxillo [mailto:dallorx@gmail.com]
> Sent: Wednesday, January 12, 2005 11:26 AM
> To: pen-test@securityfocus.com
> Subject: Re: Google Hacking
>
> I think it was a bug of the webpage that u can navigate under
> the directories using the "../", and someone used it to read
> the boot.ini file of the server
>
> i have found this (look at the end of the page)
> http://www.google.ca/search?q=cache:dO7rOHi7VFIJ:www.callawayg
> olf.com/+%22en/CustomerService.aspx%3Fpid%22&hl=en
>
> (Srry for my bad english...)
>
> On Tue, 11 Jan 2005 13:45:32 -0800 (PST), John Madden
> <chiwawa999@yahoo.com> wrote:
> > Hi,
> >
> > Googling around i found this.
> >
> > [Wrap lines]
> >
> >
> http://www.google.ca/search?q=cache:tG9K6OqlGs8J:www.callawaygolf.com/
> >
> en/customerservice.aspx%3Fpid%3D..%255C..%255C..%255C..%255C..%255C..%
> >
> 255C..%255C..%255C..%255C..%255Cboot.ini+inurl:www.callawaygolf.com/en
> > /customerservice.aspx&hl=en
> >
> > Is this a form of "Google Cache Poisoning" ?
> >
> > If not, what is it ?
> >
> > Thanks
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > The all-new My Yahoo! - What will yours do?
> > http://my.yahoo.com
> >
>
>
> --
>
>
> Da Llorx
>

• Previous message: miguel.dilaj_at_pharma.novartis.com: "Re: Penetration Test Disclaimer?"
• Maybe in reply to: John Madden: "Google Hacking"
• Next in thread: Idol Crash: "Re: Google Hacking"
• Reply: Idol Crash: "Re: Google Hacking"
• Reply: GuidoZ: "Re: Google Hacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Google Hacking ... > That is called a Directory Traversal Attack. ... =) It happen that it was a cache of a DTA attack or a DTA attempt ... Besides someone using the Goolge cache to mask their ... (Pen-Test) Re: Google Hacking ... new to this kind of thing (hopefully I'll learn much more to secure my ... > That is called a Directory Traversal Attack. ... =) It happen that it was a cache of a DTA attack or a DTA attempt ... (Pen-Test) Re: Hyper-Threading Vulnerability ... > would fit in the cache and the cpu designers would allow cache ... For me it is not even clear it is a real attack on native Linux, ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: Dont use S-boxes! ... >>You have an inaccurate mental model of the computer's cache. ... the same inaccurate model appears in previous papers on ... At first I said the same thing since his attack doesn't work [as ... (sci.crypt) Timing attack on general purpose processor ... First of all the purpose of my work is to deal with timing attack on GPP. ... Then we can try to distinguish collision which ... We can have a table with size twice the cache ... If the table are too big this technique won't work. ... (sci.crypt)