Re: Google Hacking

From: Idol Crash (idolcrash_at_gmail.com)
Date: 01/13/05

  • Next message: GuidoZ: "Re: Google Hacking" 
    Date: Wed, 12 Jan 2005 21:09:20 -0500
To: Todd Towles <toddtowles@brookshires.com>

    The problem, however, is that many of us (including myself) are very
    new to this kind of thing (hopefully I'll learn much more to secure my
    network) ;)

    On Wed, 12 Jan 2005 13:50:09 -0600, Todd Towles
    <toddtowles@brookshires.com> wrote:
    > That is called a Directory Traversal Attack. You pen-teserst should know
    > that. =) It happen that it was a cache of a DTA attack or a DTA attempt
    > using the google web redirector to hide his attack.
    >
    > > -----Original Message-----
    > > From: Da Llorxillo [mailto:dallorx@gmail.com]
    > > Sent: Wednesday, January 12, 2005 11:26 AM
    > > To: pen-test@securityfocus.com
    > > Subject: Re: Google Hacking
    > >
    > > I think it was a bug of the webpage that u can navigate under
    > > the directories using the "../", and someone used it to read
    > > the boot.ini file of the server
    > >
    > > i have found this (look at the end of the page)
    > > http://www.google.ca/search?q=cache:dO7rOHi7VFIJ:www.callawayg
    > > olf.com/+%22en/CustomerService.aspx%3Fpid%22&hl=en
    > >
    > > (Srry for my bad english...)
    > >
    > > On Tue, 11 Jan 2005 13:45:32 -0800 (PST), John Madden
    > > <chiwawa999@yahoo.com> wrote:
    > > > Hi,
    > > >
    > > > Googling around i found this.
    > > >
    > > > [Wrap lines]
    > > >
    > > >
    > > http://www.google.ca/search?q=cache:tG9K6OqlGs8J:www.callawaygolf.com/
    > > >
    > > en/customerservice.aspx%3Fpid%3D..%255C..%255C..%255C..%255C..%255C..%
    > > >
    > > 255C..%255C..%255C..%255C..%255Cboot.ini+inurl:www.callawaygolf.com/en
    > > > /customerservice.aspx&hl=en
    > > >
    > > > Is this a form of "Google Cache Poisoning" ?
    > > >
    > > > If not, what is it ?
    > > >
    > > > Thanks
    > > >
    > > >
    > > > __________________________________
    > > > Do you Yahoo!?
    > > > The all-new My Yahoo! - What will yours do?
    > > > http://my.yahoo.com
    > > >
    > >
    > >
    > > --
    > >
    > >
    > > Da Llorx
    > >
    >

  • Next message: GuidoZ: "Re: Google Hacking"

    Relevant Pages

    • Re: Ask EU - Norton AV 2006
      ... >>It is true that an attacker could reprogram a network card so that his ... >>knowledge of your network setup before he could construct his attack. ... When you are on a secure site, ... from a "certificate authority" as a means of getting your browser to ...
      (uk.media.radio.archers)
    • Re: Pen Test vs. Health Check
      ... a network that has been secured from the ... with a solid secure foundation should stand the ... In an assessment, a vulnerability is noted, and the tester ... vulnerabilities can be linked together into an attack and the implications ...
      (Pen-Test)
    • Tech paper on proposed future generation NIDS
      ... Data is aggregated from the network ... UDP packets, or other incongruity in data and packet types. ... to reduce IDS rule sets and attack proccessing. ... When people in security speak of correlation, ...
      (Focus-IDS)
    • Re: How 2 secure PC-PC data transfer
      ... The assumption that you are going to open your machine to attack is one of the worst ideas ... I have no idea what you mean by "not that secure". ... connecting a parallel port cable from PC to PC will work. ... If you have a front-end software that blocks all incoming FTP requests from the WAN (look ...
      (microsoft.public.vc.mfc)
    • RE: Intrusion Prevention Systems
      ... Network systems functioning as a bridge can prevent the traffic ... recognize the attack and prevent it from affecting the target is absurd. ... His point is that there are many techniques ... variables affecting the application's receipt of and response to the data. ...
      (Focus-IDS)