10-01-2012, 07:17 PM
![[Image: TSLLE.png]](http://i.imgur.com/TSLLE.png)
Let's use the most basic dork which finds a lot of websites vulnerable to SQL Injection, an extremely common vulnerability. First, we go to 'http://www.google.com' - once there, we type the dork in the search bar. In our case, we're using the most basic: "inurl:index.php?id="(with or without quotes)
Once we have searched, this should bring us a lot of results of pages with 'index.php?id=' in the URL, usually followed by the id of whatever is on the page. If you know anything about SQLi, we can check to see if the page is vulnerable via adding a ' before the number and after the '='. If that page throws an error, it's vulnerable. If not, there's a good chance it's not. There are plenty of SQLi tutorials out there though, so go read up on them.
Basic Search Commands:
Hidden Content
With these search commands, we can mix them together to make one big dork. For example, if we wanted to quickly search for possible .gov websites vulnerable to SQLi then we could enter something such as: site:gov inurl:index.php?id=
Try it out and see what you get! I said before that this could be used to find pages we aren't normally allowed. This is correct. If you have ever worked with WordPress before then you will know about having to block some of the locations such as '/wp-content/' or '/wp-includes/'. Without blocking these, it can be a serious threat to your sites security.
There's a popular plugin for WP sites called HD-Webplayer that has an SQLi vulnerability inside of it. We will be using a custom dork to find this vulnerability. Use the following:
inurl:/wp-content/plugins/hd-webplayer/playlist.php?videoid=
See that? Hundreds of vulnerable websites in one search. You can exploit these easily and then the site would be under your control. Now, imagine someone going through each and every one of these websites and rooting them all? That's a huge range of sites. This isn't the only vulnerablity either, there are thousands. This is just one example of getting somewhere you're not allowed. There's also the extremely risky dorks where you can access Credit Card information. Imagine if your card was vulnerable due to one quick Google search? Well, there's a good chance it is and only the website your details are on are responsible for fixing that.
Extra Goodies:
I kind of feel obligated to give you a few 'cool' dorks to play around with. I'm sure a lot of you have already created your own dork by now if you followed this tutorial but these can always give you a few more ideas. Here's another tip, let's say a company owned a website and on each index they wrote "Property of BigBusinessGuys LTD", you could make a basic dork such as intext:tongue:roperty of BigBusinessGuys LTD and find every site that is linked to them. This is like the example of the Wordpress vulnerability before where we took the URL used on every website with the vulnerability. Anyhow, on to the goodies!
Hidden Content
This wraps it up for this tutorial. Now you can see how easily exploitable websites
can be and how you can modify your search to target specific websites online.
Practice with it and sail safe.
can be and how you can modify your search to target specific websites online.
Practice with it and sail safe.