Johnny Long, a researcher with Computer Sciences Corp who also maintains a web site of Google hacks, demonstrated how Google’s advanced features can be used to find passwords, sensitive data, and vulnerable hosts to attack.
Hackers have long used Google to locate badly secured or badly configured web servers. Long showed how the search engine can be used to also find vulnerable third-party software, by querying strings found in known vulnerabilities.
Simply put, Google allows for a great deal of target reconnaissance that results in little or no exposure for the attacker, Long wrote in a comprehensive paper accompanying his presentation.
Long showed how, for example, the query inurl:iisadmpwd finds hosts that have enabled an IIS password management component that is known to be vulnerable to denial-of-service and information leakage attacks.
He also demonstrated how attackers can query strings produced by software installations to determine which versions of web server or other software sites are using, which can be combined with knowledge of vulnerable versions.
Long recommended that site administrators do not put sensitive data on their sites, not even temporarily, and that they proactively scan their sites for this type of information leakage regularly.
