Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: 403 - Forbidden Google Error
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Mon, 21 Feb 2005 01:05:07 +0530

As Google has done this to stop worms attacking vulnerable sites but
probably it has missed out many other filters which can be used by the

For example: 
Sanity Worm exploits a flaw in a file called viewtopic.php that allows an
SQL injection exploit. This worm defaces the web site with the phrase "This
site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites
to attack, apparently using Google to locate the target viewtopic.php files.

If you search for inurl:"viewtopic.php" , google will drop such requests and
return back 403 - Forbidden Error but if at the same time a search request
is made for 
"view" + "topic" + ".php"

Google returns the search result without any drop. 

There are many such ways where existing worms can modified to make use of
various combinations of Google filters to evade any drops. 

I am still working on it. If anyone interested to work on such evasions can
mail me. 

Debasis Mohanty

-----Original Message-----
From: full-disclosure-bounces () lists netsys com
[mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Debasis
Sent: Monday, February 21, 2005 12:17 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] 403 - Forbidden Google Error

Try this and check what google says: 

Search for
inurl:".php" (with quotes)


Click on the following link: 

Debasis Mohanty

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]