As Google has done this to stop worms attacking vulnerable sites but
probably it has missed out many other filters which can be used by the
worms.
For example:
Sanity Worm exploits a flaw in a file called viewtopic.php that allows an
SQL injection exploit. This worm defaces the web site with the phrase "This
site is defaced!!! NeverEver NoSanity" and then seeks out other phpBB sites
to attack, apparently using Google to locate the target viewtopic.php files.
If you search for inurl:"viewtopic.php" , google will drop such requests and
return back 403 - Forbidden Error but if at the same time a search request
is made for
"view" + "topic" + ".php"
Or
Viewtopic.php
Google returns the search result without any drop.
There are many such ways where existing worms can modified to make use of
various combinations of Google filters to evade any drops.
I am still working on it. If anyone interested to work on such evasions can
mail me.
Regards,
Debasis Mohanty
www.hackingspirits.com
-----Original Message-----
From: full-disclosure-bounces_at_lists.netsys.com
[mailto:full-disclosure-bounces_at_lists.netsys.com] On Behalf Of Debasis
Mohanty
Sent: Monday, February 21, 2005 12:17 AM
To: full-disclosure_at_lists.netsys.com
Subject: [Full-disclosure] 403 - Forbidden Google Error
Try this and check what google says:
Search for
inurl:".php" (with quotes)
or
Click on the following link:
http://www.google.co.in/search?hl=en&as_qdr=all&q=inurl%3A+%22.php%22&btnG=S
earch&meta=
Regards,
Debasis Mohanty
www.hackingspirits.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Feb 20 2005
Intro
