Incident Response, TDR, Vulnerability Management

Mass website hacking tool alerts to dangers of Google dorks

Google dorks are not geeks who love the internet-related services and products provider. Google dorks are akin to super-specific searches, which attackers have been known to take advantage of in attempts to expose vulnerable websites.

Cyber crime researcher Dancho Danchev recently blogged about a mass, do-it-yourself (DIY) website-hacking tool making the rounds that takes advantage of those Google dorks.

“The proxy supporting tool has been purposely designed to allow automatic mass websites reconnaissance for the purpose of launching SQL injection attacks against those websites that are vulnerable,” Danchev wrote.

SQL stands for structured query language and is programming terminology designed for managing data. SQL injection typically involves an attacker inputting SQL statements into an entry field that will force the system to execute potentially malicious commands.

“Once a compromise takes place, the attacker is in a perfect position to inject malicious scripts on the affected sites, potentially exposing their users to malicious client-side exploits serving attacks,” according to Danchev.

Danchev wrote that an escalating number of DIY tools circulating the internet may open the door for novice attackers, but Barry Shteiman, director of security strategy with Imperva, told on Tuesday that it is the Google dorks that should be raising alarms.

“The reason Google dorks have gotten so popular is because they create the threat landscape of finding targets,” Shteiman said, explaining that he regularly uses Google dorks in his research to see the scale of a particular issue. “If I know of an exploit, Google will find those targets.”

The problem is that people want Google to index their websites so it can be found in a regular search, Shteiman said. He explained that website owners can, and should, mask things about their sites by removing certain tags and not letting the public know what kinds of systems run under the hood.

“It's a huge a problem,” Shteiman said. “I believe that most hackers use these techniques because they are looking for easy money. Why would I go into a website and start digging when I can do it the other way around. You're reversing the wheel and making your life very easy.”

Shteiman most recently took advantage of Google dorks when researching an exploit in certain versions of vBulletin. He discovered that 35,000 websites using the proprietary internet message board software were vulnerable to a flaw that allowed hackers to create new admin accounts.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.