|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpMyAdmin Results in Google |
|
Posted: Sun Jun 24, 2007 2:20 pm |
|
|
blaxenet |
Active user |
|
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
|
|
|
|
Hi all,
I've found this quite interesting;
Say we put Welcome to phpMyAdmin 2.6.4-pl1 into Google-
http://www.google.com/search?hl=en&q=Welcome+to+phpMyAdmin+2.6.4-pl1
Then select one like the 3rd one down,
You'll be taken to phpMyAdmin without having to login.
Interesting enough,
I've recently found one that was functioning for a website and was able to make changes to effect the site.
How can people be so blunt
The only reason I made these changes was to see if it was being used for dummy purposes or whether it was the real deal.
Surprising enough I was able to access an Administrators password for a CMS stored in one of these databases and it was the same password for the FTP, got to upload C99 Modded !
BlaxeNet |
|
|
|
|
|
|
|
|
Posted: Sun Jun 24, 2007 2:31 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Have you been here:
http://johnny.ihackstuff.com/ghdb.php
It's amazing, how much can be done by using google. This is called "Google hacking" and even professional pentesters are using search engines besides many-many more methods.
By the way, you can select some high-level DoD website and try to find some common sql related error messages from google - and surprise, surprise - you can see database internals, maybe from google cache only, but still - google has huge pile of sensitive information indexed and ready to offer to anyone, who needs it |
|
|
|
|
|
|
|
|
Posted: Sun Jun 24, 2007 2:46 pm |
|
|
blaxenet |
Active user |
|
|
Joined: Jun 20, 2007 |
Posts: 26 |
|
|
|
|
|
|
|
Quite interesting,
I didn't know it had a particular name,
We can thank Google for making our "research" so much easier...
Maybe in a redesign of the site you could create add a list (amongst many other things) of different terms to try in Google.
With a detailed explanation on how it all works.
* Could be good for that Wiki you mentioned!
I would imagine for those script kiddies,
"Google Hacking" would make forum exploiting so much easier! |
|
|
|
|
www.waraxe.us Forum Index -> MySql
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|