Skip to main content


White Hat Google Hacking MySQL


Session Outline: What is Google Hacking? How to do it How to use/automate it without violating Google’s TOS SQL Injection, search for inurl: “page” or “id” (i.e., knowledge bases, blog software, bug tracking software) or forms on a page very manual process, but with metadata knowledge of DBs, very effective validate/scrub input, only allow needed characters (i.e., cast page or id as int in code before using in SQL query) use prepared statements when possible.


Topics Covered Include:

3rd Party Code & Gateway (Including App/Web Server) Vulnerabilities

search for “powered by”
 search for common paths (“/wp-admin”)
 search for inurl:port (i.e., 8987 = sawmill)
 open source makes these more known; double-edged sword

Social Engineering

use Google to find out information, then use it against someone
 a login or cookie may not be enough

Minimize Impact

you will be hacked
the gateway needs DB passwords to be an effective gateway, but if the gateway is hacked the DB password is easily attainable, your database’s security has been breached
    defense in depth

Patch

Google Search for sql injection vulnerability advisory security announcement, i.e., “wordpress sql injection vulnerability advisory security announcement”
Get on security mailing lists for all 3rd party software
Check out previous vulnerabilities and make sure they don’t work; automate for regression testing


File Type: PDF
File Size: 315 KB
Total Pages: 28

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now

Labels:

Comments

Post a Comment

Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.
Post a Comment
Read more

High Performance Cloud Auditing

This eBook mainly focuses on cloud security and high performance computing for cloud auditing. The eBook discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.
Post a Comment
Read more

Hack-X-Crypt (By Ujjwal Sahay)

This is basically a straight forward guide towards ethical hacking and cyber security.Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things.
Post a Comment
Read more