If you’re a security researcher and you’ve found an exploit in a commonly distributed web application, you may want to find sites that contain that vulnerable application so you can notify them.
The question is how do you find them?
Google Hacking Is Now Obsolete
Maybe you’ve heard of Google Hacking, a technique hackers use to find websites that contain a common filename or block of text that is present in a vulnerable piece of software by searching to find all sites containing them. An example of this would be a Google query like
Powered by XOOPS 2.2.3 Final
If you are familiar with this method of vulnerability hunting, or this sort of thing interests you, you’ll be excited to know we’ve taken Google Hacking to another level.
How Does This Method Differ?
Websites running WordPress that are using version 3.5
Query: <meta name="generator" content="WordPress 3.5" />
Websites with an upload form on their homepages
Websites using the Invision Power Board Forum
New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies.
In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.