How We Found Every Single Vulnerable Website

If you’re a security researcher and you’ve found an exploit in a commonly distributed web application, you may want to find sites that contain that vulnerable application so you can notify them.

The question is how do you find them?

image

Google Hacking Is Now Obsolete

Maybe you’ve heard of Google Hacking, a technique hackers use to find websites that contain a common filename or block of text that is present in a vulnerable piece of software by searching to find all sites containing them.  An example of this would be a Google query like

inurl:administrators.pwd

or

Powered by XOOPS 2.2.3 Final

If you are familiar with this method of vulnerability hunting, or this sort of thing interests you, you’ll be excited to know we’ve taken Google Hacking to another level.

How Does This Method Differ?

Traditional search engines only let you query the text of a webpage, not the markup. You can now find all websites that have a common piece of HTML code or JavaScript, in addition to a block of text. Here are some examples of what can done:

Websites running WordPress that are using version 3.5

Query: <meta name="generator" content="WordPress 3.5" />

imageClick to see query results

Websites with an upload form on their homepages

Query: name="MAX_FILE_SIZE"

imageClick to see query results

Websites using the Invision Power Board Forum

Query: ipsBadge

imageClick to see query results

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies.

In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

//