Penetration Testing mailing list archives
Re: Google Hacking
From: GuidoZ <uberguidoz () gmail com>
Date: Wed, 12 Jan 2005 18:46:52 -0800
That is called a Directory Traversal Attack. You pen-teserst should know that. =) It happen that it was a cache of a DTA attack or a DTA attempt using the google web redirector to hide his attack.
That it is. Besides someone using the Goolge cache to mask their attack, it could be that Google simply found a list of links and indexed it, maybe like this: http://216.239.63.104/search?q=cache:dO7rOHi7VFIJ:www.callawaygolf.com =) -- Peace. ~G On Wed, 12 Jan 2005 13:50:09 -0600, Todd Towles <toddtowles () brookshires com> wrote:
That is called a Directory Traversal Attack. You pen-teserst should know that. =) It happen that it was a cache of a DTA attack or a DTA attempt using the google web redirector to hide his attack.-----Original Message----- From: Da Llorxillo [mailto:dallorx () gmail com] Sent: Wednesday, January 12, 2005 11:26 AM To: pen-test () securityfocus com Subject: Re: Google Hacking I think it was a bug of the webpage that u can navigate under the directories using the "../", and someone used it to read the boot.ini file of the server i have found this (look at the end of the page) http://www.google.ca/search?q=cache:dO7rOHi7VFIJ:www.callawayg olf.com/+%22en/CustomerService.aspx%3Fpid%22&hl=en (Srry for my bad english...) On Tue, 11 Jan 2005 13:45:32 -0800 (PST), John Madden <chiwawa999 () yahoo com> wrote:Hi, Googling around i found this. [Wrap lines]http://www.google.ca/search?q=cache:tG9K6OqlGs8J:www.callawaygolf.com/en/customerservice.aspx%3Fpid%3D..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255C..%255Cboot.ini+inurl:www.callawaygolf.com/en/customerservice.aspx&hl=en Is this a form of "Google Cache Poisoning" ? If not, what is it ? Thanks __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com-- Da Llorx
Current thread:
- Google Hacking John Madden (Jan 11)
- Re: Google Hacking Da Llorxillo (Jan 12)
- <Possible follow-ups>
- RE: Google Hacking Todd Towles (Jan 12)
- Re: Google Hacking Idol Crash (Jan 13)
- Re: Google Hacking GuidoZ (Jan 13)