Using the Advanced Search Tips you can have the information which you are not supposed to. Information which should be protected is very often publicly available, revealed by careless or ignorant users.
Index Of – A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. So this means that you can even get a hold of some sensitive information.
Try these queries can help you to search for secrets-
Index of /admin
Index of /passwd
Index of /mail
“Index of /” +passwd
“Index of /” +password.txt
“Index of /secret”
“Index of /confidential”
“Index of /root”
“Index of /cgi-bin”
“Index of /credit-card”
“Index of /logs”
“Index of /config”
Querying for Sysinfo – Many system administrators install Web-based applications which generate system load statistics, show disk space usage or even display system logs. All this can be valuable information to an intruder.
|Query||Type of Information|
|“Generated by phpSystem”||operating system type and version, hardware configuration, logged users and disk space|
|“This report was generated by WebLog”||web server statistics, system file structure|
|intitle:”Apache::Status”||server version, operating system type, child process list, current connections|
|inurl:server-info “Apache Server Information”||web server version and configuration, operating system type, system file structure|
Network Devices – You can get the access to insecure network devices like printers and webcams.Don’t get too excited you will not get access to your school/unversity’s printer or cam, but there is no loss in giving a try.
|inurl:”printer/main.html” intext:”settings”||Brother HL printers|
|intitle:”Dell Laser Printer” ews||Dell printers with EWS technology|
|intitle:liveapplet inurl:LvAppl||Canon Webview webcams|
|intitle:”EvoCam” inurl:”webcam.html”||Evocam webcams|
|inurl:”ViewerFrame?Mode=”||Panasonic Network Camera webcams|
|inurl:indexFrame.shtml Axis||Axis webcams|
|SNC-RZ30 HOME||Sony SNC-RZ30 webcams|
|intitle:”active webcam page”||USB webcams|
|Network Camera Flaw|
Find Un-spidered web pages – Some websites hide some pages from search engines but where are the pages are known by search engines. They paths to the pages are located in robots.txt file that tells a search engine that these pages should not be included by their search bots. By doing a little tricky query that can be like “robots.txt” “disallow:” filetype:txt we can find those robots.txt files. You can filter this query to find your prey by using inurl: syntax. In your results if you will find something like this Disallow: /log.txt just copy the path of the page(here: /log.txt) and paste after the domain name(i.e www.example.com/).
PHP Admin Accounts – This really a dangerous security flaw.
intitle:phpMyAdmin “Welcome to phpMyAdmin”***” “running on * as root@*”
Just try the query to get the access to some php site’s admin account.
|Access to PHP Admin Account|
Access Photo Albums – Using the below query you can get access to some site’s php photo albums. You can get an access to upload any photo to their photo albums.
Confedential Documents – It is frequently the case that all sorts of confidential documents containing our personal information are placed in publicly accessible locations or transmitted over the Web without proper protection. Thousands of such documents can be found on the Internet – just query Google for :
|Query||Type of Documents|
|filetype:xls inurl:”email.xls”||email.xls files, potentially containing contact information|
|“not for distribution” confidential||documents containing the confidential clause|
|intitle:index.of finances.xls||finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers|
So, secure your stuff on the net.
One more thing, you could get an unusual traffic error from Google saying that they have detected malicious requests that could be violating their Terms & Conditions. So, just don’t keep on trying these queries in one go.
|Unusual Traffic Error|