Yesterday we had a brainstorming session with our programmers on google hacking. It is soooooo easy to grab php codes, passwords, databases from all over the Web, thanks to sloppy coders. For instance, do a search for
or check the list at http://www.thenetworkadministrator.com/googlesearches.htm These types of searches will spit out directory trees.
There are many “smart cookies” posting derivatives of these lists all over the Web.
And how about typos?
Try filetype command searches with extra characters in extensions like
Servers will spit out entire php codes.
The great offenders are large sites like those belonging to .edu, .gov, .org, not to mention large .com and .net sites.
Ho, Ho, Ho, Merry Christmas, Santa.