How to hack hundreds of websites with a single Google search
Postato in Tricks il 7 November 2008 da riccardo – 2 commentiDisclaimer:
This post doesn’t want to be an invite to hack websites. The admin pages linked by search engines in the “search suggestions” in the article are so easy to find that it’s, I think, exagerated to define this an “hack practice” (infact, many of them were already hacked and spammed by automatic bots). On the contrary, it wants to be an advice to webmasters and sysadmins to double-check their installations and security measures.
Search engines scan the Web. The entire web, and they often discover something that nobody should see.
This is one of this cases: a webmaster forgets to password-protect the folder where a critical admin tool like phpMyAdmin is, a search engine reaches the folder and it puts in its search index the link.
At this point it’s easy for everyone to discover these security breaches: with a very simple search on a search engine like Yahoo! you’ll get 196 results (November, 7th 2008), they bring to the administrative home page of phpMyAdmin from several domains, with root privileges. leggi tutto »