Skip to main content


White Hat Google Hacking MySQL


Session Outline: What is Google Hacking? How to do it How to use/automate it without violating Google’s TOS SQL Injection, search for inurl: “page” or “id” (i.e., knowledge bases, blog software, bug tracking software) or forms on a page very manual process, but with metadata knowledge of DBs, very effective validate/scrub input, only allow needed characters (i.e., cast page or id as int in code before using in SQL query) use prepared statements when possible.


Topics Covered Include:

3rd Party Code & Gateway (Including App/Web Server) Vulnerabilities

search for “powered by”
 search for common paths (“/wp-admin”)
 search for inurl:port (i.e., 8987 = sawmill)
 open source makes these more known; double-edged sword

Social Engineering

use Google to find out information, then use it against someone
 a login or cookie may not be enough

Minimize Impact

you will be hacked
the gateway needs DB passwords to be an effective gateway, but if the gateway is hacked the DB password is easily attainable, your database’s security has been breached
    defense in depth

Patch

Google Search for sql injection vulnerability advisory security announcement, i.e., “wordpress sql injection vulnerability advisory security announcement”
Get on security mailing lists for all 3rd party software
Check out previous vulnerabilities and make sure they don’t work; automate for regression testing


File Type: PDF
File Size: 315 KB
Total Pages: 28

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now

Comments

Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.

Android Things Quick Start Guide

Android Things is the new Android based Operating System for the Internet of Things. With this book you will learn the core concepts by running code examples on different peripherals. Android Things is the IoT platform made by Google, based on Android. It allows us to build smart devices in a simple and convenient way, leveraging on the Android ecosystem tools and libraries, while letting Google take care of security updates.

Programming QuickStart Box Set

This tutorial on HTML is designed specifically for aspiring developers and web designers. This tutorial is explained in enough detail with practical examples and a simple overview so that it can be easily understood by beginners and provides enough knowledge to design their own webpages. You can get a higher level of expertise with some practice.  HTML or Hyper Text Markup Language is the most commonly used language for developing web pages.