Default Installation Pages

Most of the careless webmasters leave the default installation page even after the website is up and running. An attacker could search for those websites, and try exploiting them, if they are not properly updated.

For finding default Apache install pages

intitle:"Test Page for Apache Installation" "Seeing this instead".

Similarly, for IIS 4.0, the following Google query would be useful:

intitle:"welcome to IIS 4.0"

Error Pages

Error pages are often overlooked upon, but from a security point of view, sometimes they could be too revealing. Hackers often look for error pages to find more about the target website and server.

For instance, following SQL error reveals login to databases that were denied for some reason.

(http://www.exploit-db.com/ghdb/1341/)

"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help –forum

"plugins/wp-db-backup/wp-db-backup.php"    [Author: ScOrPiOn : http://www.exploit-

db.com/ghdb/3638/]

This Google dork shows the error logs, which gives the attacker an idea of the full server paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack.

Let’s take an example of SQL Injection (we will be reading in detail later in this book) vulnerable websites.

One of the ways to look for it is to Google for SQL error queries.

For ex : inurl:php?id= Warning: mysql_fetch_array():

The result may not be 100% accurate, but 70% of the search results will be SQL Injection vulnerable. Also, error pages in some cases also reveal the full path of the error, giving an idea about the server to the attacker.


 

<< Prev | Next >>

Home | Notes Catalog | Privacy & Terms | About us | Contact us | Site map |     Copyright © Notesbin.com 2016.                                     Template by WebThemez.com