Shopping Info

To get sensitive shopping info, you could try looking for shopping websites using scripts, whose vulnerabilities are already known. Most of the webmasters, once install the scripts and just keep the website running without updating it regularly.

For example:

inurl:shopdbtest.asp    [http://www.exploit-db.com/ghdb/545/]

shopdbtest is an ASP page used by several e-commerce products. Vulnerability in the script allows remote attackers to view the database location, and since that is usually unprotected, the attacker can then download the web site's database by simply clicking on a URL (that displays the active database). The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, etc.

In the same way, there are others:

inurl:midicart.mdb        [http://www.exploit-db.com/ghdb/549/]

MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. Security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).

Most of the websites store the shopping and credit cards info of their users in SQL databases.

If the website is vulnerable to SQL Injection, an attacker could get access to whole database, and could get the user’s sensitive shopping info.

As in all other cases, in this case too, you could use up your brain to make a Google dork.

For example : ext:sql username cvv email Expiration Date

This is not all about Google hacking. What we covered just now were the basics. We will be going through more Google stuffs in the coming chapters, and wherever they are required.

References:

1. Google Hacking Database: Johnny Long (http://www.hackersforcharity.org/ghdb/)

2. Exploit DB GHDB (http://www.exploit-db.com/google-dorks/)

3. Google 101 (http://todleho.com/ppl/blog/view/id_855)

4. Google Hacking for Penetration Testers by Johnny Long

5. http://arstechnica.com/gadgets/guides/2011/01/one-mans-journey-through-the-world-of-unsecured-ip-surveillance-cams.ars


 

<< Prev | Next >>

Home | Notes Catalog | Privacy & Terms | About us | Contact us | Site map |     Copyright © Notesbin.com 2016.                                     Template by WebThemez.com