In previous article on website hacking you discussed about How To Find Vulnerability In Specific Websites With Specific Domains. In that I have explained about how to find
Vulnerability in specific domains like .Gov etc. Today in this tutorial i will explain how to create your own dorks, Advanced dorks!!!!
Yet I have explained following tutorials about Website Hacking
- Complete HACKING information for Newbies
- Basic Information About Website Hacking
- How to find a vulnerable Website??
- BASIC XSS TUTORIAL FOR WEBSITE HACKING
- Cross Site Request Forgery (CSRF/XSRF) Tutorial
- The Cross-Site Request Forgery (CSRF/XSRF) FAQ
- Remote File Inclusion Tutorial For Website Hacking
- How to Protect WordPress Website From Hackers
- Hack Websites Database Using XPath Injection
- Web Hacking FAQ : Common Web Hacking Problems Solutions
- Local File Inclusion Tutorial(LFI) For Website Hacking
- Website Database Hacking : SQL Injection Tools To Hack Website
- How to Hack Website Using Havij SQL Injection
- How To Find Vulnerable Website Using SQL Poizon (Sqli Exploit Scanner) Tool
- How To Hack Websites Using DotNetNuke Exploit + Shell Uploading
- How To Add a Song To Your Deface Page
- How To Find Vulnerable In Specific Websites With Specific Domains
A method of finding websites vulnerable to SQL injection is using what we call "dorks"
Dorks : They are like search criteria in which a search engine returns results related to your dork. The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks.
Basic Formula of dork,
"inurl:."domain"/"dorks" "
So you would normally understand it like this:
"inurl" = input URL
"domain" = your desired domain ex. .gov
"dorks" = your dork of your choice
Do you really think inurl: is the only google dork that you can use? Wrong there are many you can use!
You can use following words instead of inurl :
intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
froogle:
info:
movie:
weather:
related:
link:
All these also help yo find other things then vulnerables.
Anyway now I am going to explain you how to use some for finding vulnerability in websites.
1: intitle:
You can use the intitle to find anything in the title of the website. Which also could be usefull to find downloads or anything else.
intitle:rte/file_uploud
This is an example to find rte vulnerables.
2: inurl:
The inurl basicly looks for anything after the : in the site urls.
inurl:index.php?id=
3: intext:
you can find literally everything using intext, you could even use the inurl dorks whit this.
intext:"powered by mybb"
Using it we could find certain messages in a site. Above message looks for all mybb forums. Which means if I ever find a vulnerability in mybb forum and know how to locate it! then I can find out every mybb forum vulnerability using this dork.
4: define:
Google will define this massage and will look for what had this error for example,
define:"sql syntax error"
5: site:
Obvious, when we will use it, google will looks for a site .
site:cocacola
Google will look for any site related with cocacola.
6: phonebook:
It will look for the phone number related to it given name.
phonebook:wildhacker
7: maps:
Google will look on google maps for your search.
8: book:
Google has an online library store. If you want to find interesting books use this dork.
book:java language
This will look for any book gogole hase indexed whith java language in it.
9: froogle:
Used for froogle search instead of google.
10: info:
google looks for anything you inputted but only information about string which you have puted next to info: .
info:firefox
Above dork will show you alot off things about firefox like what is firefox etc.
11: movie:
You can find information about movies on google using this dork.
movie:watch hackers2 online
12: weather:
You can find information about weather on google using this dork.
weather: 21/12/2011 london
13: related:
This will look for anything related to what you have entered next to related: .
related:egg
Google responds whith sites about chickons laying eggs.
14: link:
This one will works better instead of only looking in search url, it will also look in the site for urls that possibly are vulnerable.
link:index.php?id=
This is verry usefull I would say even more then inurl.
Vulnerability Approach :
Once you search website using above dorks, now its time to check whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.
So our site will look like this,
http://www.site.com/index.php?id=123'
If the site is vulnerable, you will see the following error or something similar somewhere on the page.
" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "
If you get this, the site should be vulnerable. So far so good!
Now you can use either Havij SQL Injection Software to hack website or Manual website hacking technique.
Thats it...
So friends, I hope you will like this
Creating Your Own Google Dorks And Find Vulnerability In Website Tutorial.
I have personally tested this method and found all are working. If you have any problem in above article, please mention it in comments section.
Enjoy Website Hacking ........
Filed Under: Website Hacking
If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates.
Subscribe Now!
Do you need to know what your child is doing on the computer? Do you want to know what your loved ones or spouse or kids are doing on the computer? Do you need to monitor what your employees are doing during work hours? Are they working or playing?
Winspy Keylogger
is intended to help you in these kind of situations. It can show you exactly what is being done on the computer at any time.
Click Here To Download Winspy Keylogger
