Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Google as Application FireWall

from [Andrey Bayora] Network Security [Permanent Link]
Subject: [Full-Disclosure] Google as Application FireWall
Date: Thu, 24 Feb 2005 09:12:21 -0600 
Hi list,
As you know, Google blocks some keywords in the search query like
"viewtopic.php" to stop worms attacking vulnerable sites.
Debasis Mohanty in his post
(http://seclists.org/lists/fulldisclosure/2005/Feb/0534.html) explained
how this block could be bypassed, by searching for:
"view" + "topic" + ".php"
Or
Viewtopic.php

Now these "tweaks" doesn't work any more, they are also blocked by
Google.
The world is saved from the Sanity Worm!!!........?

First, the results from the competitors:

search.msn.com
1-10 of 709,394 containing "viewtopic.php"
1-10 of 39,532 containing "phpBB/viewtopic.php"

A9.com
Search for "viewtopic.php" - Web Service temporarily unavailable.
Search for ""phpBB/viewtopic" - Showing 1 - 10 of about 261,000

search.yahoo.com
Results 1 - 100 of about 14,400,000 for inurl viewtopic php

And now the GOOGLE results:
Results 1 - 100 of about 5,890,000 for allinurl:view topic php
Results 1 - 100 of about 228,000 for inurl:view+phpBB+topic + php
Results 1 - 100 of about 1,550,000 for inurl:topic+view+php
Search for inurl:".php" ? BLOCKED.

Conclusion:
1. If google blocks (sanitize) search results ? the google users must
know the rules (what blocked, when and why).
The rules now (at least):
- inurl:".php" ? BLOCKED
- inurl:viewtopic ? BLOCKED

2. Why inurl:".php" query is blocked?
- if this is a "bug", it need to be fixed
- if not a "bug", please BLOCK .asp .asa .vbs ?get the list from
antivirus vendors :)

3. OK, it's a good intention to help to reduce the impact of worm's
attacks, BUT?
think about the next move of virus writers?as you see from above search
results, you  can't effectively block the "bad" results, so the LONG
TERM impact can be that virus writers will develop some fuzzy engine
and will still get the desired results.
For example: query for -- allinurl:view topic php -- and then passing
over ALL search results (5,890,000) and filtering for "viewtopic.php"
string in URL. The service will be overloaded much more.
This is worse problem, then the initial one!!!

Regards,
Andrey Bayora
CISSP, GCIH

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Google as Application FireWall, Andrey Bayora <=
Previous by Date:  [Full-Disclosure] Re: Incorrect Classification of iDownload's Product as Spyware..., Dave C
Next by Date:  RE: Incorrect Classification of iDownload's Product as Spyware..., Roger A. Grimes
Previous by Thread:  [Full-Disclosure] [FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws, Marc Deslauriers
Next by Thread:  RE: Incorrect Classification of iDownload's Product as Spyware..., Roger A. Grimes
Indexes:  [Date] [Thread] [Top] [All Lists]