Google Dork can be considered as one of the traditional and old ways of extracting sensitive information from the website such as email addresses and lists, login credentials, and gain website vulnerabilities within the web application.
List of Google Dork Operator
There is a lot of Google Dork Operator that can be used for this activity but the following Google Dork Operator is the one that I been using around 6 years ago.
- site: url filtype: php
Allinurl dork can be used to extract any specified characters within the URL.
For example on the dork would be something like
allinurl client area
Inurl would be the similar dork as allinurl but it normally will be a handful if it was used with one single keyword.
Besides the function above, the dork can also be used to gain privilege by doing something like
3. site: url filetype: php
The dork will filter the filetype which here I will put PHP and MySQL as an example from the example URL.
The dork would like something like follow:
site: http://www.example.com filetype: php
filetype:sql “insert into” (pass|passwd|password)
filetype:sql (“values * MD5” | “values * password” | “values * encrypt”)
The dork above will be used to search any various keywords inside the title or anywhere within the pages.
Example of the intitle will look like below:
intitle “Powered by WordPress”
Besides the dork that I mentioned above, there is a few more dork that can be used during this activity. An example of those can be seen as follows:
Those remaining dork can be used to gain any additional information that needed for the attacker to proceed. It also can be used on MySQL queries where the attacker can gain information related to MySQL.
MySQL dork example
Below are MySQL dork example that can still used today depending on the MySQL database configuration:
view_items.php?id= home.php?cat= item_book.php?CAT= www/index.php?page= schule/termine.php?view= goods_detail.php?data= storemanager/contents/item.php?page_code= view_items.php?id= customer/board.htm?mode= help/com_view.html?code= n_replyboard.php?typeboard= eng_board/view.php?T****= prev_results.php?prodID= bbs/view.php?no= gnu/?doc= zb/view.php?uid=
Source: Google SQL dork 2019