Information Security

Google Dork

Posted Wan Ariff

Google Dork can be considered as one of the traditional and old ways of extracting sensitive information from the website such as email addresses and lists, login credentials, and gain website vulnerabilities within the web application.

List of Google Dork Operator

There is a lot of Google Dork Operator that can be used for this activity but the following Google Dork Operator is the one that I been using around 6 years ago.

  1. allinurl
  2. inurl
  3. site: url filtype: php
  4. intitle

1. allinurl

Allinurl dork can be used to extract any specified characters within the URL.

For example on the dork would be something like

allinurl client area

2. inurl

Inurl would be the similar dork as allinurl but it normally will be a handful if it was used with one single keyword.

Besides the function above, the dork can also be used to gain privilege by doing something like

inurl: administator

inurl: /proc/self/cwd

3. site: url filetype: php

The dork will filter the filetype which here I will put PHP and MySQL as an example from the example URL.

The dork would like something like follow:

site: http://www.example.com filetype: php

filetype:sql “insert into” (pass|passwd|password)

filetype:sql (“values * MD5” | “values * password” | “values * encrypt”)

4. intitle

The dork above will be used to search any various keywords inside the title or anywhere within the pages.

Example of the intitle will look like below:

intitle “Powered by WordPress”

Remaining Dork

Besides the dork that I mentioned above, there is a few more dork that can be used during this activity. An example of those can be seen as follows:

intext:
define:
site:
phonebook:
maps:
book:
info:
movie:
weather:
related:
link:

Those remaining dork can be used to gain any additional information that needed for the attacker to proceed. It also can be used on MySQL queries where the attacker can gain information related to MySQL.

MySQL dork example

Below are MySQL dork example that can still used today depending on the MySQL database configuration: 

view_items.php?id=
home.php?cat=
item_book.php?CAT=
www/index.php?page=
schule/termine.php?view=
goods_detail.php?data=
storemanager/contents/item.php?page_code=
view_items.php?id=
customer/board.htm?mode=
help/com_view.html?code=
n_replyboard.php?typeboard=
eng_board/view.php?T****=
prev_results.php?prodID=
bbs/view.php?no=
gnu/?doc=
zb/view.php?uid=

Source: Google SQL dork 2019

Leave a Reply

Your email address will not be published. Required fields are marked *