Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets. Mostly this information includes configuration and source code files, sensitive data, database information, etc.
This technique makes use of the Google Search engine to search for specific information regarding an individual, a group of individuals or targets in general. This particular hacking technique makes use of advanced operators in the Google search engine in order to discover specific information or strings of text in the search results. The advanced search string could include the version of a vulnerable web application or a specific file-type (e.g. .pwd) in order to further restrict the search. The search can also be restricted to pages on one site or it can search for specific information blindly across all websites, giving a list of sites that contain the information.
For instance, the following search query intitle:index.of filetype:sql will list all the sql files available that have been indexed by Google, whereas inurl:”ViewerFrame?Mode=” will list all public cameras on the web….
Continue reading the Acunetix Blog.