Part one is Available here: Evil Things to type into Google

More searches which Mother Nature never intended! Most of these are handy for finding security exploits on your own site; simply add a string from your own domain’s URL to check. But really, why limit ourselves? If it has an evil purpose, I’m including it. By the way, there is nothing illegal about typing in a search string; it is up to the website to secure this data. It’s what you DO with this information that you find which makes all of the difference.

signin filetype:url - OK, class, this is how we do NOT use Javascript to manage our passwords. Any questions?

“index of /” ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl ) - A great way to find file upload pages on websites. Most of these will be password protected; every now and then you find one that isn’t! Like this German Spanish site…

I guess some civic-minded folk want to provide you with free file storage…

(intitle:”WordPress › Setup Configuration File”)|(inurl:”setup-config.php?step=1″) - WordPress has become one of the leading blog systems out there. So you should be aware that if you run WordPress, there are black-hat hackers out there working around the clock to find a vulnerability on your site. Some of the hits returned from this search will be people who never configured it after they installed it, so it’s waiting for anyone to find it and take over.

Now that we’re done plowing through all of the boring security research stuff, here’s a couple of cute tricks. In these last two cases, these may not be security violations at all; they might be intentionally giving the stuff away and the worst you’re doing is bypassing an ad or two.

DSC00001.JPG - This was in a lot of bookmark sites lately. What you do is search Google images for this string… and if nobody else is looking, turn “safe search” off! What this is is the default naming scheme for image files taken on Sony digital cameras. People post the picture without renaming it. And don’t forget DSC00002.JPG, DSC00003.JPG, and so on.

Judging by my browsing so far, the first thing most people photograph is their girlfriend.

intitle:”index of” ”last modified” ”parent directory” (wmv|mp3) - At last the one everybody was waiting for: finding free media! Now, this example gives you directories with movie files in either MWV (Windows Media Viewer) or MP3. To find files on a particular subject, just enter the name of that subject. I’ll not speculate on what kind of movies you might be looking for - but I’m sure you’ll think of something!

To change that to some other media file, you can try replacing wmv with jpg for images, wav for sounds, etc. The trouble is, this hack is so old that a number of adult porn sites have deliberately set up their web pages to mimic this result, where, of course, you end up with a pop-up demanding credit card data or getting link-jacked to a malware site.

Have fun, and remember that I gave you all this handy info in the good faith that you’ll only use it responsibly.

Popularity: 73% [?]

Related Posts:

• Evil Things to Type into Google - part 1
• I’ve been Digged.
• Search Engine Study - part 4: Making Your Site Search-Engine Friendly
• New Wordpress security fix released (2.2.2 and 2.0.11)
• Search Engines - a look under the hood

---