You Got That With Google? presented at Blackhat USA 2004

by Johnny Long (Hackers for charity),

Tags: Security Web Firewall

Summary : This presentation explores the
explosive growth of a technique known as "Google Hacking". When the
modern security landscape includes such heady topics as "blind SQL
injection" and "integer overflows", it's refreshing to see such a
deceptively simple tool bent to achieve such amazing results; this is
hacking in the purest sense of the word. Attendees will learn how to
torque Google to detect SQL injection points and login portals, execute
portscans and CGI scans, fingerprint web servers, locate incredible
information caches such as firewall and IDS logs, password databases,
SQL dumps and much more - all without sending a single packet to the
target! Borrowing the techniques pioneered by malicious "Google
hackers", this talk aims to show security practitioners how to properly
protect clients from this often overlooked and dangerous form of
information leakage.