lang:php (ECHO|PRINT) .*\$_(GET|POST|COOKIE|REQUEST|FILES)
100,000+ results
How About some SQL Injection exploits?
lang:php query\(.*\$_(GET|POST|COOKIE|REQUEST|FILES).*\)
3000 results
hrmm I wonder how easy it is to find host,user,pass for mysql databases…. Lets try:
lang:php mysql_connect\((”|’)[a-zA-Z0-9_.]+(”|’),(”|’)[a-zA-Z0-9]+(”|’) -localhost -127.0.0.1 -192.168
100 results found.
This query might be a little puzzling for those that are not Google ninjas like me so.. I will explain. Basically we are checking for anything that ends in .php extension. Then we search the file for mysql_connect. If it contains Mysql we look for the pattern of a connection string. lastly we use the minus sign to get rid of all localhost databases (cause we cant access them).
So did we find anything interesting? Well…
Lets just look at the first 10 results:
www.ubio.org/downloads/XID.TAR.gz - Unknown License - PHP
connect.php
$connection = mysql_connect(”RANSOM”,”GlobalWebUser”,”goober8″) or die(”Couldn’t connect.”);
$db_name = “dwf”;
Now in this case RANSOM is probably a local box…
ohh whats this:
$f = mysql_connect(”zeus.mbl.edu”,”tns”,”");
if (empty($limit)) $limit=50;
hrmm intersting….
more?
$db=mysql_connect(”62.149.150.11″,”Sql43254″,”M9dKTz3M”);
$selezione=mysql_select_db(”Sql43254_4″, $db);
I can post tons of other examples but I think I have made my point. Watch your logs for people coming from google code search and always make sure your running the latest version of your software.
Also keep in mind my searchers were only looking for .php files. This is a small percentage of all the different languages and filetypes out there.
Be scared. Be very scared.
source
0 comments:
Post a Comment