Everyone knows it, Google is a source of
information impossible to circumvent. Whether it is for a standard user or an initiated hacker
Maybe you don't know Google has launched a new service: Google CodeSearch.
Still in beta, this new service proposes to you to find
portions of source codes in various languages: PHP, C, Pearl
more than
14 in all!
Until there, it is rather a good news. The engine
allowing to find functions already used and not to have to reinvent the
wheel for each new program. Yes but, the problem is that GoogleBot indexes all on its passage,
including files (.ZIP or .TAR for example). It vould be a serious threat : Google Code Search makes it possible to find all kinds of
things: developers comments, bugs, nonencrypted
passwords, etc
Here some examples of possible research:
slip by: \ .js$ XMLHttpRequest
Seek the XMLHttpRequest expression in all the files carrying like extension .js
backdoor password (warning|shell)
Without comment
hello world! Lang: C
How to write hello world out of C.
By seeing the possibilities of research, you imagine all the diversions that could be done. Note that thanks to this new service of
the Google laboratories, some hackers fell on the serial generator for WinZip.
|