Google Dorking or Google Hacking is a search technique that involves advanced operators to craft specific search queries.
These search queries could provide SERPs (Search Engine Results Pages) with a list of vulnerable sites.
The exploitation of the Google Search Engine makes it possible to look up sensitive data and vulnerable websites without special software tools or knowledge. (Some of the advanced search operators are available on the Google Advanced Search page).
There are several advanced operators that you can use on Google Search like cache, link, related, info, define, stocks, site, allintitle, intitle, allinurl, inurl and more.
Each one of these operators has its rules. Some of them could be used alongside other operators, and some of them could be used alone only.
Some of these operators are safe, but some of them can provide valuable information for attackers.
First of all, we need to mention, that Google Dorking or Google Hacking could be used against any content management system or server.
In most cases, attackers will look for browsable directories, sensitive information like usernames, passwords, error logs, backup archives, and more.
All these dangerous data exposures have one common cause – insecure server configuration. We did a small research to try many Google Dorks in action, and that’s what we found out.
Search operator “cache” could endanger your WordPress website if the Google Search index includes cached versions of sensitive files.
We were able to craft a search query that gave us search results with the “wp-config.php” file content of several websites.
We were unable to access the wp-config.php file itself because of access restrictions, but we found cached versions of these files made by Google when these files were freely accessible due to unrestricted directory browsing.
In most cases, there were renamed wp-config files with txt extensions (wp-config.txt and wp-config.php.txt). These files included all necessary information to connect to the SQL database, and with such data, you can overtake the WordPress site in a few minutes.
Search operators “allintitle” and “intitle” are dangerous too. We were able to make search queries to get the search results with sites that have unrestricted directory browsing.
It is worth mentioning that we could browse all files and folders on unprotected servers. Moreover, we were able to download WordPress backup archives from several servers and extract database logins from wp-config.php files that were also included in the backup archives.
We have made several attempts to look up the search results with direct links to sensitive WordPress files and we succeeded. Same here. We accessed files from servers with unrestricted directory browsing.
Finally, we tried to refine search queries with other operators like “ext:”, “filetype:”, “intext:”, and several more. The results were a bit disappointing.
There are thousands of websites endangered by simple server security misconfigurations, and there are a lot of servers with unrestricted directory browsing.
The most frightening fact is that basically, anyone with minimal knowledge can do a lot of damage just by using Google Dorking.
In conclusion, we would like to say that site owners should feel a greater responsibility for the sites and data security.
It’s crucial to check out the server configuration and take all necessary actions to protect all files and all data at least from such easy access by anyone.
There are many costly and time-consuming problems to face when your site gets hacked (for example Google blacklist) so it's important to prevent these things from happening.
We will write another post that will help you to understand the basics of server security configuration and to protect your WordPress website and its sensitive data by restricting access from the outside.