Google Dorking can expose your WordPress site vulnerabilities

Google Dorking or Google Hacking is a search technique which involves advanced operators to craft specific search queries. These search queries could provide SERPS (Search Engine Results Pages) with a list of vulnerable sites. Exploitation of the Google Search Engine makes it possible to look up for sensitive data and vulnerable websites without special software tools or knowledge (some of the advanced search operators are available on the Google Advanced Search page).

Google Dorking search strings and search results

There are several advanced operators that you can use on Google Search like cache, link, related, info, define, stocks, site, allintitle, intitle, allinurl, inurl and more. Each one of these operators has its rules. Some of them could be used alongside with other operators, and some of them could be used alone only. Some of these operators are safe, but some of them can provide valuable information for attackers.

  • cache – look up for included keywors on cached pages
  • link – look up for pages linking to included url.
  • related – look up for the similar pages of given url.
  • info – look up for the info gathered by Google about the included url.
  • define – look up for exact included phrase or words in given order.
  • stocks – look up for the stocks, Google will use keywords of the query as stock ticker symbols.
  • site – look up for any search results by restricting them to one included domain name.
  • allintitle – look up for indexed pages with titles that have all the keywords included in the search query.
  • intitle – look up for indexed pages with titles that have keywords included in the search query (any of given keyword, several of them or all of them).
  • allinurl – look up for indexed pages with url that have all the keywords included in the search query.
  • inurl – look up for indexed pages with url that have keywords included in the search query (any of given keyword, several of them or all of them).

Google Dorks potentially dangerous to WordPress sites

First of all, we need to mention, that Google Dorking or Google Hacking could be used against any content management system or server. In most cases, attackers will look for browsable directories, sensitive information like usernames, passwords, error logs, backup archives and more. All these dangerous data exposures have one common cause – insecure server configuration. We did a small research to try many Google Dorks in action, and that’s what we found out.

  • Search operator “cache” could endanger your WordPress website if Google Search index includes cached versions of sensitive files. We were able to craft a search query that gave us search results with the “wp-config.php” file content of several websites. We were unable to access wp-config.php file itself because of access restrictions, but we found cached versions of these files made by Google when these files were freely accessible due to unrestricted directory browsing. In most cases there were renamed wp-config files with txt extensions (wp-config.txt and wp-config.php.txt). These files included all necessary information to connect to the SQL database and with such data, you can overtake WordPress site in a few minutes.
  • Search operators “allintitle” and “intitle” are dangerous too. We were able to make search queries to get the search results with sites that have unrestricted directory browsing. It is worth mentioning that we could browse all files and folders on unprotected servers. Moreover, we were able to download WordPress backup archives from several servers and extract database logins from wp-config.php files that were also included in the backup archives.
  • Search operators “allinurl” and “inurl” also appeared dangerous. We have made several attempts to look up for the search results with direct links to sensitive WordPress files and we succeeded. Same here. We accessed files from servers with unrestricted directory browsing.
  • Finally we tried to refine search queries with other operators like “ext:”, “filetype:”, “intext:” and several more. The results were a bit disappointing. There are thousands of websites endangered by simple server security misconfigurations, and there are a lot of servers with unrestricted directory browsing. The most frightening fact is that basically, anyone with minimal knowledge can do a lot of damage just by using Google Dorking.

In conclusion, we would like to say that site owners should feel a greater responsibility for the sites and data security. It’s crucial to check out the server configuration and take all necessary actions to protect all files and all data at least from such an easy access by anyone. We will write another one post that will help you to understand the basics of server security configuration and to protect your WordPress website and its sensitive data by restricting access from the outside.

, , , , ,

Trackbacks/Pingbacks

  1. WordPress backups stored unsafely can provide easy access to hackers - August 18, 2017

    […] we have tried some search queries on Google Advanced Search to look up for backup files generated by various WordPress backup plugins. We have succeeded, we […]

Leave a Reply