Skip to main content

Website Hacking: Creating Your Own Google Dorks And Find Vulnerability In Website

Website Hacking: Creating Your Own Google Dorks And Find Vulnerability In Website | Juno_okyo's Blog

A method of finding websites vulnerable to SQL injection is using what we call "dorks" 

Dorks : They are like search criteria in which a search engine returns results related to your dork. The process can be a little time consuming, but the outcome will be worth it after learning on how to use dorks.
Basic Formula of dork,

"inurl:."domain"/"dorks" "

So you would normally understand it like this:
"inurl"      =  input URL
"domain" =  your desired domain ex. .gov
"dorks"    =  your dork of your choice

Do you really think inurl: is the only google dork that you can use? Wrong there are many you can use! 

You can use following words instead of inurl : 

intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
froogle:
info:
movie:
weather:
related:
link:

All these also help yo find other things then vulnerables. 

Anyway now I am going to explain you how to use some for finding vulnerability in websites. 

1: intitle: 

You can use the intitle to find anything in the title of the website. Which also could be usefull to find downloads or anything else. 

intitle:rte/file_uploud

This is an example to find rte vulnerables. 

2: inurl: 

The inurl basicly looks for anything after the : in the site urls. 

inurl:index.php?id=

3: intext: 

you can find literally everything using intext, you could even use the inurl dorks whit this. 

intext:"powered by mybb"

Using it we could find certain messages in a site. Above message looks for all mybb forums. Which means if I ever find a vulnerability in mybb forum and know how to locate it! then I can find out every mybb forum vulnerability using this dork.

4: define: 

Google will define this massage and will look for what had this error for example, 

define:"sql syntax error"

5: site: 

Obvious, when we will use it, google will looks for a site . 

site:cocacola

Google will look for any site related with cocacola. 

6: phonebook: 

It will look for the phone number related to it given name. 

phonebook:wildhacker

7: maps: 

Google will look on google maps for your search. 

8: book: 

Google has an online library store. If you want to find interesting books use this dork. 

book:java language

This will look for any book gogole hase indexed whith java language in it. 

9: froogle: 

Used for froogle search instead of google. 

10: info: 

google looks for anything you inputted but only information about string which you have puted next to info: . 

info:firefox

Above dork will show you alot off things about firefox like what is firefox etc. 

11: movie: 

You can find information about movies on google using this dork. 

movie:watch hackers2 online

12: weather: 

You can find information about weather on google using this dork. 

weather: 21/12/2011 london

13: related: 

This will look for anything related to what you have entered next to related: . 

related:egg

Google responds whith sites about chickons laying eggs. 

14: link: 

This one will works better instead of only looking in search url, it will also look in the site for urls that possibly are vulnerable. 

link:index.php?id=

This is verry usefull I would say even more then inurl. 

Vulnerability Approach : 

Once you search website using above dorks, now its time to check whether the website is vulnerable to SQL injection or not, we simply put in a quote " ' " at the end of the url address.

So our site will look like this, 

http://www.site.com/index.php?id=123'

If the site is vulnerable, you will see the following error or something similar somewhere on the page. 

" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "

If you get this, the site should be vulnerable. So far so good! 

Now you can use either Havij SQL Injection Software to hack website or Manual website hacking technique.

Share