Stephen de Vries came up with a few interesting Google dorks today, that I thought would be worth checking out. These are specifically targeting XSS and SQL Injection. It’s interesting because “all the world’s information” really help to speak to find large scale attacks across the internet. Being able to query all the source code in the world is being able to run a massive (poor man’s) security audit across all availible source code. This really opens the doors for large scale distributed attacks.
Google’s code search provides an easy way to find obvious software flaws in open source and example applications, e.g.:
XSS in Java apps
(Really obvious) SQL Injection in Java apps:
Ever wonder why we’re still seeing XSS in 2006?:
Of course this is a super simple list and only affects one language, but you get the idea. Funny enough this isn’t too far off from how some white box source code scanners work. Of course the better ones attempt to traverse the logic, but in a pinch this is pretty close to how it’s done. I remember finding several dozen privelage escalation and local exec holes in one PERL application I audited using almost the exact same methods.