Professional Documents
Culture Documents
Di y tho lun v nhng lnh c bit ca Google v ti s gii thch tng lnh
mt cch ngn gn v ni r n c s dng nh th no tm kim thng tin.
[ intitle: ]
C php intitle: gip Google gii hn kt qu tm kim v nhng trang c cha t
trong tiu . V d, intitle: login password (khng c ngoc kp) s cho kt qu
l nhng link n nhng trang c t login trong tiu , v t password nm
u trong trang.
Tng t, nu ta mun truy vn nhiu hn mt t trong tiu ca trang th ta c th
dng allintitle: thay cho intitle c kt qu l nhng trang c cha tt c nhng
t trong tiu . V d nh dng
intitle: login intitle: password cng ging nh truy vn allintitle: login password.
[ inurl: ]
C php inurl: gii hn kt qu tm kim v nhng a ch URL c cha t kha tm
kim. V d: inurl: passwd (khng c ngoc kp) s cho kt qu l nhng link n
nhng trang c t passwd trong URL.
Tng t, nu ta mun truy vn nhiu hn mt t trong URL th ta c th dng
allinurl: thay cho inurl c kt qu l nhng URL cha tt c nhng t kha
tm kim.V d: allinurl: etc/passwd s tm kim nhng URL c cha etc v
passwd. K hiu gch cho (/) gia cc t s b Google b qua.
[ site: ]
C php site: gii hn Google ch truy vn nhng t kha xc nh trong mt site
hoc tn min ring bit. V d: exploits site:hackingspirits.com (khng c ngoc
kp) s tm kim t kha exploits trong nhng trang hin c trong tt c cc link
ca tn min hackingspirits.com. Khng c khong trng no gia site: v tn
min.
[ filetype: ]
C php filetype: gii hn Google ch tm kim nhng files trn internet c phn m
rng ring bit (V d: doc, pdf hay ppt v.v). V d : filetype:doc site:gov
confidential (khng c ngoc kp) s tm kim nhng file c phn m rng l .doc
trong tt c nhng tn min ca chnh ph c phn m rng l .gov v cha t
confidential(b mt) trong trang hoc trong file .doc. V d . Kt qu s bao gm
nhng lin kt n tt c cc file vn bn b trn cc site ca chnh ph.
[ link: ]
C php link: s lit k nhng trang web m c cc lin kt n n nhng trang
web ch nh. V d :
chui link:www.seochuyennghiep.vns lit k nhng trang web c lin kt tr n
trang ch SecurityFocus.
Ch khng c khong trng gia link: v URL ca trang Web.
[ related: ]
C php related: s lit k cc trang Web tng t vi trang Web ch nh. V d :
related:www.seochuyennghiep.vns lit k cc trang web tng t vi trang ch
Securityfocus. Nh rng khng c khong trng gia related: v URL ca trang
Web.
[ cache: ]
Truy vn cache: s cho kt qu l phin bn ca trang Web m m Google lu
li. V d:
cache:www.seochuyennghiep.vns cho ra trang lu li bi Googles. Nh rng
khng c khong trng gia cache: v URL ca trang web.
Nu bn bao gm nhng t khc trong truy vn, Google s im sng nhng t ny
trong vn bn c lu li.
V d: cache:www.seochuyennghiep.vn seo s cho ra vn bn c lu li c t
seo c im sng.
[ intext: ]
C php intext: tm kim cc t trong mt website ring bit. N pht l cc lin kt
hoc URL v tiu ca trang.
Index of /password
Index of /mail
Index of / +passwd
Index of / +password.txt
Index of / +.htaccess
Index of /secret
Index of /confidential
Index of /root
Index of /cgi-bin
Index of /credit-card
Index of /logs
Index of /config
Tm kim cc site hoc server d b tn cng s dng c php inurl: hoc allinurl:
a. S dng allinurl:winnt/system32/ (khng c ngoc kp) s lit k tt c cc lin
kt n server m cho php truy cp n nhng th mc gii hn nh system32
qua web. Nu bn may mn th bn c th c quyn truy cp n file cmd.exe
trong th mc system32. Mt khi bn c quyn truy cp n file cmd.exe v c
th thc thi n th bn c th tin ln xa hn
leo thang quyn ca bn khp server v lm hi n.
b. S dng allinurl:wwwboard/passwd.txt(khng c ngoc kp) trong
Google search s lit k tt c cc lin kt n server m d b tn cng vo tnh d
b tn cng mt khu WWWBoard. bit thm v tnh d b tn cng ny bn c
th vo link sau y:
http://www.seochuyennghiep.vn/exploits/2BUQ4S0SAW.html
inurl:iisadmin
inurl:auth_user_file.txt
inurlrders.txt
inurl:wwwroot/*.
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls restricted
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Tm kim cc site hoc server d b tn cng dng intitle: hoc allintitle:
a. S dng [allintitle: "index of /root] (khng c ngoc vung) s lit k cc lin kt
n cc webserver(my ch Web) cho php truy cp vo cc th mc gii hn nh
root qua giao din web. Th mc ny i khi bao gm cc thng tin nhy cm m
c th d dng tm c tqua nhng yu cu Web n gin.
b. S dng [allintitle: "index of /admin] (khng c ngoc vung) s lit k cc lin kt
n cc website cho php duyt ch mc cc th mc gii hn nh admin qua giao
din web. Hu ht cc ng dng web i khi s dng tn nh admin lu quyn
admin trong . Th mc ny i khi bao hm cc thng tin nhy cm m c th d
dng tm c qua cc yu cu Web n gin.
Nhng tm kim tng t dng intitle: hoc allintitle: kt hp vi cc c php khc
intitle:Index of .sh_history
intitle:Index of .bash_history
intitle:index of passwd
intitle:index of people.lst
intitle:index of pwd.db
intitle:index of etc/shadow
intitle:index of spwd
intitle:index of master.passwd
intitle:index of htpasswd
intitle:index of members OR accounts
intitle:index of user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Nhng truy vn tm kim th v khc
tm nhng site d b tn cng bng phng php Cross-Sites Scripting (XSS):
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
tm nhng site d b tn cng bng phng php SQL Injection:
allinurl:/privmsg.php
allinurl:/privmsg.php