Google Search Vulnerabilities

Dorking is a legal but specialised sub-set of Google searching

Google dorks are keyword searches that look for specific website content rather than searching for a general subject. They can be used to find exposed confidential information.

It was reported in 2020 that the collaboration site Trello exposed data to dork searches within its public documents. Trello boards are by default private and as such are not vulnerable to these searches. The Trello dork searches listed publically by Darkrain no longer reveal sensitive information.

Google dorks are a useful tool for ethical hacking, penetration testing and evaluating a business’ own web exposure. YeahHub provide a handy beginner’s guide to useful, simpler dorks. A simple starting dork is link: which will look for instances of a url link on the web and show who is referencing that site. For example; link:kindus.co.uk will bring up other sites that link to kindus.co.uk giving an indication of websites that link into Kindus. A view of the results will show that amongst the useful results are some that are run by Kindus and that several of the ‘hits’ have no relation or link to Kindus in any way shape or form.

The search phrases can also be chained together for more refined results. There is a list of the most popular dorks of 2022 on boxpiper. These clearly show the use of dorks within the hacking community and the applications that they might be targeting.

Sensitive information should never be publically exposed on the web: If it is not there then the criminal is not going to find it. There will always be a need to share some data and a race between ‘secure’ ways to share data and hacks to break through that security. If a page or site is password protected it will still show up on a search but a hacker will not be able to access its contents.

Google dorks have been around for years and if nothing sensitive is exposed should not be a worry. Running dorks is not illegal but access to data from such searches could break the law. Dorks can be blocked by setting up a robots.txt file in the root of the web directory to block or restrict search engine indexing.

More from Privacy & Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

18/11/2024

Data Privacy in Job Recruitment

The online job-market business model involves building up a bank of CVs and matching those with possible job vacancies.  Unlike an old school recruitment …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories