1.3 How Do Google Dorks Find exposed data on my site if they don’t know about my site?

What is a Google Dork query?

Google dork queries isn’t a way to hack, it is a way to refine a google search query. These queries are features most people forgot exist in Google Search, that let you optimize your results. Say you want to know about the story man in the moon, but don’t want to get the results for man on the moon. Then you would simply write your search as intext:”man in the moon” -intext:”man on the moon” – intext:”men on the moon” . I know some could say you can simplify that search by removing the intext, but what you’re looking for is in the text, so that google search parameter, also known as a google dork is best in this situation. Now you will only get results for man in the moon.

Google Dork queries Can Be Used For Evil!

Google dorks can be used for evil, which is why you need to protect your customers data. We’ve heard all sorts of reasons why companies won’t secure areas “there is no link to that section” “no one will look for that on our site”, but none of those things matter or are true. Google can find links that aren’t linked to, if it is searching a site granted it is harder, but they still succeed to do so.

This can expose your customers information, like say your customer has a bunch of sql files where all their customers data is exposed, do you think that will show up in search? Odds are if you know what to type in it will appear, which can expose your customers data, but not everyone using this ability is using it for evil, some of us are trying to use it to inform companies about the issue.

Let’s say a site has no search bar, go to Google and type in site:example.com “example” this would bring up a page on example.com with the words example. You can search by site:.gov even by file type using the Google dork filetype: . I don’t have to give your imagination much to work with, because filetype, you’re usually able to obtain some, if not all of the sites data, though it is a lot better than it was in 2012.

How do Google Dorks Use Google Cache?

While we don’t want to dive in to great specifics, even Google themselves published the most useful dork of them all cache: now, what is Google cache? Google cache is a saved copy of what is on that site, so if you don’t want to visit that site going to the google cache version of the site is great. If you don’t want the site to know you visited it, alter the google cache link to turn off javascript. This will help prevent the site knowing you viewed it in Google Cache.

How Do Google Dork Queries Find Vulnerable info on my site if you don’t know about my site?

This is a pretty logical question that people think is fact “If you don’t know about my site, you can’t find the exposed info on my site, I am a small company”, unfortunately that logic is flawed. As shown above in our man in the moon search, we didn’t specify a site, we simply searched google and filtered out man on the moon results. We also discussed other things like being able to search by .com, .gov, etc. using site and of course you can use filetype: to look up any filetype you want. So, you don’t need to specify a site to find out what is on that site, which makes protecting your customers data even more important.

We are great at this and if you need any help, feel free to contact us or hire our cyber-security experts to help secure your site for you.