Google dorks, many have heard of them but few know what they are. Do Google dorks hurt my website? That depends on your website, but let’s first breakdown what they are.
Google dorks is simply a way to refer to a refined Google search using special built-in Google features like inurl:crazy or intext:crazy or “crazy” – insane. We will now break down each one and what it does. If you did a search inurl:crazy it will return results for all urls with crazy in them and if you do a search for intext:crazy, it will return all meta descriptions and other text it detects and displays with crazy in it. The third example is the best one, because that will only show you results for the word crazy, but not if the word insane is in the title or description.
How can Google dorks hurt my website or get it hacked?
Certain files are easy to find using Google dorks, we’ve been able to view web hosts databases, electric grids, things you wouldn’t imagine are connected to the internet. We aren’t going into what Shodan is today, but let’s just say this is nothing compared to what you can find using Shodan.
We viewed one of John McAfee’s companies using google dorks and discovering a vulnerability that impacted their security. We reported it to Mcafee and the developers of the product and it was fixed. We do find it humorous that John says he loves hackers to hack him, because he gets attacked first with the newest attacks, when this issue has been known since the early 2000’s. In McAfee’s defense his company didn’t write the code for this software, they simply were using it without a security audit of the code.
With Google dorks, you never access the website, that is if you are smart. Instead, you go to Google cache and anything that happens is indexed by Google and on Google’s domain, so you are viewing a copy of a website that Google hosts. If you go beyond viewing, then you may be in trouble.
Google dorks are powerful and can find all sorts of things that shouldn’t be openly accessible to the web, but for some reason are.
So, are you vulnerable to Google dorks? Hire us and you will find out so much more, like if you are vulnerable to SQL injections, XSS, CSRF, etc.