[23177] in bugtraq
How to use Google to find confidential informations
daemon@ATHENA.MIT.EDU (Vincent GAILLOT)
Mon Nov 19 11:41:16 2001
To: bugtraq@securityfocus.com
Message-ID: <1005916111.3bf50fcf3a267@tc-mail.insa-lyon.fr>
Date: Fri, 16 Nov 2001 14:08:31 +0100 (CET)
From: Vincent GAILLOT <vgaillot@telecom.insa-lyon.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hi, I am a french student and I heard recently about the capacity of google to
deal with documents from Word, Excel or Powerpoint.
Intested in that fact, I decided to experiment some words and expression
(with ") to look for (sorry if my english is not perfect..) and I found some
combos that give enormous results.
In google, if you type things like :
1)"Index of /admin"
2)"Index of /password"
3)"Index of /mail"
4)"Index of /" +banques +filetype:xls (for france...)
5)"Index of /" +passwd
6)"Index of /" password.txt
And you can continue as long as your imaginatio is active.
For example of my results, I saw great informations from the central banks of
Luxemboug and Switzerland, could admin a SQL server, ...
So, I don't know if it is a great technical bug, but I know about hacking and
security (I would like to be a security consultant later..) (and I am looking
for a training in security in a foreign country like US or England...) and even
if we don't get root access immediatly, it is a great step for social
engineering and spying.
I hope you will answer me very soon.
I love your web site !!!
