Sometimes you are just surfing on the Internet and of course you want to check whether a specific site is vulnerable to things like XSS, SQli and so on… like always 😉
I had a very interesting and also worrying case these days. I just found a big security flaw at a local energy vendor. One would expect that I needed a big SQLi for granting myself access to the database. Or maybe just used some kind of XSS and sent them out to a bunch of employees, so more or less a kind of social engineering, but I have to negate all of your assumptions.
I just played around with my new interest ‘Google hacking’. So, it was just a very, very simple and quite ridiculous ‘Google hack’ as you can see below (obviously I will not publish this site and will replace this local energy vendor site with our all time loved ‘example.com’ 😉 ):
After this… I would say you can not call this a ‘hack’, but okay lets simply do so 😉 … hack I just received two results, because the default site was a very static one with mainly HTML. So, we are not interested in static and !probably! (we do not like much effort) not vulnerable sites 😉
I just took a look to these both results. First hit was a 2011 dated survey which indicated to be vulnerable against some SQLi URL injection with the POST parameter, but I did not try to breach into this system via SQLi. So next page…
I opened the other result and I was completely stunned of the site which was shown to me. I just had accessed a web interface based administration console for roughly 15 different local schools. So… I just thought ‘Really guys? Really?’…. Was a quite nice and interesting view. I was able to access data back to 2006. I could really swear that a SQLi is possible, but I did not try to do so.
I said to myself ‘Lets be fair and report this issue…’ and I did it directly and even personally at their head office.
I just reported it to the receptionist, because the ONE IT guy was on holiday. Well…
A few days are gone and at least they fixed this security flaw.
After all, beware of the might of Google 😉 As you, of course, probably already know 😉