Results 1 to 5 of 5

Thread: A hacking tool getting hacked

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    A hacking tool getting hacked

    I have seen some discussions on Ao regarding google hacking(so called) but how about this news I know i am late as it was released on 6th of Dec but can't stop myself from posting this one here:


    A web site (picasa.google.com) belonging to Google has been defaced on saturday by the Brazilian defacer Xfaulz.

    Picasa is a software package for managing photos, the company has been acquired by Google earlier this year. The server hosting the Picasa web site isn't part of the Google network, Xfaulz compromised it by exploiting the highlight parameter processing vulnerability in phpbb2 (some exploits allowing remote command execution are publicly available), the forums of Picasa are available at http://forums.picasa.com . According to our database, this defacement remains the only digital attack against Google Inc.

    The screenshot of the defacement is available here: http://www.zone-h.org/en/defacements/mirror/id=1775926/
    I was just wondering how defacer defaced that?
    here is my guess
    1) he went to google
    2)searched for inurl:viewtopic.php
    3)saw a google site there and ding dong.....LOL

    how is that?
    anyways here is a description of vulnerability if anyone interested http://seclists.org/lists/bugtraq/2004/Nov/0185.html

    now is google compromising its own security?
    nobody is perfect i am nobody

  2. #2
    Google has always had the downside of allowing those who did not secure their system properly to have it open to the public. (ie: http://www.google.com/search?q=passw...en-US:official and http://www.google.com/search?hl=en&l...22&btnG=Search )


    However the question must be raised, even in the news case of it being google's site, should we blame google for opening up what is already open to the public? Or should we blame the administrators for incorrect permission settings?

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    That's a lot like the question is it my fault I went naked on a private and secluded beach or is it the papperazi's publishers fault for publishing the picture he got with his 1600mm lens from 1/2 a mile away"?

    Personally, the publisher is the dumb one...... Circulation would drop 50% at a minimum....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Interesting article/read there, littlenick. IMO the answer to your question is sort of (leaning towards yes). Whenever you offer someone a road to a "plethora of knowledge", your bound to have the negative effects of it that stem come back to bite you in the ass. In this case, the defacer used googles own searching help for help on his defacement. I'm sure this isn't the first time this has been done, I'm just sure this is one of the first that's directly involved with google on the recieving end of things.

    EDIT: Check this out, it isn't even that new.. just simply go here
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by poohsuntzu
    However the question must be raised, even in the news case of it being google's site, should we blame google for opening up what is already open to the public? Or should we blame the administrators for incorrect permission settings?
    You are right even if google takes some precautions attacker can make software to do exactly what google does they can even make a simple search engine to do what google does currently By the way did you guys take a look at http://www.antionline.com/showthread...hreadid=264479
    post by MsMitten ?

    Take a look at that software.It is a cool one and gives you out information on various ports not only on 80 I guess it is an alternative to google hacking as google only provides search for various files on port 80 with this software you can search a web server on any port i used it on my web site and results i found were great and threatning.

    It gives out complete directory structire on a perticular port,tells you what files do they contain,subfolder etc and softare running on that port it even tells you whether you have access to a perticular directory or not.
    To do that type in adderss bar [url]http://website.com:port number

    Well may be not an alternative to google hacking as it does not search the whole web for a perticular port number or a perticular software or a perticular file but it is just cool one try it.
    nobody is perfect i am nobody

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •