How We Found Every Single Vulnerable Website

If you’re a security researcher and you’ve found an exploit in a commonly distributed web application, you may want to find sites that contain that vulnerable application so you can notify them.

The question is how do you find them?

image

Google Hacking Is Now Obsolete

Maybe you’ve heard of Google Hacking, a technique hackers use to find websites that contain a common filename or block of text that is present in a vulnerable piece of software by searching to find all sites containing them.  An example of this would be a Google query like

inurl:administrators.pwd

or

Powered by XOOPS 2.2.3 Final

If you are familiar with this method of vulnerability hunting, or this sort of thing interests you, you’ll be excited to know we’ve taken Google Hacking to another level.

How Does This Method Differ?

Traditional search engines only let you query the text of a webpage, not the markup. You can now find all websites that have a common piece of HTML code or JavaScript, in addition to a block of text. Here are some examples of what can done:

Websites running WordPress that are using version 3.5

Query: <meta name="generator" content="WordPress 3.5" />

imageClick to see query results

Websites with an upload form on their homepages

Query: name="MAX_FILE_SIZE"

imageClick to see query results

Websites using the Invision Power Board Forum

Query: ipsBadge

imageClick to see query results

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies.

In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

//

September 2013

How To Find New Clients For Your SEO Agency

NerdyData is a search engine for source code.  This post outlines some ways an SEO agency can use our tool to discover potential new clients, en masse.

It’s a gold rush out there for SEO agencies. As businesses come online in droves, they quickly discover that simply paying someone to develop a website will not get you the traffic you need to be profitable. Everyone wants to be at the top of a hot Google search. A criminal attorney in San Francisco who ranks for criminal attorney in san francisco will likely receive many contacts from people interested in legal representation.

Only a small percentage of websites show up in a top placement in organic search results for popular queries.  There are millions of websites that exist, but are are not optimized in a way that will make them appear for these frequently searched keywords, and so they are displaced by those that do optimize.

image

An SEO agency exists to bridge the gap between Google’s search algorithm and technologically unsavy business owners.            

We have come up with some ways an SEO agency can surface these poorly optimized sites using our search engine. Here are some examples: 


Search for sites that have “niche” and “location” in their <title> tag or on-page text, but DO NOT have a meta description tag

  • If you’re an SEO agency you could use this type of search to narrow down sites owned by “criminal attorneys” in “san francisco” that most likely doesn’t have an SEO agency because they lack a meta description tag on their web pages.

Additionally, we’ve made a number of tools that let you search within the <title> and Meta Descriptions of websites.


Search for sites that don’t have Facebook or Twitter badges, buttons, or social links on their pages.

  • There’s a good chance these sites do not have an online social presence.  Why don’t they?  These businesses could find new customers by creating a social media presence, but may not know how to create one.


Search for sites that use outdated or poorly optimized software

  • Many small business websites are using a version of a CMS, forum, or blog software that is not optimized for high volume queries in Google.  These sites are likely to already contain content, but are not designed in a way that allows them to capture search traffic for terms relevant to their business.

If you want to perform searches like these, try out NerdyData, a search engine that indexes the full source code of webpages and let’s your query using code snippets, as well as keywords.

Additionally, you can submit a request through this form and we can get in touch with you to help you uncover new business leads for your agency.

Or follow us on Twitter!

//