Java Reference
In-Depth Information
Whois Record
Site Profile
Registration
Server Stats
My Whois
Server Data
Server Ty pe:
IP Address:
IP Location:
Response Code:
Domain Status:
Apache/2.0.46 (Red Hat)
124.153.107.66 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
- Kamataka - Bangalore - Netmagic Datacenter
200
Registered And Active Website
Figure 12.7
Server and oS Information enumerated from an Internet WHoIS Service.
return with information about whether the page is access controlled or can be accessed without
any access control requirement. he tester gains valuable information from a Web application
spidering process. he tester gains an understanding of the directory structure of the Web applica-
tion and, by doing so, can perform speciic tests of security against each page or against the Web
application in general.
12.2.1.4 Search Engine Reconnaissance
Search engine reconnaissance is a relatively new method of information gathering for Web
application security testing. Crafted search queries in search engine Web sites provide key
information about the target Web application/Web site. Search engine queries reveal several
pieces of sensitive information about the target Web application/Web site. Crafted search
engine queries have revealed several sensitive directories in the Web application like passwords,
logs, and application error messages. For instance, nonsecure Web sites may contain password
iles that are not protected, and by crafting search queries into a search engine, testers and
attackers may be able to gain access to password iles or restricted server folders containing
passwords. he search query “allinurl: cgi-bin password” on Google's search engine provides
access to password iles and processes that reveal sensitive information about Web applications
and Web sites revealing sensitive information like passwords. Figure 12.8 is the screenshot of a
Google query to ind passwords.
Several search engines like Google also cache Web pages of Web sites and Web applications,
which can reveal possible security vulnerabilities that may have been present in the Web site/web
application as of a previous date. For instance, if a Web site containing malicious code was taken
of the Internet after its discovery, cached pages in search engine results would still have the older
(infected) pages, which allows hackers to create multiple malicious Web pages with various other
hosting providers. Testers must also check for cached pages containing such vulnerabilities and
bring them to the notice of the organization.
Search engines can also be used for Web spidering. For instance, using the Google search
query “site:” followed by the domain name that is to be tested, one can enumerate all the
indexed pages and directories present in the Web application. herefore, the tester does not
only have to rely on a tool to perform Web spidering but can also use search engines to per-
forming the spidering activity.
Search WWH ::
Custom Search