DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
April 24, 2019 
Main Menu
News archives

Who's Online
There are currently 77 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Hackers trick Google bot into performing SQL injection attacks

Posted on Thursday, November 07 2013 @ 11:56:43 CET by

Google logo
Security researchers robots some attackers are now abusing Google's web crawler to attack websites via SQL injection. Attackers select a set of websites they want to attack, they construct all their SQL injection URLs and upload these to a webpage they control. When Google's crawler spiders this webpage it will attempt to follow all URLs it comes across so it will appear to the website owner as if Google is the source of the attack. The technique has significant limitations but it makes it much harder to track who is attacking you, while also making it a difficult thing to prevent, because IP banning Google's crawlers is undesirable.
The way it works is devastatingly simple. Imagine that there's a site you want to perform an SQL injection attack on. You construct all your SQL injection URLs for the site, and stick them into a Web page that you control. Google spiders the Web page and attempts to follow all the URLs it comes across. Since each of those URLs is an SQL injection URL, Google's crawlers attempt to perform SQL injection on the victim.

Obviously, this technique has some significant limitations: the attacker can't actually see the response to the SQL injection attacks, which limits his ability to use this technique to probe systems. However, it's also a difficult thing to prevent, because rejecting Google's crawlers is so undesirable. The only solution is to not be vulnerable to SQL injection attacks.
Source: ARS Technica



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba