Slashdot Mirror


Anonymizing RFI Attacks Through Google

netbuzz writes "Noam Rathaus on his SecuriTeam blog describes a technique by which 'Google can be utilized to hack into websites — actively exploiting them (not information gathering by the use of "Google hacking," although that is how most of the sites vulnerable to RFI attacks are found).' He cites examples in the wild and even mentions that the technique could be used as a 'covert' communications channel."

2 of 66 comments (clear)

  1. And the reaction from microsoft... by simm1701 · · Score: -1, Troll

    .... will be to issue a security advisory to everyone runnin IIS to block google's crawler - obviously just for security reason....

    --
    $_="Slashdotter";$syn="OTT";s;..;;;sub _{print shift||$_};s!ash!Perl !;s=$syn=ack=i;tr+LLEd+BLAH+;_"Just Another ";_
  2. Failz0rs! by Anonymous Coward · · Score: -1, Troll

    bleak future.M In Fear the reaper