White Paper: Blame it on the Media(Bot)

 

Search engines in general and Google in particular have been known to hold a tight relationship with web application security. Most common use cases involve Google hacking as a reconnaissance technique for hackers (or target selection tool for web worms) and as a source for leaked sensitive information. The research summarized in this paper was aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflow, SQL injection and CSRF.