Wednesday, November 6, 2013

Google Bots doing SQL Injection - The Proof-of-Concept

When reading this article about Google Bots doing SQL Injection from Sucuri, I remember that I already saw this somewhere on my Google researches... I was right.
If you use a special tool included on Google Analytics, located on Behavior - Experiments, a malicious user could launch SQL Injections, or other web attack, on remote websites using Google as a proxy.
Enter your website in the form (example:' OR 1=1--)

Check out your access log: - - [06/Nov/2013:13:23:47 +0000] "GET /index.php?id=1'%20OR%201=1-- HTTP/1.1" 404 - "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko; Google Web Preview) Chrome/22.0.1229 Safari/537.4"
If you resolve the IP address you will see

I believe this is not directly a Google security issue. Just keep your website secure and no trouble will come in your direction.

No comments:

Post a Comment