A Method for Information Grabbing, Bypassing Security and Detecting Web Application Vulnerabilities

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    A single file on web contains text, images, audio, video and formatting instructions enclosed within a script. Website files are hosted on servers. The Servers “serve” those files to individual users upon request. Anonymous user with minimum user credentials can request on behalf of legitimate user to grab sensitive, confidential and personal information without legitimate users knowledge.[3] The proposed method makes use of URL as input for finding web vulnerabilities. Testing of proposed method is conducted to evaluate the performance based on the accuracy received. Performance is evaluated based on false negative and false positive results. Experiment is also conducted for web vulnerability assessment and penetration testing. The proposed method also checks for information grabbing from web using Google dork. Google dork helps to enter a network without permission and/or gain access to unauthorized information. Advanced search strings called Google dork queries used to locate sensitive information. This paper describes the method for web application vulnerabilities detection by using google dork, bypass first level security in any web and hack username and password in social networking site.

     

     


  • Keywords


    URL (Uniform Resource Locator), Google Dork, HTTP (Hyper Text transfer protocol, SQL (Structured Query Language), Open Web Application Security Project (OWASP), XSS (CRSOSS SITE SCRIPTING)

  • References


      [1] Saleh AZM, Rozali NA, Buja AG, Jalil KA, Ali FHM & Rahman TFA, “A method for web application vulnerabilities detection by using boyer-moore string matching algorithm”, Procedia Computer Science, Vol.72, (2015), pp.112-121.

      [2] Jevitha KP & Vishnu BA, “Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms”, International Conference on Interdisciplinary Advances in Applied Computing, (2014), pp.1-6.

      [3] Arunagiri J, Rakhi S & Jevitha KP, “A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities”, International Conference on Soft Computing Systems, Vol. 2, (2016), pp.99–112.

      [4] Gupta S & Gupta BB, “XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code”, Arabian Journal for Science and Engineering, Vol.41, No.3, (2016), pp.897-920.

      [5] Singh P, Thevar K, Shetty P & Shaikh B, “Detection of SQL Injection and XSS Vulnerability in Web Application”, International Journal of Engineering and Applied Sciences (IJEAS), Vol.2, No.3, (2015), pp.16-21.


 

View

Download

Article ID: 24237
 
DOI: 10.14419/ijet.v7i4.36.24237




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.