How I ethically hacked NASA via Google Dorking.
Har Har Mahadevđź”±. This is Prince Roy, a cyber security researcher. Recently, I have discovered an information disclosure vulnerability in one of the NASA domains by just Google hacking or dorking.
I am serious, guys. Google dorking is a great way to find information disclosure. Now, I am going to tell you how I found it.
I used that dork for a search:
site:.*.*.nasa.gov "Server Status" | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private
This simple search gave me some juicy information.
When I opened it, I found the web server status along with secret information. After that, I reported it.
And guess what? After 4 days, my report got accepted.
And listed on their HOF and Appreciation Letter:
And Finally, thanks in advance for reading my small finding blogs. I hope you enjoyed it.
Please follow my social media platforms for my next blog:
Linkedin: https://www.linkedin.com/in/prince-roy-4b9a75187/
Github: https://github.com/royzsec
Twitter: https://twitter.com/royzsec