Shulou(Shulou.com)06/01 Report--

First of all, what is the function of learning Baidu search grammar?

Sometimes the links to some websites can not be included in google, Baidu may be included.

Baidu search engine has its own small feature, which is to wrap key words in parentheses. For example, in

Site:google.com

Site: (baidu.com)

Let's use a chart to show whether there is a difference.

Part1: search for specified sites

1 、 site:hao123.com

2. Site: (hao123.com)

Compared with google, Baidu can search for fewer keywords, so it is not as comfortable as google.

Let's open the Baidu search engine and click here for Advanced search.

As you can see, there are only three keyword positions, corresponding to each other.

Type1: anywhere on the web page: it's the way we usually use it. Enter keywords directly into the search box. Obviously, this is the last search method.

Type2: only in the title of the web page

Syntax: title: (keywords)

Let's take a picture below to find out what some ordinary websites are usually linked to.

The syntax here is easy to understand, first title tags, and then seo hangs this spinach page. In order to improve the ranking of corresponding spinach websites. This is also part of the black industry.

Type3: only in the url of web pages

This can often find a lot of surprises, such as public cameras, the background of the website, and websites that can be accessed without authorization.

Visit the website.

Let's take a look at this example.

You can see that the path here is admin.php

As a novice, we can easily find websites that can be tested. How can we test them here? We, here with the help of Username:admin' or'='or'(or'or'='or', which is also called the universal password)

Password: any!

Let's take a look at the effect, sql sentence.

Generally speaking, the most common login SQL:select * from users whereusername='xxx' and password='xxxx'

When we type what I said above, the background Select * from users whereusername='admin' or'='or''and password='xxxx'

Let's prioritize this And keyword over or.'' And password='xxxx', the Boolean value you get here is' admin' or'='. The Boolean value of admin' or'='is also true. After that, Select * from users where is true and or is always false, so it can always be selected from the data database.

Mark: or'= 'here is the equal sign with single quotation marks on both sides

Part3: how to combine keywords

Type1: contains complete keywords

The first one is not wrapped in double quotation marks, and you can see that the space between our Index and of has been ignored, which is different from the keyword "Index of" we requested.

(Ps: through the keyword "Index of", we can search for websites with column directories, this feature of column directories, we can see what files are in the exposed directories, which makes it convenient for us to collect information about the site. )

In the second picture, we wrap the key words in double quotation marks this time, we can see. The keywords we search for are exactly the same as those entered.

Type2: contains any keyword, where the relationship is an "or" relationship, either this keyword or that keyword.

1. Include admin.php keywords

2. Include the keyword manage.php

Through the following two pictures, we can understand. When there is a relationship between the presentation or of two keywords. We need to separate the two keywords with "|" and wrap them in parentheses. Be sure to wrap your keywords in parentheses. Of course I agree that you should try it yourself without parentheses.]

Type3: rule out a keyword, which is important for accurate search.

For example, we search for a specific site "site:51cto.com"

You can see that in the search results on the first page, the domain name that appears most is "os.51cto.com". Let's use

-("keyword")

This syntax filters search links that contain os.51cto.com. As shown in the figure:

Site:51cto.com- ("os.51cto.com")

After testing, it can be confirmed that the filter is successful. With regard to the test results, you can try it yourself.

Type4: the last one is the most common, that is, we usually type keywords directly into the search box.

Comprehensive utilization:

1. Let's analyze the "Index of" above, and we can see that even if it is wrapped in double quotes, its search effect is not very good, or with other sites that do not have column directory features.

At this point, let's analyze it again. Generally speaking, the keywords that appear in a column directory should be followed by a slash in addition to "Inde of".

In other words, the complete key word is "Inde of /". Let's take a look at the effect.

The effect is not bad, except for the websites that Baidu knows and Baidu translates, the other sites are all sites with column directory characteristics.

But we still want to optimize it, so what should we do? Use a syntax that excludes keywords-("keyword")

Baidu Dork: "Index of /"-("baidu.com")

We can see that the effect is quite obvious, the first Baidu to know the site let us filter out.

2. Look for pages that are not authorized to access.

Baidu Dork:inurl:manage.asp ("add" | "delete")

Let's take a look at the corresponding effect here, and we can see that there are some results that may have unauthorized access, so we choose the first link to test.

According to this page, we should have entered the management interface, and we can also see that there are traces of testing left by our predecessors. 2333

If you don't believe it, we will replace dic_flag.asp with login.asp. You can see that this has become a login page, that is to say, we need to log in before deleting and other operations, we search through the search engine can be unauthorized access to the link directly into.

Of course, this is not always possible, and some conversations have been invalidated. The figure below is as follows

Is this kind of web page useful for us?

A: it works. Let's gather information about the architecture of this site.

So how to use it? The figure below is as follows

We take a snapshot of Baidu to see what it used to be like.

You can see that the picture above contains the keyword "delete" that we searched for.

3. The last picture I captured in the background, unauthorized access!

In the end, any comprehensive use is combined on the basis of the basic search syntax, so the grammar itself tries more, and you need to carefully observe the details of the vulnerable site. This makes it easy for us to identify key words.

Information on google dork:

[1] GHDB in exploitdb

[2] previous How to find a vunerable website

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.