好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户的要求很明确,不需要特定的开头,直接写文章描述。首先,我得仔细阅读文章内容,理解其主要信息。 文章讲的是作者通过Google Dorking技术在印度政府网站上发现了安全漏洞,包括SQL注入和信息泄露。他利用高级搜索运算符找到了敏感文件和配置错误,并最终获得了CERT-In的认可。 接下来,我要提取关键点:Google Dorking、政府网站、SQL注入、信息泄露、CERT-In认可。然后把这些点用简洁的语言串联起来,确保不超过100字。 可能的结构是:作者使用Google Dorking技术发现政府网站漏洞,包括SQL注入和信息泄露,获得CERT-In认可。这样既涵盖了主要方法、结果和成就。 最后检查字数是否符合要求,并确保表达清晰准确。 </think> 作者通过Google Dorking技术在印度政府网站上发现漏洞,包括SQL注入和信息泄露问题,并获得CERT-In认可。 2025-12-15 07:47:57 Author: infosecwriteups.com(查看原文) 阅读量:3 收藏
Press enter or click to view image in full size
Introduction:
Getting recognized by CERT-In (Indian Computer Emergency Response Team) is a milestone for many bug bounty hunters and security researchers in India.
I recently achieved this milestone twice.
What’s funny is that it didn’t require zero-days or deep exploit development. It all began with the simplest tool in a researcher’s kit: a search engine.
Phase 1: The Reconnaissance (Google Dorking on Steroids)
Every good hunt starts with reconnaissance. When you’re looking at a huge scope like *.gov.in, brute-forcing or mass scanning is the worst approach. You need a clear attack surface first.
Hence, I used Google dorking, the art of using advanced search operators to find information that isn’t readily visible to the average user.
I crafted a specific list of dorks aimed at uncovering sensitive files, configuration errors, and admin panels within the government domain.
Broad Scope & Infrastructure:
site:*gov.in
site:*gov.in/robots.txt
site:*gov.in/sitemap.xml
site:*gov.in/*.jsJuicy File Extensions (Information Disclosure):
site:*gov.in filetype:pdf
site:*gov.in filetype:xlsx OR filetype:xls
site:*gov.in (filetype:zip OR filetype:tar OR filetype:gz OR filetype:sql)Pro Tip: Keeping track of these dorks can be tedious. I keep all my best dorks and checklists organized over at recon.vulninsights.codes. Feel free to use it to build your own bug bounty checklist.
Phase 2: Striking Gold
After running through these dorks, I started sifting through the results. It involves a lot of scrolling past irrelevant data, but eventually, something catches your eye.
I was looking for URLs with parameters , those little ?id=123 bits at the end of a link. Parameters are often where user input meets the backend database, making them prime targets for injection attacks.
Two sites caught my eye:
https://[redacted].gov.in/testimonial.php?lang=2&lid=2464
https://[redacted].gov.in/search.php?page=14&fromdate=26-04-2024&todate=27-04-2024&state_name=35%20OR%201=1%20&circle=&division=&range=&block=&beat=&source=Multiple parameters in a government site? Yes, that’s basically a “please test me” invitation.
Phase 3: The Exploitation
I started with the basics: checking for client-side issues. And boom, reflected XSS popped up almost instantly.
But then it got more interesting.
While poking the lang and state_name parameter, the responses began acting weird. Errors changed. Pages broke.
A few crafted payloads later, it was confirmed:
Get Het Patel’s stories in your inbox
Join Medium for free to get updates from this writer.
The endpoint was vulnerable to SQL Injection.
CERT-In Hall of fame:
My reports were validated, patched, and acknowledged.
September 2025:
Press enter or click to view image in full size
October 2025:
Press enter or click to view image in full size
Some of findings:
2 SQL Injection:
Press enter or click to view image in full size
Press enter or click to view image in full size
Several PHPInfo (Information disclosure):
Press enter or click to view image in full size
Press enter or click to view image in full size
如有侵权请联系:admin#unsafe.sh