Google Code Search reveals too much

Google released a new code search engine the other day.

This got me thinking of things it may index. Since I have recently started using drupal I crafted a URL to test if I could find out usernames and passwords to the main database.

Guess what I can!

Oh, looks like WordPress is no better

Let’s try Wikimedia. Hmm no better…

Let’s not just pick on PHP, how about DotNet? Guess so!

EDIT: Let’s not forget about Joomla, PHPNuke, or XOOPS

Looks like it only affects the zip and tarball files uploaded to the server for the most part but I wonder how many people out there back up their site in this manner?

I’m guessing we are about to see some major holes via this new service…

Webmasters, start your backups…


Technorati : , , , , , , , ,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s