Archive for October, 2007

Google Parser Online Tool Upgraded

Today I have a couple of minutes and I improve my Google Parser online tool. Now you can get a clean list of Hiperlinks, so you can quickly go to the returned URLs in your browser.

Of course there still has the option to get a clean list of only text URLs of the Google search results.

You can read the original post of this tool at: Get Google results in a list of clean URLs

Or you can use the online tool at: Google Parser

Any comments or suggestions are welcome.

2007
10/13
CATEGORY
App Security
Google Results
SEO & Web 2.0
2 comments

JBoss Security vulnerability JMX Management Console

Awesome! A lot of servers have their JBoss Management Console open to the world, without any authentication, no password, no security! A huge and silly vulnerability!

Any remote user can completely control the server, having full control to a lot of server configurations and internal network and infrastructure information disclosure, you can change the web service listening port (I test this with one of them, then I put back the original port), view internal IPs and start connections to a client, a lot of server absolute paths, you can change security configurations… too much power with almost no knowledge needed.

This vulnerable JBoss servers let open access to anybody to jmx-console and web-console, these are the online administration tools of JBoss.

There still are a lot of this kind of silly vulnerabilities in the Internet… theres not a JBoss vulnerability, theres a people vulnerability!

Oh, I almost forgot it… you can find all the vulnerable servers using my online Google Parser tool who I wrote a couple of weeks ago. With it you can get a clean list of all the vulnerable sites searching for:

intitle:”jboss management console” “application server” version inurl:”web-console”

or

intitle:”JBoss Management Console – Server Information” “application server” inurl:”web-console” OR inurl:”jmx-console”

You can try different Google search strings and get a clean list of URLs of the Google search results with my Google Parser online tool.

It’s amazing how developers and network administrators still doesn’t pay real attention to security!

2007
10/13
CATEGORY
App Security
Google Results
8 comments

Error in Google Webmaster Tools

The error is in the “pages that link to yours” option. It isn’t accurate, it doesn’t show all the sites who really have links to yours. The external links to your site aren’t accurate.

I figure this with this new site who I’m writing. Google Webmaster Tools only shows 3 links to my site but really there are more. I write another web pages with links to my site(they already was indexed by Google), so it should appear like sites with links to yours, but in the option “pages that links to yours” of Google Webmaster Tools it doesn’t appears.

So… here comes the idea, I wrote a tool to find all the web pages that links to my site.

With this tool I found the real total number of web pages in internet with links to my site, and I can see this web pages to verify if it really have links to my site. And for my sites the results are 100% accurate.

Now my online tool shows you how many sites link to your site and the first 10 of this sites.

You can try it here: GooLinks

You should know the difference between this and the Google “link:” operator. This operator returns only the links to a exact URL, not to all the web pages of a site.

For example, you can test this tool with my URL, “goohackle.com”, if you use the “link:” operator in Google doesn’t return nothing, if you try with my tool, returns web pages with links to my site, the correct result expected.

You can read a little more of my tool here: Who links to me

2007
10/01
CATEGORY
Google Results
SEO & Web 2.0
4 comments