A Method for Information Grabbing, Bypassing Security and Detecting Web Application Vulnerabilities

  • Authors

    • B. J. Santhosh Kumar
    • B. R. Pushpa
    2018-12-09
    https://doi.org/10.14419/ijet.v7i4.36.24237
  • URL (Uniform Resource Locator), Google Dork, HTTP (Hyper Text transfer protocol, SQL (Structured Query Language), Open Web Application Security Project (OWASP), XSS (CRSOSS SITE SCRIPTING)

  • A single file on web contains text, images, audio, video and formatting instructions enclosed within a script. Website files are hosted on servers. The Servers “serve†those files to individual users upon request. Anonymous user with minimum user credentials can request on behalf of legitimate user to grab sensitive, confidential and personal information without legitimate users knowledge.[3] The proposed method makes use of URL as input for finding web vulnerabilities. Testing of proposed method is conducted to evaluate the performance based on the accuracy received. Performance is evaluated based on false negative and false positive results. Experiment is also conducted for web vulnerability assessment and penetration testing. The proposed method also checks for information grabbing from web using Google dork. Google dork helps to enter a network without permission and/or gain access to unauthorized information. Advanced search strings called Google dork queries used to locate sensitive information. This paper describes the method for web application vulnerabilities detection by using google dork, bypass first level security in any web and hack username and password in social networking site.

     

     

  • References

    1. [1] Saleh AZM, Rozali NA, Buja AG, Jalil KA, Ali FHM & Rahman TFA, “A method for web application vulnerabilities detection by using boyer-moore string matching algorithmâ€, Procedia Computer Science, Vol.72, (2015), pp.112-121.

      [2] Jevitha KP & Vishnu BA, “Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithmsâ€, International Conference on Interdisciplinary Advances in Applied Computing, (2014), pp.1-6.

      [3] Arunagiri J, Rakhi S & Jevitha KP, “A Systematic Review of Security Measures for Web Browser Extension Vulnerabilitiesâ€, International Conference on Soft Computing Systems, Vol. 2, (2016), pp.99–112.

      [4] Gupta S & Gupta BB, “XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript codeâ€, Arabian Journal for Science and Engineering, Vol.41, No.3, (2016), pp.897-920.

      [5] Singh P, Thevar K, Shetty P & Shaikh B, “Detection of SQL Injection and XSS Vulnerability in Web Applicationâ€, International Journal of Engineering and Applied Sciences (IJEAS), Vol.2, No.3, (2015), pp.16-21.

  • Downloads

  • How to Cite

    J. Santhosh Kumar, B., & R. Pushpa, B. (2018). A Method for Information Grabbing, Bypassing Security and Detecting Web Application Vulnerabilities. International Journal of Engineering & Technology, 7(4.36), 762-765. https://doi.org/10.14419/ijet.v7i4.36.24237