Open in app

Sign in

Write

Sign in

How I Found P1 Vulnerability Using Google Dork

Hamed Mohamed - h0x1d
2 min readJan 4, 2025

--

Hello Everyone! 😊

I hope you’re all doing well and having a productive bug-hunting journey. Today, I’m going to share how I used a Google Dork to discover sensitive user information on a target and report a P1 vulnerability. This technique is simple yet effective, and I hope it inspires you to explore new avenues for finding bugs.

— -

The Discovery

While performing reconnaissance on a target, I decided to search for publicly accessible files that might contain sensitive information. I crafted the following Google Dork:

site:target.com ext:xlsx "name" "@gmail.com" "phone"

This Dork is designed to find .xlsx (Excel) files hosted on the target domain (site:target.com) that include specific terms such as name, @gmail.com (to filter email addresses), and phone.

Upon executing this search, I found several exposed Excel files containing user names, email addresses, phone numbers, and even home addresses. 😮
— -

Why This is Critical

The exposure of such sensitive information can lead to severe privacy violations, phishing attacks, and even identity theft. Since the target company stored personal data of its users, this became a high-priority issue (P1) due to the potential impact on user security.

— -

Steps to Reproduce

Here’s how you can use this technique in your own bug-hunting:

  1. Replace target.com with the domain you’re testing.
  2. Modify the search terms in the Dork based on what information you’re looking for (e.g., SSNs, passwords, credit cards, etc.).
  3. Review the search results carefully and download any files that might contain sensitive data (only after obtaining proper authorization).
  4. Analyze the content of the files to identify sensitive information.

— -

Example Search Results

Here’s an example of the search result I found (censored for privacy):

  • File Name: User_Contacts.xlsx
  • Content:
  • Name: John Doe
  • Email: john.doe@gmail.com
  • Phone: +123456789
  • Address: 123 Main Street, Springfield

— -

Lessons Learned

  • Google Dorking is a powerful tool for discovering unintended data leaks.
  • Always include file extensions (ext:xlsx, ext:pdf, etc.) in your searches to narrow down results.
  • Be mindful of the ethical and legal boundaries while using this technique. Only test on authorized targets.

Impact and Resolution

I reported this issue to the target’s security team, highlighting the sensitive nature of the exposed data. The team acknowledged the report and secured their files by removing public access and configuring proper file permissions.

— -

Final Thoughts

That’s it for today’s post! I hope this write-up gives you some insights into using Google Dorking for finding vulnerabilities. Remember, stay creative and persistent in your approach.

If you found this post useful, don’t forget to share it with your fellow hunters! 🐞

Happy Hunting! 🕵️‍♂️

Credits: h0x1d
Support me: Buy me a coffee ☕
Follow me: Twitter

Bug Bounty
Bug Bounty Tips
Bug Bounty Writeup

--

--

Hamed Mohamed - h0x1d
Hamed Mohamed - h0x1d

Written by Hamed Mohamed - h0x1d

41 Followers
15 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams