Michael Sutton's Blog : Why All The Hype About 0day?

Michael Sutton's Blog : Why All The Hype About 0day?

We've always believed that Internet is plagued with unpatched machines to an extent far greater than most people realize. Today, I set out to prove this to myself. The challenge in doing this is to find a way to identify vulnerable machines without attacking them. I want to prove a theory but I don't want to do damage in the process (note: no web servers were harmed during the filming of this blog). Fortunately, web applications provide us with a unique means of identifying vulnerable applications. Due to the fact that search engines archive and index the content served by web apps, if we can identify a unique signature within a vulnerable application, we can locate vulnerable servers without ever needing to connect to them. Johnny Long created somewhat of a cult following doing just this with his Google Hacking Database.