Sharepoint & Google: what hackers look for

A few things you should manage with permissions and via robots.txt file to keep Google out.

  1. inurl:
    1. /viewlists.aspx?BaseType=
    2. _layouts
    3. _catalogs
  2. “All site content” ext:apsx

If the above queries show up in google, here is the risk you face:

  • discover the Sharepoint web services configured on the application
  • enumerate users
  • exposes configuration setings for _layouts and _catalogs

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.