A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. The attacker can use these complex queries to find information that is accidentially published on the Internet usually by an accidental configuration error in a company’s online software solutions.
A Prime Example: Trello
Recently, Trello was cited by security researcher, Craig Jones (see image below), for the reams of Non-Public Personally Identifiable (NPPI) information an HR onboarding Trello board had published to the Internet. Trello is a project management and Human Resourcing tool that allows you to publish your projects to the public Internet. Unfortunately, some HR organizations have publicly published salary information, passwords, and addresses as revealed in this Google Dorking article.
Related Readings: Google Dorks: An Easy Way of Hacking