How I Found PII at NASA Using Google Dorking

When I joined NASA’s Vulnerability Disclosure Program (VDP), I knew I had a challenge ahead. There were already over 6,000 valid submissions, and I felt like I was late to the game. I tried everything I could, but my initial findings were low-priority (P5). I realized I needed to focus on finding something more impactful.

To make a real contribution, I decided to change my approach. I focused on looking for high-impact vulnerabilities – something that could have serious consequences if left unchecked. That’s when I started using Google Dorking.

Google Dorking is a way of using advanced search techniques to find information that shouldn’t be easily accessible. By crafting specific search queries, I could uncover sensitive data that was exposed online.

After trying different dorks (search queries), I finally found something important: Personally Identifiable Information (PII). This was a big deal because exposing PII can have serious privacy and security implications. I immediately reported this to NASA.

This experience showed me just how powerful Google Dorking can be. Sometimes, sensitive information is out there in plain sight, and using the right tools can help uncover it. It’s a reminder that even simple techniques can lead to important discoveries.

Even though I started late, I was still able to make a meaningful contribution to NASA’s security. This experience taught me that with persistence and the right approach, it’s possible to make a difference. For anyone looking to get into security research, don’t underestimate the power of Google Dorking – it can uncover critical vulnerabilities that others might miss.

This journey has been a great learning experience, and I’m proud to have played a small part in helping secure NASA’s data.