Well, as soon as you expose parameters to the user, the attacker knows they are going to be parsed. In this case, show.php?id=foo
might be used to load a site called foo
.
In the code, it could look like this:
$site = $_GET['id']; content_query = "SELECT content FROM sites WHERE name ='" + $site + "';"; # do some manual SQL queries # then output the content echo("<div id='content'>" . $content . "</div>");
Obviously, this is where the parameter is prone to SQL injection, where an attacker could easily output or drop the entire database.
Or, the site could have some "hidden" sites that are not publicly linked to, but still accessible. Say you have public sites with IDs 1 through 100, then an attacker could guess that you also have a site at show.php?id=101
that you didn't want to link to.
Note that in this context, a "dork" is just someone who fails to secure their site properly and would expose that through Google—it's not the name of the attack vector.