Database security has recently become a victim of misused search engines. Hackers use search engines to find potentially vulnerable web applications to attack. The search engine doesn’t actually execute any attacks; rather it is used to quickly locate “soft targets” among the vast number of sites on the internet. Hackers have started to use search engines to find web facing database interfaces that can be used to mount attacks on databases placed behind a firewall. This is a significant new development, completely exposing previously “protected” databases to outside attack. This paper shows how hacker can target the vulnerable sites with attacks designed to exploit the specific holes discovered by the search engine