It would appear that I have some evidence that indicates it's the Turkish hackers that are known to exploit these types of vulnerabilities doing this PhotoCart vulnerability attack.
Here's a sample of how they used Google's INURL search function to locate the PhotoCart sites in Google's index:
http://www.google.com.tr/search?hl=tr&q=inurl%3A%2Fphotocart%2F&btnG=Google%27daAs a matter of fact, they hit my blog now that I've been posting about this problem the word "photocart" was in the URL so they got a direct hit on this page:
incredibill.blogspot.com/2006/12/photocart-attack-takes-holiday.htmlHere's the source of the "research" for PhotoCart from a Turkish DSL line:
IP Address 88.229.95.xxxSorry about the obfuscated IP address, but I don't want people doing a DoS on him/her/it.
Perhaps Google should restrict some features like INURL: to only be accessed by webmasters registered to use Google tools so they know exactly who these people are when they abuse these features.