Forget Google Hacking, introducing Live Search Hacking.
First They will Download MSN Search SDK which includes sample app that looks like this:
They will also get the MSN search ID here
Then They will add some more functionality that will enable them to:
1. Directly navigate to the matching URL
2. Directly navigate to the matching URL while injecting, say, single quote – this should generate errors and hopefully expose implementation details that will help them further attack you
3. Do bullet 2 in batch so They can start it before They go to sleep and in the morning They will have all error pages cached for offline investigation
How to get protected?
The whole story is here and called Security Engineering
Specifically for our case, input validation and exception handling best practices are your friends at Security Guidelines: ASP.NET 2.0