These searches reveal servers with specific vulnerabilities.
IMPORTANT :- These dorks are exclusive property of TGS Forum & cannot be copied elsewhere under any circumstances.
1. This Google dork possibly exposes sites with the Article Directory (index.php page) Remote File Inclusion Vulnerability.
- Code:
-
inurl:index.php?pagedb=rss
2. Exposes setup pages to the ultraboard system.
- Code:
-
filetype:pl intitle:"Ultraboard Setup"
3. Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator account, so, using this, you can create an account on someone else's weblog, post, and manage the blog.
- Code:
-
"set up the administrator user" inurl:pivot
4. This is a "double dork" which finds two different shopping carts, both vulnerable.
- Code:
-
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
5. NatterChat is a webbased chat system written in ASP. An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This allows the attacker to gain admin access.
- Code:
-
natterchat inurl:home.asp -site:natterchat.co.uk
6. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fieldsThe servers found here can be acessed without authentication. This search is restricted to NON-ROOT users!
- Code:
-
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
7. This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a "simple" but "cost effective" way to their users who don't know unix or html. There is a problem sometimes with this specific filemanager due to insecure use of the session ID that can be found in the unprotected "fileman.log" logfile. It has been reported that an attacker can abuse the last document-edit-url of the logfile. By copy pasting that line in a new window it gives the attacker valid user credentials on the server, at least for a while.. (think hours not seconds).
- Code:
-
filetype:cgi inurl:"fileman.cgi"
More updates coming soon..................stay tuned.
Wed Sep 21, 2011 10:03 pm
