API tools faq
paste
Kyfx

More Dorks Ready Mail/SQLi/XSS/PW/Download Leaks

Kyfx
Sep 28th, 2015
319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.81 KB | None | 0 0
raw download clone embed print report
  1. A.) FTP PASSWORD GOOGLE DORKS
  2. B.) XSS GOOGLE DORKS
  3. C.) PHP GOOGLE DORKS
  4. D.) SQL DORKS
  5. E.) WORDPRESS DORKS
  6. F.) PASSWORD FILE DORKS
  7. G.) MISC. DORKS
  8. H.) FREE SWAG DORKS
  9. I.) WEBCAM DORKS
  10. A.) FTP PASSWORD GOOGLE DORKS
  11. 1.) ws_ftp.ini configuration file search:
  12. intitle:index.of ws_ftp.ini
  13. 2.) ws_ftp.ini configuration file with “Parent Directory” search:
  14. filetype:ini ws_ftp pwd
  15. 3.) Variation:
  16. ”index of/” “ws_ftp.ini” “parent directory”
  17. 4.) Variation:
  18. +htpasswd +WS_FTP.LOG filetype:log
  19. 5.) Variation:
  20. (Substitute vulnerablesite.com with your site you want to search)
  21. ”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log”
  22. B.) XSS GOOGLE DORKS
  23. 1.) cart32 executable file.
  24. allinurl:/scripts/cart32.exe
  25. 2.) Cute news php file.
  26. allinurl:/CuteNews/show_archives.php
  27. 3.) phpinfo.php file.
  28. allinurl:/phpinfo.php
  29. C.) PHP GOOGLE DORKS
  30. 1.) config.php file search:
  31. intitle:index.of config.php
  32. 2.) PHP file contents search:
  33. intitle:”Index of” phpinfo.php
  34. 3.) download.php directory transversal vulneralbilities:
  35. inurl:download.php?=filename
  36. 4.) upload.php search:
  37. intitle:index.of upload.php
  38. inurl:upload.php
  39. D.) SQL PASSWORD DUMP DORKS
  40. 1.) SQL dumps saved to database search. (Some of the more common passwords for you):
  41. a.) ”123456″ = hashed password
  42. ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e
  43. b.) ”654321″ = hashed password
  44. ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059
  45. c.) ”password” = hashed password
  46. ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99
  47. d.) ”12345678″ = hashed password
  48. ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
  49. e.) ”iloveyou” = hashed password
  50. ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0
  51. 2.) Variation of above search:
  52. a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password
  53. b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password
  54. c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password
  55. d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password
  56. e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password
  57. f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password
  58. 3.) SQLi
  59. allinurl:/privmsg.php
  60. E.) WORDPRESS GOOGLE DORKS
  61. 1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility.
  62. inurl:Editor/assetmanager/assetmanager.asp
  63. 2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and upload the shell. (It has been patched, but there are still a lot of webmasters who have NOT updated!)
  64. inurl:index.of thumb.php
  65. inurl:thumb.php
  66. 3.) Search for plugins directory:
  67. inurl:wp-content/plugins/
  68. 4.) Search for themes directory:
  69. inurl:wp-content/themes/
  70. F.) PASSWORD FILE GOOGLE DORKS
  71. 1.) Search for Microsoft Excel data file:
  72. ”Login: *” “password =*” filetype: xls
  73. 2.) Search for auth_user_file:
  74. allinurl: auth_user_file.txt
  75. 3.) Search for username/password saved in Microsoft Excel files:
  76. filetype: xls inurl: “password.xls”
  77. 4.) Search for login pages:
  78. intitle: login password
  79. 5.) Search for “master password” page:
  80. intitle: “Index of” master.passwd
  81. 6.) Search for backup directory:
  82. index of /backup
  83. 7.) Search for password backup file index:
  84. intitle:index.of passwd.bak
  85. 8.) Search for password databases:
  86. intitle:index.of pwd.db
  87. intitle:”index of” pwd.db
  88. 9.) Search for /etc/passwd/ index:
  89. intitle:”index of .. etc” passwd
  90. 10.) Search for plaintext password file:
  91. index.of passlist.txt
  92. inurl:passlist.txt
  93. 11.) Search for hidden documents/password files:
  94. index.of.secret
  95. index.of.private
  96. 12.) Search for PhpMyAdmin files:
  97. ”# PhpMyAdmin MySQL-Dump” filetype: txt
  98. 13.) Hidden Superuser (root) data files:
  99. inurl:ipsec.secrets-history-bugs
  100. inurl:ipsec.secrets “holds shared secrets”
  101. 14.) Find the information files:
  102. inurl:ipsec.conf-intitle:manpage
  103. 15.) Search for a stored password in a database:
  104. filetype:ldb admin
  105. 16.) Search for admin.php file:
  106. inurl:search/admin.php
  107. 17.) Search for password log files:
  108. inurl:password.log filetype:log
  109. 18.) Search for Hkey_Current_User in registry files:
  110. filetype: reg HKEY_CURRENT_USER username
  111. 19.) Search for username/password file backups:
  112. ”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd | shadow | ht users”
  113. 20.) Search for username/password files:
  114. filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files
  115. 21.) Search for Microsoft Frontpage passwords:
  116. ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”
  117. 22.) Search for SQL database Code and passwords:
  118. filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”)
  119. 23.) Search for e-mail account files:
  120. intitle: “Index Of”-inurl: maillog
  121. G.) MISC. DORKS
  122. 1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility:
  123. inurl:rte/my_documents/my_files
  124. 2.) EZFilemanager – Remote file upload vulneralbility:
  125. inurl:ezfilemanager/ezfilemanager.php
  126. 3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull off a directory transversal with this:
  127. inurl:robots.txt
  128. 4.) Serial Numbers – Look for software serial numbers
  129. ”software name” 94FBR
  130. H.) FIND FREE SWAG
  131. 1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download
  132. 2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download
  133. 3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download
  134. 4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download
  135. 5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download
  136. 6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download
  137. 7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  138. 8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  139. 9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download
  140. 10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus
  141. 11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus
  142. 12.) intitle:Thank you for your order! intext:PLR OR MRR
  143. 13.) intitle:Thank you for your Purchase! intext:PLR OR MRR
  144. 14.) inurl:/thankyou*.html intitle:Thank you for your order!
  145. 15.) intext:Click Here To Download
  146. 16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html
  147. 17.) intitle:Thank You For Your Order! intext:Private Label
  148. 18.) intitle:Thank You For Your Purchased! intext:Private Label
  149. 19.) intext:”Thank You For Your Order” intext:PLR
  150. 20.) intitle:”Thank You For Your Order!” intext:download
  151. 21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now
  152. 22.) intitle:Thank you for your purchase! intext:Click Here to Download
  153. 23.) * thank you for your order download
  154. 24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
  155. 25.) * intitle:Thank you for your order! intext:PLR OR MRR
  156. 26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download
  157. 27.) * intitle:Thank You For Your Order! intext:download
  158. 28.) inurl:index.of .mp3
  159. 29.) inurl:index.of .mov
  160. 30.) inurl:index.of .iso
  161. 31.) ?intitle:index.of? mp3
  162. 32.) ?intitle:index.of? mov
  163. 33.) ?intitle:index.of? iso
  164. 34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar
  165. 35.) intext:”parent directory” intext:”[EXE]“
  166. 36.) intext:”parent directory” index of:”[EXE]“
  167. 37.) intext:”parent directory” index of:”[RAR]“
  168. 38.) intext:”parent directory” intext:”[VID]“
  169. 39.) intext:”parent directory” index of:”[VID]“
  170. 40.) intext:”parent directory” intext:”[MP3]“
  171. 41.) intext:”parent directory” index of:”[MP3]“
  172. 42.) intext:”parent directory” index of:”[Gamez]“
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!