API tools faq
paste
Advertisement
KingSkrupellos

Yararlı PHP SQL FTP Dorklar ve Exploitler Paylaşımı

KingSkrupellos
Nov 30th, 2017
783
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.47 KB | None | 0 0
raw download clone embed print report
  1. Yazar => Mr. KingSkrupellos Cyberizm Digital Security Team / Daha çok Paylaşım için ++REPlere Beğen Tuşuna Basalım Lütfen.
  2.  
  3. Başlık => Yararlı PHP SQL FTP Dorklar ve Exploitler Paylaşımı
  4.  
  5. KingSkrupellos - https://www.cyberizm.org/cyberizm-yararli-php-sql-ftp-dorklar-ve-exploitler-paylasimi.html
  6. _______________________________________________________________________________________________________
  7.  
  8. A.) FTP PASSWORD GOOGLE DORKS
  9. B.) XSS GOOGLE DORKS
  10. C.) PHP GOOGLE DORKS
  11. D.) SQL DORKS
  12. E.) WORDPRESS DORKS
  13. F.) PASSWORD FILE DORKS
  14. G.) MISC. DORKS
  15. H.) FREE SWAG DORKS
  16. I.) WEBCAM DORKS
  17. A.) FTP PASSWORD GOOGLE DORKS
  18. 1.) ws_ftp.ini configuration file search:
  19. intitle:index.of ws_ftp.ini
  20. 2.) ws_ftp.ini configuration file with “Parent Directory” search:
  21. filetype:ini ws_ftp pwd
  22. 3.) Variation:
  23. ”index of/” “ws_ftp.ini” “parent directory”
  24. 4.) Variation:
  25. +htpasswd +WS_FTP.LOG filetype:log
  26. 5.) Variation:
  27. (Substitute vulnerablesite.com with your site you want to search)
  28. ”allinurl: “Vulnerablesite.com” WS_FTP.LOG filetype:log”
  29. B.) XSS GOOGLE DORKS
  30. 1.) cart32 executable file.
  31. allinurl:/scripts/cart32.exe
  32. 2.) Cute news php file.
  33. allinurl:/CuteNews/show_archives.php
  34. 3.) phpinfo.php file.
  35. allinurl:/phpinfo.php
  36. C.) PHP GOOGLE DORKS
  37. 1.) config.php file search:
  38. intitle:index.of config.php
  39. 2.) PHP file contents search:
  40. intitle:”Index of” phpinfo.php
  41. 3.) download.php directory transversal vulneralbilities:
  42. inurl:download.php?=filename
  43. 4.) upload.php search:
  44. intitle:index.of upload.php
  45. inurl:upload.php
  46. D.) SQL PASSWORD DUMP DORKS
  47. 1.) SQL dumps saved to database search. (Some of the more common passwords for you):
  48. a.) ”123456″ = hashed password
  49. ext:sql intext:@gmail.com intext:e10adc3949ba59abbe56e057f20f883e
  50. b.) ”654321″ = hashed password
  51. ext:sql intext:@gmail.com intext:c33367701511b4f6020ec61ded352059
  52. c.) ”password” = hashed password
  53. ext:sql intext:@gmail.com intext:5f4dcc3b5aa765d61d8327deb882cf99
  54. d.) ”12345678″ = hashed password
  55. ext:sql intext:@gmail.com intext:25d55ad283aa400af464c76d713c07ad
  56. e.) ”iloveyou” = hashed password
  57. ext:sql intext:@gmail.com intext:f25a2fc72690b780b2a14e140ef6a9e0
  58. 2.) Variation of above search:
  59. a.) ext:sql intext:”INSERT INTO” intext:@gmail.com intext:password
  60. b.) ext:sql intext:”INSERT INTO” intext:@yahoo.com intext:password
  61. c.) ext:sql intext:”INSERT INTO” intext:@hotmail.com intext:password
  62. d.) ext:sql intext:”INSERT INTO” intext:@att.net intext:password
  63. e.) ext:sql intext:”INSERT INTO” intext:@comcast.net intext:password
  64. f.) ext:sql intext:”INSERT INTO” intext:@verizon.net intext:password
  65. 3.) SQLi
  66. allinurl:/privmsg.php
  67. E.) WORDPRESS GOOGLE DORKS
  68. 1.) Asset Manager Plugin Exploit – Unprotected Remote File Upload Vuleralbility.
  69. inurl:Editor/assetmanager/assetmanager.asp
  70. 2.) Timthumb Plugin Exploit – Attacker can attach a shell to a image file and upload the shell. (It has been patched, but there are still a lot of webmasters who have NOT updated!)
  71. inurl:index.of thumb.php
  72. inurl:thumb.php
  73. 3.) Search for plugins directory:
  74. inurl:wp-content/plugins/
  75. 4.) Search for themes directory:
  76. inurl:wp-content/themes/
  77. F.) PASSWORD FILE GOOGLE DORKS
  78. 1.) Search for Microsoft Excel data file:
  79. ”Login: *” “password =*” filetype: xls
  80. 2.) Search for auth_user_file:
  81. allinurl: auth_user_file.txt
  82. 3.) Search for username/password saved in Microsoft Excel files:
  83. filetype: xls inurl: “password.xls”
  84. 4.) Search for login pages:
  85. intitle: login password
  86. 5.) Search for “master password” page:
  87. intitle: “Index of” master.passwd
  88. 6.) Search for backup directory:
  89. index of /backup
  90. 7.) Search for password backup file index:
  91. intitle:index.of passwd.bak
  92. 8.) Search for password databases:
  93. intitle:index.of pwd.db
  94. intitle:”index of” pwd.db
  95. 9.) Search for /etc/passwd/ index:
  96. intitle:”index of .. etc” passwd
  97. 10.) Search for plaintext password file:
  98. index.of passlist.txt
  99. inurl:passlist.txt
  100. 11.) Search for hidden documents/password files:
  101. index.of.secret
  102. index.of.private
  103. 12.) Search for PhpMyAdmin files:
  104. ”# PhpMyAdmin MySQL-Dump” filetype: txt
  105. 13.) Hidden Superuser (root) data files:
  106. inurl:ipsec.secrets-history-bugs
  107. inurl:ipsec.secrets “holds shared secrets”
  108. 14.) Find the information files:
  109. inurl:ipsec.conf-intitle:manpage
  110. 15.) Search for a stored password in a database:
  111. filetype:ldb admin
  112. 16.) Search for admin.php file:
  113. inurl:search/admin.php
  114. 17.) Search for password log files:
  115. inurl:password.log filetype:log
  116. 18.) Search for Hkey_Current_User in registry files:
  117. filetype: reg HKEY_CURRENT_USER username
  118. 19.) Search for username/password file backups:
  119. ”Http://username: password @ www …” filetype: bak inurl: “htaccess | passwd | shadow | ht users”
  120. 20.) Search for username/password files:
  121. filetype:mdb inurl:”account|users|admin|administrators|passwd|password” mdb files
  122. 21.) Search for Microsoft Frontpage passwords:
  123. ext:pwd inurl:(service|authors|administrators|users) “# -FrontPage-”
  124. 22.) Search for SQL database Code and passwords:
  125. filetype: sql ( “passwd values ****” |” password values ****” | “pass values ****”)
  126. 23.) Search for e-mail account files:
  127. intitle: “Index Of”-inurl: maillog
  128. G.) MISC. DORKS
  129. 1.) WebWiz Rich Text Editor (RTE) – Remote file upload vulneralbility:
  130. inurl:rte/my_documents/my_files
  131. 2.) EZFilemanager – Remote file upload vulneralbility:
  132. inurl:ezfilemanager/ezfilemanager.php
  133. 3.) robots.txt – See directories hidden from crawlers. Also sometimes you can pull off a directory transversal with this:
  134. inurl:robots.txt
  135. 4.) Serial Numbers – Look for software serial numbers
  136. ”software name” 94FBR
  137. H.) FIND FREE SWAG
  138. 1.) site:*.com intitle:”Thank You For Your Order” intext:Click Here to Download
  139. 2.) site:*.net intitle:”Thank You For Your Order” intext:Click Here to Download
  140. 3.) site:*.co intitle:”Thank You For Your Order” intext:Click Here to Download
  141. 4.) site:*.org intitle:”Thank You For Your Order” intext:Click Here to Download
  142. 5.) site:*.biz intitle:”Thank You For Your Order” intext:Click Here to Download
  143. 6.) site:*.tv intitle:”Thank You For Your Order” intext:Click Here to Download
  144. 7.) site:*.co.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  145. 8.) site:*.org.uk intitle:”Thank You For Your Order” intext:Click Here to Download
  146. 9.) site:*.eu intitle:”Thank You For Your Order” intext:Click Here to Download
  147. 10.) intitle:Thank you for your purchase! intext:PLR OR MRR OR Package OR Bonus
  148. 11.) intitle:Thank you for your order! intext:PLR OR MRR OR Package OR Bonus
  149. 12.) intitle:Thank you for your order! intext:PLR OR MRR
  150. 13.) intitle:Thank you for your Purchase! intext:PLR OR MRR
  151. 14.) inurl:/thankyou*.html intitle:Thank you for your order!
  152. 15.) intext:Click Here To Download
  153. 16.) inurl:thanks intext:”Thank You For Your Order!” “Click Here” filetype:html
  154. 17.) intitle:Thank You For Your Order! intext:Private Label
  155. 18.) intitle:Thank You For Your Purchased! intext:Private Label
  156. 19.) intext:”Thank You For Your Order” intext:PLR
  157. 20.) intitle:”Thank You For Your Order!” intext:download
  158. 21.) intitle:”Thank You For Your Order” intext:Click Here To Download Now
  159. 22.) intitle:Thank you for your purchase! intext:Click Here to Download
  160. 23.) * thank you for your order download
  161. 24.) * intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
  162. 25.) * intitle:Thank you for your order! intext:PLR OR MRR
  163. 26.) * intitle:Thank You For Your Purchase! intext:Click Here to Download
  164. 27.) * intitle:Thank You For Your Order! intext:download
  165. 28.) inurl:index.of .mp3
  166. 29.) inurl:index.of .mov
  167. 30.) inurl:index.of .iso
  168. 31.) ?intitle:index.of? mp3
  169. 32.) ?intitle:index.of? mov
  170. 33.) ?intitle:index.of? iso
  171. 34.) inurl:”insert filetype”:iso+OR+exe+OR+zip+OR+rar+OR+gzip+OR+tar
  172. 35.) intext:”parent directory” intext:”[EXE]“
  173. 36.) intext:”parent directory” index of:”[EXE]“
  174. 37.) intext:”parent directory” index of:”[RAR]“
  175. 38.) intext:”parent directory” intext:”[VID]“
  176. 39.) intext:”parent directory” index of:”[VID]“
  177. 40.) intext:”parent directory” intext:”[MP3]“
  178. 41.) intext:”parent directory” index of:”[MP3]“
  179. 42.) intext:”parent directory” index of:”[Gamez]“
  180. I.) WEBCAM GOOGLE DORKS
  181. 1.) inurl:/view.index.shtml
  182. 2.) inurl:/view.shtml
  183. 3.) intitle:”Live View / – AXIS” | inurl:view/view.shtml^
  184. 4.) inurl:ViewerFrame?Mode=
  185. 5.) inurl:ViewerFrame?Mode=Refresh
  186.  
  187.  
  188. Mr. KingSkrupellos Cyberizm Digital Security Team
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!