SQL Injection no PHP: O que é e como se proteger

A segurança das informações é um assunto que exige atenção especial, principalmente em se tratando de informações armazenadas em bancos de dados acessados via web.

Uma das técnicas de fraude mais conhecida pelos desenvolvedores web é a SQL Injection. Trata-se da manipulação de uma instrução SQL através das variáveis quem compõem os parâmetros recebidos por um script server-side, tal como PHP, ASP, ColdFusion e outros.

O principal motivo pelo qual deve-se impossibilitar a utilização da SQL Injection está no fato de que, através de uma simples instrução SQL, como por exemplo, uma projeção de dados, outras operações podem ser executadas, podendo impactar sobre o esquema das tabelas, os dados armazenados, e até mesmo sobre elementos do sistema operacional, tendo em vista que alguns bancos de dados permitem a execução de comandos do shell do próprio sistema operacional.

Detectando a vulnerabilidade de um sistema

Para ilustrar o conceito de SQL Injection, a seguinte simulação pode ser realizada. Imaginemos que um script de validação de acesso de usuários tenha sido desenvolvido como segue:

Nas linhas 3 e 4, as variáveis $usuario e $senha, respectivamente, recebem o conteúdo submetido por um formulário através do método POST. Eis a fonte do problema.

Suponha que a seguinte entrada tenha sido informada no campo usuário no formulário chamador do script de validação.

Logo, a query string resultante será:

Se nenhuma outra validação for realizada, o usuário mal intencionado terá efetuado login no sistema, sem ao menos informar um usuário contido na tabela. Isto foi possível pois o valor de entrada informado não recebeu o tratamento devido, sendo adicionado à instrução para ser executado. Vale ressaltar que as validações apresentadas no exemplo são apenas ilustrativas, havendo a necessidade de checagens mais eficazes para um script de validação de acesso.

Impossibilitando o uso de SQL Injection

Para que se esteja livre da utilização da SQL Injection, certas providências devem ser tomadas. Algumas das ações serão realizadas no servidor de banco de dados, outras devem ser garantidas pelo código fonte.

Deve-se tomar cuidado com a configuração do usuário que estabelece a conexão com o banco de dados. O ideal é que as permissões de acesso deste usuário estejam restritamente limitadas às funções que irá realizar, ou seja, para a exibição de um relatório, a conexão com o banco de dados deve ser realizada por um usuário com permissões de leitura e acesso somente às tabelas necessárias para sua operação.

Todos os valores originados da coleta de dados externos, devem ser validadas e tratadas a fim de impedir a execução de eventuais instruções destrutivas ou operações que não sejam as esperadas.

Um tratamento básico para a execução de querys com variáveis contendo valores informados pelo usuário:

Com a utilização da função addslashes() será adicionada uma barra invertida antes de cada aspa simples e aspa dupla encontrada, processo conhecido como escape. Se a diretiva de configuração do PHP magic_quotes_gpc estiver ativada, o escape é realizado automaticamente sobre os dados de COOKIES e dados recebidos através dos métodos GET e POST. Neste caso, não deve ser efetuado o tratamento com addslashes(). A função get_magic_quotes_gpc(), disponível nas versões do PHP a partir da 3.0.6, retorna a configuração atual da diretiva magic_quotes_gpc.

Abaixo, a query string resultante da aplicação do tratamento mencionado:

Em muitos bancos de dados, existem funções específicas para o tratamento de variáveis em query strings, o que diminui a compatibilidade do código fonte para operação com outros sistemas de banco de dados.

Outra dica importante é evitar a exibição das mensagem de erro em um servidor de aplicação em produção, pois geralmente nos erros ou alertas são exibidos caminhos de diretórios do sistema de arquivos e informações à respeito do esquema do banco de dados, podendo comprometer a segurança do sistema.

Para ocultar a exibição de erros e alertas do PHP, é necessária a configuração da diretiva display_errors para Off no arquivo de configurações do PHP.

Cabe ao desenvolvedor estar atento às possíveis brechas de segurança existentes nos códigos fonte que produz, principalmente quando o que está em jogo é um bem de grande valia: a informação. Tenha consciência. Isto evita futuras dores de cabeça e atritos desnecessários com o cliente.

Fonte:goo.gl/yN25C

[Programas] Scrawlr HP Scanner SQL analisando cada página para SQL Injection.

Scrawlr HP Scanner SQL

 

Scrawlr, desenvolvida pelo HP Web Security Research Group, em coordenação com o MSRC, é curto para o SQL Injector e rastreador. Scrawlr irá rastrear um site ao mesmo tempo, analisando os parâmetros de cada página web para vulnerabilidades SQL Injection. 
Testei muito bom esse programa disponibilisado pela HP em seu site que trata sobre o assunto HP Security Center Resource Library, 100% Free muito simples a interface sem muitos complicantes recomendo. 
Scrawlr é muito rápido e usa nossa tecnologia de motores inteligentes dinamicamente ofício ataques de injeção SQL na mosca. Ele pode até mesmo apresentar prova de resultados positivos, mostrando o tipo de banco de dados de back-end em uso e uma lista de nomes de tabelas disponíveis. Não há como negar que você tem a injeção SQL quando eu posso mostrar-lhe os nomes de tabela! 
OBS: para baixar tem que efetuar um registro simples no site da HP segui o link logo abaixo
[Baixar]

[Hacking] Busca de Erros SQL em domínio Chinês.

Busca de Erros SQL em domínio Chinês com Motor de busca Google
String:  site:.cn +error +sql inurl:(|?id=|?=|)
EX01: site:cn = busca por sites com dominio Chinês.
+sql = procura pelo termo sql exposto no site.

+error =  procura pelo termo error no site.

inurl:(|?id=|?=|) = .Procura pelo parametro ?id=, Que é usado em sites que buscan dados em seus serves sql, Com a junção de sql + error = site propício a invasão

[Google] SEO e SQL injection: é importante se proteger

 SEO e SQL injection: é importante se proteger

Defacer's tem aproveitado vulnerabilidades para inserir códigos em páginas de sites. Estes códigos tem diversas funções. Uma é a de esconder links nas suas páginas para passar o PageRank da vítima para páginas escolhidas pelo invasor. Outra é inserir código para abrir publicidade pop-up na suas páginas ou para usar sua página para atacar seus visitantes. Isto pode ser entendido como Black Hat SEO e causar punição para o seu site sem você nem ter culpa.
Umas das técnicas para explorar estas vunerabilidades é o SQL Injection e seu uso tem aumentado recentemente. Ele se aproveita da programação utilizada para consultar suas tabelas do banco de dados para roubar informação ou inserir código malicioso. Isto quer dizer que qualquer site que monta suas páginas com base no conteúdo de um banco de dados, como gerenciadores de conteúdo, corre o risco deste ataque.

Exemplo de página infectada com alerta “Este site pode danificar seu computador”:

Uma maneira de encontrar alguns exemplos deste grande ataque é procurar no Google por “b.js“, ou por intext:b.js um dos domínios usados no ataque como www.chinabnr.com, www.adwbnr.com ou www.pingadw.com. Se você foi vítima de um ataque deste, visite o link para saber sobre este SQL Injection da China.
Este código pode estar oculto no seu site e talvez seja difícil para o dono do site descobrir que sofreu um ataque. Para isto você tem duas alternativas: vasculhar o código de todas as página do site ou torcer para o Google descobrir e te enviar uma mensagem de alerta. Esta mensagem pode estar no Google Webmaster Tools na área de mensagens ou pode vir por e-mail se você tiver uma conta com nome de usuário como abuse, admin, administrator, contact, info ou webmaster. Um exemplo seria ter um e-mail como “contact(arroba)seusite.com.br”.
A mensagem que você receberá terá instruções sobre qual é a URL problemática e a possível causa do problema. Resolva completamente o problema e então informe ao Google. A tendência é que esti tipo de ataque seja mais comum, principalmente pelo potencial de conseguir links para aumentar PageRank, por isto atenção redobrada e divulgue sobre os riscos de invasão.
Fonte marketingdebusca.com.br :  goo.gl/pJcKI

[String] Busca de Erros SQL em sites argentino

Busca de Erros SQL em sites argentino com Motor de busca Google
String:  site:ar  +sql +error inurl:?id=
EX01: site:ar = busca por sites com dominio argentino.
+sql = procura pelo termo sql exposto no site.

+error =  procura pelo termo error no site.

Com a junção de sql + error = site propício a invasão

[Google] Utilizando o cache do google modo hacking

Utilizando o cache do Google

Na área da computação, cache é um dispositivo de acesso rápido, interno a um sistema, que serve de intermediário entre um operador de um processo e o dispositivo de armazenamento ao qual esse operador acede. A vantagem principal na utilização de uma cache consiste em evitar o acesso ao dispositivo de armazenamento - que pode ser demorado -, armazenando os dados em meios de acesso mais rápidos.

Cache é a memória dos servidores do Google digamos assim,  ele mostra a ultima atualização da pagina que deseja string seria dessa forma, cache:www.sitequedeseja.com.br

Mesmo a pagina fora do ar o Google expõe os dados para você pois os mesmo não estão mais hospedados no servidor original da url WWW.sitequedeseja.com.br , mais  no Google.

Muitas vezes nos deparamos com sites que saíram do ar mais tem um conteúdo de nosso interesse  com comando cache podemos acessá-los,

Uma forma fácil de hacking que você pode ter acesso a paginas não autorizadas de site como
teste acessa  a erros do site veja o exemplo logo abaixo.

NA PESQUISA:
site:.gov.br & error & SQL
ACHAMOS

DADOS DA PESQUISA:
Prefeitura Municipal de Capanema - Pará - Construindo um novo ...
Warning: database error:MySQL server has gone away SQL=SELECT m.* FROM cap_menu AS m WHERE menutype='mainmenu' AND published = 1 AND access <= 0 AND parent ...
www.capanema.pa.gov.br/fotos/?limitstart=18...50 - Em cache

Podemos observar que ao acessa diretamente o link
http://www.capanema.pa.gov.br/fotos/?limitstart=18&limitstartg=50
os erros SQL foram corrigidos, mais com um simples
cache: http://www.capanema.pa.gov.br/fotos/?limitstart=18&limitstartg=50

Todos eles automaticamente são expostos assim abri um grande leque para intrusão via SQL-injection.

O cache não necessariamente diz respeito à data em que a página foi alterada, e sim à data em que o Googlebot visitou a página pela última vez. Este vídeo em inglês de Matt Cutts , do Google, explica como funcionamento todo processo.

Para que o Googlebot não inclua sua pagina no chache,inclua o comando entre suas meta tags, antes da tag :BODY

[Google] String Busca SQL ERRO

Busca de ERRO SQL com Motor de busca Google
String:*org.br  inurl:"id=" & intext:"Warning: mysql_fetch_array()
*org.br = pesquisa em sites que possuem org.br *= pesquisa hosts que terminam com .org.br
EX: uniesp.org.br // teste.org.br  etc..
inurl:"id=" = pesquisa site que terminam com id=
EX:www.xxx.org.br/site/index.php?option=com_content&view=article&id=58

OBS:Variaveis que pode ajudar em sua busca etc..
  Alternânciade de domínios ajuda em uma busca valida.

By:Cleiton Pinheiro 

[BD] String Variadas

Vulnerabilidades

comment:advisories and vulnerabilities*-----

"1999-2004 FuseTalk Inc" -site:fusetalk.com

"2003 DUware All Rights Reserved"

"Active Webcam Page" inurl:8080

"BlackBoard 1.5.1-f | © 2003-4 by Yves Goergen"

"BosDates Calendar System " "powered by BosDates v3.2 by BosDev"

"Copyright © 2002 Agustin Dondo Scripts"

"delete entries" inurl:admin/delete.asp

"driven by: ASP Message Board"

"Enter ip" inurl:"php-ping.php"

"IceWarp Web Mail 5.3.0" "Powered by IceWarp"

"Ideal BB Version: 0.1" -idealbb.com

"inurl:/site/articles.asp?idcategory="

"Obtenez votre forum Aztek" -site:forum-aztek.com

"Online Store - Powered by ProductCart"

"Powered *: newtelligence" ("dasBlog 1.6"| "dasBlog 1.5"| "dasBlog 1.4"|"dasBlog 1.3")

"Powered by A-CART"

"Powered by AJ-Fork v.167"

"powered by antiboard"

"Powered by Coppermine Photo Gallery"

"Powered by CubeCart"

"Powered by DCP-Portal v5.5"

"Powered by DMXReady Site Chassis Manager" -site:dmxready.com

"Powered by FUDforum"

"Powered by Gallery v1.4.4"

"Powered by IceWarp Software" inurl:mail

"Powered by Ikonboard 3.1.1"

"Powered by Megabook *" inurl:guestbook.cgi

"Powered by MercuryBoard [v1"

"powered by minibb" -site:www.minibb.net -intext:1.7f

"Powered by My Blog" intext:"FuzzyMonkey.org"

"Powered by ocPortal" -demo -ocportal.com

"powered by phpWebSite" 0.9-3-2...4

"Powered by PowerPortal v1.3"

"powered by vbulletin 3.0"

"Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq

"Powered by WowBB" -site:wowbb.com

"Powered by YaPig V0.92b"

"Powered by yappa-ng"

"running: Nucleus v3.1" -.nucleuscms.org -demo

"SquirrelMail version 1.4.4" inurl:src ext:php

"This page has been automatically generated by Plesk Server Administrator"

+"Powered by Invision Power Board v2.0.0..2"

+"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl

inurl:"dispatch.php?atknodetype" | inurl:class.at -----Achievo webbased project management-----

allintitle:aspjar.com guestbook

inurl:"/becommunity/community/index.php?pageurl=" -----E-market remote code execution-----

inurl:custva.asp -----EarlyImpact Productcart-----

ext:php intext:"Powered by phpNewMan Version"

ext:pl inurl:cgi intitle:"FormMail *" -"*Referrer" -"* Denied" -sourceforge -error -cvs -input

filetype:cgi inurl:nbmember.cgi

filetype:cgi inurl:pdesk.cgi

filetype:cgi inurl:tseekdir.cgi

filetype:php inurl:index.php inurl:"module=subjects" inurl:"func=*" (listpages| viewpage | listcat)

intext:("UBB.threads™ 6.2"|"UBB.threads™ 6.3") intext:"You * not logged *" -site:ubbcentral.com

intitle:"EMUMAIL - Login" "Powered by EMU Webmail"

intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)

intitle:"View Img" inurl:viewimg.php

intitle:"WebJeff - FileManager" intext:"login" intext:Pass|PAsse

intitle:"WordPress > * > Login form" inurl:"wp-login.php"

intitle:guestbook "advanced guestbook 2.2 powered"

intitle:welcome.to.horde

inurl:"/cgi-bin/loadpage.cgi?user_id="

inurl:"/site/articles.asp?idcategory="

inurl:"comment.php?serendipity"

inurl:"messageboard/Forum.asp?"

inurl:"slxweb.dll"

inurl:/SiteChassisManager/

inurl:cal_make.pl

inurl:citrix/metaframexp/default/login.asp? ClientDetection=On

inurl:comersus_message.asp

inurl:directorypro.cgi

inurl:gotoURL.asp?url=

inurl:technote inurl:main.cgi*filename=*

inurl:ttt-webmaster.php

inurl:wiki/MediaWiki

"Powered by Invision Power Board(U) v1.3 Final" -----Invision Power Board SSI.PHP SQL Injection-----

"Powered by mnoGoSearch - free web search engine software" -----nGoSearch vulnerability-----

"FC Bigfeet" -inurl:mail -----Quicksite demopages for Typo3-----

inurl:com_remository -----ReMOSitory module for Mambo-----

uploadpics.php?did= -forumintext:Generated.by.phpix.1.0? inurl:$mode=album

"Powered by: vBulletin * 3.0.1" inurl:newreply.php -----vBulletin version 3.0.1 newreply.php XSS-----

filetype:asp inurl:"shopdisplayproducts.asp" -----VP-ASP Shopping Cart XSS-----

inurl:/cgi-bin/index.cgi inurl:topics inurl:viewcat= +intext:"WebAPP" -site:web-app.org -----WebAPP directory traversal-----

  Arquivos com senha

comment:Files containing passwords***-----

"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)

"# -FrontPage-" inurl:service.pwd

"AutoCreate=TRUE password=*"

"http://*:*@www" domainname

"index of/" "ws_ftp.ini" "parent directory"

"liveice configuration file" ext:cfg -site:sourceforge.net

"powered by ducalendar" -site:duware.com

"Powered by Duclassified" -site:duware.com

"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"

"powered by duclassmate" -site:duware.com

"Powered by Dudirectory" -site:duware.com

"powered by dudownload" -site:duware.com

"Powered By Elite Forum Version *.*"

"Powered by Link Department"

"sets mode: +k"

"Powered by DUpaypal" -site:duware.com

allinurl: admin mdb

auth_user_file.txt

config.php

eggdrop filetype:user user

etc (index.of)

ext:ini eudora.ini

ext:ini Version=4.0.0.4 password

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:cfg mrtg "target[*]" -sample -cvs -example

filetype:cfm "cfapplication name" password

filetype:conf oekakibbs

filetype:conf sc_serv.conf

filetype:conf slapd.conf

filetype:config config intext:appSettings "User ID"

filetype:dat "password.dat"

filetype:dat wand.dat

filetype:inc dbconn

filetype:inc intext:mysql_connect

filetype:inc mysql_connect OR mysql_pconnect

filetype:ini inurl:"serv-u.ini"

filetype:ini inurl:flashFXP.ini

filetype:ini ServUDaemon

filetype:ini wcx_ftp

filetype:ini ws_ftp pwd

filetype:ldb admin

filetype:log "See `ipsec --copyright"

filetype:log inurl:"password.log"

filetype:mdb inurl:users.mdb

filetype:mdb wwforum

filetype:netrc password

filetype:pass pass intext:userid

filetype:pem intext:private

filetype:properties inurl:db intext:password

filetype:pwd service

filetype:pwl pwl

filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"

filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS

filetype:sql ("values * MD5" | "values * password" | "values * encrypt")

filetype:sql ("passwd values" | "password values" | "pass values" )

filetype:sql +"IDENTIFIED BY" -cvs

filetype:sql password

filetype:url +inurl:"ftp://" +inurl:";@"

filetype:xls username password email

htpasswd

htpasswd / htgroup

htpasswd / htpasswd.bak

intext:"enable secret 5 $"

intext:"powered by Web Wiz Journal"

intitle:"index of" intext:connect.inc

intitle:"index of" intext:globals.inc

intitle:"Index of" passwords modified

intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com

intitle:index.of administrators.pwd

intitle:Index.of etc shadow

intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"

inurl:"GRC.DAT" intext:"password"

inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample

inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample

inurl:"wvdial.conf" intext:"password"

inurl:/db/main.mdb

inurl:/wwwboard

inurl:ccbill filetype:log

inurl:chap-secrets -cvs

inurl:config.php dbuname dbpass

inurl:filezilla.xml -cvs

inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man

inurl:nuke filetype:sql

inurl:ospfd.conf intext:password -sample -test -tutorial -download

inurl:pap-secrets -cvs

inurl:perform filetype:ini

inurl:secring ext:skr | ext:pgp | ext:bak

inurl:vtund.conf intext:pass -cvs

inurl:zebra.conf intext:password -sample -test -tutorial -download

LeapFTP intitle:"index.of./" sites.ini modified

intitle:index.of master.passwd -----master.passwd-----

intitle:"Index of" .mysql_history -----mysql history files-----

"Your password is * Remember this for later use" -----NickServ registration passwords-----

index.of passlist -----passlist-----

inurl:passlist.txt -----passlist.txt-----

intitle:index.of passwd passwd.bak -----passwd-----

intitle:"Index of..etc" passwd -----passwd / etc-----

intitle:index.of people.lst -----people.lst-----

filetype:conf inurl:psybnc.conf "USER.PASS=" -----psyBNC config files-----

intitle:"Index of" pwd.db -----pwd.db-----

signin filetype:url

intitle:"Index of" spwd.db passwd -pam.conf -----spwd.db / passwd-----

intitle:index.of trillian.ini -----trillian.ini-----

  Diretórios sensíveis

comment:Sensitive Directories***]

"Index Of /network" "last modified"

"index of cgi-bin"

"index of" / picasa.ini

"index of" inurl:recycler

"Index of" rar r01 nfo Modified 2004

"intitle:Index.Of /" stats merchant cgi-* etc

"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )

"Web File Browser" "Use regular expression"

"Welcome to phpMyAdmin" " Create new database"

allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"

filetype:cfg ks intext:rootpw -sample -test -howto

filetype:torrent torrent

Index of phpMyAdmin

index.of.dcim

index.of.password

index.of.password

intext:"d.aspx?id" || inurl:"d.aspx?id"

intext:"Powered By: TotalIndex" intitle:"TotalIndex"

intitle:"album permissions" "Users who can modify photos" "EVERYBODY"

intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat

intitle:"HFS /" +"HttpFileServer"

intitle:"Index of *" inurl:"my shared folder" size modified

intitle:"Index of /CFIDE/" administrator

intitle:"Index of c:\Windows"

intitle:"index of" "parent directory" "desktop.ini" site:dyndns.org

intitle:"index of" -inurl:htm -inurl:html mp3

intitle:"Index of" cfide

intitle:"index of" intext:"content.ie5"

intitle:"index of" inurl:ftp (pub | incoming)

intitle:"index.of.personal"

intitle:"webadmin - /*" filetype:php directory filename permission

intitle:index.of (inurl:fileadmin | intitle:fileadmin)

intitle:index.of /AlbumArt_

intitle:index.of abyss.conf

intitle:intranet inurl:intranet +intext:"human resources"

intitle:upload inurl:upload intext:upload -forum -shop -support -w3c

inurl:/pls/sample/admin_/help/

inurl:/tmp

inurl:backup intitle:index.of inurl:admin

inurl:explorer.cfm inurl:(dirpath|This_Directory)

inurl:j2ee/examples/jsp

inurl:ojspdemos

"Index of /backup" -----Look in my backup directories! Please?-----

index.of.private -----private-----

index.of.protected -----protected-----

index.of.secret -----secret-----

index.of.secure -----secure-----

index.of.winnt -----winnt-----

-----------------------------------------------------------------------------------

ERROS

comment:Error messages***-----

"A syntax error has occurred" filetype:ihtml

"access denied for user" "using password"

"An illegal character has been found in the statement" -"previous message"

"ASP.NET_SessionId" "data source="

"Can't connect to local" intitle:warning

"Chatologica MetaSearch" "stack tracking"

"detected an internal error [IBM][CLI Driver][DB2/6000]"

"error found handling the request" cocoon filetype:xml

"Fatal error: Call to undefined function" -reply -the -next

"Incorrect syntax near"

"Incorrect syntax near"

"Internal Server Error" "server at"

"Invision Power Board Database Error"

"ORA-00933: SQL command not properly ended"

"ORA-12541: TNS:no listener" intitle:"error occurred"

"PostgreSQL query failed: ERROR: parser: parse error"

"Supplied argument is not a valid MySQL result resource"

"Syntax error in query expression " -the

"The script whose uid is " "is not allowed to access"

"Unclosed quotation mark before the character string"

"Warning: Cannot modify header information - headers already sent"

"Warning: mysql_query()" "invalid query"

"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"

An unexpected token "END-OF-STATEMENT" was found

"Error Diagnostic Information" intitle:"Error Occurred While" -----Coldfusion Error Pages-----

filetype:asp "Custom Error Message" Category Source

filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error"

filetype:php inurl:"logging.php" "Discuz" error

ht://Dig htsearch error

intitle:"the page cannot be found" inetmgr -----IIS 4.0 error messages-----

intitle:"the page cannot be found" "internet information services" -----IIS web server error messages-----

intitle:"500 Internal Server Error" "server at" -----Internal Server Error-----

intext:"Error Message : Error loading required libraries."

intext:"Warning: Failed opening" "on line" "include_path"

intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm

intitle:"Error Occurred" "The error occurred in" filetype:cfm

intitle:"Error using Hypernews" "Server Software"

intitle:"Execution of this script not permitted"

intitle:"Under construction" "does not currently have"

intitle:Configuration.File inurl:softcart.exe

"supplied argument is not a valid MySQL result resource" -----MYSQL error message: supplied argument....-----

"mySQL error with query" -----mysql error with query-----

"ORA-00921: unexpected end of SQL command" -----ORA-00921: unexpected end of SQL command-----

"ORA-00936: missing expression" -----ORA-00936: missing expression-----

intext:"Warning: Failed opening" "on line" "include_path" -----PHP application warnings failing "include_path"-----

inurl:sitebuildercontent -----sitebuildercontent-----

inurl:sitebuilderfiles -----sitebuilderfiles-----

inurl:sitebuilderpictures -----sitebuilderpictures-----

databasetype. Code : 80004005. Error Description -----Snitz! forums db path error-----

"You have an error in your SQL syntax near" -----SQL syntax error-----

"Supplied argument is not a valid PostgreSQL result" -----Supplied argument is not a valid PostgreSQL result-----

warning "error on line" php sablotron

intitle:"the page cannot be found" "2004 microsoft corporation" -----Windows 2000 web server error messages-----

-----------------------------------------------------------------------------------

Arquivos de user's

comment:Files containing usernames***-----

"index of" / lck

+intext:"webalizer" +intext:"Total Usernames" +intext:"Usage Statistics for"

intitle:index.of .bash_history -----bash_history files-----

filetype:conf inurl:proftpd.conf -sample

filetype:log username putty

filetype:reg reg +intext:"internet account manager"

filetype:reg reg HKEY_CURRENT_USER username

index.of perform.ini

inurl:admin filetype:asp inurl:userlist

inurl:admin inurl:userlist

inurl:php inurl:hlstats intext:"Server Username"

inurl:root.asp?acs=anon -----OWA Public folders & Address book-----

intitle:index.of .sh_history -----sh_history files-----

comment:Footholds***-----

"adding new user" inurl:addnewuser -"there are no domains"

(inurl:81/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")

+htpasswd +WS_FTP.LOG filetype:log

filetype:php HAXPLORER "Server Files Browser"

intitle:"Web Data Administrator - Login"

intitle:admin intitle:login

inurl:"phpOracleAdmin/php" -download -cvs

inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx

intitle:"PHP Shell *" "Enable stderr" filetype:php -----PHP Shell (unprotected)-----

PHPKonsole PHPShell filetype:php -echo

"Powered by PHPFM" filetype:php -username -----Public PHP FileManagers-----

comment:Pages containing login portals***-----

intitle:"remote assessment" OpenAanval Console

intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password"

"IMail Server Web Messaging" intitle:login

"Login - Sun Cobalt RaQ"

"Login to Usermin" inurl:20000

"Microsoft CRM : Unsupported Browser Version"

"OPENSRS Domain Management" inurl:manage.cgi

"pcANYWHERE EXPRESS Java Client"

"please log in"

"powered by CuteNews" "2003..2005 CutePHP"

"SysCP - login"

"ttawlogin.cgi/?action="

"VHCS Pro ver" -demo

"VNC Desktop" inurl:5800

"Web Control Panel" "Enter your password here"

"WebExplorer Server - Login" "Welcome to WebExplorer Server"

"WebSTAR Mail - Please Log In"

(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil

"4images Administration Control Panel"

allinurl:"exchange/logon.asp"

ASP.login_aspx "ASP.NET_SessionId"

filetype:cgi inurl:"irc.cgi" | intitle:"CGI:IRC Login" -----CGI:IRC Login-----

Admin intitle:"eZ publish administration" -----ez Publish administration-----

filetype:php inurl:"webeditor.php"

filetype:pl "Download: SuSE Linux Openexchange Server CA"

filetype:r2w r2w

intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"

intext:"Mail admins login here to administrate your domain."

intext:"Storage Management Server for" intitle:"Server Administration"

intitle:"Athens Authentication Point"

intitle:"ColdFusion Administrator Login"

intitle:"Dell Remote Access Controller"

intitle:"ePowerSwitch Login"

intitle:"Icecast Administration Admin Page"

intitle:"ISPMan : Unauthorized Access prohibited"

intitle:"ITS System Information" "Please log on to the SAP System"

intitle:"Kurant Corporation StoreSense" filetype:bok Posts: 23 filetype:bok intitle:"Kurant Corporation StoreSense"

intitle:"Login - powered by Easy File Sharing Web Server"

intitle:"MailMan Login"

intitle:"microsoft certificate services" inurl:certsrv

intitle:"MikroTik RouterOS Managing Webpage"

intitle:"MX Control Console" "If you can't remember"

intitle:"Novell Web Services" intext:"Select a service and a language."

intitle:"oMail-admin Administration - Login" -inurl:omnis.ch

intitle:"Philex 0.2*" -script -site:freelists.org

intitle:"PHP Advanced Transfer" inurl:"login.php"

intitle:"php icalendar administration" -site:sourceforge.net

intitle:"php icalendar administration" -site:sourceforge.net

intitle:"please login" "your password is *"

intitle:"Remote Desktop Web Connection" inurl:tsweb

intitle:"teamspeak server-administration

intitle:"Tomcat Server Administration"

intitle:"TUTOS Login"

intitle:"vhost" intext:"vHost . 2000-2004"

intitle:"Virtual Server Administration System"

intitle:"VitalQIP IP Management System"

intitle:"VNC viewer for Java"

intitle:"WebLogic Server" intitle:"Console Login" inurl:console

intitle:"Welcome Site/User Administrator" "Please select the language" -demos

intitle:"welcome to netware *" -site:novell.com

intitle:"ZyXEL Prestige Router" "Enter password"

intitle:Group-Office "Enter your username and password to login"

intitle:Login * Webmailer

intitle:Login intext:"RT is © Copyright"

intitle:Node.List Win32.Version.3.11

intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"

intitle:plesk inurl:login.php3

inurl:"1220/parse_xml.cgi?"

inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)

inurl:":10000" intext:webmin

inurl:"Activex/default.htm" "Demo"

inurl:"calendar.asp?action=login"

inurl:"gs/adminlogin.aspx"

inurl:"typo3/index.php?u=" -demo

inurl:"usysinfo?login=true"

inurl:"utilities/TreeView.asp"

inurl:"webadmin" filetype:nsf

inurl:/admin/login.asp

inurl:/cgi-bin/sqwebmail?noframes=1

inurl:/Citrix/Nfuse17/

inurl:/dana-na/auth/welcome.html

inurl:/eprise/

inurl:/webedit.* intext:WebEdit Professional -html

inurl:1810 "Oracle Enterprise Manager"

inurl:administrator "welcome to mambo"

inurl:cgi-bin/ultimatebb.cgi?ubb=login

inurl:confixx inurl:login|anmeldung

inurl:coranto.cgi intitle:Login (Authorized Users Only)

inurl:default.asp intitle:"WebCommander"

inurl:irc filetype:cgi cgi:irc

inurl:login filetype:swf swf

inurl:login.asp

inurl:login.cfm

inurl:login.php "SquirrelMail version"

inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login"

inurl:mewebmail

inurl:names.nsf?opendatabase

inurl:orasso.wwsso_app_admin.ls_login

inurl:postfixadmin intitle:"postfix admin" ext:php

inurl:search/admin.php

inurl:WCP_USER

Login ("Powered by Jetbox One CMS ™" | "Powered by Jetstream © *")

Novell NetWare intext:"netware management portal version"

inurl:"exchange/logon.asp" OR intitle:"Microsoft Outlook Web Access - Logon" -----Outlook Web Access (a better way)-----

-Login inurl:photopost/uploadphoto.php -----PhotoPost PHP Upload-----

inurl:PHPhotoalbum/statistics intitle:"PHPhotoalbum - Statistics" -----PHPhotoalbum Statistics-----

intitle:"PHPhotoalbum - Upload" | inurl:"PHPhotoalbum/upload" -----PHPhotoalbum Upload-----

filetype:php login (intitle:phpWebMail|WebMail) -----phpWebMail-----

+"Powered by INDEXU" inurl:(browse|top_rated|power) -----Powered by INDEXU-----

filetype:cfg login "LoginServer=" -----Ultima Online loginservers-----

uploadpics.php?did= -forum -----W-Nailer Upload Area-----

Informações Senciveis de ADM online

comment:Sensitive Online Shopping Info***-----

"More Info about MetaCart Free"

inurl:"/database/comersus.mdb" -----Comersus.mdb database-----

inurl:midicart.mdb

inurl:shopdbtest.asp

POWERED BY HIT JAMMER 1.0!

site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #"

inurl:"shopadmin.asp" "Shop Administrators only" -----VP-ASP Shop Administrators only-----

comment:Various online devices***-----

"Copyright (c) Tektronix, Inc." "printer status"

"intitle:Cisco Systems, Inc. VPN 3000 Concentrator"

"please visit" intitle:"i-Catcher Console" Copyright "iCode Systems"

"powered by webcamXP" "Pro|Broadcast"

"Starting SiteZAP 6.0"

("Fiery WebTools" inurl:index2.html) | "WebTools enable * * observe, *, * * * flow * print jobs"

inurl:sts_index.cgi -----Aficio 1022-----

allintitle:Brains, Corp. camera

allinurl:index.htm?cus?audio

inurl:indexFrame.shtml Axis -----Axis Network Cameras-----

axis storpoint "file view" inurl:/volumes/

camera linksys inurl:main.cgi

intitle:"remote ui:top page" -----Canon ImageReady machines-----

intitle:liveapplet inurl:LvAppl -----Canon Webview netcams-----

filetype:cgi transcoder.cgi

intext:"MaiLinX Alert (Notify)" -site:networkprinters.com

intext:"Please enter correct password for Administrator Access. Thank you" "Copyright © 2003 SMC Networks, Inc. All rights reserved."

intext:"Ready with 10/100T Ethernet"

intext:"UAA (MSB)" Lexmark -ext:pdf

intext:"Videoconference Management System" ext:htm

intitle:"AudioReQuest.web.server"

intitle:"axis storpoint CD" intitle:"ip address"

intitle:"BorderManager Information alert"

intitle:"Browser Launch Page"

intitle:"Cayman-DSL.home"

intitle:"DEFAULT_CONFIG - HP"

intitle:"DEFAULT_CONFIG - HP"

intitle:"dreambox web"

intitle:"DVR Web client"

intitle:"EpsonNet WebAssist Rev"

intitle:"EverFocus.EDSR.applet"

intitle:"EvoCam" inurl:"webcam.html"

intitle:"Home" "Xerox Corporation" "Refresh Status"

intitle:"ipcop - main"

intitle:"iVISTA.Main.Page"

intitle:"lantronix web-manager"

intitle:"Live NetSnap Cam-Server feed"

intitle:"Live View / - AXIS"

intitle:"my webcamXP server!" inurl:":8080"

intitle:"Network Print Server" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )

intitle:"Network Print Server" intext:"http://www.axis.com" filetype:shtm

intitle:"Setup Home" "You will need * log in before * * change * settings"

intitle:"Sipura.SPA.Configuration" -.pdf

intitle:"Smoothwall Express" inurl:cgi-bin "up * days"

intitle:"Spam Firewall" inurl:"8000/cgi-bin/index.cgi"

intitle:"SpeedStream Router Management Interface"

intitle:"supervisioncam protocol"

intitle:"switch home page" "cisco systems" "Telnet - to"

intitle:"switch login" "IBM Fast Ethernet Desktop"

intitle:"The AXIS 200 Home Page"

intitle:"toshiba network camera - User Login"

intitle:"V-Gear BEE"

intitle:"View and Configure PhaserLink"

intitle:"Brother" intext:"View Configuration" intext:"Brother Industries, Ltd."

intitle:"Connection Status" intext:"Current login"

intitle:Linksys site:ourlinksys.com

intitle:RICOH intitle:"Network Administration"

intitle:webeye inurl:login.ml

inurl:"8003/Display?what="

inurl:":631/printers" -php -demo

inurl:"ipp/pdisplay.htm"

inurl:"level/15/exec/-/show"

inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi

inurl:"printer/main.html" intext:"settings"

inurl:axis-cgi

inurl:camctrl.cgi

inurl:hp/device/this.LCDispatcher

inurl:na_admin

inurl:netw_tcp.shtml

inurl:TiVoConnect?Command=QueryServer

inurl:webArch/mainFrame.cgi

intitle:"network administration" inurl:"nic" -----Konica Network Printer Administration-----

(intext:"MOBOTIX M1" | intext:"MOBOTIX M10") intext:"Open Menu" Shift-Reload -----Mobotix netcams-----

intitle:"Live View / - AXIS" | inurl:view/view.sht -----More Axis netcams !-----

inurl:"ViewerFrame?Mode=" -----Panasonic Network Cameras-----

intitle:"WJ-NT104 Main Page" -----Panasonic WJ-NT104 netcams-----

intext:centreware inurl:status -----Phasers 4500/6250/8200/8400-----

intitle:flexwatch intext:"Home page ver" -----Seyeon FlexWATCH cameras-----

site:.viewnetcam.com -www.viewnetcam.com

intitle:snc-z20 inurl:home/ -----Sony SNC-RZ20 network cameras-----

intitle:snc-rz30 inurl:home/ -----Sony SNC-RZ30 Network Cameras-----

WebControl intitle:"AMX NetLinx"

"Phaser 6250" "Printer Neighborhood" "XEROX CORPORATION" -----Xerox Phaser 6250-----

"Phaser 8200" "© Xerox" "refresh" " Email Alerts" -----Xerox Phaser 8200-----

"Phaser® 740 Color Printer" "printer named: " -----Xerox Phaser® 740 Color Printer-----

"Phaser® 840 Color Printer" "Current Status" "printer named:" -----Xerox Phaser® 840 Color Printer-----

Arquivos com informaçoes LOG's

comment:Files containing juicy info***]

intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu

"#mysql dump" filetype:sql

"allow_call_time_pass_reference" "PATH_INFO"

"Certificate Practice Statement" inurl:(PDF | DOC)

"Generated by phpSystem"

"generated by wwwstat"

"Host Vulnerability Summary Report"

"HTTP_FROM=googlebot" googlebot.com "Server_Software="

"Index of" / "chat/logs"

"Installed Objects Scanner" inurl:default.asp

"Mecury Version" "Infastructure Group"

"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log

"Most Submitted Forms and Scripts" "this section"

"Network Vulnerability Assessment Report"

"not for distribution" confidential

"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"

"phpMyAdmin" "running on" inurl:"main.php"

"produced by getstats"

"Request Details" "Control Tree" "Server Variables"

"robots.txt" "Disallow:" filetype:txt

"Running in Child mode"

"sets mode: +p"

"sets mode: +s"

"Thank you for your order" +receipt

"This is a Shareaza Node"

"This report was generated by WebLog"

( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject

(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

+":8080" +":3128" +":80" filetype:txt

+"HSTSNR" -"netop.com"

-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp

94FBR "ADOBE PHOTOSHOP"

buddylist.blt -----AIM buddy lists-----

allinurl:/examples/jsp/snp/snoop.jsp

allinurl:servlet/SnoopServlet

intitle:index.of cgiirc.config -----cgiirc.conf-----

inurl:cgiirc.config -----cgiirc.conf-----

data filetype:mdb -site:gov -site:mil

e-mail address filetype:csv csv -----exported email addresses-----

ext:asp inurl:pathto.asp

ext:cgi inurl:editcgi.cgi inurl:file=

ext:conf inurl:rsyncd.conf -cvs -man

ext:conf NoCatAuth -cvs

ext:dat bpk.dat

ext:gho gho

ext:ini intext:env.ini

ext:ldif ldif

ext:log "Software: Microsoft Internet Information Services *.*"

ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

ext:nsf nsf -gov -mil

ext:pqi pqi -database

ext:reg "username=*" putty

ext:txt "Final encryption key"

ext:txt inurl:dxdiag

ext:vmdk vmdk

ext:vmx vmx

filetype:asp DBQ=" * Server.MapPath("*.mdb")

filetype:bkf bkf

filetype:blt "buddylist"

filetype:blt blt +intext:screenname

filetype:cfg auto_inst.cfg

filetype:cnf inurl:_vti_pvt access.cnf

filetype:conf inurl:firewall -intitle:cvs

filetype:config web.config -CVS

filetype:ctt Contact

filetype:ctt ctt messenger

filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To"

filetype:fp3 fp3

filetype:fp5 fp5 -site:gov -site:mil -"cvs log"

filetype:fp7 fp7

filetype:inf inurl:capolicy.inf

filetype:lic lic intext:key

filetype:log access.log -CVS

filetype:mbx mbx intext:Subject

filetype:myd myd -CVS

filetype:ns1 ns1

filetype:ora ora

filetype:pdb pdb backup (Pilot | Pluckerdb)

filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net

filetype:pot inurl:john.pot

filetype:pst inurl:"outlook.pst"

filetype:pst pst -from -to -date

filetype:qbb qbb

filetype:rdp rdp

filetype:reg "Terminal Server Client"

filetype:vcs vcs

filetype:wab wab

filetype:xls -site:gov inurl:contact

filetype:xls inurl:"email.xls"

intitle:"Index of" finance.xls -----Financial spreadsheets: finance.xls-----

intitle:index.of finances.xls -----Financial spreadsheets: finances.xls-----

intitle:"Ganglia" "Cluster Report for" -----Ganglia Cluster Reports-----

intitle:index.of haccess.ctl -----haccess.ctl (one way)-----

filetype:ctl Basic -----haccess.ctl (VERY reliable)-----

intitle:"Index of" dbconvert.exe chats -----ICQ chat logs, please...-----

filetype:log cron.log

intext:"Session Start * * * *:*:* *" filetype:log

intext:"Tobias Oetiker" "traffic analysis"

intext:(password | passcode) intext:(username | userid | user) filetype:csv

intext:gmail invite intext:http://gmail.google.com/gmail/a

intext:SQLiteManager inurl:main.php

intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

intitle:"AppServ Open Project" -site:www.appservnetwork.com

intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos"

intitle:"Big Sister" +"OK Attention Trouble"

intitle:"edna:streaming mp3 server" -forums

intitle:"FTP root at"

intitle:"index of" +myd size

intitle:"Index Of" -inurl:maillog maillog size

intitle:"Index Of" cookies.txt size

intitle:"index of" mysql.conf OR mysql_config

intitle:"Index of" upload size parent directory

intitle:"index.of *" admin news.asp configview.asp

intitle:"index.of" .diz .nfo last modified

intitle:"Multimon UPS status page"

intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )

intitle:"PhpMyExplorer" inurl:"index.php" -cvs

intitle:"statistics of" "advanced web statistics"

intitle:"System Statistics" +"System and Network Information Center"

intitle:"Usage Statistics for" "Generated by Webalizer"

intitle:"wbem" compaq login

intitle:"Web Server Statistics for ****"

intitle:"web server status" SSH Telnet

intitle:"welcome.to.squeezebox"

intitle:admin intitle:login

intitle:index.of "Apache" "server at"

intitle:index.of cleanup.log

intitle:index.of dead.letter

intitle:index.of inbox

intitle:index.of inbox dbx

intitle:index.of ws_ftp.ini

intitle:intranet inurl:intranet +intext:"phone"

inurl:"/axs/ax-admin.pl" -script

inurl:"/cricket/grapher.cgi"

inurl:"bookmark.htm"

inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM

inurl:"newsletter/admin/"

inurl:"newsletter/admin/" intitle:"newsletter admin"

inurl:"putty.reg"

inurl:"smb.conf" intext:"workgroup" filetype:conf conf

inurl:*db filetype:mdb

inurl:/_layouts/settings

inurl:admin filetype:xls

inurl:admin intitle:login

inurl:backup filetype:mdb

inurl:cgi-bin/printenv

inurl:cgi-bin/testcgi.exe "Please distribute TestCGI"

inurl:changepassword.asp

inurl:ds.py

inurl:email filetype:mdb

inurl:fcgi-bin/echo

inurl:forum filetype:mdb

inurl:forward filetype:forward -cvs

inurl:getmsg.html intitle:hotmail

inurl:log.nsf -gov

inurl:main.php phpMyAdmin

inurl:main.php Welcome to phpMyAdmin

inurl:netscape.hst

inurl:netscape.hst

inurl:netscape.ini

inurl:odbc.ini ext:ini -cvs

inurl:perl/printenv

inurl:php.ini filetype:ini

inurl:preferences.ini "[emule]"

inurl:profiles filetype:mdb

inurl:report "EVEREST Home Edition "

inurl:server-info "Apache Server Information"

inurl:server-status "apache"

inurl:snitz_forums_2000.mdb

inurl:ssl.conf filetype:conf

inurl:tdbin

inurl:vbstats.php "page generated"

inurl:ipsec.conf -intitle:manpage -----ipsec.conf-----

inurl:ipsec.secrets -history -bugs -----ipsec.secrets-----

inurl:ipsec.secrets "holds shared secrets" -----ipsec.secrets-----

inurl:"/names.nsf?OpenDatabase" -----Lotus Domino address books-----

mail filetype:csv -site:gov intext:name

filetype:mny mny -----Microsoft Money Data Files-----

intitle:index.of mt-db-pass.cgi -----mt-db-pass.cgi files-----

"# Dumping data for table (username|user|users|password)" -----MySQL tabledata dumps-----

intitle:index.of mystuff.xml -----mystuff.xml - Trillian data files-----

inurl:/public/?Cmd=contents -----OWA Public Folders (direct view)-----

filetype:ctt "msn" -----Peoples MSN contact lists-----

php-addressbook "This is the addressbook for *" -warning

intitle:phpinfo "PHP Version" -----phpinfo()-----

"# phpMyAdmin MySQL-Dump" filetype:txt -----phpMyAdmin dumps-----

"# phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" -----phpMyAdmin dumps-----

BEGIN (CERTIFICATE|DSA|RSA) filetype:csr -----private key files (.csr)-----

BEGIN (CERTIFICATE|DSA|RSA) filetype:key -----private key files (.key)-----

filetype:QDF QDF -----Quicken data files-----

intitle:index.of robots.txt -----robots.txt-----

site:edu admin grades

"# Dumping data for table" -----SQL data dumps-----

"cacheserverreport for" "This analysis was produced by calamaris" -----Squid cache server reports-----

filetype:conf inurl:unrealircd.conf -cvs -gentoo -----Unreal IRCd-----

intitle:"Welcome to ntop!" -----Welcome to ntop!-----

INFORMAÇÕES DE SERVES

comment:Pages containing network or vulnerability data***-----

filetype:log intext:"ConnectionManager2"

"apricot - admin" 00h

"Network Host Assessment Report" "Internet Scanner"

"Output produced by SysWatch *"

"Phorum Admin" "Database Connection" inurl:forum inurl:admin

"Powered by phpOpenTracker" Statistics

"powered | performed by Beyond Security's Automated Scanning" -kazaa -example

"SnortSnarf alert page"

"This file was generated by Nessus"

"this proxy is working fine!" "enter *" "URL***" * visit

"This report lists" "identified by Internet Scanner"

"Traffic Analysis for" "RMON Port * on unit *"

"Version Info" "Boot Version" "Internet Settings"

((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))

ACID "by Roman Danyliw" filetype:php -----Analysis Console for Incident Databases 12-Jul-2004 866-----

ext:cfg radius.cfg

ext:cgi intext:"nrg-" " This web page was created on "

filetype:pdf "Assessment Report" nessus

filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System"

filetype:php inurl:nqt intext:"Network Query Tool"

filetype:vsd vsd network -samples -examples

intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm

intitle:"ADSL Configuration page"

intitle:"Azureus : Java BitTorrent Client Tracker"

intitle:"BNBT Tracker Info"

intitle:"Microsoft Site Server Analysis"

intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics"

intitle:"start.managing.the.device" remote pbx acc

intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers."

intitle:"twiki" inurl:"TWikiUsers"

inurl:"/catalog.nsf" intitle:catalog

inurl:"install/install.php"

inurl:"map.asp?" intitle:"WhatsUp Gold"

inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo

inurl:/adm-cfgedit.php

inurl:/cgi-bin/finger? "In real life"

inurl:/cgi-bin/finger? Enter (account|host|user|username)

inurl:phpSysInfo/ "created by phpsysinfo"

inurl:portscan.php "from Port"|"Port Range"

inurl:statrep.nsf -gov

inurl:testcgi xitami

inurl:webutil.pl

"Looking Glass" (inurl:"lg/" | inurl:lookingglass) -----Looking Glass-----

intitle:That.Site.Running Apache

ARQUIVOS SENCIVEIS

 comment:Vulnerable files***-----

filetype:pl -intext:"/usr/bin/perl" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)

"File Upload Manager v1.3" "rename to"

"Powered by Land Down Under 601"

"powered by YellDL"

ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com

ext:asp inurl:DUgallery intitle:"3.0" -site:dugallery.com -site:duware.com

ext:cgi inurl:ubb6_test

ezBOO "Administrator Panel" -cvs

filetype:cgi inurl:cachemgr.cgi

filetype:cnf my.cnf -cvs -example

filetype:inc inc intext:setcookie

filetype:lit lit (books|ebooks)

filetype:mdb inurl:"news/news"

filetype:php inurl:"viewfile" -"index.php" -"idfil

filetype:wsdl wsdl

intitle:gallery inurl:setup "Gallery configuration" -----Gallery configuration setup files-----

intitle:"ASP FileMan" Resend -site:iisworks.com

intitle:"Directory Listing" "tree view"

intitle:"Index of /" modified php.exe

intitle:"PHP Explorer" ext:php (inurl:phpexplorer.php | inurl:list.php | inurl:browse.php)

intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"

intitle:mywebftp "Please enter your password"

inurl:" WWWADMIN.PL" intitle:"wwwadmin"

inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"

inurl:"plog/register.php"

inurl:cgi.asx?StoreID

inurl:changepassword.cgi -cvs

inurl:click.php intext:PHPClickLog

inurl:php.exe filetype:exe -example.com

inurl:robpoll.cgi filetype:cgi

link:http://www.toastforums.com/

"create the Super User" "now by clicking here" -----PHP-Nuke - create super user right now !-----

intitle:"Index of" _vti_inf.html

intitle:"Index of" service.pwd

intitle:"Index of" users.pwd

intitle:"Index of" authors.pwd

intitle:"Index of" administrators.pwd

intitle:"Index of" shtml.dll

intitle:"Index of" shtml.exe

intitle:"Index of" fpcount.exe

intitle:"Index of" default.asp

intitle:"Index of" showcode.asp

intitle:"Index of" sendmail.cfm

intitle:"Index of" getFile.cfm

intitle:"Index of" imagemap.exe

intitle:"Index of" test.bat

intitle:"Index of" msadcs.dll

intitle:"Index of" htimage.exe

intitle:"Index of" counter.exe

intitle:"Index of" browser.inc

intitle:"Index of" hello.bat

intitle:"Index of" default.asp\\

intitle:"Index of" dvwssr.dll

intitle:"Index of" dvwssr.dll

intitle:"Index of" dvwssr.dll

intitle:"Index of" cart32.exe

intitle:"Index of" add.exe

intitle:"Index of" index.JSP

intitle:"Index of" index.jsp

intitle:"Index of" SessionServlet

intitle:"Index of" shtml.dll

intitle:"Index of" index.cfm

intitle:"Index of" page.cfm

intitle:"Index of" shtml.exe

intitle:"Index of" web_store.cgi

intitle:"Index of" shop.cgi

intitle:"Index of" upload.asp

intitle:"Index of" default.asp

intitle:"Index of" pbserver.dll

intitle:"Index of" phf

intitle:"Index of" test-cgi

intitle:"Index of" finger

intitle:"Index of" Count.cgi

intitle:"Index of" jj

intitle:"Index of" php.cgi

intitle:"Index of" php

intitle:"Index of" nph-test-cgi

intitle:"Index of" handler

intitle:"Index of" webdist.cgi

intitle:"Index of" webgais

intitle:"Index of" websendmail

intitle:"Index of" faxsurvey

intitle:"Index of" htmlscript

intitle:"Index of" perl.exe

intitle:"Index of" wwwboard.pl

intitle:"Index of" www-sql

intitle:"Index of" view-source

intitle:"Index of" campas

intitle:"Index of" aglimpse

intitle:"Index of" glimpse

intitle:"Index of" man.sh

intitle:"Index of" AT-admin.cgi

intitle:"Index of" AT-generate.cgi

intitle:"Index of" filemail.pl

intitle:"Index of" maillist.pl

intitle:"Index of" info2www

intitle:"Index of" files.pl

intitle:"Index of" bnbform.cgi

intitle:"Index of" survey.cgi

intitle:"Index of" classifieds.cgi

intitle:"Index of" wrap

intitle:"Index of" cgiwrap

intitle:"Index of" edit.pl

intitle:"Index of" perl

intitle:"Index of" names.nsf

intitle:"Index of" webgais

intitle:"Index of" dumpenv.pl

intitle:"Index of" test.cgi

intitle:"Index of" submit.cgi

intitle:"Index of" submit.cgi

intitle:"Index of" guestbook.cgi

intitle:"Index of" guestbook.pl

intitle:"Index of" cachemgr.cgi

intitle:"Index of" responder.cgi

intitle:"Index of" perlshop.cgi

intitle:"Index of" query

intitle:"Index of" w3-msql

intitle:"Index of" plusmail

intitle:"Index of" htsearch

intitle:"Index of" infosrch.cgi

intitle:"Index of" publisher

intitle:"Index of" ultraboard.cgi

intitle:"Index of" db.cgi

intitle:"Index of" formmail.cgi

intitle:"Index of" allmanage.pl

intitle:"Index of" ssi

intitle:"Index of" adpassword.txt

intitle:"Index of" redirect.cgi

intitle:"Index of" f

intitle:"Index of" cvsweb.cgi

intitle:"Index of" login.jsp

intitle:"Index of" login.jsp

intitle:"Index of" dbconnect.inc

intitle:"Index of" admin

intitle:"Index of" htgrep

intitle:"Index of" wais.pl

intitle:"Index of" amadmin.pl

intitle:"Index of" subscribe.pl

intitle:"Index of" news.cgi

intitle:"Index of" auctionweaver.pl

intitle:"Index of" .htpasswd

intitle:"Index of" acid_main.php

intitle:"Index of" access_log

intitle:"Index of" access-log

intitle:"Index of" access.log

intitle:"Index of" log.htm

intitle:"Index of" log.html

intitle:"Index of" log.txt

intitle:"Index of" logfile

intitle:"Index of" logfile.htm

intitle:"Index of" logfile.html

intitle:"Index of" logfile.txt

intitle:"Index of" logger.html

intitle:"Index of" stat.htm

intitle:"Index of" stats.htm

intitle:"Index of" stats.html

intitle:"Index of" stats.txt

intitle:"Index of" webaccess.htm

intitle:"Index of" wwwstats.html

intitle:"Index of" source.asp

intitle:"Index of" perl

intitle:"Index of" mailto.cgi

intitle:"Index of" YaBB.pl

intitle:"Index of" mailform.pl

intitle:"Index of" cached_feed.cgi

intitle:"Index of" cr

intitle:"Index of" global.cgi

intitle:"Index of" Search.pl

intitle:"Index of" build.cgi

intitle:"Index of" common.php

intitle:"Index of" common.php

intitle:"Index of" show

intitle:"Index of" global.inc

intitle:"Index of" ad.cgi

intitle:"Index of" WSFTP.LOG

intitle:"Index of" index.html~

intitle:"Index of" index.php~

intitle:"Index of" index.html.bak

intitle:"Index of" index.php.bak

intitle:"Index of" print.cgi

intitle:"Index of" register.cgi

intitle:"Index of" webdriver

intitle:"Index of" bbs_forum.cgi

intitle:"Index of" mysql.class

intitle:"Index of" sendmail.inc

intitle:"Index of" CrazyWWWBoard.cgi

intitle:"Index of" search.pl

intitle:"Index of" way-board.cgi

intitle:"Index of" webpage.cgi

intitle:"Index of" pwd.dat

intitle:"Index of" adcycle

intitle:"Index of" post-query

intitle:"Index of" help.cgi