Tweet
E aew galerinha blz? hoje venho trazendo algumas Dork's
.... Abaixo estarei colocando o link para a minha primeira postagem com Dorks Variadas [SQL / XSS / LFI / RFI / CGI / Web-Dav / Card CC / Shell Upadas / Area de Upload]
Se gostou clicke em obrigado
e Boa Sorte 
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
Cameras Online
File Manager
Local File Disclosure (LFD)
Avisos e vulnerabilidades
Arquivos contendo Senhas
Arquivos contendo Usuarios
Servers Vulneraveis
Area de Uploda com Painel de Adm
SQL
.... Abaixo estarei colocando o link para a minha primeira postagem com Dorks Variadas [SQL / XSS / LFI / RFI / CGI / Web-Dav / Card CC / Shell Upadas / Area de Upload]
Se gostou clicke em obrigado
e Boa Sorte Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
Cameras Online
Código:
inurl:"view/indexFrame.shtml" inurl:"view/index.shtml" intitle:"Live View / - AXIS" intitle:axis camera intitle:"axis #Kameramodell#" inurl:sample/LvAppl/ intitle:"V.Networks [Motion Picture(Java)" intitle:"EvoCam" inurl:"webcam.html" intitle:"my webcamXP server!" inurl:/control/userimage.html inurl:/ViewerFrame?Mode=Motion inurl:toolam.html inurl:viewash.html intitle:"TOSHIBA Network Camera - User Login" inurl:/home/homeJ.html inurl:/view.shtml intitle:”Live View / - AXIS” | inurl:view/view.shtml^ inurl:ViewerFrame?Mode= inurl:ViewerFrame?Mode=Refresh inurl:axis-cgi/jpg inurl:axis-cgi/mjpg (motion-JPEG) inurl:view/indexFrame.shtml inurl:view/index.shtml inurl:view/view.shtml liveapplet intitle:”live view” intitle:axis intitle:liveapplet allintitle:”Network Camera NetworkCamera” intitle:axis intitle:”video server” intitle:liveapplet inurl:LvAppl intitle:”EvoCam” inurl:”webcam.html” intitle:”Live NetSnap Cam-Server feed” intitle:”Live View / - AXIS” intitle:”Live View / - AXIS 206M” intitle:”Live View / - AXIS 206W” intitle:”Toshiba Network Camera” user login intitle:”netcam live image” intitle:”i-Catcher Console - Web Monitor” intitle:start inurl:cgistart intitle:”WJ-NT104 Main Page” intext:”MOBOTIX M1? intext:”Open Menu” intext:”MOBOTIX M10? intext:”Open Menu” intext:”MOBOTIX D10? intext:”Open Menu” intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/ intitle:snc-rz30 inurl:home/ intitle:”sony network camera snc-p1? intitle:”sony network camera snc-m1? site:.viewnetcam.com -www.viewnetcam.com
Código:
inurl:/plugins/ajaxfilemanager/ inurl:"wp-file-uploader.php"
Código:
inurl:"download?path=" inurl:"download?filepath=" inurl:"download?fpath=" inurl:"download.php?filepath=" inurl:"download.php?fpath=" inurl:"download.php?download=" inurl:"download?download=" inurl:"download.php?dl=" inurl:"download.php?get=" inurl:"download.php?dwl=" inurl:"download?dl=" inurl:"download?dwl=" inurl:"download?get=" inurl:"download?filename=" inurl:"download?file=" inurl:"download?*&file=" inurl:"download.php?path=" inurl:"download.php?filename=" inurl:"download.php?file=" inurl:"download.php?*&file=" inurl:"download.php?include=" inurl:"download.php?inc=" inurl:"download?file=" & filetype:pdf (Most of them will be configured through .htaccess) inurl:"download?file=" & filetype:html (Most of them will be configured through .htaccess) inurl:"download?file=" & filetype:doc (Most of them will be configured through .htaccess) inurl:"dl?download=" inurl:"dl?path=" inurl:"dl?filename=" inurl:"dl?file=" inurl:"dl?*&file=" inurl:"dl.php?download=" inurl:"dl.php?path=" inurl:"dl.php?filename=" inurl:"dl.php?file=" inurl:"dl.php?*&file=" inurl:"dl.php?include=" inurl:"dl.php?inc=" inurl:dl.php?id=*.pdf inurl:"dwl.php?get=" inurl:"dwl.php?download=" inurl:"dwl.php?file=" inurl:"dwl.php?filename=" inurl:"dwl.php?path=" inurl:"get.php?filename=" inurl:"get.php?path=" inurl:"get.php?download="
Código:
"1999-2004 FuseTalk Inc" -site:fusetalk.com "2003 DUware All Rights Reserved" "2004-2005 ReloadCMS Team." "2005 SugarCRM Inc. All Rights Reserved" "Powered By SugarCRM" "Active Webcam Page" inurl:8080 "Based on DoceboLMS 2.0" "BlackBoard 1.5.1-f | © 2003-4 by Yves Goergen" "BosDates Calendar System " "powered by BosDates v3.2 by BosDev" "Calendar programming by AppIdeas.com" filetype:php "Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved" "Mambo is Free Software released"
Código:
"admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"your password is" filetype:log
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
enable password | secret "current configuration" -intext:the
etc (index.of)
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn
ext:inc "pwd=" "UID="
ext:ini eudora.ini
ext:ini Version=4.0.0.4 password
ext:passwd -intext:the -sample -example
ext:txt inurl:unattend.txt
ext:yml database inurl:config
filetype:bak createobject sa
filetype:bak inurl:"htaccess|passwd|shadow|htusers"
filetype:cfg mrtg "target[*]" -sample -cvs -example
filetype:cfm "cfapplication name" password
filetype:conf oekakibbs
filetype:conf slapd.conf
filetype:config config intext:appSettings "User ID"
filetype:dat "password.dat"
filetype:dat inurl:Sites.dat
filetype:dat wand.dat
filetype:inc dbconn
filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect
filetype:inf sysprep
filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
filetype:ldb admin
filetype:log "See `ipsec --copyright"
filetype:log inurl:"password.log"
filetype:mdb inurl:users.mdb
filetype:mdb wwforum
filetype:netrc password
filetype:pass pass intext:userid
filetype:pem intext:private
filetype:properties inurl:db intext:password
filetype:pwd service
filetype:pwl pwl
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg +intext:”WINVNC3”
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"powered by EZGuestbook"
intext:"powered by Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
intitle:index.of administrators.pwd
intitle:Index.of etc shadow
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"
intitle:rapidshare intext:login
inurl:"calendarscript/users.txt"
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set"
inurl:"GRC.DAT" intext:"password"
inurl:"Sites.dat"+"PASS="
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample
inurl:"wvdial.conf" intext:"password"
inurl:/db/main.mdb
inurl:/wwwboard
inurl:/yabb/Members/Admin.dat
inurl:ccbill filetype:log
inurl:cgi-bin inurl:calendar.cfg
inurl:chap-secrets -cvs
inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
inurl:nuke filetype:sql
inurl:ospfd.conf intext:password -sample -test -tutorial -download
inurl:pap-secrets -cvs
inurl:pass.dat
inurl:perform filetype:ini
inurl:perform.ini filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak
inurl:server.cfg rcon password
inurl:ventrilo_srv.ini adminpassword
inurl:vtund.conf intext:pass -cvs
inurl:zebra.conf intext:password -sample -test -tutorial -download
LeapFTP intitle:"index.of./" sites.ini modified
master.passwd
mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
server-dbs "intitle:index of"
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
Código:
"index of" / lck +intext:"webalizer" +intext:"Total Usernames" +intext:"Usage Statistics for" bash_history files filetype:conf inurl:proftpd.conf -sample filetype:log username putty filetype:reg reg +intext:"internet account manager" filetype:reg reg HKEY_CURRENT_USER username index.of perform.ini intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user" inurl:admin filetype:asp inurl:userlist inurl:admin inurl:userlist inurl:php inurl:hlstats intext:"Server Username" OWA Public folders & Address book sh_history files
Código:
"ftp://" "www.eastgame.net"
"html allowed" guestbook
"Powered by: vBulletin Version 1.1.5"
"Select a database to view" intitle:"filemaker pro"
"set up the administrator user" inurl:pivot
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
"Welcome to Intranet"
"Welcome to PHP-Nuke" congratulations
"Welcome to the Prestige Web-Based Configurator"
"YaBB SE Dev Team"
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
("Indexed.By"|"Monitored.By") hAcxFtpScan
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
allinurl:"index.php" "site=sglinks"
allinurl:install/install.php
allinurl:intranet admin
filetype:cgi inurl:"fileman.cgi"
filetype:cgi inurl:"Web_Store.cgi"
filetype:php inurl:vAuthenticate
filetype:pl intitle:"Ultraboard Setup"
Gallery in configuration mode
Hassan Consulting's Shopping Cart Version 1.18
intext:"Warning: * am able * write ** configuration file" "includes/configure.php" -Forums
intitle:"Gateway Configuration Menu"
intitle:"Horde :: My Portal" -"[Tickets"
intitle:"Mail Server CMailServer Webmail" "5.2"
intitle:"MvBlog powered"
intitle:"Remote Desktop Web Connection"
intitle:"Samba Web Administration Tool" intext:"Help Workgroup"
intitle:"Terminal Services Web Connection"
intitle:"Uploader - Uploader v6" -pixloads.com
intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*"
inurl:"/NSearch/AdminServlet"
inurl:"index.php? module=ew_filemanager"
inurl:aol*/_do/rss_popup?blogID=
inurl:footer.inc.php
inurl:info.inc.php
inurl:ManyServers.htm
inurl:newsdesk.cgi? inurl:"t="
inurl:pls/admin_/gateway.htm
inurl:rpSys.html
inurl:search.php vbulletin
inurl:servlet/webacc
natterchat inurl:home.asp -site:natterchat.co.uk
XOOPS Custom Installation
Código:
"inurl:admin/addproduct.asp" "inurl:admin/user.asp" "inurl:admin/addpage.php" "inurl:admin/gallery.asp" "inurl:admin/image.asp" "inurl:admin/adminuser.asp" "inurl:admin/productadd.asp" "inurl:admin/addadmin.asp" "inurl:admin/add_admin.asp" "inurl:admin/add_admin.php" "inurl:admin/addnews.asp" "inurl:admin/addpost" inurl"inurl:admin/addforum.???" "inurl:admin/addgame.???" "inurl:admin/addblog.????" "inurl:admin/admin_detail.php" "inurl:admin/admin_area.php" "inurl:admin/product_add.php" "inurl:admin/additem.php" "inurl:admin/addstore.php" "inurl:admin/add_Products.???" "inurl:admin/showbook.???" "inurl:admin/selectitem.???" "allinurl:admin/addfile.???" "inurl:admin/addarticle.asp" "inurl:admin/addfile.asp" "inurl:admin/upload.php" "inurl:admin/upload.asp" "inurl:admin/addstory.php" "inurl:admin/addshow.php" "inurl:admin/addmember.asp" "inurl:admin/addinfo.asp" "inurl:admin/addcat.asp" "inurl:admin/cp.asp" "inurl:admin/productshow.asp" "inurl:admin/addjob.asp" "inurl:admin/addjob.???" "inurl:admin/addpic.???" "inurl:admin/viewproduct.???" "inurl:admin/addaccount.php" "inurl:admin/manage.php" "inurl:admin/addcontact.???" "inurl:admin/viewmanager.???" "inurl:admin/addschool.???" "inurl:admin/addproject.???" "inurl:admin/addsale.???" "inurl:admin/addcompany.???" "inurl:admin/payment.???" "inurl:user/emp.???" "inurl:admin/addmovie.???" "inurl:admin/addpassword.???" "inurl:admin/addemployee.???" "inurl:admin/addcat.???" "inurl:admin/admin.???" "inurl:admin/admincp.???" "inurl:admin/settings.???" "inurl:admin/addstate.???" "inurl:admin/addcountry.???" "inurl:admin/addmedia.???" "inurl:admin/addcode.???" "inurl:admin/addlinks.???" "inurl:admin/addcity.???"
Código:
"you have an error in your sql syntax" inurl:/details.php?id= "you have an error in your sql syntax" inurl:/events.php?id= "you have an error in your sql syntax" inurl:/articles.php?id= "you have an error in your sql syntax" inurl:/artist.php?id= "you have an error in your sql syntax" inurl:/viewarticle.php?id= "you have an error in your sql syntax" inurl:/products.php?id= "you have an error in your sql syntax" inurl:/price.php?id= "you have an error in your sql syntax" inurl:/buy.php?id= "you have an error in your sql syntax" inurl:/cart.php?id= "you have an error in your sql syntax" inurl:/member.php?id= "you have an error in your sql syntax" inurl:/comments.php?id=
Comment