GHDB :: sensitive Directories
| Date | Title | Summary | |
| 2003-06-24 | Look in my backup directories! Please? |
Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive i … |
 |
| 2003-06-27 | secret | What kinds of goodies lurk in directories marked as "secret?" Find out… … |
|
| 2003-06-27 | private | What kinds of things might you find in directories marked "private?" let's find out…. … |
|
| 2003-06-27 | winnt | The \WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessari … |
|
| 2003-06-27 | secure | What could be hiding in directories marked as "secure?" let's find out… … |
|
| 2003-06-27 | protected | What could be in a directory marked as "protected?" Let's find out… … |
|
| 2003-06-27 | index.of.password | These directories are named "password." I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with … |
|
| 2004-03-16 | inurl:backup intitle:index.of inurl:admin |
This query reveals backup directories. These directories can contain various information ranging from source code, sql tables, userlists, and even pas … |
|
| 2003-08-12 | "Welcome to phpMyAdmin" " Create ne… |
phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website t … |
|
| 2004-02-10 | intitle:"Index of c:\Windows" |
These pages indicate that they are sharing the C:\WINDOWS directory, which is the system folder for many Windows installations. … |
|
| 2004-03-29 | intitle:"index. of.personal" |
This directory has various personal documents and pictures. … |
|
| 2004-04-19 | intitle:"Index of" cfide |
This is the top level directory of ColdFusion, a powerful web development environment. This directory most likely contains sensitive information about … |
|
| 2004-04-23 | "index of cgi-bin" |
CGI directories contain scripts which can often be exploited by attackers. Regardless of the vulnerability of such scripts, a directory listing of the … |
|
| 2004-04-28 | inurl:j2ee/examples/ jsp |
This directory contains sample JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an a … |
|
| 2004-04-28 | inurl:ojspdemos | This directory contains sample Oracle JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used … |
|
| 2004-04-28 | inurl:/pls/sample/ad min_/help/ |
This is the default installation location of Oracle manuals. This helps in footprinting a server, allowing an attacker to determine software version i … |
|
| 2004-05-04 | "index of" inurl:recycler |
This is the default name of the Windows recycle bin. The files in this directory may contain sensitive information. Attackers can also crawl the direc … |
|
| 2004-05-11 | inurl:/tmp | Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will va … |
|
| 2004-05-13 | intitle:intranet inurl:intranet +intext:"huma.. . |
According to whatis.com: "An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to sh … |
|
| 2004-06-01 | "Index Of /network" "last modified&… |
Many of these directories contain information about the network, though an attacker would need a considerable amount of patience to find it. … |
|
| 2004-06-02 | intitle:"album permissions" "Users … |
Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets y … |
|
| 2004-06-14 | filetype:cfg ks intext:rootpw -sample -test -howto |
Anaconda is a linux configuration tool like yast on suse linux. The root password is often encrypted – like md5 or read from the shadow. Sometimes an … |
|
| 2004-07-12 | Index of phpMyAdmin | phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/dr … |
|
| 2004-07-16 | index.of.password | These directories are named "password." I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with … |
|
| 2004-07-20 | "index of" / picasa.ini |
Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows the voyer to browse directories of photos up … |
|
| 2004-08-05 | intext:"d.aspx? id" || inurl:"d.aspx.. . |
"The YouSendIt team was formed to tackle a common problem: secure transmission of large documents online without the use of clumsy client softwar … |
|
| 2004-08-26 | intitle:index.of /AlbumArt_ |
Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Media Player in music directory. … |
|
| 2004-09-10 | intitle:"Index of *" inurl:"my shar… |
These are index pages of "My Shared Folder". Sometimes they contain juicy stuff like mp3's or avi files. Who needs pay sites for music … |
|
| 2004-09-21 | intitle:index.of (inurl:fileadmin | intitle:filead… |
TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, f … |
|
| 2004-09-24 | intitle:"webadm in – /*" filetype:php dir… |
Webadmin.php is a free simple Web-based file manager. This search finds sites that use this software. If left unprotected an attacker files can be mod … |
|
| 2004-10-19 | intitle:"Direct ory Listing For" intext:T… |
The Google Hackers Guide explains how to find Apache directory indexes, which are the most common found on the Internet. There are other ways however. … |
|
| 2004-10-25 | index.of.dcim | The DCIM directory is the default name for a few brands of digital camers. This is not a big network security risk, but like netcams it can reveal jui … |
|
| 2004-10-20 | intitle:"index of" -inurl:htm -inurl:htm… |
Yes! I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s. It fricken rocks, use it and abuse it. Do … |
|
| 2004-10-31 | inurl:explorer.cfm inurl:(dirpath|This_ Directory) |
Filemanager without authentication. … | |
| 2004-10-31 | intitle:"index of" intext:"content …. |
This dork indicates the "Local settings" dir in most cases, and browseble server directories in general. … |
|
| 2004-11-07 | "intitle:Index. Of /" stats merchant cgi-… |
This search looks for indexes with the following subdirectories: stats, merchant, online-store and cgi-local or cgi-bin. These servers have a shopping … |
|
| 2004-11-28 | intext:"Powered By: TotalIndex" intitle:… |
TotalIndex v2.0 is an open source script that is designed to replace the simple, and boring default index page of a site which lists the files in an i … |
|
| 2004-12-05 | intitle:"index of" "parent director… |
This search uses desktop.ini to track users with a webserver running on their desktop computers. It can easily be extended to find specific documents. … |
|
| 2004-12-19 | "Powered by Invision Power File Manager"… |
Invision Power File Manager is a popular file management script, written in the popular PHP Scripting Language. It is compatiable with all forms of Un … |
|
| 2004-12-19 | intitle:"Index of /CFIDE/" administrator |
With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP … |
|
| 2004-12-19 | intitle:index.of abyss.conf |
These directories reveal the configuration file of the abyss webserver. These files can contain passwords. … |
|
| 2004-12-29 | allinurl:"/*/_v ti_pvt/" | allinurl:"… |
Frontpage extensions for Unix ? So be it.. … | |
| 2004-12-30 | intitle:"index of" inurl:ftp (pub | inco… |
Adding "inurl:ftp (pub | incoming)" to the "index.of" searches helps locating ftp websites. This query can easily be narrowed furt … |
|
| 2005-01-01 | intitle:upload inurl:upload intext:upload -forum -… |
The search reveals server upload portals.An attacker can use server space for his own benefit. … |
|
| 2005-01-05 | intitle:"HFS /" +"HttpFileServe r&qu… |
"The HttpFileServer is a Java based mechanism for providing web access to a set of files on a server. This is very similar to Apache Directory In … |
|
| 2005-01-07 | "Web File Browser" "Use regular exp… |
This will ask google to search for a php script used to manage files on a server. The script "Web File Browser" enables users to change file … |
|
| 2005-01-09 | "Index of" rar r01 nfo Modified 2004 |
New Warez Directory Lists … | |
| 2005-01-16 | filetype:torrent torrent |
Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to shows you can use Google for all kinds of filetype … |
|
| 2005-02-17 | filetype:ini Desktop.ini intext:mydocs.dll |
This dork finds any webshared windows folder inside my docs. You can change the end bit "intext:mydocs.dll" by looking inside any of your yo … |
|
| 2005-03-26 | intitle:index.of /maildir/new/ |
search gives you a mailbox dir. Contains a lot of mails. … |
|
| 2005-05-02 | intitle:index.of WEB-INF |
Finds java powered web servers which have indexing enabled on their config directory … |
|
| 2005-07-21 | intitle:"pictur es thumbnails" site:pictu… |
This search reveals the photo albums taken by Sprint PCS customers. Pictures taken with Sprint's cell phone service can be shared on their websit … |
|
| 2005-09-13 | intitle:"Backup -Management (phpMyBackup v.0.4… |
phpMyBackup is an mySQL backup tool, with features like copying backups to a different server using FTP. … |
|
| 2005-09-26 | intitle:"Folder Listing" "Folder Li… |
directory listing for Fastream NETFile Web Server … |
|
| 2005-09-26 | "Directory Listing for" "Hosted by … |
directory listing for Xerver web server … | |
| 2005-11-11 | log inurl:linklint filetype:txt -"checking&qu.. . |
Linklint is an Open Source Perl program that checks links on web sites. This search finds the Linklint log directory. Complete site map able to be rec … |
|
| 2005-11-28 | "Welcome to the directory listing of" &q… |
this is for NetworkActiv-Web-Server directory listing … |
|
| 2005-12-01 | "Warning: Installation directory exists at&qu… |
by this dork you can find fresh installations of Zen-Cartsee Full Disclosure forums fore details… ;) … |
|
| 2006-01-16 | inurl:install.pl intext:"Reading path paramat… |
Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits possible … |
|
| 2006-02-28 | allintitle:"Fir stClass Login" |
allintitle:"FirstClass Login" this is for firstclass directory listingsgo to http://[target]/[path]/Search type just ' in search field … |
|
| 2006-07-14 | intitle:index.of.con fig |
These directories can give information about a web servers configuration. This should never be viewable to the public as some files may contain cleart … |
|
