GHDB :: Vulnerable Files
| Date | Title | Summary | |
| 2004-06-10 | intitle:"Index of /" modified php.exe |
PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting " … |
 |
| 2004-06-16 | filetype:php inurl:"viewfile " -"ind… |
Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files … |
|
| 2004-07-21 | filetype:cnf my.cnf -cvs -example |
The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords … |
|
| 2004-08-01 | filetype:wsdl wsdl | The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil th … |
|
| 2004-08-01 | filetype:inc inc intext:setcookie |
Cookies are often used for authentication and a lot of other stuff.The "inc" php header files often include the exact syntax of the cookies. … |
|
| 2004-08-13 | ext:cgi inurl:ubb6_test |
The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave patht … |
|
| 2004-08-20 | intitle:"PHP Explorer" ext:php (inurl:ph… |
This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list dire … |
|
| 2004-08-30 | inurl:robpoll.cgi filetype:cgi |
robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'. All of the results should look something … |
|
| 2004-09-06 | inurl:"plog/reg ister.php" |
pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about r … |
|
| 2004-09-06 | link:http://www.toas tforums.com/ |
Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums. … |
|
| 2004-09-09 | inurl:"nph-prox y.cgi" "Start browsi… |
Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must … |
|
| 2004-09-10 | Gallery configuration setup files |
Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. … |
|
| 2004-09-13 | PHP-Nuke – create super user right now ! |
PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnera … |
|
| 2004-09-18 | filetype:lit lit (books|ebooks) |
Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Read … |
|
| 2004-10-05 | inurl:cgi.asx?StoreI D |
BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your … |
|
| 2004-10-06 | inurl:" WWWADMIN.PL" intitle:"wwwad. .. |
wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum. … |
|
| 2004-10-09 | inurl:changepassword .cgi -cvs |
Allows a user to change his/her password for authentication to the system. Script allows for repeated failed attempts making this script vulnerable t … |
|
| 2004-10-14 | intitle:"Direct ory Listing" "tree v… |
Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed * Tiled Quote: *Lists files and directories in either a Tree … |
|
| 2004-10-14 | intitle:mywebftp "Please enter your password&… |
MyWebFTP Free is a free lite version of MyWebFTP Personal – a PHP script providing FTP client capabilities with the user interface in your browser. In … |
|
| 2004-10-16 | ezBOO "Administrator Panel" -cvs |
ezBOO WebStats is a high level statistical tool for web sites monitoring. It allows real time access monitoring on several sites. Based on php and m … |
|
| 2004-10-19 | intitle:"ASP FileMan" Resend -site:iiswo… |
FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in A … |
|
| 2004-10-26 | intitle:"phprem oteview" filetype:php &qu… |
phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: … |
|
| 2004-10-27 | "File Upload Manager v1.3" "rename … |
thepeak file upload manager let you manage your webtree with up and downloading files. … |
|
| 2004-10-27 | inurl:click.php intext:PHPClickLog |
A script written in PHP 4 which logs a user's statistics when they click on a link. The log is stored in a flatfile (text) database and can be … |
|
| 2004-10-31 | "powered by YellDL" |
Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you … |
|
| 2004-11-04 | filetype:cgi inurl:cachemgr.cgi |
cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with … |
|
| 2004-11-16 | ext:asp inurl:DUgallery intitle:"3.0&qu ot; -s… |
The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the du … |
|
| 2004-11-16 | ext:asp "powered by DUForum" inurl:(mess… |
DUForum is one of those free forum software packages. The database location is determined by the config file "connDUforumAdmin.asp", but the … |
|
| 2004-11-18 | "Powered by Land Down Under 601" |
sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google. … |
|
| 2004-11-28 | inurl:php.exe filetype:exe -example.com |
It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB h … |
|
| 2004-11-30 | filetype:mdb inurl:"news/new s" |
Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost … |
|
| 2004-12-01 | filetype:pl -intext:"/usr/b in/perl" inu… |
WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but … |
|
| 2005-04-27 | inurl:cgi-bin inurl:bigate.cgi |
Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work. … |
|
| 2005-05-20 | intitle:"SSHVnc Applet"OR intitle:"… |
sSHTerm Applet en SSHVnc Applet pages. … | |
| 2005-06-03 | intitle:"PHPsta t" intext:"Browser &q… |
Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.co … |
|
| 2005-07-26 | filetype:mdb "standard jet" |
These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data. … |
|
| 2005-08-07 | "Powered by Gravity Board" |
4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclos … |
|
| 2005-08-07 | "Powered by SilverNews" |
silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: … |
|
| 2005-08-07 | PHPFreeNews inurl:Admin.php |
29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure … |
|
| 2005-08-07 | inurl:nquser.php filetype:php |
Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ … |
|
| 2005-08-07 | "Powered By: Simplicity oF Upload" inurl… |
26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution & cross site scriptingsoftware: author site: http://www … |
|
| 2005-08-07 | "Powered by FlexPHPNews" inurl:news | in… |
24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploitsoftware:author site:http … |
|
| 2005-08-08 | "Powered by FunkBoard" |
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote … |
|
| 2005-09-08 | "Powered by Xcomic" |
"Powered by xcomic"this is a recent exploit, you can retrieve any file on target systemby using "../" chars and null byte (%00), e … |
|
| 2005-09-11 | "Warning:" "Cannot execute a blank … |
"Warning: passthru(): Cannot execute a blank command in" "Warning: system(): Cannot execute a blank command in" "Warning: exe … |
|
| 2005-09-11 | "Mail-it Now!" intitle:"Contac t for… |
Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.skyminds.net/source/description: a mail form scriptvulner … |
|
| 2005-09-13 | "maxwebportal&q uot; inurl:"default& quot;… |
several vulnerabilities relating to this.MaxWebPortal is a web portal and online community system which includes features such as web-based administra … |
|
| 2005-09-13 | "e107.org 2002/2003" inurl:forum_post.ph. .. |
e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.Success … |
|
| 2005-09-25 | inurl:cartwiz/store/ index.asp |
The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface. … |
|
| 2005-09-25 | intitle:"Contro l panel" "Control Pa… |
Build, manage and customize your own search engine friendly news / article site from scratch — with absolutely no technical experience.Authentication … |
|
| 2005-09-26 | "powered by my little forum" |
My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_foru msoftware: "A simple web-forum that suppo |
|
| 2005-09-26 | "powered by mailgust" |
MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares … |
|
| 2005-10-26 | intitle:"CJ Link Out V1" |
A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users c … |
|
| 2005-12-19 | inurl:guestbook/gues tbooklist.asp "Post Date&… |
A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/4147 08/30/0/threadedSeveral … |
|
| 2006-02-28 | inurl:updown.php | intext:"Powered by PHP Upl… |
this (evil ) script lets you to upload a php shell on target server, in most cases not password protected dork: inurl:updown.php | intext:"Powere … |
|
| 2006-09-13 | inurl:"simplene ws/admin" |
hxxp://evuln.com/vulns/94/summary.html … | |
