Google is not only a searching site but also an important tool for hackers. Yeah, I'm talking about the Google Dorks!
What are Google Dorks ?
It is basically an advanced google search to find vulnerable websites.
I have included 6 types of google dorks in this collection:
- Google dorks for SQL injection,
- Google dorks for Local File Inclusion,
- Google dorks For open CCTV cams,
- Google dorks for sensitive information,
- Google Dorks for Uploading Shell in Wordpress Sites,
- Google Dorks To Find Unsecure Web Admin Panels
- Carding Dorks
Google Dorks For SQL Injection:
- inurl:index.php?id=
- inurl:trainers.php?id=
- inurl:buy.php?category=
- inurl:article.php?ID=
- inurl:play_old.php?id=
- inurl:declaration_more.php?decl_id=
- inurl:pageid=
- inurl:games.php?id=
- inurl:page.php?file=
- inurl:newsDetail.php?id=
- inurl:gallery.php?id=
- inurl:show.php?id=
- inurl:staff_id=
- inurl:newsitem.php?num=
- inurl:readnews.php?id=
- inurl:top10.php?cat=
- inurl:historialeer.php?num=
- inurl:reagir.php?num=
- inurl:Stray-Questions-View.php?num=
- inurl:forum_bds.php?num=
- inurl:game.php?id=
- inurl:view_product.php?id=
- inurl:newsone.php?id=
- inurl:sw_comment.php?id=
- inurl:news.php?id=
- inurl:avd_start.php?avd=
- inurl:event.php?id=
- inurl:product-item.php?id=
- inurl:sql.php?id=
- inurl:news_view.php?id=
- inurl:select_biblio.php?id=
- inurl:humor.php?id=
- inurl:aboutbook.php?id=
- inurl:ogl_inet.php?ogl_id=
- inurl:fiche_spectacle.php?id=
- inurl:communique_detail.php?id=
- inurl:sem.php3?id=
- inurl:kategorie.php4?id=
- inurl:faq2.php?id=
- inurl:show_an.php?id=
- inurl:preview.php?id=
- inurl:loadpsb.php?id=
- inurl:opinions.php?id=
- inurl:spr.php?id=
- inurl:pages.php?id=
- inurl:announce.php?id=
- inurl:clanek.php4?id=
- inurl:participant.php?id=
- inurl:download.php?id=
- inurl:main.php?id=
- inurl:review.php?id=
- inurl:chappies.php?id=
- inurl:prod_detail.php?id=
- inurl:viewphoto.php?id=
- inurl:person.php?id=
- inurl:productinfo.php?id=
- inurl:showimg.php?id=
- inurl:view.php?id=
- inurl:website.php?id=
- inurl:hosting_info.php?id=
- inurl:rub.php?idr=
- inurl:view_faq.php?id=
- inurl:artikelinfo.php?id=
- inurl:detail.php?ID=
- inurl:profile_view.php?id=
- inurl:category.php?id=
- inurl:publications.php?id=
- inurl:fellows.php?id=
- inurl:downloads_info.php?id=
- inurl:prod_info.php?id=
- inurl:shop.php?do=part&id=
- inurl:collectionitem.php?id=
- inurl:band_info.php?id=
- inurl:product.php?id=
- inurl:releases.php?id=
- inurl:ray.php?id=
- inurl:produit.php?id=
- inurl:pop.php?id=
- inurl:shopping.php?id=
- inurl:productdetail.php?id=
- inurl:post.php?id=
- inurl:viewshowdetail.php?id=
- inurl:clubpage.php?id=
- inurl:memberInfo.php?id=
- inurl:section.php?id=
- inurl:theme.php?id=
- inurl:page.php?id=
- inurl:shredder-categories.php?id=
- inurl:tradeCategory.php?id=
- inurl:product_ranges_view.php?ID=
- inurl:shop_category.php?id=
- inurl:transcript.php?id=
- inurl:channel_id=
- inurl:item_id=
- inurl:newsid=
- inurl:news-full.php?id=
- inurl:news_display.php?getid=
- inurl:index2.php?option=
- inurl:material.php?id=
- inurl:read.php?id=
- inurl:viewapp.php?id=
- inurl:galeri_info.php?l=
- inurl:iniziativa.php?in=
- inurl:curriculum.php?id=
- inurl:labels.php?id=
- inurl:story.php?id=
- inurl:look.php?ID=
- inurl:tekst.php?idt=
- inurl:newscat.php?id=
- inurl:newsticker_info.php?idn=
- inurl:rubrika.php?idr=
- inurl:rubp.php?idr=
- inurl:offer.php?idf=
- inurl:art.php?idm=
- inurl:title.php?id=
- inurl:ages.php?id=
- inurl:”id=” & intext:”Warning: mysql_fetch_assoc()
- inurl:”id=” & intext:”Warning: mysql_fetch_array()
- inurl:”id=” & intext:”Warning: mysql_num_rows()
- inurl:”id=” & intext:”Warning: session_start()
- inurl:”id=” & intext:”Warning: getimagesize()
- inurl:”id=” & intext:”Warning: is_writable()
- inurl:”id=” & intext:”Warning: Unknown()
- inurl:”id=” & intext:”Warning: mysql_result()
- inurl:”id=” & intext:”Warning: pg_exec()
- inurl:”id=” & intext:”Warning: mysql_query()
- inurl:”id=” & intext:”Warning: array_merge()
- inurl:”id=” & intext:”Warning: preg_match()
- inurl:”id=” & intext:”Warning: ilesize()
- inurl:”id=” & intext:”Warning: filesize()
- inurl:”id=” & intext:”Warning: require()
- intext:””BiTBOARD v2.0″ BiTSHiFTERS Bulletin Board”
- intext:”Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed.” -edu
- intext:”Mail admins login here to administrate your domain.”
- intext:”Master Account” “Domain Name” “Password” inurl:/cgi-bin/qmailadmin
- intext:”Storage Management Server for” intitle:”Server Administration”
- intext:”Welcome to” inurl:”cp” intitle:”H-SPHERE” inurl:”begin.html” -Fee
- intext:”vbulletin” inurl:admincp
- intitle:”*- HP WBEM Login” | “You are being prompted to provide login account information for *” | “Please provide the information requested and press
- intitle:”Admin Login” “admin login” “blogware”
- intitle:”Admin login” “Web Site Administration” “Copyright”
- intitle:”AlternC Desktop”
- intitle:”Athens Authentication Point”
- intitle:”b2evo > Login form” “Login form. You must log in! You will have to accept cookies in order to log in” -demo -site:b2evolution.net
- intitle:”Cisco CallManager User Options Log On” “Please enter your User ID and Password in the spaces provided below and click the Log On button to co
- intitle:”ColdFusion Administrator Login”
- intitle:”communigate pro * *” intitle:”entrance”
- intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5″ -mambo
- intitle:”Dell Remote Access Controller”
- intitle:”Docutek ERes – Admin Login” -edu
- intitle:”Employee Intranet Login”
- intitle:”eMule *” intitle:”- Web Control Panel” intext:”Web Control Panel” “Enter your password here.”
- intitle:”ePowerSwitch Login”
- intitle:”eXist Database Administration” -demo
- intitle:”EXTRANET * – Identification”
- intitle:”EXTRANET login” -.edu -.mil -.gov
- intitle:”EZPartner” -netpond
- intitle:”Flash Operator Panel” -ext:php -wiki -cms -inurl:asternic -inurl:sip -
- intitle:ANNOUNCE -inurl:lists
- intitle:”i-secure v1.1″ -edu
- intitle:”Icecast Administration Admin Page”
- intitle:”iDevAffiliate – admin” -demo
- intitle:”ISPMan : Unauthorized Access prohibited”
- intitle:”ITS System Information” “Please log on to the SAP System”
- intitle:”Kurant Corporation StoreSense” filetype:bok
- intitle:”ListMail Login” admin -demo
- intitle:”Login –"
- intitle:”Login to @Mail” (ext:pl | inurl:”index”) -dwaffleman
- intitle:”Login to Cacti”
- intitle:”Login to the forums – @www.aimoo.com” inurl:login.cfm?id=
- intitle:”MailMan Login”
- intitle:”Member Login” “NOTE: Your browser must have cookies enabled in order to log into the site.” ext:php OR ext:cgi
- intitle:”Merak Mail Server Web Administration” -ihackstuff.com
- intitle:”microsoft certificate services” inurl:certsrv
- intitle:”MikroTik RouterOS Managing Webpage”
- intitle:”MX Control Console” “If you can’t remember”
- intitle:”Novell Web Services” “GroupWise” -inurl:”doc/11924″ -.mil -.edu -.gov -filetype:pdf
- intitle:”Novell Web Services” intext:”Select a service and a language.”
- intitle:”oMail-admin Administration – Login” -inurl:omnis.ch
- intitle:”OnLine Recruitment Program – Login”
- intitle:”Philex 0.2*” -script -site:freelists.org
- intitle:”PHP Advanced Transfer” inurl:”login.php”
- intitle:”php icalendar administration” -site:sourceforge.net
- intitle:”phpPgAdmin – Login” Language
- intitle:”PHProjekt – login” login password
- intitle:”please login” “your password is *”
- intitle:”Remote Desktop Web Connection” inurl:tsweb
- intitle:”SFXAdmin – sfx_global” | intitle:”SFXAdmin – sfx_local” | intitle:”SFXAdmin – sfx_test”
- intitle:”site administration: please log in” “site designed by emarketsouth”
- intitle:”Supero Doctor III” -inurl:supermicro
- intitle:”SuSE Linux Openexchange Server” “Please activate Javascript!”
- intitle:”teamspeak server-administration"
- intitle:”Tomcat Server Administration”
- intitle:”TOPdesk ApplicationServer”
- intitle:”TUTOS Login”
- intitle:”TWIG Login”
- intitle:”vhost” intext:”vHost . 2000-2004″
- intitle:”Virtual Server Administration System”
- intitle:”VisNetic WebMail” inurl:”/mail/”
- intitle:”VitalQIP IP Management System”
- intitle:”VMware Management Interface:” inurl:”vmware/en/”
- intitle:”VNC viewer for Java”
- intitle:”web-cyradm”|”by Luc de Louw” “This is only for authorized users” -tar.gz -site:web-cyradm.org
- intitle:”WebLogic Server” intitle:”Console Login” inurl:console
- intitle:”Welcome Site/User Administrator” “Please select the language” -demos
- intitle:”Welcome to Mailtraq WebMail”
- intitle:”welcome to netware *” -site:novell.com
- intitle:”WorldClient” intext:”? (2003|2004) Alt-N Technologies.”
- intitle:”xams 0.0.0..15 – Login”
- intitle:”XcAuctionLite” | “DRIVEN BY XCENT” Lite inurl:admin
- intitle:”XMail Web Administration Interface” intext:Login intext:password
- intitle:”Zope Help System” inurl:HelpSys
- intitle:”ZyXEL Prestige Router” “Enter password”
- intitle:”inc. vpn 3000 concentrator”
- intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”)-trackercam.com
- intitle:asterisk.management.portal web-access
- intitle:endymion.sak?.mail.login.page | inurl:sake.servlet
- intitle:Group-Office “Enter your username and password to login”
- intitle:ilohamail intext:"Version 0.8.10″
- intitle:IMP inurl:imp/indx.php3
- intitle:Login * Webmailer
- intitle:Login intext:”RT is ? Copyright”
- intitle:Node.List Win32.Version.3.11
- intitle:Novell intitle:WebAccess “Copyright *-* Novell, Inc”
- intitle:open-xchange inurl:login.pl
- intitle:Ovislink inurl:private/login
- intitle:phpnews.login
- intitle:plesk inurl:login.php3
- inurl:”/admin/configuration. php?” Mystore
- inurl:”/slxweb.dll/external?name=(custportal|webticketcust)”
- inurl:”1220/parse_xml.cgi?”
- inurl:”631/admin” (inurl:”op=*”) | (intitle:CUPS)
- inurl:”:10000″ intext:webmin
- inurl:”Activex/default.htm” “Demo”
- inurl:”calendar.asp?action=login”
- inurl:”default/login.php” intitle:”kerio”
- inurl:”gs/adminlogin.aspx”
- inurl:”php121login.php”
- inurl:”suse/login.pl”
- inurl:”typo3/index.php?u=” -demo
- inurl:”usysinfo?login=true”
- inurl:”utilities/TreeView.asp”
- inurl:”utilities/TreeView.asp”
- inurl:”vsadmin/login” | inurl:”vsadmin/admin” inurl:.php|.asp
- inurl:/admin/login.asp
- inurl:/cgi-bin/sqwebmail?noframes=1
- inurl:/Citrix/Nfuse17/
- inurl:/dana-na/auth/welcome.html
- inurl:/eprise/
- inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:”Miva Merchant
- Administration Login” -inurl:cheap-malboro.net
- inurl:/modcp/ intext:Moderator+vBulletin
- inurl:/SUSAdmin intitle:”Microsoft Software update Services”
- inurl:/webedit.* intext:WebEdit Professional -html
- inurl:1810 “Oracle Enterprise Manager”
- inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
- inurl::2082/frontend -demo
- inurl:administrator “welcome to mambo”
- inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0
- inurl:cgi-bin/ultimatebb.cgi?ubb=login
- inurl:Citrix/MetaFrame/default/default.aspx
- inurl:confixx inurl:login|anmeldung
- inurl:coranto.cgi intitle:Login (Authorized Users Only)
- inurl:csCreatePro.cgi
- inurl:default.asp intitle:”WebCommander”
- inurl:exchweb/bin/auth/owalogon.asp
- inurl:gnatsweb.pl
- inurl:ids5web
- inurl:irc filetype:cgi cgi:irc
- inurl:login filetype:swf
- inurl:login.asp
- inurl:login.cfm
- inurl:login.php “SquirrelMail version”
- inurl:metaframexp/default/login.asp | intitle:”Metaframe XP Login”
- inurl:mewebmail
- inurl:names.nsf?opendatabase
- inurl:ocw_login_username
- inurl:orasso.wwsso_app_admin.ls_login
- inurl:postfixadmin intitle:"postfix admin"ext:php
- inurl:search/admin.php
- inurl:textpattern/index.php
- inurl:WCP_USER
- inurl:webmail./index.pl "Interface"
- inurl:webvpn.html "login" "Please enter your"
Google Dorks for CCTV Camera online:
- inurl:view/view.shtml
- inurl:/view.shtml
- intitle:”Live View / - AXIS” | inurl:view/view.shtml^
- inurl:ViewerFrame?Mode=
- inurl:ViewerFrame?Mode=Refresh
- inurl:axis-cgi/jpg
- inurl:axis-cgi/mjpg (motion-JPEG)
- inurl:view/indexFrame.shtml
- inurl:view/index.shtml
- intitle:start inurl:cgistart
- intitle:”live view” intitle:axis
- intitle:snc-z20 inurl:home/
- intitle:liveapplet
- intitle:”i-Catcher Console - Web Monitor”
- intitle:axis intitle:”video server”
- intitle:liveapplet inurl:LvAppl
- intitle:”EvoCam” inurl:”webcam.html”
- intitle:”Live NetSnap Cam-Server feed”
- intitle:”Live View / - AXIS”
- intitle:”Live View / - AXIS 206W”
- intitle:”Live View / - AXIS 210″
- inurl:indexFrame.shtml Axis
- intitle:”Live View / - AXIS 206M”
- inurl:”MultiCameraFrame?Mode=Motion”
- allintitle:”Network Camera NetworkCamera”
- intitle:”WJ-NT104 Main Page”
- intext:”MOBOTIX M1″ intext:”Open Menu”
- intext:”MOBOTIX M10″ intext:”Open Menu”
- intext:”MOBOTIX D10″ intext:”Open Menu”
- intitle:”netcam live image”
- intitle:snc-cs3 inurl:home/
- intitle:snc-rz30 inurl:home/
- intitle:”sony network camera snc-p1″
- intitle:”sony network camera snc-m1″
- site:.viewnetcam.com -www.viewnetcam.com
- intitle:”Toshiba Network Camera” user login
- + View Webcam User Accessing
- allinurl:control/multiview
- intitle:”supervisioncam protocol”
Google Dorks for Local File Inclusion:
- inurl:/view/lang/index.php?page=?page=
- inurl:/shared/help.php?page=
- inurl:act=
- inurl:action=
- inurl:API_HOME_DIR=
- inurl:board=
- inurl:cat=
- inurl:client_id=
- inurl:cmd=
- inurl:cont=
- inurl:current_frame=
- inurl:date=
- inurl:detail=
- inurl:dir=
- inurl:display=
- inurl:download=
- inurl:f=
- inurl:file=
- inurl:fileinclude=
- inurl:filename=
- inurl:firm_id=
- inurl:g=
- inurl:getdata=
- inurl:go=
- inurl:HT=
- inurl:idd=
- inurl:inc=
- inurl:incfile=
- inurl:incl=
- inurl:include_file=
- inurl:include_path=
- inurl:infile=
- inurl:info=
- inurl:ir=
- inurl:lang=
- inurl:language=
- inurl:link=
- inurl:load=
- inurl:main=
- inurl:mainspot=
- inurl:msg=
- inurl:num=
- inurl:openfile=
- inurl:p=
- inurl:page=
- inurl:pagina=
- inurl:path=
- inurl:path_to_calendar=
- inurl:pg=
- inurl:qry_str=
- inurl:ruta=
- inurl:safehtml=
- inurl:section=
- inurl:showfile=
- inurl:side=
- inurl:site_id=
- inurl:skin=
- inurl:static=
- inurl:str=
- inurl:strona=
- inurl:sub=
- inurl:tresc=
- inurl:url=
- inurl:user=
- inurl:ajax.php?page=
Google Dorks To Gather Sensitive Data:
- filetype:bak createobject sa
- filetype:bak inurl:"htaccess|passwd|shadow|htusers"
- filetype:cfg "mrtg"target
- filetype:cfm "cfapplication name" password
- filetype:conf oekakibbs
- filetype:conf slapd.conf
- filetype:config intext:appSettings “User ID”
- filetype:dat "password.dat"
- filetype:dat inurl:Sites.dat
- filetype:dat wand.dat
- filetype:inc dbconn
- filetype:inc intext:mysql_connect
- filetype:inc mysql_connect OR mysql_pconnect
- filetype:inf sysprep
- filetype:ini inurl:"serv-u.ini"
- filetype:ini inurl:flashFXP.ini
- filetype:ini ServUDaemon
- filetype:ini wcx_ftp
- filetype:ini ws_ftp pwd
- filetype:ldb admin
- filetype:log See ipsec –copyright
- filetype:log inurl:"password.log"
- filetype:mdb inurl:users.mdb
- filetype:mdb wwforum
- filetype:netrc password
- filetype:pass pass intext:userid
- filetype:pem intext:private
- filetype:properties inurl:db intext:password
- filetype:pwd service
- filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
- filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
- filetype:sql "insert into" (pass|passwd|password)
- filetype:sql (“values * MD5″ | "values * password" | "values * encrypt")
- filetype:sql +"IDENTIFIED BY" -cvs
- filetype:sql password
- filetype:url +inurl:"ftp://" +inurl:";@"
- filetype:xls username password email
- intext:”enable password 7″
- intext:”enable secret 5 $”
- intext:”EZGuestbook”
- intext:”Web Wiz Journal”
- intitle:”index of” intext:connect.inc
- intitle:”index of” intext:globals.inc
- intitle:”Index of” passwords modified
- intitle:”Index of” sc_serv.conf sc_serv content
- intitle:”phpinfo()” +”mysql.default_password” +”Zend Scripting Language Engine”
- intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com
- intitle:index.of administrators.pwd
- intitle:Index.of etc shadow
- intitle:index.of intext:”secring.skr”|”secring.pgp”|”secring.bak”
- inurl:”calendarscript/users.txt”
- inurl:”editor/list.asp” | inurl:”database_editor.asp” | inurl:”login.asa” “are set”
- inurl:”GRC.DAT” intext:”password”
- inurl:”Sites.dat”+”PASS=”
- inurl:”slapd.conf” intext:”credentials” -manpage -“Manual Page” -man: -sample
- inurl:”slapd.conf” intext:”rootpw” -manpage -“Manual Page” -man: -sample
- inurl:”wvdial.conf” intext:”password”
- inurl:/db/main.mdb
- inurl:/wwwboard
- inurl:/yabb/Members/Admin.dat
- inurl:ccbill filetype:log
- inurl:cgi-bin inurl:calendar.cfg
- inurl:chap-secrets -cvs
- inurl:config.php dbuname dbpass
- inurl:filezilla.xml -cvs
- inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man
- inurl:nuke filetype:sql
- inurl:ospfd.conf intext:password -sample -test -tutorial -download
- inurl:pap-secrets -cvs
- inurl:pass.dat
- inurl:perform filetype:ini
- inurl:perform.ini filetype:ini
- inurl:secring ext:skr | ext:pgp | ext:bak
- inurl:server.cfg rcon password
- inurl:ventrilo_srv.ini adminpassword
- inurl:vtund.conf intext:pass -cvs
- inurl:zebra.conf intext:password -sample -test -tutorial -download
- filetype:bkf bkf
- filetype:blt “buddylist”
- filetype:blt blt +intext:screenname
- filetype:cfg auto_inst.cfg
- filetype:cnf inurl:_vti_pvt access.cnf
- filetype:conf inurl:firewall -intitle:cvs
- filetype:config web.config -CVS
- filetype:ctt Contact
- filetype:ctt ctt messenger
- filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To”
- filetype:fp3 fp3
- filetype:fp5 fp5 -site:gov -site:mil -“cvs log”
- filetype:fp7 fp7
- filetype:inf inurl:capolicy.inf
- filetype:lic lic intext:key
- filetype:log access.log -CVS
- filetype:log cron.log
- filetype:mbx mbx intext:Subject
- filetype:myd myd -CVS
- filetype:ns1 ns1
- filetype:ora ora
- filetype:ora tnsnames
- filetype:pdb pdb backup (Pilot | Pluckerdb)
- filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net
- filetype:pot inurl:john.pot
- filetype:PS ps
- filetype:pst inurl:”outlook.pst”
- filetype:pst pst -from -to -date
- filetype:qbb qbb
- filetype:QBW qbw
- filetype:rdp rdp
- filetype:reg “Terminal Server Client”
- filetype:vcs vcs
- filetype:wab wab
- filetype:xls -site:gov inurl:contact
- filetype:xls inurl:”email.xls”
- inurl:finance.xls
- inurl:finances.xls
- Ganglia Cluster Reports
- haccess.ctl
- ICQ chat logs, please…
- intext:”Session Start * * * *:*:* *” filetype:log
- intext:”Tobias Oetiker” “traffic analysis”
- intext:(password | passcode) intext:(username | userid | user) filetype:csv
- intext:SQLiteManager inurl:main.php
- intext:ViewCVS inurl:Settings.php
- intitle:”admin panel” +”RedKernel”
- intitle:”Apache::Status” (inurl:server-status | inurl:status.html | inurl:apache.html)
- intitle:”AppServ Open Project” -site:www.appservnetwork.com
- intitle:”ASP Stats Generator *.*” “ASP Stats Generator” “2003-2004 weppos”
- intitle:”Big Sister” +”OK Attention Trouble”
- intitle:”curriculum vitae” filetype:doc
- intitle:”edna:streaming mp3 server” -forums
- intitle:”index of” +myd size
- intitle:”Index Of” -inurl:maillog maillog size
- intitle:”Index Of” cookies.txt size
- intitle:”index of” mysql.conf OR mysql_config
- intitle:”Index of” upload size parent directory
- intitle:”index.of *” admin news.asp configview.asp
- intitle:”index.of” .diz .nfo last modified
- intitle:”Joomla – Web Installer”
- intitle:”LOGREP – Log file reporting system” -site:itefix.no
- intitle:”Multimon UPS status page”
- intitle:”PHP Advanced Transfer” (inurl:index.php | inurl:showrecent.php )
- intitle:”PhpMyExplorer” inurl:”index.php” -cvs
- intitle:”statistics of” “advanced web statistics”
- intitle:”System Statistics” +”System and Network Information Center”
- intitle:”urchin (5|3|admin)” ext:cgi
- intitle:”Usage Statistics for” “Generated by Webalizer”
- intitle:”wbem” compaq login “Compaq Information Technologies Group”
- intitle:”Web Server Statistics for ****”
- intitle:”web server status” SSH Telnet
- intitle:”Welcome to F-Secure Policy Manager Server Welcome Page”
- intitle:”welcome.to.squeezebox”
- intitle:admin intitle:login
- intitle:Bookmarks inurl:bookmarks.html “Bookmarks
- intitle:index.of “Apache” “server at”
- intitle:index.of cleanup.log
- intitle:index.of dead.letter
- intitle:index.of inbox
- intitle:index.of inbox dbx
- intitle:index.of ws_ftp.ini
- intitle:intranet inurl:intranet +intext:”phone”
- inurl:”/axs/ax-admin.pl” -script
- inurl:”/cricket/grapher.cgi”
- inurl:”bookmark.htm”
- inurl:”cacti” +inurl:”graph_view.php” +”Settings Tree View” -cvs -RPM
- inurl:”newsletter/admin/”
- inurl:”newsletter/admin/” intitle:”newsletter admin”
- inurl:”putty.reg”
- inurl:”smb.conf” intext:”workgroup” filetype:conf conf
- inurl:*db filetype:mdb
- inurl:/cgi-bin/pass.txt
- inurl:/_layouts/settings
- inurl:admin filetype:xls
- inurl:admin intitle:login
- inurl:backup filetype:mdb
- inurl:build.err
- inurl:cgi-bin/printenv
- inurl:cgi-bin/testcgi “Please distribute TestCGI”
- inurl:changepassword.asp
- inurl:ds.py
- inurl:email filetype:mdb
- inurl:fcgi-bin/echo
- inurl:forum filetype:mdb
- inurl:forward filetype:forward -cvs
- inurl:log.nsf -gov
- inurl:main.php phpMyAdmin
- inurl:main.php Welcome to phpMyAdmin
- inurl:netscape.hst
- inurl:netscape.ini
- inurl:odbc.ini ext:ini -cvs
- inurl:perl/printenv
- nurl:php.ini filetype:ini
- inurl:preferences.ini “[emule]”
- inurl:profiles filetype:mdb
- inurl:report “EVEREST Home Edition ”
- inurl:server-info “Apache Server Information”
- inurl:server-status “apache”
- inurl:snitz_forums_2000.mdb
- inurl:ssl.conf filetype:conf
- inurl:tdbin
- inurl:vbstats.php “page generated”
- inurl:wp-mail.php + “There doesn’t seem to be any new mail.”
- inurl:XcCDONTS.asp
- intitle:”Login Forum
- AnyBoard” intitle:”If you are a new user:” intext:”Forum
- AnyBoard” inurl:gochat -edu
- intitle:”Login to @Mail” (ext:pl | inurl:”index”) -waffleman
- !Host=*.* intext:enc_UserPassword=* ext:pcf
- “# -FrontPage-” ext:pwd inurl:(service | authors | administrators | users) “# -FrontPage-” inurl:service.pwd
- “AutoCreate=TRUE password=*”
- “http://*:*@www” domainname
- “index of/” “ws_ftp.ini” “parent directory”
- “liveice configuration file” ext:cfg -site:sourceforge.net
- “parent directory” +proftpdpasswd
- Duclassified” -site:duware.com “DUware All Rights reserved”
- duclassmate” -site:duware.com
- Dudirectory” -site:duware.com
- dudownload” -site:duware.com
- Elite Forum Version *.*”
- “sets mode: +k”
- “your password is” filetype:log
- DUpaypal” -site:duware.com
- allinurl: admin mdb
- auth_user_file.txt
- config.php
- eggdrop filetype:user user
- enable password | secret “current configuration” -intext:the
- etc (index.of)
- ext:asa | ext:bak intext:uid intext:pwd -“uid..pwd” database | server | dsn
- ext:inc “pwd=” “UID=”
- ext:ini eudora.ini
- ext:ini Version=4.0.0.4 password
- ext:passwd -intext:the -sample -example
- ext:txt inurl:unattend.txt
- ext:yml database inurl:config
- LeapFTP intitle:”index.of./” sites.ini modified
- master.passwd
- mysql history files
- NickServ registration passwords
- passlist
- passlist.txt
- passwd
- passwd / etc
- people.lst
- psyBNC config files
- pwd.db
- server-dbs “intitle:index of”
- signin filetype:url
- spwd.db / passwd
- trillian.ini
- wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin
- [WFClient] Password= filetype:ica
- intitle:”remote assessment” OpenAanval Console
- intitle:opengroupware.org “resistance is obsolete” “Report Bugs” “Username” “password”
- “bp blog admin” intitle:login | intitle:admin
- “Emergisoft web applications are a part of our”
- “Establishing a secure Integrated Lights Out session with” OR intitle:”Data Frame – Browser not HTTP 1.1 compatible”
- OR intitle:”HP Integrated Lights-
- “HostingAccelerator” intitle:”login” +”Username” -“news” -demo
- “iCONECT 4.1 :: Login”
- “IMail Server Web Messaging” intitle:login
- “inspanel” intitle:”login” -“cannot” “Login ID”
- “Login – Sun Cobalt RaQ”
- “login prompt” inurl:GM.cgi
- “Login to Usermin” inurl:20000
- “Microsoft CRM : Unsupported Browser Version”
- “OPENSRS Domain Management” inurl:manage.cgi
- “pcANYWHERE EXPRESS Java Client”
- “Please authenticate yourself to get access to the management interface”
- “please log in”
- “Please login with admin pass” -“leak”
- CuteNews” “2003..2005 CutePHP”
- DWMail” password intitle:dwmail
- Merak Mail Server Software" -.gov -.mil -.edu
- Midmart Messageboard” “Administrator Login”
- Monster Top List” MTL numrange:200-
- UebiMiau” -site:sourceforge.net
- “site info for” “Enter Admin Password”
- “SquirrelMail version” “By the SquirrelMail development Team”
- “SysCP – login”
- “This is a restricted Access Server” “Javascript Not Enabled!”|”Messenger Express” -edu -ac
- “This section is for Administrators only. If you are an administrator then please”
- “ttawlogin.cgi/?action=”
- “VHCS Pro ver” -demo
- “VNC Desktop” inurl:5800
- “Web-Based Management” “Please input password to login”
- “WebExplorer Server – Login” “Welcome to WebExplorer Server”
- “WebSTAR Mail – Please Log In”
- “You have requested access to a restricted area of our website. Please authenticate yourself to continue.”
- “You have requested to access the management functions” -.edu
- (intitle:”Please login – Forums UBB.threads”)|(inurl:login.php “ubb”)
- (intitle:”Please login – Forums WWWThreads”)|(inurl:”wwwthreads/login.php”)|(inurl:”wwwthreads/login.pl?Cat=”)
- (intitle:”rymo Login”)|(intext:”Welcome to rymo”) -family
- (intitle:”WmSC e-Cart Administration”)|(intitle:”WebMyStyle e-Cart Administration”)
- (inurl:”ars/cgi-bin/arweb?O=0″ | inurl:arweb.jsp) -site:remedy.com -site:mil
- 4images Administration Control Panel
- allintitle:”Welcome to the Cyclades”
- allinurl:”exchange/logon.asp”
- allinurl:wps/portal/ login
- ASP.login_aspx “ASP.NET_SessionId”
- CGI:IRC Login
- ext:cgi intitle:”control panel” “enter your owner password to continue!”
- ez Publish administration
- filetype:php inurl:”webeditor.php”
- filetype:pl “Download: SuSE Linux Openexchange Server CA”
- filetype:r2w r2w
- Novell NetWare intext:”netware management portal version”
- PHPhotoalbum Statistics
- PHPhotoalbum Upload
- Please enter a valid password! inurl:polladmin
- intitle:”DocuShare” inurl:”docushare/dsweb/” -faq -gov -edu
- “#mysql dump” filetype:sql
- “#mysql dump” filetype:sql 21232f297a57a5a743894a0e4a801fc3
- “allow_call_time_pass_reference” “PATH_INFO”
- “Certificate Practice Statement” inurl:(PDF | DOC)
- “Generated by phpSystem”
- “generated by wwwstat”
- “Host Vulnerability Summary Report”
- “Index of” / “chat/logs”
- “Installed Objects Scanner” inurl:default.asp
- “MacHTTP” filetype:log inurl:machttp.log
- “Mecury Version” “Infastructure Group”
- “Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)” ext:log
- “Most Submitted Forms and scripts” “this section”
- “Network Vulnerability Assessment Report”
- “not for distribution” confidential
- “not for public release” -.edu -.gov -.mil
- “phone * * *” “address *” “e-mail” intitle:”curriculum vitae”
- “phpMyAdmin” “running on” inurl:”main.php”
- “produced by getstats”
- “Request Details” “Control Tree” “Server Variables”
- “robots.txt” “Disallow:” filetype:txt
- “Running in Child mode”
- “sets mode: +p”
- “sets mode: +s”
- “Thank you for your order” +receipt
- “This is a Shareaza Node”
- “This report was generated by WebLog”
- ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
- (intitle:”PRTG Traffic Grapher” inurl:”allsensors”)|(intitle:”PRTG Traffic Grapher – Monitoring Results”)
- (intitle:WebStatistica inurl:main.php) | (intitle:”WebSTATISTICA server”) -inurl:statsoft -inurl:statsoftsa -
- inurl:statsoftinc.com -edu -software -rob
- (inurl:”robot.txt” | inurl:”robots.txt” ) intext:disallow filetype:txt
- +”:8080″ +”:3128″ +”:80″ filetype:txt
- -site:php.net -“The PHP Group” inurl:source inurl:url ext:pHp
- 94FBR “ADOBE PHOTOSHOP”
- AIM buddy lists
- allinurl:/examples/jsp/snp/snoop.jsp
- allinurl:cdkey.txt
- allinurl:servlet/SnoopServlet
- cgiirc.conf
- contacts ext:wml
- data filetype:mdb -site:gov -site:mil
- exported email addresses
- ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”)
- inurl:confidential
- ext:asp inurl:pathto.asp
- ext:ccm ccm -catacomb
- ext:CDX CDX
- ext:cgi inurl:editcgi.cgi inurl:file=
- ext:conf inurl:rsyncd.conf -cvs -man
- ext:conf NoCatAuth -cvs
- ext:dat bpk.dat
- ext:gho gho
- ext:ics ics
- ext:ini intext:env.ini
- ext:jbf jbf
- ext:ldif ldif
- ext:log “Software: Microsoft Internet Information Services *.*”
- ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
- ext:nsf nsf -gov -mil
- ext:plist filetype:plist inurl:bookmarks.plist
- ext:pqi pqi -database
- ext:reg “username=*” putty
- ext:txt “Final encryption key”
- ext:txt inurl:dxdiag
- ext:vmdk vmdk
- ext:vmx vmx
- filetype:asp DBQ=” * Server.MapPath(“*.mdb”)
- ipsec.conf
- ipsec.secrets
- “detected an internal error [IBM][CLI Driver][DB2/6000]”
- “error found handling the request” cocoon filetype:xml
- “Incorrect syntax near”
- “Internal Server Error” “server at”
- “Invision Power Board Database Error”
- “ORA-00933: SQL command not properly ended”
- “ORA-12541: TNS:no listener” intitle:”error occurred”
- “Parse error: parse error, unexpected T_VARIABLE” “on line” filetype:php
- “PostgreSQL query failed: ERROR: parser: parse error”
- “Supplied argument is not a valid MySQL result resource”
- “Syntax error in query expression ” -the
- “The script whose uid is ” “is not allowed to access”
- “There seems to have been a problem with the” ” Please try again by clicking the Refresh button in your web browser.”
- “Unable to jump to row” “on MySQL result index” “on line”
- “Unclosed quotation mark before the character string”
- “Warning: Bad arguments to (join|implode) () in” “on line” -help -forum
- “Warning: Cannot modify header information – headers already sent”
- “Warning: Division by zero in” “on line” -forum
- “Warning: mysql_connect(): Access denied for user: ‘*@*” “on line” -help -forum
- “Warning: mysql_query()” “invalid query”
- “Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL”
- “Warning: Supplied argument is not a valid File-Handle resource in”
- “Warning:” “failed to open stream: HTTP request failed” “on line”
- “Warning:” “SAFE MODE Restriction in effect.” “The script whose uid is” “is not allowed to access owned by uid 0 in” “on line”
- “SQL Server Driver][SQL Server]Line 1: Incorrect syntax near”
- An unexpected token “END-OF-STATEMENT” was found
- Coldfusion Error Pages
- filetype:asp + “[ODBC SQL”
- filetype:asp “Custom Error Message” Category Source
- filetype:log “PHP Parse error” | “PHP Warning” | “PHP Error”
- filetype:php inurl:”logging.php” “Discuz” error
- ht://Dig htsearch error
- IIS 4.0 error messages
- IIS web server error messages
- intext:”Error Message : Error loading required libraries.”
- intext:”Warning: Failed opening” “on line” “include_path”
- intitle:”Apache Tomcat” “Error Report”
- intitle:”Default PLESK Page”
- intitle:”Error Occurred While Processing Request” +WHERE (SELECT|INSERT) filetype:cfm
- intitle:”Error Occurred” “The error occurred in” filetype:cfm
- intitle:”Error using Hypernews” “Server Software”
- intitle:”Execution of this script not permitted”
- intitle:”Under construction” “does not currently have”
- intitle:Configuration.File inurl:softcart.exe
- MYSQL error message: supplied argument….
- mysql error with query
- Netscape Application Server Error page
- ORA-00921: unexpected end of SQL command
- ORA-00936: missing expression
- PHP application warnings failing “include_path”
- sitebuildercontent
- sitebuilderfiles
- sitebuilderpictures
- Snitz! forums db path error
- SQL syntax error
- Supplied argument is not a valid PostgreSQL result
- warning “error on line” php sablotron
- Windows 2000 web server error messages
- “ftp://” “www.eastgame.net”
- “html allowed” guestbook
- “: vBulletin Version 1.1.5″
- “Select a database to view” intitle:”filemaker pro”
- “set up the administrator user” inurl:pivot
- “There are no Administrators Accounts” inurl:admin.php -mysql_fetch_row
- “Welcome to Administration” “General” “Local Domains” “SMTP Authentication” inurl:admin
- “Welcome to Intranet”
- “Welcome to PHP-Nuke” congratulations
- “Welcome to the Prestige Web-Based Configurator”
- “YaBB SE Dev Team”
- “you can now password” | “this is a special page only seen by you. your profile visitors” inurl:imchaos
- (“Indexed.By”|”Monitored.By”) hAcxFtpScan
- (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
- allinurl:”index.php” “site=sglinks”
- allinurl:install/install.php
- allinurl:intranet admin
- filetype:cgi inurl:”fileman.cgi”
- filetype:cgi inurl:”Web_Store.cgi”
- filetype:php inurl:vAuthenticate
- filetype:pl intitle:”Ultraboard Setup”
- Gallery in configuration mode
- Hassan Consulting’s Shopping Cart Version 1.18
- intext:”Warning: * am able * write ** configuration file” “includes/configure.php” –
- intitle:”Gateway Configuration Menu”
- intitle:”Horde :: My Portal” -“[Tickets”
- intitle:”Mail Server CMailServer Webmail” “5.2”
- intitle:”MvBlog powered”
- intitle:”Samba Web Administration Tool” intext:”Help Workgroup”
- intitle:”Terminal Services Web Connection”
- intitle:”Uploader – Uploader v6″ -pixloads.com
- intitle:osCommerce inurl:admin intext:”redistributable under the GNU” intext:”Online Catalog” -demo -site:oscommerce.com
- intitle:phpMyAdmin “Welcome to phpMyAdmin ***” “running on * as root@*”
- inurl:”/NSearch/AdminServlet”
- inurl:”index.php? module=ew_filemanager”
- inurl:aol*/_do/rss_popup?blogID=
- inurl:footer.inc.php
- inurl:info.inc.php
- inurl:ManyServers.htm
- inurl:newsdesk.cgi? inurl:”t=”
- inurl:pls/admin_/gateway.htm
- inurl:rpSys.html
- inurl:search.php vbulletin
- inurl:servlet/webacc
- natterchat inurl:home.asp -site:natterchat.co.uk
- XOOPS Custom Installation
- inurl:htpasswd filetype:htpasswd
- inurl:yapboz_detay.asp
- intitle:”WJ-NT104 Main Page”
- inurl:netw_tcp.shtml
- mail filetype:csv -site:gov intext:name
- Microsoft Money Data Files
- mt-db-pass.cgi files
- MySQL tabledata dumps
- mystuff.xml – Trillian data files
- OWA Public Folders
- php-addressbook “This is the addressbook for *” -warning
- private key files (.csr)
- private key files (.key)
- Quicken data files
- rdbqds -site:.edu -site:.mil -site:.gov
- robots.txt
- site:edu admin grades
- site:www.mailinator.com inurl:ShowMail.do
- SQL data dumps
- Squid cache server reports
- Unreal IRCd
- WebLog Referrers
- Welcome to ntop!
- filetype:log intext:”ConnectionManager2″
- “apricot – admin” 00h
- “by Reimar Hoven. All Rights Reserved. Disclaimer” | inurl:”log/logdb.dta”
- “Network Host Assessment Report” “Internet Scanner”
- “Output produced by SysWatch *”
- “Phorum Admin” “Database Connection” inurl:forum inurl:admin
- phpOpenTracker” Statistics
- “powered | performed by Beyond Security’s Automated Scanning” -kazaa -example
- “Shadow Security Scanner performed a vulnerability assessment”
- “SnortSnarf alert page”
- “The following report contains confidential information” vulnerability -search
- “The statistics were last updated” “Daily”-microsoft.com
- “this proxy is working fine!” “enter *” “URL***” * visit
- “This report lists” “identified by Internet Scanner”
- “Traffic Analysis for” “RMON Port * on unit *”
- “Version Info” “Boot Version” “Internet Settings”
- ((inurl:ifgraph “Page generated at”) OR (“This page was built using ifgraph”))
- Analysis Console for Incident Databases
- ext:cgi intext:”nrg-” ” This web page was created on ”
- filetype:pdf “Assessment Report” nessus
- filetype:php inurl:ipinfo.php “Distributed Intrusion Detection System”
- filetype:php inurl:nqt intext:”Network Query Tool”
- filetype:vsd vsd network -samples -examples
- intext:”Welcome to the Web V.Networks” intitle:”V.Networks [Top]” -filetype:htm
- intitle:”ADSL Configuration page”
- intitle:”Azureus : Java BitTorrent Client Tracker”
- intitle:”Belarc Advisor Current Profile” intext:”Click here for Belarc’s PC Management products, for large and small companies.”
- intitle:”BNBT Tracker Info”
- intitle:”Microsoft Site Server Analysis”
- intitle:”Nessus Scan Report” “This file was generated by Nessus”
- intitle:”PHPBTTracker Statistics” | intitle:”PHPBT Tracker Statistics”
- intitle:”Retina Report” “CONFIDENTIAL INFORMATION”
- intitle:”start.managing.the.device” remote pbx acc
- intitle:”sysinfo * ” intext:”Generated by Sysinfo * written by The Gamblers.”
- intitle:”twiki” inurl:”TWikiUsers”
- inurl:”/catalog.nsf” intitle:catalog
- inurl:”install/install.php”
- inurl:”map.asp?” intitle:”WhatsUp Gold”
- inurl:”NmConsole/Login.asp” | intitle:”Login – Ipswitch WhatsUp Professional 2005″ | intext:”Ipswitch WhatsUp
- Professional 2005 (SP1)” “Ipswitch, Inc”
- inurl:”sitescope.html” intitle:”sitescope” intext:”refresh” -demo
- inurl:/adm-cfgedit.php
- inurl:/cgi-bin/finger? “In real life”
- inurl:/cgi-bin/finger? Enter (account|host|user|username)
- inurl:/counter/index.php intitle:”+PHPCounter 7.*”
- inurl:CrazyWWWBoard.cgi intext:”detailed debugging information”
- inurl:login.jsp.bak
- inurl:ovcgi/jovw
- inurl:phpSysInfo/ “created by phpsysinfo”
- inurl:portscan.php “from Port”|”Port Range”
- inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl
- inurl:statrep.nsf -gov
- inurl:status.cgi?host=all
- inurl:testcgi xitami
- inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin
- inurl:webutil.pl
- site:netcraft.com intitle:That.Site.Running Apache
- “A syntax error has occurred” filetype:ihtml
- “access denied for user” “using password”
- “An illegal character has been found in the statement” -“previous message”
- “ASP.NET_SessionId” “data source=”
- “Can’t connect to local” intitle:warning
- “Chatologica MetaSearch” “stack tracking”
- “Fatal error: Call to undefined function” -reply -the -next
- “Duclassified” -site:duware.com “DUware All Rights reserved”
- “Elite Forum Version *.*”
- “Link Department”
- “Chatologica MetaSearch” “stack tracking:”
- “Index of /backup”
- “ORA-00921: unexpected end of SQL command”
- “parent directory ” /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory ” Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- “parent directory “Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
- ?intitle:index.of? mp3 name
- allinurl:auth_user_file.txt
- inurl:passlist.txt
- filetype:bak inurl:”htaccess|passwd|shadow|htusers”
- filetype:cfg mrtg “target
- filetype:cfm “cfapplication name” password
- filetype:config config intext:appSettings “User ID”
- filetype:dat “password.dat”
- filetype:ini inurl:”serv-u.ini”
- filetype:log “See `ipsec –copyright”
- filetype:log inurl:”password.log”
- filetype:pwl pwl
- filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword”
- filetype:reg reg +intext:â? WINVNC3â?
- filetype:sql “insert into” (pass|passwd|password)
- filetype:sql (“values * MD5″ | “values * password” | “values * encrypt”)
- filetype:sql +”IDENTIFIED BY” -cvs
- filetype:url +inurl:”ftp://” +inurl:”;@”
- htpasswd
- htpasswd / htgroup
- htpasswd / htpasswd.bak
- intitle:”phpinfo()” +”mysql.default_password” +”Zend scripting Language Engine”
- intitle:rapidshare intext:login
- Financial spreadsheets: finance.xls
- Financial spreadsheets: finances.xls
- haccess.ctl (one way)
- haccess.ctl (VERY reliable)
- intext:gmail invite intext:http://gmail.google.com/gmail/a
- intitle:”FTP root at”
- inurl:cgi-bin/testcgi.exe “Please distribute TestCGI”
- inurl:getmsg.html intitle:hotmail
- inurl:php.ini filetype:ini
- intext:””BiTBOARD v2.0″ BiTSHiFTERS Bulletin Board”
- intext:”Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed.” -edu
- intext:”Mail admins login here to administrate your domain.”
- intext:”Master Account” “Domain Name” “Password” inurl:/cgi-bin/qmailadmin
- intext:”Storage Management Server for” intitle:”Server Administration”
- intext:”Welcome to” inurl:”cp” intitle:”H-SPHERE” inurl:”begin.html” -Fee
- intext:”vbulletin” inurl:admincp
- intitle:”*- HP WBEM Login” | “You are being prompted to provide login account information for *” | “Please provide the information requested and press
- intitle:”Admin Login” “admin login” “blogware”
- intitle:”Admin login” “Web Site Administration” “Copyright”
- intitle:”AlternC Desktop”
- intitle:”Athens Authentication Point”
- intitle:”b2evo > Login form” “Login form. You must log in! You will have to accept cookies in order to log in” -demo -site:b2evolution.net
- intitle:”Cisco CallManager User Options Log On” “Please enter your User ID and Password in the spaces provided below and click the Log On button to co
- intitle:”ColdFusion Administrator Login”
- intitle:”communigate pro * *” intitle:”entrance”
- intitle:”Content Management System” “user name”|”password”|”admin” “Microsoft IE 5.5″ -mambo
- intitle:”Dell Remote Access Controller”
- intitle:”Docutek ERes – Admin Login” -edu
- intitle:”Employee Intranet Login”
- intitle:”eMule *” intitle:”- Web Control Panel” intext:”Web Control Panel” “Enter your password here.”
- intitle:”ePowerSwitch Login”
- intitle:”eXist Database Administration” -demo
- intitle:”EXTRANET * – Identification”
- intitle:”EXTRANET login” -.edu -.mil -.gov
- intitle:”EZPartner” -netpond
- intitle:”Flash Operator Panel” -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists
- intitle:”i-secure v1.1″ -edu
- intitle:”Icecast Administration Admin Page”
- intitle:”iDevAffiliate – admin” -demo
- intitle:”ISPMan : Unauthorized Access prohibited”
- intitle:”ITS System Information” “Please log on to the SAP System”
- intitle:”Kurant Corporation StoreSense” filetype:bok
- intitle:”ListMail Login” admin -demo
- intitle:”Login –
- intitle:”Login to @Mail” (ext:pl | inurl:”index”) -dwaffleman
- intitle:”Login to Cacti”
- intitle:”Login to the forums – @www.aimoo.com” inurl:login.cfm?id=
- intitle:”MailMan Login”
- intitle:”Member Login” “NOTE: Your browser must have cookies enabled in order to log into the site.” ext:php OR ext:cgi
- intitle:”Merak Mail Server Web Administration” -ihackstuff.com
- intitle:”microsoft certificate services” inurl:certsrv
- intitle:”MikroTik RouterOS Managing Webpage”
- intitle:”MX Control Console” “If you can’t remember”
- intitle:”Novell Web Services” “GroupWise” -inurl:”doc/11924″ -.mil -.edu -.gov -filetype:pdf
- intitle:”Novell Web Services” intext:”Select a service and a language.”
- intitle:”oMail-admin Administration – Login” -inurl:omnis.ch
- intitle:”OnLine Recruitment Program – Login”
- intitle:”Philex 0.2*” -script -site:freelists.org
- intitle:”PHP Advanced Transfer” inurl:”login.php”
- intitle:”php icalendar administration” -site:sourceforge.net
- intitle:”phpPgAdmin – Login” Language
- intitle:”PHProjekt – login” login password
- intitle:”please login” “your password is *”
- intitle:”Remote Desktop Web Connection” inurl:tsweb
- intitle:”SFXAdmin – sfx_global” | intitle:”SFXAdmin – sfx_local” | intitle:”SFXAdmin – sfx_test”
- intitle:”SHOUTcast Administrator” inurl:admin.cgi
- intitle:”site administration: please log in” “site designed by emarketsouth”
- intitle:”Supero Doctor III” -inurl:supermicro
- intitle:”SuSE Linux Openexchange Server” “Please activate JavaScript!”
- intitle:”teamspeak server-administration
- intitle:”Tomcat Server Administration”
- intitle:”TOPdesk ApplicationServer”
- intitle:”TUTOS Login”
- intitle:”TWIG Login”
- intitle:”vhost” intext:”vHost . 2000-2004″
- intitle:”Virtual Server Administration System”
- intitle:”VisNetic WebMail” inurl:”/mail/”
- intitle:”VitalQIP IP Management System”
- intitle:”VMware Management Interface:” inurl:”vmware/en/”
- intitle:”VNC viewer for Java”
- intitle:”web-cyradm”|”by Luc de Louw” “This is only for authorized users” -tar.gz -site:web-cyradm.org
- intitle:”WebLogic Server” intitle:”Console Login” inurl:console
- intitle:”Welcome Site/User Administrator” “Please select the language” -demos
- intitle:”Welcome to Mailtraq WebMail”
- intitle:”welcome to netware *” -site:novell.com
- intitle:”WorldClient” intext:”? (2003|2004) Alt-N Technologies.”
- intitle:”xams 0.0.0..15 – Login”
- intitle:”XcAuctionLite” | “DRIVEN BY XCENT” Lite inurl:admin
- intitle:”XMail Web Administration Interface” intext:Login intext:password
- intitle:”Zope Help System” inurl:HelpSys
- intitle:”ZyXEL Prestige Router” “Enter password”
- intitle:”inc. vpn 3000 concentrator”
- intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) -trackercam.com
- intitle:asterisk.management.portal web-access
- intitle:endymion.sak?.mail.login.page | inurl:sake.servlet
- intitle:Group-Office “Enter your username and password to login”
- intitle:ilohamail ”
- intitle:ilohamail intext:”Version 0.8.10″ ”
- intitle:IMP inurl:imp/index.php3
- intitle:Login * Webmailer
- intitle:Login intext:”RT is ? Copyright”
- intitle:Node.List Win32.Version.3.11
- intitle:Novell intitle:WebAccess “Copyright *-* Novell, Inc”
- intitle:open-xchange inurl:login.pl
- intitle:Ovislink inurl:private/login
- intitle:phpnews.login
- intitle:plesk inurl:login.php3
- inurl:”/admin/configuration. php?” Mystore
- inurl:”/slxweb.dll/external?name=(custportal|webticketcust)”
- inurl:”1220/parse_xml.cgi?”
- inurl:”631/admin” (inurl:”op=*”) | (intitle:CUPS)
- inurl:”:10000″ intext:webmin
- inurl:”Activex/default.htm” “Demo”
- inurl:”calendar.asp?action=login”
- inurl:”default/login.php” intitle:”kerio”
- inurl:”gs/adminlogin.aspx”
- inurl:”php121login.php”
- inurl:”suse/login.pl”
- inurl:”typo3/index.php?u=” -demo
- inurl:”usysinfo?login=true”
- inurl:”utilities/TreeView.asp”
- inurl:”vsadmin/login” | inurl:”vsadmin/admin” inurl:.php|.asp
- nurl:/admin/login.asp
- inurl:/cgi-bin/sqwebmail?noframes=1
- inurl:/Citrix/Nfuse17/
- inurl:/dana-na/auth/welcome.html
- inurl:/eprise/
- inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:”Miva Merchant Administration Login” -inurl:cheap-malboro.net
- inurl:/modcp/ intext:Moderator+vBulletin
- inurl:/SUSAdmin intitle:”Microsoft Software Update Services”
- inurl:/webedit.* intext:WebEdit Professional -html
- inurl:1810 “Oracle Enterprise Manager”
- inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com
- inurl::2082/frontend -demo
- inurl:administrator “welcome to mambo”
- inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0
- inurl:cgi-bin/ultimatebb.cgi?ubb=login
- inurl:Citrix/MetaFrame/default/default.aspx
- inurl:confixx inurl:login|anmeldung
- inurl:coranto.cgi intitle:Login (Authorized Users Only)
- inurl:csCreatePro.cgi
- inurl:default.asp intitle:”WebCommander”
- inurl:exchweb/bin/auth/owalogon.asp
- inurl:gnatsweb.pl
- inurl:ids5web
- inurl:irc filetype:cgi cgi:irc
- inurl:login filetype:swf swf
- inurl:login.asp
- inurl:login.cfm
- inurl:login.php “SquirrelMail version”
- inurl:metaframexp/default/login.asp | intitle:”Metaframe XP Login”
- inurl:mewebmail
- inurl:names.nsf?opendatabase
- inurl:ocw_login_username
- inurl:orasso.wwsso_app_admin.ls_login
- inurl:postfixadmin intitle:”postfix admin” ext:php
- inurl:search/admin.php
- inurl:textpattern/index.php
- inurl:WCP_USER
- inurl:webmail./index.pl “Interface”
- inurl:webvpn.html “login” “Please enter your” Login (“admin account info”) filetype:log
- Link Department”
- passlist.txt (a better way)
- passwd / etc (reliable)
- “bp blog admin” intitle:login | intitle:admin -site:johnny.ihackstuff.com
- “Establishing a secure Integrated Lights Out session with” OR intitle:”Data Frame – Browser not HTTP 1.1 compatible” OR intitle:”HP Integrated Lights-
- “inspanel” intitle:”login” -“cannot” “Login ID” -site:inspediumsoft.com
- “intitle:3300 Integrated Communications Platform” inurl:main.htm
- “Please login with admin pass” -“leak” -sourceforge
- Merak Mail Server Software” -.gov -.mil -.edu -site:merakmailserver.com
- “Web-Based Management” “Please input password to login” -inurl:johnny.ihackstuff.com
- (intitle:”Please login – Forums
- UBB.threads”)|(inurl:login.php “ubb”)
- WWWThreads”)|(inurl:”wwwthreads/login.php”)|(inurl:”wwwthreads/login.pl?Cat=”)
- Login (”
- Jetbox One CMS â?¢” | ”
- Jetstream ? *”)
- Outlook Web Access (a better way)
- PhotoPost PHP Upload
- “HTTP_FROM=googlebot” googlebot.com “Server_Software=”
- “Most Submitted Forms and s?ri?ts” “this section”
- (intitle:WebStatistica inurl:main.php) | (intitle:”WebSTATISTICA server”) -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
- +”HSTSNR” -“netop.com”
- ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential
- intitle:”admin panel” +”
- RedKernel”
- inurl:”/axs/ax-admin.pl” -s?ri?t
- Internal Server Error
- intitle:”Remote Desktop Web Connection”
- + View Webcam User Accessing
- allinurl:control/multiview
- inurl:”ViewerFrame?Mode=”
- intitle:”supervisioncam protocol”
- OWA Public Folders (direct view)
- Peoples MSN contact lists
- “The statistics were last updated” “Daily”-microsoft.com
- ext:cfg radius.cfg
- inurl:”NmConsole/Login.asp” | intitle:”Login – Ipswitch WhatsUp Professional 2005″ | intext:”Ipswitch WhatsUp Professional 2005 (SP1)” “Ipswitch, Inc”
- “The script whose uid is ” “is not allowed to access”
- “Warning:” “SAFE MODE Restriction in effect.” “The script whose uid is” “is not allowed to access owned by uid 0 in” “on line”
- intitle:”Execution of this script not permitted”
- : vBulletin Version 1.1.5″
- inurl:yapboz_detay.asp + View Webcam User Accessing
- “duclassmate” -site:duware.com
- “Dudirectory” -site:duware.com
- “dudownload” -site:duware.com
- “DUpaypal” -site:duware.com
- allintitle:”Network Camera NetworkCamera”
- intitle:”live view” intitle:axis
- intitle:axis intitle:”video server”
- intitle:liveapplet
- inurl:axis-cgi/jpg
- inurl:axis-cgi/mjpg (motion-JPEG)
- inurl:view/index.shtml
- inurl:view/indexFrame.shtml
- inurl:view/view.shtml
- inurl:ViewerFrame?Mode=Refresh
- liveapplet
- ” -FrontPage-” ext:pwd inurl:(service | authors | administrators | users)
- “About Mac OS Personal Web Sharing”
- “Copyright © Tektronix, Inc.” “printer status”
- “Dumping data for table”
- “Error Diagnostic Information” intitle:”Error Occurred While”
- “Index of /” +.htaccess
- “Index of /” +passwd
- “Index of /” +password.txt
- “Index of /admin”
- “Index of /mail”
- “Index Of /network” “last modified”
- “Index of /password”
- “index of /private” site:mil
- “index of /private” -site:net -site:com -site:org
- “liveice configuration file” ext:cfg
- “Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©” ext:log
- “More Info about MetaCart Free”
- “mysql dump” filetype:sql
- “mySQL error with query”
- “ORA-00936: missing expression”
- “phpMyAdmin MySQL-Dump” “INSERT INTO” -“the”
- “phpMyAdmin MySQL-Dump” filetype:txt
- “Powered by mnoGoSearch – free web search engine software”
- “powered by openbsd” +”powered by apache”
- “Powered by UebiMiau” -site:sourceforge.net
- “Supplied argument is not a valid PostgreSQL result”
- “This summary was generated by wwwstat”
- “Web File Browser” “Use regular expression”
- “xampp/phpinfo
- “You have an error in your SQL syntax near”
- “Your password is * Remember this for later use”
- aboutprinter.shtml
- allintitle: “index of/admin”
- allintitle: “index of/root”
- allintitle: restricted filetype :mail
- allintitle: restricted filetype:doc site:gov
- allintitle: sensitive filetype:doc
- allintitle:..”Test page for Apache Installation..”
- allintitle:admin.php
- allinurl:”.r{}_vti_cnf/”
- allinurl:admin mdb
- camera linksys inurl:main.cgi
- Canon Webview netcams
- Comersus.mdb database
- confidential site:mil
- ConnectionTest.java filetype:html
- ext:pwd inurl:(service | authors | administrators | users) “# -FrontPage-”
- filetype:ASP ASP
- filetype:ASPX ASPX
- filetype:BML BML
- filetype:cfg ks intext:rootpw -sample -test -howto
- filetype:CFM CFM
- filetype:CGI CGI
- filetype:conf inurl:psybnc.conf “USER.PASS=”
- filetype:dat “password.dat
- filetype:DIFF DIFF
- filetype:DLL DLL
- filetype:DOC DOC
- filetype:FCGI FCGI
- filetype:HTM HTM
- filetype:HTML HTML
- filetype:JHTML JHTML
- filetype:JSP JSP
- filetype:log inurl:password.log
- filetype:MV MV
- filetype:PDF PDF
- filetype:PHP PHP
- filetype:PHP3 PHP3
- filetype:PHP4 PHP4
- filetype:PHTML PHTML
- filetype:PL PL
- filetype:PPT PPT
- filetype:SHTML SHTML
- filetype:STM STM
- filetype:SWF SWF
- filetype:TXT TXT
- filetype:XLS XLS
- Index of phpMyAdmin
- index of: intext:Gallery in Configuration mode
- index.of passlist
- intext:”d.aspx?id” || inurl:”d.aspx?id”
- intext:”powered by Web Wiz Journal”
- intext:”SteamUserPassphrase=” intext:”SteamAppUser=” -“username” -“user”
- intitle:”— VIDEO WEB SERVER —” intext:”Video Web Server” “Any time & Any where” username password
- intitle:”500 Internal Server Error” “server at”
- intitle:”actiontec” main setup status “Copyright 2001 Actiontec Electronics Inc”
- intitle:”Browser Launch Page”
- intitle:”EverFocus.EDSR.applet”
- intitle:”Index of” “.htpasswd” “htgroup” -intitle:”dist” -apache -htpasswd.c
- intitle:”Index of” .bash_history
- intitle:”Index of” .mysql_history
- intitle:”Index of” .sh_history
- intitle:”Index of” cfide
- intitle:”index of” etc/shadow
- intitle:”index of” htpasswd
- intitle:”index of” master.passwd
- intitle:”index of” members OR accounts
- intitle:”index of” passwd
- intitle:”index of” people.lst
- intitle:”index of” pwd.db
- intitle:”index of” spwd
- intitle:”Index of” spwd.db passwd -pam.conf
- intitle:”index of” user_carts OR user_cart
- intitle:”Index of..etc” passwd
- intitle:”iVISTA.Main.Page”
- intitle:”network administration” inurl:”nic”
- intitle:”OfficeConnect Cable/DSL Gateway” intext:”Checking your browser”
- intitle:”switch login” “IBM Fast Ethernet Desktop”
- intitle:”SWW link” “Please wait…..”
- intitle:”Welcome to the Advanced Extranet Server, ADVX!”
- intitle:”Welcome to Windows 2000 Internet Services”
- intitle:”Connection Status” intext:”Current login”
- intitle:index.of cgiirc.config
- intitle:Index.of etc shadow site:passwd
- intitle:index.of master.passwd
- intitle:index.of passwd passwd.bak
- intitle:index.of people.lst
- intitle:index.of trillian.ini
- inurl:”8003/Display?what=”
- inurl:”auth_user_file.txt”
- inurl:”printer/main.html” intext:”settings”
- inurl:”wwwroot/
- inurl:access
- inurl:admin filetype:db
- inurl:asp
- inurl:buy
- inurl:cgi
- inurl:cgiirc.config
- inurl:data
- inurl:download
- inurl:file
- inurl:forum
- inurl:home
- inurl:hp/device/this.LCDispatcher
- inurl:html
- inurl:iisadmin
- inurl:inc
- inurl:info
- inurl:list
- inurl:mail
- inurl:midicart.mdb
- inurl:new
- inurl:order
- inurl:pages
- Ultima Online loginservers
- inurl:Proxy.txt
- inurl:public
- inurl:search
- inurl:shop
- inurl:shopdbtest.asp
- inurl:software
- inurl:support
- inurl:user
- inurl:vtund.conf intext:pass -cvs s
- inurl:web
- POWERED BY HIT JAMMER 1.0!
- site:ups.com intitle:”Ups Package tracking” intext:”1Z ### ### ## #### ### #”
- top secret site:mil
- VP-ASP Shop Administrators only
- XAMPP “inurl:xampp/index”
- allintitle:*.php?filename=*
- allintitle:*.php?page=*
- allintitle:*.php?logon=*
Google Dorks To Find Unsecured Web Admin Panels:
- "inurl:admin/addmember.asp"
- "inurl:admin/addinfo.asp"
- "inurl:admin/addcat.asp"
- "inurl:admin/cp.asp"
- "inurl:admin/productshow.asp"
- "inurl:admin/addjob.asp"
- "inurl:admin/addjob.???"
- "inurl:admin/addpic.???"
- "inurl:admin/viewproduct.???"
- "inurl:admin/addaccount.php"
- "inurl:admin/manage.php"
- "inurl:admin/addcontact.???"
- "inurl:admin/viewmanager.???"
- "inurl:admin/addschool.???"
- "inurl:admin/addproject.???"
- "inurl:admin/addsale.???"
- "inurl:admin/addcompany.???"
- "inurl:admin/payment.???"
- "inurl:user/emp.???"
- "inurl:admin/addmovie.???"
- "inurl:admin/addpassword.???"
- "inurl:admin/addemployee.???"
- "inurl:admin/addcat.???"
- "inurl:admin/admin.???"
- "inurl:admin/admincp.???"
- "inurl:admin/settings.???"
- "inurl:admin/addstate.???"
- "inurl:admin/addcountry.???"
- "inurl:admin/addmedia.???"
- "inurl:admin/addcode.???"
- "inurl:admin/addlinks.???"
- "inurl:admin/addcity.???"
Carding Dorks:
- inurl:”.php?articleid=”
- inurl:”.php?articleid=” intext:”shopping”
- inurl:”.php?articleid=” intext:”add to cart”
- inurl:”.php?articleid=” intext:”Buy Now”
- inurl:”.php?articleid=” intext:”View cart”
- inurl:”.php?articleid=” intext:”boutique”
- inurl:”.php?articleid=” intext:”/shop/”
- inurl:”.php?articleid=” intext:”/store/”
- inurl:”.php?articleid=” intext:”toys”
- nurl:”.php?cat=”+intext:”Paypal”+site:UK
- inurl:”.php?cat=”+intext:”/Buy Now/”+site:.net
- inurl:”.php?cid=”+intext:”online+betting”
- inurl:”.php?id=” intext:”View cart”
- inurl:”.php?id=” intext:”Buy Now”
- inurl:”.php?id=” intext:”add to cart”
- inurl:”.php?id=” intext:”shopping”
- inurl:”.php?id=” intext:”boutique”
- inurl:”.php?id=” intext:”/store/”
- inurl:”.php?id=” intext:”/shop/”
- inurl:”.php?id=” intext:”toys”
- inurl:”.php?cid=”
- inurl:”.php?cid=” intext:”shopping”
- inurl:”.php?cid=” intext:”add to cart”
- inurl:”.php?cid=” intext:”Buy Now”
- inurl:”.php?cid=” intext:”View cart”
- inurl:”.php?cid=” intext:”boutique”
- inurl:”.php?cid=” intext:”/store/”
- inurl:”.php?cid=” intext:”/shop/”
- inurl:”.php?cid=” intext:”Toys”
- inurl:”.php?cat=”
- inurl:”.php?cat=” intext:”shopping”
- inurl:”.php?cat=” intext:”add to cart”
- inurl:”.php?cat=” intext:”Buy Now”
- inurl:”.php?cat=” intext:”View cart”
- inurl:”.php?cat=” intext:”boutique”
- inurl:”.php?cat=” intext:”/store/”
- inurl:”.php?cat=” intext:”/shop/”
- inurl:”.php?cat=” intext:”Toys”
- inurl:”.php?catid=”
- inurl:”.php?catid=” intext:”View cart”
- inurl:”.php?catid=” intext:”Buy Now”
- inurl:”.php?catid=” intext:”add to cart”
- inurl:”.php?catid=” intext:”shopping”
- inurl:”.php?catid=” intext:”boutique”
- inurl:”.php?catid=” intext:”/store/”
- inurl:”.php?catid=” intext:”/shop/”
- inurl:”.php?catid=” intext:”Toys”
- inurl:”.php?categoryid=”
- inurl:”.php?categoryid=” intext:”View cart”
- inurl:”.php?categoryid=” intext:”Buy Now”
- inurl:”.php?categoryid=” intext:”add to cart”
- inurl:”.php?categoryid=” intext:”shopping”
- inurl:”.php?categoryid=” intext:”boutique”
- inurl:”.php?categoryid=” intext:”/store/”
- inurl:”.php?categoryid=” intext:”/shop/”
- inurl:”.php?categoryid=” intext:”Toys”
- inurl:”.php?pid=”
- inurl:”.php?pid=” intext:”shopping”
- inurl:”.php?pid=” intext:”add to cart”
- inurl:”.php?pid=” intext:”Buy Now”
- inurl:”.php?pid=” intext:”View cart”
- inurl:”.php?pid=” intext:”boutique”
- inurl:”.php?pid=” intext:”/store/”
- inurl:”.php?pid=” intext:”/shop/”
- inurl:”.php?pid=” intext:”toys”
- inurl:”.php?prodid=
- inurl:”.php?prodid=” intext:”shopping”
- inurl:”.php?prodid=” intext:”add to cart”
- inurl:”.php?prodid=” intext:”Buy Now”
- inurl:”.php?prodid=” intext:”View cart”
- inurl:”.php?prodid=” intext:”boutique”
- inurl:”.php?prodid=” intext:”/store/”
- inurl:”.php?prodid=” intext:”/shop/”
- inurl:”.php?prodid=” intext:”toys”
- inurl:”.php?productid=’
- inurl:”.php?productid=” intext:”shopping”
- inurl:”.php?productid=” intext:”add to cart”
- inurl:”.php?productid=” intext:”Buy Now”
- inurl:”.php?productid=” intext:”View cart”
- inurl:”.php?productid=” intext:”boutique”
- inurl:”.php?productid=” intext:”/store/”
- inurl:”.php?productid=” intext:”/shop/”
- inurl:”.php?productid=” intext:”Toys”
- inurl:”.php?product=”
- inurl:”.php?product=” intext:”shopping”
- inurl:”.php?product=” intext:”add to cart”
- inurl:”.php?product=” intext:”Buy Now”
- inurl:”.php?product=” intext:”View cart”
- inurl:”.php?product=” intext:”boutique”
- inurl:”.php?product=” intext:”/store/”
- inurl:”.php?product=” intext:”/shop/”
- inurl:”.php?product=” intext:”toys”
- inurl:”.php?product=” intext:”DVD”
- inurl:”.php?products=”
- inurl:”.php?products=” intext:”shopping”
- inurl:”.php?products=” intext:”add to cart”
- inurl:”.php?products=” intext:”Buy Now”
- inurl:”.php?products=” intext:”View cart”
- inurl:”.php?products=” intext:”boutique”
- inurl:”.php?products=” intext:”/store/”
- inurl:”.php?products=” intext:”/shop/”
- inurl:”.php?products=” intext:”toys”
- inurl:”.php?products=” intext:”DVD”
- inurl:”.php?proid=”
- inurl:”.php?proid=” intext:”shopping”
- inurl:”.php?proid=” intext:”add to cart”
- inurl:”.php?proid=” intext:”Buy Now”
- inurl:”.php?proid=” intext:”View cart”
- inurl:”.php?proid=” intext:”boutique”
- inurl:”.php?proid=” intext:”/store/”
- inurl:”.php?proid=” intext:”/shop/”
- inurl:”.php?proid=” intext:”toys”
- inurl:”.php?shopid=”
- inurl:”.php?shopid=” intext:”shopping”
- inurl:”.php?shopid=” intext:”add to cart”
- inurl:”.php?shopid=” intext:”Buy Now”
- inurl:”.php?shopid=” intext:”View cart”
- inurl:”.php?shopid=” intext:”boutique”
- inurl:”.php?shopid=” intext:”/store/”
- inurl:”.php?shopid=” intext:”/shop/”
- inurl:”.php?shopid=” intext:”Toys”
- inurl:”.php?itemid=”
- inurl:”.php?itemid=” intext:”shopping”
- inurl:”.php?itemid=” intext:”add to cart”
- inurl:”.php?itemid=” intext:”Buy Now”
- inurl:”.php?itemid=” intext:”View cart”
- inurl:”.php?itemid=” intext:”boutique”
- inurl:”.php?itemid=” intext:”/shop/”
- inurl:”.php?itemid=” intext:”/store/”
- inurl:”.php?itemid=” intext:”Toys”
- inurl:”.php?orderid=”
- inurl:”.php?orderid=” intext:”shopping”
- inurl:”.php?orderid=” intext:”add to cart”
- inurl:”.php?orderid=” intext:”Buy Now”
- inurl:”.php?orderid=” intext:”View cart”
- inurl:”.php?orderid=” intext:”boutique”
- inurl:”.php?orderid=” intext:”/shop/”
- inurl:”.php?orderid=” intext:”/store/”
- inurl:”.php?orderid=” intext:”Toys”
- inurl:”.php?catalogId=”
- inurl:”.php?catalogId=” intext:”shopping”
- inurl:”.php?catalogId=” intext:”add to cart”
- inurl:”.php?catalogId=” intext:”Buy Now”
- inurl:”.php?catalogId=” intext:”View cart”
- inurl:”.php?catalogId=” intext:”boutique”
- inurl:”.php?catalogId=” intext:”/shop/”
- inurl:”.php?catalogId=” intext:”/store/”
- inurl:”.php?catalogId=” intext:”Toys”
- inurl:”.php?aid=”
- inurl:”.php?aid=” intext:”shopping”
- inurl:”.php?aid=” intext:”add to cart”
- inurl:”.php?aid=” intext:”Buy Now”
- inurl:”.php?aid=” intext:”View cart”
- inurl:”.php?aid=” intext:”boutique”
- inurl:”.php?aid=” intext:”/shop/”
- inurl:”.php?aid=” intext:”/store/”
- inurl:”.php?aid=” intext:”toys”
- inurl:”.php?artid=”
- inurl:”.php?artid=” intext:”shopping”
- inurl:”.php?artid=” intext:”add to cart”
- inurl:”.php?artid=” intext:”Buy Now”
- inurl:”.php?artid=” intext:”View cart”
- inurl:”.php?artid=” intext:”boutique”
- inurl:”.php?artid=” intext:”/shop/”
- inurl:”.php?artid=” intext:”/store/”
- inurl:”.php?artid=” intext:”toys”
WordPress Exploit- Google Dorks to Upload Shell:
- “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
- /wp-content/plugins/easy-comment-uploads/upload-form.php
- Index of /wp-content/plugins/easy-comment-uploads
Check this link to view your Shell!
- VictimSite.com/wp-content/uploads/2012/10/yourfilehere
If you find this article worthy, then share and +1 this article.
"Inshallah I will UPDATE this To more Important Dorks"
Credit to: MR:47{XYBER SHEIKH}