sql injection dorks
Posted by
Unknown
at
3:21 PM
sql injection dorks
allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”
Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code
CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information
confidential documents containing the confidential clause
QDF database files for the Quicken financial application
Panasonic Network Camera webcams
allinurl: \”index php go buy\”
allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”
Error message queries
“A syntax error has occurred”filetype:ihtml
Informix database errors, potentially containing function names, filenames, file structure information, pieces of SQL code and passwords
“Access denied for user” “Using password”
authorisation errors, potentially containing user names, function names, file structure information and pieces of SQL code
“The script whose uid is ” “is not allowed to access”
access-related PHP errors, potentially containing filenames, function names and file structure information
access-related PHP errors, potentially containing filenames, function names and file structure information
“ORA-00921: unexpected end of SQL command”
Oracle database errors, potentially containing filenames, function names and file structure information
“error found handling the request” cocoon filetype:xml
Cocoon errors, potentially containing Cocoon version information, filenames, function names and file structure information
“Invision Power Board Database Error”
Invision Power Board bulletin board errors, potentially containing function names, filenames, file structure information and piece of SQL code
“Warning: mysql _ query()” “invalid query”
MySQL database errors, potentially containing user names, function names, filenames and file structure information
“Error Message : Error loading required libraries.”
CGI script errors, potentially containing information about operating system and program versions, user names, filenames and file structure information
“#mysql dump” filetype:sql
MySQL database errors, potentially containing information about database structure and contents
Dork for locating passwords
http://*:*@www” site
passwords for site, stored as the string “http://username:password@www…”
filetype:bak inurl:”htaccess|passwd|shadow|ht users”
file backups, potentially containing user names and passwords
filetype:mdb inurl:”account|users|admin|admin istrators|passwd|password”
mdb files, potentially containing password information
intitle:”Index of” pwd.db
pwd.db files, potentially containing user names and encrypted passwords
inurl:admin inurl:backup intitle:index.of
directories whose names contain the words admin and backup
“Index of/” “Parent Directory” “WS _ FTP.ini”
filetype:ini WS _ FTP PWD
WS_FTP configuration files, potentially containing FTP server access passwords
ext:pwd inurl:(service|authors|administrators |users) “# -FrontPage-”
files containing Microsoft FrontPage passwords
filetype:sql (“passwd values ****” | “password values ****” | “pass values ****” )
files containing SQL code and passwords inserted into a database
intitle:index.of trillian.ini
configuration files for the Trillian IM
eggdrop filetype:user
user configuration files for the Eggdrop ircbot
user configuration files for the Eggdrop ircbot
filetype:conf slapd.conf
configuration files for OpenLDAP
inurl:”wvdial.conf” intext:”password”
configuration files for WV Dial
ext:ini eudora.ini
configuration files for the Eudora mail client
filetype:mdb inurl:users.mdb
Microsoft Access files, potentially containing user account information
Searching for personal data and confidential documents
filetype:xls inurl:”email.xls”
email.xls files, potentially containing contact information
“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”
CVs
“not for distribution”
confidential documents containing the confidential clause
buddylist.blt
AIM contacts list
intitle:index.of mystuff.xml
Trillian IM contacts list
filetype:ctt “msn”
MSN contacts list
filetype:QDF
QDF database files for the Quicken financial application
intitle:index.of finances.xls
finances.xls files, potentially containing information on bank accounts, financial summaries and credit card numbers
intitle:”Index Of” -inurl:maillog maillog size
maillog files, potentially containing e-mail
Network Vulnerability Assessment Report”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”
“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”
reports for network security scans, penetration tests etc
dork for locating network devices
“Copyright (c) Tektronix, Inc.” “printer status”
PhaserLink printers
inurl:”printer/main.html” intext:”settings”
Brother HL printers
intitle:”Dell Laser Printer” ews
Dell printers with EWS technology
intext:centreware inurl:status
Xerox Phaser 4500/6250/8200/8400 printers
inurl:hp/device/this.LCDispatcher
HP printers
intitle:liveapplet inurl:LvAppl
Canon Webview webcams
intitle:”EvoCam” inurl:”webcam.html”
Evocam webcams
inurl:”ViewerFrame?Mode=”
Panasonic Network Camera webcams
(intext:”MOBOTIX M1″ | intext:”MOBOTIX M10″) intext:”Open Menu” Shift-Reload
Mobotix webcams
inurl:indexFrame.shtml Axis
Axis webcams
intitle:”my webcamXP server!” inurl:”:8080″
webcams accessible via WebcamXP Server
allintitle:Brains, Corp.
camera webcams accessible via mmEye
intitle:”active webcam page”
0 comments:
Post a Comment