GHDB « Hackers For Charity

GHDB

GHDB :: Vulnerable Files

Date Title Summary  
2004-06-10 intitle:"Index of /" modified php.exe PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting " ...
2004-06-16 filetype:php inurl:"viewfile " -"ind... Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files ...
2004-07-21 filetype:cnf my.cnf -cvs -example The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords ...
2004-08-01 filetype:wsdl wsdl The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil th ...
2004-08-01 filetype:inc inc intext:setcookie Cookies are often used for authentication and a lot of other stuff.The "inc" php header files often include the exact syntax of the cookies. ...
2004-08-13 ext:cgi inurl:ubb6_test The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave patht ...
2004-08-20 intitle:"PHP Explorer" ext:php (inurl:ph... This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list dire ...
2004-08-30 inurl:robpoll.cgi filetype:cgi robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'. All of the results should look something ...
2004-09-06 inurl:"plog/reg ister.php" pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about r ...
2004-09-06 link:http://www.toas tforums.com/ Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums. ...
2004-09-09 inurl:"nph-prox y.cgi" "Start browsi... Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must ...
2004-09-10 Gallery configuration setup files Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. ...
2004-09-13 PHP-Nuke - create super user right now ! PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnera ...
2004-09-18 filetype:lit lit (books|ebooks) Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Read ...
2004-10-05 inurl:cgi.asx?StoreI D BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your ...
2004-10-06 inurl:" WWWADMIN.PL" intitle:"wwwad. .. wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum. ...
2004-10-09 inurl:changepassword .cgi -cvs Allows a user to change his/her password for authentication to the system. Script allows for repeated failed attempts making this script vulnerable t ...
2004-10-14 intitle:"Direct ory Listing" "tree v... Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed * Tiled Quote: *Lists files and directories in either a Tree ...
2004-10-14 intitle:mywebftp "Please enter your password&... MyWebFTP Free is a free lite version of MyWebFTP Personal - a PHP script providing FTP client capabilities with the user interface in your browser. In ...
2004-10-16 ezBOO "Administrator Panel" -cvs ezBOO WebStats is a high level statistical tool for web sites monitoring. It allows real time access monitoring on several sites. Based on php and m ...
2004-10-19 intitle:"ASP FileMan" Resend -site:iiswo... FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in A ...
2004-10-26 intitle:"phprem oteview" filetype:php &qu... phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: ...
2004-10-27 "File Upload Manager v1.3" "rename ... thepeak file upload manager let you manage your webtree with up and downloading files. ...
2004-10-27 inurl:click.php intext:PHPClickLog A script written in PHP 4 which logs a user's statistics when they click on a link. The log is stored in a flatfile (text) database and can be ...
2004-10-31 "powered by YellDL" Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you ...
2004-11-04 filetype:cgi inurl:cachemgr.cgi cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with ...
2004-11-16 ext:asp inurl:DUgallery intitle:"3.0&qu ot; -s... The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the du ...
2004-11-16 ext:asp "powered by DUForum" inurl:(mess... DUForum is one of those free forum software packages. The database location is determined by the config file "connDUforumAdmin.asp", but the ...
2004-11-18 "Powered by Land Down Under 601" sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google. ...
2004-11-28 inurl:php.exe filetype:exe -example.com It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB h ...
2004-11-30 filetype:mdb inurl:"news/new s" Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost ...
2004-12-01 filetype:pl -intext:"/usr/b in/perl" inu... WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but ...
2005-04-27 inurl:cgi-bin inurl:bigate.cgi Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work. ...
2005-05-20 intitle:"SSHVnc Applet"OR intitle:"... sSHTerm Applet en SSHVnc Applet pages. ...
2005-06-03 intitle:"PHPsta t" intext:"Browser &q... Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.co ...
2005-07-26 filetype:mdb "standard jet" These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data. ...
2005-08-07 "Powered by Gravity Board" 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclos ...
2005-08-07 "Powered by SilverNews" silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: ...
2005-08-07 PHPFreeNews inurl:Admin.php 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure ...
2005-08-07 inurl:nquser.php filetype:php Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ ...
2005-08-07 "Powered By: Simplicity oF Upload" inurl... 26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution & cross site scriptingsoftware: author site: http://www ...
2005-08-07 "Powered by FlexPHPNews" inurl:news | in... 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploitsoftware:author site:http ...
2005-08-08 "Powered by FunkBoard" FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote ...
2005-09-08 "Powered by Xcomic" "Powered by xcomic"this is a recent exploit, you can retrieve any file on target systemby using "../" chars and null byte (%00), e ...
2005-09-11 "Warning:" "Cannot execute a blank ... "Warning: passthru(): Cannot execute a blank command in" "Warning: system(): Cannot execute a blank command in" "Warning: exe ...
2005-09-11 "Mail-it Now!" intitle:"Contac t for... Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.skyminds.net/source/description: a mail form scriptvulner ...
2005-09-13 "maxwebportal&q uot; inurl:"default& quot;... several vulnerabilities relating to this.MaxWebPortal is a web portal and online community system which includes features such as web-based administra ...
2005-09-13 "e107.org 2002/2003" inurl:forum_post.ph. .. e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.Success ...
2005-09-25 inurl:cartwiz/store/ index.asp The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface. ...
2005-09-25 intitle:"Contro l panel" "Control Pa... Build, manage and customize your own search engine friendly news / article site from scratch -- with absolutely no technical experience.Authentication ...
2005-09-26 "powered by my little forum" My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_foru msoftware: "A simple web-forum that suppo ...
2005-09-26 "powered by mailgust" MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares ...
2005-10-26 intitle:"CJ Link Out V1" A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users c ...
2005-12-19 inurl:guestbook/gues tbooklist.asp "Post Date&... A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/4147 08/30/0/threadedSeveral ...
2006-02-28 inurl:updown.php | intext:"Powered by PHP Upl... this (evil ) script lets you to upload a php shell on target server, in most cases not password protected dork: inurl:updown.php | intext:"Powere ...
2006-09-13 inurl:"simplene ws/admin" hxxp://evuln.com/vulns/94/summary.html ...