GHDB
GHDB :: Vulnerable Files
| Date | Title | Summary | |
| 2004-06-10 | intitle:"Index of /" modified php.exe | PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting " … |  |
| 2004-06-16 | filetype:php inurl:"viewfile " -"ind… | Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files … | |
| 2004-07-21 | filetype:cnf my.cnf -cvs -example | The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords … | |
| 2004-08-01 | filetype:wsdl wsdl | The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil th … | |
| 2004-08-01 | filetype:inc inc intext:setcookie | Cookies are often used for authentication and a lot of other stuff.The "inc" php header files often include the exact syntax of the cookies. … | |
| 2004-08-13 | ext:cgi inurl:ubb6_test | The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave patht … | |
| 2004-08-20 | intitle:"PHP Explorer" ext:php (inurl:ph… | This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list dire … | |
| 2004-08-30 | inurl:robpoll.cgi filetype:cgi | robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'. All of the results should look something … | |
| 2004-09-06 | inurl:"plog/reg ister.php" | pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about r … | |
| 2004-09-06 | link:http://www.toas tforums.com/ | Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums. … | |
| 2004-09-09 | inurl:"nph-prox y.cgi" "Start browsi… | Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must … | |
| 2004-09-10 | Gallery configuration setup files | Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. … | |
| 2004-09-13 | PHP-Nuke – create super user right now ! | PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnera … | |
| 2004-09-18 | filetype:lit lit (books|ebooks) | Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Read … | |
| 2004-10-05 | inurl:cgi.asx?StoreI D | BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your … | |
| 2004-10-06 | inurl:" WWWADMIN.PL" intitle:"wwwad. .. | wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum. … | |
| 2004-10-09 | inurl:changepassword .cgi -cvs | Allows a user to change his/her password for authentication to the system. Script allows for repeated failed attempts making this script vulnerable t … | |
| 2004-10-14 | intitle:"Direct ory Listing" "tree v… | Dirlist is an ASP script that list folders in an explorer style: * Tree * Detailed * Tiled Quote: *Lists files and directories in either a Tree … | |
| 2004-10-14 | intitle:mywebftp "Please enter your password&… | MyWebFTP Free is a free lite version of MyWebFTP Personal – a PHP script providing FTP client capabilities with the user interface in your browser. In … | |
| 2004-10-16 | ezBOO "Administrator Panel" -cvs | ezBOO WebStats is a high level statistical tool for web sites monitoring. It allows real time access monitoring on several sites. Based on php and m … | |
| 2004-10-19 | intitle:"ASP FileMan" Resend -site:iiswo… | FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in A … | |
| 2004-10-26 | intitle:"phprem oteview" filetype:php &qu… | phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: … | |
| 2004-10-27 | "File Upload Manager v1.3" "rename … | thepeak file upload manager let you manage your webtree with up and downloading files. … | |
| 2004-10-27 | inurl:click.php intext:PHPClickLog | A script written in PHP 4 which logs a user's statistics when they click on a link. The log is stored in a flatfile (text) database and can be … | |
| 2004-10-31 | "powered by YellDL" | Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you … | |
| 2004-11-04 | filetype:cgi inurl:cachemgr.cgi | cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with … | |
| 2004-11-16 | ext:asp inurl:DUgallery intitle:"3.0&qu ot; -s… | The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the du … | |
| 2004-11-16 | ext:asp "powered by DUForum" inurl:(mess… | DUForum is one of those free forum software packages. The database location is determined by the config file "connDUforumAdmin.asp", but the … | |
| 2004-11-18 | "Powered by Land Down Under 601" | sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google. … | |
| 2004-11-28 | inurl:php.exe filetype:exe -example.com | It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias for it is enabled), even across drives. (Note: The GHDB h … | |
| 2004-11-30 | filetype:mdb inurl:"news/new s" | Web Wiz Site News unprotected database holds config and admin information in a microsoft access database in news/news.mdb. This information is almost … | |
| 2004-12-01 | filetype:pl -intext:"/usr/b in/perl" inu… | WebCal allows you to create and maintain an interactive events calendar or scheduling system on your Web site. The file names explain themselves, but … | |
| 2005-04-27 | inurl:cgi-bin inurl:bigate.cgi | Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work. … | |
| 2005-05-20 | intitle:"SSHVnc Applet"OR intitle:"… | sSHTerm Applet en SSHVnc Applet pages. … | |
| 2005-06-03 | intitle:"PHPsta t" intext:"Browser &q… | Phpstat shows nice statistical informatino about a website's visitors. Certain versions are also contain vulnerabilities: http://www.soulblack.co … | |
| 2005-07-26 | filetype:mdb "standard jet" | These Microsoft Access Database files may contain usernames, passwords or simply prompts for such data. … | |
| 2005-08-07 | "Powered by Gravity Board" | 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclos … | |
| 2005-08-07 | "Powered by SilverNews" | silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting software: author site: … | |
| 2005-08-07 | PHPFreeNews inurl:Admin.php | 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross site scripting, path disclosure, information disclosure … | |
| 2005-08-07 | inurl:nquser.php filetype:php | Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ … | |
| 2005-08-07 | "Powered By: Simplicity oF Upload" inurl… | 26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution & cross site scriptingsoftware: author site: http://www … | |
| 2005-08-07 | "Powered by FlexPHPNews" inurl:news | in… | 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & resource consumption poc exploitsoftware:author site:http … | |
| 2005-08-08 | "Powered by FunkBoard" | FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote … | |
| 2005-09-08 | "Powered by Xcomic" | "Powered by xcomic"this is a recent exploit, you can retrieve any file on target systemby using "../" chars and null byte (%00), e … | |
| 2005-09-11 | "Warning:" "Cannot execute a blank … | "Warning: passthru(): Cannot execute a blank command in" "Warning: system(): Cannot execute a blank command in" "Warning: exe … | |
| 2005-09-11 | "Mail-it Now!" intitle:"Contac t for… | Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.skyminds.net/source/description: a mail form scriptvulner … | |
| 2005-09-13 | "maxwebportal&q uot; inurl:"default& quot;… | several vulnerabilities relating to this.MaxWebPortal is a web portal and online community system which includes features such as web-based administra … | |
| 2005-09-13 | "e107.org 2002/2003" inurl:forum_post.ph. .. | e107 is prone to an input validation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.Success … | |
| 2005-09-25 | inurl:cartwiz/store/ index.asp | The CartWIZ eCommerce Shopping Cart System will help you build your online store through an interactive web-based e-commerce administration interface. … | |
| 2005-09-25 | intitle:"Contro l panel" "Control Pa… | Build, manage and customize your own search engine friendly news / article site from scratch — with absolutely no technical experience.Authentication … | |
| 2005-09-26 | "powered by my little forum" | My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_little_foru msoftware: "A simple web-forum that suppo … | |
| 2005-09-26 | "powered by mailgust" | MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares … | |
| 2005-10-26 | intitle:"CJ Link Out V1" | A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout is a free product which allows you to easily let users c … | |
| 2005-12-19 | inurl:guestbook/gues tbooklist.asp "Post Date&… | A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.securityfocus.com/archive/1/4147 08/30/0/threadedSeveral … | |
| 2006-02-28 | inurl:updown.php | intext:"Powered by PHP Upl… | this (evil ) script lets you to upload a php shell on target server, in most cases not password protected dork: inurl:updown.php | intext:"Powere … | |
| 2006-09-13 | inurl:"simplene ws/admin" | hxxp://evuln.com/vulns/94/summary.html … | |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?