GHDB « Hackers For Charity

GHDB

GHDB :: Vulnerable Servers

Date	Title	Summary
2003-07-08	Hassan Consulting's Shopping Cart Version 1.1…	These servers can be messed with in many ways. One specific way is by way of the "../" bug. This lets you cruise around the web server in a …
2004-03-04	"YaBB SE Dev Team"	Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several atta …
2004-03-04	Gallery in configuration mode	Gallery is a nice little php program that allows users to post personal pictures on their website. So handy, in fact, that I use it on my site! Howeve …
2004-03-04	intitle:osCommerce inurl:admin intext:"redist. ..	This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending on how bad the setup of the web store is, web surfers ca …
2004-03-04	inurl:ManyServers.ht m	Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the a …
2004-03-04	intitle:"Termin al Services Web Connection&quo…	Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actu …
2004-03-04	intitle:"Remote Desktop Web Connection"	Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around …
0000-00-00	"Welcome to Intranet"	According to whatis.com: "An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to sh …
2004-03-04	inurl:search.php vbulletin	Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerability. See http://www.securityfocus.com/bid/9656 for more i …
2004-03-14	inurl:footer.inc.php	From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0.4) contains several potential vulnerabilities, som ela …
2004-03-14	inurl:info.inc.php	From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 – 0.4) contains several potential vulnerabilities, som ela …
2004-03-18	"Welcome to PHP-Nuke" congratulations	This finds default installations of the postnuke CMS system. In many cases, default installations can be insecure especially considering that the admi …
2004-03-29	"Select a database to view" intitle:&quo…	An oldie but a goodie. This search locates servers which provides access to Filemaker pro databases via the web. The severity of this search varies wi …
2004-03-29	allinurl:intranet admin	According to whatis.com: "An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to sh …
2004-04-06	allinurl:install/ins tall.php	Pages with install/install.php files may be in the process of installing a new service or program. These servers may be insecure due to insecure defau …
2004-04-28	inurl:pls/admin_/gat eway.htm	This is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's ve …
2004-04-28	intitle:"Gatewa y Configuration Menu"	This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (DADs) and Listener settings. This page is normally pass …
2004-05-04	intitle:"Samba Web Administration Tool" …	This search reveals wide-open samba web adminitration servers. Attackers can change options on the server. …
2004-06-04	filetype:php inurl:vAuthenticate	vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new user accounts new user groups, activate/inactivate grou …
2004-06-04	"Welcome to the Prestige Web-Based Configurat…	This is the configuration screen for a Prestige router. This page indicates that the router has not yet been setup and any web user can make changes t …
2004-07-26	("Indexed.By&qu ot;\|"Monitored. By") …	hAcxFtpScan – software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp server usualy it is a directory like:/Monitored …
2004-07-26	filetype:cgi inurl:"Web_Stor e.cgi"	Zero X reported that "Web_Store.cgi" allows Command Execution:This application was written by Selena Sol and Gunther Birznieks. You can exec …
2004-07-26	filetype:cgi inurl:"fileman. cgi"	This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a "simple" but …
2004-07-29	inurl:"index.ph p? module=ew_filemanage r"	http://www.cirt.net/advisories/ew_file_manager .shtml:Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.phpDescription: EasyWeb FileM …
2004-07-29	allinurl:"index .php" "site=sglinks&. ..	Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 and prior seems to be vulnerable to a code inclusion in …
2004-08-13	intext:"Warning : * am able * write ** configu…	OsCommerce has some security issues, including the following warning message: "Warning: I am able to write to the configuration file". Addit …
2004-08-20	"ftp://" "www.eastgame.n et"	Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing."thankyou4share" ! …
2004-08-21	intitle:phpMyAdmin "Welcome to phpMyAdmin ***…	search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges. …
2004-10-31	intitle:phpMyAdmin "Welcome to phpMyAdmin ***…	phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/dr …
2004-11-05	natterchat inurl:home.asp -site:natterchat.co. uk	NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identified in the application that may allow attackers to pass m …
2004-11-06	inurl:aol*/_do/rss_p opup?blogID=	AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is basically "America Online's version of a blog (w …
2004-11-07	(inurl:/shop.cgi/pag e=) \| (inurl:/shop.pl/page =)	This is a "double dork" finds two different shopping carts, both vulnerable1) Cyber-Village Online Consulting Shopping CartCyber-Village …
2004-11-07	inurl:newsdesk.cgi? inurl:"t="	Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due to a failure in the sanitization of parameters a remote …
2004-12-04	intitle:"Mail Server CMailServer Webmail&quot…	CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buffer overflow, SQL Injection and XXS.http://www.securitea …
2004-12-27	"There are no Administrators Accounts" i…	This is a more specific search for the vulnerable PhpNuke index already seen on this website.PhpNuke asks you to set up an admin account when it is fi …
2005-01-06	inurl:servlet/webacc	I was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as param …
2005-01-26	inurl:"/NSearch /AdminServlet"	This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will be password protected, at worst the site will requ …
2005-03-19	"Powered by: vBulletin Version 1.1.5"	This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2.0 beta 2. To try for other versions just change the ver …
2005-06-11	"html allowed" guestbook	When this is typed in google it finds websites which have HTML Enabled guestbooks. This is really stupid as users could totally mess up their guestboo …
2005-07-03	"set up the administrator user" inurl:pi…	Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator accoun …
2005-09-15	"you can now password" \| "this is a…	IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via details link. Logs can also be viewed and deleted from this …
2005-09-16	XOOPS Custom Installation	XOOPS custom installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations via p …
2005-09-17	"Welcome to Administration" "Genera…	This reveals admin site for Argo Software Design Mail Server. …
2006-01-16	filetype:pl intitle:"Ultrab oard Setup"	setup pages to the ultraboard system. …
2006-01-22	inurl:rpSys.html	Web configuration pages for various types of systems. Many of these systems are not password protected. …
2006-02-03	intitle:"Horde :: My Portal" -"[Tic…	Hi It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more …E …
2006-04-25	intitle:"MvBlog powered"	MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied …
2006-05-03	intitle:"Upload er – Uploader v6" -pixloa…	File upload servers, dangerous if used in couple with mytrashmail.com …

Jack says:

October 26, 2011 at 9:12 pm

Does GHDB still updates for now?

Johnny says:

October 27, 2011 at 3:31 am

The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

The Artist says:

April 20, 2013 at 7:10 am

Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

April 27, 2013 at 5:10 am

The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

Velmurugan says:

May 7, 2013 at 7:38 am

Is any offline view-able resources is available of this product ?

GHDB « Hackers For Charity

Donations

Recent Posts:

GHDB

5 Responses to “GHDB”

Leave a Reply

Recent Posts

Recent Comments

Posts by Month

Random HFC Photos

May 2013
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31