Google-Fu
#1
Ok so i figured it might be worth our while to post some interesting google dorks. I'm not specifically looking for XSS and/or SQLi dorks i got them covered basically, feel free to post them though if you'd like, but personally i am more interested in some less known or exotic dorks. One i saw a while ago was for insecure FCKeditor files.

Code:
inurl:/FCKeditor/editor/filemanager/upload/

Interesting stuff.

http://www.repforce.ee/admin/templat...er/upload/php/

Index of admin, with config.php. There are a couple of others i found interesting like these for example:

Code:
inurl:"server-status" intitle:apache "cgi-bin"
    
sitemap.xml filetype:xml intext:"cgi-bin"
    
filetype:sh inurl:cgi-bin
    
inurl:cgi-bin "GATEWAY_INTERFACE = CGI"
    
inurl:cgi-bin inurl:printenv intext:SERVER_ADDR

inurl:wspd_cgi.sh

inurl:wslb.sh

To look for websites that are vulnerable to shellshock, yes they're still out there believe it or not. Which reminds me, if you have a lot of URLs and want to test their related hosts for shellshock you can use a script i wrote in bash to assist with that.

https://github.com/NullArray/Shellshocker

Here is another one to look for insecure files on a remote host.

Code:
filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www

This will display results of xml pages with the host's info.

Anyway, i am looking for some more obscure dorks. Preferably to do with OS command injection/Server Side code injection. Basically RCE. Also are there any dorks for template injection?
Reply
#2
good share i will try those when i have time ~
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Help needed on dumping user input database in Google chrome Criticalport 13 39,102 05-30-2018, 02:08 PM
Last Post: Vector
  Google Dorks Cryptography 4 19,097 07-13-2015, 12:12 PM
Last Post: Cryptography