Ok so i figured it might be worth our while to post some interesting google dorks. I'm not specifically looking for XSS and/or SQLi dorks i got them covered basically, feel free to post them though if you'd like, but personally i am more interested in some less known or exotic dorks. One i saw a while ago was for insecure FCKeditor files.


Interesting stuff.

Index of admin, with config.php. There are a couple of others i found interesting like these for example:

inurl:"server-status" intitle:apache "cgi-bin"
sitemap.xml filetype:xml intext:"cgi-bin"
filetype:sh inurl:cgi-bin
inurl:cgi-bin "GATEWAY_INTERFACE = CGI"
inurl:cgi-bin inurl:printenv intext:SERVER_ADDR

To look for websites that are vulnerable to shellshock, yes they're still out there believe it or not. Which reminds me, if you have a lot of URLs and want to test their related hosts for shellshock you can use a script i wrote in bash to assist with that.

Here is another one to look for insecure files on a remote host.

filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www

This will display results of xml pages with the host's info.

Anyway, i am looking for some more obscure dorks. Preferably to do with OS command injection/Server Side code injection. Basically RCE. Also are there any dorks for template injection?
good share i will try those when i have time ~

Possibly Related Threads…
Thread Author Replies Views Last Post
  Help needed on dumping user input database in Google chrome Criticalport 13 39,102 05-30-2018, 02:08 PM
Last Post: Vector
  Google Dorks Cryptography 4 19,097 07-13-2015, 12:12 PM
Last Post: Cryptography