User Controls

Interesting dorks for various web app related security flaws.

  1. #1
    Sophie Pedophile Tech Support
    Ok so i figured it might be worth our while to post some interesting google dorks. I'm not specifically looking for XSS and/or SQLi dorks i got them covered basically, feel free to post them though if you'd like, but personally i am more interested in some less known or exotic dorks. One i saw today was for insecure FCKeditor files.


    inurl:/FCKeditor/editor/filemanager/upload/


    Lot's of files including source code and such can be found like this.

    http://www.repforce.ee/admin/templat...er/upload/php/

    Index of admin, with config.php. Only need FireFTP for firefox to access the file server and get the data you're interested in. There are a couple of others i found interesting like these for example:


    inurl:"server-status" intitle:apache "cgi-bin"

    sitemap.xml filetype:xml intext:"cgi-bin"

    filetype:sh inurl:cgi-bin

    inurl:cgi-bin "GATEWAY_INTERFACE = CGI"

    inurl:cgi-bin inurl:printenv intext:SERVER_ADDR

    inurl:wspd_cgi.sh

    inurl:wslb.sh


    To look for websites that are vulnerable to shellshock, yes they're still out there believe it or not. Which reminds me, if you have a lot of URLs and want to test their related hosts for shellshock you can use a script i wrote in bash to assist with that.

    https://github.com/NullArray/Shellshocker

    Here is another one to look for insecure files on a remote host.


    filetype:xml inurl:/WEB-INF/ inurl:ftp:// -www


    This will display results of xml pages with the host's info. What we want to do is get to the server's root directories and in order to do say we take a URL like so:

    ftp://hostxx-xxx-xx-xx.serverdedicat...alistModel.xml

    And just get rid of everything after the dot it like so:

    ftp://hostxx-xxx-xx-xx.serverdedicati.aruba.it


    Anyway, if you got any cool dorks to share i'd be interested to see what you have, specifically i would like to see a dork for Server Side Template Injection vulnerable sites if you know of any. Thanks guys.
  2. #2
    Sophie Pedophile Tech Support
    I need dorkss for RCE niggas, OS command injection, server side command injection and template injection.
  3. #3
    Lanny Bird of Courage
    good ole CKEditor, that fucking piece of shit software.
  4. #4
    Sophie Pedophile Tech Support
    Originally posted by Lanny good ole CKEditor, that fucking piece of shit software.

    Yes yes, now RCE dorks? Do they exist? Besides shellshock.
  5. #5
    Lanny Bird of Courage
    I don't, but I'm sure they exist. I know there's a apache1 misconfig dork where you could upload a file and execute it with what mod packages were installed but I looked at it so long ago (like when Hammond still ran HTS) I'm not sure if you could still find many instances in the wild.
  6. #6
    Sophie Pedophile Tech Support
    Originally posted by Lanny I don't, but I'm sure they exist. I know there's a apache1 misconfig dork where you could upload a file and execute it with what mod packages were installed but I looked at it so long ago (like when Hammond still ran HTS) I'm not sure if you could still find many instances in the wild.

    I see, thanks, i'll ask around.
  7. #7
    SBTlauien African Astronaut
    https://github.com/chr1sk0n/GoolagScanner/blob/master/GoolagScanner/DorkData/gdorks.xml
Jump to Top