Mundo Libre: 2013

domingo, 17 de noviembre de 2013

Fokirtor Backdoor Linux Inyecta tráfico en protocolo SSH

Saludos Mundo Libre.

Fokirtor Backdoor Linux Inyecta tráfico en protocolo SSH.

A principios de esta semana que escribimos acerca de un Internet Explorer 0-day que utiliza una unidad en memoria por el ataque , que era muy inteligente. Ahora, otro nuevo tipo de malware ( una puerta trasera en este caso) , esta vez dirigido Linux conocida como Fokirtor .
No hay discusión real del exploit utilizado para plantar este backdoor (si se trataba de un exploit , hay otros canales) , pero la forma en que funciona es bastante interesante y sin duda nada que haya visto antes.

    Los investigadores de seguridad han descubierto un backdoor Linux que utiliza un protocolo de comunicación secreta para ocultar su presencia en los sistemas comprometidos .

    ‪ El malware ha sido utilizado en un ataque contra un grande ( sin nombre) que recibe el abastecedor ‬ en mayo. Es inteligente intentó evitar que se disparen las alarmas mediante la inyección de sus propias comunicaciones en el tráfico legítimo , charla específicamente SSH. SSH es un protocolo que se utiliza para acceder a cuentas shell en Unix - como sistemas operativos , una actividad continua para la administración remota de los sitios web .

    Los ciberdelincuentes desconocidos o ciberespías detrás de esa aparente ataque la información de registro del cliente , tales como nombres de usuario , correos electrónicos y contraseñas que utilizan el malware sutil y sigiloso , de acuerdo con un análisis de la puerta de atrás por los investigadores de seguridad de Symantec .

    Además , el malware hace uso del algoritmo de cifrado Blowfish para cifrar archivos de datos robados u otras comunicaciones con una red de mando y control.
Es un método muy interesante , asumiendo la mayoría de servidores de Linux tienen SSH habilitado ( que tienden a ) - que permite a los atacantes para comunicarse en secreto sin activar ninguna alarma. La parte que me parece realmente interesante es que el malware utiliza un algoritmo de cifrado muy grave ( Blowfish) , en lugar de la media o un troyano de puerta trasera que sólo utiliza XOR o codificación Base64.
Los conspiradores entre nosotros probablemente encontrará esta apuntando a la participación gubernamental en el desarrollo de esta puerta trasera .

    Los atacantes entienden el entorno de destino fue generalmente bien protegida . En particular , los atacantes necesitan un medio para evitar el tráfico de red sospechoso o archivos instalados , lo que puede haber provocado una revisión de seguridad . Demostración de sofisticación, los atacantes idearon su propio patio trasero Linux sigiloso para camuflarse en el Secure Shell (SSH ) y otros procesos del servidor.
    Esta puerta trasera permite a un atacante realizar la funcionalidad habitual - como la ejecución de comandos remotos - sin embargo, la puerta trasera no abre un socket de red o intente conectarse a un servidor de comando y control ( C & C). Más bien, el código de puerta trasera se inyecta en el proceso de SSH para controlar el tráfico de red y busque la siguiente secuencia de caracteres : dos puntos , signo de exclamación , punto y coma , punto (" :; ! . ") .

    Después de ver este patrón , la puerta trasera sería analizar el resto del tráfico y a continuación, extraer comandos que habían sido cifrados con Blowfish y codificado en Base64 .
La mayoría de las fuentes marcan esta amenaza como muy bajo , y no se ha visto mucho - por lo que puede haber sido un ataque muy específica y algunos especulan que puede ser algo que ver con el caso GCHQ / Belgacom .
Será interesante ver si Fokirtor se encuentra en ningún otro lugar , hay cierta información muy básica sobre él de Symantec aquí: Linux.Fokirtor y un poco más aquí Linux Back Door utiliza el protocolo de comunicación secreta .
De alguna manera me recuerda a golpes de cerdo - fwknop - Port Tool golpea con autorización solo paquete .

Fuente : The Register

Traduccion: Dellcom1@.

Saludos Mundo Libre.

domingo, 22 de septiembre de 2013

Circuito Integrado con Troyanos

Saludos Mundo Libre

Un equipo de investigadores de los EE.UU. y Europa ha desarrollado un troyano de hardware , que es un indetectable para muchas técnicas , planteando la cuestión de las necesidades de cualificación del hardware adecuado.
Lanzaron un documento sobre troyanos Hardware Dopante Nivel furtivos , que muestra cómo los circuitos integrados utilizados en los ordenadores , equipo militar y otros sistemas críticos pueden ser maliciosamente , mientras dure el proceso de fabricación.

Integrated circuits can be compromised using Undetectable hardware Trojans

"En este trabajo se propone un enfoque muy cauteloso para la aplicación de los troyanos de hardware por debajo del nivel de la puerta , y se evalúa su impacto en la seguridad del dispositivo de destino. En lugar de añadir circuitos adicionales para el diseño objetivo , insertamos los troyanos de hardware al cambiar la polaridad dopante de transistores existentes " . señala el documento de resumen .

Los científicos diseñaron dos de estas puertas traseras dijeron adversarios podrían factible incorporar en los procesadores de eludir subrepticiamente protecciones criptográficas proporcionadas por el equipo que ejecuta los chips . En lugar de añadir circuitos adicionales para el diseño de destino , los investigadores insertaron sus troyanos de hardware mediante el cambio de la polaridad dopante de transistores existentes .

El dopaje es un proceso para modificar las propiedades eléctricas de silicio mediante la introducción de pequeñas impurezas como el fósforo , el boro y el galio , en el cristal . Al cambiar el dopaje en unos transistores , las partes del circuito integrado ya no funcionan como deberían . Debido a que los cambios ocurren a nivel atómico , el material es difícil de detectar. Sus modificaciones engañar una serie de métodos comunes de ensayo de Troya que incluye la inspección óptica y la comprobación de las virutas de oro .

" En lugar de añadir circuitos adicionales para el diseño de destino , insertamos nuestros troyanos de hardware mediante el cambio de la polaridad dopante de transistores existentes . Dado que el circuito modificado parece legítimo en todas las capas de cableado (incluyendo todos los metales y polisilicio ) , nuestra familia de troyanos es resistente a la mayoría de las técnicas de detección , incluida la inspección óptica de grano fino y chequeo contra los " chips de oro '",
Troyanos de hardware han sido objeto de numerosas investigaciones desde al menos 2005, cuando el Departamento de Defensa de EE.UU. expresó públicamente su preocupación por la dependencia de los militares en los circuitos integrados fabricados en el extranjero .
La explotación de una puerta trasera hardware para fines de espionaje cibernético siempre ha sido objeto de un acalorado debate , los expertos de inteligencia han acusado en el pasado las empresas chinas a tener la capacidad de acceder de forma remota a los equipos de comunicación vendidos en los Estados Unidos y los países occidentales agradece este tipo de los ataques.
El documento detalla cómo comprometer los procesadores Intel Ivy Bridge que tiran de un ataque de canal lateral que se filtró claves secretas del hardware .
En el ataque de los Ivy Bridge , los investigadores fueron capaces de obtener su troyano en el procesador en el nivel sub - transistor : "Nuestro troyano es capaz de reducir la seguridad del número aleatorio producido a partir de 128 bits de n bits , donde n puede ser elegido , "
"A pesar de estos cambios, el RNG Trojan modificado pasa no sólo el Built -In- Self-Test ( BIST ), pero también genera números aleatorios que pasan el conjunto de pruebas NIST para los números al azar . "

La posibilidad de infiltrarse en una cadena de suministro con un troyano hardware es un objetivo para los gobiernos , la repercusión podría ser crítico teniendo en cuenta la penetración de la tecnología en los sectores militares y comerciales .
Última revelaciones de Snowden sobre las actividades de vigilancia de la NSA evidencian el esfuerzo dedicado por la inteligencia de EE.UU. con los principales fabricantes de chips para la introducción de puertas traseras en el hardware se vende a objetivos extranjeros

Fuente:http://thehackernews.com/2013/09/Undetectable-hardware-Trojans.html

Traduccion:Dellcom1@.

Saludos Mundo Libre.

jueves, 19 de septiembre de 2013

Hacking automovilistico

Saludos Mundo Libre.

Se a vuelto cada dia mas eficiente la pirateria en automoviles una practica ya comun en el mundo del hacking no hay fronteras .

Las miradas ECU puede ser la puerta de entrada a los piratas informáticos tomen el control de su coche.

Primero fue la computadora personal. Luego fue el teléfono. Es su coche ahora el objetivo número uno de los piratas informáticos ? Es un pensamiento aterrador . Un PC o hackear teléfonos inteligentes pueden ser peligrosos para su privacidad o la salud financiera. Pero la piratería coche aumenta las expectativas a un nivel completamente nuevo .
Las consecuencias de un coche que caen bajo el control de los criminales , mientras que viaja a la velocidad pueden ser catastróficas . Luego está la posibilidad de que el orgullo y la alegría de ser aplastado por cortesía de una aplicación de smartphone.
Pero ¿qué tan probable es estos escenarios de pesadilla ? En términos simples , la piratería coche ya está sucediendo. BMW en los titulares - y una ranura en el buque insignia de la BBC - derechos de los consumidores espectáculo, Watchdog - por todas las razones equivocadas año pasado tras una serie de robos de alta tecnología de sus automóviles en la región central y este de Londres.
Los ladrones aprovecharon una combinación de vulnerabilidades en los sistemas de alarma montado de fábrica y un puerto de diagnóstico normalmente se utiliza para leer los códigos de error en caso de avería . Ellos tuvieron acceso al puerto sin activar la alarma y lo usaron para reprogramar las teclas en blanco . Todo el proceso toma sólo unos minutos y el resultado fue ladrones en posesión de las llaves funcionamiento y making off con BMWs caros casi a voluntad plenamente . BMW ha lanzado desde entonces una actualización de software para eliminar la vulnerabilidad . Eso es tranquilizador , pero será poco consuelo para los que tenían sus vehículos robados.
Auto-conducción TECH
Más recientemente, los investigadores de seguridad cibernética con base en los EE.UU. mostraron cómo la última tecnología de seguridad y auto- conducción de automóviles podría volverse en contra de los propietarios de vehículos .
Charlie Miller , un ingeniero de seguridad en Twitter, y Chris Valasek , director de inteligencia de seguridad de la firma de seguridad IOActive , dirigidas a aumentar el conocimiento de hackability coche mediante la conexión de un dispositivo de juego , la consola Nintendo a un mercado EE.UU.- Ford Escape SUV.
Ellos fueron capaces de acelerar , frenar y dirigir como si estuvieran jugando un juego de video. Excepto que esto no era un juego. Fue un verdadero SUV de dos toneladas y había sido hackeado integral. Miller y Valasek también conectados a un auto híbrido Prius de Toyota con un ordenador portátil y tomaron el control de varios sistemas críticos para la seguridad , incluyendo los frenos. Si hay un buen ángulo de noticias para esto, es que esos explotación , junto con los robos de BMW , todos requieren acceso físico a los coches . Cuando las cosas se ponen realmente preocupante es la posibilidad de ataques inalámbricos . ¿Y si los chicos malos pueden comprometer su coche tan fácilmente como lo hacen cargo del navegador de su computadora portátil ? Y hacerlo desde detrás de una pantalla de ordenador a cientos o miles de kilómetros de distancia ?
Y puede ser que apenas podrá , gracias a dos tendencias clave de coche de alta tecnología. La primera es la automatización . Los últimos coches puede embalar 30 o más unidades de control electrónico o ECU . Estos diminutos cerebros digitales ahora tienen al menos un control parcial sobre todo de dirección y el frenado de configuración de la suspensión y los insumos del acelerador. El problema es que nada controlado por computadoras es piratear .
La otra parte del rompecabezas es la conectividad . Las tecnologías inalámbricas como Bluetooth y Wi - Fi y los datos celulares como la 3G se han generalizado en los vehículos nuevos , lo que permite el acceso remoto a los sistemas del vehículo . La mayoría de los coches nuevos también ofrecen conectividad USB con algún nivel de teléfonos inteligentes en el automóvil sincronización o integración . Incluso si su coche no tiene capacidad inalámbrica propia, conectando un teléfono inteligente pone efectivamente en la red y en riesgo de un ataque cibernético .
TORMENTA PERFECTA
Es esa combinación de automatización y conectividad que podría crear una tormenta perfecta de hackability inalámbrica. Si esa es la teoría , ¿cuál es la realidad de la explotación sin hilos del coche hoy? Profesor Stefan salvaje de la Universidad de California, San Diego, es uno de los principales expertos del mundo en materia de seguridad cibernética del automóvil. Le dijo a The Independent que los ataques inalámbricos son posibles . Dice que lo sabe porque él y su equipo de investigación han hecho justamente eso sí mismos.
" Hemos demostrado la explotación de los vehículos de control remoto inalámbrico con Bluetooth y redes celulares a través de los errores de software en los medios de comunicación - jugador firmware y sistemas de diagnóstico ", revela salvaje . "Entonces teníamos un control bastante arbitrario sobre otras ECUs incluyendo la capacidad de frenado de forma remota o desactivar los frenos por completo. " Cosas aterradoras.
Sin embargo , Savage no cree que esto significa necesariamente piratería coche a distancia es un problema de seguridad inmediata con los coches actuales.
"Este tipo de trabajo requiere un poco de tiempo y habilidad , por no hablar de los recursos para comprar coches de prueba . Luego está la cuestión del motivo . ¿Quién quiere meterse con los frenos de un conductor típico ? ¿Qué hay para el atacante ? En la práctica , este tipo de ataque es sobre el robo y sobre todo las preocupaciones inmovilizador, cerradura de la puerta y de la tecnología del motor de arranque ", evalúa.
Lo que es más , los fabricantes de automóviles son ahora mucho más conscientes de los riesgos que plantean los hacks de automóviles que incluso hace unos pocos años . Varios fabricantes de automóviles que hablamos (a su derecha ) hacen hincapié en los esfuerzos realizados para separar los sistemas críticos del coche de control de características accesibles para el usuario y en red , tales como entretenimiento montajes multimedia y .
Si la historia demuestra nada de la electrónica moderna , es que no hay tal cosa como un sistema informático completamente a prueba de hackers . Muy probablemente se trata de una cuestión de cuándo , no de si los coches son robados o se estrellaron cortesía de un exploit inalámbrica. Pero los coches se componen de múltiples sistemas. No están altamente dispositivos como ordenadores portátiles o teléfonos integrados. Eso le da a los fabricantes un tiro decente a restringir la piratería a un hecho poco habitual y evitar los coches de sufrir la especie de plaga de malware que en la actualidad afecta a los dispositivos de computación personal .
El futuro de la seguridad vial depende de ello.
CÓMO SE LLEVA marcas de automóviles de responder?
Audi
" Audi Reino Unido es consciente de un número relativamente pequeño de Audi robos de vehículos que supuestamente se han llevado a cabo utilizando la tecnología informática para eliminar la necesidad de una llave de encendido . Siempre vamos a investigar exhaustivamente cualquier amenaza potencial a la seguridad de nuestros vehículos en conjunto con las autoridades pertinentes . Hasta la fecha no tenemos ninguna prueba concluyente de que nuestros sistemas de seguridad del vehículo pueden ser violados de esta manera " .
vado
"Construimos en firewalls y aplicaciones 'white - listas ' para separar los sistemas de control de vehículos de la funcionalidad de información y entretenimiento y conectividad. La criptografía también se utiliza para restringir cambios no deseados al software multimedia o el acceso a la información potencialmente sensible . Las actualizaciones de software deben ser " de código firmado " y reconocido como procedente de Ford con el fin de actualizar los sistemas como SYNC ( plataforma multimedia en el automóvil de Ford) " .
Mercedes - Benz
"Nuestro sistema multimedia COMAND puede conectarse a Internet y la hipótesis puede ser que este lo deja expuesto a los piratas informáticos. Sin embargo COMAND funciona independientemente de los sistemas del vehículo críticas tales como frenos, dirección , aceleración y varias tecnologías de seguridad . Aunque COMAND se vio comprometida , nuestros vehículos permanecerían a salvo en todo momento. "
Toyota
"El enfoque de nuestra empresa es evitar la piratería en el sistema de control de by-wire de un vehículo de un dispositivo remoto / inalámbrico fuera del vehículo.
"Toyota ha desarrollado una tecnología de servidor de seguridad muy eficaz contra los ataques a distancia . Creemos que nuestros sistemas son robustos y seguros. " - The Independent

Hay se los dejo en busca del software de cada automovil.

Fuente:http://www.iol.co.za/motoring/industry-news/car-hacking-is-becoming-a-real-danger-1.1579738

Traduccion:Dellcom1@

Saludos Mundo Libre.

martes, 17 de septiembre de 2013

google dork list

Saludos Mundo Libre.

allinurl:*.php?txtCodiInfo=
inurl:read.php?=
inurl:"ViewerFrame?Mode="
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:prod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurl:prod_info.php?id=inurl:shop.php?do=part&id= inurl:productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl:product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail.php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:pages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl:offer.php?idf= inurl:art.php?idm= inurl:title.php?id= intitle:axis intitle:"video server" inurl:indexFrame.shtml Axis ?intitle:index.of? mp3 artist-name-here "intitle:index of" inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:Pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:prod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurl:prod_info.php?id= inurl:shop.php?do=part&id= inurl:Productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl:product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail.php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:review.php?id= inurl:loadpsb.php?id= inurl:ages.php?id= inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl:offer.php?idf= inurl:art.php?idm= inurl:title.php?id= inurl:"id=" & intext:"Warning: mysql_fetch_assoc() inurl:"id=" & intext:"Warning: mysql_fetch_array() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: is_writable() inurl:"id=" & intext:"Warning: getimagesize() inurl:"id=" & intext:"Warning: Unknown() inurl:"id=" & intext:"Warning: session_start() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: pg_exec() inurl:"id=" & intext:"Warning: mysql_result() inurl:"id=" & intext:"Warning: mysql_num_rows() inurl:"id=" & intext:"Warning: mysql_query() inurl:"id=" & intext:"Warning: array_merge() inurl:"id=" & intext:"Warning: preg_match() inurl:"id=" & intext:"Warning: ilesize() inurl:"id=" & intext:"Warning: filesize() inurl:"id=" & intext:"Warning: filesize() inurl:"id=" & intext:"Warning: require() intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu intext:"Mail admins login here to administrate your domain." intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin intext:"Storage Management Server for" intitle:"Server Administration" intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee intext:"vbulletin" inurl:admincp intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press intitle:"Admin Login" "admin login" "blogware" intitle:"Admin login" "Web Site Administration" "Copyright" intitle:"AlternC Desktop" intitle:"Athens Authentication Point" intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co intitle:"ColdFusion Administrator Login" intitle:"communigate pro * *" intitle:"entrance" intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo intitle:"Dell Remote Access Controller" intitle:"Docutek ERes - Admin Login" -edu intitle:"Employee Intranet Login" intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here." intitle:"ePowerSwitch Login" intitle:"eXist Database Administration" -demo intitle:"EXTRANET * - Identification" intitle:"EXTRANET login" -.edu -.mil -.gov intitle:"EZPartner" -netpond intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists intitle:"i-secure v1.1" -edu intitle:"Icecast Administration Admin Page" intitle:"iDevAffiliate - admin" -demo intitle:"ISPMan : Unauthorized Access prohibited" intitle:"ITS System Information" "Please log on to the SAP System" intitle:"Kurant Corporation StoreSense" filetype:bok intitle:"ListMail Login" admin -demo intitle:"Login - intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman intitle:"Login to Cacti" intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id= intitle:"MailMan Login" intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi intitle:"Merak Mail Server Web Administration" -ihackstuff.com intitle:"microsoft certificate services" inurl:certsrv intitle:"MikroTik RouterOS Managing Webpage" intitle:"MX Control Console" "If you can't remember" intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf intitle:"Novell Web Services" intext:"Select a service and a language." intitle:"oMail-admin Administration - Login" -inurl:omnis.ch intitle:"OnLine Recruitment Program - Login" intitle:"Philex 0.2*" -s?ri?t -site:freelists.org intitle:"PHP Advanced Transfer" inurl:"login.php" intitle:"php icalendar administration" -site:sourceforge.net intitle:"php icalendar administration" -site:sourceforge.net intitle:"phpPgAdmin - Login" Language intitle:"PHProjekt - login" login password intitle:"please login" "your password is *" intitle:"Remote Desktop Web Connection" inurl:tsweb intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test" intitle:"SHOUTcast Administrator" inurl:admin.cgi intitle:"site administration: please log in" "site designed by emarketsouth" intitle:"Supero Doctor III" -inurl:supermicro intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!" intitle:"teamspeak server-administration intitle:"Tomcat Server Administration" intitle:"TOPdesk ApplicationServer" intitle:"TUTOS Login" intitle:"TWIG Login" intitle:"vhost" intext:"vHost . 2000-2004" intitle:"Virtual Server Administration System" intitle:"VisNetic WebMail" inurl:"/mail/" intitle:"VitalQIP IP Management System" intitle:"VMware Management Interface:" inurl:"vmware/en/" intitle:"VNC viewer for Java" intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org intitle:"WebLogic Server" intitle:"Console Login" inurl:console intitle:"Welcome Site/User Administrator" "Please select the language" -demos intitle:"Welcome to Mailtraq WebMail" intitle:"welcome to netware *" -site:novell.com intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies." intitle:"xams 0.0.0..15 - Login" intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin intitle:"XMail Web Administration Interface" intext:Login intext:password intitle:"Zope Help System" inurl:HelpSys intitle:"ZyXEL Prestige Router" "Enter password" intitle:"inc. vpn 3000 concentrator" intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com intitle:asterisk.management.portal web-access intitle:endymion.sak?.mail.login.page | inurl:sake.servlet intitle:Group-Office "Enter your username and password to login" intitle:ilohamail " IlohaMail" intitle:ilohamail intext:"Version 0.8.10" " IlohaMail" intitle:IMP inurl:imp/index.php3 intitle:Login * Webmailer intitle:Login intext:"RT is ? Copyright" intitle:Node.List Win32.Version.3.11 intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc" intitle:open-xchange inurl:login.pl intitle:Ovislink inurl:private/login intitle:phpnews.login intitle:plesk inurl:login.php3 inurl:"/admin/configuration. php?" Mystore inurl:"/slxweb.dll/external?name=(custportal|webticketcust)" inurl:"1220/parse_xml.cgi?" inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS) inurl:":10000" intext:webmin inurl:"Activex/default.htm" "Demo" inurl:"calendar.asp?action=login" inurl:"default/login.php" intitle:"kerio" inurl:"gs/adminlogin.aspx" inurl:"php121login.php" inurl:"suse/login.pl" inurl:"typo3/index.php?u=" -demo inurl:"usysinfo?login=true" inurl:"utilities/TreeView.asp" inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp inurl:/admin/login.asp inurl:/cgi-bin/sqwebmail?noframes=1 inurl:/Citrix/Nfuse17/ inurl:/dana-na/auth/welcome.html inurl:/eprise/ inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net inurl:/modcp/ intext:Moderator+vBulletin inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services" inurl:/webedit.* intext:WebEdit Professional -html inurl:1810 "Oracle Enterprise Manager" inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com inurl::2082/frontend -demo inurl:administrator "welcome to mambo" inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0 inurl:cgi-bin/ultimatebb.cgi?ubb=login inurl:Citrix/MetaFrame/default/default.aspx inurl:confixx inurl:login|anmeldung inurl:coranto.cgi intitle:Login (Authorized Users Only) inurl:csCreatePro.cgi inurl:default.asp intitle:"WebCommander" inurl:exchweb/bin/auth/owalogon.asp inurl:gnatsweb.pl inurl:ids5web inurl:irc filetype:cgi cgi:irc inurl:login filetype:swf swf inurl:login.asp inurl:login.cfm inurl:login.php "SquirrelMail version" inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login" inurl:mewebmail inurl:names.nsf?opendatabase inurl:ocw_login_username inurl:orasso.wwsso_app_admin.ls_login inurl:postfixadmin intitle:"postfix admin" ext:php inurl:search/admin.php inurl:textpattern/index.php inurl:WCP_USER inurl:webmail./index.pl "Interface" inurl:webvpn.html "login" "Please enter your" ---LFI DORKS--------------------- inurl:/view/lang/index.php?page=?page= inurl:/shared/help.php?page= inurl:act= inurl:action= inurl:API_HOME_DIR= inurl:board= inurl:cat= inurl:client_id= inurl:cmd= inurl:cont= inurl:current_frame= inurl:date= inurl:detail= inurl:dir= inurl:display= inurl:download= inurl:f= inurl:file= inurl:fileinclude= inurl:filename= inurl:firm_id= inurl:g= inurl:getdata= inurl:go= inurl:HT= inurl:idd= inurl:inc= inurl:incfile= inurl:incl= inurl:include_file= inurl:include_path= inurl:infile= inurl:info= inurl:ir= inurl:lang= inurl:language= inurl:link= inurl:load= inurl:main= inurl:mainspot= inurl:msg= inurl:num= inurl:openfile= inurl:p= inurl:page= inurl:pagina= inurl:path= inurl:path_to_calendar= inurl:pg= inurl:qry_str= inurl:ruta= inurl:safehtml= inurl:section= inurl:showfile= inurl:side= inurl:site_id= inurl:skin= inurl:static= inurl:str= inurl:strona= inurl:sub= inurl:tresc= inurl:url= inurl:user= inurl:ajax.php?page= ---Contain Sensitive Data-----------filetype:bak createobject sa filetype:bak inurl:"htaccess|passwd|shadow|htusers" filetype:cfg mrtg "target filetype:cfm "cfapplication name" password filetype:conf oekakibbs filetype:conf slapd.conf filetype:config config intext:appSettings "User ID" filetype:dat "password.dat" filetype:dat inurl:Sites.dat filetype:dat wand.dat filetype:inc dbconn filetype:inc intext:mysql_connect filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep filetype:ini inurl:"serv-u.ini" filetype:ini inurl:flashFXP.ini filetype:ini ServUDaemon filetype:ini wcx_ftp filetype:ini ws_ftp pwd filetype:ldb admin filetype:log "See `ipsec --copyright" filetype:log inurl:"password.log" filetype:mdb inurl:users.mdb filetype:mdb wwforum filetype:netrc password filetype:pass pass intext:userid filetype:pem intext:private filetype:properties inurl:db intext:password filetype:pwd service filetype:pwl pwl filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" filetype:reg reg +intext:Ã¢? WINVNC3Ã¢?filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS filetype:sql "insert into" (pass|passwd|password) filetype:sql ("values * MD5" | "values * password" | "values * encrypt") filetype:sql +"IDENTIFIED BY" -cvs filetype:sql password filetype:url +inurl:"ftp://" +inurl:";@" filetype:xls username password email htpasswd htpasswd / htgroup htpasswd / htpasswd.bak intext:"enable password 7" intext:"enable secret 5 $" intext:"EZGuestbook" intext:"Web Wiz Journal" intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc intitle:"Index of" passwords modified intitle:"Index of" sc_serv.conf sc_serv content intitle:"phpinfo()" +"mysql.default_password" +"Zend s?ri?ting Language Engine" intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com intitle:index.of administrators.pwd intitle:Index.of etc shadow intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak" intitle:rapidshare intext:login inurl:"calendars?ri?t/users.txt" inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set" inurl:"GRC.DAT" intext:"password" inurl:"Sites.dat"+"PASS=" inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample inurl:"wvdial.conf" intext:"password" inurl:/db/main.mdb inurl:/wwwboard inurl:/yabb/Members/Admin.dat inurl:ccbill filetype:log inurl:cgi-bin inurl:calendar.cfg inurl:chap-secrets -cvs inurl:config.php dbuname dbpass inurl:filezilla.xml -cvs inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man inurl:nuke filetype:sql inurl:ospfd.conf intext:password -sample -test -tutorial -download inurl:pap-secrets -cvs inurl:pass.dat inurl:perform filetype:ini inurl:perform.ini filetype:ini inurl:secring ext:skr | ext:pgp | ext:bak inurl:server.cfg rcon password inurl:ventrilo_srv.ini adminpassword inurl:vtund.conf intext:pass -cvs inurl:zebra.conf intext:password -sample -test -tutorial -download filetype:bkf bkf filetype:blt "buddylist" filetype:blt blt +intext:screenname filetype:cfg auto_inst.cfg filetype:cnf inurl:_vti_pvt access.cnf filetype:conf inurl:firewall -intitle:cvs filetype:config web.config -CVS filetype:ctt Contact filetype:ctt ctt messenger filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To" filetype:fp3 fp3 filetype:fp5 fp5 -site:gov -site:mil -"cvs log" filetype:fp7 fp7 filetype:inf inurl:capolicy.inf filetype:lic lic intext:key filetype:log access.log -CVS filetype:log cron.log filetype:mbx mbx intext:Subject filetype:myd myd -CVS filetype:ns1 ns1 filetype:ora ora filetype:ora tnsnames filetype:pdb pdb backup (Pilot | Pluckerdb) filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net filetype:pot inurl:john.pot filetype:PS ps filetype:pst inurl:"outlook.pst" filetype:pst pst -from -to -date filetype:qbb qbb filetype:QBW qbw filetype:rdp rdp filetype:reg "Terminal Server Client" filetype:vcs vcs filetype:wab wab filetype:xls -site:gov inurl:contact filetype:xls inurl:"email.xls" Financial spreadsheets: finance.xls Financial spreadsheets: finances.xls Ganglia Cluster Reports haccess.ctl (one way) haccess.ctl (VERY reliable) ICQ chat logs, please... intext:"Session Start * * * *:*:* *" filetype:log intext:"Tobias Oetiker" "traffic analysis" intext:(password | passcode) intext:(username | userid | user) filetype:csv intext:gmail invite intext:http://gmail.google.com/gmail/a intext:SQLiteManager inurl:main.php intext:ViewCVS inurl:Settings.php intitle:"admin panel" +"RedKernel" intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) intitle:"AppServ Open Project" -site:www.appservnetwork.com intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos" intitle:"Big Sister" +"OK Attention Trouble" intitle:"curriculum vitae" filetype:doc intitle:"edna:streaming mp3 server" -forums intitle:"FTP root at" intitle:"index of" +myd size intitle:"Index Of" -inurl:maillog maillog size intitle:"Index Of" cookies.txt size intitle:"index of" mysql.conf OR mysql_config intitle:"Index of" upload size parent directory intitle:"index.of *" admin news.asp configview.asp intitle:"index.of" .diz .nfo last modified intitle:"Joomla - Web Installer" intitle:"LOGREP - Log file reporting system" -site:itefix.no intitle:"Multimon UPS status page" intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php ) intitle:"PhpMyExplorer" inurl:"index.php" -cvs intitle:"statistics of" "advanced web statistics" intitle:"System Statistics" +"System and Network Information Center" intitle:"urchin (5|3|admin)" ext:cgi intitle:"Usage Statistics for" "Generated by Webalizer" intitle:"wbem" compaq login "Compaq Information Technologies Group" intitle:"Web Server Statistics for ****" intitle:"web server status" SSH Telnet intitle:"Welcome to F-Secure Policy Manager Server Welcome Page" intitle:"welcome.to.squeezebox" intitle:admin intitle:login intitle:Bookmarks inurl:bookmarks.html "Bookmarks intitle:index.of "Apache" "server at" intitle:index.of cleanup.log intitle:index.of dead.letter intitle:index.of inbox intitle:index.of inbox dbx intitle:index.of ws_ftp.ini intitle:intranet inurl:intranet +intext:"phone" inurl:"/axs/ax-admin.pl" -script inurl:"/cricket/grapher.cgi" inurl:"bookmark.htm" inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM inurl:"newsletter/admin/" inurl:"newsletter/admin/" intitle:"newsletter admin" inurl:"putty.reg" inurl:"smb.conf" intext:"workgroup" filetype:conf conf inurl:*db filetype:mdb inurl:/cgi-bin/pass.txt inurl:/_layouts/settings inurl:admin filetype:xls inurl:admin intitle:login inurl:backup filetype:mdb inurl:build.err inurl:cgi-bin/printenv inurl:cgi-bin/testcgi.exe "Please distribute TestCGI" inurl:changepassword.asp inurl:ds.py inurl:email filetype:mdb inurl:fcgi-bin/echo inurl:forum filetype:mdb inurl:forward filetype:forward -cvs inurl:getmsg.html intitle:hotmail inurl:log.nsf -gov inurl:main.php phpMyAdmin inurl:main.php Welcome to phpMyAdmin inurl:netscape.hst inurl:netscape.hst inurl:netscape.ini inurl:odbc.ini ext:ini -cvs inurl:perl/printenv inurl:php.ini filetype:ini inurl:preferences.ini "[emule]" inurl:profiles filetype:mdb inurl:report "EVEREST Home Edition " inurl:server-info "Apache Server Information" inurl:server-status "apache" inurl:snitz_forums_2000.mdb inurl:ssl.conf filetype:conf inurl:tdbin inurl:vbstats.php "page generated" inurl:wp-mail.php + "There doesn't seem to be any new mail." inurl:XcCDONTS.asp intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu intext:"Mail admins login here to administrate your domain." intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin intext:"Storage Management Server for" intitle:"Server Administration" intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee intext:"vbulletin" inurl:admincp intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press intitle:"Admin Login" "admin login" "blogware" intitle:"Admin login" "Web Site Administration" "Copyright" intitle:"AlternC Desktop" intitle:"Athens Authentication Point" intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co intitle:"ColdFusion Administrator Login" intitle:"communigate pro * *" intitle:"entrance" intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo intitle:"Dell Remote Access Controller" intitle:"Docutek ERes - Admin Login" -edu intitle:"Employee Intranet Login" intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here." intitle:"ePowerSwitch Login" intitle:"eXist Database Administration" -demo intitle:"EXTRANET * - Identification" intitle:"EXTRANET login" -.edu -.mil -.gov intitle:"EZPartner" -netpond intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists intitle:"i-secure v1.1" -edu intitle:"Icecast Administration Admin Page" intitle:"iDevAffiliate - admin" -demo intitle:"ISPMan : Unauthorized Access prohibited" intitle:"ITS System Information" "Please log on to the SAP System" intitle:"Kurant Corporation StoreSense" filetype:bok intitle:"ListMail Login" admin -demo intitle:"Login - intitle:"Login Forum AnyBoard" intitle:"If you are a new user:" intext:"Forum AnyBoard" inurl:gochat -edu intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman intitle:"Login to Cacti"intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id= intitle:"MailMan Login" intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi intitle:"Merak Mail Server Web Administration" -ihackstuff.com intitle:"microsoft certificate services" inurl:certsrv intitle:"MikroTik RouterOS Managing Webpage" intitle:"MX Control Console" "If you can't remember" intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf intitle:"Novell Web Services" intext:"Select a service and a language." intitle:"oMail-admin Administration - Login" -inurl:omnis.ch intitle:"OnLine Recruitment Program - Login" intitle:"Philex 0.2*" -script -site:freelists.org intitle:"PHP Advanced Transfer" inurl:"login.php" intitle:"php icalendar administration" -site:sourceforge.net intitle:"php icalendar administration" -site:sourceforge.net intitle:"phpPgAdmin - Login" Language intitle:"PHProjekt - login" login password intitle:"please login" "your password is *" intitle:"Remote Desktop Web Connection" inurl:tsweb intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test" intitle:"SHOUTcast Administrator" inurl:admin.cgi intitle:"site administration: please log in" "site designed by emarketsouth" intitle:"Supero Doctor III" -inurl:supermicro intitle:"SuSE Linux Openexchange Server" "Please activate JavaScript!" intitle:"teamspeak server-administration intitle:"Tomcat Server Administration" intitle:"TOPdesk ApplicationServer" intitle:"TUTOS Login" intitle:"TWIG Login" intitle:"vhost" intext:"vHost . 2000-2004" intitle:"Virtual Server Administration System" intitle:"VisNetic WebMail" inurl:"/mail/" intitle:"VitalQIP IP Management System" intitle:"VMware Management Interface:" inurl:"vmware/en/" intitle:"VNC viewer for Java" intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org intitle:"WebLogic Server" intitle:"Console Login" inurl:console intitle:"Welcome Site/User Administrator" "Please select the language" -demos intitle:"Welcome to Mailtraq WebMail" intitle:"welcome to netware *" -site:novell.com intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies." intitle:"xams 0.0.0..15 - Login" intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin intitle:"XMail Web Administration Interface" intext:Login intext:password intitle:"Zope Help System" inurl:HelpSys intitle:"ZyXEL Prestige Router" "Enter password" intitle:"inc. vpn 3000 concentrator" intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com intitle:asterisk.management.portal web-access intitle:endymion.sak?.mail.login.page | inurl:sake.servlet intitle:Group-Office "Enter your username and password to login" intitle:ilohamail " intitle:ilohamail intext:"Version 0.8.10" " intitle:IMP inurl:imp/index.php3 intitle:Login * Webmailer intitle:Login intext:"RT is ? Copyright" intitle:Node.List Win32.Version.3.11 intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc" intitle:open-xchange inurl:login.pl intitle:Ovislink inurl:private/login intitle:phpnews.login intitle:plesk inurl:login.php3 inurl:"/admin/configuration. php?" Mystore inurl:"/slxweb.dll/external?name=(custportal|webticketcust)" inurl:"1220/parse_xml.cgi?" inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS) inurl:":10000" intext:webmin inurl:"Activex/default.htm" "Demo" inurl:"calendar.asp?action=login" inurl:"default/login.php" intitle:"kerio" inurl:"gs/adminlogin.aspx" inurl:"php121login.php" inurl:"suse/login.pl" inurl:"typo3/index.php?u=" -demo inurl:"usysinfo?login=true" inurl:"utilities/TreeView.asp" inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp nurl:/admin/login.asp inurl:/cgi-bin/sqwebmail?noframes=1 inurl:/Citrix/Nfuse17/ inurl:/dana-na/auth/welcome.html inurl:/eprise/ inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net inurl:/modcp/ intext:Moderator+vBulletin inurl:/SUSAdmin intitle:"Microsoft Software Update Services" inurl:/webedit.* intext:WebEdit Professional -html inurl:1810 "Oracle Enterprise Manager" inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com inurl::2082/frontend -demo inurl:administrator "welcome to mambo" inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0 inurl:cgi-bin/ultimatebb.cgi?ubb=login inurl:Citrix/MetaFrame/default/default.aspx inurl:confixx inurl:login|anmeldung inurl:coranto.cgi intitle:Login (Authorized Users Only) inurl:csCreatePro.cgi inurl:default.asp intitle:"WebCommander" inurl:exchweb/bin/auth/owalogon.asp inurl:gnatsweb.pl inurl:ids5web inurl:irc filetype:cgi cgi:irc inurl:login filetype:swf swf inurl:login.asp inurl:login.cfm inurl:login.php "SquirrelMail version" inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login" inurl:mewebmail inurl:names.nsf?opendatabase inurl:ocw_login_username inurl:orasso.wwsso_app_admin.ls_login inurl:postfixadmin intitle:"postfix admin" ext:php inurl:search/admin.php inurl:textpattern/index.php inurl:WCP_USER inurl:webmail./index.pl "Interface" inurl:webvpn.html "login" "Please enter your" Login ("admin account info") filetype:log !Host=*.* intext:enc_UserPassword=* ext:pcf "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd "AutoCreate=TRUE password=*" "http://*:*@www" domainname "index of/" "ws_ftp.ini" "parent directory" "liveice configuration file" ext:cfg -site:sourceforge.net "parent directory" +proftpdpasswd Duclassified" -site:duware.com "DUware All Rights reserved" duclassmate" -site:duware.com Dudirectory" -site:duware.com dudownload" -site:duware.com Elite Forum Version *.*" Link Department" "sets mode: +k" "your password is" filetype:log DUpaypal" -site:duware.com allinurl: admin mdb auth_user_file.txt config.php eggdrop filetype:user user enable password | secret "current configuration" -intext:the etc (index.of) ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn ext:inc "pwd=" "UID=" ext:ini eudora.ini ext:ini Version=4.0.0.4 password ext:passwd -intext:the -sample -example ext:txt inurl:unattend.txt ext:yml database inurl:config LeapFTP intitle:"index.of./" sites.ini modified master.passwd mysql history files NickServ registration passwords passlist passlist.txt (a better way) passwd passwd / etc (reliable) people.lst psyBNC config files pwd.db server-dbs "intitle:index of" signin filetype:url spwd.db / passwd trillian.ini wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin [WFClient] Password= filetype:ica intitle:"remote assessment" OpenAanval Console intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password" "bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com "Emergisoft web applications are a part of our" "Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights- "HostingAccelerator" intitle:"login" +"Username" -"news" -demo "iCONECT 4.1 :: Login" "IMail Server Web Messaging" intitle:login "inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com "intitle:3300 Integrated Communications Platform" inurl:main.htm "Login - Sun Cobalt RaQ" "login prompt" inurl:GM.cgi "Login to Usermin" inurl:20000 "Microsoft CRM : Unsupported Browser Version" "OPENSRS Domain Management" inurl:manage.cgi "pcANYWHERE EXPRESS Java Client" "Please authenticate yourself to get access to the management interface" "please log in" "Please login with admin pass" -"leak" -sourceforge CuteNews" "2003..2005 CutePHP" DWMail" password intitle:dwmail Merak Mail Server Software" -.gov -.mil -.edu -site:merakmailserver.com Midmart Messageboard" "Administrator Login" Monster Top List" MTL numrange:200- UebiMiau" -site:sourceforge.net "site info for" "Enter Admin Password" "SquirrelMail version" "By the SquirrelMail development Team" "SysCP - login" "This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac "This section is for Administrators only. If you are an administrator then please" "ttawlogin.cgi/?action=" "VHCS Pro ver" -demo "VNC Desktop" inurl:5800 "Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com "WebExplorer Server - Login" "Welcome to WebExplorer Server" "WebSTAR Mail - Please Log In" "You have requested access to a restricted area of our website. Please authenticate yourself to continue." "You have requested to access the management functions" -.edu (intitle:"Please login - Forums UBB.threads")|(inurl:login.php "ubb") (intitle:"Please login - Forums WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwthreads/login.pl?Cat=") (intitle:"rymo Login")|(intext:"Welcome to rymo") -family (intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration") (inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil 4images Administration Control Panel allintitle:"Welcome to the Cyclades" allinurl:"exchange/logon.asp" allinurl:wps/portal/ login ASP.login_aspx "ASP.NET_SessionId" CGI:IRC Login ext:cgi intitle:"control panel" "enter your owner password to continue!" ez Publish administration filetype:php inurl:"webeditor.php" filetype:pl "Download: SuSE Linux Openexchange Server CA" filetype:r2w r2w intitle:"Login Forum AnyBoard" intitle:"If you are a new user:" intext:"Forum AnyBoard" inurl:gochat -edu Login (" Jetbox One CMS Ã¢?Â¢" | "Jetstream ? *") Novell NetWare intext:"netware management portal version" Outlook Web Access (a better way) PhotoPost PHP Upload PHPhotoalbum Statistics PHPhotoalbum Upload Please enter a valid password! inurl:polladmin intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu "#mysql dump" filetype:sql "#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3 "allow_call_time_pass_reference" "PATH_INFO" "Certificate Practice Statement" inurl:(PDF | DOC) "Generated by phpSystem" "generated by wwwstat" "Host Vulnerability Summary Report" "HTTP_FROM=googlebot" googlebot.com "Server_Software=" "Index of" / "chat/logs" "Installed Objects Scanner" inurl:default.asp "MacHTTP" filetype:log inurl:machttp.log "Mecury Version" "Infastructure Group" "Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log "Most Submitted Forms and s?ri?ts" "this section" "Network Vulnerability Assessment Report" "not for distribution" confidential "not for public release" -.edu -.gov -.mil "phone * * *" "address *" "e-mail" intitle:"curriculum vitae" "phpMyAdmin" "running on" inurl:"main.php" "produced by getstats" "Request Details" "Control Tree" "Server Variables" "robots.txt" "Disallow:" filetype:txt "Running in Child mode" "sets mode: +p" "sets mode: +s" "Thank you for your order" +receipt "This is a Shareaza Node" "This report was generated by WebLog" ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject (intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results") (intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt +":8080" +":3128" +":80" filetype:txt +"HSTSNR" -"netop.com" -site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp 94FBR "ADOBE PHOTOSHOP" AIM buddy lists allinurl:/examples/jsp/snp/snoop.jsp allinurl:cdkey.txt allinurl:servlet/SnoopServlet cgiirc.conf cgiirc.conf contacts ext:wml data filetype:mdb -site:gov -site:mil exported email addresses ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential ext:asp inurl:pathto.asp ext:ccm ccm -catacomb ext:CDX CDX ext:cgi inurl:editcgi.cgi inurl:file= ext:conf inurl:rsyncd.conf -cvs -man ext:conf NoCatAuth -cvs ext:dat bpk.dat ext:gho gho ext:ics ics ext:ini intext:env.ini ext:jbf jbf ext:ldif ldif ext:log "Software: Microsoft Internet Information Services *.*" ext:mdb inurl:*.mdb inurl:fpdb shop.mdb ext:nsf nsf -gov -mil ext:plist filetype:plist inurl:bookmarks.plist ext:pqi pqi -database ext:reg "username=*" putty ext:txt "Final encryption key" ext:txt inurl:dxdiag ext:vmdk vmdk ext:vmx vmx filetype:asp DBQ=" * Server.MapPath("*.mdb") filetype:bkf bkf filetype:blt "buddylist" filetype:blt blt +intext:screenname filetype:cfg auto_inst.cfg filetype:cnf inurl:_vti_pvt access.cnf filetype:conf inurl:firewall -intitle:cvs filetype:config web.config -CVS filetype:ctt Contact filetype:ctt ctt messenger filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To" filetype:fp3 fp3 filetype:fp5 fp5 -site:gov -site:mil -"cvs log" filetype:fp7 fp7 filetype:inf inurl:capolicy.inf filetype:lic lic intext:key filetype:log access.log -CVS filetype:log cron.log filetype:mbx mbx intext:Subject filetype:myd myd -CVS filetype:ns1 ns1 filetype:ora ora filetype:ora tnsnames filetype:pdb pdb backup (Pilot | Pluckerdb) filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net filetype:pot inurl:john.pot filetype:PS ps filetype:pst inurl:"outlook.pst" filetype:pst pst -from -to -date filetype:qbb qbb filetype:QBW qbw filetype:rdp rdp filetype:reg "Terminal Server Client" filetype:vcs vcs filetype:wab wab filetype:xls -site:gov inurl:contact filetype:xls inurl:"email.xls" Financial spreadsheets: finance.xls Financial spreadsheets: finances.xls haccess.ctl (one way) haccess.ctl (VERY reliable) ICQ chat logs, please... intext:"Session Start * * * *:*:* *" filetype:log intext:"Tobias Oetiker" "traffic analysis" intext:(password | passcode) intext:(username | userid | user) filetype:csv intext:gmail invite intext:http://gmail.google.com/gmail/a intext:SQLiteManager inurl:main.php intext:ViewCVS inurl:Settings.phpintitle:"admin panel" +" RedKernel" intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) intitle:"AppServ Open Project" -site:www.appservnetwork.com intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos" intitle:"Big Sister" +"OK Attention Trouble" intitle:"curriculum vitae" filetype:doc intitle:"edna:streaming mp3 server" -forums intitle:"FTP root at" intitle:"index of" +myd size intitle:"Index Of" -inurl:maillog maillog size intitle:"Index Of" cookies.txt size intitle:"index of" mysql.conf OR mysql_config intitle:"Index of" upload size parent directory intitle:"index.of *" admin news.asp configview.asp intitle:"index.of" .diz .nfo last modified intitle:"Joomla - Web Installer" intitle:"LOGREP - Log file reporting system" -site:itefix.no intitle:"Multimon UPS status page" intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php ) intitle:"PhpMyExplorer" inurl:"index.php" -cvs intitle:"statistics of" "advanced web statistics" intitle:"System Statistics" +"System and Network Information Center" intitle:"urchin (5|3|admin)" ext:cgi intitle:"Usage Statistics for" "Generated by Webalizer" intitle:"wbem" compaq login "Compaq Information Technologies Group" intitle:"Web Server Statistics for ****" intitle:"web server status" SSH Telnet intitle:"Welcome to F-Secure Policy Manager Server Welcome Page" intitle:"welcome.to.squeezebox" intitle:admin intitle:login intitle:Bookmarks inurl:bookmarks.html "Bookmarks intitle:index.of "Apache" "server at" intitle:index.of cleanup.log intitle:index.of dead.letter intitle:index.of inbox intitle:index.of inbox dbx intitle:index.of ws_ftp.ini intitle:intranet inurl:intranet +intext:"phone" inurl:"/axs/ax-admin.pl" -s?ri?t inurl:"/cricket/grapher.cgi" inurl:"bookmark.htm" inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM inurl:"newsletter/admin/" inurl:"newsletter/admin/" intitle:"newsletter admin" inurl:"putty.reg" inurl:"smb.conf" intext:"workgroup" filetype:conf conf inurl:*db filetype:mdb inurl:/cgi-bin/pass.txt inurl:/_layouts/settings inurl:admin filetype:xls inurl:admin intitle:login inurl:backup filetype:mdb inurl:build.err inurl:cgi-bin/printenv inurl:cgi-bin/testcgi.exe "Please distribute TestCGI" inurl:changepassword.asp inurl:ds.py inurl:email filetype:mdb inurl:fcgi-bin/echo inurl:forum filetype:mdb inurl:forward filetype:forward -cvs inurl:getmsg.html intitle:hotmail inurl:log.nsf -gov inurl:main.php phpMyAdmin inurl:main.php Welcome to phpMyAdmin inurl:netscape.hst inurl:netscape.hst inurl:netscape.ini inurl:odbc.ini ext:ini -cvs inurl:perl/printenv inurl:php.ini filetype:ini inurl:preferences.ini "[emule]" inurl:profiles filetype:mdb inurl:report "EVEREST Home Edition " inurl:server-info "Apache Server Information" inurl:server-status "apache" inurl:snitz_forums_2000.mdb inurl:ssl.conf filetype:conf inurl:tdbin inurl:vbstats.php "page generated" inurl:wp-mail.php + "There doesn't seem to be any new mail." inurl:XcCDONTS.asp ipsec.conf ipsec.secrets "detected an internal error [IBM][CLI Driver][DB2/6000]" "error found handling the request" cocoon filetype:xml "Fatal error: Call to undefined function" -reply -the -next "Incorrect syntax near" "Incorrect syntax near" "Internal Server Error" "server at" "Invision Power Board Database Error" "ORA-00933: SQL command not properly ended" "ORA-12541: TNS:no listener" intitle:"error occurred" "Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php "PostgreSQL query failed: ERROR: parser: parse error" "Supplied argument is not a valid MySQL result resource" "Syntax error in query expression " -the "The script whose uid is " "is not allowed to access" "There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser." "Unable to jump to row" "on MySQL result index" "on line" "Unclosed quotation mark before the character string" "Warning: Bad arguments to (join|implode) () in" "on line" -help -forum "Warning: Cannot modify header information - headers already sent" "Warning: Division by zero in" "on line" -forum "Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum "Warning: mysql_query()" "invalid query" "Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" "Warning: Supplied argument is not a valid File-Handle resource in" "Warning:" "failed to open stream: HTTP request failed" "on line" "Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line" "SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" An unexpected token "END-OF-STATEMENT" was found Coldfusion Error Pages filetype:asp + "[ODBC SQL" filetype:asp "Custom Error Message" Category Source filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error" filetype:php inurl:"logging.php" "Discuz" error ht://Dig htsearch error IIS 4.0 error messages IIS web server error messages Internal Server Error intext:"Error Message : Error loading required libraries." intext:"Warning: Failed opening" "on line" "include_path" intitle:"Apache Tomcat" "Error Report" intitle:"Default PLESK Page" intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm intitle:"Error Occurred" "The error occurred in" filetype:cfm intitle:"Error using Hypernews" "Server Software" intitle:"Execution of this script not permitted" intitle:"Under construction" "does not currently have" intitle:Configuration.File inurl:softcart.exe MYSQL error message: supplied argument.... mysql error with query Netscape Application Server Error page ORA-00921: unexpected end of SQL command ORA-00921: unexpected end of SQL command ORA-00936: missing expression PHP application warnings failing "include_path" sitebuildercontent sitebuilderfiles sitebuilderpictures Snitz! forums db path error SQL syntax error Supplied argument is not a valid PostgreSQL result warning "error on line" php sablotron Windows 2000 web server error messages "ftp://" "www.eastgame.net" "html allowed" guestbook ": vBulletin Version 1.1.5" "Select a database to view" intitle:"filemaker pro" "set up the administrator user" inurl:pivot "There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row "Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin "Welcome to Intranet" "Welcome to PHP-Nuke" congratulations "Welcome to the Prestige Web-Based Configurator" "YaBB SE Dev Team" "you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos ("Indexed.By"|"Monitored.By") hAcxFtpScan (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=) allinurl:"index.php" "site=sglinks" allinurl:install/install.php allinurl:intranet admin filetype:cgi inurl:"fileman.cgi" filetype:cgi inurl:"Web_Store.cgi" filetype:php inurl:vAuthenticate filetype:pl intitle:"Ultraboard Setup" Gallery in configuration mode Hassan Consulting's Shopping Cart Version 1.18 intext:"Warning: * am able * write ** configuration file" "includes/configure.php" - intitle:"Gateway Configuration Menu" intitle:"Horde :: My Portal" -"[Tickets" intitle:"Mail Server CMailServer Webmail" "5.2" intitle:"MvBlog powered" intitle:"Remote Desktop Web Connection" intitle:"Samba Web Administration Tool" intext:"Help Workgroup" intitle:"Terminal Services Web Connection" intitle:"Uploader - Uploader v6" -pixloads.com intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" inurl:"/NSearch/AdminServlet" inurl:"index.php? module=ew_filemanager" inurl:aol*/_do/rss_popup?blogID= inurl:footer.inc.php inurl:info.inc.php inurl:ManyServers.htm inurl:newsdesk.cgi? inurl:"t=" inurl:pls/admin_/gateway.htm inurl:rpSys.html inurl:search.php vbulletin inurl:servlet/webacc natterchat inurl:home.asp -site:natterchat.co.uk XOOPS Custom Installation inurl:htpasswd filetype:htpasswd inurl:yapboz_detay.asp + View Webcam User Accessing allinurl:control/multiview inurl:"ViewerFrame?Mode=" intitle:"WJ-NT104 Main Page" inurl:netw_tcp.shtml intitle:"supervisioncam protocol" mail filetype:csv -site:gov intext:name Microsoft Money Data Files mt-db-pass.cgi files MySQL tabledata dumps mystuff.xml - Trillian data files OWA Public Folders (direct view) Peoples MSN contact lists php-addressbook "This is the addressbook for *" -warning private key files (.csr) private key files (.key) Quicken data files rdbqds -site:.edu -site:.mil -site:.gov robots.txt site:edu admin grades site:www.mailinator.com inurl:ShowMail.do SQL data dumps Squid cache server reports Unreal IRCd WebLog Referrers Welcome to ntop! Fichier contenant des informations sur le r?seau : filetype:log intext:"ConnectionManager2" "apricot - admin" 00h "by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta" "Network Host Assessment Report" "Internet Scanner" "Output produced by SysWatch *" "Phorum Admin" "Database Connection" inurl:forum inurl:admin phpOpenTracker" Statistics "powered | performed by Beyond Security's Automated Scanning" -kazaa -example "Shadow Security Scanner performed a vulnerability assessment" "SnortSnarf alert page" "The following report contains confidential information" vulnerability -search "The statistics were last upd?t?d" "Daily"-microsoft.com "this proxy is working fine!" "enter *" "URL***" * visit "This report lists" "identified by Internet Scanner" "Traffic Analysis for" "RMON Port * on unit *" "Version Info" "Boot Version" "Internet Settings" ((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph")) Analysis Console for Incident Databases ext:cfg radius.cfg ext:cgi intext:"nrg-" " This web page was created on " filetype:pdf "Assessment Report" nessus filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System" filetype:php inurl:nqt intext:"Network Query Tool" filetype:vsd vsd network -samples -examples intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm intitle:"ADSL Configuration page" intitle:"Azureus : Java BitTorrent Client Tracker" intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies." intitle:"BNBT Tracker Info" intitle:"Microsoft Site Server Analysis" intitle:"Nessus Scan Report" "This file was generated by Nessus" intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics" intitle:"Retina Report" "CONFIDENTIAL INFORMATION" intitle:"start.managing.the.device" remote pbx acc intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers." intitle:"twiki" inurl:"TWikiUsers" inurl:"/catalog.nsf" intitle:catalog inurl:"install/install.php" inurl:"map.asp?" intitle:"WhatsUp Gold" inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc" inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo inurl:/adm-cfgedit.php inurl:/cgi-bin/finger? "In real life" inurl:/cgi-bin/finger? Enter (account|host|user|username) inurl:/counter/index.php intitle:"+PHPCounter 7.*" inurl:CrazyWWWBoard.cgi intext:"detailed debugging information" inurl:login.jsp.bak inurl:ovcgi/jovw inurl:phpSysInfo/ "created by phpsysinfo" inurl:portscan.php "from Port"|"Port Range" inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl inurl:statrep.nsf -gov inurl:status.cgi?host=all inurl:testcgi xitami inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin inurl:webutil.pl Looking Glass site:netcraft.com intitle:That.Site.Running Apache "A syntax error has occurred" filetype:ihtml "access denied for user" "using password" "An illegal character has been found in the statement" -"previous message" "ASP.NET_SessionId" "data source=" "Can't connect to local" intitle:warning "Chatologica MetaSearch" "stack tracking" "detected an internal error [IBM][CLI Driver][DB2/6000]" "error found handling the request" cocoon filetype:xml "Fatal error: Call to undefined function" -reply -the -next "Incorrect syntax near" "Incorrect syntax near" "Internal Server Error" "server at" "Invision Power Board Database Error" "ORA-00933: SQL command not properly ended" "ORA-12541: TNS:no listener" intitle:"error occurred" "Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php "PostgreSQL query failed: ERROR: parser: parse error" "Supplied argument is not a valid MySQL result resource" "Syntax error in query expression " -the "The s?ri?t whose uid is " "is not allowed to access" "There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser." "Unable to jump to row" "on MySQL result index" "on line" "Unclosed quotation mark before the character string" "Warning: Bad arguments to (join|implode) () in" "on line" -help -forum "Warning: Cannot modify header information - headers already sent" "Warning: Division by zero in" "on line" -forum "Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum "Warning: mysql_query()" "invalid query" "Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" "Warning: Supplied argument is not a valid File-Handle resource in" "Warning:" "failed to open stream: HTTP request failed" "on line" "Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line" "SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" An unexpected token "END-OF-STATEMENT" was found Coldfusion Error Pages filetype:asp + "[ODBC SQL" filetype:asp "Custom Error Message" Category Source filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error" filetype:php inurl:"logging.php" "Discuz" error ht://Dig htsearch error IIS 4.0 error messages IIS web server error messages Internal Server Error intext:"Error Message : Error loading required libraries." intext:"Warning: Failed opening" "on line" "include_path" intitle:"Apache Tomcat" "Error Report" intitle:"Default PLESK Page" intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm intitle:"Error Occurred" "The error occurred in" filetype:cfm intitle:"Error using Hypernews" "Server Software" intitle:"Execution of this s?ri?t not permitted" intitle:"Under construction" "does not currently have" intitle:Configuration.File inurl:softcart.exe MYSQL error message: supplied argument.... mysql error with query Netscape Application Server Error page ORA-00921: unexpected end of SQL command ORA-00921: unexpected end of SQL command ORA-00936: missing expression PHP application warnings failing "include_path" sitebuildercontent sitebuilderfiles sitebuilderpictures Snitz! forums db path error SQL syntax error Supplied argument is not a valid PostgreSQL result warning "error on line" php sablotron Windows 2000 web server error messages "ftp://" "www.eastgame.net" "html allowed" guestbook : vBulletin Version 1.1.5" "Select a database to view" intitle:"filemaker pro" "set up the administrator user" inurl:pivot "There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row "Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin "Welcome to Intranet" "Welcome to PHP-Nuke" congratulations "Welcome to the Prestige Web-Based Configurator" "YaBB SE Dev Team" "you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos ("Indexed.By"|"Monitored.By") hAcxFtpScan (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=) allinurl:"index.php" "site=sglinks" allinurl:install/install.php allinurl:intranet admin filetype:cgi inurl:"fileman.cgi" filetype:cgi inurl:"Web_Store.cgi" filetype:php inurl:vAuthenticate filetype:pl intitle:"Ultraboard Setup" Gallery in configuration mode Hassan Consulting's Shopping Cart Version 1.18 intext:"Warning: * am able * write ** configuration file" "includes/configure.php" - intitle:"Gateway Configuration Menu" intitle:"Horde :: My Portal" -"[Tickets" intitle:"Mail Server CMailServer Webmail" "5.2" intitle:"MvBlog powered" intitle:"Remote Desktop Web Connection" intitle:"Samba Web Administration Tool" intext:"Help Workgroup" intitle:"Terminal Services Web Connection" intitle:"Uploader - Uploader v6" -pixloads.com intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" inurl:"/NSearch/AdminServlet" inurl:"index.php? module=ew_filemanager" inurl:aol*/_do/rss_popup?blogID= inurl:footer.inc.php inurl:info.inc.php inurl:ManyServers.htm inurl:newsdesk.cgi? inurl:"t=" inurl:pls/admin_/gateway.htm inurl:rpSys.html inurl:search.php vbulletin inurl:servlet/webacc natterchat inurl:home.asp -site:natterchat.co.uk XOOPS Custom Installation inurl:htpasswd filetype:htpasswd inurl:yapboz_detay.asp + View Webcam User Accessing allinurl:control/multiview inurl:"ViewerFrame?Mode=" intitle:"WJ-NT104 Main Page" inurl:netw_tcp.shtml intitle:"supervisioncam protocol" "Duclassified" -site:duware.com "DUware All Rights reserved" "duclassmate" -site:duware.com "Dudirectory" -site:duware.com "dudownload" -site:duware.com "Elite Forum Version *.*" "Link Department" "sets mode: +k" "your password is" filetype:log "DUpaypal" -site:duware.com "A syntax error has occurred" filetype:ihtml "access denied for user" "using password" "Chatologica MetaSearch" "stack tracking:" "Index of /backup" "ORA-00921: unexpected end of SQL command" "parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums "parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums ?intitle:index.of? mp3 name allintitle:"Network Camera NetworkCamera" allinurl: admin mdb allinurl:auth_user_file.txt intitle:"live view" intitle:axis intitle:axis intitle:"video server" intitle:liveapplet inurl:"ViewerFrame?Mode=" inurl:axis-cgi/jpg inurl:axis-cgi/mjpg (motion-JPEG) inurl:passlist.txt inurl:view/index.shtml inurl:view/indexFrame.shtml inurl:view/view.shtml inurl:ViewerFrame?Mode=Refresh liveapplet !Host=*.* intext:enc_UserPassword=* ext:pcf " -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "A syntax error has occurred" filetype:ihtml "About Mac OS Personal Web Sharing" "access denied for user" "using password" "allow_call_time_pass_reference" "PATH_INFO" "An illegal character has been found in the statement" -"previous message" "ASP.NET_SessionId" "data source=" "AutoCreate=TRUE password=*" "Can't connect to local" intitle:warning "Certificate Practice Statement" inurl:(PDF | DOC) "Chatologica MetaSearch" "stack tracking" "Copyright © Tektronix, Inc." "printer status" "detected an internal error [IBM][CLI Driver][DB2/6000]" "Dumping data for table" "Error Diagnostic Information" intitle:"Error Occurred While" "error found handling the request" cocoon filetype:xml "Fatal error: Call to undefined function" -reply -the -next "Generated by phpSystem" "generated by wwwstat" "Host Vulnerability Summary Report" "HTTP_FROM=googlebot" googlebot.com "Server_Software=" "IMail Server Web Messaging" intitle:login "Incorrect syntax near" "Index of /" +.htaccess "Index of /" +passwd "Index of /" +password.txt "Index of /admin" "Index of /mail" "Index Of /network" "last modified" "Index of /password" "index of /private" site:mil "index of /private" -site:net -site:com -site:org "Index of" / "chat/logs" "index of/" "ws_ftp.ini" "parent directory" "Installed Objects Scanner" inurl:default.asp "Internal Server Error" "server at" "liveice configuration file" ext:cfg "Login - Sun Cobalt RaQ" "Mecury Version" "Infastructure Group" "Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log "More Info about MetaCart Free" "Most Submitted Forms and Scripts" "this section" "mysql dump" filetype:sql "mySQL error with query" "Network Vulnerability Assessment Report" "not for distribution" confidential "ORA-00921: unexpected end of SQL command" "ORA-00933: SQL command not properly ended" "ORA-00936: missing expression" "pcANYWHERE EXPRESS Java Client" "phone * * *" "address *" "e-mail" intitle:"curriculum vitae" "phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" "phpMyAdmin MySQL-Dump" filetype:txt "phpMyAdmin" "running on" inurl:"main.php" "PostgreSQL query failed: ERROR: parser: parse error" "Powered by mnoGoSearch - free web search engine software" "powered by openbsd" +"powered by apache" "Powered by UebiMiau" -site:sourceforge.net "produced by getstats" "Request Details" "Control Tree" "Server Variables" "robots.txt" "Disallow:" filetype:txt "Running in Child mode" "sets mode: +k" "sets mode: +p" "sets mode: +s" "Supplied argument is not a valid MySQL result resource" "Supplied argument is not a valid PostgreSQL result" "Thank you for your order" +receipt "This is a Shareaza Node" "This report was generated by WebLog" "This summary was generated by wwwstat" "VNC Desktop" inurl:5800 "Warning: Cannot modify header information - headers already sent" "Web File Browser" "Use regular expression" "xampp/phpinfo "You have an error in your SQL syntax near" "Your password is * Remember this for later use" aboutprinter.shtml allintitle: "index of/admin" allintitle: "index of/root" allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov allintitle: sensitive filetype:doc allintitle:.."Test page for Apache Installation.." allintitle:admin.php allinurl:".r{}_vti_cnf/" allinurl:admin mdb allinurl:auth_user_file.txt allinurl:servlet/SnoopServlet An unexpected token "END-OF-STATEMENT" was found camera linksys inurl:main.cgi Canon Webview netcams Comersus.mdb database confidential site:mil ConnectionTest.java filetype:html data filetype:mdb -site:gov -site:mil eggdrop filetype:user user ext:conf NoCatAuth -cvs ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" ext:txt inurl:unattend.txt filetype:ASP ASP filetype:ASPX ASPX filetype:BML BML filetype:cfg ks intext:rootpw -sample -test -howto filetype:cfm "cfapplication name" password filetype:CFM CFM filetype:CGI CGI filetype:conf inurl:psybnc.conf "USER.PASS=" filetype:dat "password.dat filetype:DIFF DIFF filetype:DLL DLL filetype:DOC DOC filetype:FCGI FCGI filetype:HTM HTM filetype:HTML HTML filetype:inf sysprep filetype:JHTML JHTML filetype:JSP JSP filetype:log inurl:password.log filetype:MV MV filetype:pdf "Assessment Report" nessus filetype:PDF PDF filetype:PHP PHP filetype:PHP3 PHP3 filetype:PHP4 PHP4 filetype:PHTML PHTML filetype:PL PL filetype:PPT PPT filetype:PS PS filetype:SHTML SHTML filetype:STM STM filetype:SWF SWF filetype:TXT TXT filetype:XLS XLS htpasswd / htpasswd.bak Index of phpMyAdmin index of: intext:Gallery in Configuration mode index.of passlist intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" intext:"d.aspx?id" || inurl:"d.aspx?id" intext:"enable secret 5 $" intext:"powered by Web Wiz Journal" intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user" intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password intitle:"500 Internal Server Error" "server at" intitle:"actiontec" main setup status "Copyright 2001 Actiontec Electronics Inc" intitle:"Browser Launch Page" intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu intitle:"EverFocus.EDSR.applet" intitle:"Index of" ".htpasswd" "htgroup" -intitle:"dist" -apache -htpasswd.c intitle:"Index of" .bash_history intitle:"Index of" .mysql_history intitle:"Index of" .mysql_history intitle:"Index of" .sh_history intitle:"Index of" cfide intitle:"index of" etc/shadow intitle:"index of" htpasswd intitle:"index of" intext:globals.inc intitle:"index of" master.passwd intitle:"index of" members OR accounts intitle:"index of" passwd intitle:"Index of" passwords modified intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"Index of" pwd.db intitle:"index of" spwd intitle:"Index of" spwd.db passwd -pam.conf intitle:"index of" user_carts OR user_cart intitle:"Index of..etc" passwd intitle:"iVISTA.Main.Page" intitle:"network administration" inurl:"nic" intitle:"OfficeConnect Cable/DSL Gateway" intext:"Checking your browser" intitle:"remote assessment" OpenAanval Console intitle:"Remote Desktop Web Connection" inurl:tsweb intitle:"switch login" "IBM Fast Ethernet Desktop" intitle:"SWW link" "Please wait....." intitle:"teamspeak server-administration intitle:"TUTOS Login" intitle:"VMware Management Interface:" inurl:"vmware/en/" intitle:"Welcome to the Advanced Extranet Server, ADVX!" intitle:"Welcome to Windows 2000 Internet Services" intitle:"Connection Status" intext:"Current login" intitle:"inc. vpn 3000 concentrator" intitle:asterisk.management.portal web-access intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com intitle:index.of administrators.pwd intitle:index.of cgiirc.config intitle:Index.of etc shadow site:passwd intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak" intitle:index.of master.passwd intitle:index.of passwd passwd.bak intitle:index.of people.lst intitle:index.of trillian.ini intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc" intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password" intitle:open-xchange inurl:login.pl inurl:":10000" intext:webmin inurl:"8003/Display?what=" inurl:"auth_user_file.txt" inurl:"GRC.DAT" intext:"password" inurl:"printer/main.html" intext:"settings" inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample inurl:"ViewerFrame?Mode=" inurl:"wvdial.conf" intext:"password" inurl:"wwwroot/ inurl:/Citrix/Nfuse17/ inurl:/db/main.mdb inurl:/wwwboard inurl:access inurl:admin filetype:db inurl:asp inurl:buy inurl:ccbill filetype:log inurl:cgi inurl:cgiirc.config inurl:config.php dbuname dbpass inurl:data inurl:default.asp intitle:"WebCommander" inurl:download inurl:file inurl:filezilla.xml -cvs inurl:forum inurl:home inurl:hp/device/this.LCDispatcher inurl:html inurl:iisadmin inurl:inc inurl:info inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man inurl:list inurl:login filetype:swf swf inurl:mail inurl:midicart.mdb inurl:names.nsf?opendatabase inurl:new inurl:nuke filetype:sql inurl:order inurl:ospfd.conf intext:password -sample -test -tutorial -download inurl:pages inurl:pap-secrets -cvs inurl:passlist.txt Ultima Online loginservers inurl:Proxy.txt inurl:public inurl:search inurl:secring ext:skr | ext:pgp | ext:bak inurl:shop inurl:shopdbtest.asp inurl:software inurl:support inurl:user inurl:vtund.conf intext:pass -cvs s inurl:web inurl:zebra.conf intext:password -sample -test -tutorial -download LeapFTP intitle:"index.of./" sites.ini modified POWERED BY HIT JAMMER 1.0! signin filetype:url site:ups.com intitle:"Ups Package tracking" intext:"1Z ### ### ## #### ### #" top secret site:mil Ultima Online loginservers VP-ASP Shop Administrators only XAMPP "inurl:xampp/index" intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart allintitle: sensitive filetype:doc allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov allintitle:*.php?filename=* allintitle:*.php?page=* allintitle:*.php?logon=* +(â€index ofâ€) +(â€/ebooksâ€|â€/bookâ€) +(chm|pdf|zip|rar) +apache allinurl: +(rar|chm|zip|pdf|tgz|lit) â€œparent directory â€ Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums â€œparent directory â€ MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums â€œparent directory â€ applications -xxx -html -htm -php -shtml -opendivx -md5 -md5sums â€œparent directory â€ Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums â€œparent directory â€ DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums -

Fuente:http://www.haxseeker.com/2013/05/google-dork-list-for-sql-injection.html

Saludos Mundo Libre.