GHDB « Hackers For Charity

GHDB

GHDB

Google Search: +htpasswd +WS_FTP.LOG filetype:log

L0om rates this entry 6 out of 10.
Submitted: 2004-05-20 00:00:00
Added by: L0om
Hits: 15423
Score: 6

WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute “+htpasswd” for “+FILENAME” and you may get several hits that you hadn’t seen with the ‘normal’ search. Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on..A different approach might be “allinurl: “some.host.com” WS_FTP.LOG filetype:log” which tells you more about who’s uploading files to a specific site.

Comments:

2004-07-21 22:38:50 (warwick): BEWARE of viewing logs in your web browser!

Consider this GCIH Passing Practice: http://www.giac.org/practical/William_Bellamy_GCIH.zip
Part 2, Item 5.

Granted this deals with weblogs but ya just never know what folks may put in these files.


-warwick

2005-06-20 18:33:14 (barebone): filetype:conf inurl:admin


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply