GHDB « Hackers For Charity

GHDB

GHDB :: Vulnerable Servers

Date Title Summary  
2003-07-08 Hassan Consulting's Shopping Cart Version 1.1... These servers can be messed with in many ways. One specific way is by way of the "../" bug. This lets you cruise around the web server in a ...
2004-03-04 "YaBB SE Dev Team" Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several atta ...
2004-03-04 Gallery in configuration mode Gallery is a nice little php program that allows users to post personal pictures on their website. So handy, in fact, that I use it on my site! Howeve ...
2004-03-04 intitle:osCommerce inurl:admin intext:"redist. .. This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending on how bad the setup of the web store is, web surfers ca ...
2004-03-04 inurl:ManyServers.ht m Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the a ...
2004-03-04 intitle:"Termin al Services Web Connection&quo... Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actu ...
2004-03-04 intitle:"Remote Desktop Web Connection" Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around ...
0000-00-00 "Welcome to Intranet" According to whatis.com: "An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to sh ...
2004-03-04 inurl:search.php vbulletin Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerability. See http://www.securityfocus.com/bid/9656 for more i ...
2004-03-14 inurl:footer.inc.php From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som ela ...
2004-03-14 inurl:info.inc.php From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som ela ...
2004-03-18 "Welcome to PHP-Nuke" congratulations This finds default installations of the postnuke CMS system. In many cases, default installations can be insecure especially considering that the admi ...
2004-03-29 "Select a database to view" intitle:&quo... An oldie but a goodie. This search locates servers which provides access to Filemaker pro databases via the web. The severity of this search varies wi ...
2004-03-29 allinurl:intranet admin According to whatis.com: "An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to sh ...
2004-04-06 allinurl:install/ins tall.php Pages with install/install.php files may be in the process of installing a new service or program. These servers may be insecure due to insecure defau ...
2004-04-28 inurl:pls/admin_/gat eway.htm This is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's ve ...
2004-04-28 intitle:"Gatewa y Configuration Menu" This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (DADs) and Listener settings. This page is normally pass ...
2004-05-04 intitle:"Samba Web Administration Tool" ... This search reveals wide-open samba web adminitration servers. Attackers can change options on the server. ...
2004-06-04 filetype:php inurl:vAuthenticate vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new user accounts new user groups, activate/inactivate grou ...
2004-06-04 "Welcome to the Prestige Web-Based Configurat... This is the configuration screen for a Prestige router. This page indicates that the router has not yet been setup and any web user can make changes t ...
2004-07-26 ("Indexed.By&qu ot;|"Monitored. By") ... hAcxFtpScan - software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp server usualy it is a directory like:/Monitored ...
2004-07-26 filetype:cgi inurl:"Web_Stor e.cgi" Zero X reported that "Web_Store.cgi" allows Command Execution:This application was written by Selena Sol and Gunther Birznieks. You can exec ...
2004-07-26 filetype:cgi inurl:"fileman. cgi" This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a "simple" but ...
2004-07-29 inurl:"index.ph p? module=ew_filemanage r" http://www.cirt.net/advisories/ew_file_manager .shtml:Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.phpDescription: EasyWeb FileM ...
2004-07-29 allinurl:"index .php" "site=sglinks&. .. Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 and prior seems to be vulnerable to a code inclusion in ...
2004-08-13 intext:"Warning : * am able * write ** configu... OsCommerce has some security issues, including the following warning message: "Warning: I am able to write to the configuration file". Addit ...
2004-08-20 "ftp://" "www.eastgame.n et" Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing."thankyou4share" ! ...
2004-08-21 intitle:phpMyAdmin "Welcome to phpMyAdmin ***... search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges. ...
2004-10-31 intitle:phpMyAdmin "Welcome to phpMyAdmin ***... phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/dr ...
2004-11-05 natterchat inurl:home.asp -site:natterchat.co. uk NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identified in the application that may allow attackers to pass m ...
2004-11-06 inurl:aol*/_do/rss_p opup?blogID= AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is basically "America Online's version of a blog (w ...
2004-11-07 (inurl:/shop.cgi/pag e=) | (inurl:/shop.pl/page =) This is a "double dork" finds two different shopping carts, both vulnerable1) Cyber-Village Online Consulting Shopping CartCyber-Village ...
2004-11-07 inurl:newsdesk.cgi? inurl:"t=" Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due to a failure in the sanitization of parameters a remote ...
2004-12-04 intitle:"Mail Server CMailServer Webmail"... CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buffer overflow, SQL Injection and XXS.http://www.securitea ...
2004-12-27 "There are no Administrators Accounts" i... This is a more specific search for the vulnerable PhpNuke index already seen on this website.PhpNuke asks you to set up an admin account when it is fi ...
2005-01-06 inurl:servlet/webacc I was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as param ...
2005-01-26 inurl:"/NSearch /AdminServlet" This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will be password protected, at worst the site will requ ...
2005-03-19 "Powered by: vBulletin Version 1.1.5" This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2.0 beta 2. To try for other versions just change the ver ...
2005-06-11 "html allowed" guestbook When this is typed in google it finds websites which have HTML Enabled guestbooks. This is really stupid as users could totally mess up their guestboo ...
2005-07-03 "set up the administrator user" inurl:pi... Using this, you can find sites with a Pivot weblog installed but not set up. The default set up screen on Pivot has you create an administrator accoun ...
2005-09-15 "you can now password" | "this is a... IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via details link. Logs can also be viewed and deleted from this ...
2005-09-16 XOOPS Custom Installation XOOPS custom installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations via p ...
2005-09-17 "Welcome to Administration" "Genera... This reveals admin site for Argo Software Design Mail Server. ...
2006-01-16 filetype:pl intitle:"Ultrab oard Setup" setup pages to the ultraboard system. ...
2006-01-22 inurl:rpSys.html Web configuration pages for various types of systems. Many of these systems are not password protected. ...
2006-02-03 intitle:"Horde :: My Portal" -"[Tic... Hi It will give you administrative ownership over Horde webmail system plus all users in Horde webmail system.. also php shell :) and much more ...E ...
2006-04-25 intitle:"MvBlog powered" MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied ...
2006-05-03 intitle:"Upload er - Uploader v6" -pixloa... File upload servers, dangerous if used in couple with mytrashmail.com ...