CVE Certified
GHDB

Google Hacking Database

Vulnerable Files

HUNDREDS of vulnerable files that Google can find on websites...

DATE Title Summary
2005-08-07 inurl:nquser.php filetype:php Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploi...
2005-08-07 PHPFreeNews inurl:Admin.php 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross s...
2005-08-07 "Powered by SilverNews" silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands e...
2005-08-07 "Powered by Gravity Board" 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injec...
2005-07-26 filetype:mdb "standard jet" These Microsoft Access Database files may contain usernames, passwords or simply prompts for su...
2005-06-03 intitle:"PHPstat" intext:"Browser&q... Phpstat shows nice statistical informatino about a website's visitors. Certain versions are als...
2005-05-20 intitle:"SSHVnc Applet"OR intitle:"... sSHTerm Applet en SSHVnc Applet pages....
2005-04-27 inurl:cgi-bin inurl:bigate.cgi Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work....
2004-12-01 filetype:pl -intext:"/usr/bin/perl" inur... WebCal allows you to create and maintain an interactive events calendar or scheduling system on...
2004-11-30 filetype:mdb inurl:"news/news" Web Wiz Site News unprotected database holds config and admin information in a microsoft access...
2004-11-28 inurl:php.exe filetype:exe -example.com It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias fo...
2004-11-18 "Powered by Land Down Under 601" sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access...
2004-11-16 ext:asp "powered by DUForum" inurl:(mess... DUForum is one of those free forum software packages. The database location is determined by th...
2004-11-16 ext:asp inurl:DUgallery intitle:"3.0" -s... The MS access database can be downloaded from inside the docroot. The user table holds the admi...
2004-11-04 filetype:cgi inurl:cachemgr.cgi cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default...
2004-10-31 "powered by YellDL" Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP....
2004-10-27 inurl:click.php intext:PHPClickLog A script written in PHP 4 which logs a user's statistics when they click on a link. The log is...
2004-10-27 "File Upload Manager v1.3" "rename ... thepeak file upload manager let you manage your webtree with up and downloading files....
2004-10-26 intitle:"phpremoteview" filetype:php &qu... phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the s...
2004-10-19 intitle:"ASP FileMan" Resend -site:iiswo... FileMan is a corporate web based storage and file management solution for intra- and internet. ...