Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Vulnerable Files

HUNDREDS of vulnerable files that Google can find on websites...

DATE Title Summary
2013-09-24 -site:simplemachines.org "These are the paths... Dork: -site:simplemachines.org "These are the paths and URLs to your SMF installation&qu...
2011-08-25 allinurl:forcedownload.php?file= Didn't see this anywhere in the GHDB, but its been known for a while and widely abused by oth...
2011-05-28 ionCube Loader Wizard information disclosure inurl:loader-wizard ext:php This dork displays sensitive information Auth0r: MaXe...
2011-05-27 vBulletin Install Page Detection inurl:/install/install.php intitle:vBulletin * Install System This dork displays the untreat...
2006-09-13 inurl:"simplenews/admin" hxxp://evuln.com/vulns/94/summary.html...
2006-02-28 inurl:updown.php | intext:"Powered by PHP Upl... this (evil ) script lets you to upload a php shell on target server, in most cases not password...
2005-12-19 inurl:guestbook/guestbooklist.asp "Post Date&... A sql vulnerability has been reported in a Techno Dreams asp script, login.asp. http://search.s...
2005-10-26 intitle:"CJ Link Out V1" A cross site scripting vunerability has been discovered in CJ linkout version 1.x. CJ linkout i...
2005-09-26 "powered by mailgust" MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://w...
2005-09-26 "powered by my little forum" My Little Forum 1.5 / 1.6beta SQL Injectionsoftware:site: http://www.mylittlehomepage.net/my_li...
2005-09-25 intitle:"Control panel" "Control Pa... Build, manage and customize your own search engine friendly news / article site from scratch --...
2005-09-25 inurl:cartwiz/store/index.asp The CartWIZ eCommerce Shopping Cart System will help you build your online store through an int...
2005-09-13 "e107.org 2002/2003" inurl:forum_post.ph... e107 is prone to an input validation vulnerability. This issue is due to a failure in the appli...
2005-09-13 "maxwebportal" inurl:"default"... several vulnerabilities relating to this.MaxWebPortal is a web portal and online community syst...
2005-09-11 "Mail-it Now!" intitle:"Contact for... Mail-it Now! 1.5 (possibly prior versions) contact.php remote code executionsite: http://www.sk...
2005-09-11 "Warning:" "Cannot execute a blank ... "Warning: passthru(): Cannot execute a blank command in" "Warning: system(): Can...
2005-09-08 "Powered by Xcomic" "Powered by xcomic"this is a recent exploit, you can retrieve any file on target syst...
2005-08-08 "Powered by FunkBoard" FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/pa...
2005-08-07 "Powered by FlexPHPNews" inurl:news | in... 24/07/2005 2.38.13Flex PHPNews 0.0.4 login bypass/ sql injection, cross site scripting & re...
2005-08-07 "Powered By: Simplicity oF Upload" inurl... 26/07/2005 16.09.18Simplicity OF Upload 1.3 (possibly prior versons) remote code execution &...
2005-08-07 inurl:nquser.php filetype:php Netquery 3.1 remote commands execution, cross site scripting, information disclosure poc exploi...
2005-08-07 PHPFreeNews inurl:Admin.php 29/07/2005 8.36.03PHPFreeNews Version 1.32 (& previous) sql injection/login bypass, cross s...
2005-08-07 "Powered by SilverNews" silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands e...
2005-08-07 "Powered by Gravity Board" 4.22 07/08/2005 Gravity Board X v1.1 (possibly prior versions) Remote code execution, SQL Injec...
2005-07-26 filetype:mdb "standard jet" These Microsoft Access Database files may contain usernames, passwords or simply prompts for su...
2005-06-03 intitle:"PHPstat" intext:"Browser&q... Phpstat shows nice statistical informatino about a website's visitors. Certain versions are als...
2005-05-20 intitle:"SSHVnc Applet"OR intitle:"... sSHTerm Applet en SSHVnc Applet pages....
2005-04-27 inurl:cgi-bin inurl:bigate.cgi Anonymous surfing with bigate.cgi. Remove http:// when you copy paste or it won't work....
2004-12-01 filetype:pl -intext:"/usr/bin/perl" inur... WebCal allows you to create and maintain an interactive events calendar or scheduling system on...
2004-11-30 filetype:mdb inurl:"news/news" Web Wiz Site News unprotected database holds config and admin information in a microsoft access...
2004-11-28 inurl:php.exe filetype:exe -example.com It is possible to read any file remotely on the server with PHP.EXE (assuming a script alias fo...
2004-11-18 "Powered by Land Down Under 601" sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access...
2004-11-16 ext:asp "powered by DUForum" inurl:(mess... DUForum is one of those free forum software packages. The database location is determined by th...
2004-11-16 ext:asp inurl:DUgallery intitle:"3.0" -s... The MS access database can be downloaded from inside the docroot. The user table holds the admi...
2004-11-04 filetype:cgi inurl:cachemgr.cgi cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default...
2004-10-31 "powered by YellDL" Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP....
2004-10-27 inurl:click.php intext:PHPClickLog A script written in PHP 4 which logs a user's statistics when they click on a link. The log is...
2004-10-27 "File Upload Manager v1.3" "rename ... thepeak file upload manager let you manage your webtree with up and downloading files....
2004-10-26 intitle:"phpremoteview" filetype:php &qu... phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the s...
2004-10-19 intitle:"ASP FileMan" Resend -site:iiswo... FileMan is a corporate web based storage and file management solution for intra- and internet. ...