Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Vulnerable Servers

These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.

DATE Title Summary
2015-03-16 allintext:Copyright Smart PHP Poll. All Rights Res... The dork "allintext:Copyright Smart PHP Poll. All Rights Reserved. -exploit" show al...
2015-03-04 allinurl:moadmin.php -google -github The dork "allinurl:moadmin.php -google -github" show all the sites that uses Mongo D...
2014-12-22 inurl:/elfinder/elfinder.html+intitle:"elFind... Upload Vulnerability Elfinder 2.0 inurl:/elfinder/elfinder.html+intitle:"elFinder 2.0&q...
2014-11-03 inurl:robots.txt intext:CHANGELOG.txt intext:disal... inurl:robots.txt intext:CHANGELOG.txt intext:disallow ext:txt -site:github.com sites that ha...
2014-11-03 inurl:CHANGELOG.txt intext:drupal intext:"SA-... inurl:CHANGELOG.txt intext:drupal intext:"SA-CORE" -intext:7.32 -site:github.com -sit...
2014-10-02 ext:cgi inurl:cgi-bin intext:#!/bin/bash gnu-bash site dorks Ariel Anonis - @ariel_anonis ...
2014-05-05 "OpenSSL" AND "1.0.1 Server at"... Search for all Apache servers that are running specific versions of OpenSSL. These specific ve...
2014-02-05 inurl:"/reports/rwservlet" intext:"... Search Oracle Reports likely vulnerable to DB user/password disclosure (CVE-2012-3152 and CVE...
2013-11-25 inurl:"struts" filetype:action Google search for actoin files wich could be explotable via CVE-2013-2251 "Multiple Remot...
2013-08-08 inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?int... inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin view phpMyAdmin of web sit...
2012-12-31 inurl:/wp-content/w3tc/dbcache/ - Jay Townsend...
2012-12-31 intext:SQL syntax & inurl:index.php?=id & ... # Exploit Title: SQLI Exploit # Google Dork: intext:SQL syntax & inurl:index.php?=id &...
2012-08-21 intext: intext: intext: intext: intext: More than 100k sites affected It will show asp sites that are vulnerable to sql injection (...
2012-05-15 intitle:awen+intitle:asp.net Hi, This google dork exposes any already uploaded asp.net shells which are available in Bac...
2012-05-15 intitle:"-N3t" filetype:php undetectable intitle:"-N3t" filetype:php undetectable Search WebShell indexed on a page. -- ...
2011-12-23 inurl:.php intitle:- BOFF 1.0 intext:[ Sec. Info ] This search attempts to find the BOFF 1.0 Shell. Author: alsa7r ...
2011-11-25 filetype:php inurl:tiki-index.php +sirius +1.9.* Finds servers vulnerable to the CVE-2007-5423 exploit. Author: Matt Jones ...
2011-11-24 filetype:php inanchor:c99 inurl:c99 intitle:c99she... This search attempts to find the c99 backdoor that may be knowingly or unknowingly installed o...
2011-11-19 inurl:php intitle:"Cpanel , FTP CraCkeR" locates cpanel and ftp cracker. Author: alsa7r ...
2011-10-11 intitle:#k4raeL - sh3LL intitle:#k4raeL - sh3LL Finds K4rael Shell , though many of them are dead but we can get som...
2011-09-26 inurl:view.php?board1_sn= locates a webapp vulnerable to SQL injection ...
2011-07-26 intitle:m1n1 1.01 find the b374k shell.... Submitted by : biLLbud ...
2011-05-03 intitle:Locus7shell intext:"Software:" intitle:Locus7shell intext:"Software:" Submitted by lionaneesh -- Thanks Ane...
2011-03-23 intitle:"[EasyPHP] - Administration" Unprotected EasyPHP Admin page detection.. Author: Aneesh Dogra (lionaneesh) ...
2011-02-24 MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF Postgr... Author :- eXeSoul You will get lots of web shells even some private shells....
2011-02-24 intitle:cyber anarchy shell Submitter: eXeSoul cyber anarchy shell ...
2010-12-10 inurl:/vb/install/upgrade.php Vbulletin custom updrade wizards. Author: ScOrPiOn...
2010-12-10 inurl:/vb/install/install.php Vbulletin installation wizards, allow users to modify installation parameters. May also reveal ...
2010-12-09 "CGI-Telnet Unit-x Team Connected to *.com&qu... Locates CGI-Telnet web shells. Author: ScOrPiOn...
2010-12-08 "www.*.com - c99shell" OR "www.*.ne... Locates c99 web shells Author: ScOrPiOn...
2010-12-07 "safe_mode: * PHP version: * cURL: * MySQL... Locates r57 web shells Author: ScOrPiOn...
2010-12-07 "r57shell" Locates r57 web shells Author: ScOrPiOn...
2010-12-07 "r57shell 1.4" Locates r57 web shells Author: ScOrPiOn...
2010-12-07 "[ phpinfo ] [ php.ini ] [ cpu ] [ mem ] ... Locates r57 web shells Author: ScOrPiOn...
2010-11-13 inurl:index.php?pagedb=rss -Vulnerability -inurl CVE: 2007-4007 EDB-ID: 4221 This google dork possibly exposes sites with the Article Direct...
2006-05-03 intitle:"Uploader - Uploader v6" -pixloa... File upload servers, dangerous if used in couple with mytrashmail.com...
2006-04-25 intitle:"MvBlog powered" MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure...
2006-02-03 intitle:"Horde :: My Portal" -"[Tic... Hi It will give you administrative ownership over Horde webmail system plus all users in Hord...
2006-01-22 inurl:rpSys.html Web configuration pages for various types of systems. Many of these systems are not password pr...
2006-01-16 filetype:pl intitle:"Ultraboard Setup" setup pages to the ultraboard system....