Google Hacking Database (GHDB)

Search the Google Hacking Database or browse GHDB categories

Vulnerable Servers

These searches reveal servers with specific vulnerabilities. These are found in a different way than the searches found in the "Vulnerable Files" section.

DATE Title Summary
2005-09-17 "Welcome to Administration" "Genera... This reveals admin site for Argo Software Design Mail Server....
2005-09-16 XOOPS Custom Installation XOOPS custom installation wizards, allow users to modify installation parameters. May also reve...
2005-09-15 "you can now password" | "this is a... IMchaos link tracker admin pages. Reveals AIM screennames, IP ADDRESSES AND OTHER INFO via deta...
2005-07-03 "set up the administrator user" inurl:pi... Using this, you can find sites with a Pivot weblog installed but not set up. The default set up...
2005-06-11 "html allowed" guestbook When this is typed in google it finds websites which have HTML Enabled guestbooks. This is real...
2005-03-19 "Powered by: vBulletin Version 1.1.5" This google dork reveals vulnerable message boards. It works for all Vbulletin version up to 2....
2005-01-26 inurl:"/NSearch/AdminServlet" This search brings up results for Novell NetWare's Web Search Manager.. at best the sites will ...
2005-01-06 inurl:servlet/webacc I was playing around on the net when I found a small problem with Novell's WebAcces. With User....
2004-12-27 "There are no Administrators Accounts" i... This is a more specific search for the vulnerable PhpNuke index already seen on this website.Ph...
2004-12-04 intitle:"Mail Server CMailServer Webmail"... CMailServer is a small mail webmail server. Multiple vulnerabilities were found, including buff...
2004-11-07 inurl:newsdesk.cgi? inurl:"t=" Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due ...
2004-11-07 (inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=) This is a "double dork" finds two different shopping carts, both vulnerable1) Cyber-V...
2004-11-06 inurl:aol*/_do/rss_popup?blogID= AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is bas...
2004-11-05 natterchat inurl:home.asp -site:natterchat.co.uk NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identifie...
2004-10-31 intitle:phpMyAdmin "Welcome to phpMyAdmin ***... phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web...
2004-08-21 intitle:phpMyAdmin "Welcome to phpMyAdmin ***... search for phpMyAdmin installations that are configured to run the MySQL database with root pri...
2004-08-20 "ftp://" "www.eastgame.net" Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing."t...
2004-08-13 intext:"Warning: * am able * write ** configu... OsCommerce has some security issues, including the following warning message: "Warning: I ...
2004-07-29 allinurl:"index.php" "site=sglinks&... Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 ...
2004-07-29 inurl:"index.php? module=ew_filemanager" http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module - http...
2004-07-26 filetype:cgi inurl:"fileman.cgi" This brings up alot of insecure as well as secure filemanagers. These software solutions are of...
2004-07-26 filetype:cgi inurl:"Web_Store.cgi" Zero X reported that "Web_Store.cgi" allows Command Execution:This application was wr...
2004-07-26 ("Indexed.By"|"Monitored.By") ... hAcxFtpScan - software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp se...
2004-06-04 "Welcome to the Prestige Web-Based Configurat... This is the configuration screen for a Prestige router. This page indicates that the router has...
2004-06-04 filetype:php inurl:vAuthenticate vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new ...
2004-05-04 intitle:"Samba Web Administration Tool" ... This search reveals wide-open samba web adminitration servers. Attackers can change options on ...
2004-04-28 intitle:"Gateway Configuration Menu" This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (...
2004-04-28 inurl:pls/admin_/gateway.htm This is a default login portal used by Oracle. In addition to the fact that this file can be us...
2004-04-06 allinurl:install/install.php Pages with install/install.php files may be in the process of installing a new service or progr...
2004-03-29 allinurl:intranet admin According to whatis.com: "An intranet is a private network that is contained within an ent...
2004-03-29 "Select a database to view" intitle:&quo... An oldie but a goodie. This search locates servers which provides access to Filemaker pro datab...
2004-03-18 "Welcome to PHP-Nuke" congratulations This finds default installations of the postnuke CMS system. In many cases, default installatio...
2004-03-14 inurl:info.inc.php From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0...
2004-03-14 inurl:footer.inc.php From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0...
2004-03-04 inurl:search.php vbulletin Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerabilit...
0000-00-00 "Welcome to Intranet" According to whatis.com: "An intranet is a private network that is contained within an ent...
2004-03-04 intitle:"Remote Desktop Web Connection" Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insec...
2004-03-04 intitle:"Terminal Services Web Connection&quo... Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine...
2004-03-04 inurl:ManyServers.htm Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, s...
2004-03-04 intitle:osCommerce inurl:admin intext:"redist... This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending o...