12 Million Sensitive URLs Available for Download

Remember Google Dorks? They’re an old school way of using Google search terms to unearth websites vulnerable to SQL injection, CMS vulnerabilities, and even files containing passwords.

Traditionally, you’d use the “inurl:” operator in a Google search to discover these URLs that were never meant to be public, like the WordPress private uploads path pictured below:

 

We compiled a list of 497 known URL paths from Exploit-DB and extracted all URLs that matched them – get this – from across 3.4 BILLION web pages. In total we found 12,146,720 web pages that contained at least one Google Dork term.

Haven’t heard of NerdyData before? Try out our source code search engine.

Download samples of the 497 reports we have available today, for each exploit

Contact Us to download the full reports

 

URL Path Exploit-DB Description
XcCDONTS.aspDownloadThis query reveals an .asp script which can often be used to send anonymous emails from fake senders. When combined with a proxy, the usefulness of these scr...
CgiStart?page=DownloadThis search reveals even more Panasonic IP cameras!
pass.datDownloadAccesses passwords mostly in cgibin but not all the timeCan find passwords + usernames (sometimes username), some unecrypted some not
textpattern/index.phpDownloadLogin portal for textpattern a CMS/Blogger tool.
csCreatePro.cgiDownloadCreate Pro logon pages.
login.jsp.bakDownloadJSP programmer anyone? You can read this!
ManyServers.htmDownloadMicrosoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual u...
wfdownloads/viewcat.php?list=DownloadXOOPS WF_Downloads (2.05) module SQL injectionThis a specific dork, that searches XOOPS sites with WF_Downloads module installed, advisory & poc exploit:http...
footer.inc.phpDownloadFrom http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing ...
info.inc.phpDownloadFrom http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing ...
ovcgi/jovwDownloadAn HP Java network management tool. It is a sign that a network may not be configured properly.
tmtrack.dll?DownloadThis query shows installations of Serena Teamtrack. (www.serena.com).You may be able to adjust the application entry point, by providing a command after the ...
build.errDownloadGeneral build error file. Can tell what modules are installed, the OS the compiler the language, in theory usernames and passwords could probably be found too.
rpSys.htmlDownloadWeb configuration pages for various types of systems. Many of these systems are not password protected.
ids5webDownloadEasyAccess Web is a application to view radiological images online.Like in hospitals or universities.Problem is the default administrative login: wadm/wadmBe...
php121login.phpDownload&PHP121 is a free web based instant messenger - written entirely in PHP. This means that it will work in any browser on any operating system including Window...
cgi-bin/guestimage.htmlDownloadjust more more MOBOTIX's
changepassword.aspDownloadThis is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the security layout o...
simplenews/adminDownloadhxxp://evuln.com/vulns/94/summary.html
/dana-na/auth/DownloadJuniper SSL
src/login.phpDownloadLocates SquirrelMail Login Pages
com_simpleshopDownloadJoomla Component simpleshop 3.4 SQL injection Vulnerability - CVE: 2008-2568: https://www.exploit-db.com/exploits/5743
cfaq/index.php?catid=DownloadFAQ Management Script (catid) Remote SQL Injection Vulnerability - CVE: 2008-4743: https://www.exploit-db.com/exploits/6629
index.php?conteudo=DownloadWaibrasil Remote / Local File Inclusion: https://www.exploit-db.com/exploits/12562
com_imgDownloadJoomla Component (com_img) LFI Vulnerability: https://www.exploit-db.com/exploits/15470
modules/flashgames/DownloadXOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability - CVE: 2007-2543: https://www.exploit-db.com/exploits/3849
index.php?option=com_mediaslideDownloadJoomla Component com_mediaslide Directory Traversal Vulnerability: https://www.exploit-db.com/exploits/10591
com_biblestudyDownloadJoomla Component com_biblestudy LFI Vulnerability - CVE: 2010-0157: https://www.exploit-db.com/exploits/10943
com_dashboardDownloadJoomla Component com_dashboard Directory Traversal: https://www.exploit-db.com/exploits/11086
com_clanlistDownloadJoomla Component (com_clanlist) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15456
classified/product_desc.php?id=DownloadGreenCart PHP Shopping Cart (id) Remote SQL Injection Vulnerability - CVE: 2008-3585: https://www.exploit-db.com/exploits/6189
btg_oglasDownloadJoomla Component (btg_oglas) HTML & XSS Injection Vulnerability: https://www.exploit-db.com/exploits/15468
/squirrelcart/DownloadSquirrelcart 2.2.0 (cart_content.php) Remote Inclusion Vulnerability - CVE: 2006-2483: https://www.exploit-db.com/exploits/1790
com_marktDownloadJoomla Component (com_markt) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15469
com_bfsurveyDownloadJoomla Component com_bfsurvey LFI Vulnerability - CVE: 2010-2259: https://www.exploit-db.com/exploits/10946
bemarketDownloadBBS E-Market (postscript.php p_mode) Remote File Inclusion Vulnerability - CVE: 2007-3934: https://www.exploit-db.com/exploits/4195
index.php?option=com_primeDownloadJoomla Component com_prime Directory Traversal: https://www.exploit-db.com/exploits/11177
index.php?option=com_noticiaDownloadJoomla compnent com_noticia cross site scripting: https://www.exploit-db.com/exploits/10789
index.php?option=com_portfolioDownloadJoomla Component com_portfolio Local File Disclosure: https://www.exploit-db.com/exploits/12325
com_dailymealsDownloadJoomla Component com_dailymeals LFI Vulnerability: https://www.exploit-db.com/exploits/10928
com_clanDownloadJoomla Component (com_clan) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15454
com_biographiesDownloadJoomla Component com_biographies SQL injection Vulnerability: https://www.exploit-db.com/exploits/11226
newsletter/admin/DownloadThese pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send...
index.php?option=com_yancDownloadMambo com_yanc 1.4 beta (id) Remote SQL Injection Vulnerability - CVE: 2007-2792: https://www.exploit-db.com/exploits/3944
com_productbookDownloadJoomla Component com_productbook SQL Injection Vulnerability - CVE: 2010-1045: https://www.exploit-db.com/exploits/11352
com_projectforkDownloadJoomla Component com_Projectfork 2.0.10 Local File Inclusion Vuln - CVE: 2009-2100: https://www.exploit-db.com/exploits/8946
index.php?option=com_directoryDownloadJoomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability - CVE: 2008-0690: https://www.exploit-db.com/exploits/5047
login.cfmDownloadThis is the default login page for ColdFusion. Although many of these are secured, this is an indicator of a default installation, and may be inherantly inse...
customer_testimonials.phpDownloadosCommerce Addon Customer Testimonials 3.1 SQL Injection Vulnerability - CVE: 2008-0719: https://www.exploit-db.com/exploits/5075
/files/redirect.aspDownloadJBS v2.0 | JBSX - Administration panel bypass and Malicious File Upload Vulnerability: https://www.exploit-db.com/exploits/10161
index.php?option=com_simpleboardDownloadMambo Component Simpleboard 1.0.3 (catid) SQL Injection Vulnerability - CVE: 2008-1077: https://www.exploit-db.com/exploits/5195
sinagb.phpDownloadSinapis 2.2 Gastebuch (sinagb.php fuss) Remote File Include Vulnerability - CVE: 2007-1130: https://www.exploit-db.com/exploits/3366
csc_article_details.phpDownloadCaupoShop Classic 1.3 (saArticle[ID]) Remote SQL Injection Vulnerability - CVE: 2008-2866: https://www.exploit-db.com/exploits/5865
view_group.php?group_id=DownloadVastal I-Tech SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12845
login.aspDownloadThis is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionB...
/admin/login.aspDownloadThis is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionB...
index.php?option=com_djiceshoutboxDownloadJoomla Djice Shoutbox 1.0 Permanent XSS Vulnerability: https://www.exploit-db.com/exploits/8197
com_filialeDownloadJoomla Component Filiale 1.0.4 (idFiliale) SQL Injection Vulnerability - CVE: 2008-1935: https://www.exploit-db.com/exploits/5488
com_cpgDownloadMambo CopperminePhotoGalery Component Remote Include Vulnerability - CVE: 2006-4321: https://www.exploit-db.com/exploits/2196
jgs_treffen.phpDownloadWoltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability - CVE: 2008-1640: https://www.exploit-db.com/exploits/5329
Editor/assetmanager/assetmanager.aspDownloadAsset Manager Remote File upload Vulnerability: https://www.exploit-db.com/exploits/12693
makaledetay.asp?id=DownloadMayasan Portal v2.0 (makaledetay.asp) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14420
com_linkrDownloadJoomla Component com_linkr - Local File Inclusion: https://www.exploit-db.com/exploits/11756
com_janewsDownloadJoomla Component com_janews - Local File Inclusion - CVE: 2010-1219: https://www.exploit-db.com/exploits/11757
com_sectionexDownloadJoomla Component com_sectionex - Local File Inclusion: https://www.exploit-db.com/exploits/11759
com_rokdownloadsDownloadJoomla Component com_rokdownloads - Local File Inclusion - CVE: 2010-1056: https://www.exploit-db.com/exploits/11760
com_ganalyticsDownloadJoomla Component com_ganalytics - Local File Inclusion: https://www.exploit-db.com/exploits/11758
/phpfootball/DownloadPHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability - CVE: 2007-0638: https://www.exploit-db.com/exploits/3226
/component/jeeventcalendar/DownloadJoomla JE Event Calendar LFI Vulnerability: https://www.exploit-db.com/exploits/14062
com_webringDownloadJoomla Webring Component 1.0 Remote Include Vulnerability - CVE: 2006-4129: https://www.exploit-db.com/exploits/2177
fcgi-bin/echoDownloadThis is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip addresses, pat...
index.php?option=com_mambadsDownloadMambo Component com_mambads SQL Injection Vulnerability: https://www.exploit-db.com/exploits/11719
modules.php?name=My_eGalleryDownloadPHP-Nuke My_eGallery 2.7.9 Remote SQL Injection Vulnerability - CVE: 2008-7038: https://www.exploit-db.com/exploits/5203
cgi-bin/printenvDownloadThis is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, ...
com_pollxtDownloadpollxt Mambo Component 1.22.07 Remote Include Vulnerability - CVE: 2006-5045: https://www.exploit-db.com/exploits/2029
index.php?option=com_calendarioDownloadJoomla Component com_calendario Blind SQL injection Vulnerability: https://www.exploit-db.com/exploits/10760
perl/printenvDownloadThis is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, ...
/go/_files/?file=DownloadSOTEeSKLEP 3.5RC9 (file) Remote File Disclosure Vulnerability - CVE: 2007-4369: https://www.exploit-db.com/exploits/4282
option=com_camelcitydb2DownloadJoomla CamelcityDB 2.2 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14530
com_colophonDownloadMambo Colophon Component 1.2 Remote Inclusion Vulnerability - CVE: 2006-3969: https://www.exploit-db.com/exploits/2085
index.php?id_menu=DownloadCMScontrol 7.x File Upload: https://www.exploit-db.com/exploits/11104
pls/admin_/gateway.htmDownloadThis is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's version and so...
articles.php?topic=DownloadjPORTAL 2.3.1 articles.php Remote SQL Injection Vulnerability - CVE: 2007-5973: https://www.exploit-db.com/exploits/4614
option=com_orgDownloadJoomla Component com_org SQL Injection Vulnerability: https://www.exploit-db.com/exploits/11725
tinybrowser.php?DownloadTinyBrowser Remote File upload Vulnerability: https://www.exploit-db.com/exploits/12692
tr.php?id=DownloadDownline Goldmine Category Addon (id) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/6947
index.php?mod=jeuxflashDownloadKwsPHP Module jeuxflash (cat) Remote SQL Injection Vulnerability - CVE: 2008-1759: https://www.exploit-db.com/exploits/5352
tr.php?id=DownloadDownline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability - CVE: 2008-4178: https://www.exploit-db.com/exploits/6946
com_netinvoiceDownloadJoomla Component netinvoice 1.2.0 SP1 SQL Injection Vulnerability - CVE: 2008-3498: https://www.exploit-db.com/exploits/5939
com_beamospetitionDownloadJoomla Component beamospetition Remote SQL Injection Vulnerability - CVE: 2008-3132: https://www.exploit-db.com/exploits/5965
com_acprojectsDownloadJoomla Component com_acprojects Sql Injection Vulnerability: https://www.exploit-db.com/exploits/11480
tdbinDownloadThis is the default directory for TestDirector (http://www.mercuryinteractive.com/products/testdirector/). This program contains sensitive information includ...
CuteSoft_Client/CuteEditorDownloadCute Editor ASP.NET Remote File Disclosure Vulnerability - CVE: 2009-4665: https://www.exploit-db.com/exploits/8785
tr.php?id=DownloadDownline Goldmine newdownlinebuilder (tr.php id) SQL Injection Vuln: https://www.exploit-db.com/exploits/6951
tr.php?id=DownloadDownline Goldmine paidversion (tr.php id) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/6950
option=com_mydyngalleryDownloadJoomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln - CVE: 2008-5957: https://www.exploit-db.com/exploits/7343
index.php?mod=sondagesDownloadKwsPHP 1.0 sondages Module Remote SQL Injection Vulnerability - CVE: 2007-4979: https://www.exploit-db.com/exploits/4422
com_ckformsDownloadJoomla Component (com_ckforms) Local File Inclusion Vulnerability: https://www.exploit-db.com/exploits/15453
com_prayercenterDownloadJoomla Component prayercenter 1.4.9 (id) SQL Injection Vulnerability - CVE: 2008-6429: https://www.exploit-db.com/exploits/5708/
com_ccnewsletterDownloadJoomla Component com_ccnewsletter LFI Vulnerability - CVE: 2010-0467: https://www.exploit-db.com/exploits/11282
add_soft.phpDownloadSoftware Index 1.1 (cid) Remote SQL Injection Vulnerability: https://www.exploit-db.com/exploits/5378
myLDlinker.phpDownloadWordPress Plugin myLDlinker SQL Injection Vulnerability - CVE: 2010-2924: https://www.exploit-db.com/exploits/14441
com_idoblogDownloadJoomla Component iDoBlog b24 Remote SQL Injection Vulnerability - CVE: 2008-2627: https://www.exploit-db.com/exploits/5730
com_ckformsDownloadJoomla Component com_ckforms Multiple Vulnerabilities - CVE: 2010-1344: https://www.exploit-db.com/exploits/11785
index.php?m_id=Downloadslogan design Script SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12849
com_jomestateDownloadJoomla Hot Property com_jomestate RFI Vulnerability: https://www.exploit-db.com/exploits/13956
modules.php?name=Shopping_CartDownloadPHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability - CVE: 2007-1034: https://www.exploit-db.com/exploits/10615
com_forumDownloadcom_forum Mambo Component
inc_linksmanager.aspDownloadDMXReady Links Manager 1.1 Remote Contents Change Vulnerability: https://www.exploit-db.com/exploits/7772
tr1.php?id=DownloadYourFreeWorld Scrolling Text Ads (id) SQL Injection Vulnerability - CVE: 2008-4885: https://www.exploit-db.com/exploits/6942
com_otziviDownloadJoomla Component com_otzivi Local File Inclusion Vulnerability: https://www.exploit-db.com/exploits/11494
inc_faqsmanager.aspDownloadDMXReady Faqs Manager 1.1 Remote Contents Change Vulnerability: https://www.exploit-db.com/exploits/7770
/modules/Partenaires/clic.php?id=DownloadNuked-Klan Module Partenaires NK 1.5 Blind Sql Injection: https://www.exploit-db.com/exploits/14556
com_jabodeDownloadJoomla Component jabode (id) Remote SQL Injection Vulnerability - CVE: 2008-7169: https://www.exploit-db.com/exploits/5963
inc_billboardmanager.asp?ItemID=DownloadDMXReady Billboard Manager 1.1 Remote File Upload Vulnerability: https://www.exploit-db.com/exploits/7791
com_flippingbookDownloadJoomla Component FlippingBook 1.0.4 SQL Injection Vulnerability - CVE: 2008-2095: https://www.exploit-db.com/exploits/5484
inc_contactusmanager.aspDownloadDMXReady Contact Us Manager 1.1 Remote Contents Change Vuln: https://www.exploit-db.com/exploits/7768
com_neorecruitDownloadJoomla Component com_neorecruit 1.4 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14570
/tmpDownloadMany times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but...
JBSProDownloadJiRos Banner Experience 1.0 (Create Admin Bypass) - CVE: 2006-1213: https://www.exploit-db.com/exploits/1571
inc_joblistingmanager.aspDownloadDMXReady Job Listing 1.1 Remote Contents Change Vulnerability: https://www.exploit-db.com/exploits/7771
inc_newsmanager.aspDownloadDMXReady News Manager 1.1 Arbitrary Category Change Vuln: https://www.exploit-db.com/exploits/7752
inc_documentlibrarymanager.aspDownloadDMXReady Document Library Manager 1.1 Contents Change Vuln: https://www.exploit-db.com/exploits/7769
inc_photogallerymanager.aspDownloadDMXReady Photo Gallery Manager 1.1 Contents Change Vulnerability: https://www.exploit-db.com/exploits/7783
classifieds.php?cat=DownloadBM Classifieds Ads SQL Injection Vulnerability: https://www.exploit-db.com/exploits/10314
index.php?option=com_jequoteformDownloadJoomla Component com_jequoteform - Local File Inclusion - CVE: 2010-2128: https://www.exploit-db.com/exploits/12607
inc_paypalstoremanager.aspDownloadDMXReady PayPal Store Manager 1.1 Contents Change Vulnerability: https://www.exploit-db.com/exploits/7782
w3.php?nodeId=DownloadAspect Ratio CMS Blind SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15205
index.php?option=com_portfolioDownloadMambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/5139
index.php?option=com_oziogalleryDownloadJoomla Ozio Gallery Component (com_oziogallery) SQL Injection Vulnerability - CVE: 2010-2910: https://www.exploit-db.com/exploits/14462
click.php?hostid=DownloadAdult Banner Exchange Website (targetid) SQL Injection Vulnerability - CVE: 2008-6101: https://www.exploit-db.com/exploits/6909
/tiny_mce/plugins/filemanager/DownloadTinyMCE MCFileManager 2.1.2 Arbitrary File Upload Vulnerability: https://www.exploit-db.com/exploits/15194
search_results.php?browse=1DownloadSoftBizScripts Dating Script SQL Injection Vunerability - CVE: 2006-3271: https://www.exploit-db.com/exploits/12438
gotourl.php?id=DownloadPozScripts Classified Auctions (gotourl.php id) SQL Injection Vuln - CVE: 2008-4755: https://www.exploit-db.com/exploits/6839
browsecats.php?cid=DownloadSoftBizScripts Hosting Script SQL Injection Vunerability - CVE: 2005-3817: https://www.exploit-db.com/exploits/12439
com_bookDownloadJoomla Component com_book SQL injection Vulnerability: https://www.exploit-db.com/exploits/11213
/geeklog/DownloadGeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability: https://www.exploit-db.com/exploits/15277
/webCal3_detail.asp?event_id=DownloadWebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability - CVE: 2009-1945: https://www.exploit-db.com/exploits/8857
classifieds/view.php?category=DownloadYourFreeWorld Classifieds (category) Remote SQL Injection Vulnerability - CVE: 2008-3755: https://www.exploit-db.com/exploits/6945
com_beamospetitionDownloadJoomla Component (com_beamospetition) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14502
/hbcms/php/DownloadHB CMS 1.7 SQL Injection: https://www.exploit-db.com/exploits/9835
list.php?lcat_id=DownloadD-Tendencia Bt 2008 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/10494
com_eventDownloadJoomla Component com_event Multiple Vulnerabilities: https://www.exploit-db.com/exploits/12633
/alternate_profiles/Downloade107 Plugin alternate_profiles (id) SQL Injection Vulnerability - CVE: 2008-4785: https://www.exploit-db.com/exploits/6849
com_portfolDownloadJoomla Component com_portfol SQL Injection Vulnerability: https://www.exploit-db.com/exploits/10844
vbplaza.php?do=DownloadvBulletin vbBux/vbPlaza 2.x (vbplaza.php) Blind SQL Injection Vuln: https://www.exploit-db.com/exploits/8784
list.php?c=DownloadProzilla Top 100 v1.2 Arbitrary Delete Stats Vulnerability - CVE: 2008-1785: https://www.exploit-db.com/exploits/5384
com_equipmentDownloadJoomla Component (com_equipment) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14655
phpsecurepagesDownloadphpSecurePages 0.28b (secure.php) Remote File Include Vulnerability: https://www.exploit-db.com/exploits/2452
/index.php?option=com_rsfilesDownloadJoomla Component RSfiles 1.0.2 (path) File Download Vulnerability - CVE: 2007-4504: https://www.exploit-db.com/exploits/4307
dpage.php?docIDDownloadThe Real Estate Script (dpage.php docID) SQL Injection Vulnerability - CVE: 2008-2443: https://www.exploit-db.com/exploits/5610
index.php?option=com_ipropertyDownloadJoomla Component (com_iproperty) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14450
/downlot.php?file=DownloadLokomedia CMS (sukaCMS) Local File Disclosure Vulnerability - CVE: 2010-2018: https://www.exploit-db.com/exploits/12651
read.asp?fID=DownloadJiRo?s FAQ Manager (read.asp fID) SQL Injection Vulnerability - CVE: 2008-2691: https://www.exploit-db.com/exploits/5753
simpleblog3DownloadSimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability: https://www.exploit-db.com/exploits/7232
com_pinboardDownloadJoomla Component com_pinboard Remote File Upload Vulnerability: https://www.exploit-db.com/exploits/9011
domcfg.nsfDownloadThis will return a listing of servers running Lotus Domino. These servers by default have very descriptive error messages which can be used to obtain path an...
friend.php?op=FriendSendDownloadPHP-Nuke 'friend.php' Module Remote SQL Injection: https://www.exploit-db.com/exploits/12525
com_gamesboxDownloadJoomla Component Gamesbox com_gamesbox 1.0.2 (id) SQL Injection Vulnerability - CVE: 2010-2690: https://www.exploit-db.com/exploits/14126
com_redshopDownloadJoomla redSHOP Component v1.0 (com_redshop pid) SQL Injection Vulnerability - CVE: 2010-2694: https://www.exploit-db.com/exploits/14312
com_communityDownloadJoomla Template BizWeb com_community Persistent XSS Vulnerability: https://www.exploit-db.com/exploits/13955
news.php?mode=voirDownloadTR News 2.1 (nb) Remote SQL Injection Vulnerability - CVE: 2008-1957: https://www.exploit-db.com/exploits/5483
apages.phpDownloadArab Network Tech. (ANT) CMS SQL Injection: https://www.exploit-db.com/exploits/11339
webboard/view.php?topic=DownloadWebboard v.2.90 beta Remote File Disclosure Vulnerability - CVE: 2009-2600: https://www.exploit-db.com/exploits/8823
com_portfolDownloadJoomla Component Portfol (vcatid) SQL Injection Vulnerability - CVE: 2009-0494: https://www.exploit-db.com/exploits/7734
com_jstoreDownloadjoomla com_jstore SQLi Vulnerability: https://www.exploit-db.com/exploits/13796
index.php?option=com_nicetalkDownloadJoomla Component Nice Talk 0.9.3 (tagid) SQL Injection Vulnerability - CVE: 2007-4503: https://www.exploit-db.com/exploits/4308
com_ignitegalleryDownloadJoomla Component Ignite Gallery 0.8.3 SQL Injection Vulnerability - CVE: 2008-6182: https://www.exploit-db.com/exploits/6723
/cricket/grapher.cgiDownloadThis search reveals information about internal networks, such as configuration, services, bandwidth.
com_jmarketDownloadjoomla com_jmarket SQLi Vulnerability: https://www.exploit-db.com/exploits/13799
com_jticketsDownloadjoomla com_jtickets SQLi Vulnerability: https://www.exploit-db.com/exploits/13797
com_rwcardsDownloadJoomla Component com_rwcards - Local File Inclusion: https://www.exploit-db.com/exploits/11772
questions.php?idcatDownloadEsFaq 2.0 (idcat) Remote SQL Injection Vulnerability - CVE: 2008-3952: https://www.exploit-db.com/exploits/6383
userjournals.php?blog.Downloade107 Plugin userjournals_menu (blog.id) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/8417
com_youtubeDownloadJoomla Component (com_youtube) SQL Injection Vulnerability - CVE: 2010-2923: https://www.exploit-db.com/exploits/14467
index.php?serverid=DownloadUltrastats 0.2.144/0.3.11 (index.php serverid) SQL Injection Vulnerability - CVE: 2008-6260: https://www.exploit-db.com/exploits/7148
com_photoblogDownloadJoomla (com_photoblog) Blind Sql Injection Vulnerability - CVE: 2010-0610: https://www.exploit-db.com/exploits/11337
indexmess.phpDownloadMessagerie Locale (centre.php) Remote File Inclusion Vulnerability: https://www.exploit-db.com/exploits/2832
com_jnewsletterDownloadjoomla com_jnewsletter SQLi Vulnerability: https://www.exploit-db.com/exploits/13804
inc_classifiedlistingsmanager.aspDownloadDMXReady Classified Listings Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0426: https://www.exploit-db.com/exploits/7767
track.php?id=Downloadphpstore Wholesale (track.php?id) SQL Injection Vulnerability - CVE: 2008-5493: https://www.exploit-db.com/exploits/7134
com_jcommunityDownloadjoomla com_jcommunity SQLi Vulnerability: https://www.exploit-db.com/exploits/13798
search_form.php?sb_showresult=DownloadGetacoder clone (sb_protype) Remote SQL Injection Vulnerability - CVE: 2008-3372: https://www.exploit-db.com/exploits/6143
vcalendar_aspDownloadVCalendar (VCalendar.mdb) Remote Database Disclosure Vulnerability: https://www.exploit-db.com/exploits/7180
com_simpledownloadDownloadJoomla Component simpledownload Local File Disclosure - CVE: 2010-2122: https://www.exploit-db.com/exploits/12623
file.php?recordID=DownloadFILE SHARE v1.0 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/10497
cal_cat.php?op=DownloadCalendarix (cal_cat.php) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14393
view_group.php?id=DownloadBookMarks Favourites Script (view_group.php id) SQL Injection Vuln - CVE: 2008-6007: https://www.exploit-db.com/exploits/6637
index.php?option=com_spaDownloadJoomla Component com_spa SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14423
ugroups.php?UID=DownloadTubeGuru Video Sharing Script (UID) SQL Injection Vulnerability - CVE: 2008-3674: https://www.exploit-db.com/exploits/6170
index.php?mod=jeuxflashDownloadKwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability - CVE: 2007-4922: https://www.exploit-db.com/exploits/4400
track.php?id=DownloadSFS EZ BIZ PRO (track.php id) Remote SQL Injection Vulnerability - CVE: 2008-6245: https://www.exploit-db.com/exploits/6910
/eprise/DownloadsilkRoad Eprise is a dynamic content management product that simplifies the flow of content to a corporate website. The software requires NT 4, Windows 2000 ...
browsecats.php?cid=DownloadPozScripts Classified Ads Script (cid) SQL Injection Vulnerability - CVE: 2008-3672: https://www.exploit-db.com/exploits/6169
trr.php?id=DownloadAd Board (id) Remote SQL Injection Vulnerability - CVE: 2008-3725: https://www.exploit-db.com/exploits/6271
kroax.php?categoryDownloadPHP-Fusion Mod Kroax 4.42 (category) SQL Injection Vulnerability - CVE: 2008-5196: https://www.exploit-db.com/exploits/5942
com_contentDownloadJoomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln - CVE: 2008-6923: https://www.exploit-db.com/exploits/6025
noticias.php?notiId=DownloadEle Medios CMS SQL Injection Vulnerability: https://www.exploit-db.com/exploits/10418
index.php?option=com_huruhelpdeskDownloadJoomla Component (com_huruhelpdesk) SQL Injection Vulnerability - CVE: 2010-2907: https://www.exploit-db.com/exploits/14449
index.php?option=com_bookjoomlasDownloadJoomla Component com_bookjoomlas 0.1 SQL Injection Vulnerability - CVE: 2009-1263: https://www.exploit-db.com/exploits/8353
index.php?option=com_simplefaqDownloadMambo Component SimpleFAQ 2.11 Remote SQL Injection Vulnerability - CVE: 2007-4456: https://www.exploit-db.com/exploits/4296
index.php?option=com_joblineDownloadJoomla Component Jobline 1.3.1 Blind SQL Injection Vulnerability - CVE: 2009-2554: https://www.exploit-db.com/exploits/9187
search/admin.phpDownloadphpMySearch is a personal search engine that one can use to provide a search feature for one's own Web site. With this search an attacker can find admin logo...
com_jcalproDownloadJoomla Component com_jcalpro 1.5.3.6 Remote File Inclusion - CVE: 2009-4431: https://www.exploit-db.com/exploits/10587
category.php?cate_id=DownloadGC Auction Platinum (cate_id) Remote SQL Injection Vulnerability - CVE: 2008-3413: https://www.exploit-db.com/exploits/6144
com_categoryDownloadJoomla Component com_category (catid) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/9126
index.php?ortupg=DownloadCMS Ortus 1.13 Remote SQL Injection Vulnerability - CVE: 2008-6282: https://www.exploit-db.com/exploits/7237
com_jomtubeDownloadJoomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection: https://www.exploit-db.com/exploits/14434
com_gigcalDownloadJoomla Component com_gigcal (gigcal_gigs_id) SQL Injection Vuln - CVE: 2009-0726: https://www.exploit-db.com/exploits/7746
com_ezautosDownloadJoomla Component (com_ezautos) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15085
com_a6mambocreditsDownloadMambo a6mambocredits Component 1.0.0 File Include Vulnerability - CVE: 2006-4288: https://www.exploit-db.com/exploits/2207
com_eventcalDownloadJoomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14187
profile.php?mode=DownloadPHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability): https://www.exploit-db.com/exploits/14440
com_performsDownloadperForms Mambo Component 1.0 Remote File Inclusion - CVE: 2006-3774: https://www.exploit-db.com/exploits/2025
com_mambowikiDownloadMambo MamboWiki Component 0.9.6 Remote Include Vulnerability - CVE: 2006-4282: https://www.exploit-db.com/exploits/2213
com_wmtpicDownloadJoomla Component com_wmtpic 1.0 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14128
phshoutbox.phpDownloadPhShoutBox 1.5 (final) Insecure Cookie Handling Vulnerability - CVE: 2008-1971: https://www.exploit-db.com/exploits/5467
inc_memberdirectorymanager.aspDownloadDMXReady Member Directory Manager 1.1 SQL Injection Vulnerability - CVE: 2009-0427: https://www.exploit-db.com/exploits/7773
mod=notizieDownloadXCMS 1.83 Remote Command Execution - CVE: 2007-6652: https://www.exploit-db.com/exploits/4813
com_jphotoDownloadJoomla Component com_jphoto SQL Injection Vulnerability - (id) - CVE: 2009-4598: https://www.exploit-db.com/exploits/10367
add_soft.phpDownloadHotscripts Clone (cid) Remote SQL Injection Vulnerability - CVE: 2008-6405: https://www.exploit-db.com/exploits/6545
option=com_huruhelpdeskDownloadjoomla component allvideos BLIND SQL injection Vulnerability: https://www.exploit-db.com/exploits/12137
inc_membersareamanager.aspDownloadDMXReady Members Area Manager 1.2 SQL Injection Vulnerability: https://www.exploit-db.com/exploits/7774
com_phocagalleryDownloadJoomla Phoca Gallery Component (com_phocagallery) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14207
member.php?page=commentsDownload6ALBlog (newsid) Remote SQL Injection Vulnerability - CVE: 2007-3451: https://www.exploit-db.com/exploits/4104
index.php?option=com_ponygalleryDownloadJoomla Component Pony Gallery 1.5 SQL Injection Vulnerability - CVE: 2007-4046: https://www.exploit-db.com/exploits/4201
kgb19DownloadKGB 1.9 (sesskglogadmin.php) Local File Include - CVE: 2007-0337: https://www.exploit-db.com/exploits/3134
option=com_huruhelpdeskDownloadjoomla component huruhelpdesk SQL injection Vulnerability: https://www.exploit-db.com/exploits/12124
inc_securedocumentlibrary.aspDownloadDMXReady Secure Document Library 1.1 Remote SQL Injection Vuln - CVE: 2009-0428: https://www.exploit-db.com/exploits/7787
php/showContent.php?linkid=DownloadWorldviewer.com CMS SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12163
com_linkdirectoryDownloadJoomla Link Directory Component 1.0.3 Remote Include Vulnerability: https://www.exploit-db.com/exploits/2214
com_managerDownloadJoomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12257
com_quickfaqDownloadJoomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability - CVE: 2010-2845: https://www.exploit-db.com/exploits/14296
e107_pluginsDownloade107 Code Exec - CVE: 2010-2099: https://www.exploit-db.com/exploits/12715
com_simpledownloadDownloadJoomla Component simpledownload LFI Vulnerability - CVE: 2010-2122: https://www.exploit-db.com/exploits/12618
main_forum.php?cat=DownloadGeN3 forum V1.3 SQL Injection Vulnerability - CVE: 2009-4263: https://www.exploit-db.com/exploits/10299
com_artlinksDownloadJoomla Artlinks Component 1.0b4 Remote Include Vulnerability - CVE: 2006-3949: https://www.exploit-db.com/exploits/2209
com_djclassifiedsDownloadJoomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability: https://www.exploit-db.com/exploits/12479
index.php?option=com_akobookDownloadJoomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability - CVE: 2009-2638: https://www.exploit-db.com/exploits/8911
com_virtuemartDownloadJoomla Component com_virtuemart SQL injection vulnerability (product_id): https://www.exploit-db.com/exploits/10407
com_mojoDownloadJoomla MojoBlog Component v0.15 Multiple Remote File Include Vulnerabilities - CVE: 2009-4789: https://www.exploit-db.com/exploits/10273
?pilih=forumDownloadAuraCMS [Forum Module] Remote SQL Injection Vulnerability - CVE: 2007-4171: https://www.exploit-db.com/exploits/4254
/com_chronocontactDownloadJoomla Component ChronoForms 2.3.5 RFI Vulnerabilities - CVE: 2008-0567: https://www.exploit-db.com/exploits/5020
com_kochsuiteDownloadJoomla Kochsuite Component 0.9.4 Remote File Include Vulnerability - CVE: 2006-4348: https://www.exploit-db.com/exploits/2215
com_jepollDownloadJoomla Component com_jepoll (pollid) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12781
com_jembedDownloadcom_jembed (catid) Blind SQL Injection - CVE: 2010-1073: https://www.exploit-db.com/exploits/11026
com_bfsurvey_profreeDownloadJoomla Component BF Survey Pro Free SQL Injection - CVE: 2009-4625: https://www.exploit-db.com/exploits/9601
option=com_cinemaDownloadJoomla component cinema SQL injection Vulnerability: https://www.exploit-db.com/exploits/13792
com_jejobDownloadJoomla JE Job Component com_jejob LFI Vulnerability: https://www.exploit-db.com/exploits/14063
com_jotloaderDownloadJoomla Component jotloader 1.2.1.a Blind SQL injection - CVE: 2008-2564: https://www.exploit-db.com/exploits/5737
/wp-content/plugins/fgallery/DownloadWordpress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability - CVE: 2008-0491: https://www.exploit-db.com/exploits/4993
com_jgenDownloadJoomla Component (com_jgen) SQL Injection Vulnerability - CVE: 2010-3422: https://www.exploit-db.com/exploits/14998
inc_webblogmanager.aspDownloadDMXReady Blog Manager
com_n-formsDownloadJoomla Component n-forms 1.01 Blind SQL Injection: https://www.exploit-db.com/exploits/6055
com_simplefaqDownloadJoomla Component com_simplefaq (catid) Blind Sql Injection Vulnerability - CVE: 2010-0632CVE: 2010-0632: https://www.exploit-db.com/exploits/11294
com_jb2DownloadJoomla Component JooBlog 0.1.1 Blind SQL Injection - CVE: 2008-2630: https://www.exploit-db.com/exploits/5734
com_dmsDownloadJoomla Component com_dms SQL Injection Vulnerability - CVE: 2010-0800: https://www.exploit-db.com/exploits/11289
yvcommentDownloadJoomla Component yvcomment 1.16 Blind SQL Injection - CVE: 2008-2692: https://www.exploit-db.com/exploits/5755
com_hestarDownloadMambo Component com_hestar Remote SQL Injection Vulnerability: https://www.exploit-db.com/exploits/9609
index.php?option=com_joomlaconnect_beDownloadJoomla Component com_joomlaconnect_be Blind Injection Vulnerability: https://www.exploit-db.com/exploits/11578
com_seminarDownloadJoomla Component Seminar 1.28 (id) Blind SQL Injection - CVE: 2009-4200: https://www.exploit-db.com/exploits/8867
index.php?option=com_iceDownloadJoomla Component com_ice Blind SQL Injection Vulnerability: https://www.exploit-db.com/exploits/11544
com_xewebtvDownloadJoomla Component Xe webtv (id) Blind SQL Injection - CVE: 2008-5200: https://www.exploit-db.com/exploits/5966
index.php?option=com_paxgalleryDownloadJoomla Component com_paxgallery Blind Injection Vulnerability: https://www.exploit-db.com/exploits/11595
com_ezstoreDownloadJoomla Component EZ Store Remote Blind SQL Injection - CVE: 2008-3586: https://www.exploit-db.com/exploits/6199
option=com_elite_expertsDownloadJoomla Component (com_elite_experts) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/15100
com_jejobDownloadJoomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12782
com_jpodiumDownloadJoomla JPodium Component (com_jpodium) SQL Injection Vulnerability: https://www.exploit-db.com/exploits/14232
option=com_agendaDownloadJoomla Component com_agenda 1.0.1 (id) SQL Injection Vulnerability - CVE: 2010-1716: https://www.exploit-db.com/exploits/12132
index.php?menu=showcatDownloadACG-ScriptShop (cid) Remote SQL Injection Vulnerability - CVE: 2008-4144: https://www.exploit-db.com/exploits/6364
e107_plugins/my_galleryDownloade107 Plugin My_Gallery 2.3 Arbitrary File Download Vulnerability - CVE: 2008-1702: https://www.exploit-db.com/exploits/5308
/wp-content/plugins/wp-shopping-cart/DownloadWordpress Plugin e-Commerce
com_ijoomla_archiveDownloadJoomla com_ijoomla_archive Blind SQL Injectio: https://www.exploit-db.com/exploits/8164
com_ajaxchatDownloadJoomla Ajax Chat 1.0 remote file inclusion - CVE: 2009-3822: https://www.exploit-db.com/exploits/9888
/macgurublog_menu/Downloade107 Plugin BLOG Engine 2.2 (rid) Blind SQL Injection Vulnerability - CVE: 2008-2455: https://www.exploit-db.com/exploits/5604
?page=duyurular_detay&id=DownloadWebyapar 2.0 Multiple Remote SQL Injection Vulnerabilities - CVE: 2007-4068: https://www.exploit-db.com/exploits/4224
we_objectID=DownloadwebEdition CMS (we_objectID) Blind SQL Injection - CVE: 2008-4154: https://www.exploit-db.com/exploits/6281
index.php?edicion_id=DownloadDelivering Digital Media CMS SQL Injection Vulnerability: https://www.exploit-db.com/exploits/12840
CIHUYDownloadJoomla Component (com_joomdle) SQL Injection Vulnerability - CVE: 2010-2908: https://www.exploit-db.com/exploits/14466
cal_day.php?op=day&catview=DownloadCalendarix v0.8.20071118 SQL Injection: https://www.exploit-db.com/exploits/11443
com_digifolioDownloadJoomla Component com_digifolio 1.52 (id) SQL Injection Vulnerability - CVE: 2009-3193: https://www.exploit-db.com/exploits/9534
com_fastballDownloadJoomla Fastball component 1.1.0-1.2 SQL Injection - CVE: 2009-3443: https://www.exploit-db.com/exploits/9822
/modules/friendfinder/DownloadXOOPS Module Friendfinder
com_facebookDownloadJoomla com_facebook SQL Injection - CVE: 2009-3438: https://www.exploit-db.com/exploits/9833
/modules/kshop/DownloadXOOPS Module Kshop 1.17 (id) Remote SQL Injectio - CVE: 2007-1810: https://www.exploit-db.com/exploits/3626
/modules/tinyevent/DownloadXOOPS Module Tiny Event 1.01 (id) Remote SQL Injection - CVE: 2007-1811: https://www.exploit-db.com/exploits/3625
/modules/jobs/DownloadXOOPS Module Jobs 2.4 (cid) Remote SQL Injection - CVE: 2007-2370: https://www.exploit-db.com/exploits/3672
com_booklibraryDownloadJoomla Book Library 1.0 file inclusion - CVE: 2009-3817: https://www.exploit-db.com/exploits/9889
com_jsjobsDownloadJoomla Component com_jsjobs 1.0.5.6 SQL Injection Vulnerabilities - CVE: 2009-4599: https://www.exploit-db.com/exploits/10366
com_ipropertyDownloadJoomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability - CVE: 2010-1721: https://www.exploit-db.com/exploits/12246
index.php?module=pnFlashGamesDownloadPostNuke Module pnFlashGames 2.5 SQL Injection Vulnerabilities - CVE: 2008-2013: https://www.exploit-db.com/exploits/5500
/modules/library/DownloadXOOPS Module Library (viewcat.php) Remote SQL Injectio - CVE: 2007-1815: https://www.exploit-db.com/exploits/3619
/modules/repository/DownloadXOOPS Module Repository (viewcat.php) Remote SQL Injection - CVE: 2007-1847: https://www.exploit-db.com/exploits/3612
/modules/wflinksDownloadXOOPS Module WF-Links 1.03 (cid) Remote SQL Injection - CVE: 2007-2373: https://www.exploit-db.com/exploits/3670
/modules/glossaire/DownloadXOOPS Module Glossarie
com_gameserverDownloadJoomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability - CVE: 2009-3063: https://www.exploit-db.com/exploits/9571
com_annoncesDownloadJoomla Component com_annonces Upload Vulnerability: https://www.exploit-db.com/exploits/13748
fclick.php?fidDownloadFast Click (1.1.3 , 2.3.8) (show.php) Remote File Inclusion - CVE: 2006-2175: https://www.exploit-db.com/exploits/1740
/modules/wfsection/Downloadhttps://www.exploit-db.com/exploits/3644/
com_jp_jobsDownloadJoomla Component com_jp_jobs 1.2.0 (id) SQL Injection Vulnerability - CVE: 2010-1350: https://www.exploit-db.com/exploits/12191
com_surveymanagerDownloadJoomla com_surveymanager SQL injection vulnerability - CVE: 2009-3325: https://www.exploit-db.com/exploits/9721
com_ezineDownloadJoomla / Mambo Component com_ezine v2.1 Remote File Include Vulnerability - CVE: 2009-4094: https://www.exploit-db.com/exploits/10178
roschedule.phpDownloadphpScheduleIt 1.2.10 (reserve.php) Remote Code Execution - CVE: 2008-6132: https://www.exploit-db.com/exploits/6646
com_seyretDownloadJoomla Seyret Video Component (com_seyret) Blind SQL Injection: https://www.exploit-db.com/exploits/14172
index.php?option=com_jombibDownloadJoomla Component BibTeX 1.3 Remote Blind SQL Injection - CVE: 2007-4502: https://www.exploit-db.com/exploits/4310
modules/articles/index.php?cat_id=DownloadXOOPS module Articles 1.03 (index.php cat_id) SQL Injection - CVE: 2007-3311: https://www.exploit-db.com/exploits/3594
/webquest/soporte_derecha_w.php?DownloadPHP Webquest 2.5 (id_actividad) Remote SQL Injection - CVE: 2007-4920: https://www.exploit-db.com/exploits/4407
com_gcalendarDownloadJoomla Component com_gcalendar 1.1.2 (gcid) Remote SQL Injection Vulnerability - CVE: 2009-4099: https://www.exploit-db.com/exploits/10232
php-stats.js.phpDownloadPhp-Stats 0.1.9.1b (php-stats-options.php) admin 2 exec() - CVE: 2006-7173: https://www.exploit-db.com/exploits/3502
index.php?name=PNphpBB2DownloadPNphpBB2 1.2 (index.php c) Remote SQL Injection - CVE: 2007-3052: https://www.exploit-db.com/exploits/4026
/modules/lykos_reviews/DownloadXOOPS Module Lykos Reviews 1.00 (index.php) SQL Injection - CVE: 2007-1817: https://www.exploit-db.com/exploits/3618
/modules/xfsection/DownloadXOOPS Module XFsection 1.07 (articleid) BLIND SQL Injection - CVE: 2005-0725: https://www.exploit-db.com/exploits/3645
phpwcms/index.php?id=Downloadphpwcms 1.2.6 (Cookie: wcs_user_lang) Local File Include: https://www.exploit-db.com/exploits/2758
/modules/debaser/DownloadXOOPS Module debaser 0.92 (genre.php) BLIND SQL Injection- CVE: 2007-1805: https://www.exploit-db.com/exploits/3630
/modules/rmgallery/DownloadXOOPS Module RM+Soft Gallery 1.0 BLIND SQL Injection - CVE: 2007-1806: https://www.exploit-db.com/exploits/3633
imageview5DownloadImageview 5 (Cookie/index.php) Remote Local Include - CVE: 2006-5554:
index.php?ind=blogDownloadMKPortal 1.2.1 Multiple Remote Vulnerabilities: https://www.exploit-db.com/exploits/7796/
jscripts/tiny_mce/plugins/tinybrowser/Downloadinurl:&jscripts/tiny_mce/plugins/tinybrowser/&
/exec/show/tech-support/crDownloadDefault Cisco 2800 Series page
?act=phpinfoDownloadMatch some well known phpshells (c99 and ironwarez and the like).
index.php?option=com_jeajaxeventcalendarDownloadJoomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection Vulnerability Author: altbta
index.php?option=com_competitionsDownloadSQL Injection: http://127.0.0.1/index.php?option=com_competitions&task=view&id=-9 union all select 1,2,3,4,group_concat(username,0x3a,email,0x3a,password),6,...
index.php?option=com_catalogueDownloadAuthor: Ashiyane Digital Security Team SQL Injection: http://server/index.php?option=com_catalogue&Itemid=73&cat_id=-999 union select 1,version(),user(),4,5,6
index.php?option=com_annuaireDownloadSQL Injection Vulnerability:
page.php?intPageID=DownloadSubmitter: Srblche SQL Injection: http://server/page.php?intPageID=[SQL]
configuration.php-distDownloadlocates the default configuration file of JOOMLA Author: ScOrPiOn
phpinfo.phpDownloadLocates phpinfo files. A phpinfo file Outputs a large amount of information about the current state of PHP. This includes information about PHP compilation o...
/vb/install/install.phpDownloadVbulletin installation wizards, allow users to modify installation parameters. May also reveal sql username, password and table installations. Author: ScOrPiOn
com_amresurrectedDownloadSubmitter: Bl4ck.Viper SQL Injection: index.php?option=com_amresurrected&Itemid=[Sqli]
showcat.asp?id=Download!ERROR! unexpected operator '='
produtos.asp?produto=DownloadSubmitter: Br0ly https://www.exploit-db.com/exploits/15776
/gadmin/index.phpDownloadAuthor: AtT4CKxT3rR0r1ST SQL Injection: www.site.com/gallery.php?id=null[Sql Injection]
com_eventcalDownloadAuthor : AtT4CKxT3rR0r1ST [F.Hack@w.cn] RFI: www.site.com/components/com_eventcal/eventcal.php?mosConfig_absolute_path=[shell.txt?]
app/etc/local.xmlDownloadMagento local.xml sensitive information disclosure
sitegenius/topic.phpDownloadSubmitter: dR.sqL SQL Injection: http://localhost/sitegenius/topic.php?id=[SQLi]
fbconnect_action=myhomeDownloadSubmitter: z0mbyak
clsUploadtest.aspDownloadSubmitter: KDGCrew
/includes/config.phpDownloadThe Dork Allows you to get data base information from config files. Author: XeNon
/xamppDownloadthis dork looks for servers with xampp installed
wp-content/plugins/age-verification/age-verification.phpDownloadWordpress Age Verification Plugin
.com/configuration.php-distDownloadFinds the configuration files of the PHP Database on the server.
finger.cgiDownloadFinger
32400/web/index.htmlDownloadSubmitting this for the GHDB. These are web accessible Plex Media Servers
r00t.phpDownloadThis dork finds websites that were hacked, backdoored and contains their
InfoViewApp/logon.jspDownloadGoogle Hacking
phpliteadmin.phpDownloadThe default password is 'admin'
/wp-content/w3tc/dbcache/Download#NAME?
/control/userimage.htmlDownloadMobotix webcam search. yet another newer search
dasdec/dasdec.cspDownloadinurl:&dasdec/dasdec.csp&
5000/webman/index.cgiDownloadSynology nas login
/secure/login.aspxDownload#Summary: Several Web Pages Login Portal
/cgi-mod/index.cgiDownloadReturns login pages for various Barracuda Networks branded hardware spam
/webcm?getpage=DownloadReturns various Actiontec (and often Qwest) branded routers' login pages.
/module.php/core/loginuserpass.phpDownloadFinds SimpleSAMLphp login pages.
utilities/TreeView.aspDownloadFrom the marketing brochure: &UltiPro Workforce Management offers you the most comprehensive and cost-effective HR and payroll solution on the market today.&...
/administrator/index.php?autologin=1DownloadTitle: google hacking username and password of joomla
Citrix/XenApp/auth/login.aspxDownloadFinds login portals for Citrix XenApp.
typo3/install/index.php?mode=Downloadtypo3 install logins
typo3conf/localconf.phpDownloadtypo3 passwords 🙂
/public.php?service=filesDownloadSearch for shared files from ownCloud
cgi-bin/mailgraph.cgiDownloadMail statistics
/wwwboardDownloadThe software wwwboard stores its passwords in a file called &passwd.txt&.An attacker may try to search forinurl:/wwwboardthen add a &passwd.txt& to it (../ww...
dyn_sensors.htmDownloadMiniGoose II environmental temprature monitoring panel
/cgi-bin/.cgiDownloadFinds open index of /cgi-bin.
.cgi-bin/luciDownloadDirectory & Powered by LuCI Trunk&.
upsstats.cgi?hostDownloadUPS Online Devices. Enjoy!!!.
/wp-admin/post.php?post=DownloadThis dork finds websites which could be exploitable using Adrián M. F.
/dbg-wizard.phpDownload# Exploit Title: Nusphere PHP DBG wizard
private_filesDownloadDirectory private files xD.
gotoURL.asp?url=DownloadASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely available ...
EndUserPortal.jspDownloadinurl:EndUserPortal.jsp
/plugins/aviary-image-editor-add-on-for-gravity-forms/Downloadwww.exploit-db.com/exploits/37275/
/wp-content/plugins/inboundio-marketing/Downloadhttps://www.exploit-db.com/exploits/36478/
printer/main.htmlDownloadThis Dork reveals a lot of Printers Panels.
agc/vicidial.phpDownloadThis reveals the version of vicidial used and gives the access changing to
/aspnet_client/system_web/DownloadGoogle dork Description: Juice Directory &ASP&
wp-content/uploads/privateDownloadDirectories with juicy data.
/cgi-bin/sqwebmail?noframes=1DownloadsQWebmail login portals.
httpmon.phpDownloadDork for Zabbix Network Monitoring systems.
/cgi-bin/MANGA/index.cgiDownloadDescription: This dork can access many login portal of big companies systems ( use this wisely. )
comersus_message.aspDownloadAbout Comercus: &Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus...
/node/add/eventDownloadDorks For Drupal HTML& Arbitrary File Upload Vulnerabilities
/tcpipv6.htmDownloadinurl:/tcpipv6.htm
/cgi-bin/luci/freifunk/graph/olsrd/topology/Downloadinurl:/cgi-bin/luci/freifunk/graph/olsrd/topology/
/weblogin.aspxDownloadinurl:/weblogin.aspx
/tcpipv4.htmDownloadTCP/IP Settings HP LaserJet Logins
/AirWatch/Login?DownloadAirWatch Company.
/nesp/appDownloadNovell Access Manager and NetIQ Access Manager
login.php?action=recoverDownloadDescription: Password recovery forms
/,DanaInfo=DownloadYet another Remote Login Dork.
phpsysinfo/index.php?disp=dynamicDownloadThese Dork show a lot of info about servers behind the webpages.
sap-system-loginDownloadDescription: SAP Web Application Server login page
.asp?strParents=DownloadAuthor: Charley Celice (@charleycelice)
/view/viewer_index.shtmlDownloadinurl:/view/viewer_index.shtml
/Remote/logon?ReturnUrlDownloadinurl:/Remote/logon?ReturnUrl
https://pma.DownloadGoogle dork Description: inurl:https://pma.
inmotionhosting.com:2096/Download# Title: Webmail login pages
dynamic.php?page=mailboxDownload# Exploit Title: Webmail login pages
cgi-bin/ultimatebb.cgi?ubb=loginDownloadThese are login pages for Infopop's message board UBB.classic. For the UBB.threads you can use this search This next search finds all UBB pages with the info...
/db/main.mdbDownloadASP-Nuke database file containing passwords.This search goes for the direct location and has few results. For more hits an attacker would try to find ASP-Nuk...
/sites/default/files/webform/DownloadDescription: Drupal default web-forms' storage path, usually a lot of files there contains juicy info
/WebInterface/login.htmlDownloadLogin Pages for CrushFTP
/wp-content/uploads/levoslideshow/DownloadWebshell Upload.
/awcuser/cgi-bin/DownloadGoogle Dork for Mitel systems:
DiGIR.phpDownload# Exploit Title: (Google Dork) inurl:DiGIR.php
Dialin/Conference.aspxDownload# Exploit Title: Google dork to discover Lync Server 2013
/FCKeditor/editor/filemanager/upload/Downloadinurl:/FCKeditor/editor/filemanager/upload/
/weathermap/weathermap-cacti-plugin.phpDownloadMap IT infrastructure through Weathermap Cacti plugin
/human.aspx?r=DownloadSecure ftp server Logins
https://vdiDownloadVMware Horizon Logins
/mjpgmain.aspDownloadName = Live view of Y-cam
calendar.google.com/calendar/embed?src=DownloadThis will bring up publicly available Google Calendars. For example, using
/php/info.phpDownload# Google Dork: inurl:/php/info.php
.esy.es/default.phpDownloadDork: inurl:&.esy.es/default.php&
/mjpg/video.mjpgDownloadaxis cameras.
proftpdpasswdDownloadDork of proftpd passwords!.
/viewlsts.aspx?BaseType=DownloadSharePoint Files
/index.php?option=com_artformsDownload# Exploit Title : ----------- :Joomla &com_artforms& component SQL Injection
forgot.do;jsessionid=DownloadForgot password portals
sendmessage.php?type=skypeDownloadDork to find Joomla JMS Support Online Module Reflected XSS (skype module)
/profile.php?lookup=1Downloadinurl:/profile.php?lookup=1
cgi-bin/lsnodes_web?nodeDownloadDork for status node of radios online.
/SecureAuth1DownloadSecureAuth
exit.php?site=DownloadFinds files that let you redirect users to any site!
/HtmlAdaptor?action=DownloadJBoss JMX-Console MBean Viewer
gs/adminlogin.aspxDownloadGradeSpeed seems to be a .NET application to administer school results for several schools using the web. If you do not select a school an error is reported....
/fmi/webdDownloadFileMaker WebDirect Logins
lvappl.htmDownloadFinds live cameras connected to servers on the internet (mostly security
member.php?action=loginDownloadFinds logins powered by MyBB
http://voicemail.DownloadVarious voicemail servers like Cisco Unity Messaging.
go.cgi?url=DownloadFinds pages which can be exploited to redirect to any site (You could use
/view/view.shtml?id=DownloadFinds Axis IP cameras
/_catalogsDownload*Google dork description: *Identify sharepoint servers
/siteadmin/index.phpDownloadFinds admin control panels
http://webmail.DownloadFinds various webmail servers.
http://ftp.dlinkDownloadThis dork allows us to find lists of FTP directories of D-Link routers
idx_configDownloadFinds grabbed config by shell (database,cpanel,smtp....)
Login;jsessionid=DownloadFinds generic JS login portals
dcwp_twitter.php?1=DownloadFinds Twitter API logs with private messages, encrypted credentials, and
g2_view=webdav.WebDavMountDownloadinurl:&g2_view=webdav.WebDavMount&
/remote/login?lang=enDownloadFind FortiGate Firewall's SSL-VPN login portal.
/proc/self/cwdDownload# Google Dork: inurl:/proc/self/cwd
/_layouts/mobile/view.aspx?List=DownloadI came across on a string \ dork that does not exist anywhere and it allows
front/central.phpDownloadGLPI login screen. Default login:
img/main.cgi?next_fileDownloadDork that allows us to find online cameras, be it security, webcams, etc.
share.cgi?ssid=DownloadThis dork show myQnap cloud servers files and folder shared.
/maint/repair.php?repair=1DownloadWordpress database repair displaying active tables
scan_result_fileDownloadWill produce a list of sites that have clamAV results, which could list
plog/register.phpDownloadpLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about removing...
guestimage.htmlDownloadMobotix cameras online.
https://owaDownload*Google dork description: *Sites running Outlook Web Application (OWA) and
/testssi.ssiDownload*Google dork description: *Xitami servers distributed with a script for
wp-links-opml.phpDownloadA Google dork that gives the information about wordpress opml version
/horde/test.phpDownloadExploit Title:horde php information disclosure
snitz_forums_2000.mdbDownloadThe SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says: &it is strongly recommended that you change the default database name from snitz_f...
/moodle/login/index.phpDownloadFinds Moodle Login pages
https://mylogin.DownloadFinds login pages, mostly on educational websites
mgl-instagram-gallery/single-gallery.php?mediaDownloadThis Dork, helps us find websites, which contain the mgl-instagram-gallery plugin of WordPress Vulnerable to XSS
/libs/granite/core/content/login.htmlDownloadThe following dork will give you the list of AEM Installed server. (Adobe
/jde/E1Menu.mafDownloadThis dork is to search for public available jd edward ERP portals.
/add_vhost.php?lang=Downloadinurl:/add_vhost.php?lang=
main.php?action=dbDownloadThis dork will find installations of MySQLDumper (http://www.mysqldumper.de/)
/frontend/paper_lantern/index.htmlDownloadinurl:/frontend/paper_lantern/index.html
plesk-statDownloadAuthor: Cr33pb0y
/install/stringnames.txtDownloadinurl:/install/stringnames.txt
:5601/app/kibanaDownloadCheck this out multiple ELK/Kibana management portal are open with no
control/camerainfoDownloadDashboard with info of a lot of webcams!!!
mewebmailDownloadMailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 systems. This version is free for both personal and commercial...
/_layouts/settingsDownloadWith the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage, and b...
hp/device/this.LCDispatcherDownloadThis one gets you on the web interface of some more HP Printers.
comment.php?serendipityDownloadserendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to inject S...
shopdbtest.aspDownloadshopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script allows remote attackers toview the database location, and since ...
midicart.mdbDownloadMIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers...
netw_tcp.shtmlDownloadAn Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or ma...
ttt-webmaster.phpDownloadTurbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://www.secur...
calendar.asp?action=loginDownloadaspWebCalendar is a browser based software package that runs over a standard web browser, such as Internet Explorer from Microsoft, and allows an organizatio...
slxweb.dllDownloadsalesLogix is the Customer Relationship Management solution thatdrives sales performance in small to medium-sized businesses through Sales, Marketing, and Cu...
wiki/MediaWikiDownloadMediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attac...
webutil.plDownloadwebutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslookup* host* dnsquery* dig* calendar* uptime
putty.regDownloadThis registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here.
axis-cgiDownloadJust another search string to detect the infamous Axis netcams. This company actually changed the generic /cgi-bin/ directory name to /axis-cgi/, making it e...
cal_make.plDownloadA security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www.securit...
ipp/pdisplay.htmDownloadProviding a standout printing solution, Novell iPrint offers secure print services that extend across multiple networks and operating systemsâ€â€...
ds.pyDownloadAffordable Web-based document and content management application lets businesses of every size rapidly deploy a world-class Enterprise Content Management (EC...
install/install.phpDownloadThis searches for the install.php file. Most results will be a Bulletin board like Phpbb etc.This will let an attacker install the forum again. There is an e...
servlet/webaccDownloadI was playing around on the net when I found a small problem with Novell's WebAcces. With User.lang you can give in you're language as parameter I tried some...
orasso.wwsso_app_admin.ls_loginDownloadOracle provides a Single Sign-On solution which is quite widely spread as it integrates quite seemlessly into exisitng appllications (as Oracle says).If the ...
netscape.iniDownloadThere's a bunch of interesting info in netscape.ini1. Viewers: which multimedia viewers the firm or people are using2.Cookies3.Address Book4.Mail- If pop3 is...
netscape.hstDownloadNetscape Bookmark List/History: So an attacker would be able to locate the bookmark and history list
bookmark.htmDownloadBookmarks for Netscape and various other browsers.
netscape.hstDownloadHistory for Netscape - So an attacker can read a user's browsing history.
na_adminDownloadThis searches for the admin pages for a &Network Appliance& box. An authenticated user could get access to a their data - all of it, in fact up to 100's Tb o...
camctrl.cgiDownloadVivotec web cams
WCP_USERDownloadWebConnect is client-server based software that provides secure browser based emulation to mainframe, midrange and UNIX systems
suse/login.plDownloadMore Suse login portals, mostly Open Exchange.
gnatsweb.plDownloadGNU GNATS is a set of tools for tracking bugs reported by users to a central site. It allows problem report management and communication with users via vario...
exchweb/bin/auth/owalogon.aspDownloadOutlook Web Access Login POrtal

 

Never Make Secret URLs or Query Strings Publicly Accessible

 

URLs and query parameters aren’t secure. They should never contain sensitive or important information (passwords, static shared secrets, private information, etc).

 

Here’s why URLs and query parameters are unsafe:

 

Search engines and web crawlers can discover them.

The web can be crawled by anyone. Google automatically indexes a website’s information, and unless sensitive information is explicitly blocked from indexing (i.e. nofollow, robots.txt), all of that information would be available to discover via dorks or advanced search operators.

Users might post the link, not realizing what they’ve shared.

This information will be exposed in the “referrer” header.

Consider a webpage like “wp-content/uploads/private”. If the browser needs to make a request to another domain to render this webpage (for instance, to download an image), a header will be included: “Referer: http://yourdomain.com/wp-content/uploads/private”. If the requested URL isn’t in your domain, who knows what that other website could be doing with that header?

They’re available to browser extensions.

Browser extensions can see query parameters from any site (if the user gives them permission) and use them however they like. Headers, cookies, POST bodies, etc. are only available to browser extensions on certain domains that the user explicitly allows, but not everyone reads the fine print when installing extensions.

HTTPS won’t help you

Even if you were to load these URLs via HTTPS connection, the URL itself is still visible to anyone who may be monitoring your network traffic.

About NerdyData.com

We help customers find websites using certain technologies, or obscure pieces of code. Our search engine crawls and indexes popular websites frequently so you can search for any code, retroactively.

Advanced features include:

  • We render Javascript which lets you search otherwise “hidden code”
  • We index server response headers, cookies, and variables to return more results
  • Only quality 200 status websites are indexed to prevent useless results or dead links

Custom reports for more exotic use-cases

Do you have a very specific need to find code or websites using a technology?

Is your search term very obscure and you want to analyze our larger enterprise database? We will help you find quality results from across the web.

Email us today to learn more