Google dork Description: intitle:”index of” “onetoc2” “one”
Google search: intitle:”index of” “onetoc2” “one”
Submited: 2015-06-04
# Exploit Title: intitle:”index of” “onetoc2” “one”
# Google Dork: intitle:”index of” “onetoc2” “one”
# Date: 04/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NA

This dork allows you to see Onenote files stored in the open(*.one). These
files can be read easily with Onenote or a compatible viewer, no password,
no encryption.
The onetoc2 is added, it’s a worthless file but is always inside a folder
containing one or several onenote files(and it obviously helps narrowing
the search to what we’re looking for).

Google dork Description: intext:DB_PASSWORD ext:env
Google search: intext:DB_PASSWORD ext:env
Submited: 2015-05-29

This dork finds env files, usually used in Laravel configuration,
containing passwords and other juicy information.

Author: Augusto Pereira

Google dork Description: inurl:/dbg-wizard.php
Google search: inurl:/dbg-wizard.php
Submited: 2015-06-03

# Exploit Title: Nusphere PHP DBG wizard
# Date: 02-06-2015
# Vendor Homepage: http://www.nusphere.com
# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm
# Version: any
# Exploit Author: Alfred Armstrong
# Contact: http://twitter.com/alfaguru
# Website: http://figure-w.co.uk

DBG Wizard is meant to be used with the DBG PHP debugger as an aid to
configuring it correctly. It is supplied as a PHP script called
dbg-wizard.php which when placed in the root folder of a web site and
executed provides instructions to the user about setting up their web
server so the debugger can be used.

It is not meant to be present on a live site as it exposes details
about software configurations and versions which might allow an
attacker to discover other vulnerabilities. If the DBG shared library
is also installed it will expose that fact and potentially assist an
attacker in crafting a request to start a debug session in which they
could do anything that can be done through a PHP script, including
reading files and accessing database entries.

Alfred Armstrong

Google dork Description: filetype:pcf vpn OR Group
Google search: filetype:pcf vpn OR Group
Submited: 2015-06-10

This dork allows you to search for publicly accessible profile
configuration files (.pcf) used by VPN clients. These files typically
contain usernames, password, tunneling ports, VPN server information and
other information.

Cheers,

azupwn

Google dork Description: intitle:”Index Of” intext:”iCloud Photos” OR intext:”My Photo Stream” OR intext:”Camera Roll”
Google search: intitle:”Index Of” intext:”iCloud Photos” OR intext:”My Photo Stream” OR intext:”Camera Roll”
Submited: 2015-06-17
From: Creep Mode Baby
Google dork Description: intitle:”index of” “fic” “ndx”
Google search: intitle:”index of” “fic” “ndx”
Submited: 2015-06-10
# Exploit Title: intitle:”index of” “fic” “ndx”
# Google Dork: intitle:”index of” “fic” “ndx”
# Date: 10/06/2015
# Exploit Author: SphearisThis dork allows you to look for Hyperfile databases(.FIC) stored in the
open. You can simply read them in a text editor(You’ll see the header and
then the database content in plain text) or you can convert them(to xml,
excel, …) with free software. In order to convert them, you also need the
linked index file (.NDX) and optional mmo file which are located in the
same directory.
Some Windev/Webdev installations store usernames and other sensitive
information in that kind of file.
Google dork Description: inurl:private_files
Google search: inurl:private_files
Submited: 2015-06-10
Directory private files xD.
By Rootkit.
Google dork Description: intitle:”Index of” “mail” “Inbox” “Sent”
Google search: intitle:”Index of” “mail” “Inbox” “Sent”
Submited: 2015-06-10
This Dork reveal the folders of “Inbox” and “Sent” for mail servers. Enjoy.

 

Google dork Description: intitle:”index of” inurl:”no-ip.com”
Google search: intitle:”index of” inurl:”no-ip.com”
Submited: 2015-06-17

# Exploit Title: intitle:”index of” inurl:”no-ip.com”
# Google Dork: intitle:”index of” inurl:”no-ip.com”
# Date: 17/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NAThis dork allows you to browse files stored on a personal server(home)
using a dynamic dns service to update server IP.
You can replace “no-ip.com” with any other dynamic dns hosts:
“dyndns.org”
“ddns.net”
“dynamic-dns.net”
“dynip.com”
“tzo.com”

Content Protection by DMCA.com