Dork : “inurl:dettaglio.php?

id=”

Exploit :
www.victim.com/sito/dettaglio.php?id=[SQL]

Example :
http://www.cicloposse.com/dettaglio.php?id=61′

Dork: inurl:prodotto.php?id)

Exploit:
www.victim.com/prodotto.php?id=[SQL]

Example:
http://www.poderimorini.com/en/prodotto.php?id=14′

sql injection dorks

allinurl: \”index php go buy\”

allinurl: \”index.php?go=sell\”
allinurl: \”index php go linkdir\”
allinurl: \”index.php?go=resource_center\”
allinurl: \”resource_center.html\”
allinurl: \”index.php?go=properties\”
allinurl: \”index.php?go=register\”

Error message queries

“A syntax error has occurred”filetype:ihtml

Informix database errors, potentially containing function names, filenames, file

structure information, pieces of SQL code and passwords

“Access denied for user” “Using password”

authorisation errors, potentially containing user names, function names, file

structure information and pieces of SQL code

“The script whose uid is ” “is not allowed to access”

access-related PHP errors, potentially containing filenames, function names and

file structure information

“ORA-00921: unexpected end of SQL command”

Oracle database errors, potentially containing filenames, function names and file
structure information

“error found handling the request” cocoon filetype:xml

Cocoon errors, potentially containing Cocoon version information, filenames,

function names and file structure information
“Invision Power Board Database Error”

Invision Power Board bulletin board errors, potentially containing function names,
filenames, file structure information and piece of SQL code

“Warning: mysql _ query()” “invalid query”

MySQL database errors, potentially containing user names, function names, filenames
and file structure information

“Error Message : Error loading required libraries.”

CGI script errors, potentially containing information about operating system and
program versions, user names, filenames and file structure information

“#mysql dump” filetype:sql

MySQL database errors, potentially containing information about database structure

and contents

Searching for personal data and confidential documents

filetype:xls inurl:”email.xls”

email.xls files, potentially containing contact information

“phone * * *” “address *” “e-mail” intitle: “curriculum vitae”

CVs

“not for distribution”

confidential documents containing the confidential clause

buddylist.blt

AIM contacts list

intitle:index.of mystuff.xml

Trillian IM contacts list

filetype:ctt “msn”

MSN contacts list

filetype:QDF

QDF database files for the Quicken financial application

intitle:index.of finances.xls
finances.xls files, potentially containing information on bank accounts, financial
summaries and credit card numbers

intitle:”Index Of” -inurl:maillog maillog size

maillog files, potentially containing e-mail

Network Vulnerability Assessment Report”

“Host Vulnerability Summary Report”
filetype:pdf “Assessment Report”
“This file was generated by Nessus”

reports for network security scans, penetration tests etc

dork for locating network devices

“Copyright (c) Tektronix, Inc.” “printer status”

PhaserLink printers

inurl:”printer/main.html” intext:”settings”

Brother HL printers

intitle:”Dell Laser Printer” ews

Dell printers with EWS technology

intext:centreware inurl:status

Xerox Phaser 4500/6250/8200/8400 printers

inurl:hp/device/this.LCDispatcher

HP printers

intitle:liveapplet inurl:LvAppl

Canon Webview webcams

intitle:”EvoCam” inurl:”webcam.html”

Evocam webcams

inurl:”ViewerFrame?Mode=”

Panasonic Network Camera webcams

(intext:”MOBOTIX M1? | intext:”MOBOTIX M10?) intext:”Open Menu” Shift-Reload

Mobotix webcams

inurl:indexFrame.shtml Axis

Axis webcams

intitle:”my webcamXP server!” inurl:”:8080?

webcams accessible via WebcamXP Server

allintitle:Brains, Corp.

camera webcams accessible via mmEye

intitle:”active webcam page”

intitle:"index of" db.frm Sensitive Directories

intitle:"index of" /known_hosts Files Containing Juicy Info Alexandros Pappas
intitle:"index of" errors.log Error Messages
intitle:"index of" machine.config Files Containing Juicy Info
intitle:"index of" apache.log Files Containing Juicy Info
intitle:"index of" /.ssh/id_rsa OR id_rsa.pub Files Containing Juicy Info
intitle:"index of" "syslog" Files Containing Juicy Info
intitle:"index of" "/cron.log" Files Containing Juicy Info
intitle:"index of" "/db_backups/" Sensitive Directories
intitle:"index of" keepass.kdbx OR database.kdbx Files Containing Juicy Info
inurl:"/dynamic/password-reset.html" Pages Containing Login Portals
intitle:"Kyocera Command Center" inurl:index.htm Various Online Devices
intitle:"Internet Services" inurl:default.htm intext:"FUJI XEROX" Various
Online Devices
intitle:"Index of" db_mysql.inc Files Containing Juicy Info
intitle:"Index of" db.inc Files Containing Juicy Info
"DBPassword" ext:cfg OR ext:log OR ext:txt OR ext:sql -git Files Containing Juicy
Info
"MasterUserPassword" ext:cfg OR ext:log OR ext:txt -git Files Containing
Passwords
"The default username and password is admin:admin" intitle:Login OR inurl:login.php
Pages Containing Login Portals
"/etc/shadow root:$" ext:cfg OR ext:log OR ext:txt OR ext:sql -git Files
Containing Passwords
inurl:/8080/login.html Pages Containing Login Portals
intitle:"index of " "*.passwords.txt" Files Containing Passwords
inurl:start.swe?SWECmd Pages Containing Login Portals
"SecretAccessKey" OR "AccessKeyId" ext:txt OR ext:cfg -git Files Containing Juicy
Info
"admin password irreversible-cipher" ext:txt OR ext:log OR ext:cfg Files
Containing Passwords
"super password level 3 cipher" ext:txt OR ext:log Files Containing Passwords
inurl:/index.htm intext:"Oki Data Corporation" Various Online Devices
inurl:8080/portal/pda/?force.login=yes Pages Containing Login Portals
inurl:8080/dashboard intitle:Graphite Dashboard Various Online Devices
inurl:8080/dashboard.php Various Online Devices
intitle:"index of" "debug.log" OR "debug-log" Web Server Detection
intitle:"index of" "db.ini" Files Containing Passwords
intitle:"index of" application.ini Files Containing Passwords
intitle:"index of" "database.ini" OR "database.ini.old" Files Containing
Passwords
site:."atlassian.net" "Log in to your account" Pages Containing Login Portals
inurl:mainFrame.cgi intext:"RICOH" Various Online Devices
inurl:/?MAIN=DEVICE intitle:TopAccess intext:Device Various Online Devices
inurl:sws/index.html AND intext:"Model Name" AND intext:"Serial Number"
Various Online Devices
2020-04-20 inurl:"login.html" intitle:"d-link" Pages Containing Login Portals
intitle:"My Book World Edition - MyBookWorld" Advisories and Vulnerabilities
"login" intitle:"iot login" Pages Containing Login Portals
site:*/test/login Pages Containing Login Portals
inurl:"index.php?option=com_jsjobs" Advisories and Vulnerabilities
site:*/lost-password/ Pages Containing Login Portals
"Welcome to Sentry, please log in:" Pages Containing Login Portals
inurl:/DeclaranetPlusWebapp/ intext:Entrar Pages Containing Login Portals
inurl:/main.html intext:SHARP AND intext:MX-* Various Online Devices
"-----BEGIN OpenVPN Static key V1-----" ext:key Files Containing Juicy Info
intitle:"index of" "common.crt" OR "ca.crt" Sensitive Directories
"-----BEGIN CERTIFICATE-----" ext:pem -git Files Containing Juicy Info
intitle:"index of" "proxy.pac" OR "proxy.pac.bak" Sensitive Directories
intext:"Welcome Site/User Administrator" Pages Containing Login Portals
intitle:"index of" "global.asa" Sensitive Directories
intitle:"index of" errorlog.txt Files Containing Juicy Info
inurl:"wp-contentpluginsall-in-one-seo-pack" Advisories and Vulnerabilities
intitle:"index of" "cctv" Sensitive Directories
inurl:"/auth.php?forgot_password=yes" Pages Containing Login Portals
site:*/auth.php Pages Containing Login Portals
site:*/password_lost.php Pages Containing Login Portals
inurl:/dana/home/ filetype:cgi Various Online Devices
site:*/request-new-password Pages Containing Login Portals
intext:"Any time & Any where" intext:"Username" intext:"Password" intext:login
intext:"View: Mobile | PC" Pages Containing Login Portals
intext:"This is the default welcome page used to test the correct operation of the
Apache2 server" Web Server Detection
inurl:/dana-cached/sc/ Various Online Devices
inurl:main_login.html intitle:Netgear Pages Containing Login Portals
site:*/JIRA/login Pages Containing Login Portals
site:*/admin/password.php Pages Containing Login Portals
inurl:r51173 intext:"Keep me logged in" Pages Containing Login Portals
inurl:/global-protect/login.esp Pages Containing Login Portals
inurl:"/WebResource.axd?d=" AND intext:Error Error Messages
inurl:/sslvpn/Login/Login Pages Containing Login Portals
"Powered by SePortal 2.5" Advisories and Vulnerabilities
inurl:"index.php?id=" intext:"Warning: mysql_num_rows()" Error Messages
intitle:"index of" "cvsweb.cgi" Various Online Devices
inurl:./sws/index.sws Various Online Devices
2020-04-16 intitle:"index of" "vpn-config.*" Files Containing Juicy Info
intitle:"index of" "owncloud/config/*" Sensitive Directories
intitle:"index of" "iredadmin/*" Sensitive Directories
intitle:"index of" default.rdp Files Containing Juicy Info
intitle: "index of" "MySQL-Router" Sensitive Directories
site:*/PassRecover Pages Containing Login Portals
site:*/user/forgotpass Pages Containing Login Portals
site:*/signup/pass Pages Containing Login Portals
site:account.*.*/recovery Pages Containing Login Portals
intext:"Powered by YouPHPTube" Advisories and Vulnerabilities
inurl:SSI/index.htm Various Online Devices
inurl:/frameprop.htm Various Online Devices
intext:"Current Configuration:" ext:cfg -git Files Containing Juicy Info
"Powered by PHPBack" Advisories and Vulnerabilities
"Powered by Lanius CMS" Advisories and Vulnerabilities
filetype:php inurl:"/general/login.php?PHPSESSID=" Advisories and
Vulnerabilities
inurl:php-bin/webclient.php Advisories and Vulnerabilities
inurl:/?op=registration Advisories and Vulnerabilities
site:*/lost_pass.php Pages Containing Login Portals
inurl:"/English/pages_WinUS/" AND intitle:"Top page" Various Online Devices
intitle:"index of" cvsweb.conf Files Containing Juicy Info
"Powered by sNews CMS" Advisories and Vulnerabilities
"Powered by Podcast Generator" Advisories and Vulnerabilities
"Powered By Liferay" Advisories and Vulnerabilities
intitle:"index of" cvsroot Sensitive Directories
intitle:"Printer Status" AND inurl:"/PrinterStatus.html" Various Online Devices
filetype:reg reg HKEY_USERS -git Files Containing Juicy Info
site:*/signup/password.php Pages Containing Login Portals
site:*/requestpassword.* Pages Containing Login Portals
site:*/membersarea intitle:"login" Pages Containing Login Portals
site:*/user/forgot Pages Containing Login Portals
inurl:("/storage/logs/laravel.log") AND intext:("local.ERROR" | "NULL.ERROR" |
"EMERGENCY:") Error Messages
filetype:reg reg [HKEY_CURRENT_USERSoftware] -git Files Containing Juicy Info
filetype:reg reg HKEY_CLASSES_ROOT -git Files Containing Juicy Info
inurl:axis-cgi/mjpg/video.cgi Various Online Devices
site:*/changePassword.php Pages Containing Login Portals
site:*/reminder_password Pages Containing Login Portals
intitle:NetworkCamera intext:"Pan / Tilt" inurl:ViewerFrameVarious Online Devices
intitle:"index of" "db.connection.js" Files Containing Passwords
site:*/resetpass.php Pages Containing Login Portals
site:*/retrieve-password Pages Containing Login Portals
inurl:cgistart Various Online Devices
site:*/account-recovery.html Pages Containing Login Portals
inurl:view.shtml Various Online Devices
inurl:/live.htm intext:"M-JPEG"|"System Log"|"Camera-1"|"View Control" Various
Online Devices