lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a6760b53781aa9b01eef9e1815c925f4@openmailbox.org>
Date: Fri, 04 Jul 2014 11:01:10 +0200
From: rai@...nmailbox.org
To: fulldisclosure@...lists.org
Subject: [FD] Finding page including parameters with google dorks

Hi,

Here's a google dork that doesn't seem to be listed anywhere but gets 
some good results:

inurl:"index.php?page="

Inside that parameter, there can be straightforward lfi's, rfi's but 
also subtle things too. The search does bring in a lot of false 
positives, so looking for urls ending with extensions helps.

http://maker.fea.st/startpage-dork.jpeg

(yes, i prefer startpage dork'ing)

Is there way of restricting to the search (wishfully thinking) to 
something like the below?

inurl:"index.php?page=*.(php|html|etc)"

--
rai





_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists