Inurl php menuid what earnings. Operators of the Google search engine. public, protected and private: access control

Merged

Hello guys!
I want to say right away that I am not an in-depth specialist - there are people smarter and with deeper knowledge. For me personally this is a hobby. But there are people who know less than me - first of all, the material is not intended for complete fools, but you don’t need to be super pro to understand it.
Many of us are accustomed to thinking that a dork is a vulnerability, alas, you were wrong - in essence, a dork is a search request sent to a search engine.
That is, the word index.php?id= dork
but the word Shop is also a word.
In order to understand what you want, you must be clearly aware of your requirements for a search engine. The usual form of dork index.php?id= can be divided into
index - key
.php? - code indicating that you need a website built on Php
id= identifier of something on the site
id=2 in our case 2 is an indication with which parameter the identifier should be parsed.
If you write index.php?id=2 then there will be sites only with id=2; if there is a mismatch, the site will be eliminated. For this reason, it makes no sense to write an exact indication to the identifier - since it can be 1,2,3,4,5 and ad infinitum.
If you decide to create an exact dork, say for Steam, then it makes sense to give it this look
inurl:game* +intext:"csgo"
it will parse the word game* in the site URL (where * is an arbitrary number of characters after the word game - after all, it can be games and the like)
It is also worth using an operator such as intitle:
If you have seen a good gaming site or you have a list of vulnerable gaming sites
It makes sense to use the related operator for parsing:
For related: a value in the form of a link to the site is suitable
related: ***
- it will find all sites from the search engine's point of view similar to the specified one
Remember - a dork is a parsing - it is not a hole.
A hole, also known as a vulnerability, is detected by a scanner based on what you have parsed.
I personally do not recommend using a large number of prefixes (search operators) when you work without proxies.
I'll tell you about the method of creating private doors for the country
In order to create a door like index.php?id= we will have to parse it
index - we will replace it with an arbitrary word
.php?id= will be the code for our dork
Dream up new code there is no point - because many sites are stable on the same codes and engines and will continue to be. List of codes:

Spoiler: Dorky

Php?ts=
.php?topic=
.php?t=
.php?ch=
.php?_nkw=
.php?id=
.php?option=
.php?view=
.php?lang=
.php?page=
.php?p=
.php?q=
.php?gdjkgd=
.php?son=
.php?search=
.php?uid=
.php?title=
.php?id_q=
.php?prId=
.php?tag=
.php?letter=
.php?prid=
.php?catid=
.php?ID=
.php?iWine=
.php?productID=
.php?products_id=
.php?topic_id=
.php?pg=
.php?clan=
.php?fid=
.php?url=
.php?show=
.php?inf=
.php?event_id=
.php?term=
.php?TegID=
.php?cid=
.php?prjid=
.php?pageid=
.php?name=
.php?id_n=
.php?th_id=
.php?category=
.php?book_id=
.php?isbn=
.php?item_id=
.php?sSearchword=
.php?CatID=
.php?art=
.html?ts=
.html?topic=
.html?t=
.html?ch=
.html?_nkw=
.html?id=
.html?option=
.html?view=
.html?lang=
.html?page=
.html?p=
.html?q=
.html?gdjkgd=
.html?son=
.html?search=
.html?uid=
.html?title=
.html?id_q=
.html?prId=
.html?tag=
.html?letter=
.html?prid=
.html?catid=
.html?ID=
.html?iWine=
.html?productID=
.html?products_id=
.html?topic_id=
.html?pg=
.html?clan=
.html?fid=
.html?url=
.html?show=
.html?inf=
.html?event_id=
.html?term=
.html?TegID=
.html?cid=
.html?prjid=
.html?pageid=
.html?name=
.html?id_n=
.html?th_id=
.html?category=
.html?book_id=
.html?isbn=
.html?item_id=
.html?sSearchword=
.html?CatID=
.html?art=
.aspx?ts=
.aspx?topic=
.aspx?t=
.aspx?ch=
.aspx?_nkw=
.aspx?id=
.aspx?option=
.aspx?view=
.aspx?lang=
.aspx?page=
.aspx?p=
.aspx?q=
.aspx?gdjkgd=
.aspx?son=
.aspx?search=
.aspx?uid=
.aspx?title=
.aspx?id_q=
.aspx?prId=
.aspx?tag=
.aspx?letter=
.aspx?prid=
.aspx?catid=
.aspx?ID=
.aspx?iWine=
.aspx?productID=
.aspx?products_id=
.aspx?topic_id=
.aspx?pg=
.aspx?clan=
.aspx?fid=
.aspx?url=
.aspx?show=
.aspx?inf=
.aspx?event_id=
.aspx?term=
.aspx?TegID=
.aspx?cid=
.aspx?prjid=
.aspx?pageid=
.aspx?name=
.aspx?id_n=
.aspx?th_id=
.aspx?category=
.aspx?book_id=
.aspx?isbn=
.aspx?item_id=
.aspx?sSearchword=
.aspx?CatID=
.aspx?art=
.asp?ts=
.asp?topic=
.asp?t=
.asp?ch=
.asp?_nkw=
.asp?id=
.asp?option=
.asp?view=
.asp?lang=
.asp?page=
.asp?p=
.asp?q=
.asp?gdjkgd=
.asp?son=
.asp?search=
.asp?uid=
.asp?title=
.asp?id_q=
.asp?prId=
.asp?tag=
.asp?letter=
.asp?prid=
.asp?catid=
.asp?ID=
.asp?iWine=
.asp?productID=
.asp?products_id=
.asp?topic_id=
.asp?pg=
.asp?clan=
.asp?fid=
.asp?url=
.asp?show=
.asp?inf=
.asp?event_id=
.asp?term=
.asp?TegID=
.asp?cid=
.asp?prjid=
.asp?pageid=
.asp?name=
.asp?id_n=
.asp?th_id=
.asp?category=
.asp?book_id=
.asp?isbn=
.asp?item_id=
.asp?sSearchword=
.asp?CatID= .asp?art=
.htm?ts= .htm?topic=
.htm?t= .htm?ch=
.htm?_nkw=
.htm?id=
.htm?option=
.htm?view=
.htm?lang=
.htm?page=
.htm?p=
.htm?q=
.htm?gdjkgd=
.htm?son=
.htm?search=
.htm?uid=
.htm?title=
.htm?id_q=
.htm?prId=
.htm?tag=
.htm?letter=
.htm?prid=
.htm?catid=
.htm?ID=
.htm?iWine=
.htm?productID=
.htm?products_id=
.htm?topic_id=
.htm?pg=
.htm?clan=
.htm?fid=
.htm?url=
.htm?show=
.htm?inf=
.htm?event_id=
.htm?term=
.htm?TegID=
.htm?cid=
.htm?prjid=
.htm?pageid=
.htm?name=
.htm?id_n=
.htm?th_id=
.htm?category=
.htm?book_id=
.htm?isbn=
.htm?item_id=
.htm?sSearchword=
.htm?CatID=
.htm?art=
.cgi?ts=
.cgi?topic=
.cgi?t=
.cgi?ch=
.cgi?_nkw=
.cgi?id=
.cgi?option=
.cgi?view=
.cgi?lang=
.cgi?page=
.cgi?p=
.cgi?q=
.cgi?gdjkgd=
.cgi?son=
.cgi?search=
.cgi?uid=
.cgi?title=
.cgi?id_q=
.cgi?prId=
.cgi?tag=
.cgi?letter=
.cgi?prid=
.cgi?catid=
.cgi?ID=
.cgi?iWine=
.cgi?productID=
.cgi?products_id=
.cgi?topic_id=
.cgi?pg=
.cgi?clan=
.cgi?fid=
.cgi?url=
.cgi?show=
.cgi?inf=
.cgi?event_id=
.cgi?term=
.cgi?TegID=
.cgi?cid=
.cgi?prjid=
.cgi?pageid=
.cgi?name=
.cgi?id_n=
.cgi?th_id=
.cgi?category=
.cgi?book_id=
.cgi?isbn=
.cgi?item_id=
.cgi?sSearchword=
.cgi?CatID=
.cgi?art=
.jsp?ts=
.jsp?topic=
.jsp?t=
.jsp?ch=
.jsp?_nkw=
.jsp?id=
.jsp?option=
.jsp?view=
.jsp?lang=
.jsp?page=
.jsp?p=
.jsp?q=
.jsp?gdjkgd=
.jsp?son=
.jsp?search=
.jsp?uid=
.jsp?title=
.jsp?id_q=
.jsp?prId=
.jsp?tag=
.jsp?letter=
.jsp?prid=
.jsp?catid=
.jsp?ID=
.jsp?iWine=
.jsp?productID=
.jsp?products_id=
.jsp?topic_id=
.jsp?pg=
.jsp?clan=
.jsp?fid=
.jsp?url=
.jsp?show=
.jsp?inf=
.jsp?event_id=
.jsp?term=
.jsp?TegID=
.jsp?cid=
.jsp?prjid=
.jsp?pageid=
.jsp?name=
.jsp?id_n=
.jsp?th_id=
.jsp?category=
.jsp?book_id=
.jsp?isbn=
.jsp?item_id=
.jsp?sSearchword=
.jsp?CatID=
.jsp?art=

We will use these codes for the dork generator.
We go to Google translator - translate into Italian - list of the most frequently used words.
We parse a list of words in Italian - insert it into the first column of the dork generator - put the codes into the second, usually php - these are a variety of sites, cfm shops, jsp - gaming ones.
We generate - we remove spaces. Private doors for Italy are ready.
It also makes sense to insert phrases in the same language in the right column in the style of “remember me, forgot your password” instead of site:it
They will parse cool, they will be private if you parse something unique and replace the dork key.
And add remember me in the same language - then the sites will fly only with databases.
It's all about thinking. Dorks will look like name.php?uid= all their features will be in a unique key. They will be mixed, the Inurl: operator does not need to be used - since parsing will proceed without it in the url, and in the text, and in the title.
After all, the whole point of dork is that anything can happen - stim, stick, netteler - or it may not happen. Here you need to take in quantity.
There is also so-called vulnerability parsing.

Spoiler: Dorky

intext:"java.lang.NumberFormatException: null"
intext:"error in your SQL syntax"
intext:"mysql_num_rows()"
intext:"mysql_fetch_array()"
intext:"Error Occurred While Processing Request"
intext:"Server Error in "/" Application"
intext:"Microsoft OLE DB Provider for ODBC Drivers error"
intext:"Invalid Querystring"
intext:"OLE DB Provider for ODBC"
intext:"VBScript Runtime"
intext:"ADODB.Field"
intext:"BOF or EOF"
intext:"ADODB.Command"
intext:"JET Database"
intext:"mysql_fetch_row()"
intext:"Syntax error"
intext:"include()"
intext:"mysql_fetch_assoc()"
intext:"mysql_fetch_object()"
intext:"mysql_numrows()"
intext:"GetArray()"
intext:"FetchRow()"

Articles and news continued to appear on online news. And government websites were still vulnerable. Because admin scripts could be found using Google, medical files, personal reports, passwords, etc. it all seemed to be possible to find
just with the help of Google alone. Every time a new article appeared on this topic, everyone said that it was something new.
However, of course, this is not at all the case.

Google - Search Options

Specific file: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf

Google allows you to search for specific types of files. The search string you would use would be this:

Filetype:xls (for excel files) or filetype:doc for word files.

It would be more interesting if you tried to search for files
*.db, *.mdb. You can search for any files that come to mind - *.cfg files or *.pwd files, *.dat files and any others. Try searching and I think you will get interesting results.

Another useful search option is inurl: an option that allows you to search for certain words in a URL. This gives you the ability to search specific directories/folders, especially in combination with the “index of” options,
which I will talk about later. Example: inurl:admin, which will give you
links that have the word “admin” in the URL.

An option that the creators of Google didn’t think much about, but it turns out to be very convenient. If you use the “index of” string, you will find directory listings of specific folders on the servers. Example: "index of" admin or "index.of.admin".

The site option allows you to come up with results that only belong to
to a certain domain or a specific site. For example, you can
search for .com sites or .box.sk sites or .nl sites, but it would be more interesting to search for specific military or government websites. Example search string:
Site:mil or site:gov, Site:neworder.box.sk “board”

Intitle - other good option. It allows you to search HTML files, which have some word or words in the title. Format intitle:wordhere.

The Link option allows you to check which sites are linked to a specific site. Search servers provide a convenient tool that allows you to search for all sites that have links to an organization's domain. Of course this information is not essential. But it may be useful in some cases.

Combining Search Options

For example, you can try this search string:

inurl:nasa.gov filetype:xls “restricted” or this one: site:mil filetype:xls “password”

site:mil “index of” admin

Are looking for specific file: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf
. You can try to search for information that seems interesting to you. The following was interesting to me:

Password, passwords, pwd, account, accounts, userid, uid, login, logins, secret, secrets, all followed by either *.doc or *.xls or *.db

This led me to some very interesting results, especially with the *.db option, but I also found some passwords.doc files,
which contain working passwords.

Http://www.doc.state.ok.us/Spreadsheets/private%20prison%20survey%20for%20web.xls
Http://www.bmo.com/investorrelations/current/current/suppnew/private.xls
Http://www.nescaum.org/Greenhouse/Private/Participant_List.xls
Http://www.dscr.dla.mil/aviationinvest/attendance_5Apr01.xls
Http://web.nps.navy.mil/~drdolk/is3301/ PART_IS3301. XLS

Admin.cfg - as a rule, these files are from various website engines. And very often these files contain important information, which is not
should be accessible to people browsing the web. I tried searching
admin.cfg using the following line to search on google:

inurl:admin.cfg “index of”

Some of the results were even very useful:

Http://www.alternetwebdesign.com/cgi-bin/directimi/admin.cfg,

It was admin password for a database located in
http://www.alternetwebdesign.com/cgi-bin/directimi/database.cgi?Admin.cfg. This database contained important customer data of this company. I then sent an email to this company about a bug on their website. They responded to me in a very friendly manner and told me that they would try to correct this error as quickly as possible.

Some time ago, while working on this article, I came across this website:

http://wacker-welt.de/webadmin/

Website explains that webadmin is small
a program that allows you to edit parts remotely
website, upload files, etc. The main page for the webadmin control center is called 'Webeditor.php'. Obviously my next step is to visit google and use the inurl tag to find webeditor.php. I used the following line to search:

Inurl:webeditor.php

And I found the following results:

Http://orbyonline.com/php/webeditor.php
Http: //www-user.tu-chemnitz.de/~hkri/Neuer%20Ordner/webeditor.php
Http: //artematrix.org/webeditor/webeditor.php
Http://www.directinfo.hu/kapu/webeditor.php

All these webeditor.php files were accessible to anyone, simply because the owners failed to properly protect these pages using
.htacces. While browsing these sites I noticed that the file that allows you to upload files is called
File_upload.php. I started looking for it on Google and found a lot
options.

Http://www.hvcc.edu /~kantopet/ciss_225/examples/begphp/ch10/

Good example:
Http://www.pelicandecals.com/admin/webeditor.php

The script allows you to change, replace files including index.php. In theory, any malicious script could be written or uploaded, the consequences are obvious.

Conclusion

Google can help you find the information you need, and it's easy and fun!

Any search for vulnerabilities on web resources begins with reconnaissance and information collection.
Intelligence can be either active - brute force of files and directories of the site, running vulnerability scanners, manually browsing the site, or passive - searching for information in different search engines. Sometimes it happens that a vulnerability becomes known even before opening the first page of the site.

How is this possible?
Search robots, constantly roaming the Internet, in addition to information useful to the average user, often record things that can be used by attackers to attack a web resource. For example, script errors and files with sensitive information (from configuration files and logs to files with authentication data and database backups).
From the point of view of a search robot, an error message about executing an sql query is plain text, inseparable, for example, from the description of products on the page. If suddenly a search robot came across a file with the .sql extension, which for some reason ended up in working folder site, then it will be perceived as part of the site’s content and will also be indexed (including, possibly, the passwords specified in it).

Such information can be found by knowing strong, often unique, keywords that help separate “vulnerable pages” from pages that do not contain vulnerabilities.
A huge database of special queries using keywords (so-called dorks) exists on exploit-db.com and is known as the Google Hack Database.

Why google?
Dorks are primarily targeted at Google for two reasons:
− the most flexible syntax of keywords (shown in Table 1) and special characters (shown in Table 2);
− the Google index is still more complete than that of other search engines;

Table 1 - Main Google keywords