From 967f9d17d60b6bde14947d2f6f2d8e48035b4bee Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Wed, 24 Jan 2024 00:16:25 +0000 Subject: [PATCH] DB: 2024-01-24 1 changes to exploits/shellcodes/ghdb --- ghdb.xml | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/ghdb.xml b/ghdb.xml index 153a2546d..50e24ed84 100644 --- a/ghdb.xml +++ b/ghdb.xml @@ -33369,6 +33369,24 @@ Dork by Rootkit Pentester. 2004-08-09 anonymous + + 8396 + https://www.exploit-db.com/ghdb/8396 + Files Containing Juicy Info + (site:jsonformatter.org | site:codebeautify.org) & (intext:aws | intext:bucket | intext:password | intext:secret | intext:username) + # Google Dork: (site:jsonformatter.org | site:codebeautify.org) & +(intext:aws | intext:bucket | intext:password | intext:secret | +intext:username) +# Files Containing Juicy Info +# Date: 03/01/2024 +# Exploit: letmewin + + (site:jsonformatter.org | site:codebeautify.org) & (intext:aws | intext:bucket | intext:password | intext:secret | intext:username) + https://www.google.com/search?q=(site:jsonformatter.org | site:codebeautify.org) & (intext:aws | intext:bucket | intext:password | intext:secret | intext:username) + + 2024-01-23 + letmewin cyber + 522 https://www.exploit-db.com/ghdb/522 @@ -36729,6 +36747,22 @@ Author: loganWHD 2011-11-19 anonymous + + 8395 + https://www.exploit-db.com/ghdb/8395 + Files Containing Juicy Info + filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS + # Google Dork: inurl:/.well-known/ai-plugin.json +# Files Containing Juicy Info +# Date: 30/11/2023 +# Exploit: Mohamed Choukrate + + filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS + https://www.google.com/search?q=filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS + + 2024-01-23 + web work + 5865 https://www.exploit-db.com/ghdb/5865 @@ -99105,6 +99139,27 @@ sometimes with exposed passwords can be found. 2020-03-31 Alexandros Pappas + + 8394 + https://www.exploit-db.com/ghdb/8394 + Sensitive Directories + intitle:"index of" database.properties + # Google Dork: intitle:"index of" database.properties +# Description:- This page contains various database.properties of spring +MVC, +# Author: Odela Rohith +# Date: 28-DEC-2023 +# Linkedin: https://www.linkedin.com/in/odela-rohith-b723a7122/ +# Facebook: https://www.facebook.com/odela.rohith.7 + +Regards, +Odela Rohith + intitle:"index of" database.properties + https://www.google.com/search?q=intitle:"index of" database.properties + + 2024-01-23 + Odela Rohith + 5960 https://www.exploit-db.com/ghdb/5960 @@ -116196,6 +116251,62 @@ PsyDel 2015-03-04 anonymous + + 8398 + https://www.exploit-db.com/ghdb/8398 + Vulnerable Servers + Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork + Dork: +intitle:"Apache Struts 2.5" "index of /" -git +Explanation: +intitle:"Apache Struts 2.5": This part specifies that the search results +must have the words "Apache Struts 2.5" in the title. It helps narrow down +the results to instances related specifically to Apache Struts version 2.5. + +"index of /": This part looks for directories with the "index of /" string. +Such directories often contain a listing of files and folders, which could +be unintentionally exposed and may include sensitive information. + +-git: This part excludes results that contain the term "git". The idea is +to filter out Git repositories from the search results, focusing on other +types of exposed directories. + +*Sample output : * +https://mirror.softaculous.com/apache/struts/2.5.30/ +https://ftp.unicamp.br/pub/apache/struts/2.5.25/ +https://ftp.itu.edu.tr/Mirror/Apache/struts/2.5.32/ +https://repository.jboss.org/maven2/apache-struts/struts/ +https://mirrors.gigenet.com/apache/struts/ +https://ftp.riken.jp/net/apache/struts/ +https://mirror.math.princeton.edu/pub/apache/struts/ + + This Google dork is searching for instances where the title includes +"Apache Struts 2.5," and the webpage has a directory listing ("index of /") +but excludes any results related to Git repositories. The aim is to +identify potentially exposed Apache Struts 2.5 instances that might have +unintentionally revealed directory structures. + + +Additional Information: + +Affected versions: Struts 2.x before 2.5.33 or 6.x before 6.3.0.2 +Description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164 + +Thank you for your consideration. + +Sincerely, + +-- +*Parth Jamodkar* + +*CLoud security researcher 3* +*LinkedIn* + Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork + https://www.google.com/search?q=Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork + + 2024-01-23 + Parth Jamodkar + 4782 https://www.exploit-db.com/ghdb/4782 @@ -117298,6 +117409,18 @@ This google dork possibly exposes sites with the Article Directory (index.php pa 2004-03-14 anonymous + + 8397 + https://www.exploit-db.com/ghdb/8397 + Vulnerable Servers + inurl:install.php intitle:"Froxlor Server Management Panel - Installation" + inurl:install.php intitle:"Froxlor Server Management Panel - Installation" + inurl:install.php intitle:"Froxlor Server Management Panel - Installation" + https://www.google.com/search?q=inurl:install.php intitle:"Froxlor Server Management Panel - Installation" + + 2024-01-23 + Nadir Boulacheb (RubX) + 116 https://www.exploit-db.com/ghdb/116