Updating GHDB database.

andresriancho · Feb 5, 2015 · 5fa0e77 · 5fa0e77
1 parent 042c4e7
commit 5fa0e77
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/w3af/plugins/crawl/ghdb/GHDB.xml b/w3af/plugins/crawl/ghdb/GHDB.xml
@@ -1507,4 +1507,22 @@ This file is the result of a migration with the Wordpress plugin
 &quot;Duplicator&quot;.
 
 Author: @felmoltor
+</textualDescription></signature><signature><signatureReferenceNumber>3982</signatureReferenceNumber><link>http://www.exploit-db.com/ghdb/3982/</link><category>Various Online Devices</category><querystring>http://www.google.com/search?q=inurl:dyn_sensors.htm</querystring><shortDescription>inurl:dyn_sensors.htm</shortDescription><textualDescription>MiniGoose II environmental temprature monitoring panel 
+
+Author:@cns0x
+
+</textualDescription></signature><signature><signatureReferenceNumber>3983</signatureReferenceNumber><link>http://www.exploit-db.com/ghdb/3983/</link><category>Sensitive Directories</category><querystring>http://www.google.com/search?q=inurl:/cgi-bin/.cgi</querystring><shortDescription>inurl:/cgi-bin/.cgi</shortDescription><textualDescription>Finds open index of /cgi-bin.
+</textualDescription></signature><signature><signatureReferenceNumber>3984</signatureReferenceNumber><link>http://www.exploit-db.com/ghdb/3984/</link><category>Advisories and Vulnerabilities</category><querystring>http://www.google.com/search?q=inurl:fckeditor -intext:&quot;ConfigIsEnabled = False&quot; intext:ConfigIsEnabled</querystring><shortDescription>inurl:fckeditor -intext:&quot;ConfigIsEnabled = False&quot; intext:ConfigIsEnabled</shortDescription><textualDescription>inurl:fckeditor -intext:&quot;ConfigIsEnabled = False&quot; intext:ConfigIsEnabled
+
+Searches for fckeditor default url and which has a config.asp file where configisenabled = true.  Unable to search for true value directly because file contains 'example' which could lead to false positive.  If found, traversing two directories up to /connectors/ should present an uploadtest.html file.
+
+This may be old, though the existing DORKS didn't call it out specifically, and google still gives a lot of hits.
+ 		 	   		  </textualDescription></signature><signature><signatureReferenceNumber>3985</signatureReferenceNumber><link>http://www.exploit-db.com/ghdb/3985/</link><category>Files containing juicy info</category><querystring>http://www.google.com/search?q=inurl:&quot;/server-info&quot; intext:&quot;Loaded Modules&quot;</querystring><shortDescription>inurl:&quot;/server-info&quot; intext:&quot;Loaded Modules&quot;</shortDescription><textualDescription>Search Apache server information though default module info_module:
+
+inurl:&quot;/server-info&quot; intext:&quot;Loaded Modules&quot;
+
+Author: @felmoltor
+
+-- 
+Felipe Molina de la Torre
 </textualDescription></signature></searchEngineSignature>