Wednesday, January 13, 2010

Find SQL Injection using Google Dorks

MSSQL:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string
Microsoft Jet Database
VbScript

MySQL:
mysql error
mysql_query
mysql_fetch
mysql_connect

Oracle:
ORA-00921: unexpected end of SQL command

PostgreSQL:
Warning: pg_query(): Query failed: ERROR: Argument
pg_connect
pg_exec
pg_fetch_object
pg_fetch_array

Here are some examples:
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()

2 comments:

  1. This is a nice one:
    inurl:Order Completed Successfully mysql_result()

    You can switch the "mysql_result()" with above list.

    Amazing!

    ReplyDelete
  2. Great GHDB list:

    ### GHDB.TXT

    [[start][1]
    [[title]Squid cache server reports[[title]]
    [[descr]These are squid server cache reports. Fairly benign, really except when you consider using them for evil purposes. For example, an institution stands up a proxy server for their internal users to get to the outside world. Then, the internal user surf all over to their hearts content (including intranet pages cuz well, the admins are stupid) Voila, intranet links show up in the external cache report. Want to make matters worse for yourself as an admin? OK, configure your external proxy server as a trusted internal host. Load up your web browser, set your proxy as their proxy and surf your way into their intranet. Not that I've noticed any examples of this in this google list. *COUGH* *COUGH* *COUGH* unresolved DNS lookups give clues *COUGH* *COUGH* ('scuse me. must be a furball) OK, lets say BEST CASE scenario. Let's say there's not security problems revealed in these logs. Best case scenario is that outsiders can see what your company/agency/workers are surfing. [descr]]
    [[url]http://www.google.com/search?q=%22cacheserverreport+for%22+%22This+analysis+was+produced+by+calamaris%22[url]]
    [[dork]"cacheserverreport for" "This analysis was produced by calamaris"[dork]]
    [end][1]]

    [[start][2]
    [[title]Ganglia Cluster Reports[[title]]
    [[descr]These are server cluster reports, great for info gathering. Lesse, what were those server names again?[descr]]
    [[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Ganglia%22+%22Cluster+Report+for%22[url]]
    [[dork]intitle:"Ganglia" "Cluster Report for"[dork]]
    [end][2]]

    [[start][3]
    [[title]ICQ chat logs, please...[[title]]
    [[descr]ICQ (http://www.icq.com) allows you to store the contents of your online chats into a file. These folks have their entire ICQ directories online. On purpose?[descr]]
    [[url]http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=intitle%3A%22Index+of%22+dbconvert%2Eexe+chats[url]]
    [[dork]intitle:"Index of" dbconvert.exe chats[dork]]
    [end][3]]

    Source:
    http://98.15.203.119/Hacker%20Tools%20and%20Exploits/Google%20Hacking%20Database.txt

    Google cache:
    http://webcache.googleusercontent.com/search?q=cache:solMdGofXcwJ:98.15.203.119/Hacker%2520Tools%2520and%2520Exploits/Google%2520Hacking%2520Database.txt+http://98.15.203.119/Hacker%2520Tools%2520and%2520Exploits/Google%2520Hacking%2520Database.txt&cd=1&hl=en&ct=clnk&source=www.google.com

    ReplyDelete