Merge remote-tracking branch 'upstream/main'

certcc-ghbot · certcc-ghbot · commit 25d1f1db8cd2 · 2024-01-24T12:51:12.000Z
diff --git a/ghdb.xml b/ghdb.xml
@@ -33369,6 +33369,24 @@ Dork by Rootkit Pentester.</textualDescription>
   <date>2004-08-09</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8396</id>
+  <link>https://www.exploit-db.com/ghdb/8396</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>(site:jsonformatter.org | site:codebeautify.org) &amp; (intext:aws | intext:bucket | intext:password | intext:secret | intext:username)</shortDescription>
+  <textualDescription># Google Dork: (site:jsonformatter.org | site:codebeautify.org) &amp;
+(intext:aws | intext:bucket | intext:password | intext:secret |
+intext:username)
+# Files Containing Juicy Info
+# Date: 03/01/2024
+# Exploit: letmewin
+</textualDescription>
+  <query>(site:jsonformatter.org | site:codebeautify.org) &amp; (intext:aws | intext:bucket | intext:password | intext:secret | intext:username)</query>
+  <querystring>https://www.google.com/search?q=(site:jsonformatter.org | site:codebeautify.org) &amp; (intext:aws | intext:bucket | intext:password | intext:secret | intext:username)</querystring>
+  <edb></edb>
+  <date>2024-01-23</date>
+  <author>letmewin cyber</author>
+ </entry>
  <entry>
   <id>522</id>
   <link>https://www.exploit-db.com/ghdb/522</link>
@@ -36729,6 +36747,22 @@ Author: loganWHD</textualDescription>
   <date>2011-11-19</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8395</id>
+  <link>https://www.exploit-db.com/ghdb/8395</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS</shortDescription>
+  <textualDescription># Google Dork: inurl:/.well-known/ai-plugin.json
+# Files Containing Juicy Info
+# Date: 30/11/2023
+# Exploit: Mohamed Choukrate
+</textualDescription>
+  <query>filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS</query>
+  <querystring>https://www.google.com/search?q=filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS</querystring>
+  <edb></edb>
+  <date>2024-01-23</date>
+  <author>web work</author>
+ </entry>
  <entry>
   <id>5865</id>
   <link>https://www.exploit-db.com/ghdb/5865</link>
@@ -99105,6 +99139,27 @@ sometimes with exposed passwords can be found.
   <date>2020-03-31</date>
   <author>Alexandros Pappas</author>
  </entry>
+ <entry>
+  <id>8394</id>
+  <link>https://www.exploit-db.com/ghdb/8394</link>
+  <category>Sensitive Directories</category>
+  <shortDescription>intitle:&quot;index of&quot; database.properties</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of&quot; database.properties
+# Description:- This page contains various database.properties of spring
+MVC,
+# Author: Odela Rohith
+# Date: 28-DEC-2023
+# Linkedin: https://www.linkedin.com/in/odela-rohith-b723a7122/
+# Facebook: https://www.facebook.com/odela.rohith.7
+
+Regards,
+Odela Rohith</textualDescription>
+  <query>intitle:&quot;index of&quot; database.properties</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; database.properties</querystring>
+  <edb></edb>
+  <date>2024-01-23</date>
+  <author>Odela Rohith</author>
+ </entry>
  <entry>
   <id>5960</id>
   <link>https://www.exploit-db.com/ghdb/5960</link>
@@ -116196,6 +116251,62 @@ PsyDel</textualDescription>
   <date>2015-03-04</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8398</id>
+  <link>https://www.exploit-db.com/ghdb/8398</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork</shortDescription>
+  <textualDescription>Dork:
+intitle:&quot;Apache Struts 2.5&quot; &quot;index of /&quot; -git
+Explanation:
+intitle:&quot;Apache Struts 2.5&quot;: This part specifies that the search results
+must have the words &quot;Apache Struts 2.5&quot; in the title. It helps narrow down
+the results to instances related specifically to Apache Struts version 2.5.
+
+&quot;index of /&quot;: This part looks for directories with the &quot;index of /&quot; string.
+Such directories often contain a listing of files and folders, which could
+be unintentionally exposed and may include sensitive information.
+
+-git: This part excludes results that contain the term &quot;git&quot;. The idea is
+to filter out Git repositories from the search results, focusing on other
+types of exposed directories.
+
+*Sample output : *
+https://mirror.softaculous.com/apache/struts/2.5.30/
+https://ftp.unicamp.br/pub/apache/struts/2.5.25/
+https://ftp.itu.edu.tr/Mirror/Apache/struts/2.5.32/
+https://repository.jboss.org/maven2/apache-struts/struts/
+https://mirrors.gigenet.com/apache/struts/
+https://ftp.riken.jp/net/apache/struts/
+https://mirror.math.princeton.edu/pub/apache/struts/
+
+ This Google dork is searching for instances where the title includes
+&quot;Apache Struts 2.5,&quot; and the webpage has a directory listing (&quot;index of /&quot;)
+but excludes any results related to Git repositories. The aim is to
+identify potentially exposed Apache Struts 2.5 instances that might have
+unintentionally revealed directory structures.
+
+
+Additional Information:
+
+Affected versions: Struts 2.x before 2.5.33 or 6.x before 6.3.0.2
+Description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50164
+
+Thank you for your consideration.
+
+Sincerely,
+
+-- 
+*Parth Jamodkar*
+
+*CLoud security researcher 3*
+*LinkedIn* </textualDescription>
+  <query>Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork</query>
+  <querystring>https://www.google.com/search?q=Apache Struts 2.x Path Traversal Vulnerability (CVE-2023-50164) Detection Dork</querystring>
+  <edb></edb>
+  <date>2024-01-23</date>
+  <author>Parth Jamodkar</author>
+ </entry>
  <entry>
   <id>4782</id>
   <link>https://www.exploit-db.com/ghdb/4782</link>
@@ -117298,6 +117409,18 @@ This google dork possibly exposes sites with the Article Directory (index.php pa
   <date>2004-03-14</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8397</id>
+  <link>https://www.exploit-db.com/ghdb/8397</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>inurl:install.php intitle:&quot;Froxlor Server Management Panel - Installation&quot;</shortDescription>
+  <textualDescription>inurl:install.php intitle:&quot;Froxlor Server Management Panel - Installation&quot;</textualDescription>
+  <query>inurl:install.php intitle:&quot;Froxlor Server Management Panel - Installation&quot;</query>
+  <querystring>https://www.google.com/search?q=inurl:install.php intitle:&quot;Froxlor Server Management Panel - Installation&quot;</querystring>
+  <edb></edb>
+  <date>2024-01-23</date>
+  <author>Nadir Boulacheb (RubX)</author>
+ </entry>
  <entry>
   <id>116</id>
   <link>https://www.exploit-db.com/ghdb/116</link>
