iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
[help]|writing own dorks for finding web-sites using vulnerable web-Applications?
  • mandi
    Posts: 207
    I have been learning things regarding web-application,like others while learning i got a question here,so tought of asking it here,,

    for the start i am much more interested in finding vulnerable web-sites by using the exploits being released in the exploit-db and 1337day.com

    An exmaple instance

    http://www.1337day.com/exploits/15627

    an xss vulnerability has been found in "WikiWig 5.01" this web-application,and there has been a POC exists about how to use it,
    my question is how we can write or our own dorks in a advanced way to find out what are the web-sites using this vulnerable web-applications?

    As I am just a beginner i tried this dork

    inurl:\"WikiWig 5.01\"


    nothing has been displayed,and yes i know this kind of dork may work with other web-applications,but i would like to why this dork has failed?

    and please give me some nice inputs/advice regarding how exactly
    we need to think for wiriting our own dorks?

    and can any 1 please give me the correct dork for finding web-sites using the above vulnerable web-application?

    hope my doubts will get cleared..
  • Sh3llc0d3
    Posts: 1,910
    This ones a simple one:

    inurl:"WikiWig 5.01" Does not work because you are testing to see if the site uses "WikiWig 5.01". That is not part of the URL... inurl: check whatever you specify within quotes specifically. Correct usage for inurl would be for example: inurl:"video.php?id="

    The prefix you may be able to use is insite:

    Try:

    insite:"WikiWig 5.01"


    That should check the actual site page to see if it contains that... another example of insite would be

    insite:"Powered by Invision Power Board"

  • mandi
    Posts: 207
    yes i got your logic,i am looking for content inside the site,so we need to specify insite,but
    unfortunately i am not getting any results for your dorks in google

    insite:\"WikiWig 5.01\"
    insite:\"Powered by Invision Power Board\"


    i don't know why :(
  • m0rph
    Posts: 332
    said:


    As I am just a beginner i tried this dork


    inurl:\"WikiWig 5.01\"



    The dork was modified to prevent noobs from abusing it. Try this:
    inurl:\"wikiwig5.01\"

    Also try these, I made them.

    intitle:\"WikiWig 5.01\"
    intext:\"WikiWig 5.01\"
    inurl:\"_wk/Xinha/plugins/SpellChecker\"
    inurl:\"wk\" & \"plugins/SpellChecker/\"
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    You cant really write a tutorial on how to write dorks, just understand how the attack works and use your head.
    Xin
Add a Comment