Tuesday, 15 October 2013

HOW TO FIND VULNERABLE WEBSITE FOR XSS | SQLI | LFI | RFI

 How to find vulnerable website for XSS | SQLI | LFI | RFI

Most of the people search in Google or other search engine to check the vulnerable website and in the end some are successful and some are not. This is also problem for newbie who don’t know how to check the vulnerable website.in starting When I was also found vulnerable website. so its very difficult for me and then later on I have researched on it and Now i make some Google Dorks for check vulnerable website for you.

google dorks xss sqli

So in my previous article I have explained that the top vulnerabilities and also tutorials on Cross site scripting. So it’s very easy to find vulnerable website with the help of search engine.

There are lot of dorks to check the website is it vulnerable or not. So you think that the lot of people use theseGoogle dorks already. So you have to use your mind and check some another technique also. When you search in Google you have to check below of search bar some tools. so use these tools also like I give you one example the website update in 24 hours before .  I have also search like below 

google search engine tricks

Check website for Cross site scripting XSS:

inurl:".php?search=" 

inurl:".php?searchstring="
 

inurl:search.php?q=


inurl:com_feedpostold/feedpost.php?url=


inurl:/poll/default.asp?catid=
 
 

inurl:/search_results.php?search= 
 
inurl:scrapbook.php?id=
 

inurl:headersearch.php?sid=

Check website for SQL injection SQLI:


inurl:"id=" & intext:"Warning: mysql_fetch_assoc()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: mysql_fetch_array()

inurl:"id=" & intext:"Warning: session_start()

inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: require()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()

How to check Sub domain :

If you want to find vulnerabilities of website . so you should go for sub domain. The best dork for searching subdomain is below 
Site: URL –inurl:www
Like if I want to find the subdomain of Google . so it’s like below and don’t add Http and www with the domain 
Site: google.com –inurl:www

check subdomain dorks

0 comments:

Post a Comment