
Table 6.3 Vulnerable Web Application Examples from the GHDB
Query Vulnerability
intitle:”MRTG/RRD” 1.1* MRTG 1.1 allows viewing of arbitrary
(inurl:mrtg.cgi | inurl:14all.cgi system files
|traffic.cgi)
filetype:cgi inurl:nbmember.cgi nbmember.cgi 2.0 allows system and user
information disclosure
“Powered by ocPortal” -demo ocPortal 1.0.3 allows remote file inclusion
-ocportal.com
intitle:”PHP Explorer” ext:php PHP Explorer scripts reveal server
(inurl:phpexplorer.php information and provides remote shell
| inurl:list.php | inurl:browse.php) access
“create the Super User” “now PHP-Nuke open configuration allows
by clicking here” arbitrary creation of admin ...