Dorks para injection SQL , RFI , ASP , HTML y Arbytrary

Hola amigos como me encanta la injection en general hoy me he decidido traer algo muy util pra buscar las webs mas facil y ir a tiro , epiezo :

Dorks RFI (Remote file intrusion)

/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=
/modules/coppermine/themes/maze/theme.php?THEME_DIR=
/modules/coppermine/themes/default/theme.php?THEME_DIR=
/modules/coppermine/include/init.inc.php?CPG_M_DIR=
/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_simpleboard/image_upload.php?sbp=
/components/com_simpleboard/file_upload.php?sbp=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/components/com_securityimages/lang.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/e107/e107_handlers/secure_img_render.php?p=
/modules/My_eGallery/public/inc/?HCL_path=
/modules/My_eGallery/public/displayCategory.php?basepath=
/modules/My_eGallery/index.php?basepath=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpEx=
/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=
/modules/mod_mainmenu.php?mosConfig_absolute_path=
/modules/agendax/addevent.inc.php?agendax_path=
/shoutbox/expanded.php?conf=
/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=
/modules/newbb_plus/class/forumpollrenderer.php?bbPath=
/phpBB/admin/admin_styles.php?mode=
/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=
/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=
/forum/auth/auth.php?phpbb_root_path=
/forum/auth/auth_phpbb/phpbb_root_path=
/cutenews/comments.php?cutepath=
/library/lib.php?root=
/impex/ImpExData.php?systempath=
/coppermine/thumbnails.php?lang=
/gallery/thumbnails.php?lang=
/aWebNews/visview.php?path_to_news=
/ashnews.php?pathtoashnews=
/4images/index.php?template=
/galeri/index.php?template=
/gallery/index.php?template=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/forums/toplist.php?phpbb_root_path=
/forum/toplist.php?phpbb_root_path=
/admin/config_settings.tpl.php?include_path=
/include/common.php?include_path=
/event/index.php?page=
/forum/index.php?includeFooter=
/forums/index.php?includeFooter=
/forum/bb_admin.php?includeFooter=
/forums/bb_admin.php?includeFooter=
/language/lang_english/lang_activity.php?phpbb_root_path=
/forum/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/master.php?root_path=
/includes/kb_constants.php?module_root_path=
/forum/includes/kb_constants.php?module_root_path=
/forums/includes/kb_constants.php?module_root_path=
/classes/adodbt/sql.php?classes_dir=
/modules/mod_calendar.php?absolute_path=
/agenda.php3?rootagenda=
/agenda2.php3?rootagenda=
/sources/lostpw.php?CONFIG[path]=
/topsites/sources/lostpw.php?CONFIG[path]=
/toplist/sources/lostpw.php?CONFIG[path]=
/sources/join.php?CONFIG[path]=
/topsites/sources/join.php?CONFIG[path]=
/toplist/sources/join.php?CONFIG[path]=
/topsite/sources/join.php?CONFIG[path]=
/public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=
/extras/poll/poll.php?file_newsportal=
/calogic/reconfig.php?GLOBALS[CLPath]=
/eshow.php?Config_rootdir=
/auction/auction_common.php?phpbb_root_path=
/calendar/index.php?inc_dir=
/modules/TotalCalendar/index.php?inc_dir=
/modules/calendar/index.php?inc_dir=
/calendar/embed/day.php?path=
/ACalendar/embed/day.php?path=
/calendar/add_event.php?inc_dir=
/claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=
/claroline/auth/ldap/authldap.php?includePath=
/docebo/modules/credits/help.php?lang=
/modules/credits/help.php?lang=
/includes/pafiledb_constants.php?module_root_path=
/phpBB/includes/pafiledb_constants.php?module_root_path=
/pafiledb/includes/pafiledb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=
/apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=
/infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=
/phpdig/includes/config.php?relative_script_path=
/includes/phpdig/includes/config.php?relative_script_path=
/includes/dbal.php?eqdkp_root_path=
/eqdkp/includes/dbal.php?eqdkp_root_path=
/dkp/includes/dbal.php?eqdkp_root_path=
/path/include/SQuery/gameSpy2.php?libpath=
/include/global.php?GLOBALS[includeBit]=
/topsites/config.php?returnpath=
/manager/frontinc/prepend.php?_PX_config[manager_path]=
/ubbthreads/addpost_newpoll.php?addpoll=thispath=
/forum/addpost_newpoll.php?thispath=
/forums/addpost_newpoll.php?thispath=
/ubbthreads/ubbt.inc.php?thispath=
/forums/ubbt.inc.php?thispath=
/forum/ubbt.inc.php?thispath=
/forum/admin/addentry.php?phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/orderSuccess.inc.php?glob[rootDir]=
/stats.php?dir[func]=dir[base]=
/ladder/stats.php?dir[base]=
/ladders/stats.php?dir[base]=
/sphider/admin/configset.php?settings_dir=
/admin/configset.php?settings_dir=
/vwar/admin/admin.php?vwar_root=
/modules/vwar/admin/admin.php?vwar_root=
/modules/vWar_Account/includes/get_header.php?vwar_root=

SQL

allinurl: admin mdb.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:postscript.php?p_mode=
inurl:index.php?pg=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?id=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:productos.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?id=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?id=
inurl:review.php?id=
inurl:iniziativa.php?id=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?id=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:"id=" & intext:"Warning: mysql_free_result()
allinurl:.php?id=
allinurl:.php?file=
allinurl:*.php?file=
allinurl:.php?fileid=
allinurl:*.php?fileid=
allinurl:.php?file_id=
allinurl:*.php?file_id=
allinurl:.php?page=
allinurl:*.php?page=
allinurl:.php?pageid=
allinurl:*.php?pageid=
allinurl:.php?page_id=
allinurl:*.php?page_id=
allinurl:.php?pagenum=
allinurl:*.php?pagenum=
allinurl:.php?page_num=
allinurl:*.php?page_num=
allinurl:.php?cat=
allinurl:*.php?cat=
allinurl:.php?cat_id=
allinurl:*.php?cat_id=
allinurl:.php?catid=
allinurl:*.php?catid=
allinurl:.php?prod=
allinurl:*.php?prod=
allinurl:.php?prodid=
allinurl:*.php?prodid=
allinurl:.php?prod_id=
allinurl:*.php?prod_id=
allinurl:.php?product=
allinurl:*.php?product=
allinurl:.php?productid=
allinurl:*.php?productid=
allinurl:.php?product_id=
allinurl:*.php?product_id=
allinurl:.php?products_id=
allinurl:*.php?products_id=
allinurl:.php?userid=
allinurl:*.php?userid=
allinurl:.php?user_id=
allinurl:*.php?user_id=
allinurl:.php?showuser=
allinurl:*.php?showuser=
allinurl:.php?show_user=
allinurl:*.php?show_user=
allinurl:.php?username=
allinurl:*.php?username=
allinurl:.php?memberid=
allinurl:*.php?memberid=
allinurl:.php?member_id=
allinurl:*.php?member_id=
allinurl:.php?membernumber=
allinurl:*.php?membernumber=
allinurl:.php?member_number=
allinurl:*.php?member_number=
inurl:declaration_more.php?decl_id=
inurl:games.php?id=
inurl:newsDetail.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:forum_bds.php?num=
inurl:avd_start.php?avd=
inurl:roduct-item.php?id=
inurl:title.php?id=
inurl:art.php?idm=
inurl:ffer.php?idf=
inurl:rubp.php?idr=
inurl:rubrika.php?idr=
inurl:newsticker_info.php?idn=
inurl:newscat.php?id=
inurl:tekst.php?idt=
inurl:galeri_info.php?l=
inur:opinions.php?id=
inurl:material.php?id=

ASP

"affiliate-agreement.cfm?storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"article.asp?id="
"aspx?PageID"
"basket.asp?id="
"Book.asp?bookID="
"book_list.asp?bookid="
"book_view.asp?bookid="
"BookDetails.asp?ID="
"browse.asp?catid="
"browse_item_details.asp"
"Browse_Item_Details.asp?Store_Id="
"buy.asp?"
"buy.asp?bookid="
"bycategory.asp?id="
"cardinfo.asp?card="
"cart.asp?action="
"cart.asp?cart_id="
"cart.asp?id="
"cart_additem.asp?id="
"cart_validate.asp?id="
"cartadd.asp?id="
"cat.asp?iCat="
"catalog.asp"
"catalog.asp?CatalogID="
"catalog_item.asp?ID="
"catalog_main.asp?catid="
"category.asp"
"category.asp?catid="
"category_list.asp?id="
"categorydisplay.asp?catid="
"checkout.asp?cartid="
"checkout.asp?UserID="
"checkout_confirmed.asp?order_id="
"checkout1.asp?cartid="
"comersus_listCategoriesAndProducts.asp?idCategory ="
"comersus_optEmailToFriendForm.asp?idProduct="
"comersus_optReviewReadExec.asp?idProduct="
"comersus_viewItem.asp?idProduct="
"comments_form.asp?ID="
"contact.asp?cartId="
"content.asp?id="
"customerService.asp?TextID1="
"default.asp?catID="
"description.asp?bookid="
"details.asp?BookID="
"details.asp?Press_Release_ID="
"details.asp?Product_ID="
"details.asp?Service_ID="
"display_item.asp?id="
"displayproducts.asp"
"downloadTrial.asp?intProdID="
"emailproduct.asp?itemid="
"emailToFriend.asp?idProduct="
"events.asp?ID="
"faq.asp?cartID="
"faq_list.asp?id="
"faqs.asp?id="
"feedback.asp?title="
"freedownload.asp?bookid="
"fullDisplay.asp?item="
"getbook.asp?bookid="
"GetItems.asp?itemid="
"giftDetail.asp?id="
"help.asp?CartId="
"home.asp?id="
"index.asp?cart="
"index.asp?cartID="
"index.asp?ID="
"info.asp?ID="
"item.asp?eid="
"item.asp?item_id="
"item.asp?itemid="
"item.asp?model="
"item.asp?prodtype="
"item.asp?shopcd="
"item_details.asp?catid="
"item_list.asp?maingroup"
"item_show.asp?code_no="
"itemDesc.asp?CartId="
"itemdetail.asp?item="
"itemdetails.asp?catalogid="
"learnmore.asp?cartID="
"links.asp?catid="
"list.asp?bookid="
"List.asp?CatID="
"listcategoriesandproducts.asp?idCategory="
"modline.asp?id="
"myaccount.asp?catid="
"news.asp?id="
"order.asp?BookID="
"order.asp?id="
"order.asp?item_ID="
"OrderForm.asp?Cart="
"page.asp?PartID="
"payment.asp?CartID="
"pdetail.asp?item_id="
"powersearch.asp?CartId="
"price.asp"
"privacy.asp?cartID="
"prodbycat.asp?intCatalogID="
"prodetails.asp?prodid="
"prodlist.asp?catid="
"product.asp?bookID="
"product.asp?intProdID="
"product_info.asp?item_id="
"productDetails.asp?idProduct="
"productDisplay.asp"
"productinfo.asp?item="
"productlist.asp?ViewType=Category&CategoryID= "
"productpage.asp"
"products.asp?ID="
"products.asp?keyword="
"products_category.asp?CategoryID="
"products_detail.asp?CategoryID="
"productsByCategory.asp?intCatalogID="
"prodView.asp?idProduct="
"promo.asp?id="
"promotion.asp?catid="
"pview.asp?Item="
"resellers.asp?idCategory="
"results.asp?cat="
"savecart.asp?CartId="
"search.asp?CartID="
"searchcat.asp?search_id="
"Select_Item.asp?id="
"Services.asp?ID="
"shippinginfo.asp?CartId="
"shop.asp?a="
"shop.asp?action="
"shop.asp?bookid="
"shop.asp?cartID="
"shop_details.asp?prodid="
"shopaddtocart.asp"
"shopaddtocart.asp?catalogid="
"shopbasket.asp?bookid="
"shopbycategory.asp?catid="
"shopcart.asp?title="
"shopcreatorder.asp"
"shopcurrency.asp?cid="
"shopdc.asp?bookid="
"shopdisplaycategories.asp"
"shopdisplayproduct.asp?catalogid="
"shopdisplayproducts.asp"
"shopexd.asp"
"shopexd.asp?catalogid="
"shopping_basket.asp?cartID="
"shopprojectlogin.asp"
"shopquery.asp?catalogid="
"shopremoveitem.asp?cartid="
"shopreviewadd.asp?id="
"shopreviewlist.asp?id="
"ShopSearch.asp?CategoryID="
"shoptellafriend.asp?id="
"shopthanks.asp"
"shopwelcome.asp?title="
"show_item.asp?id="
"show_item_details.asp?item_id="
"showbook.asp?bookid="
"showStore.asp?catID="
"shprodde.asp?SKU="
"specials.asp?id="
"store.asp?id="
"store_bycat.asp?id="
"store_listing.asp?id="
"Store_ViewProducts.asp?Cat="
"store-details.asp?id="
"storefront.asp?id="
"storefronts.asp?title="
"storeitem.asp?item="
"StoreRedirect.asp?ID="
"subcategories.asp?id="
"tek9.asp?"
"template.asp?Action=Item&pid="
"topic.asp?ID="
"tuangou.asp?bookid="
"type.asp?iType="
"updatebasket.asp?bookid="
"updates.asp?ID="
"view.asp?cid="
"view_cart.asp?title="
"view_detail.asp?ID="
"viewcart.asp?CartId="
"viewCart.asp?userID="
"viewCat_h.asp?idCategory="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID="
"WsPages.asp?ID="

HTML

"HTML Esta Activado"
"HTML Esta Habilitado"
"HTML Is Enabled"
allinurl:guestbook.php
allinurl:libro-visitas.php
allinurl:visitas.php
allinurl:bookmark.php
allinurl:visitas/addentry.php
allinurl:visitas/index.php
allinurl:visitas/index.asp

Arbytrary

inurl: descargas.php
inurl: bajar.php
inurl: descarga.php

Yo lo uso de mucho tiempo y me es de gran ayuda espero que os sea tambien de gran ayuda

2 comentarios - Dorks para injection SQL , RFI , ASP , HTML y Arbytrary

@4rg3nt1n0 +4
+2 yo tambien hackeo webs vulnerables