Find/Bug/Get/Bounty using Google Dorks!!

 

The best way to find bugs (eg: XSS) is with Google dorks as it makes more easier and faster.

When you search in Google, you can include search operators in the entry field to narrow down your search to find different endpoints.

Example:

First start with listing out subdomins

site:site.com (returns results from certain sites or domains)

 

If you are looking for specific files

filetype: (searches for exact file type like php,txt)

 

Search for different parameter names,

inurl: (searches for specific text in the indexed URL like id, uid, cart, buy)

 

Search for file upload/download

intitle: (searches for query terms in the page’s title like upload, upload)

Dorks Examples:

site:your-target.com inurl:id=

site:your-target.com filetype:php

site:your-target.com intitle:upload

 

Targeting shopping, carts etc,.:

inurl:”.php?id=” intext:”View cart”

inurl:”.php?cid=” intext:”shopping”

inurl:/news.php?include=

inurl:”.php?query=”

For more on Dorks, nothing will be better than this:

https://www.exploit-db.com/google-hacking-database/

 

Some lists to find admin panel and 4500 dorks to get XSS easy you can download it from this URL (via https://blog.securitybreached.org)

https://drive.google.com/file/d/1g-vWLd998xJwLNci7XuZ6L1hRXFpIAaF/view?usp=sharing

Please follow and like us:

Be the first to comment

Leave a Reply

Your email address will not be published.


*