sudoninja sudoninja-noob
sudoninja-noob
/ shodan-dorks.txt
Created
January 26, 2022 03:32
— forked from JoyGhoshs/shodan-dorks.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hostname:target.com | to find all asset available for target.com on shodan | |
| http.title:"title" | to find server/host with similer title | |
| http.html:"/file" | to find server/host with similar path | |
| html:"context" | to find server/host with similar string | |
| server: "apache 2.2.3" | to find server/host with same server | |
| port:80 | to find server/host with same port | |
| os:"windows" | to find server/host with same os | |
| asn:AS3214 | to find host/server with matched asn | |
| http.status:200 | to find server/host with 200 http response code | |
| http.favicon.hash:"hash" | to find server/host with same favico hash |
sudoninja-noob
/ NeDi 1.9C Multiple XSS
Last active
November 4, 2020 11:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description:- | |
| NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. | |
| The application allows an attacker to execute arbitrary JavaScript code via the "Reports-Devices.php" page on "st[]" parameter. | |
| Steps To Reproduce:- | |
| 1. Login to the Application. | |
| 2. Go to "https://ip/Reports-Devices.php" page. | |
| 3. Add st[] parameter at the end of the URL. | |
| Example:- https://ip/Reports-Devices.php?in[]=device&op[]=~&st[]="><img src=x onerror=alert(document.domain)>&lir=10 |