Some of the recent GHDB examples. I personally do not take any responsibility if any organization flaws are exposed with the help of commands displayed here, as these are available in GHDB and are visible to general public. Warning – if you click on links displayed, it might result in breaking the law by accessing a network without authorization.

Most SCADA protocols do not use encryption or authentication. When a PLC has a web server and is connected to the Internet, anyone who use below mentioned google dork can discover and perform undesired actions on the target. As shown, this search resulted in 82 results.

ghdb-1

 

Now let’s move on to some devices of NAS cloud services. The results increased to 374.

ghdb-2

 

Okay, what about finding a vulnerability in WordPress site. The exposure will be more disastrous when the vulnerability has got an exploit available. WordPress is one of the world’s most popular CMS, that’s the reason we get more results for our search (15,800). Below mentioned example looks for revslider plugin vulnerability.

ghdb-3

 

Let’s check a vulnerability from 2011 and see if it’s still available for exploitation. Hmmm, 32,600 results. The search string used here is generic and displays website using particular CMS software and with default footer. Further filtering on the search results will reveal older unpatched version.

ghdb-4

 

Leave a Reply

Your email address will not be published. Required fields are marked *