Google Dork For "Remote File Inclusion"

Thursday, 10 May 2012

Google Dork For "Remote File Inclusion"

Google dorks are the center of the Google Hacking. Many hackers use google to find vulnerable webpages and later use these vulnerabilities for hacking.

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.
List Of Google Dork For Remote File Inclusion:
  • inurl:rte/my_documents/my_files
  • inurl:/my_documents/my_files/
  • inurl:/shoutbox/expanded.php?conf=
  • inurl:/main.php?x=
  • inurl:/myPHPCalendar/admin.php?cal_dir=
  • inurl:/index.php/main.php?x=
  • inurl:/index.php?include=
  • inurl:/index.php?x=
  • inurl:/index.php?open=
  • inurl:/index.php?visualizar=
  • inurl:/template.php?pagina=
  • inurl:/index.php?pagina=
  • inurl:/index.php?inc=
  • inurl:"index.php?page=contact.php"
  • inurl:"template.php?goto="
  • inurl:"video.php?content="
  • inurl:"pages.php?page="
  • inurl:"index1.php?choix="
  • inurl:tinybrowser/upload.php
  • inurl:examples/uploadbutton.html
  • inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
  • inurl:/include/new-visitor.inc.php?lvc_include_dir=
  • inurl:/_functions.php?prefix=
  • inurl:/cpcommerce/_functions.php?prefix=
  • inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
  • inurl:/modules/agendax/addevent.inc.php?agendax_path=
  • inurl:/ashnews.php?pathtoashnews=
  • inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=
  • inurl:/pm/lib.inc.php?pm_path=
  • inurl:/b2-tools/gm-2-b2.php?b2inc=
  • inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
  • inurl:/modules/agendax/addevent.inc.php?agendax_path=
  • inurl:/includes/include_once.php?include_file=
  • inurl:/e107/e107_handlers/secure_img_render.php?p=
  • intitle:index of? inurl:kindeditor

How to Use Google Dork For Remote File Inclusion:
  1. Copy anyone of the Google dork from above list
  2. Paste it in Google Search textbox and click Search
  3. Now, the Vulnerable Websites are listed in search result
  4. Click anyone of the link,You will find upload option on it 
  5. Now, you can upload your files like Images,HTML files,Document,Shell,RAT,etc.. ,
This is a simple method to find Remote File Inclusion(RFI) Vulnerable Websites using Google Dork. For an hacker google is not only a search engine its also a tool for hacking. Thank you!!

Visit also:
Disable Google.com From Redirecting To Local Country Google Domain
                            (To Get more Vulnerable Websites)

Please leave your Comment/Suggestion below. . .

Home