Bu yazımızda Güncel SQL Dorkları | 2024 sizlerle paylaşacağız.
(Bu yazı 11 Ağustos 2024 tarihi itibari ile güncellenmiş olup, 2500 dork üstüne 300 yeni dork eklenmiştir.)
Çoğu kişi internette ‘güncel dorklar’, ‘SQL dorkları’, ‘SQL dork 2022’, ‘güncel SQL dorkları 2024’ gibi aramalar yapıyor.
SQL açıklarını tespit etmek için, siteyi açtığınızda ‘id=’ yanına bir tırnak işareti (‘) koyun. Eğer sitede MYSQL error tarzı bir hata alıyorsanız, sitede açık vardır.
Ancak karşınıza boş bir sayfa çıkıyorsa, açık olmayabilir.
Havij ve SQLmap araçları ile bu sitelerin veritabanlarına erişebilirsiniz.
SQLmap kullanmayı bilmiyorsanız, yazımızı okumanızı öneriyoruz.
İlginizi çekebilecek yazımız: Kali Linux SQLMAP Nedir ? Nasıl Kullanılır ?
Dork Nedir ?
Dork, belirli kelimeleri belirleyerek arama motorları üzerinde filtreleme yapmamıza sağlayan kelimelerdir.
Örnek olarak inurl yazarak sitelerin başlıklarında arama yapmasını isteyebiliriz.
inurl:index.php?id= intext:”Yemek” site:tr
inurl index php ile sitelerin ana sayfasını bulmasını istedik, intext ile site içerisinde ki yemek kelimelerini bize çıkarmasını istedik.
Güncel dorklar kullanarak da hızlı bir şekilde çok fazla SQL açıklı site bulursunuz.
Bu sitelerden de inceleyebilirsiniz.
Site Linki: Google Dorks Lists
Güncel Dorklar
inurl:php?id= –>> Bu dork ile php altyapılı sitelerde ki SQL açıklarını tespit edebilirsiniz.
inurl:php?id= site:gr –>> Böyle yazarsanız da Yunanistan uzantılı siteleri tespit edebilirsiniz.
inurl:php?id= intext:”You have an error in your SQL syntax” — >> Bu dork SQL dorkları arasında en iyilerindendir.
Bu dork ile php uzantılı sitelerde SQL hatası olan siteleri karşımıza çıkarır.
inurl:index.php?id= intext:”You have an error in your SQL syntax” — >> Bu dork ile index.php olan anasayfalarda SQL hatalarını tarar.
inurl:gallery.php?id = intext:”You have an error in your SQL syntax” — >> gallery.php olan yerde SQL hatalarını arar.
Güncel SQL Dorklar
"ORA-00921: unexpected end of SQL command" "ORA-00933: SQL command not properly ended" "ORA-00936: missing expression" "ORA-12541: TNS:no listener" intitle:"error occurred" "You have an error in your SQL syntax near" "Warning: mysql_connect(): Access denied for user: '*@*'" "Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" "Unclosed quotation mark before the character string" "Supplied argument is not a valid MySQL result resource" "Supplied argument is not a valid PostgreSQL result" "Warning: Division by zero in" "on line" "Warning: Cannot modify header information - headers already sent" "Warning: mysql_query()" "invalid query" "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" "Microsoft OLE DB Provider for ODBC Drivers error" Sensitive Information Exposure "phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" "robots.txt" "Disallow:" filetype:txt "your password is" filetype:log "parent directory" DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums" "parent directory" MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums" "parent directory" Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums" "phpMyAdmin MySQL-Dump" filetype:txt "phpMyAdmin" "running on" inurl:"main.php" "Please authenticate yourself to get access to the management interface" "Please login with admin pass" -"leak" -sourceforge "phone * * *" "address *" "e-mail" intitle:"curriculum vitae" "powered by openbsd" +"powered by apache" "Select a database to view" intitle:"filemaker pro" "set up the administrator user" inurl:pivot "Shadow Security Scanner performed a vulnerability assessment" "SquirrelMail version" "By the SquirrelMail development Team" "Supplied argument is not a valid PostgreSQL result" "This section is for Administrators only. If you are an administrator then please" "This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac "robots.txt" "Disallow:" "Web File Browser" "Use regular expression" "phpMyAdmin" "running on" "VNC Desktop" inurl:5800 "xampp/phpinfo" "YaBB SE Dev Team" Login Portals and Admin Interfaces "Login" inurl:admin "admin" inurl:login "admin.php" "admin/login.php" "site admin" intitle:"login" "site administration" intitle:"login" "backend" intitle:"login" "admin login" intitle:"site" "admin area" intitle:"login" "private" intitle:"login" "restricted" intitle:"login" "dashboard" inurl:admin "admin panel" inurl:login "admin page" inurl:login "secure area" intitle:"login" "protected" intitle:"login" "control panel" intitle:"login" "manage" intitle:"login" "login page" inurl:admin "admin.aspx" "admin_login" "controlpanel" "site control" intitle:"login" "administrator" "cpanel" "cms admin" "admin login" "portal" intitle:"admin" "member" intitle:"login" "protected area" intitle:"login" "moderator" intitle:"login" "admin.php?action=login" "root" intitle:"login" "secure login" "site admin" intitle:"login" "sysadmin" "superuser" intitle:"login" "manager" intitle:"login" "restricted area" intitle:"login" "webadmin" intitle:"login" "management" intitle:"login" "site admin" inurl:login "root" inurl:admin "admin_index" "login.asp" "admin.html" "admin_login.asp" "adminarea" "login.php?admin" "admin_login.jsp" "admin access" "secure admin" "admin access" "admin restricted" "admin_dashboard" "site admin" inurl:login "manager" inurl:admin "admin.cgi" "moderator" inurl:login "admin area" inurl:login
view_items.php?id=
home.php?cat=
item_book.php?CAT=
www/index.php?page=
schule/termine.php?view=
goods_detail.php?data=
storemanager/contents/item.php?page_code=
view_items.php?id=
customer/board.htm?mode=
help/com_view.html?code=
n_replyboard.php?typeboard=
eng_board/view.php?T****=
prev_results.php?prodID=
bbs/view.php?no=
gnu/?doc=
zb/view.php?uid=
global/product/product.php?gubun=
m_view.php?ps_db=
productlist.php?tid=
product-list.php?id=
onlinesales/product.php?product_id=
garden_equipment/Fruit-Cage/product.php?pr=
product.php?shopprodid=
product_info.php?products_id=
productlist.php?tid=
showsub.php?id=
productlist.php?fid=
products.php?cat=
products.php?cat=
product-list.php?id=
product.php?sku=
store/product.php?productid=
products.php?cat=
"index of" "siri"
"index of" "plugins/wp-rocket"
intitle:"index of" secrets.yml
intitle:"index of /" "*key.pem"
intitle:"index of" "admin/sql/"
intext:"index of /" "config.json"
index of .svn/text-base/index.php.svn-base
intitle:"index of" admin.tar
inurl:/servicedesk/customer/user/login
Dork: "Index of" "upload_image.php"
Dork: "index of" "Production.json"
index.of.?.frm
inurl:wp-content/plugins/brizy
"Index of" "customer.php"
inurl:adminlogin.jsp
inurl:/download_file/ intext:"index of /"
index of /backend/prod/config
intext:"index of /" "customer.php" "~Login"
intext:"INTERNAL USE ONLY" ext:doc OR ext:pdf OR ext:xls OR ext:xlsx
intext:"Welcome to Intranet" "login"
"Index of" "/access"
inurl:admin/data* intext:index of
intext:powered by JoomSport - sport WordPress plugin
inurl:wp-content/themes/newspaper
intitle:"index of" "users.sql"
intext:"index of /" "*.yaml"
index of "jira" inurl:login
inurl:".Admin;-aspx }" "~Login"
"login" intitle:"intext:"Welcome to Member" login"
intitle:"index of" "survey.cgi"
intitle:index.of.?.db
index of /wp-content/uploads/backupbuddy
index of logs.tar
"Index of" "sass-cache"
"index of sqlite"
inurl:index.shtml
index of "logs.zip"
intitle:"index of" "dev/config"
inurl:"wp-contentpluginsphoto-gallery"
"root.log" ext:log
intitle:"index of" "nrpe.cfg"
intitle:"index of /" "nginx.conf"
intitle:"*Admin Intranet Login"
inurl:.*org/login
intitle:"index of" pass.php
"index of" "fileadmin"
site: target.com ext:action | ext:struts | ext:do
index of "backup.zip"
intitle:"index of" "shell.php"
"microsoft internet information services" ext:log
DORK : intext:"index of" "var/log/"
intitle:"index of" "filemail.pl"
intitle:"index of" "wp-admin.zip"
intitle:"Intranet Login"
intitle:"Dashboard [Jenkins]"
_news/news.php?id=
-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp
!Host=*.* intext:enc_UserPassword=* ext:pcf
?action=
?cat=
?id=
?intitle:index.of? mp3 artist-name-here
?intitle:index.of? mp3 name
?page=
?pagerequested=
?pid=
" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
": vBulletin Version 1.1.5"
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"A syntax error has occurred" filetype:ihtml
"About Mac OS Personal Web Sharing"
"access denied for user" "using password"
"allow_call_time_pass_reference" "PATH_INFO"
"An illegal character has been found in the statement" -"previous message"
"apricot - admin" 00h
"ASP.NET_SessionId" "data source="
"AutoCreate=TRUE password=*"
"bp blog admin" intitle:login | intitle:admin -site:johnny.ihackstuff.com
"Can't connect to local" intitle:warning
"Certificate Practice Statement" inurl:(PDF | DOC)
"Chatologica MetaSearch" "stack tracking:"
"Chatologica MetaSearch" "stack tracking"
"detected an internal error [IBM][CLI Driver][DB2/6000]"
"Duclassified" -site:duware.com "DUware All Rights reserved"
"duclassmate" -site:duware.com
"Dudirectory" -site:duware.com
"dudownload" -site:duware.com
"Dumping data for table"
"DUpaypal" -site:duware.com
"Elite Forum Version *.*"
"Emergisoft web applications are a part of our"
"Error Diagnostic Information" intitle:"Error Occurred While"
"error found handling the request" cocoon filetype:xml
"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights-
"Fatal error: Call to undefined function" -reply -the -next
"ftp://" "www.eastgame.net"
"Host Vulnerability Summary Report"
"HostingAccelerator" intitle:"login" +"Username" -"news" -demo
"html allowed" guestbook
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"http://*:*@www" domainname
"iCONECT 4.1 :: Login"
"IMail Server Web Messaging" intitle:login
"Incorrect syntax near"
"Index of /" +.htaccess
"Index of /" +passwd
"Index of /" +password.txt
"Index of /admin"
"Index of /backup"
"Index of /mail"
"Index Of /network" "last modified"
"Index of /password"
"index of /private" -site:net -site:com -site:org
"index of /private" site:mil
"Index of" / "chat/logs"
"index of/" "ws_ftp.ini" "parent directory"
"inspanel" intitle:"login" -"cannot" "Login ID" -site:inspediumsoft.com
"Installed Objects Scanner" inurl:default.asp
"Internal Server Error" "server at"
"intitle:3300 Integrated Communications Platform" inurl:main.htm
"intitle:index of"
"Invision Power Board Database Error"
"Link Department"
"liveice configuration file" ext:cfg
"liveice configuration file" ext:cfg -site:sourceforge.net
"Login - Sun Cobalt RaQ"
"login prompt" inurl:GM.cgi
"Login to Usermin" inurl:20000
"MacHTTP" filetype:log inurl:machttp.log
"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log
"Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log
"Microsoft CRM : Unsupported Browser Version"
"More Info about MetaCart Free"
"Most Submitted Forms and s?ri?ts" "this section"
"Most Submitted Forms and Scripts" "this section"
"mysql dump" filetype:sql
"mySQL error with query"
"Network Host Assessment Report" "Internet Scanner"
"Network Vulnerability Assessment Report"
"not for distribution" confidential
"not for public release" -.edu -.gov -.mil
"OPENSRS Domain Management" inurl:manage.cgi
"ORA-00921: unexpected end of SQL command"
"ORA-00933: SQL command not properly ended"
"ORA-00936: missing expression"
"ORA-12541: TNS:no listener" intitle:"error occurred"
"Output produced by SysWatch *"
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory" +proftpdpasswd
"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php
"pcANYWHERE EXPRESS Java Client"
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
"Phorum Admin" "Database Connection" inurl:forum inurl:admin
"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the"
"phpMyAdmin MySQL-Dump" filetype:txt
"phpMyAdmin" "running on" inurl:"main.php"
"Please authenticate yourself to get access to the management interface"
"please log in"
"Please login with admin pass" -"leak" -sourceforge
"PostgreSQL query failed: ERROR: parser: parse error"
"powered | performed by Beyond Security's Automated Scanning" -kazaa -example
"Powered by mnoGoSearch - free web search engine software"
"powered by openbsd" +"powered by apache"
"Powered by UebiMiau" -site:sourceforge.net
"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt
"Running in Child mode"
"Select a database to view" intitle:"filemaker pro"
"set up the administrator user" inurl:pivot
"sets mode: +k"
"sets mode: +p"
"sets mode: +s"
"Shadow Security Scanner performed a vulnerability assessment"
"site info for" "Enter Admin Password"
"SnortSnarf alert page"
"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near"
"SquirrelMail version" "By the SquirrelMail development Team"
"Supplied argument is not a valid MySQL result resource"
"Supplied argument is not a valid PostgreSQL result"
"Syntax error in query expression " -the
"SysCP - login"
"Thank you for your order" +receipt
"The following report contains confidential information" vulnerability -search
"The s?ri?t whose uid is " "is not allowed to access"
"The script whose uid is " "is not allowed to access"
"The statistics were last upd?t?d" "Daily"-microsoft.com
"There are no Administrators Accounts" inurl:admin.php -mysql_fetch_row
"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."
"This is a restricted Access Server" "Javas?ri?t Not Enabled!"|"Messenger Express" -edu -ac
"This is a Shareaza Node"
"this proxy is working fine!" "enter *" "URL***" * visit
"This report lists" "identified by Internet Scanner"
"This report was generated by WebLog"
"This section is for Administrators only. If you are an administrator then please"
"This summary was generated by wwwstat"
"Traffic Analysis for" "RMON Port * on unit *"
"ttawlogin.cgi/?action="
"Unable to jump to row" "on MySQL result index" "on line"
"Unclosed quotation mark before the character string"
"Version Info" "Boot Version" "Internet Settings"
"VHCS Pro ver" -demo
"VNC Desktop" inurl:5800
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "failed to open stream: HTTP request failed" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The s?ri?t whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"
"Web File Browser" "Use regular expression"
"Web-Based Management" "Please input password to login" -inurl:johnny.ihackstuff.com
"WebExplorer Server - Login" "Welcome to WebExplorer Server"
"WebSTAR Mail - Please Log In"
"Welcome to Administration" "General" "Local Domains" "SMTP Authentication" inurl:admin
"Welcome to Intranet"
"Welcome to PHP-Nuke" congratulations
"Welcome to the Prestige Web-Based Configurator"
"xampp/phpinfo
"YaBB SE Dev Team"
"you can now password" | "this is a special page only seen by you. your profile visitors" inurl:imchaos
"You have an error in your SQL syntax near"
"You have requested access to a restricted area of our website. Please authenticate yourself to continue."
"You have requested to access the management functions" -.edu
"Your password is * Remember this for later use"
"your password is" filetype:log
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject
("Indexed.By"|"Monitored.By") hAcxFtpScan
((inurl:ifgraph "Page generated at") OR ("This page was built using ifgraph"))
(intitle:"Please login - Forums
(intitle:"PRTG Traffic Grapher" inurl:"allsensors")|(intitle:"PRTG Traffic Grapher - Monitoring Results")
(intitle:"rymo Login")|(intext:"Welcome to rymo") -family
(intitle:"WmSC e-Cart Administration")|(intitle:"WebMyStyle e-Cart Administration")
(intitle:WebStatistica inurl:main.php) | (intitle:"WebSTATISTICA server") -inurl:statsoft -inurl:statsoftsa -inurl:statsoftinc.com -edu -software -rob
(inurl:"ars/cgi-bin/arweb?O=0" | inurl:arweb.jsp) -site:remedy.com -site:mil
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
(inurl:/shop.cgi/page=) | (inurl:/shop.pl/page=)
[WFClient] Password= filetype:ica
*.php?include=
*.php?secc=
Güncel 2024 Dorklar
site:accounts..com/signin/ intitle:"index of" drupal intitle:"index of" admin inurl:login.cgi Pages Containing Login Portals site:/joomla/administrator
inurl:/login/index.jsp -site:hertz.*
intitle:"Index of" inurl:wp-json/oembed
intitle:"Index of" phpmyadmin
intitle:"Index of" wp-admin
intitle:index.of.?.sql
inurl: /filemanager/dialog.php
s3 site:amazonaws.com filetype:log
inurl:cgi/login.pl
inurl:zoom.us/j and intext:scheduled for
site:*/auth intitle:login
nurl: admin/login.aspx Pages Containing Login Portals
"Index of" inurl:webalizer
"Index of" inurl:phpmyadmin
"Index of" inurl:htdocs inurl:xampp
s3 site:amazonaws.com intext:dhcp filetype:txt inurl:apollo
inurl:/index.aspx/login
site:amazonaws.com inurl:login.php
intitle:"IIS Windows Server" -inurl:"IIS Windows Server"
intitle:"Apache2 Ubuntu Default Page: It works"
inurl:/filedown.php?file=
inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
inurl:app/kibana intext:Loading Kibana
site:https://docs.google.com/spreadsheets edit
inurl:8443 AND -intitle:8443 AND -intext:8443 prohibited|restricted|unauthorized
intitle:"index of" unattend.xml
inurl:/admin/index.php
inurl:bc.googleusercontent.com intitle:index of
inurl:office365 AND intitle:"Sign In | Login | Portal"
intext:"@gmail.com" AND intext:"@yahoo.com" filetype:sql
intitle:OmniDB intext:"user. pwd. Sign in."
intitle:"qBittorrent Web UI" inurl:8080
site:com inurl:jboss filetype:log -github.com
intitle:"index of" ".cpanel/caches/config/"
inurl:'/scopia/entry/index.jsp'
inurl:/index.aspx/login
intitle: "index of" "./" "./bitcoin"
inurl:/portal/apis/fileExplorer/
intitle:"index of" "/aws.s3/"
intitle:"index of" hosts.csv | firewalls.csv | linux.csv | windows.csv
intitle:Test Page for the Nginx HTTP Server on Fedora
inurl:_cpanel/forgotpwd
intitle:"index of /" intext:/backup
intitle:"Swagger UI - " + "Show/Hide"
site:drive.google.com /preview intext:movie inurl:flv | wmv | mp4 -pdf -edit -view
intext:"class JConfig {" inurl:configuration.php
"index of" "database.sql.zip"
Güncel 2022 dorklara aşağıda ki linkten ulaşabilirsiniz. Güncel 2023 Dorkların Tamamı Sorumluluk Reddi: Burada anlatılanların tamamı bilgilendirme amaçlıdır. Dorkların kötüye kullanımından Siber Güvenlik Portalı kesinlikle sorumluluk almaz.