-
-
Save initpwn/4d3b1a60e061f7dc57ff to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #md5 hash of most used password 123456 | |
| #ref: https://twitter.com/TekDefense/status/294556153151647744 | |
| https://github.com/search?q=e10adc3949ba59abbe56e057f20f883e&type=Code&ref=searchresults | |
| #DB_PASSWORD | |
| #ref: http://seclists.org/fulldisclosure/2014/Mar/343 | |
| https://github.com/search?q=define%28%22DB_PASSWORD%22&type=Code&ref=searchresults | |
| #Possible SQL injection | |
| #ref: http://seclists.org/fulldisclosure/2013/Jun/15 | |
| https://github.com/search?p=3&q=extension%3Aphp+mysql_query+%24_GET&ref=searchresults&type=Code | |
| #Possible PHP backdoor | |
| #ref: http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html | |
| stars:>1000 forks:>100 extension:php "eval(preg_replace(" | |
| https://github.com/search?q=stars%3A%3E1000+forks%3A%3E100+extension%3Aphp+%22eval%28preg_replace%28%22&type=Code&utf8=%E2%9C%93 | |
| #private keys | |
| #ref: http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html | |
| extension:pem private | |
| https://github.com/search?p=100&q=extension%3Apem+private&ref=searchresults&type=Code&utf8=%E2%9C%93 | |
| #email addresses | |
| #ref: http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html | |
| extension:xls mail | |
| #find PHP applications that don't verify SSL certificates | |
| lang:php "CURLOPT_SSL_VERIFYPEER,FALSE" | |
| #find hard coded wordpress passwords | |
| https://github.com/search?utf8=%E2%9C%93&q=filename%3Awp-config.php+&type=Code&ref=searchresults |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment