Monday, June 11, 2018

How to use Google to find unsecured web.configs

I can't believe how easy it is to find web.config that are not secured. Put this into Google and you will be amazed at what you will get back.

inurl:ftp inurl:web.config filetype:config

or

inurl:http inurl:web.config filetype:config

Imagine if any of them have passwords in them.

inurl:ftp inurl:web.config password

or

inurl:http inurl:web.config password



No comments: