☒️Part VII - Real World Exmaples

🌐 Google Dorks

1. Backups & database dumps (sensitive data)

Find exposed SQL, DB dumps and backup files that often contain DB credentials and PII.

  • filetype:sql inurl:wp-content/backup-*

  • filetype:sql inurl:wp-content/*

  • inurl:/wp-content/uploads/ filetype:sql

  • inurl:/wp-content/uploads/dump.sql

  • inurl:/wp-content/wpbackitup_backups

  • inurl:/wp-content/uploads/wp-backup-plus/

  • inurl:/wp-content/wpclone-temp/wpclone_backup/

  • inurl:wp-content/uploads/db-backup

What it means: Exposed DB backups -> high risk (credentials, user data).

2. Configuration files & wp-config leaks (critical secrets)

_Find wp-config files or backups that may contain DB credentials, salts, keys.*

  • filetype:txt inurl:wp-config.txt

  • intext:"the WordPress" inurl:wp-config ext:txt

  • intitle:"Index of" wp-config

  • intitle:"Index of" wp-config.php

  • inurl:wp-config -intext:wp-config "'DB_PASSWORD'"

  • inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner

  • inurl:wp-config-backup.txt

  • inurl:wp-config.bak

  • inurl:wp-license.php?file=../..//wp-config

What it means: wp-config.php exposures are immediate, critical findings.

3. Indexes & directory listings

_Find directories with listing enabled (can leak files, configs, backups).*

  • intitle:"Index of" wp-admin

  • intitle:"Index of" wp-content

  • intitle:"Index of" wp-upload

  • intitle:"Index of" /wp-content/uploads

  • inurl:/wp-content/uploads/ intitle:"index of"

  • Index:Index of /wp-content/uploads

What it means: Open directory listing can expose many sensitive files.

4. Plugin & theme artifacts (known risky plugins / leftovers)

_Search for plugin folders, known plugin backup endpoints or files that often leak data or are vulnerable.*

  • inurl:"/wp-content/plugins/wp-shopping-cart/"

  • inurl:"/wp-content/plugins/wp-dbmanager/"

  • "plugins/wp-db-backup/wp-db-backup.php"

  • inurl:"/wp-content/plugins/wp-mobile-detector/" ext:php

  • inurl:/wp-content/plugins/fgallery/

  • inurl:/wp-content/plugins/inboundio-marketing/

  • inurl:/wp-content/plugins/seo-pressor/classes/

  • inurl:/wp-content/plugins/video-synchro-pdf

  • inurl:/wp-content/plugins/wpSS/

  • inurl:wp-contentpluginsall-in-one-seo-pack

  • inurl:/wp-content/themes/tigin/

  • inurl:/wp-content/themes/xunjin/

  • inurl:/wp-content/plugins/age-verification/age-verification.php

What it means: Plugin/theme presence can indicate outdated code or known vulnerabilities.

5. Uploads & file managers (user uploads & logs)

_Find uploaded files, log files, and file-manager leftovers that may contain secrets or backups.*

  • inurl:"wp-content/uploads/file-manager/log.txt"

  • inurl:"wp-content/uploads/private"

  • inurl:wp-content/uploads filetype:xls | filetype:xlsx password

  • inurl:wp-content/uploads/ninja-forms/ intitle:"index of"

  • inurl:wp-content/uploads/levoslideshow/

  • inurl:wp-content/uploads/ filetype:sql

  • inurl:wp-content/uploads/dump.sql

  • inurl:wp-content/debug.log

  • inurl:wp-content/w3tc/dbcache/

What it means: Uploaded files often contain exports, configs, logs with secrets.

6. Login & user enumeration (authentication surfaces)

_Find login pages, registration endpoints, or user enumeration APIs.*

  • inurl:"/wp-login.php?action=lostpassword"

  • inurl:wp-login.php +Register Username Password "remember me"

  • inurl:wp-login.php?action=register

  • inurl:wp/wp-login.php

  • inurl:/wp/wp-admin/

  • inurl:wp/wp-login.php

  • site:*/wp-login?redirect_to= intitle:"login"

  • inurl:/wp-json/wp/v2/users/ "id":1,"name":" -wordpress.stackexchange.com -stackoverflow.com

What it means: Login endpoints are normal, but they can be abused for brute force or user enumeration. The WP REST users endpoint can leak usernames.

7. Admin & setup pages (installation/repair/backdoor vectors)

_Find admin setup pages and repair scripts that may expose configs or allow initialization.*

  • inurl:"/wp-admin/setup-config.php" intitle:"Setup Configuration File"

  • site:*/wp-admin/install.php intitle:WordPress Installation

  • site:*/wp-admin/maint/repair.php intext:"define(WP_ALLOW_REPAIR,true);"

  • inurl:/wp-admin/admin.php intitle:"Log In"

  • inurl:/wp-admin/includes/plugin-install.php

  • inurl:/wp-admin/post.php?post=

  • inurl:wp-admin/ intext:css/

  • site:*/wp-settings.php

What it means: These endpoints are part of management flows β€” exposed setup/repair pages are sensitive.

8. Logs & audit trails

_Find log files or audit plugin logs that are publicly accessible.*

  • inurl:"wp-security-audit-log" ext:log

  • inurl:log -intext:log ext:log inurl:wp-

  • inurl:wp-content/uploads/file-manager/log.txt

What it means: Logs can reveal usernames, IPs, SQL errors and other sensitive artifacts.

9. Misc & legacy artifacts

Other interesting endpoints and common leakage patterns.

  • inurl:wp-links-opml.php

  • inurl:wp-mail.php + "There doesn't seem to be any new mail."

  • inurl:wp-download.php?dl_id=

  • inurl:wp-license.php?file=../..//wp-config

  • site:*/wordpress/wordpress.bak/

  • site:*/wp-contents/ inurl:/wp-contents/

  • site:*/wp-includes/ inurl:/wp-includes/

  • site:*/wp-includes/Requests/php_errorlog

  • inurl:wp-content/ inurl:backups

  • "proudly powered by WordPress" / "is proudly powered by WordPress"

What it means: Legacy files, backups, or obscure endpoints that reveal installation details.

PreviousPart IV – Post-Exploitation

Last updated