Thank you Google for operands, and spyders that crawl the IOT. It never stops to amaze me how web shells that have been around for what seems like for ever are still around on websites today. Below are some of my favorite google dorks.
Want to find systems that have been compromised and have the R57 or C99 webshells in their directories. Look no further.
intitle: "r57" "disable functions"
inurl:sh3llZ/c99/
This is fun! Locate file vulnerabilities. It reveals the password directory.
inurl:access.cnf ext:cnf
You can find these and a lot more in the GHDB.
