Back to Library

Find PHP Files

Finds exposed Woltlab Burning Board database configuration PHP files revealing database connection settings.

Intermediate
Use with caution
files

Google Dork Query:

inurl:database.php | inurl:info_db.php ext:php "Database V2.*" "Burning Board *
0
Not verified

What It Does

This dork targets database.php and info_db.php files associated with Woltlab Burning Board forum software. It uses 'inurl:' to match these filenames and 'ext:php' to ensure PHP files, combined with version text strings. Results may expose database credentials, hostnames, and configuration details.

Common Use Cases

  • Forum Security Assessment: Check if your Burning Board forum's database configuration files are publicly accessible and leaking credentials.
  • Credential Exposure Detection: Find exposed PHP database files that may contain plaintext database usernames and passwords.
  • Software Version Identification: Determine the exact Burning Board version running to check for known security vulnerabilities.

How to Use Safely

  1. Search Google with this dork to find exposed Burning Board database configuration files.
  2. Check if the PHP file renders as source code or is properly executed by the server.
  3. Look for database credentials, hostnames, and table prefixes in the exposed files.
  4. Report exposed configurations and recommend restricting direct file access via .htaccess rules.

Responsible Use Required

This dork should only be used on systems you own or have explicit authorization to test. Unauthorized access to computer systems is illegal. Always follow ethical guidelines and obtain proper permission before testing.

TAGS

php

Related Dorks

Find MODERATOR Files

Finds exposed vBulletin moderator control panels that may allow unauthorized forum moderation actions.

Exposed Configuration Files

Finds exposed configuration files (.config, .cfg, .ini) containing plaintext passwords and database credentials.

Find Backup-Management (phpMyBackup v.0.4 beta * ) Pages

Finds exposed phpMyBackup management interfaces that could allow unauthorized access to MySQL database backup operations.