Check out Google a Dream come true (otherwise known as WATCH WHAT YOU PUBLISH ON THE WORLD WIDE WEB!!!)
Got to the honey page that linked to the paper above via search:
intitle: "Index+of..etc" + passwd
from http://johnny.ihackstuff.com/index.php?module=prodreviews via Google search for:
googledorks
via MSNBC via Slashdot.
I’ve seen this before (Google does, after all, index everything it finds that isn’t blocked by a robots.txt file) but it appears that it has gotten rather extreme.
…
*************************************
SEARCH PATHS……. more to be added
*************************************
“Index of /admin”
“Index of /password”
“Index of /mail”
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailtoadministrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax indexallintitle: “index of/admin”
allintitle: “index of/root”
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:govinurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:”auth_user_file.txt”
inurl:”wwwroot/*.”
WARNING: It is NOT a good idea to just go downloading files that are out there (even though by publishing the files on webservers the files are being “published” to the public, although almost certainly unknowingly). Webservers keep logs of files accessed, the IP address of the person accessing the files, and it really wouldn’t be hard to correlate your IP with a visit and a download. So resist the urge to go downloading people’s [probably] sensitive files. An email to the site admin wouldn’t hurt, though! 😉