Some of your db passwords are belong to us

OOPS!Google opened up a new search sevice called Google Code Search today. The new search allows you to search through a huge index of code that the Google search engine has crawled over the years.

Being the curious beings we are, a friend of mine and I immediately started searching for passwords to see just how much Google was indexing. It didn’t turn up much in the way of anything “secret” until we refined our search to just wp-config files (the file that contains the database connection information for Wordpress installs).

That worked. Since Google Code Search actually indexes the contents of compressed files like ZIP and TARBALL files, we were able to find copies of people’s wp-config files and several contained usernames and passwords.

Here’s an example search.

Now, this only pulls up 50 results (after filtering out the sample config files), but we only looked for Wordpress config files. Who knows what other similar files out there are being indexed and made public. So, a lesson to webmasters– don’t put anything you don’t want seen in a zip file on your server. Perhaps obvious to most, but worth repeating.

65 Responses to “Some of your db passwords are belong to us”

  1. If you search for the following, you’ll see database connection strings within ASP.NET 2.0 applications.

    connectionstring file:web.config

    Chris Pietschmann said this on October 5th, 2006 at 1:01 pm

  2. […] One Digger claims he found WordPress admin passwords in Google Code. […]

    » Google Code Search Full Of Fun Stuff » InsideGoogle » part of the Blog News Channel said this on October 5th, 2006 at 1:57 pm

  3. I’m sure more security holes will be revealed as web2.0 science progresses.

    Dave Lucas said this on October 6th, 2006 at 11:49 am

  4. This is a mayor security problem… Thank you for bringing this into our attention!

    Michael Müller said this on October 6th, 2006 at 12:11 pm

  5. Google Code Search muestra resultados de bases de datos de passwords para Wordpress…

    Según explican en este blog [inglés], la nueva herramienta de Google es sin duda poderosa. Entre la ingente cantidad de código indexado, es capaz de mostrar ficheros de bases de datos conteniendo passwords reales. En este caso, se muestra como ejemp…

    meneame.net said this on October 6th, 2006 at 12:23 pm

  6. Wait so can you search .php code? How can google see the code if its done serverside before google recieves it?

    Nate said this on October 6th, 2006 at 12:26 pm

  7. OMG! This is a huge security hole! Nice find

    mark said this on October 6th, 2006 at 12:35 pm

  8. It only sees code that servers let out. This is actually kind of lame since it is only showing code that people publically put up.

    Chris said this on October 6th, 2006 at 12:38 pm

  9. For MovableType:

    http://google.com/codesearch?q=file%3Amt-db-pass.cgi

    A search for “mt-load.cgi” could be interesting too.

    Wally Glutton said this on October 6th, 2006 at 12:40 pm

  10. @Chris Pietschmann
    Actually searching through those results, you will see they are pretty much all example implementations or default source code listings. Nothing to see here…

    Forrest M said this on October 6th, 2006 at 12:44 pm

  11. Default setup listings may appear to be innocuous, but you’d be surprised how many implementations of said defaults are used…Think of the whole ATM default master password fiasco we had a couple weeks ago.

    Jack Handy said this on October 6th, 2006 at 12:49 pm

  12. Nate, Google indexed php files inside tarballs, not the plain php files.

    Wei said this on October 6th, 2006 at 12:50 pm

  13. […] Das habe ich gerade bei digg gefunden: “Some of your db passwords are belong to us” […]

    funkensturm. | Manuel Wiedenmann » WP Passwörter durch Google Code Suche finden said this on October 6th, 2006 at 12:52 pm

  14. This isn’t going to find passwords for production pages. However, it is worth bringing to light because people may not be aware that files they are storing in compressed files on their server are being indexed.

    Obviously, it’s up to the developer to CYA when you post anything online. But, I can see someone, in a hurry, making a backup of their Wordpress install and possibly storing it in a ZIP file on their server. Not thinking that the db passwords are then stored in plain text inside that ZIP file.

    It’s not so much about your password getting out, it’s more about being aware of how easy it is becoming for people to find your data in places you may not have expected (like inside a ZIP file).

    Noah said this on October 6th, 2006 at 12:53 pm

  15. all these results are from TAR and ZIP files containing unexecuted PHP code it seems… not from the PHP source after being pushed by the server. Just don’t backup your code on the server!

    bw said this on October 6th, 2006 at 12:54 pm

  16. It’s not showing code in active php files… just files which are compressed (zipped, tarred, etc). Many people use backup systems which will compress their core files, one of them being the config. This is a very scary issue.

    omnitrick said this on October 6th, 2006 at 12:54 pm

  17. http://www.google.com/codesearch?q=+file:config.inc.php+%22MySQL+password%22+%22root%22+show:MEPOI3Ieh4w:JEhXJCZDFi8:hd4MbB0WDkE&sa=N&cd=10&ct=rc&cs_p=http://www.html-gruppen.nu/artiklar/server/apache/installera/del2/filer_del02_phpmyadmin.zip&cs_f=config.inc.php#a0

    or root password

    r1231231x said this on October 6th, 2006 at 12:57 pm

  18. Any *active* PHP, ASP, CGI, etc. files should be safe from this type of search — i.e. your own wp-config.php file on your server, as long as the appropriate engine is running.

    The danger here is that sometimes people will create backup copies, and those copies won’t get parsed as PHP. Maybe it’s been been renamed to something like wp-config.php.bak, or maybe (as with several of the examples here) it’s been put in an archive like wp-backup.tar.gz. Or maybe something broke your server config and you were accidentally serving PHP files as text, and Google dropped in at exactly the wrong time.

    If those backup files are visible to the web server, and if something online points to that location — maybe they’re in a folder with indexing on and no default document, and something mistakenly links to that folder — then it could get indexed and searched.

    It’s worth noting as well that an attacker who had reason to suspect the files were there, and a way to determine the exact filename (easier if it’s in a directory with indexing enabled), wouldn’t need a link, wouldn’t even need it to show up in Google. They could just go straight to your site and download the archive.

    Kelson said this on October 6th, 2006 at 12:58 pm

  19. connectionstring file:web.config, does not work. All there where was example files and tutorials

    tim said this on October 6th, 2006 at 1:01 pm

  20. […] Death By Comet digg […]

    Nuudelisoppa » Some of your db passwords are belong to us said this on October 6th, 2006 at 1:08 pm

  21. […] There are a lot of possibilities to circumvent rudamentary protections, and not all of them are as ovbious. One that was recently brought to my attention by this blog entry is backing up your website and leaving the compressed file accessable via the web. Not only could someone download the file, decompress it and browse through all your files (not just the configuration files with your passwords, but any other “hidden” files or information you have residing in your directory) but with new and useful services out there such as “google code” which will index compressed files (such as your config files with password inside of that backup you made) someone can now just do a search for your passwords making it easier than ever to obtain sensative information and exploit it, or you. […]

    s1rk3ls » Password paranoia said this on October 6th, 2006 at 1:15 pm

  22. […] My buddy over at Death By Comet is really gettin’ his digg on. Noah - you’re welcome!   […]

    Hoosierplew » Death By Comet gettin’ all dugged on said this on October 6th, 2006 at 1:16 pm

  23. A good way to prevent some of these problems is to put passwords in non-public directories. The wp config files put passwords in public directories by default, instructing you just to change the password. I always include my passwords from a non-public directory (such as ../ if my php script is in the public_html directory). This way, even if the PHP code isn’t processed for some reason, the password is not publically accessiable.

    I use to use .inc files like ‘init.inc’. Move to a server were .inc files aren’t processed as PHP and you have a security problem. But, not if they aren’t in public directories.

    Now I’ve got to go stop the convenient zip backups I make publically accessible for my clients to download. :-)

    Joel Dare said this on October 6th, 2006 at 1:22 pm

  24. It is searching tars and zips on servers

    Alfonso said this on October 6th, 2006 at 1:22 pm

  25. […] read more | digg story […]

    AlbanyWiFi.com » Blog Archive » Finding Passwords with Google Code said this on October 6th, 2006 at 1:40 pm

  26. […] Kolmas asi mida pragu just lugesin oli Death By Comet blogi postitus et näe kui huvitav on otsida wp-config failide MySQL ühenduse kasutaja nime ja paroole. Kui serveris on wp-config.php nüüd pakitult kogemata ja paroolid failis sees siis võib minna üsna pahasti. Näide ka kuidas asi on GOOGLE! sotsiaalveeb:These icons link to social bookmarking sites where readers can share and discover new web pages. […]

    Google Code Search tekitab palju lõbu at Kristjan in Tallinn said this on October 6th, 2006 at 1:44 pm

  27. […] In deze posting wordt als voorbeeld gegeven hoe je met de tool zeer eenvoudig op zoek kunt gaan naar database-passwords in Wordpress config files. Dus bloggers, timmer de boel goed dicht voor zover je dat nog niet gedaan hebt en stel geen files beschikbaar die de buitenwereld niet hoeft te zien. Want van dit soort resultaten zou je toch niet vrolijk moeten worden. Ik zou niet verbaasd zijn als we binnenkort nog veel meer creatieve zoekresultaten te zien krijgen. […]

    MarcNext » Bloggers waak voor je database said this on October 6th, 2006 at 2:01 pm

  28. […] Originally from here. […]

    Google Code Search « IT Consultant/Network Engineer said this on October 6th, 2006 at 2:12 pm

  29. […] Nachdem mit Google Codesearch erst vor kurzem ein neuer Dienst gestartet ist, mit dem es erstmalig möglich ist, in Quellcodes und sogar in Zip- oder Tarball-Archiven auf Servern zu suchen, wird auf Digg schon die erste Sicherheitslücke entdeckt. Laut diesem Weblogeintrag lassen sich mit Codesearch auch relativ simpel Zugangsdaten zu Datenbanken etc. herausfischen. Dumme Sache das. Ich hoffe, unsere ist nicht dabei. Diese Icons führen euch zu verschiedenen Social Bookmarking Seiten. […]

    .. said this on October 6th, 2006 at 2:17 pm

  30. […] Em forma de pesquisa algumas pessoas buscaram obter acesso a senhas alheias utilizando expressões regulares no code search. No exemplo foi utilizada uma busca que retorna senhas de banco de dados de blogs do tipo wordpress. […]

    Rafael Dohms » Code Search: Novas ameaças de segurança said this on October 6th, 2006 at 3:49 pm

  31. […] Konu ile ilgili birkaç yazı: http://shiflett.org/archive/269 http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ http://www.securityfocus.com/archive/107/447729/30/0 […]

    Google kod arama servisi: Script kiddy cenneti, zaxaz.yns said this on October 6th, 2006 at 3:49 pm

  32. similar searches have been around for a while

    Atari said this on October 6th, 2006 at 4:28 pm

  33. […] read more | digg story No Tags 9:34 pm | Tag Cloud .NET Active Directory Adware AMD AOL Apple Backup Blogging boot disk boot up boot.ini Botnets Browsers Browsershield Case Mods cold boot command line Control Panel Copy DVDs Core 2 Duo Detailed Bookmarks DHCP digital music DLL Help drivers Education Facetime Firefox Gadgets Gaming News Gateway Google GPEDIT.MSC Group Policy Group Policy Editor hard disk Hardware HDTV hoax cloaking How To HP hybrid drive IBM AS/400 and iSeries IE7 instant messaging Intel Intel Developer Forum Internet Connection Firewall Internet Explorer internet hoaxes iPod iTunes iTV LCD TV Linux Longhorn Server News Macbooks Malware manage desktops Messenger Microsoft News Microsoft Points Mirrored Volumes MySQL Network Connections Networking Office News OpenRide operating system paging file password Pentium Piracy Plug and Play PowerPoint PRAM publisher Raid 5 RAM RC1 reboots registry reinstall Remote Assistance Reviews screen saver screensavers Security service pack services SERVICES.MSC Shutdown Problems Sidebar Skins Social Networks Software SP2 splash screen Spyware Info Startup Problems sysoc.inf System Restore taskbar TCP/IP Tech News Technorati Televisions Themes This Site Tips UI USB usb thumb drive user interface Video Conferencing Video Games Virus Info vml exploit VoIP Volume Licensing Wallop welcome screen WGA Wifi Windows 2000 Windows Genuine Advantage Windows Live Drive Windows Media Player Windows Messenger Windows Metafile Windows ReadyBoost Windows ReadyDrive Windows Update Windows Vista News Windows XP Windows XP Home Windows XP Setup Windows XP Support Tools Windows XP Themes Windows XP Tips Wireless networking X Cleaner Xbox Xbox Live Arcade XML YouTube Zango Zune […]

    » Finding Wordpress Blog Passwords with Google Code || Tech News and Tips from Tipsdr.com || said this on October 6th, 2006 at 8:33 pm

  34. […] 구글 코드 검색? 악용? 수 있는 언어는 컴파?? 필요 없는 소위 스?립트 언어?고 불리우는 것들입니다. 예를 들어서, PHP, JSP, ASP를 들 수 있습니다. deathbycomet.com?서 ?하는 예재를 살펴 보?? 하겠습니다. […]

    구글 코드 검색(Google Code Search)? 공? said this on October 6th, 2006 at 10:56 pm

  35. […] UPDATE: The Google Code Search is in reality so very effective that a small experiment by the folks at deathbycomet.com managed to get passwords from the wordpress wp-config files. [I am pretty sure that this is applicable only to wordpress powered blogs not wordpress hosted ones]. You can read all about it in their post title ‘Some of your db passwords are belong to us’ […]

    Lately on Google… « Scribez said this on October 6th, 2006 at 11:41 pm

  36. […] خدمة Google Code Search تسمح لك بالبحث ضمن الش?رات المصدرية التي تمت أرش?تها عن طريق Google، هذا الأمر خطير نوعاً ما ، ?قد قام أحدهم بالبحث عن كلمة “wp-config” (وهو المل? الخاص بالإعدادات لبرنامج WordPress) ?ظهرت له الأرقام السرية لقواعد بيانات بعض المواقع، اما أنا ?بحثت عن “file:config.php” ?ظهر لي عدد لا بأس به من هذه المل?ات … اللهم استرنا و استر عوراتنا .. […]

    ][ mkhDev ][ مازن بن عبد الله مليباري ] said this on October 7th, 2006 at 4:07 am

  37. […] Death By Comet » Blog Archive » Some of your db passwords are belong to us Finding database passwords with Google’s Code Search. (tags: password hacking indexing database search) […]

    links for 2006-10-07 at blatchdotnet said this on October 7th, 2006 at 8:20 am

  38. […] http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ […]

    RoiPerez.com » Google Code said this on October 7th, 2006 at 10:40 am

  39. […] [source] […]

    Some of your db passwords are belong to us at iDan Cameron said this on October 7th, 2006 at 5:51 pm

  40. […] Guard your passwords […]

    Kishor Krishnamoorthi’s Website » Blog Archive » Life…. said this on October 8th, 2006 at 12:17 am

  41. […] MarcNext vond deze posting die ons WordPressgebruikers wel even aan het denken zet… […]

    Google’s Code Search at TibsBits::NL said this on October 8th, 2006 at 3:04 am

  42. […] Some of your db passwords are belong to us – pozor na vaše Wordpress heslá […]

    Linky na víkend 29 na depi.sk - IT & Life Weblog said this on October 8th, 2006 at 6:42 am

  43. […] Some of your db passwords are belong to us:利用Code Search找密碼,找到的大都是程?釋出時的?設密碼,但是!! 一些??心的管?員會把網站備份檔壓?zip格?, 如果?放在 google 找的到的地方, 就… (BOOM!) […]

    找尋程?設計師的秘密 - Google Code Search at TaopaiC的自言自語 said this on October 8th, 2006 at 10:30 am

  44. […] Google helps hackers Indexing of zips/tarballs Reveals some passwordsread more | digg story Related Posts Employees Not Coping Well With Multiple PasswordsLook At All These Passwords!Microsoft sues over source code theftMicrosoft Grabs Some Code for its ODF Plugin… From the ODF FellowshipGoogle Checkout: very close to launching « Instant-messaging conversations can easily linger for years […]

    » Finding Passwords with Google Code - Haiku Headlines | Headlines of Today. In 17 syllables. What more do you need? said this on October 8th, 2006 at 12:06 pm

  45. […] Konu ile ilgili birkaç yazı: http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ http://www.securityfocus.com/archive/107/447729/30/0 http://shiflett.org/archive/269 […]

    Test Blog » Blog Archive » test title 2 said this on October 8th, 2006 at 3:03 pm

  46. […] 最早的消???于:Deathbycomet;Gseeker关于此事的报导 […]

    惊?Google Code Search?出Wordpress database密? at Where Lucifer falls said this on October 9th, 2006 at 9:34 am

  47. […] It’s always surprising some of the things that can be found on Google with a little digging. Personal email, intimate photos, credit card numbers, you name it, someone has had it indexed by Google. Each new search service that Google rolls out adds new ways to find some of this interesting information. And Google Code Search is no different. In fact, some have already used it to find Wordpress usernames and passwords: Being the curious beings we are, a friend of mine and I immediately started searching for passwords to see just how much Google was indexing. It didn’t turn up much in the way of anything “secret? until we refined our search to just wp-config files (the file that contains the database connection information for Wordpress installs).That worked. Since Google Code Search actually indexes the contents of compressed files like ZIP and TARBALL files, we were able to find copies of people’s wp-config files and several contained usernames and passwords. […]

    apt-get install » Google Code Search pulls up Wordpress passwords? said this on October 9th, 2006 at 10:41 am

  48. […] Update: zapomniałem wspomnieć o jeszcze jednym aspekcie dotyczącym Google Code Search, a mianowicie o bezpieczeństwie. Po szczegóły odsyłam do wpisu Death by comet o wiele mówiącym tytule Some of your db passwords are belong to us. […]

    Cyfrowy dom amaga v.2 » Wulgarne programowanie said this on October 9th, 2006 at 3:34 pm

  49. […] [1] Some of Your DB are Belong to Us […]

    1337 & 933/< » No! Robot! said this on October 9th, 2006 at 5:18 pm

  50. […] Konu ile ilgili birkaç yazı: http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ http://www.securityfocus.com/archive/107/447729/30/0 http://shiflett.org/archive/269 […]

    Döküman-Makale.Com Bilginin Tek Adresi ! Geniş İçerikli Döküman ve Makale Sitesi » Google CodeSearch: Script Kiddy’nin cenneti! said this on October 9th, 2006 at 5:48 pm

  51. […] O mais interessante é que o post usa como referência um outro post, em espanhol, que, por sua vez, cita um outro, em inglês, que — esse sim — explica como a “mágica” funciona. […]

    Google code search e a falta de conhecimento básico de HTTP - Bruno Torres ponto net said this on October 10th, 2006 at 1:56 am

  52. […] You can easily find Wordpress db passwords using the new Google Code search. Are there other vulnerable pieces of code just setting on your server waiting to be indexed?read more | digg story […]

    EveryDigg » Blog Archive » Finding Passwords with Google Code said this on October 10th, 2006 at 7:28 am

  53. Google code search…

    Recently I heared about the new service of Google, the Google code search. My first opinion on this new service from google, is that it simply sucks….
    I am saying this because the site is actually searching in code - not in projects - which mean…

    Webdigity - Thoughts on SEO and Web development said this on October 10th, 2006 at 8:55 am

  54. […] EDIT: I just found this blogpost, which is actually pointing to some of the security holes that this new tool is displaying…. […]

    Google code search « Webdigity - Thoughts on SEO and Web development said this on October 10th, 2006 at 8:55 am

  55. […] read more | digg story […]

    7thgroove » Blog Archive » Find Passwords with Google Code said this on October 10th, 2006 at 9:33 pm

  56. […] Here is the original blog post I found that outlines this. Filed under: General | Oct 25, 2006 | Tags: search engines. […]

    Keep your password safe at Eric Barnes said this on October 25th, 2006 at 2:29 pm

  57. […] ?怕的google ?索 http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ […]

    IT快?——–?现,分享,关注互?网 » 10-30 said this on October 30th, 2006 at 7:35 am

  58. […] read more | digg story […]

    CRiSPyToWN - Blog of Useless Data » Blog Archive » Finding Passwords with Google Code said this on November 10th, 2006 at 10:38 am

  59. Google indexed php files inside tarballs, not the plain php files.

    Hardlinks Media said this on January 11th, 2007 at 11:21 am

  60. […] “Some of your db passwords are belong to us,” reports Death By Comet.  The issue at hand is that Google Code will expose passwords stored in config files, such as wp-config.php and mt-db-pass.cgi, potentially resulting in headaches for site administrators.  Thankfully, the solution is just plain common sense: Don’t store your backups on your production server.  File that under: Sherlock, No Shit.  Anyway, don’t get caught with your pants around your ankles and move your backups to a secure location. Active Directory Aging Baby Bass Birthday Blogs Books Change Choices Cold Communication Computers Cool Dog Walking Education Family Feminism Flickr Food fun Gifts Government Habits Healthcare House Insomnia Instruments Internet Jinzora K2 Kerberos Law Linux Lists Love Marketing Memories Miserable movies MP3 Music musing Networking News Nintendo Not Cool Parents PenguinTV Photography Plugins Politics Pregnancy Publishing Rant Reading Recipe Reflecting RPG Samba School Search Security sendmail Server Social spam SSH Tags Tech Support Technology Thinking Ubuntu Upgrades Videogames Waiting Weather Website Windows Wordpress writing […]

    Google Code Will Snarf Your Backups! at elwoodicious said this on January 28th, 2007 at 1:36 pm

  61. […] Link to Story: http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/ […]

    Finding Passwords with Google Code | The Best Wordpress Blogs said this on March 23rd, 2008 at 3:17 pm

  62. دليل

    Average Iraqis appear to share this view: Nearly all of the dozen Iraqis who work for McClatchy Newspapers’ Baghdad bureau— evenly split between Shiite and Sunni Muslims— reached that conclusion long ago. Transcript: RICE: Well, with all due resp…

    دليل said this on April 28th, 2008 at 10:06 pm

  63. العاب فلاش

    The Anti- Globalization Egyptian Group and the South Forum invite you to a lecture by Dr. Samir Amin, where he discusses his latest book, Mozzakerati (” My Memoirs”), Thursday 8 March, 6: 30pm, at the Sawy Cultural Wheel in Zamalek.

    العاب فلاش said this on May 1st, 2008 at 9:09 am

  64. […] web-gseeker-39 zuosa女孩 gseeker AIDS 火箭队 做啥网 姚明 ghghgh music Oracle doom baidu love 猪肉 hacker java … web-gseeker-22. web-blogbus-8. web-流域-blog-8. web-leica-v-lux-1-9. web …Google Rebang to be Chinese Zeitgeist?Ken Wang from GSeeker (a Chinese blog) noticed it was briefly live and showed … Screenshot by Gseeker with a Creative Commons license.] Google Rebang to be …Death By Comet ” Blog Archive ” Some of your db passwords are belong to usBeing the curious beings we are, a friend of mine and I … It didn’t turn up much in the way of anything “secret” until … 于:Deathbycomet;Gseeker关于此 …China Search Engine View( Via GSeeker) Google China to upgrade “page cached” service … GSeeker says that Google China is going to upgrade its cached pages service, in …MAME ROM list - 0.77MAME ROM list … “Rizzo’s MAME ROM List” Back to the MAME page. Back to the East Falls Movie homepage …Must-read China news by Danwei: Cop catches suspect using Google EarthCop catches suspect using Google Earth. John Kennedy at GVO translates a post from GSeeker: GSeeker reader “jiang shuai” recommended a XinhuaNet story today, of Li …西行资讯: 谷歌让步:提供Google.com路径在Gseeker看到了有趣的韩国版Google界面,然后又去了被汉化的韩国页面,再然后回到Google.com,此时终于给我发现了一个好消息。 原来Google.com总是会被谷歌带到Google.cn网站,很是苦恼,虽然可以通过一些方法进入Google.com,但是总不是个办法。好在谷歌良心发现,终于在转向之后提供了一个指向 …xmelegance.org/devel/kmam/kmameleon/roms.xmamename description - –puckman “PuckMan (Japan set 1)” puckmana “PuckMan (Japan … “Riding Fight (Japan)” ridefgtu “Riding Fight (US)” gseeker “Grid Seeker: …x.mame.net/german/gamelist.mameThis is the complete list of games supported by xmame 0.67.1 (Apr 8 2003). This list is generated automatically and is not 100% accurate (particularly in …*MAME .123 - 6960 of 6960… “1941 - Counter Attack (World)” 1941j | “1941 - Counter Attack (Japan)” 1942 … Destiny (Japan 951225)” 19xxjr1 | “19XX: The War Against Destiny (Japan 951207) …« Previous Page — Next Page » Comment (0) Collapse Comment  2008-8-12 […]

    web-gseeker-39 said this on August 11th, 2008 at 9:29 pm

  65. […] web-zuosa-30 Body news, Body photos and Body reference… Post: web-body-34 http://zuosa.api.li/2008/08/08/zuosa/3129.html - 1 minute ago … Sometimes I’m really impressed with my body’s abilities. - 3 minutes ago …Zuola, un ennemi public Chinois (enfin un blogueur), Twitte son arrestationDéfinitivement Twitter peut être bien utile : on peut parler du fait qu’on bronze sur la plage, de ce qu’on mange, voire … about 10 hour ago from Zuosa > …Death By Comet ” Blog Archive ” Some of your db passwords are belong to usBeing the curious beings we are, a friend of mine and I immediately started … web-gseeker-39 zuosa女孩 gseeker AIDS 火箭队 做啥网 姚明 ghghgh music Oracle doom baidu …Sitemap page 328Websiteoutlook.com SiteMap Page 328 … zuosa.com. 273009. 4. 32985. No. Sun 20th Jul, 2008. 327569. crimebloc.com. 1090100. 3. 152 …Body news, Body photos and Body reference… Post: web-body-47 http://zuosa.api.li/2008/08/12/zuosa/4734.html - 7 minutes ago … I guess I need to wear my extra thick pants for getting my butt chewed. …yoyo - EmotionrNo comments - feel free to write the first one! Please login to post your comment … 2007-09-10. Groups. china. zuosa. Your Ad Here © emotionr.com 2006 …Google Trends: pipl.com, Aug 12, 2008It can help you find high-quality results that cannot be found on regular search … Make a list of everything you love about them….and … http://zuosa.api.li …What Social Networks Do You Want Next? | Digsby Themes - digsbies.org0% (2 votes) www.zuosa.com (write-in) 0% (2 votes) Sheezyart … Zuosa (write-in) 0% (1 vote) Steam (write-in) 0% (1 vote) Peng Xiao (write-in) 0% (1 vote) …JLM Pacific Epoch - SogouPacific Epoch is a boutique research house providing news and news translations … Zuosa .. search .. software .. Google China: Our Maps Are Official …JLM Pacific Epoch - FanfouPacific Epoch is a boutique research house providing news and news translations … Zuosa .. Taking Stock Of China’s Web2.0 Music Space …« Previous Page — Next Page » Comment (0) Collapse Comment  2008-8-19 […]

    web-zuosa-30 said this on August 19th, 2008 at 2:35 pm

Leave a Reply