FreeSWITCH vBilling SQL Injection

FreeSWITCH vBilling SQL Injection: Posted Apr 22, 2013; Authored by Michal Blaszczak; vBilling for FreeSWITCH suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 994b7109cb3e6f3b6c77edff6f1e8d54a0117e5090c812694dab17f3c64c0b94; Download | Favorite | View

FreeSWITCH vBilling SQL Injection

vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak

1) SQL Injection

reset password any SIP account

file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."' ";

2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;--  (example)




Michał Błaszczak
http://blaszczakm.blogspot.com

Top Authors In Last 30 Days

Red Hat 207 files
Ubuntu 98 files
Debian 18 files
indoushka 18 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 9 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,783)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,633)
UNIX (9,237)
UnixWare (186)
Windows (6,555)
Other

FreeSWITCH vBilling SQL Injection

FreeSWITCH vBilling SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FreeSWITCH vBilling SQL Injection

Share This

FreeSWITCH vBilling SQL Injection

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems