BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[SQLi] vBilling for FreeSWITCH Apr 22 2013 10:41AM
MichaÅ? BÅ?aszczak (blaszczakm gmail com)
vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak

1) SQL Injection

reset password any SIP account

file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus