[SQLi] vBilling for FreeSWITCH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak

1) SQL Injection

reset password any SIP account

file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."' ";

2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;--  (example)




Michał Błaszczak
http://blaszczakm.blogspot.com
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux