Home / exploitsPDF  

FreeSWITCH vBilling SQL Injection

Posted on 23 April 2013

vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak

1) SQL Injection

reset password any SIP account

file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."' ";

2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;-- (example)

Michał Błaszczak
http://blaszczakm.blogspot.com

 

TOP

Malware :

Exploits :