Lucene search
SecurityvulnsSECURITYVULNS:DOC:29335HistoryMay 06, 2013 - 12:00 a.m.
[SQLi] vBilling for FreeSWITCH
2013-05-0600:00:00
vulners.com
62
vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak
1) SQL Injection
reset password any SIP account
file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."' ";
2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;-- (example)
Michal Blaszczak
http://blaszczakm.blogspot.com