Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SQLi] vBilling for FreeSWITCH

From: Michał Błaszczak <blaszczakm () gmail com>
Date: Mon, 22 Apr 2013 12:41:30 +0200
vBilling for FreeSWITCH.
http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html
Michal Blaszczak

1) SQL Injection

reset password any SIP account

file: controllers/customer.php
$sql2 = "UPDATE directory_params SET param_value = '".$new_password."'
WHERE directory_id = '".$record_id."' ";

2) SQL Injection
http://vbilling-host/customer/edit_customer
input Firstname: zuo’;--  (example)




Michał Błaszczak
http://blaszczakm.blogspot.com
Previous By Date Next
Previous By Thread Next

Current thread: