Bugtraq mailing list archives
[SQLi] vBilling for FreeSWITCH
From: Michał Błaszczak <blaszczakm () gmail com>
Date: Mon, 22 Apr 2013 12:41:30 +0200
vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1) SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directory_params SET param_value = '".$new_password."' WHERE directory_id = '".$record_id."' "; 2) SQL Injection http://vbilling-host/customer/edit_customer input Firstname: zuo’;-- (example) Michał Błaszczak http://blaszczakm.blogspot.com
Current thread:
- [SQLi] vBilling for FreeSWITCH Michał Błaszczak (Apr 22)