[OpenSIPS-Users] SQL injection in usernames

Sun, 29 Jan 2023 15:33:12 -0800

I'm observing that fraudsters are attempting SQL injections within various SIP headers, e.g. 

Contact:<sip:a'or'3=3--@x.x.x.x:5060;transport=UDP>
From:<sip:a'or'3=3--@x.x.x.x;transport=UDP>;tag=t1cqzx35
Just a head's up to those using SQL queries in their dial plans to be careful to always *escape* the wrath! 
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to