0day.today - La plus grande base de données de Exploit dans le monde.
![](/img/logo_green.jpg)
Nous utilisons un domaine DOMAIN_LINK
Si vous voulez acheter un exploit ou payer un service vous avez besoins d'Or. Nous ne voulons pas que notre site soit utiliser comme outil de piratage , de sorte que touts types d'actions qui pourrais affecter illegalement d'autres utilisateurs ou sites web ou vous n'avez pas l'autorisation vous serez bannit et votre compte ainsi que vos donnees seront supprimees.
Les administrateur de 0day.today utilises des moyens de contacts officiels. Mefiez-vous des imposteurs!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Lire le [ J'accepte ]
- Lire le [ Envoyer ] Regles
- Visiter le [ faq ] page
- [ Enregistrement ] profil
- Obtenir [ GOLD ]
- Si vous voulez [ vendre ]
- Si vous voulez [ acheter ]
- Si vous vous perdez [ Compte ]
- Une questions [ [email protected] ]
- Connexion
- Page d'enregistrement
- Restauration de compte
- Foire aux questions
- Contactez-nous
- Regle de publication
- Page de contrat
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Vous pouvez nous contacter par:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Freepbx 2.x Code Execution Exploit
Auteur
Risque
![](/img/risk/critlow_3.gif)
Security Risk High
]0day-ID
Catégorie
Date d'ajout
Plateforme
App : Freepbx 2.x download : schmoozecom.com Author : i-Hmx mail : [email protected] Home : sec4ever.com , secarrays ltd Freepbx is famous asterisk based distro used world wide , it suffer from many vulns actually simple one is included here just as a "knock knock" for the "schmoozecom" team ;) Here you will see damn obvious PHP code Execution vuln , which can be upgraded to RCE and also dump all box's data You can have a look if you are interested File : admin/libraries/view.functions.php function fileRequestHandler($handler, $module = false, $file = false){ global $amp_conf; switch ($handler) { case 'reload': // AJAX handler for reload event $response = do_reload(); header("Content-type: application/json"); echo json_encode($response); break; case 'file': /** Handler to pass-through file requests * Looks for "module" and "file" variables, strips .. and only allows normal filename characters. * Accepts only files of the type listed in $allowed_exts below, and sends the corresponding mime-type, * and always interprets files through the PHP interpreter. (Most of?) the freepbx environment is available, * including $db and $astman, and the user is authenticated. */ if (!$module || !$file) { die_freepbx("unknown"); } //TODO: this could probably be more efficient $module = str_replace('..','.', preg_replace('/[^a-zA-Z0-9-\_\.]/','',$module)); $file = str_replace('..','.', preg_replace('/[^a-zA-Z0-9-\_\.]/','',$file)); $allowed_exts = array( '.js' => 'text/javascript', '.js.php' => 'text/javascript', '.css' => 'text/css', '.css.php' => 'text/css', '.html.php' => 'text/html', '.php' => 'text/html', '.jpg.php' => 'image/jpeg', '.jpeg.php' => 'image/jpeg', '.png.php' => 'image/png', '.gif.php' => 'image/gif', ); # 0day.today [2024-06-30] #