Snom IP Phone Web Interface & amp; lt; v8 multiple defects and repair

Source: Internet
Author: User

#____________

# (_) ____ _/_____ ____/_/|

# ///_ | ///////_/_/__/////

# // | // _/, </__//_//////

#/_/| ___/\____/_/| _ | \___/\__,_///_/_/

# Live by the byte | _/_/

#

# Members:

#

# Pr0T3cT10n

#-= M. o. B. =-

# TheLeader

# Sro

# Debug

#

# Contact: inv0ked.israel@gmail.com

#

#-----------------------------------

# Snom IP Phone is vulnerable for a xss bug and for data disclosure, the following will explain ain you how to read the password and use the xss bug.

# The vulnerabilities allows an unprivileged attacker to read the sip details including password & write javascript code.

# The vulnerablities are in:

# * XSS-Address Book: http://www.bkjia.com/adr.htm

# * Data disclosure-Password disclosure: http://www.bkjia.com/line_login.htm? L = 1

#-----------------------------------

# Vulnerability Title: Snom IP Phone Web Interface Multiple Vulnerabilities

# Date: 25/04/2011

# Author: Pr0T3cT10n

# Website Link: http://www.snom.com

# Tested on Version: 300/360

# ISRAEL

###

###### NOTE: The snom ip phone software is also vulnerability for unauthorized person to access the web interface.

###### It happen because there is no password thats protects the interface.

# XSS Vulnerability:

# The xss vulnerability found in the section Addres Book of Snom IP Phone software.

# The vulnerability allows the attacker to inject javascript code to the field number.

# To exploit the vulnerability we need to access to the Snom IP Phone by this url http: // address/adr.htm.

# Then we can write any javascript code that we want and send the form. by the next refreshing of the page the javascript code will run.

# If we already inject the javascript code so we can also be exploited by the next page http: // address/tbook.csv.

##

# Data disclosure:

# The data disclosure vulnerability found in the section of Line 1 of Snom IP Phone software.

# The vulnerability allows the attacker to disclosure the password of the username for the phone line that is connected.

# To exploit the vulnerability and dicluse the data we need to access to the Snom IP Phone by this url http: // address/line_login.htm? L = 1.

# Then we can see in the source code by the field user_pass1 and then we see the magic! Thats is the password for the username by the sip server.

# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our CILS.

##

# Yours, Pr0T3cT10n.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.