#____________
# (_) ____ _/_____ ____/_/|
# ///_ | ///////_/_/__/////
# // | // _/, </__//_//////
#/_/| ___/\____/_/| _ | \___/\__,_///_/_/
# Live by the byte | _/_/
#
# Members:
#
# Pr0T3cT10n
#-= M. o. B. =-
# TheLeader
# Sro
# Debug
#
# Contact: inv0ked.israel@gmail.com
#
#-----------------------------------
# Snom IP Phone is vulnerable for a xss bug and for data disclosure, the following will explain ain you how to read the password and use the xss bug.
# The vulnerabilities allows an unprivileged attacker to read the sip details including password & write javascript code.
# The vulnerablities are in:
# * XSS-Address Book: http://www.bkjia.com/adr.htm
# * Data disclosure-Password disclosure: http://www.bkjia.com/line_login.htm? L = 1
#-----------------------------------
# Vulnerability Title: Snom IP Phone Web Interface Multiple Vulnerabilities
# Date: 25/04/2011
# Author: Pr0T3cT10n
# Website Link: http://www.snom.com
# Tested on Version: 300/360
# ISRAEL
###
###### NOTE: The snom ip phone software is also vulnerability for unauthorized person to access the web interface.
###### It happen because there is no password thats protects the interface.
# XSS Vulnerability:
# The xss vulnerability found in the section Addres Book of Snom IP Phone software.
# The vulnerability allows the attacker to inject javascript code to the field number.
# To exploit the vulnerability we need to access to the Snom IP Phone by this url http: // address/adr.htm.
# Then we can write any javascript code that we want and send the form. by the next refreshing of the page the javascript code will run.
# If we already inject the javascript code so we can also be exploited by the next page http: // address/tbook.csv.
##
# Data disclosure:
# The data disclosure vulnerability found in the section of Line 1 of Snom IP Phone software.
# The vulnerability allows the attacker to disclosure the password of the username for the phone line that is connected.
# To exploit the vulnerability and dicluse the data we need to access to the Snom IP Phone by this url http: // address/line_login.htm? L = 1.
# Then we can see in the source code by the field user_pass1 and then we see the magic! Thats is the password for the username by the sip server.
# Now if we already have the sip server, username and password so we can connect to it with any softphone and make our CILS.
##
# Yours, Pr0T3cT10n.