Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
This module uses a blind SQL injection CVE-2020-5724 affecting the Grandstream UCM62xx IP PBX to dump the users table. The injection occurs over a websocket at the websockify endpoint, and specifically occurs when the user requests the challenge as part of a challenge and response authentication...