Vuln in mbilling/index.php/configuration/read?filter= parameter ? #696
Comments
|
May be. don't found on my setup. I try use last stable version of product. |
|
of no. then it means another Critical vulnerability available |
|
Good idea - running asterisk and web-server from different unprivileged users. This not fix vulnerability, but can sufficiently restrict attackers damage. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Suspicious activity after some requests + exploiting ?
I detected some wrong activities on my developer-env with magnusbilling7.
!! New system user was created, owner of many magnusbilling files was changed.
!! in /mbilling/tmp was found suspicious file for mass scam dial-out.
To Reproduce
// So difficult. but i can extract logs:
195.xx63 - - [09:39:26] "POST /mbilling/index.php/authentication/login HTTP/1.1" 200 1231 "-" "axios/1.7.7"
195.xx63 - - [09:39:27] "GET /mbilling/index.php/authentication/check HTTP/1.1" 200 2721 "-" "axios/1.7.7"
195.xx63 - - [09:39:27] "GET /mbilling/index.php/configuration/read?filter=%5B%7B%22type%22%3A%22string%22%2C%22field%22%3A%22config_title%22%2C%22value%22%3A%22DIDWW%20APY%20URL%22%2C%22comparison%22%3A%22ct%22%7D%5D&page=1&start=0&limit=25 HTTP/1.1" 200 1353 "-" "axios/1.7.7"
195.xx63 - - [09:39:27] "POST /mbilling/index.php/configuration/save HTTP/1.1" 200 1454 "-" "axios/1.7.7"
195.xx63 - - [09:39:27] "POST /mbilling/index.php/did/save HTTP/1.1" 200 1694 "-" "axios/1.7.7"
195.xx63 - - [09:39:27] "POST /mbilling/tmp/stripe.php?feature=shell HTTP/1.1" 404 1256 "-" "axios/1.7.7"
195.xx63 - - [09:39:32] "POST /mbilling/tmp/stripe.php?feature=shell HTTP/1.1" 404 1256 "-" "axios/1.7.7"
Similar parameter filter= in this option vulnerable for some command injections.
Expected behavior
Desktop (please complete the following information):
Additional context
The text was updated successfully, but these errors were encountered: