Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Sun Aug 25, 2019 7:10 am
Auto Dialer Software

All times are UTC

Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: A2Billing SECURITY ISSUE
PostPosted: Mon Aug 10, 2009 11:26 pm 

Joined: Wed Jul 01, 2009 11:42 pm
Posts: 22
Hello. Somebody tell me that A2billing is not secured for XSS attack. For example please log into your account and click VOUCHER menu. You see address: http://localhost/A2B_entity_voucher.php ... &section=3 . Now simply remove all data after = sign to look like that: http://localhost/A2B_entity_voucher.php?form_action= and put the code example http://localhost/A2B_entity_voucher.php ... %22test%22);%3C/script%3E .

You will see ALERT. the same is in call history file. that guy who find that tell me also there's also something wrong in SQL but he dont tell me where. But he tell me that is possible to make SQL query usign XSS attack on that 2 links what I show at up. Please for help. Bye

 Post subject: Re: A2Billing SECURITY ISSUE
PostPosted: Tue Aug 11, 2009 10:44 am 

Joined: Sun Mar 12, 2006 2:49 pm
Posts: 954
Location: Barcelona
We tried to improve this on 1.4 and as far as I could try this seems fixed on 1.4.x

Nevertheless I cant find out how he will apply an SQL that way, I would be interested to find out.


Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 
VoIP Billing solution

All times are UTC

Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group