Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Tue Oct 24, 2017 3:57 am
VoIP Billing solution


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: A2Billing SECURITY ISSUE
PostPosted: Mon Aug 10, 2009 11:26 pm 
Offline

Joined: Wed Jul 01, 2009 11:42 pm
Posts: 22
Hello. Somebody tell me that A2billing is not secured for XSS attack. For example please log into your account and click VOUCHER menu. You see address: http://localhost/A2B_entity_voucher.php ... &section=3 . Now simply remove all data after = sign to look like that: http://localhost/A2B_entity_voucher.php?form_action= and put the code example http://localhost/A2B_entity_voucher.php ... %22test%22);%3C/script%3E .

You will see ALERT. the same is in call history file. that guy who find that tell me also there's also something wrong in SQL but he dont tell me where. But he tell me that is possible to make SQL query usign XSS attack on that 2 links what I show at up. Please for help. Bye


Top
 Profile  
 
 Post subject: Re: A2Billing SECURITY ISSUE
PostPosted: Tue Aug 11, 2009 10:44 am 
Offline

Joined: Sun Mar 12, 2006 2:49 pm
Posts: 954
Location: Barcelona
We tried to improve this on 1.4 and as far as I could try this seems fixed on 1.4.x

Nevertheless I cant find out how he will apply an SQL that way, I would be interested to find out.


Cheers,
/Areski


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 
VoIP Billing solution


All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group