Support A2Billing :

provided by Star2Billing S.L.

 Support A2Billing :
It is currently Thu Apr 18, 2024 5:38 am
Auto Dialer Software

View unanswered posts | View active topics


Board index » V1.5 onwards (Lignum Vitae, Hickory, etc...) » V1.5 onwards BUGS

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
meral
 Post subject: significant security bug with cid_enable&cid_auto_assign_car
PostPosted: Sun Jun 15, 2014 11:27 pm 
Offline

Joined: Mon Apr 21, 2008 1:58 pm
Posts: 16
if following check is true

$this->agiconfig['cid_enable'] == 1 && $this->agiconfig['cid_auto_assign_card_to_cid'

and used expired or blocked pin, then you got current cid added to that expired or blocked card.

Reason: check for strlen(prompt)>0 AFTER section which add cid.


As result you got easy exploit if cid_auto_assign_Card_to_cid is enabled.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
Voice Broadcast System


Board index » V1.5 onwards (Lignum Vitae, Hickory, etc...) » V1.5 onwards BUGS

All times are UTC


Who is online

Users browsing this forum: No registered users and 8 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Advertisements by Advertisement Management