Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Wed Jun 23, 2021 6:39 pm
Predictive Dialer

All times are UTC

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Dialplan injection vulnerability - [AST-2010-002]
PostPosted: Fri Feb 19, 2010 1:57 am 

Joined: Thu Feb 12, 2009 11:11 pm
Posts: 18
Location: Thessaloniki, Greece
Hi, this is URGENT.
It seems to be a very big hole in the way that Asterisk's Dial() command, parses the ${EXTEN} variable.

It can accept long INVITE data fields with the special character "&" resulting to Dial additional legs.
If your Dialplan uses the wildcard character "." to match certain numbers, then a malicious user can inject extra Dial strings to your Dialplan..

ie. suppose that you have a context with the following "catch-all" extension
exten => _X.,1,Dial(SIP/${EXTEN})

A user is able to send you packets with INVITE data as:

Depending on my analysis, A2B does not seem to be affected by this because it does not call straight the Dial application.
It does use the Dial function, however, this is done inside the php AGI coding.
Maybe there is a simple sanity check for the number to be called.

I'd like to know if there are any potential vulnerabilities for the A2Billing platform, 1.3.3 and beyond.

Please refer to the official Asterisk security group announcement:


Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 
VoIP Billing solution

All times are UTC

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group