Bug #2387: mysql injection attack in goautoidal - GOautodial Open Source Omni-channel Contact Center Suite - GOautodial Open Source Omni-channel Contact Center Suite (predictive dialer + inbound IVR & ACD + non-voice)

Actions

Copy link

Bug #2387

closed

mysql injection attack in goautoidal

Added by striker 247 over 9 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Immediate

Assignee:

striker 247

Category:

Bugs

Target version:

Start date:

01/12/2016

Due date:

% Done:

100%

Estimated time:

Description

Hi goautodial team
seems there is a loop hole in goautodial script
which leads hacker to establish mysql injection attack and make way to login as admin.

below is the url of mysql injection attack
https://server_ip_address/go_login/validate_credentials/admin/'OR '1'='1

once above command executed, the hacker just login as admin without password with below URL

http://server_ip_address/go_login/

actual post
http://goautodial.org/boards/1/topics/8735
thanks to Alexandr Ababii for pointing this bug

br
striker
www.striker24x7.blogspot.com

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Go to top

Project

General

Profile

GOautodial Open Source Omni-channel Contact Center Suite

Custom queries

Bug #2387

mysql injection attack in goautoidal

Updated by Steve Austin over 9 years ago

Updated by faizal shaikh about 9 years ago

Updated by Levy Ryan Nolasco about 9 years ago

Updated by Levy Ryan Nolasco almost 9 years ago