jetlib.sec » Bugtraq » FreePBX Remote Exploit

Feeds

132968 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• February 15, 2012
• 

  FreePBX Remote Exploit

  Posted: February 15th, 2012, 7:46am PST

  Tags:   

  Posted by dougw on Feb 15

  FreePBX web interface remote vulnerability
  
  The admin username and password for the web interface is stored in plain
  text in this publicly accessible file:
  http://yourip/admin/modules/framework/bin/gen_amp_conf.php
  
  Which allows a hacker to access the web GUI and view the
  secrets(passwords) for each extension in plain test, as well as change the
  outbound routes.
  
  Further details on this exploit can be found here:...