|
|
@@ -9,9 +9,11 @@
|
|
|
* https://github.com/malerisch/omnivista-8770-unauth-rce
|
|
|
|
|
|
## Intro
|
|
|
-I did notice this software a while ago while doing a penetration test. It captured my attention because it had a php interface which seemed very old and not greatly designed (not only graphically). As shown in the previous section, there wasn't any known vulnerability in this component. I wasn't unable to find any useful vulnerability without the source code, but only a few hints:
|
|
|
+Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common Voip solution. This software is used to manage the Voip accounts as well as to serve as a public directory. [Official product page](https://www.al-enterprise.com/en/products/communications-management-security/omnivista-8770-network-management-system).
|
|
|
|
|
|
- * Exposed error log in `/log/error.log/`
|
|
|
+I did notice this software a while ago while doing a penetration test. It caught my attention because the graphics interface looked somewhat old. As shown in the previous section, there wasn't any known vulnerability in this component. I wasn't unable to find any useful vulnerability without the source code, but only a few hints:
|
|
|
+
|
|
|
+ * Exposed error log in `/log/error.log`
|
|
|
* Error log showed LDAP errors when trying special characters in login and search forms
|
|
|
* Error log showed failed `unserialize()` calls while decoding the `bookmarks`, the `themes` or the `cfilter` cookie
|
|
|
|
