CVE-2007-2191

freePBX 2.2.x - Stored Cross-Site Scripting via SIP Protocol Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2191. PoCs published by XenoMuta.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in FreePBX 2.2.x by injecting malicious HTML/JavaScript into SIP protocol fields, which are then displayed unfiltered in the Asterisk log file viewer. The PoC sends a crafted SIP REGISTER packet with the payload embedded in the 'From' and 'To' headers.

Description

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by XenoMuta · phpremotemultiple

https://www.exploit-db.com/exploits/29873

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in FreePBX 2.2.x by injecting malicious HTML/JavaScript into SIP protocol fields, which are then displayed unfiltered in the Asterisk log file viewer. The PoC sends a crafted SIP REGISTER packet with the payload embedded in the 'From' and 'To' headers.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FreePBX 2.2.x

No auth needed

Prerequisites: Network access to the SIP proxy · Ability to send UDP packets to port 5060

MITRE ATT&CK