This is a writeup describing a local file inclusion (LFI) vulnerability in VoipNow versions prior to 2.5.0. The vulnerability allows an attacker to read arbitrary files, including sensitive configuration files, and potentially gain shell access by poisoning log files.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:VoipNow < 2.5.0
No auth needed
Prerequisites:Network access to the VoipNow web interface