<p>Please do not use our project to try to make your blog more popular.</p>
<p>Your example requires you to prepare an intentional specific
extension on the FreeSWITCH custom made for your attack. It’s like
saying if you leave your door wide open at your house and call and tell
someone, they can come and rob you at 8:30.</p>
<p>This extension is also vulnerable “by virtue of the stupidity of the composer” </p>
<p><extension name=”please-hack-me”/><br>
<condition><br>
<action application=”system” data=”${destination_number}”/><br>
</condition><br>
</extension></p>
<p>You should not allow tainted data from outside system to be fed
directly into your code. There is a regex system in place to extract
legitimate data from the user tainted input and safeguard against this.</p><p><br></p><p><br></p><br><br><div class="gmail_quote">On Mon, Feb 22, 2010 at 9:58 AM, Eder Souza <span dir="ltr"><<a href="mailto:ederwander@gmail.com">ederwander@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><a href="http://ederwander.wordpress.com/2010/02/22/dial-string-inject-in-freeswitch/" target="_blank">http://ederwander.wordpress.com/2010/02/22/dial-string-inject-in-freeswitch/</a></div>
<div> </div>
<div>just for yours informations i write this article my test for injections in freesitch </div>
<div> </div>
<div>version of my tests</div>
<div> </div>
<div><a href="mailto:freeswitch@internal" target="_blank">freeswitch@internal</a>> version<br>FreeSWITCH Version 1.0.5-20100218-0400 (hacked)</div>
<div><a href="mailto:freeswitch@internal" target="_blank">freeswitch@internal</a>><br></div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Anthony Minessale II<br><br>FreeSWITCH <a href="http://www.freeswitch.org/">http://www.freeswitch.org/</a><br>ClueCon <a href="http://www.cluecon.com/">http://www.cluecon.com/</a><br>
Twitter: <a href="http://twitter.com/FreeSWITCH_wire">http://twitter.com/FreeSWITCH_wire</a><br><br>AIM: anthm<br><a href="mailto:MSN%3Aanthony_minessale@hotmail.com">MSN:anthony_minessale@hotmail.com</a><br>GTALK/JABBER/<a href="mailto:PAYPAL%3Aanthony.minessale@gmail.com">PAYPAL:anthony.minessale@gmail.com</a><br>
IRC: <a href="http://irc.freenode.net">irc.freenode.net</a> #freeswitch<br><br>FreeSWITCH Developer Conference<br><a href="mailto:sip%3A888@conference.freeswitch.org">sip:888@conference.freeswitch.org</a><br><a href="http://iax:guest@conference.freeswitch.org/888">iax:guest@conference.freeswitch.org/888</a><br>
<a href="mailto:googletalk%3Aconf%2B888@conference.freeswitch.org">googletalk:conf+888@conference.freeswitch.org</a><br>pstn:+19193869900<br>