<div>Antony i dont see why ??</div>
<div> </div>
<div> </div>
<div>this is just one alert for all comunity of danger in the use of regular expression (.*) or (.*) ...</div>
<div> </div>
<div>many peoples can make dialplans witch use of this expressions ...</div>
<div> </div>
<div> </div>
<div> </div>
<div><br><br> </div>
<div class="gmail_quote">On Mon, Feb 22, 2010 at 1:19 PM, Anthony Minessale <span dir="ltr"><<a href="mailto:anthony.minessale@gmail.com">anthony.minessale@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<p>Please do not use our project to try to make your blog more popular.</p>
<p>Your example requires you to prepare an intentional specific extension on the FreeSWITCH custom made for your attack. It’s like saying if you leave your door wide open at your house and call and tell someone, they can come and rob you at 8:30.</p>
<p>This extension is also vulnerable “by virtue of the stupidity of the composer” </p>
<p><extension name=”please-hack-me”/><br> <condition><br> <action application=”system” data=”${destination_number}”/><br> </condition><br></extension></p>
<p>You should not allow tainted data from outside system to be fed directly into your code. There is a regex system in place to extract legitimate data from the user tainted input and safeguard against this.</p>
<p><br></p>
<p><br></p><br><br>
<div class="gmail_quote">
<div>
<div></div>
<div class="h5">On Mon, Feb 22, 2010 at 9:58 AM, Eder Souza <span dir="ltr"><<a href="mailto:ederwander@gmail.com" target="_blank">ederwander@gmail.com</a>></span> wrote:<br></div></div>
<blockquote style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>
<div></div>
<div class="h5">
<div><a href="http://ederwander.wordpress.com/2010/02/22/dial-string-inject-in-freeswitch/" target="_blank">http://ederwander.wordpress.com/2010/02/22/dial-string-inject-in-freeswitch/</a></div>
<div> </div>
<div>just for yours informations i write this article my test for injections in freesitch </div>
<div> </div>
<div>version of my tests</div>
<div> </div>
<div><a href="mailto:freeswitch@internal" target="_blank">freeswitch@internal</a>> version<br>FreeSWITCH Version 1.0.5-20100218-0400 (hacked)</div>
<div><a href="mailto:freeswitch@internal" target="_blank">freeswitch@internal</a>><br></div>
<div> </div>
<div> </div>
<div> </div>
<div> </div><br></div></div>_______________________________________________<br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Anthony Minessale II<br><br>FreeSWITCH <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org/</a><br>
ClueCon <a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com/</a><br>Twitter: <a href="http://twitter.com/FreeSWITCH_wire" target="_blank">http://twitter.com/FreeSWITCH_wire</a><br><br>AIM: anthm<br><a href="mailto:MSN%3Aanthony_minessale@hotmail.com" target="_blank">MSN:anthony_minessale@hotmail.com</a><br>
GTALK/JABBER/<a href="mailto:PAYPAL%3Aanthony.minessale@gmail.com" target="_blank">PAYPAL:anthony.minessale@gmail.com</a><br>IRC: <a href="http://irc.freenode.net/" target="_blank">irc.freenode.net</a> #freeswitch<br><br>
FreeSWITCH Developer Conference<br><a href="mailto:sip%3A888@conference.freeswitch.org" target="_blank">sip:888@conference.freeswitch.org</a><br><a href="http://iax:guest@conference.freeswitch.org/888" target="_blank">iax:guest@conference.freeswitch.org/888</a><br>
<a href="mailto:googletalk%3Aconf%2B888@conference.freeswitch.org" target="_blank">googletalk:conf+888@conference.freeswitch.org</a><br>pstn:+19193869900<br><br>_______________________________________________<br>FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br>