Monday, February 15, 2010

Asterisk Dialstring Injections

It's like an SQL Injection attack, trying this one now on my VoIPSec lab. Time to fix those Asterisk cookbooks guys! - Ron

exten => _X.,1,Dial(SIP/${EXTEN}@testsip)
He writes: “And if ${EXTEN} = “000@testsip&SIP/333” what turns out to happen then is similar to SQL injection :-( He is exactly right. Many VoIP protocols, including IAX2 and SIP, has a very large allowed character set in the dialed extension, a character set that allows characters that are used as separators to the dial() and the queue() applications, as well as within the dialstring that these applications send to the channel drivers in Asterisk. A user can change the dial options and dial something we should not be able to dial in your system. This article describes the issue in more detail and gives you some help on how to avoid this causing trouble in your Asterisk server.
complete technical details here:

No comments:

Post a Comment

A playground for network security enthusiasts, innovators and early adoptors

Welcome to my blog, this is me thinking out loud about Voice over IP security (VoIP), managing and optimizing converged networks, Metasploit Framework, Cloud Computing, general security and privacy concerns, grappling adventures, and tuning my MKIV VW Jetta.

All inputs, feedbacks and violent reactions are welcome.

Packet Boy Perseus
Helping spread a positive image why we hack things.

About Me

I am an InfoSec Innovator, a Blue Ocean Seafarer and a Paul Graham Pupil.