[OpenSIPS-Users] OpenSIPS Control Panel 6.1

Alex Ionescu alex at opensips.org
Mon Aug 10 07:35:02 CEST 2015


Hi,

There are many using CP 6.1 with success. It may not be the best piece of 
software in the world but it does its job.

You say it's full of security holes and exposed to sql injection. I invite 
you to try making some sql injections and come back here with the proof.

Also, there are lots of security holes everywhere. If you think you've 
spotted some big ones in CP please point them out so we can fix them. 
That's the whole idea with open source software and the user community, right ?

It's easy to point fingers but hard to give a helping hand, right ?

Regards,
Alex Ionescu



On August 10, 2015 4:47:25 AM Bill Shirley 
<bill at philly.polymerindustries.biz> wrote:

> Is anyone running the 6.1 CP?  It's full of bugs and security holes.  
> Whoever thought it wise to code:
>      extract($_POST);
> Also, the input stored in the database is not sanitized plus a whole lot 
> more errors.
>
> https://xkcd.com/327/
> We had a 'professional' company write a web portal for us that didn't 
> sanitize their input.  I actually
> did do a "'; DROP TABLE `customer`;" on the database.  I even emailed them 
> before hand pointing out
> the problem.
>
> I don't want to sound harsh or ungrateful.  I run a lot of free software 
> that enables me to earn a living.
> I'm thankful for all the people that labored to produce the software.
>
> I'm also guessing that CP 6.1 not meant to be run with the Fedora 22 
> version of OpenSIPS:
> [0:root at jabba lib]$ rpm -q php httpd opensips
> php-5.5.20-2.fc19.x86_64
> httpd-2.4.9-1.fc19.x86_64
> opensips-1.10.1-1.fc19.x86_64
>
> I'm trying to set up a SIP proxy to route calls from my network to Cisco 
> CUCM on another network.
> Any pointers are appreciated.
>
> Bill
>
>
>
>
> ----------
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150810/b51438bf/attachment.htm>


More information about the Users mailing list