[OpenSIPS-Users] SQL injection in usernames
Gregory Massel
greg at switchtel.co.za
Sun Jan 29 23:30:24 UTC 2023
I'm observing that fraudsters are attempting SQL injections within
various SIP headers, e.g.
Contact:<sip:a'or'3=3-- at x.x.x.x:5060;transport=UDP>
From:<sip:a'or'3=3-- at x.x.x.x;transport=UDP>;tag=t1cqzx35
Just a head's up to those using SQL queries in their dial plans to be
careful to always *escape* the wrath!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230130/fad3fa1c/attachment.html>
More information about the Users
mailing list