fix whois command injection vulnerability
This commit is contained in:
parent
1e8fb5e9c0
commit
17905cc485
1 changed files with 10 additions and 22 deletions
|
@ -4,9 +4,6 @@ writeprotect=no
|
||||||
clearglobalvars=no
|
clearglobalvars=no
|
||||||
|
|
||||||
[extdn42whois]
|
[extdn42whois]
|
||||||
;exten => i,1,NoOp()
|
|
||||||
;exten => t,1,Goto(s,1)
|
|
||||||
|
|
||||||
exten => _X.,5,Set(CALLNUM=${EXTEN})
|
exten => _X.,5,Set(CALLNUM=${EXTEN})
|
||||||
same => n,Goto(s,1)
|
same => n,Goto(s,1)
|
||||||
|
|
||||||
|
@ -17,24 +14,23 @@ exten => s,1,Playback(silence/1)
|
||||||
same => n,GotoIf($["${USERINPUT}" = ""]?extmymenu,${CALLNUM},5:whois,1)
|
same => n,GotoIf($["${USERINPUT}" = ""]?extmymenu,${CALLNUM},5:whois,1)
|
||||||
|
|
||||||
exten => whois,1,Set(SESSIONUNID=${RAND(0,100000)})
|
exten => whois,1,Set(SESSIONUNID=${RAND(0,100000)})
|
||||||
same => n,TrySystem(/var/lib/asterisk/scripts/jerry/whois.py ${USERINPUT} ${SESSIONUNID})
|
same => n,TrySystem(/var/lib/asterisk/scripts/jerry/whois.py "${USERINPUT}" "${SESSIONUNID}")
|
||||||
same => n,Playback(/var/tmp/ast-dynamic/${SESSIONUNID})
|
same => n,Playback(/var/tmp/ast-dynamic/${SESSIONUNID})
|
||||||
same => n,GotoIf($["${PLAYBACKSTATUS}" = "SUCCESS"]?whois,whoisend:)
|
same => n,GotoIf($["${PLAYBACKSTATUS}" = "SUCCESS"]?whois,whoisend:)
|
||||||
same => n,Playback(im-sorry&something-terribly-wrong)
|
same => n,Playback(im-sorry&something-terribly-wrong)
|
||||||
same => n(whoisend),Goto(s,1)
|
same => n(whoisend),Goto(s,1)
|
||||||
|
|
||||||
[extmymenu]
|
[extmymenu]
|
||||||
exten => i,1,Playback(silence/1&goodbye)
|
|
||||||
same => n,Hangup()
|
|
||||||
|
|
||||||
exten => _X.,5,Set(CALLNUM=${EXTEN})
|
exten => _X.,5,Set(CALLNUM=${EXTEN})
|
||||||
same => n,Goto(s,1)
|
same => n,Goto(s,1)
|
||||||
|
|
||||||
exten => s,1,Wait(1)
|
exten => s,1,Wait(1)
|
||||||
;same => n(loop),Background(vm-press&letters/a&number)
|
|
||||||
same => n(loop),Background(jerry-intro)
|
same => n(loop),Background(jerry-intro)
|
||||||
same => n,WaitExten(15)
|
same => n,WaitExten(15)
|
||||||
|
|
||||||
|
exten => i,1,Playback(silence/1&goodbye)
|
||||||
|
same => n,Hangup()
|
||||||
|
|
||||||
exten => t,1,Goto(s,loop)
|
exten => t,1,Goto(s,loop)
|
||||||
|
|
||||||
exten => _X,1,NoOp()
|
exten => _X,1,NoOp()
|
||||||
|
@ -60,12 +56,10 @@ exten => 3,100,NoOp()
|
||||||
|
|
||||||
exten => 4,100,NoOp()
|
exten => 4,100,NoOp()
|
||||||
same => n,Read(TMPNOM,z-external,1,,1,0.1)
|
same => n,Read(TMPNOM,z-external,1,,1,0.1)
|
||||||
;same => n,Playback(z-external)
|
|
||||||
same => n,Goto(menuend,1)
|
same => n,Goto(menuend,1)
|
||||||
|
|
||||||
exten => 5,100,NoOp()
|
exten => 5,100,NoOp()
|
||||||
same => n,Read(TMPNOM,z-macroform-cold_day,1,,1,0.1)
|
same => n,Read(TMPNOM,z-macroform-cold_day,1,,1,0.1)
|
||||||
;same => n,Playback(z-macroform-cold_day)
|
|
||||||
same => n,Goto(menuend,1)
|
same => n,Goto(menuend,1)
|
||||||
|
|
||||||
exten => _X,100,NoOp()
|
exten => _X,100,NoOp()
|
||||||
|
@ -79,7 +73,7 @@ exten => menuend,1,NoOp()
|
||||||
exten => i,1,NoOp()
|
exten => i,1,NoOp()
|
||||||
|
|
||||||
exten => chanunavail,1,Playback(im-sorry&number-not-answering&please-try-call-later)
|
exten => chanunavail,1,Playback(im-sorry&number-not-answering&please-try-call-later)
|
||||||
exten => chanunavail,2,Hangup()
|
same => n,Hangup()
|
||||||
|
|
||||||
exten => 424036180001,5,Dial(PJSIP/REDACTED,300,m)
|
exten => 424036180001,5,Dial(PJSIP/REDACTED,300,m)
|
||||||
exten => 424036180002,5,Dial(PJSIP/REDACTED,300,m)
|
exten => 424036180002,5,Dial(PJSIP/REDACTED,300,m)
|
||||||
|
@ -89,10 +83,8 @@ exten => 424036180005,5,Dial(PJSIP/REDACTED,300,m)
|
||||||
exten => _X.,6,GotoIf($["${DIALSTATUS}" = "CHANUNAVAIL"]?chanunavail,1:)
|
exten => _X.,6,GotoIf($["${DIALSTATUS}" = "CHANUNAVAIL"]?chanunavail,1:)
|
||||||
exten => 424036180000,5,Goto(extmymenu,${EXTEN},5)
|
exten => 424036180000,5,Goto(extmymenu,${EXTEN},5)
|
||||||
exten => 424036183618,5,Playback(silence/1&your&number&is)
|
exten => 424036183618,5,Playback(silence/1&your&number&is)
|
||||||
same => 6,SayAlpha(${CALLERID(num)})
|
same => n,SayAlpha(${CALLERID(num)})
|
||||||
same => 7,Playback(silence/1)
|
same => n,Playback(silence/1)
|
||||||
;same => 8,SayAlpha(${CALLERID(name)})
|
|
||||||
;same => 9,Playback(silence/1)
|
|
||||||
exten => 424036184242,5,Goto(extdn42whois,${EXTEN},5)
|
exten => 424036184242,5,Goto(extdn42whois,${EXTEN},5)
|
||||||
exten => _42403618XXXX,5,Playback(im-sorry&check-number-dial-again)
|
exten => _42403618XXXX,5,Playback(im-sorry&check-number-dial-again)
|
||||||
|
|
||||||
|
@ -102,7 +94,6 @@ exten => _42403618XXXX,5,Answer()
|
||||||
|
|
||||||
exten => _42401332XXXX,5,NoOp()
|
exten => _42401332XXXX,5,NoOp()
|
||||||
same => n,Dial(PJSIP/${EXTEN}@nia)
|
same => n,Dial(PJSIP/${EXTEN}@nia)
|
||||||
;same => n,Dial(PJSIP/${EXTEN:-4}@nia)
|
|
||||||
|
|
||||||
exten => _42403315XXXX,5,NoOp()
|
exten => _42403315XXXX,5,NoOp()
|
||||||
same => n,Dial(PJSIP/${EXTEN}@zane)
|
same => n,Dial(PJSIP/${EXTEN}@zane)
|
||||||
|
@ -117,11 +108,8 @@ exten => _42400119XXXX,5,NoOp()
|
||||||
same => n,Dial(PJSIP/${EXTEN}@jrb0001)
|
same => n,Dial(PJSIP/${EXTEN}@jrb0001)
|
||||||
|
|
||||||
[jerry]
|
[jerry]
|
||||||
;exten => _X.,1,Set(CHANNEL(musicclass)=custom)
|
exten => _XXXX,1,Goto(42403618${EXTEN},1)
|
||||||
|
exten => _XXXXXXXX,1,Goto(4240${EXTEN},1)
|
||||||
exten => _X.,1,NoOp()
|
exten => _X.,1,NoOp()
|
||||||
|
|
||||||
exten => _XXXX,2,Goto(42403618${EXTEN},1)
|
exten => _X.,2,Goto(extpeers,${EXTEN},5)
|
||||||
exten => _XXXXXXXX,2,Goto(4240${EXTEN},1)
|
|
||||||
exten => _X.,2,NoOp()
|
|
||||||
|
|
||||||
exten => _X.,3,Goto(extpeers,${EXTEN},5)
|
|
||||||
|
|
Loading…
Reference in a new issue