[OpenSIPS-Users] SQL injection in usernames

Sun, 29 Jan 2023 15:33:12 -0800

I'm observing that fraudsters are attempting SQL injections within various SIP headers, e.g. 

Contact:<sip:a'or'[email protected]:5060;transport=UDP>
From:<sip:a'or'[email protected];transport=UDP>;tag=t1cqzx35
Just a head's up to those using SQL queries in their dial plans to be careful to always *escape* the wrath! 
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to