Opensips CP 8.3.2 session validation not checked #210
Description
Some pages do not check if the session is valid, it should be probably redirected to login page if error.
This example allows you to find information about an account without being registered from the login page.
curl -k "https://x.x.x.x/cp/tools/users/user_management/show_contacts.php?username=1234&domain=127.0.0.1" -s | grep 'searchRecord'
...
<td class="searchRecord" width="70" style="width: 70px;">Contact</td>
<td class="searchRecord" style="width: 230px;">sip:1234@...</td>
<td class="searchRecord" width="70">QValue</td>
<td class="searchRecord">n/a</td>
<td class="searchRecord" width="70">Expires</td>
<td class="searchRecord">34</td>
<td class="searchRecord" width="70">Flags</td>
<td class="searchRecord">0</td>
<td class="searchRecord" width="70">CFlags</td>
<td class="searchRecord">NAT</td>
<td class="searchRecord" width="70">Socket</td>
<td class="searchRecord">udp:...</td>
<td class="searchRecord" width="70">Methods</td>
<td class="searchRecord">...</td>
<td class="searchRecord" width="70">Received</td>
<td class="searchRecord">sip:...</td>
<td class="searchRecord" width="70">State</td>
<td class="searchRecord">CS_SYNC</td>
<td class="searchRecord" width="70">User Agent</td>
<td class="searchRecord">...</td>
Pages:
tools/users/user_management/show_contacts.php
tools/system/tviewer/apply_changes.php
tools/system/callcenter/apply_changes.php
tools/system/uac_registrant/apply_changes.php
tools/system/tls_mgm/apply_changes.php
tools/system/smpp/apply_changes.php
common/forms.php
footer.php
header.php
menu.php
blank.php
Metadata
Metadata
Assignees
Labels
No labels