طيب ماشي فهمت شوية
هل هادة الكلام هو عبارة عن log file? عشان اقدر استخدمه ؟؟
Missing input sanitization in htdocs/recordings/misc/callme_page.php:
// line 28-30:
$to = $_REQUEST['callmenum']; // vulnerable
$msgFrom = $_REQUEST['msgFrom'];
$new_path = substr($path, 0, -4);
// line 38:
$call_status = callme_startcall($to, $msgFrom, $new_path);

Missing input sanitization in htdocs/recordings/includes/callme.php:
// line 88-117:
function callme_startcall($to, $from, $new_path)
{
global $astman;
$channel = "Local/$to@from-internal/n"; // vulnerable
$context = "vm-callme";
$extension = "s";
$priority = "1";
$callerid = "VMAIL/$from";
...
/* Arguments to Originate: channel, extension, context, priority,
timeout, callerid, variable, account, application, data */
$status = $astman->Originate($channel, $extension, $context,
$priority, NULL, $callerid, $variable, NULL, NULL, NULL, NULL);
...
}