famatte69/gist:52e6ad03d0f23428b92bd029c856112c Secret

## gistfile1.txt
[Description]
LISPBX is a SIP PBX based on Asterix
 In Liberty lisPBX 2.0-X, configuration backup files can be retrieved
 remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or
 /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or
 authorization. These configuration files have all PBX information
 including extension numbers, contacts, and passwords.

 ------------------------------------------

 [Additional Information]
  Shodan search for "lisPBX"
    lispbx - lisPBX - 2.0-4

 ------------------------------------------

 [Vulnerability Type]
 Incorrect Access Control

 ------------------------------------------

 [Vendor of Product]
 Lispbx

 ------------------------------------------

 [Affected Product Code Base]
 Lispbx - 2.0-4 and 2.0-5

 ------------------------------------------

 [Affected Component]
 Backup files from earlier days, with all configuration .

 ------------------------------------------

 [Attack Type]
 Remote

 ------------------------------------------

 [Impact Information Disclosure]
 true

 ------------------------------------------

 [Attack Vectors]
 http://<example.com>/backup/lispbx-CONF-YYYY-MM-DD.tar
 http://<example.com>/backup/lispbx-CDR-YYYY-MM-DD.tar

 ------------------------------------------

 [Discoverer]
 FERNANDO POMPEO AMATTE

 ------------------------------------------

 [Reference]
 https://twitter.com/lispbx
 https://sourceforge.net/p/lispbxdownloads/wiki/Home/
	[Description]
	LISPBX is a SIP PBX based on Asterix
	In Liberty lisPBX 2.0-X, configuration backup files can be retrieved
	remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or
	/backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or
	authorization. These configuration files have all PBX information
	including extension numbers, contacts, and passwords.

	------------------------------------------

	[Additional Information]
	Shodan search for "lisPBX"
	lispbx - lisPBX - 2.0-4

	------------------------------------------

	[Vulnerability Type]
	Incorrect Access Control

	------------------------------------------

	[Vendor of Product]
	Lispbx

	------------------------------------------

	[Affected Product Code Base]
	Lispbx - 2.0-4 and 2.0-5

	------------------------------------------

	[Affected Component]
	Backup files from earlier days, with all configuration .

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Information Disclosure]
	true

	------------------------------------------

	[Attack Vectors]
	http://<example.com>/backup/lispbx-CONF-YYYY-MM-DD.tar
	http://<example.com>/backup/lispbx-CDR-YYYY-MM-DD.tar

	------------------------------------------

	[Discoverer]
	FERNANDO POMPEO AMATTE

	------------------------------------------

	[Reference]
	https://twitter.com/lispbx
	https://sourceforge.net/p/lispbxdownloads/wiki/Home/