[OpenSIPS-Users] SQL injection in usernames

Gregory Massel greg at switchtel.co.za
Sun Jan 29 23:30:24 UTC 2023

I'm observing that fraudsters are attempting SQL injections within 
various SIP headers, e.g.

Contact:<sip:a'or'3=3-- at x.x.x.x:5060;transport=UDP>
From:<sip:a'or'3=3-- at x.x.x.x;transport=UDP>;tag=t1cqzx35

Just a head's up to those using SQL queries in their dial plans to be 
careful to always *escape* the wrath!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230130/fad3fa1c/attachment.html>

More information about the Users mailing list