Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..

Contact via Linkedin or read interesting staff on Twitter.

Elastix "id_nodo" Local File Inclusion Vulnerability

(CVE-2010-1492) Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

http://www.securityfocus.com/bid/39610/info
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1492