Skip to main content
Sandro Gauci

Sandro Gauci, Enable Security

XSS in Linksys SPA941

Published on Oct 12, 2007 in ,

Cross Scripting in an IP Phone? Of course - it has an HTTP interface!

What’s more is that the HTTP interface shows a call history. The call history page makes use of information gathered from the SIP messages themselves to display which numbers tried to call the phone.

This post on full-disclosure mailing list shows how this feature can be abused so that malformed SIP messages are able to inject html scripts in the web interface itself.

This is a reminder that when changing from one format or protocol to another, the underlying code needs to make sure that the data is properly escaped. In this case, the http server or underlying scripts need to escape the miss call entries for html characters.


Sandro Gauci

Sandro Gauci

CEO, Chief Mischief Officer at Enable Security

Sandro Gauci leads the operations and research at Enable Security. He is the original developer of SIPVicious OSS, the SIP security testing toolset. His role is to focus on the vision of the company, design offensive security tools and engage in security research and testing. Therefore, he is the proud owner of the title of Chief Mischief Officer at Enable Security.

He offers public office hours and is reachable here.