思科webex被滥用发送植入型广告
从5月27日开始到今天,思科的webex一直在被利用发送广告,属于过滤不严谨或者未审核,在邀请人名字以及留言部分,被植入广告,达到了他们的宣传目的。目前账号开通,估计也就验证一个邮箱地址,然后就可以利用它的漏洞,所以植入内容发送会议邀请。目前还不清楚是否可以被植入恶意代码等,从邮件头的SID,CID看,用于发广告的,应该不止一个账号,SID应该是账号ID好,CID应该是会议室ID号等。
X-WBX-INFO: X-WBX-SID=15062732, X-WBX-CID=229103901827168954, X-WBX-TID=4z7aw0g6jfdo569bweml0yiblc4yw6ynilgy4roeohojywbmg3drqaet, X-WBX-RID=921ff475a47f4289a78c7d54e5943a51, X-WBX-SVC:Meeting Center, X-WBX-TT:Meeting Invitation, Date:Thu Jun 02 19:54:12 UTC 2022 reminder-42.6.0-5991
X-WBX-INFO: X-WBX-SID=15062732, X-WBX-CID=228957355549686384, X-WBX-TID=2oajkdkl8guvrw61g1x3ltj341h9m7xuxxiz6rh6xrgy2ro4dj6f7qd3, X-WBX-RID=e380b13ff7db454681089c838a9c0545, X-WBX-SVC:Meeting Center, X-WBX-TT:Meeting Invitation, Date:Wed Jun 01 05:06:55 UTC 2022 reminder-42.6.0-5991
X-WBX-INFO: X-WBX-SID=14445332, X-WBX-CID=228446950765866205, X-WBX-TID=4zijsyxvxky09bhj9hl8q30ztvf8grpl090m7zg44cmy6oo17jne5hro, X-WBX-RID=6605a426d3ef44258fa4aca1704fcf66, X-WBX-SVC:Meeting Center, X-WBX-TT:Meeting Invitation, Date:Fri May 27 04:12:25 UTC 2022 reminder-42.6.0-5991
- 上一篇:Microsoft Office 远程代码执行漏洞(CVE-2022-30190) [2022-6-3]
- 下一篇:FOXMAIL地址簿格式 [2022-4-25]