Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3

computers / Hacking / Re: Cisco Webex Meetings Desktop App

SubjectAuthor
* Cisco Webex Meetings Desktop AppAnonUser
`- Re: Cisco Webex Meetings Desktop AppAnonUser

1
Cisco Webex Meetings Desktop App

<c7bdc3116db7ef550ce30a46fad20189$1@dkzerogt6z6ybhcj.onion>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=572&group=rocksolid.shared.hacking#572

  copy link   Newsgroups: rocksolid.shared.hacking
Path: rocksolid2!rocksolid0!rocksolid3!.POSTED.localhost!not-for-mail
From: AnonUser@retrobbs2.i2p (AnonUser)
Newsgroups: rocksolid.shared.hacking
Subject: Cisco Webex Meetings Desktop App
Date: Fri, 26 Oct 2018 10:35:24 -0000 (UTC)
Organization: RetroBBS2 for Tor
Message-ID: <c7bdc3116db7ef550ce30a46fad20189$1@dkzerogt6z6ybhcj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 26 Oct 2018 10:35:24 -0000 (UTC)
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="6511"; mail-complaints-to="usenet@rocksolidbbs.com"
 by: AnonUser - Fri, 26 Oct 2018 10:35 UTC

Check out this new gaping hole in Ciscos Webex. Even after the patch you
can still have a lot of fun with this. And easy, too (to exploit, I mean,
not to find).

The article on skull is worth reading, the Cisco post is more to give a
complete picture (not too many facts in that one, I'm afraid).

https://blog.skullsecurity.org/2018/technical-rundown-of-webexec

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

--
Posted on RetroBBS II

Re: Cisco Webex Meetings Desktop App

<bcdb620d8db17e2abfbef0d5ea33a052$1@rslight.novabbs.com>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=573&group=rocksolid.shared.hacking#573

  copy link   Newsgroups: rocksolid.shared.hacking
Path: rocksolid2!.POSTED.192.241.184.77!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.hacking
Subject: Re: Cisco Webex Meetings Desktop App
Date: Sat, 27 Oct 2018 00:48:02 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <bcdb620d8db17e2abfbef0d5ea33a052$1@rslight.novabbs.com>
References: <c7bdc3116db7ef550ce30a46fad20189$1@dkzerogt6z6ybhcj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 27 Oct 2018 00:48:02 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="192.241.184.77";
logging-data="21374"; mail-complaints-to="usenet@novabbs.com"
 by: AnonUser - Sat, 27 Oct 2018 00:48 UTC

AnonUser wrote:

> Check out this new gaping hole in Ciscos Webex. Even after the patch you
> can still have a lot of fun with this. And easy, too (to exploit, I mean,
> not to find).

> The article on skull is worth reading, the Cisco post is more to give a
> complete picture (not too many facts in that one, I'm afraid).

> https://blog.skullsecurity.org/2018/technical-rundown-of-webexec

Nice writeup of the problem and how to exploit. Looks like Cisco handled
it pretty well.

>
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

--
Posted on Rocksolid Light.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor