-
Tobias
https://www.blackhat.com/us-22/briefings/schedule/index.html#xmpp-stanza-smuggling-or-how-i-hacked-zoom-26618
-
Menel
Interesting. Is this the problem of using full xml librarys? Or is that something else
-
Louis
> Kev: right partial compliance is common. For example, everyone claims to support data forms just because they have a parser for it, maybe use it in ibr. But the xep allows for data forms being send in messages and tracked by thread ID... I've not found a client that supports that well yet. So do they "support" data forms or not? I would need the feature for staff to report.
-
flow
Menel, I wouldn't say so, the advantages of using an xml library is IMHO always outweigh the drawbacks
-
moparisthebest
Tobias: same one we talked about in may right? https://bugs.chromium.org/p/project-zero/issues/detail?id=2254
-
moparisthebest
Gloox is still vulnerable and the dev hasn't replied to email https://camaya.net/gloox/changelog/
-
moparisthebest
(luckily?) The only XMPP client we found that uses it is https://github.com/pulkomandy/Renga which, due to targeting Haiku, has limited users, but they are all still vulnerable to this day if using the wrong server
-
moparisthebest
It also likely doesn't have a "install this code" command like zoom...
-
Guus
Did someone create a set of susceptible XML snippets? That would be handy to implement more testing.
-
Tobias
moparisthebest: yes. Looks like the same. Just presented at black hat