Tigase XMPP Server Stanza Smuggling

Posted by deepcore on May 26, 2022 – 11:30 pm

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server’s output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://cems.diw.go.th/sadme.htm Tigase XMPP Server Stanza Smuggling »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Tigase XMPP Server Stanza Smuggling

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL