ExploitIQ/README.md

## About

This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.

### Instructions

Tested with Gajim.

1. Start the bot: `python iq_exploit.py -j JID -p PASSWORD`;
2. Send the bot a message with groupchat address: `join JID_OF_MUC`;
3. Open groupchat;
4. Select the bot;
5. Right-click;
6. Execute command...;
7. Select Ad-Hoc command "Start".

### Recommendations

Server operators are advised to disable PMs in XEP-0045 MUC.

Use XEP-???? for groupchat instead of XEP-0045.
Add instructions for Gajim 2024-03-03 00:55:30 +01:00			`## About`

			`This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.`

			`### Instructions`

			`Tested with Gajim.`

			1. Start the bot: `python iq_exploit.py -j JID -p PASSWORD`;
			2. Send the bot a message with groupchat address: `join JID_OF_MUC`;
			`3. Open groupchat;`
			`4. Select the bot;`
			`5. Right-click;`
			`6. Execute command...;`
			`7. Select Ad-Hoc command "Start".`

			`### Recommendations`

			`Server operators are advised to disable PMs in XEP-0045 MUC.`

			`Use XEP-???? for groupchat instead of XEP-0045.`