A proof of concept bot to reveal full JID upon requesting list of Ad-Hoc commands.
iq_exploit.py | ||
README.md |
About
This is a "proof of concept" XMPP Bot which showcase an IQ exploite found in XEP-0045: Multi-User Chat.
Instructions
Tested with Gajim.
- Start the bot:
python iq_exploit.py -j JID -p PASSWORD
; - Send the bot a message with groupchat address:
join JID_OF_MUC
; - Open groupchat;
- Select the bot;
- Right-click;
- Execute command...;
- Select Ad-Hoc command "Start".
Recommendations
Server operators are advised to disable PMs in XEP-0045 MUC.
Use XEP-???? for groupchat instead of XEP-0045.