A proof of concept bot to reveal full JID upon requesting list of Ad-Hoc commands.
Go to file
2024-03-03 00:07:48 +00:00
iq_exploit.py Upload New File 2024-03-02 23:36:26 +00:00
README.md Update README.md 2024-03-03 00:07:48 +00:00


This is a "proof of concept" XMPP Bot which showcase an IQ issue found in XEP-0045: Multi-User Chat.


Tested with Gajim.

  1. Start the bot: python iq_exploit.py -j JID -p PASSWORD;
  2. Send the bot a message with groupchat address: join JID_OF_MUC;
  3. Open groupchat;
  4. Select the bot;
  5. Right-click;
  6. Execute command...;
  7. Select Ad-Hoc command "Start".