Home[1] Files[2] News[3] Contact[4] Add New[5]
- Kik Messenger XMPP Stanza Smuggling[6]
- Authored by Ivan Fratric[7], Google Security Research[8]
-
There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.
- SHA-256 |
3f66b31a34e395df392668d6453b6eee4bbfd623765c95d99108116f95c8a143 - Download[9] | Favorite[10] | View[11]
Subscribe to an RSS
FeedFile Tags
- ActiveX[16] (932)
- Advisory[17] (77,578)
- Arbitrary[18] (15,122)
- BBS[19] (2,859)
- Bypass[20] (1,566)
- CGI[21] (1,011)
- Code Execution[22] (6,673)
- Conference[23] (668)
- Cracker[24] (797)
- CSRF[25] (3,270)
- DoS[26] (21,840)
- Encryption[27] (2,330)
- Exploit[28] (49,820)
- File Inclusion[29] (4,148)
- File Upload[30] (942)
- Firewall[31] (821)
- Info Disclosure[32] (2,548)
- Intrusion Detection[33] (853)
- Java[34] (2,789)
- JavaScript[35] (797)
- Kernel[36] (6,034)
- Local[37] (14,007)
- Magazine[38] (586)
- Overflow[39] (12,174)
- Perl[40] (1,410)
- PHP[41] (5,040)
- Proof of Concept[42] (2,283)
- Protocol[43] (3,307)
- Python[44] (1,395)
- Remote[45] (29,679)
- Root[46] (3,449)
- Ruby[47] (576)
- Scanner[48] (1,630)
- Security Tool[49] (7,685)
- Shell[50] (3,060)
- Shellcode[51] (1,202)
- Sniffer[52] (880)
- Spoof[53] (2,083)
- SQL Injection[54] (16,001)
- TCP[55] (2,359)
- Trojan[56] (675)
- UDP[57] (866)
- Virus[58] (659)
- Vulnerability[59] (30,432)
- Web[60] (9,022)
- Whitepaper[61] (3,714)
- x86[62] (942)
- XSS[63] (17,316)
- Other[64]
File Archives
- June 2022[65]
- May 2022[66]
- April 2022[67]
- March 2022[68]
- February 2022[69]
- January 2022[70]
- December 2021[71]
- November 2021[72]
- October 2021[73]
- September 2021[74]
- August 2021[75]
- July 2021[76]
- Older[77]
Systems
- AIX[78] (426)
- Apple[79] (1,883)
- BSD[80] (368)
- CentOS[81] (55)
- Cisco[82] (1,913)
- Debian[83] (5,948)
- Fedora[84] (1,690)
- FreeBSD[85] (1,241)
- Gentoo[86] (4,152)
- HPUX[87] (878)
- iOS[88] (318)
- iPhone[89] (108)
- IRIX[90] (220)
- Juniper[91] (67)
- Linux[92] (42,266)
- Mac OS X[93] (683)
- Mandriva[94] (3,105)
- NetBSD[95] (255)
- OpenBSD[96] (478)
- RedHat[97] (11,610)
- Slackware[98] (941)
- Solaris[99] (1,607)
- SUSE[100] (1,444)
- Ubuntu[101] (7,834)
- UNIX[102] (9,065)
- UnixWare[103] (185)
- Windows[104] (6,414)
- Other[105]
© 2022 Packet Storm. All rights reserved.
- Services
- Security Services[116]
- Hosting By
- Rokasec[117]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
