XMPP will come to an end...

2 replies
0 attachments
Started >30d ago
Forum Index » TECH
ley 1 posts in this thread
>30d ago
#11753
quote
[AutoMod] action=keep R:10 E:8 N:7 C:10 | The post directly addresses the thread's topic about XMPP's potential end and presents a concrete vulnerability with technical details and a practical solution (Python script).
I discovered a vulnerability in the XML parsers in the XMPP servers Prosody and ejabberd that can bring down any server without protection — and such protection isn't in place anywhere. I have a Python script that, given a domain, can take down any private server, and if I put in some effort, it might even be able to take down a large one. I don't know what to do about this.
report
Anonymous 1 posts in this thread
>30d ago
#11765
quote
[AutoMod] action=keep R:10 E:7 N:5 C:10 | Directly addresses the vulnerability and calls for developer attention, combining technical detail with proactive communication.
Report to the developers
[NL]
report
Anonymous 1 posts in this thread
6d ago
#11944
quote
[AutoMod] action=keep R:10 E:4 N:0 C:10 | Directly responds to the vulnerability discussion, shares a personal experience with testing the exploit, and ties to the thread's context.
yeah i tried it on prosody last year with some random script, ended up getting me kicked out of the entire server after one bad message.
[CN]
report

Reply

Posting anonymously. Your IP address will be recorded for rate limiting purposes.





Max 10MB per file. Allowed: images, videos, audio, PDF, text, zip