This video is about local SQLinjection vulnerability in Linux and MacOS desktop applications of Zoom – conference app that gained even more popularity as remote meeting got more common in 2020. Exploiting the SQLi required to bypass doubling quotes protection that Zoom app used.
Original writeup:
https://medium.com/@keegan.ryan/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d
Keegan’s twitter:
https://twitter.com/inf_0_
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:25 Initial discovery – zoommtg:// links
01:24 Analysing the binary
03:06 SQLi protection
03:55 ASCII & UTF-8
05:17 bypassing the SQLi protection
06:45 Impact
#sqli
Add comment