Zoom – turning on someone’s camera using SQL injection vulnerability – Bug Bounty Reports Explained
Original writeup:
https://medium.com/@keegan.ryan/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d
Keegan’s twitter:
https://twitter.com/inf_0_
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:25 Initial discovery – zoommtg:// links
01:24 Analysing the binary
03:06 SQLi protection
03:55 ASCII & UTF-8
05:17 bypassing the SQLi protection
06:45 Impact
#sqli
Add comment