⇤ ← Revision 1 as of 2019-04-25 07:14:19
1565
Comment:
|
1710
|
Deletions are marked like this. | Additions are marked like this. |
Line 34: | Line 34: |
* Simplified URL to launch test meeting with username "JohnDoe" * curl -v 'http://localhost:19421/launch?confno=457840795&uname=JohnDoe' |
- hacker
- description
- Zoom plugin lisens on localhost which means it can be triggered open via specific URL to localhost. Same goes to URI format zoommtg:// . Since there was not much information I'll do some reversing and put notes here. Maybe it helps other hackers. If you find some interesting approaches and release something about it, please let me know.
- started
2019-04-25
Reguests to localhost
GET /app_check?action=checkVersion&domain=zoom.us&usv=66916&uuid=-8592519063090374108&t=1556175347396 HTTP/1.1 Host: localhost:19421 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 DNT: 1 Accept: image/webp,image/apng,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fi;q=0.8
GET /launch?domain=zoom.us&usv=66916&action=join&confid=dGlkPWNkMWZhMDVlNWZkMDRiY2VhYjYyOGY2MTlmZjdlMTcz&confno=457840795&zc=64&pk=&mcv=0.92.11227.0929&browser=chrome&wc=https%3A%2F%2Fzoom.us%2Fwc%2Fjoin%2F457840795&uuid=-8592519063090374108&t=1556175348534 HTTP/1.1 Host: localhost:19421 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 DNT: 1 Accept: image/webp,image/apng,image/*,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9,fi;q=0.8
Simplified URL to launch test meeting with username "?JohnDoe"
Attachments