[Pidgin] #12456: Exploit for AIM Protocol - Ghosting
Pidgin
trac at pidgin.im
Sun Aug 8 15:40:00 EDT 2010
#12456: Exploit for AIM Protocol - Ghosting
-----------------------------------+----------------------------------------
Reporter: Wrycu | Owner: MarkDoliner
Type: plugin request | Status: new
Component: AIM | Version: 2.7.2
Keywords: ghosting chat exploit |
-----------------------------------+----------------------------------------
There is an exploit for AIM which consists of users sending malformed join
packets for a chat room, allowing them to send messages to the room
without actually being in the room. This means that the messages are
displayed even if the user is blocked, and the user cannot be ignored
(since they are not listed as being in the chat). This is frequently done
with bots, allowing for hundreds of screen names to send messages quickly.
The (probably) most straight-forward fix is to check on chat_msg_received
to see if the sender of the message is in the chat or not. If they are
not in the chat, they are ghosting (exploiting), and the user does not
need to see the message.
--
Ticket URL: <http://developer.pidgin.im/ticket/12456>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list