by Adam Baldwin
We have identified a number of vulnerabilities that affect the OpenFire 3.7.1 XMPP server, one of which uses cross-site request forgery to upload and execute a malicious plugin.
Findings include vulnerabilties in the following classes
- Cross-Site Scripting (Stored & Reflected)
- Cross-Site Request Forgery
Reverse Shell Plugin Source Connects to 127.0.0.1:4444