Classic SQL injection and a nice explanation to go with it! Text encoding was def not the first thing on my mind when thinking about possible escapes, and I guess it wasn't on the mind of the person that tried to manually sanitize SQL input either!
They just should use parameters. Then you don’t need to sanitize anything because you can’t inject anything. Not using parameters is a classic beginners mistake. Also I think this should be caught by static code analysis tools which maybe they should have used at Zoom.
4:33 and if you want it be more of a hell for people who want to reverse engineer your stuff, you can tell the compiler to generate a stripped binary. On Linux you can do this using the "strip" command. You could use it like this "strip binary -o stripped_binary" or you can do it with the "-s" flag if you are using GCC.
Wow! Very well explained, thank you! EDIT: my only complaint is the title. It's makes it look like a recent exploit, which is clickbaity and not very nice. I don't think you need to resort to that. 🙂
It wasn't a mistake. Zoom has been caught out working with gov agencies to essentially steal info from both individuals and organizations. Essentially is a gov tool for blackmail and info stealing (source twitter files)
I typically find myself frustrated, or have little patience for videos that fail to delve deeply… (as in all the over-hyped/dumbed-down clickbait that plagues this site)… Luckily this video was a pleasant surprise with its depth and steady quality. 👍
Great video, directly subscribed to your channel. Keep on doing great videos like these! ---- EDIT: Maybe mention tools like IDA or BinaryNinja for reverse engineering. It's not about giving the "bad guys" more information (because we assume they already have them), it's about spreading knowledge across the good guys (White-Hats) to expand their knowledge and being faster/quicker in finding new vulns than the opposition. ---- Nevertheless you did a great job related to the reversing procedure (e.g. the short analysis of the sqlite lib)!
Wow... Vulnerabilities like this one convince just how important it is to implement a web-cam cover and a physical mic on/off togle, just for a percussion. A simple step like that goes quite a long way, it seems.
Nice 👍 I thought the whole reason why utf-8 subsequent bytes have to start with 1 is to prevent exactly this - a utf-8 start byte eating away ASCII characters. So the utf-8 decoder is also at fault here? It should have stopped decoding...
@@DanielBoctor somehow evertime I ask myself something while you explain something somehow you clear it up right the next second. It’s a pleasure to watch and I learned a lot.
Sometimes the camera is actually wanted. There are laptops providing a mechanical slider, or one can 3D-print a clamp to put over the lens. Easy to reverse and doesn't leave gooey residue.
isn't it a sqlite bug as the utf-8 encoder assumes the 10xxxxxx instead of checking for it and raising an error if the first 2 bits weren't 1 and 0? why was it reported to zoom?
Yeah, that definitely shouldn't have happened, but it's technically up to SQLite how they want to treat their encodings ¯\_(ツ)_/¯ The deeper source of the vulnerability was the discrepancy in the way that Zoom and SQLite handled encodings. Zoom treated input as plaintext, while SQLite treated the backslash (\) as an escape, indicating that the following hexadecimal sequence was Unicode. Regardless how how SQLite handled those encodings, it was the discrepancy at the end of the day that enabled any of this to be possible, and the onus is on Zoom to deal with that.
I have a self sqli on a android app for a bug bounty. Im not sure how to make it viable. It is using sqlite too. Trying to find any other vuln to chain with it. Been sitting on it for a month
![BOWKYLION - วิงวอน (ex-change) [Official MV]](http://i.ytimg.com/vi/cLdnZWDaO-w/mqdefault.jpg)
JOIN THE COMMUNITY ➤ discord.gg/WYqqp7DXbm
♥ thank you for all of the support ♥
Classic SQL injection and a nice explanation to go with it!
Text encoding was def not the first thing on my mind when thinking about possible escapes, and I guess it wasn't on the mind of the person that tried to manually sanitize SQL input either!
They just should use parameters. Then you don’t need to sanitize anything because you can’t inject anything. Not using parameters is a classic beginners mistake. Also I think this should be caught by static code analysis tools which maybe they should have used at Zoom.
We tend not to ship debug symbols by default with open source programs either - they tend to be much larger than the compiled program itself.
"Cant read the source code" Ghidra has entered the chat
yep, that's actually what the researcher used to locate the SQLite functions 🤯
ghidra still can't tell you the function names
that's not source code
Criminally underrated channel. Keep up the good work man you'll make it big
That's the dream 🚀 Thanks for the support
Great video! That explanation of unicode was perfect.
Thanks for the support! Glad you liked it 😊
@@DanielBoctor- Loved it with the great explanation. :)
@@BillAnt Thank you!
4:33 and if you want it be more of a hell for people who want to reverse engineer your stuff, you can tell the compiler to generate a stripped binary.
On Linux you can do this using the "strip" command. You could use it like this "strip binary -o stripped_binary"
or you can do it with the "-s" flag if you are using GCC.
Stripped binary is also much smaller and thus always a good thing.
yup I love using Linux
So whats the catch? Why is it not used by default by everyone?
Very well explained. Lots of small things to learn, not only a story telling content. Just keep up.
Subscribed.
Thanks! Glad you have you aboard :)
Wow! Very well explained, thank you!
EDIT: my only complaint is the title. It's makes it look like a recent exploit, which is clickbaity and not very nice. I don't think you need to resort to that. 🙂
A channel can only upload about this type of stuff when it gets patched.
@@cooldestroyer1yea and it was patched in june 2020
@@cooldestroyer1but still makes it look like it's recent
Obviously worked on you
@@B1ADE99 I stopped watching very early:/
Oh my goodness. This is such fantastic knowledge. You explain things phenomenally. Thanks so much.
LOOOOOL I'm glad it was helpful! Glad you have you here! Thanks for the support ❤️
Seems very well explained. Still didn't finish the video, but so far so good. Keep it up
Will do! More is on the way 🚀. Thank you for the support
Why a new company like Zoom decided to use SQL with all of it's string-based vulnerabilities baffles me.
It wasn't a mistake. Zoom has been caught out working with gov agencies to essentially steal info from both individuals and organizations. Essentially is a gov tool for blackmail and info stealing (source twitter files)
Very interesting. I cannot get over the upward inflection on every sentence though
Ughhhhhhh I know, I do it while I'm filming without realizing it . I'm trying to fix it though.
@@DanielBoctor Honestly man, wasn't an issue for me at all. Super interesting video!
Another eloquent description of a fascinating piece of software security history, brilliant as always.
glad you liked it!
I typically find myself frustrated, or have little patience for videos that fail to delve deeply… (as in all the over-hyped/dumbed-down clickbait that plagues this site)… Luckily this video was a pleasant surprise with its depth and steady quality. 👍
Glad you liked it! Thanks for the support
Great video, directly subscribed to your channel.
Keep on doing great videos like these!
----
EDIT:
Maybe mention tools like IDA or BinaryNinja for reverse engineering. It's not about giving the "bad guys" more information (because we assume they already have them), it's about spreading knowledge across the good guys (White-Hats) to expand their knowledge and being faster/quicker in finding new vulns than the opposition.
----
Nevertheless you did a great job related to the reversing procedure (e.g. the short analysis of the sqlite lib)!
Very interesting and technically informative. You have a elegant way of explaining things. Thanks!
Glad you found it helpful! Thanks for the support I appreciate it 😊
jokes on you i don't have a camera
great explanation and editing!
Thanks for the support, I appreciate it 😊
Great explanation. Thanks for these videos 😊😊😊
Glad you liked it! Thanks for watching 😊
Great video! Well explained! Only correction is that SQL doesn’t use `//` for comments. It uses `--`.
Absolutely wonderful ❤
And that was super genius method to trick sql once again
Glad you liked it ❤
Happy this was on my recommended, nice one
Glad you enjoyed!
Great content man. Thank you.
Wow... Vulnerabilities like this one convince just how important it is to implement a web-cam cover and a physical mic on/off togle, just for a percussion. A simple step like that goes quite a long way, it seems.
Another great video!!!
I honestly thought I was watching from a big channel, your so underrated, keep it going!
THANK YOU! I appreciate the support! More is on the way 🚀🚀🚀
Internation man is Hereeer? 🎉
I love your channel, but also hate realizing that there’s no real way to defend against these things proactively.
Nice 👍 I thought the whole reason why utf-8 subsequent bytes have to start with 1 is to prevent exactly this - a utf-8 start byte eating away ASCII characters. So the utf-8 decoder is also at fault here? It should have stopped decoding...
kind of like that one darkweb movie when the charons joined the call 💀
How do you not have more than million subscribers? What. you deserve more. keep up the great work!
Thank you! You are a highly awesome fella keep on spreading that positivity
Brilliant video
❤️❤️
this is basically a Kevin Fang video
Never heard of him before, but you're definitely right - we even both use LEMMiNO's music LOL
Great job you getting my sub.
Damn that UTF-8 trick is clever.
ikr 🤯
This was a great vid
I now understand unicode encoding.
Such a great video. Glad i found you! Keep going and you shall succeed.
Thank you for the support! Glad you have you apart of the community
@@DanielBoctor somehow evertime I ask myself something while you explain something somehow you clear it up right the next second. It’s a pleasure to watch and I learned a lot.
That's awesome LOL. I appreciate all of the support, and I'm glad you're able to learn from them! It's the reason why I make these videos
great video
Thanks!!
Cool video, just wanted to add that debug symbols are not necessary for debugging
That is why I put electrical tape over all cameras on laptops. That will never be hacked.
Sometimes the camera is actually wanted. There are laptops providing a mechanical slider, or one can 3D-print a clamp to put over the lens. Easy to reverse and doesn't leave gooey residue.
You can buy a Lenovo they have a built in mechanical cover for the webcam so you can easily cover it when not in use.
You had better do the same for the microphone then too 😂
is there any reason zoom would have decided to manually implement the input sanitization
nice man
Outstanding ! cool video !
Thank you! Glad you have you here
Well, to this hackers dismay I’m too poor to afford a webcam!
i do not know what most of the things are or mean but i still watch it anyway cuz it sounds interesting
I like the part the funny man mention computer words
Great Explanation!
isn't it a sqlite bug as the utf-8 encoder assumes the 10xxxxxx instead of checking for it and raising an error if the first 2 bits weren't 1 and 0? why was it reported to zoom?
Yeah, that definitely shouldn't have happened, but it's technically up to SQLite how they want to treat their encodings ¯\_(ツ)_/¯
The deeper source of the vulnerability was the discrepancy in the way that Zoom and SQLite handled encodings. Zoom treated input as plaintext, while SQLite treated the backslash (\) as an escape, indicating that the following hexadecimal sequence was Unicode. Regardless how how SQLite handled those encodings, it was the discrepancy at the end of the day that enabled any of this to be possible, and the onus is on Zoom to deal with that.
Great breakdown, thanks for the video!
Thanks! Glad you liked it 😊
I'd thought I'd recognized Lemmino's music there
_taps forehead_ Can't turn on my camera if I never have it plugged in...
Fr
frfr
Make a reverse engineering video tutorial, geniuenly interested!!!!
You sound exactly like code with lewis lol
LOOOOOOOOOL I NEVER HEARD OF HIM BEFORE BUT I ACTUALLY DO
Good explanation
Well explained
I don’t program but I know you can debug binary because I know how to do some basic binary editing with cheat engine.
Very nice vid
Lost to sql injection 😂
nice
Find some verifiable sources to link on the next one
Shit. I watch it but suddenly i figured thats the guy with the "girl with a attitude voice" Dude, find somebody to do a voiceover for you
this was actually my last video with this issue, if you check out my subsequent ones, they should be fine
bro April 7th is my birthday lol
This is full of inaccuracies
I have a self sqli on a android app for a bug bounty. Im not sure how to make it viable. It is using sqlite too. Trying to find any other vuln to chain with it. Been sitting on it for a month
I can’t help to say that you’re pronouncing SQLite with an extra L, it’s “Ess-Queue-Lite”, without that extra L.
I didn't even think of it that way LOL
Great video, horrible clickbait.
If you get a nebula account ill drop a sub to it
It's an honour to be considered nebula worthy LOL
This is not easy to listen too.. are you drunnnnnk ?
the way you are changing the way you talk is bad, just go with your natural tone, it will come off easier to listen to. I had to stop
I think I finally fixed my intonation in my most recent video
will be checking it out, you are interesting @@DanielBoctor
thank you LOL you are one awesome fella
Nice topic but boring because you explain too many noob details
upspeak. come on.