In this video, we dive deep into a severe Zoom SQL injection vulnerability that allowed attackers to enable a victim's webcam and microphone without their permission. This vulnerability was exploited by taking advantage of dependencies between backend systems and the SQLite database engine. Whether you're a penetration tester, security researcher, or cybersecurity professional, having a solid knowledge of character encoding schemes, especially as they relate to SQL, is critical.

0:00 – Overview
1:06 – Reverse engineering
4:40 – SQLite
5:32 – Attack vector
8:27 – Encoding (ASCII, Unicode, UTF-8)
11:45 am – Yield

WE NOW HAVE A DISCORD! https://discord.gg/WYqqp7DXbm

Original report by Keegan Ryan
https://medium.com/@keegan.ryan/patched-zoom-exploit-altering-camera-settings-via-remote-sql-injection-4fdf3de8a0d

MUSIC CREDITS:
LEMMiNO – Cipher
https://youtu.be/b0q5PR1xpA0?si=pUNJUB-ra1ulTJtI
CC BY-SA 4.0

LEMMiNO – Fireworks
https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ
CC BY-SA 4.0

LEMMiNO – Nocturnal
https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ
CC BY-SA 4.0

LEMMiNO – Siberian
https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ
CC BY-SA 4.0

#programming #software #softwaredevelopment #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwaredeveloper #vulnerability #pentesting #dataprotection #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #lowlevelsecurity #zeroday #zeroday #cybersecurityexplained #bugbounty #SQL #injection #SQLinjection #Unicode #ASCII #UTF8 #encoding #breach #SQLbreach #SQLite #databaseinjection #Zoom #Linux #localSQL

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.