dEEpEst Posted December 17, 2023 Share Posted December 17, 2023 Whatsapp Spoofing impersonate of reply message All official WhatsApp clients, upon receiving a "Message Reply" payload (QuotedMessage), do not validate whether the "ContextInfo" of this "QuotedMessage" is valid/exists ("StanzaId" and "Participant"). This allows a malicious actor to send in private chats or groups a "QuotedMessage" of a message that never existed on behalf of another person. This is highly critical and dangerous. This is the hidden content, please Sign In or Sign Up /applications/core/interface/js/spacer.png"> Demo: This is the hidden content, please Sign In or Sign Up Download: This is the hidden content, please Sign In or Sign Up Mirror: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts