Wowza streaming engine 4.0.4.rar6/24/2023 2 - Uncontrolled Resource Consumption - CWE-400 This is not true in the case of user creation, where that parameter is present and correctly validated.īy exploiting this issue, a remote attacker is able to delete every user on Wowza Streaming Engine on behalf of a regular platform administrator. In this case, the application accepts the request and processes it every time. It was also found that the wowzaSecurityToken HTTP parameter is not present in this GET request. The request will be sent to the web application, and the user will be deleted: Select Submit request, to force the administrator to delete the selected user. Then, Copy the following HTML to a file served on another machine, in this case a local Kali Linux, in the file: /var/startįrom an authenticated browser session to Wowza Streaming Engine with administrative privileges, open a new tab and go to the page. I have found two security issues on Wowza Streaming Engine Users -> Add User.
0 Comments
Leave a Reply. |