The security issue was uncovered during the blurrybox hacking contest of the wibu systems ag and acknowledged by the `certified_time.html` files are mared with the execution point of the issue. The `ChangeConfiguration.html` is marked as injection point for the payload. The vulnerable files are `ChangeConfiguration.html`,Īnd `certified_time.html`. The application has noĪttack risk is more minor but not that less then to ignore it. The vulnerability is a classic filter input validation vulnerability. Validation in the application is well setup but in case of the advanced settings the validation parameter are still not After that the issue triggers on each visit an First the attackerĪfter it the POST request is performed to save the content permanently. The request method to inject is POST and the attack vector is located on the application-side. The input validation vulnerability has been discovered in the `server name` input field of the `advanced settings. Module to followup with a compromising attack.
WIBU SYSTEMS CODEMETER CODE
The vulnerability allows remote attackers to inject own malicious script code with application-side vector to the 500Ī persistent input validation vulnerability has been discovered in the Wibu Systems AG CodeMeter WebAdmin v6.50
Product: CodeMeter & Control Panel - WebAdmin (Web-Application). : Public Disclosure (Vulnerability Laboratory) : Security Acknowledgements (Wibu Systems AG - Security Department)
: Vendor Fix/Patch (Wibu Systems AG - Service Developer Team) : Vendor Response/Feedback (Wibu Systems AG - Security Department) : Vendor Notification (Wibu Systems AG - Security Department)
: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH) Wibu Systems CodeMeter WebAdmin v6.50 application. The vulnerability laboratory core research team discovered a persistent input validation vulnerability in the official In addition, CodeMeter offers an API for custom integration with your software. Protection Suite is the tool that automatically encrypts yourĪpplications and libraries. Workflow is necessary at one point in time only.
WIBU SYSTEMS CODEMETER SOFTWARE
CodeMeter requires your attention only once: its integration in your software and your business You want to protect the software you have developed against piracy and Wibu Systems AG CodeMeter 6.50 - Persistent XSS VulnerabilityĬodeMeter is the universal technology for software publishers and intelligent device manufacturers, upon which all By Date By Thread Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability
0 kommentar(er)
