Subscribe via feed.

Wowza Streaming Engine 4.5.0 Remote Privilege Escalation

Posted by deepcore on July 21, 2016 – 4:44 am

The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter ‘accessLevel’ to ‘admin’ gaining admin rights and/or setting the parameter ‘advUser’ to ‘true’ and ‘_advUser’ to ‘on’ gaining advanced admin rights. Version 4.5.0 build 18676 is affected.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.