Lauritz

icon indicating a website link https://security.lauritz-holtmann.de/

icon location Germany icon location IT-Security Researcher and Pentester

Results 4 comments of Lauritz

[Security] XmlFullSignature operation is vulnerable to XML External Entity Injection (XXE)

The fix should be thoroughly tested before merge. Further, CSTC includes more XML operations that need review, too.

Support work profile/Android users

I just stumbled over this use case, too. This would indeed be a great feature! :) Edit: I can confirm that the following approach would work. By manually adjusting https://github.com/sensepost/objection/blob/248d56096001a030082270f816773a3aebc1f9a3/objection/utils/agent.py#L166...

Support work profile/Android users

Hi @CDuPlooy, thank you very much for your effort! Unfortunately I do not have a test device at hand at the moment, either. 😢 Maybe someone else here in this...

[Security] XmlFullSignature operation is vulnerable to XML External Entity Injection (XXE)

Hi there! Looks like the fix referenced in this issue should be included in the latest release v1.3.0: https://github.com/usdAG/cstc/commits/v1.3.0 If this is the case, feel free to close this issue....