Happy Hacking

The Mobile Application Security Verification Standard is a list of security requirements for mobile applications that can be used by architects, developers, testers, security professionals, and consumers to define what a secure mobile application is. Download : https://goo.gl/z1UYxG

Hey all , Few months back I found a upload  vulnerability bug in bit defender.  Lets get into the finding While I was testing "bit defender.com " , There was one url with this pattern     Step 1 : Tested for  " SQL " Injection  https://store.bitdefender.com/ order/?=  '%3   there was some syntax error        Step 2 : Tested for " LFI "     https://store.bitdefender.com/ order/?=   cat /etc/passwd       there was some syntax error     Step 3 : I Did Tested More Injection    there was some 404 error  Ok thats cool :)    Step 10 : Tested for " XSS "         https://store.bitdefender.com/ order/?=%3Csvg/onload=alert(1) %3E                 The above url showing  upload file path vulnerability   That worked perfectly