Happy Hacking

Hey all , Few months back I found a upload  vulnerability bug in bit defender.  Lets get into the finding While I was testing "bit defender.com " , There was one url with this pattern     Step 1 : Tested for  " SQL " Injection  https://store.bitdefender.com/ order/?=  '%3   there was some syntax error        Step 2 : Tested for " LFI "     https://store.bitdefender.com/ order/?=   cat /etc/passwd       there was some syntax error     Step 3 : I Did Tested More Injection    there was some 404 error  Ok thats cool :)    Step 10 : Tested for " XSS "         https://store.bitdefender.com/ order/?=%3Csvg/onload=alert(1) %3E                 The above url showing ...