File Upload Vulnerability Bug In bit defender
Hey all , Few months back I found a upload vulnerability bug in bit defender. Lets get into the finding While I was testing "bit defender.com " , There was one url with this pattern Step 1 : Tested for " SQL " Injection https://store.bitdefender.com/ order/?= '%3 there was some syntax error Step 2 : Tested for " LFI " https://store.bitdefender.com/ order/?= cat /etc/passwd there was some syntax error Step 3 : I Did Tested More Injection there was some 404 error Ok thats cool :) Step 10 : Tested for " XSS " https://store.bitdefender.com/ order/?=%3Csvg/onload=alert(1) %3E The above url showing upload file path vulnerability That worked perfectly