Parameter injection leads to reflected file download

0
AnoopOjhaAnoopOjha Pune
edited February 22 in Need Help
I am using GSA 7.6.0.G.58. in our current AEM site. we are facing one vulnerability issue in our site, while through inspect element someone is injecting  <a href="h***s://www.sitename.us/suggest?callback=calc" download="setup.bat" onclick="return false;">DOWNLOAD YOUR
FILE</a> , they able to download setup.bat file which is showing some GSA info.
this is happening only through inspect element and not through browser hit.

If anyone has faced the similar issue. please help me out.

Comments

Sign In or Register to comment.