Skip to content

Parameter injection leads to reflected file download

AnoopOjhaAnoopOjha Pune
edited February 2018 in Need Help
I am using GSA 7.6.0.G.58. in our current AEM site. we are facing one vulnerability issue in our site, while through inspect element someone is injecting  <a href="h***s://" download="setup.bat" onclick="return false;">DOWNLOAD YOUR
FILE</a> , they able to download setup.bat file which is showing some GSA info.
this is happening only through inspect element and not through browser hit.

If anyone has faced the similar issue. please help me out.


Sign In or Register to comment.