Parameter injection leads to reflected file download
I am using GSA 7.6.0.G.58. in our current AEM site. we are facing one vulnerability issue in our site, while through inspect element someone is injecting <a href="h***s://www.sitename.us/suggest?callback=calc" download="setup.bat" onclick="return false;">DOWNLOAD YOUR
FILE</a> , they able to download setup.bat file which is showing some GSA info.
this is happening only through inspect element and not through browser hit.
If anyone has faced the similar issue. please help me out.
Comments