Skip to content

Parameter injection leads to reflected file download

AnoopOjhaAnoopOjha Pune
edited February 2018 in Need Help
I am using GSA 7.6.0.G.58. in our current AEM site. we are facing one vulnerability issue in our site, while through inspect element someone is injecting  <a href="h***s://www.sitename.us/suggest?callback=calc" download="setup.bat" onclick="return false;">DOWNLOAD YOUR
FILE</a> , they able to download setup.bat file which is showing some GSA info.
this is happening only through inspect element and not through browser hit.

If anyone has faced the similar issue. please help me out.

Comments

  • SvenSven www.GSA-Online.de
    what is GSA 7.6.0.G.58 ?
  • AnoopOjhaAnoopOjha Pune
    I am using GSA version 7.6.0.G.58.
  • SvenSven www.GSA-Online.de
    we never had such version and GSA is the company name.
  • AnoopOjhaAnoopOjha Pune
    I guess I posted this in the wrong forum. I am sorry:)
  • SvenSven www.GSA-Online.de
    please enlighten us what software you where talking about.
Sign In or Register to comment.