Directory Traversal and XSS Vulnerabilities Found in Avira’s BetaCenter

2013-02-15

Eduard Kovacs

http://news.softpedia.com/news/Directory-Traversal-and-XSS-Vulnerabilities-Found-in-Avira-s-BetaCenter-329867.shtml%5C

Pakistani security researcher Rafay Baloch has identified a couple of vulnerabilities in Avira’s BetaCenter site. The security holes are a directory traversal and a reflected cross-site scripting (XSS) issue.

"Directory traversal is an attack which allows an attacker to access restricted directories and execute commands in some cases. I was able to access winboot.ini file by using a directory traversal attack against Avira," the expert explained.

He has reported his findings to the security solutions provider, which has forwarded the information to the third party that manages the BetaCenter.

The hosting company addressed the issues within a few hours after being contacted. For his efforts, Avira has rewarded the researcher with an acknowledgement certificate.

[...]
main page ATTRITION feedback