For reporting a issue with HTTP methods my name got published in the About section under Security.
I usually don’t write about XSS issues in websites but since this was a hard hunt I thought of writing a bit. The web application was okay with user input but I did not give up. After some time I figured out that the “target” parameter in the login form was not properly sanitized and no CSRF tokens were used in the login process. Therefore I was able to build a successful POST XSS exploit. (more…)
All these issues are patched in Bandizip 3.10 after a responsible disclosure done to the vendor.
Bandizip is a Lightweight, Fast and 100% free All-In-One Zip Archiver. It has a very fast Zip algorithm for compression & extraction with Fast Drag and Drop, High Speed Archiving, and Multi-core compression. It handles the most popular compression formats, including Zip, 7z, Rar, and so on.
Bandizip 3.09 and below version are affected with a DLL hijacking issue in which the application loads dwmapi.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. You can clearly see dwmapi.dll is being searched by the application in the current directory as a result of loading it in an insecure manner.