Severity: Low
Netsparker detected a possible reflected file download which might enable attackers to gain complete control over a website user's machine by virtually downloading a file from a trusted domain.
This is a vulnerability in the browsers that only affects Microsoft Windows systems.
An attacker can craft a URL on the target website that can execute commands on the website visitor's computer if the visitor accepts the download.
For a Reflected File Download attack to be successful:
Content-Disposition
header with filename
attribute in the HTTP response:Content-Disposition: attachment; filename=f.txt