A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web vulnerability has been discovered in the official BMW online service portal web-application.
The vulnerability is located in the `firstname` and `lastname` value parameters of the `mail` module. The vulnerable parameters are insecure sanitized next to being delivered inside of a basic html mail template.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability