Bug bounty

Is there any bug bounty program?
I can read every file in the OS when I get access to the admin panel (even as a vendor).

As far as I know, a " bug bounty " is only offered during the beta period.  (For example)

If you have a security concern that would best not be made public, then PM Andrei.

I will show a little hack:
Go to admin panel -> Categories - > Edit first category -> In the TinyMCE editory -> click insert new image (then will show new window with RoxyFileMan), select uploaded -> Create new folder -> put the name .../../../../MyCatalog - by this way you can create new folder in every places on the server.

The next article will be - how to read /edit / delete / file on your server. But this article I will publish on the Internet.

kfs145 wrote:
This creates a directory in the root c:\wwwroot\nopCommerce\MyCatalog
I can not get any higher than that as it creates an error
and I can only create a directory in the same website
Which is what you would expect as it is blocked by Windows Security
Where is the directory created in your system ?
I can not upload any file there - what is the command to do that ?

If you’re able to do this, then you have a serious issue with your windows security / permissions!

I can’t do this on localhost, and certainly can’t do it on the sever.

I cannot create anything outside of the specific website folder.

I can create but like this ../../../../MyCatalog

DreadLokk13 wrote:
I get "Error creating directory"
Which is correct as Windows Security does not allow