This is a reported "Reflected XSS" on apple.com which i've reported it responsibly on 04/08/2012
I'll be blogging about some web bugs which i've reported and had been fixed. :D
Severity: Reflected XSS
Confidence: Certain
Host: http://www.apple.com/recycling/ipod-cell-phone/
Path: /
Issue detail:
What i did was to popup a alert using the payload below, which is just a base64 encoded of alert(document.cookie)
"<iframe src="data:text/html;base64,PGJvZHkgb25sb2FkPWFsZXJ0KGRvY3VtZW50LmNvb2tpZSk+"></iframe>
This is the screenshot before i send my payload.
This is the screenshot after i sent the payload.
Reported by: Jacob Soo
Vendor Notification: August 04, 2012
Resolution: September 26, 2012
No comments:
Post a Comment