Paid Advertising is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In xss
Posted by: Kyo
Date: July 18, 2008 01:28PM

I emailed apple twice about an issue on the apple store search. They did not fix it for over a MONTH and never mailed me back either. They "fixed" it now, but they did a lousy job at it.


this will not work if you urlencode the "

anyway, originally it would allow anything, now it strips tags but it will allows attribute based exploits, so knock yourself out.

The reason I'm disclosing this now is because I really can't be bothered to run after apple, if they refuse to reply in a bearable time span or follow my advice.

Edited 3 time(s). Last edit at 07/18/2008 01:30PM by Kyo.

Options: ReplyQuote
Re: xss
Posted by: thrill
Date: July 18, 2008 03:28PM




It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: xss
Posted by: rsnake
Date: August 03, 2008 10:21PM

Still works. Seriously. How lame! PCI anyone?

- RSnake
Gotta love it.

Options: ReplyQuote
Re: xss
Posted by: Jiu
Date: August 04, 2008 04:20PM

without onmouseover ^^
works in Firefox 2

Edited 1 time(s). Last edit at 08/04/2008 04:20PM by Jiu.

Options: ReplyQuote
Re: xss
Posted by: Kyo
Date: August 04, 2008 08:27PM

huh, looks like my browser was just being weird or something. they didn't fix it...

Options: ReplyQuote
Re: xss
Posted by: TheInsider
Date: December 24, 2008 08:16PM

Nice guys!
Both patched, check this out...'"><script>alert("The apple didn't fell far from the last apple")</script><div id="
Aspect9 Founder & Chief Security Architect
My job is to assess not assassinate
You can spend your life reading what others write or you can spend your life writing for others to read, choose your destiny!

Options: ReplyQuote
Re: xss
Posted by: DoctorDan
Date: December 25, 2008 10:34PM

Not okay! Good finds.


Options: ReplyQuote

Sorry, only registered users may post in this forum.