Apple.com XSS Exploit found on iTunes site
Update: Apple has fixed the exploit!
I imagine this will get fixed relatively quickly, but you can do some funny (and potentially scary) things with Apple.com’s iTunes Affiliate sites just by modifying the URL parameters. The modified Apple.com URL is formed as follows:
Click here for the OSXDaily.com version of the XSS exploit on Apple.com – it is safe, it just displays what’s in the above screenshot.
Here are some more screenshots showing what the URL modification in action, preserved for posterity:
Here’s one taking the Windows 7 joke even further by inserting an iframe with the Microsoft site into the content:
[ Reader submission found via Reddit: Apple XSS Exploit – Thanks Mark! ]