Comments on: Apple.com XSS Exploit found on iTunes site http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/ News, tips, software, reviews, and more for Mac OS X, iPhone, iPad Sun, 12 Feb 2012 23:11:08 +0000 hourly 1 http://wordpress.org/?v=3.1 By: XSS Exploit found on Apple iTunes site… again - OS X Daily http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-98210 XSS Exploit found on Apple iTunes site… again - OS X Daily Wed, 18 Nov 2009 20:17:03 +0000 http://osxdaily.com/?p=1770#comment-98210 [...] few weeks ago, there was an active XSS Exploit on Apple.com with their iTunes site. Well, a tipster sent us the exact same cross site scripting exploit that [...] [...] few weeks ago, there was an active XSS Exploit on Apple.com with their iTunes site. Well, a tipster sent us the exact same cross site scripting exploit that [...]

]]> By: Apple-Overload! » Apple’s iTunes Affiliates site briefly subjected to image swaps http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97692 Apple-Overload! » Apple’s iTunes Affiliates site briefly subjected to image swaps Wed, 04 Nov 2009 11:06:03 +0000 http://osxdaily.com/?p=1770#comment-97692 [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...] [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...]

]]> By: Apple’s iTunes Affiliates site briefly subjected to image swaps « http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97691 Apple’s iTunes Affiliates site briefly subjected to image swaps « Wed, 04 Nov 2009 10:33:07 +0000 http://osxdaily.com/?p=1770#comment-97691 [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...] [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...]

]]> By: Apple’s iTunes Affiliates site briefly subjected to image swaps | Design City http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97683 Apple’s iTunes Affiliates site briefly subjected to image swaps | Design City Wed, 04 Nov 2009 05:15:13 +0000 http://osxdaily.com/?p=1770#comment-97683 [...] under: Hacks, iTunes, AppleOur friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...] [...] under: Hacks, iTunes, AppleOur friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...]

]]> By: Apple’s iTunes Affiliates site briefly subjected to image swaps | Tech Stories, Games and Gadgets - BackLINK http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97679 Apple’s iTunes Affiliates site briefly subjected to image swaps | Tech Stories, Games and Gadgets - BackLINK Wed, 04 Nov 2009 03:11:35 +0000 http://osxdaily.com/?p=1770#comment-97679 [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...] [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...]

]]> By: Billy http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97666 Billy Wed, 04 Nov 2009 01:09:56 +0000 http://osxdaily.com/?p=1770#comment-97666 It is a true XSS exploit. http://en.wikipedia.org/wiki/Cross-site_scripting It is a true XSS exploit.

http://en.wikipedia.org/wiki/Cross-site_scripting

]]> By: Update RSS » Apple’s iTunes Affiliates site briefly subjected to image swaps http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97665 Update RSS » Apple’s iTunes Affiliates site briefly subjected to image swaps Wed, 04 Nov 2009 01:08:55 +0000 http://osxdaily.com/?p=1770#comment-97665 [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...] [...] friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a [...]

]]> By: HolyMoly http://osxdaily.com/2009/11/03/apple-com-xss-exploit-found-on-itunes-site/#comment-97661 HolyMoly Tue, 03 Nov 2009 23:49:44 +0000 http://osxdaily.com/?p=1770#comment-97661 I don't think this is true XSS Exploit because it is sanitized, however I was able to force multiple downloads without confirmation to several machines by inserting an iframe with a direct download link, that is just too easy. I can also replicate the endless popups you described and you have to kill the browser to escape the loop. Someone is getting fired! I don’t think this is true XSS Exploit because it is sanitized, however I was able to force multiple downloads without confirmation to several machines by inserting an iframe with a direct download link, that is just too easy. I can also replicate the endless popups you described and you have to kill the browser to escape the loop.

Someone is getting fired!

]]>