Reported to Apple Product Security on September 28, 2011 and reported as resolved at URL http://support.apple.com/kb/HT1318 which should be reviewed if you've found a Bug or vulnerability in Apple Products or Services.
The RXSS was notable for its evasion of WebKit and MSHTML.DLL. NoScript neutered the PoC.
Summary
| Severity: | High |
| Confidence: | Certain |
| Host: | https://reseller.apple |
| Path: | /asb2b/init.do |
Issue detail
The value of the dscountry request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload '%3bprompt(document.location)/This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
No comments:
Post a Comment