Description
Sow Ching Shiong, an independent vulnerability researcher has discovered a Cross-Site Scripting (XSS) vulnerability in consultants.apple.com, which can be exploited by an attacker to conduct XSS attacks.
Proof of concept
http://consultants.apple.com/au/locator_results.php?sl=AU&citystate=VIC&page=2<script>alert(document.cookie)</script>
Conclusion
This vulnerability has been confirmed and patched by Apple Security Team. I would like to thank them for their quick response to my report.
Apple White Hat
http://support.apple.com/kb/HT1318
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.