Vulnerability type: Non-Persistent XSS
Affected URL: https://tempo.api.beatsbydre.com/v1/login/?return=%22%3E%3C/form%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
Attack Scenario: An attacker is able to trick an authenticated user into visiting a malicious URL,
which is capable of stealing user's session and take over his apple account.
Best Regards
Amit Kumar
cse@engineer.com
-------------------------------------------------------------------------------------------------------------------------
Preview:
Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.
0 comments:
Post a Comment