[Vulnerability Report] Non-Persistent XSS on Beats By Dre

---------Following is the email which i had sent to Apple Product Security----------

Vulnerability type: Non-Persistent XSS

Affected URL: https://tempo.api.beatsbydre.com/v1/login/?return=%22%3E%3C/form%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Attack Scenario: An attacker is able to trick an authenticated user into visiting a malicious URL,
which is capable of stealing user's session and take over his apple account.

Best Regards
 Amit Kumar
cse@engineer.com
-------------------------------------------------------------------------------------------------------------------------

Preview:
 
 

Amit Sangra

Author & Editor

Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.

2 comments:

  1. In both case, results are unpredictable regardless of quantity of} games have been performed, how many of} wins or losses have occurred, the velocity at which a sport is performed, the wager amount or sort, etc. Playing on a gambling machine is taking part in} a sport of probability. 소울카지노 There are often many millions of different potential outcomes of a sport.

    ReplyDelete
  2. Players, after making an ante wager, have the option of creating a progressive jackpot wager by depositing a token or cheque into the suitable coin-drop located on the layout. Go forward and desk your other plans – your day simply received extra thrilling. Stop by any 온라인카지노 of Riverwind’s desk games, you’ll discover there’s something for everybody.

    ReplyDelete

 
biz.