[Vulnerability Report] Non-Persistent XSS on Beats By Dre

---------Following is the email which i had sent to Apple Product Security----------

Vulnerability type: Non-Persistent XSS

Affected URL: https://tempo.api.beatsbydre.com/v1/login/?return=%22%3E%3C/form%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Attack Scenario: An attacker is able to trick an authenticated user into visiting a malicious URL,
which is capable of stealing user's session and take over his apple account.

Best Regards
 Amit Kumar
cse@engineer.com
-------------------------------------------------------------------------------------------------------------------------

Preview:
 
 

Amit Sangra

Author & Editor

Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.

1 comments:

  1. In both case, results are unpredictable regardless of quantity of} games have been performed, how many of} wins or losses have occurred, the velocity at which a sport is performed, the wager amount or sort, etc. Playing on a gambling machine is taking part in} a sport of probability. 소울카지노 There are often many millions of different potential outcomes of a sport.

    ReplyDelete

 
biz.