158
vote
Mario showed a neatly crafted XSS code injection on Apple's website. After analyzing what Apple does there, they seem to make the obvious mistake by only filtering on the words like: <script> and such. As we know this is no barrier for the XSS die-hards, because a lot of other vectors are possible. A quick peek learned me that Apple also has SQL injection issues. Then I got bored and wrote a blog item about it, that's how things work around here.Mario's XSS: http://preview.tinyurl.com/3dy45gMy SQL injection: http://tinyurl.com/yvv443
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/585
