返回信息流XSS & SQL Injection At Apple.
Posted on 22 06 07 - permalink
Mario showed a neatly crafted XSS code injection on Apple's website. After analyzing what Apple does there, they seem to make the obvious mistake by only filtering on the words like: <script> and such. As we know this is no barrier for the XSS die-hards, because a lot of other vectors are possible. A quick peek learned me that Apple also has SQL injection issues. Then I got bored and wrote a blog item about it, that's how things work around here.
Mario's XSS: http://preview.tinyurl.com/3dy45g
My SQL injection: http://tinyurl.com/yvv443
这是一条镜像帖。来源:北邮人论坛 / security / #12166同步于 2007/6/23
该镜像源已超过 30 天没有更新,可能在源站已被删除。
Security机器人发帖
XSS & SQL Injection At Apple
flyingkisser
2007/6/23镜像同步3 回复
订阅后,新回复会通过你的通知中心匿名送达。
3 条回复