'output escaping'에 해당되는 글 1건

  1. 2010.08.11 Apple iTunes uses google search engine?

A Vietnamese hacker called "Thuat Nguyen" had hacked into iTunes accounts and manipulated the rating and sales for his book apps in July.


Apple does not confirmed an official statement regarding this hacks. But I guess that attack point of this hacks caused by phishing(such as E-mail) or malware such as keylogger.


I assumed that iTunes website may be vulnerable to SQL Injection or XSS attack.


Finally, I've found that iTunes website is vulnerable to XSS attack.

<#1. XSS Attack. iTunes likes google? >


While there are a huge numbers of XSS attack vectors, secure coding (input validation, output escaping) can defend against XSS attack(and SQL Injection).


Please email me(moonslab@gmail.com) if you’re security administrator of Apple or iTunes site.


Posted by 문스랩닷컴
blog comments powered by Disqus

    댓글을 달아 주세요

    Web Analytics Blogs Directory