XSS & SQL Injection At Apple.

Publicated on : 1182483498
Mario showed a neatly crafted XSS code injection on Apple's website. After analyzing what Apple does there, they seem to make the obvious mistake by only filtering on the words like: <script> and such. As we know this is no barrier for the XSS die-hards, because a lot of other vectors are possible. A quick peek learned me that Apple also has SQL injection issues. Then I got bored and wrote a blog item about it, that's how things work around here.

Mario's XSS: http://preview.tinyurl.com/3dy45g

My SQL injection: http://tinyurl.com/yvv443