REFLECT XSS SUPPORT.APPLE.COM (SIMPLE BYPASS)
hai’s WRC Hunter :D
gw pengen bikin writeup pada subdomain apple nih
langsung aja ya, gw ga pandai basa basi wkwkwkwk
pertama gw buka web support.apple.com
pada menu pencarian ya gw ketik aja Sec wkwkwk
terus masuk ke address bar pada query page=search gw tambahin payload ‘><svg/onload=alert(document.cookie)><’ kira-kira seperti ini deh page=search‘><svg/onload=alert(document.cookie)><’ langsung gassd
ternyata xss ny sukses wkwkwk
simple video :
https://www.youtube.com/watch?v=QSCeLzpue_U
Report to apple security October 15, 2019 at 21:53:16
Response Apple security 30 Okt 2019 21.40
Fix Apple security 1 Nov 2019 18.44
bounty :0$