Finding XSS on .apple.com and building a proof of concept to leak your PII information

Initial ‘recon’

Reading this in detail? If you check Sam currys post you will see “WebObjects” is used in a lot of requests. :-) Be pro-active and you will find some interesting things in places

Hacking as a family

Making a proof of concept

Let the hunt begin.

Full name, address, appleID

--

--

--

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

0PN: Active State Privacy Assurance

Triathon Quiz Contest — Win Free Parts

6 Popular Cyber Security Myths busted

Hack The Box — Postman

Internet Will Be Revolutionized by a Decentralized Web

Zero-Knowledge Proof: Actual Anonymity and Decentralization

Let’s Learn from Google’s Irresponsibility

Chronicles of viewing Event logs as a beginner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sean (zseano)

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

More from Medium

Parameter Pollution - Zero Day

RCE in .tgz file upload

How I was able to read any users confidential reports on a public level domain

✨Open redirect on third party🤫🤔