[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] XSS in images.samsung.com

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] XSS in images.samsung.com
From: David Tapia <tapiadavid44@xxxxxxxxx>
Date: Fri, 31 May 2013 01:06:09 +0200

Hi all!

Mi name is David Tapia. I would like to disclose an XSS vulnerability in
images.samsung.com. I tried to warn them two months ago using their bug
bounty program, but they answered me saying that it is only available for
their Smart TVs . I totally agree with them but they could have fixed it
since this happened almost 3 months ago.

The same vulnerability could be exploited in a domain of Adobe Scene 7, but
they already have fixed it (without giving me any Security Acknowledgment).

Here is the proof of concept:

http://images.samsung.com/s7ondemand/brochure/flash_brochure.jsp?company=samsung&sku=&config=233%22;alert%28'XSS'%29;//&zoomwidth
=

Best Regards,

David Tapia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] No Directory Traversal Vulnerability in sthttpd
Next by Date: [Full-disclosure] Call For Papers - ekoparty security conference 2013
Previous by thread: [Full-disclosure] No Directory Traversal Vulnerability in sthttpd
Next by thread: [Full-disclosure] Call For Papers - ekoparty security conference 2013
Index(es):
- Date
- Thread