Samsung Cross Site Scripting

Samsung Cross Site Scripting: Posted Jun 1, 2013; Authored by David Tapia; images.samsung.com suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 28d4b08cef3c384b91c8e33653121623e21b5abc258e8ee4190e55216b2d5403; Download | Favorite | View

Samsung Cross Site Scripting

Hi all!

Mi name is David Tapia. I would like to disclose an XSS vulnerability in
images.samsung.com. I tried to warn them two months ago using their bug
bounty program, but they answered me saying that it is only available for
their Smart TVs . I totally agree with them but they could have fixed it
since this happened almost 3 months ago.

The same vulnerability could be exploited in a domain of Adobe Scene 7, but
they already have fixed it (without giving me any Security Acknowledgment).

Here is the proof of concept:

http://images.samsung.com/s7ondemand/brochure/flash_brochure.jsp?company=samsung&sku=&config=233%22;alert%28'XSS'%29;//&zoomwidth
=

Best Regards,

David Tapia

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Samsung Cross Site Scripting

Samsung Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Samsung Cross Site Scripting

Share This

Samsung Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems