damnable tww url parser!curse you.http://www.apple.com/uk/itunes/affiliates/download/?artistName=%3Cblink%3EApple%20%3Cmarquee%3E%3Cbr/%3E%20%3Ciframe%20src=http%3A%2F%2Fwww.goatse.fr%20width=800%20height=400%3E%3C/iframe%3E&thumbnailUrl=http%3A//images.apple.com/home/images/promo_mac_ads_20091022.jpg&itmsUrl=http%3A%2F%2Fitunes.apple.com%2FWebObjects%2FMZStore.woa%2Fwa%2FviewAlbum%3Fid%3D330407877%26s%3D143444%26ign-mscache%3D1&albumName=%3Cblink%3Ea%20wide-open%20HTML%20injection%20hole[Edited on November 18, 2009 at 4:48 PM. Reason : srgedrgerg]
11/18/2009 4:40:45 PM
this is the best part of web 2.0BIlRL'ÄœjZˆÈÀ‚aÒbϸÀ<ª»ýZÆ©*LœÙÚDü0ËÑWó-çêÂ|ûÖ¶*Ë!OòŸâËöD⢡K‚4£8™sœÝ«§XPÃ#9ž³Ð`TµM$ ¤€cž¿ UTÑQÈ3´“œ‚ryF ¬T1m9²“©³ j“$@<UCÅd f¤tŸs8Ãz*Ù¬‘Üü°ÐÆÈ 12T F^#,4“Hê ~™‚HÄàî*µ3&Ö͇î/Û€Šä–³[ŇԜÂ+$ÆgÃ<}«¡Ê†Ôºu–ÌLŸŒ` XHR°Ì„?À&ƒnÈåª!¤¹2§8 ?nŠ¿PÔzxý«£Z=NôÁ#IEò€uv€€ã)fÙЖØ^à5kUÞt‰€>1ôn®Ñ¸Da±B ¹E¡bXí¿.ãQv¥^TÞ„+BýRgÀôÀYö ª‹YTVbÄ"<‹Ñ@iÊ2’p]žåšµZ þYRË"H£Œ§ö`$vM¶F"ÒÌÛˆÖ*#3–@Ç<ëÚ¶ŠP•@°Um`4g$>#á¯5V)pªV´PI€GÏ,weWòÖ§C¼‘Øwëßaöú«[¬(ð°¨÷8~ĺ6ª–Aæqõ2öÏ>ý';ÃmJÂ’lW?ÊÌÀ'§Ó1‘ýØ K’yn™ÿ õ¢5ÄB¶ÝòûwÀYƒ¶½@ ³1Ô¤úàUlP Å?LÞpÚvÂN@KY–GV^\ºŒ^§U\’|Âc¿~ÝpÞ˜)ÈÒNýF žŒ€r€<¡~AŸŒà>w´Ž¤Ì–øf_}ËZ†î–$”?Y=KOs`9Wõ:–W¿á=#%w®¨Ðuƒ’‘‘Œ¼öËîèã•-OUÅÖãÊD =|åÇmu0Zƒb°Ô–L“«â``µÜлÈT«ùŸLŸ hœ´ƒ"0^#”®ÊÔ£ÊÌ`>~8ïy@µ‹VÂ)ÔKCyb:,ŒÀÈøñ|͆Ú×ÌÉk Æ™a—ŒD ÎBÏËl!Áµ¬S¤,“'<²ðá}Ë»Õ}eÌ©I`;‡öà-ü.ÿ kp-æj•$ùAXƒØί¸xÕ?¥Æ zIî¿Ø¸ÙÝè´‚ë\V'ç€q°ôÕ”ªÂ(r€3ìOŽ_Šfk2RÌ$e¦'¤¸ ]½B¢Øć˜Æg¨ÀHUí=ÓzˆRåK2ü*3ÎH8Ån6ÅC'D ’éÊ<c ØÖe”+1R"Lb`DÈÀFòöªõ3m*¤(2Æzç$ŸŽ+uêT*i$¸"L™’:OÏ Šè?šŠD‘¦¥ú¼ÙNFc<ž÷Ó·®Æ&»é#NFf2?˜ÛíëãÂ49ÐL¨'6“ ïÛR]eö@RiQ‘Qðé× ëe^ïNj)ò*æÇI1˜')ëã€]]önÝÔ¨ZY´DÆ^ž³óÖ[Ôc¨°"4€"?n ¿§ÎÝ+ýBï”!F»„ºA9yn«(ÀvÕTçæ\ÇO† Â’J€dâï#Ç µ¥UA"Lý_<R°=‡ìÀ%–3’g¡?íñÀ5¾ÿ åžÇ9÷`ë¾®Óÿ º&pK'ëFŸ,GOøré– ûtÓa:[ÒŒƒ ½IÌþØ8+C <bfAÒ#©ðÀ9 ÞÃN±š’Ì<@Œ |òí€"íè+¥ƒ •#ðÌwù`J5µlb$êIÿ ÓÔ`UŒ_Ó$¬ „ƒ,˜j¤3 ”R €O\û`X+b¦j¯&D+eÖ$™sÀ•Zuºs*Ç9d`ç× ]¢¶É ´õˆ9d`|¼p qÍ$+‚®ÌH…c Íè†`¶Š3”Ä“€-å}2 õ ˜‰ˆ3éß)\ƒT4©0ª"¶ ÄtÍz`"÷JÚš™zª4(‚rÈ=<pÛõ_P˜`$2N’ ~ÜxrUXê˜è =†~,]Ì_I{K’2üzà8ãõK]i÷¿˜dOHÛU.NgÊk“€¨ðm·¹Ô–úÐé*2‚Ó¨ÁêGË þº©]ùkiZÙAÕhiR ˆD´|pxí£¢¿¦)•ÒM„ôÕ9#·Ç?·ßUuuUê8Ž :]ˆLàuŽwˆª¸n4.Ie„¾U âORNs€á·MªôÛ: H"‰Äl{…šÕQƒ*‘’Àcnãm")]C!”ÁS”LŒ°..ËSl]Ùl6Ο4Cà‰™8·wö†pX– kC‘ÐA茺`-[kw¬±´ Ò¤I2倰û^ijnë¬.˜‰ f tð0p›Á¸žØ—¬okÔPl©Ö2ë—ÇjV©ìp±¤ä 9g¤Nn¬t’A%§Çà ‘¥Î‘¨H2s‰\¼AÀ…¥³Ë!®W§‡Ë D¯J§©ô±ê2lÿ ~ ÊP ý=Ç_Ùž6×S©4©ÌÀ™ÓŸöà5ïÜú‘jGõ SÑL,ß#€åÕ`–ᬆoK“P¤:G¦àN]0úÍÕ¶ÕS‰:L¤ ©'>°zFxn_r]Ùë‹›«Žú§.¢b#Û˜•Ôƒù, ÿ ™¤Çc&0uo¬¤¥Lñq_˜N—c€]ÛÚî,ò¬¼ª°œäö8ÜYDZ”åáÕ¥…Œ&ƒÒpkmþ’V<ÉX%bé“œñÀ8㨩™,UTùc8##×´x`,_?èùA 99ŒÄàÝÈź”à“h'çÓ Þ„_3yœ•‘cÐÁÎp^M %WQ:Ô€ÐSÓ÷xà&8¿j¾›-(}6Ru—CŸ\·ÉU¾*²Ê`ÈAè`ØNÏÛ~E–×UU*× ˜ øøà#¹Š V£H!ÇBÐG¤e€r;¶Á§5ˆAŸV0#!8Þ–°–Ö6¥?H“=;þ# ÃœÙ\Œª+ôëh ™=È?ŽX\Obb¨ÑI+«3øöøàÉ5z‚êhSÖ Ÿ1'©™1€"ª áëPŽ±× ®È¥‚kÔX| 0'ñÀIÑMuÕPFÿ 1$É" &HŽS€sE[ZÙ;•!ÄÚˆ=?fï¶ê¨µÜ¸±ó%cÞrížy~‡ÝOê:”Sæ~'yÖcJ½Dvœð¦ÊJêOyëŸËà Z“LF}çáø`•´t2Žøªy„ôñ?MÆä€@ÈŽ]ÎŽâÙfÌø+¤‰Ÿóý‘Ûåæ!á
11/18/2009 4:43:24 PM
hah, they already fixed it. tl;dr super fun iframe injection into apple.com leads to scrolling goatse!
11/18/2009 4:50:55 PM
i take it this is about http://news.ycombinator.com/item?id=948757
11/18/2009 4:51:32 PM
yea
11/18/2009 4:52:07 PM
can the tww parser be fixed to ignore everything in the code tags ?
11/18/2009 4:52:58 PM
i mean it prolly could. i'm sure another edge case would pop up though. eventually i'll get around to trying to fix it completely
11/18/2009 4:54:15 PM
i like how everybody is picking on Apple when probably at least 2/3 of sites are open to XSS, CSRF or SQL Injectionedit: not to say they shouldn't pick on them. that's they only way people learn. the fact that they fixed it within hours says a lot though[Edited on November 18, 2009 at 4:57 PM. Reason : .]
11/18/2009 4:56:05 PM
its only fun when its a common name cause then you can send people a link w/ apple.com and they think well this is sure to be safe and then they get a big ol face of the goatman.
11/18/2009 4:56:59 PM