XSS in store.adobe.com

0

It is an old self reflected XSS (April 6th, 2013), but it was a nice hunt for the beginning of my career.

Steps to reproduce:

1. Navigate to http://store1.adobe.com

2. Choose any product and click its link (for example: Adobe Acrobat XI Pro
http://store1.adobe.com/cfusion/store/html/index.cfm?event=displayProduct&categoryOID=7464443&store=OLS-US)

3. Choose any option from the dropdown menu and click “Add to Cart”. Now data is being send via POST request. Vulnerable variable is “store”, which has a default value of “OLS-US”. You can inject any JavaScript code into it, for example:

store=<script>alert(document.cookie)</script>

This will show user’s cookies in an alert box.

Additionally this error reveals internal IP address: 10.116.66.9

This got me listed on Adobe Acknowledgements page.

Timeline:

[April 6th 2013] - bug was reported
[April 22nd 2013] - Adobe contacted me
[July 30 2013] - bug was fixed

Leave a Reply

Your email address will not be published. Required fields are marked *