It is an old self reflected XSS (April 6th, 2013), but it was a nice hunt for the beginning of my career.
Steps to reproduce:
1. Navigate to http://store1.adobe.com
2. Choose any product and click its link (for example: Adobe Acrobat XI Pro
http://store1.adobe.com/
3. Choose any option from the dropdown menu and click “Add to Cart”. Now data is being send via POST request. Vulnerable variable is “store”, which has a default value of “OLS-US”. You can inject any JavaScript code into it, for example:
store=<script>alert(document.cookie)</script>
This will show user’s cookies in an alert box.
Additionally this error reveals internal IP address: 10.116.66.9
This got me listed on Adobe Acknowledgements page.
Timeline:
[April 6th 2013] - bug was reported [April 22nd 2013] - Adobe contacted me [July 30 2013] - bug was fixed