Benjamin Juang (ibneko) wrote,
Benjamin Juang
ibneko

  • Music:

Apple

Apple's billion song count is getting close~ 6 million more.

Something interesting I came across after waiting too long to submit the form. Possibly exploitable. (it may be interesting to note that it showed up as <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Document xmlns="http://www.apple.com/itms/" disableHistory="true" disableNavigation="true">





<Protocol>
<plist version="1.0">
<dict>




<key>ping</key><string>https://securemetrics.apple.com/b/ss/applesuperglobal/1/G.6--NS?pageName=Session+Timeout-US&pccr=true&ch=Login&h5=appleuswwwitms%2Cappleitmsna%2Cappleitmsus</string>












</dict>
</plist>
</Protocol>

<Path></Path>








<ScrollView rightInset="0" topInset="0" bottomInset="0" backColor="ffffff" leftInset="0" stretchiness="1" horzScroll="as needed" vertScroll="as needed">
<Include target="main" url="http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.appserver.MZDirectAction/fontStyles"></Include>
<MatrixView rightInset="0" bottomInset="0" leftInset="0" topInset="0" rowFormat="100%,*">


<FontStyle name="textColor" color="000000"></FontStyle>
<HBoxView minWidth="760">
<View stretchiness="1" />
<VBoxView topInset="25" bottomInset="0" minWidth="700" >
<HBoxView leftInset="0" rightInset="0">
<TextView leftInset="0" rightInset="1" stretchiness="1" textJust="left" normalStyle="lucida17Bold">
<SetFontStyle normalStyle="textColor">

Session Timeout
</SetFontStyle>
</TextView>
<View width="10"/>

<PictureView width="11" topInset="1" height="12" rightInset="2" url="http://ax.phobos.apple.com.edgesuite.net/images/lock.png"></PictureView>
<TextView topInset="0" rightInset="0" styleSet="normal11Align" textJust="right"><SetFontStyle normalStyle="textColor">Secure Connection</SetFontStyle></TextView>

</HBoxView>


<VBoxView>
<TextView><GotoURL target="main" url="http://ax.phobos.apple.com.edgesuite.net/WebObjects/MZStore.woa/wa/com.apple.jingle.app.store.DirectAction/storeFront">Your session has timed out. Please try this operation again from the beginning.</GotoURL></TextView>
</VBoxView>

</VBoxView>
<View stretchiness="1" />
</HBoxView>






<VBoxView>
<View height="30" />
<HBoxView bottomInset="0" leftInset="0" rightInset="0">
<View stretchiness="1" />
<TextView topInset="2" styleSet="basic9" leftInset="0" textJust="center">Copyright</TextView><View width="2" />
<TextView topInset="0" normalStyle="lucida12" leftInset="0" textJust="center">©</TextView><View width="2" />
<TextView topInset="2" styleSet="basic9" leftInset="0" textJust="center">2006 Apple Computer, Inc. <OpenURL target="main" url="http://www.apple.com/legal/">All rights reserved.</OpenURL> | <OpenURL target="main" url="http://www.apple.com/legal/privacy/">Privacy Policy</OpenURL> | <OpenURL target="main" url="http://www.apple.com/support/itunes/legal/terms.html">Terms of Service</OpenURL> | <OpenURL target="main" url="http://www.apple.com/support/itunes/legal/policies.html">Terms of Sale</OpenURL> <OpenURL target="main" url="%20"> </OpenURL></TextView>
<View stretchiness="1" />
</HBoxView>




<View height="10" />
</VBoxView>






</MatrixView>
</ScrollView>













</Document>






which rendered as a paragraph "pinghttps://securemetrics.apple.com/b/ss/applesuperglobal/1/G.6--NS?pageName=Session+Timeout-US&pccr=true&ch=Login&h5=appleuswwwitms%2Cappleitmsna%2Cappleitmsus Session Timeout Secure Connection Your session has timed out. Please try this operation again from the beginning. Copyright © 2006 Apple Computer, Inc. All rights reserved. | Privacy Policy | Terms of Service | Terms of Sale"
https://securemetrics.apple.com/b/ss/applesuperglobal/1/G.6--NS?pageName=Session+Timeout-US&pccr=true&ch=Login&h5=appleuswwwitms%2Cappleitmsna%2Cappleitmsus

Doubtfully hackable in any sort of way, but.. just logging this little bit of information.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments