2021-05-23 15:45:14 Author: infosecwriteups.com(查看原文) 阅读量:324 收藏
https://hackerone.com/kamikaze?type=user
Get apple’s reachable host from censys.io
Search query: 17.0.0.0/8 AND 443.https.get.status_code: 200
Censys-CLI & Aquatone
Tool for scrape ip: https://github.com/censys/censys-python
Tool for screenshot: https://github.com/michenriksen/aquatone
- Scrape reachable host from censys CLI
censys search -q “17.0.0.0/8 AND 443.https.get.status_code:\”200\”” -query_type ipv4 — fields ip protocols -max-pages 15 -f json -o apple
2. Grep ip address
grep -o ‘[0–9]\{1,3\}\.[0–9]\{1,3\}\.[0–9]\{1,3\}\.[0–9]\{1,3\}’ apple >> ip-apple
3. Adds “https” for ip address in order to use for Aquatone
sed ‘s/^/https:\/\//’ ip-apple >> http-apple
4. Take screenshots
cat http-apple | ./aquatone -ports 443 -http-timeout 9000 -screenshot-timeout 90000 — out apple
I found a site which is vulnerable to XSS.
https://apple.channel.support
1. Create a ticket
2. Upload SVG image with XSS payload in reply
3. When victim views attacker’s SVG image from mobile device, XSS triggers
Reported: 02/16/2021
Fixed & Asked to how to be credited in Hall of Fame page : 31/03/2021
如有侵权请联系:admin#unsafe.sh