Selling *.Apple.com Reflected XSS in one of Apple important subdomain.
Advantages:
- The XSS Works on all latest browsers and devices.
- Doesn't require any user-interaction after clicking on official Apple.com link.
- High success rate due to apple.com official domain, No need to get creative trying to find appealing domain name to register to launch your attack.
You can chain this vulnerability with other vulnerabilities or you can use it as it's own.
You can key-log user email and password or any personal information of your target.
Or if you hijacked an iPhone or any apple device and you want to remove/hack the iCloud from it you can simply gain trust of the original device owner to enter his/her password because it's APPLE.COM HTTPS real domain name.
You have endless scenarios with this vulnerability.
Price: $7k/or make an offer.
Escrow Accepted.
Advantages:
- The XSS Works on all latest browsers and devices.
- Doesn't require any user-interaction after clicking on official Apple.com link.
- High success rate due to apple.com official domain, No need to get creative trying to find appealing domain name to register to launch your attack.
You can chain this vulnerability with other vulnerabilities or you can use it as it's own.
You can key-log user email and password or any personal information of your target.
Or if you hijacked an iPhone or any apple device and you want to remove/hack the iCloud from it you can simply gain trust of the original device owner to enter his/her password because it's APPLE.COM HTTPS real domain name.
You have endless scenarios with this vulnerability.
Price: $7k/or make an offer.
Escrow Accepted.