apple.com Reflected XSS

[vincent]

i'm selling Reflected XSS on *.apple.com subdomain

Benefits:
*the XSS in very important subdomain
*Gaining trust of any user simply because it's real apple.com domain!
*XSS working on Chrome/Mozilla/Opera/Edge latest version
if you're a spammer you can use it TO:
use real apple.com domain name to redirect to your scam
key-logging user email/password or personal information
many scenarios etc...
OR if you hijacked a iPhone and you want to remove/hack the iCloud from it you can simply gain trust of original phone user to enter his/her password because it's APPLE.COM HTTPS real domain name

Price : 10K/or make an offer

 

[WujingKlaus]

i'm selling Reflected XSS on *.apple.com subdomain

Benefits:
*the XSS in very important subdomain
*Gaining trust of any user simply because it's real apple.com domain!
*XSS working on Chrome/Mozilla/Opera/Edge latest version
if you're a spammer you can use it TO:
use real apple.com domain name to redirect to your scam
key-logging user email/password or personal information
many scenarios etc...
OR if you hijacked a iPhone and you want to remove/hack the iCloud from it you can simply gain trust of original phone user to enter his/her password because it's APPLE.COM HTTPS real domain name

Price : 10K/or make an offer

доказать?

 

[vincent]

доказать?

of course

 

[mz137]

of course
Посмотреть вложение 10271Посмотреть вложение 10272

self-xss?

 

[vincent]

self-xss?

No it's not Self-XSS
This vulnerability affect any user/visitor on any browser, doesn't require any user-interaction just a One-Click from user to exploit it, and that's obvious and anyone will trust apple.com domain because it's official Apple domain name.

 

[vincent]

Hey everyone!
i've made a discount to 7048.81 USD / 0.79 BTC.
anyone interested ?

 

[vincent]

Hey - quick update, this is video for the proof.

https://vimeo.com/423469108

Password : APPLEXSS2020

 

[phasm]

I will contact you via PM

 

[vincent]

Hey again - Anyone interested ??

Thanks.