Thursday, October 18, 2018

Victoria's Secret app: XSS: A plaintext search results in a cross site scripting error

Victoria's Secret app for iOS (version 5.4.2)
Date: 10/18/2018

Description:

The most common self-reflecting XSS bug is active with the Victoria's App for iOS.

If the user searches for "<plaintext>" in the search box, the app barfs up HTML.

Easier to show than to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the Victoria's Secret app for iOS (version 5.4.2)
2. Click on "SHOP"
3. Click inside the magnifying glass to search
4. Enter in <plaintext> as a search term
5. Run a search

Result: There is an cross site scripting error if the user runs a search for "<plaintext>"

Expected: There should not be a cross site scripting error if the user runs a search for "<plaintext>"

Launch the app, then click on "SHOP"...

Click on the magnifying glass...

Run a search in this search box...

Enter in <plaintext> as a search term...

Barfs HTML.
Posted by at No comments:
Labels: ,

Tuesday, October 9, 2018

JCPenney - Account Creation - The "Next" keyboard button doesn't advance the user

JCPenney App for iOS (version 8.9.2)
Date: 10/10/2018

Description:

On the "Create Account" screen, the "Next" button doesn't advance the user to the next input box. This is very noticeable!

This is easier to show than to describe, so please take a look at the attached screenshots.

Steps to Reproduce:

1. Download and launch the JCPenney App for iOS
2. Advance to the "Create Account" screen
3. Click inside the "First Name" input box
4. Enter in a valid first name
5. Click "Next" on the keyboard

Result: The "Next" button on the keyboard does not advance the user to the next input box on the "Create Account" screen

Expected: The "Next" button on the keyboard should advance the user to the next input box on the "Create Account" screen

Download and launch the JCPenney app (version 8.9.2)

Select the "Create Account" button...

The "Next" button on the keyboard doesn't advance the user to the next input box.
Posted by at No comments:
Labels: , ,

Friday, October 5, 2018

Shopbop app - Pressing "Shop by Category" and "Shop What's New" at the same time crashes the app

Shopbop App for iOS (version 3.1.1)
Date: 10/05/2018

Description:

There is an easy way to crash the Shopbop app for iOS.

Within the app there is a shopping bag icon in the upper right hand corner of the screen. After selecting this icon, you are taken to a "Shopping Bag" page. On the "Shopping Bag" page there are two options. One of these options is "Shop by Category" while the other is "Shop What's New."

If you press both of these options at the same time, the app will crash. This happens every time it is is done. I will attached a crash dump.

This is easier to show than it is to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the Shopbop app for iOS
2. Select the shopping bag icon in the upper right hand corner of the screen
3. Press and hold "Shop by Category" and "Shop What's New" simultaneously
4. Release "Shop by Category" and "Shop What's New" simultaneously

Result: Pressing, holding, and then releasing "Shop by Category" and "Shop What's New" on the Shopping Bag page crashes the app

Expected: Pressing, holding, and then releasing "Shop by Category" and "Shop What's New" simultaneously should not crash the app

Select the Shopping Bag option in the upper right...

Press "Shop by Category" and "Shop What's New" at the same time...

The app will then crash.

Here is the crash dump:


Posted by at No comments:
Labels: ,

Wednesday, September 12, 2018

Inky App - Account Creation - Trailing Whitespaces - Cannot Complete Account Creation if there is a trailing whitespace behind a valid email address

Inky app for iOS (Version 1.0.26)
Date: 09/12/2018

Description:

It is impossible to complete non-Facebook account creation if there is a trailing whitespace behind a valid email address during the sign up process.

This is easier to show than it is to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the Inky app for iOS
2. Select "Sign up"
3. From the "Create Account" page, enter in a valid email address
4. Behind the valid email address, press the spacebar once
5. Enter in a password and confirm
6. Click on "Next"
7. Approve the Terms of Use

Result: During the account creation process, entering in a space behind a valid email address prohibits the user from creating account

Expected: The trailing whitespace should be automatically corrected - should not result in an error message

Enter in a valid email address...

Enter in a single space after the valid email address...

Approve the Terms of Use...

Note the error message. 
Posted by at No comments:
Labels: , ,

Tuesday, May 15, 2018

Newsmax app - Share option crashes the app

Date: 05/15/2018
iPad Mini iOS: 11.2.6 (build 15D100)
Newsmax - app version 2.0.3

Description:

The Newsmax app for iOS crashes on my iPad Mini every time the "Share" option is selected.

Please see the attached screenshots.

Steps to Reproduce:

1. Launch the Newsmax app (version 2.0.3) on an iPad Mini
2. Select any option (like "health")
3. Select the "Share" option in upper right hand corner

Result: Selecting the "Share" option in the Newsmax app on my iPad Mini crashes the app

Expected: Selecting the "Share" option from within the Newsmax app should not crash the app


Launch the Newsmax app on an iPad Mini...

Select an option like "Health"...

Select the "Share" option in the upper right. The app will crash.
Posted by at 1 comment:
Labels:

Wednesday, February 21, 2018

REI - Shop Outdoor Gear - blank png image icons for sharing

Date: 02/22/2018
iPad Mini iOS: 11.2.6
REI - Shop Outdoor Gear app version: 6.0.2
Description:
On my iPad Mini, the REI - Shop Outdoor Gear app has a minor bug.
On the share option for any product the share options that appear lack the appropriate png image icons.
The Message/Mail/Add to Notes/Facebook/Messenger/Twitter options are all blank.
This is a bug I have seen a couple times before, and from what I understand, it is easy to fix.

Please see the attached screenshots.

Steps to Reproduce:

 1. Download the app
2. Go to any product
3. Select the share icon
Result: The share options that appear on the REI - Shop Outdoor Gear app are all blank -
they are missing the appropriate png image icons

Expected: On my iPad Mini, while using the REI - Shop Outdoor Gear app,
I expect to see the appropriate png image icons for sharing

Download the REI - Shop Outdoor Gear app on an iPad Mini

Launch the app
Head to any product (creating an account or signing in isn't necessary)

Head to any item
Select the "Share" option
Blank image icon 

Posted by at No comments:
Labels: , , , ,

Thursday, February 8, 2018

Tictail - blank png image icons for sharing

Date: 02/08/2018
iPad Mini iOS version: 11.0
Tictail app Version: 2.12.14

Description:

On my iPad Mini, the Tictail app (version 2.12.14) has a minor bug. On the share option for any item, the sharing options that appear lack the appropriate png image icons.

Meaning, Message/Mail/Reminders/Add to Notes/Facebook/Messenger/Twitter are all blank. I have only seen this happen a few times with iOS apps on the iPad Mini. This does NOT reproduce with the Tictail app on an iPhone.

It is easier to show than to describe, so please see the attached screenshots.

Steps to Reproduce:

1. Download and launch the Tictail app on an iPad Mini
2. Select any item
3. Select the share option

Result: The Message/Mail/Reminders/Add to Notes/Facebook/Messenger/Twitter options are all blank (no png images for these options) with the Tictail app on an iPad Mini

Expected: That the Message/Mail/Reminders/Add to Notes/Facebook/Messenger/Twitter options will appear

Launch the app, select any item...

Select the share option in the upper right...

No image png icons for things like Facebook, Messenger, Twitter...
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)