ParityNews.com: ...Because Technology Matters

Switch to desktop Register Login

Security Researcher finds Permanent XSS Flaw on eBay

A security researcher has discovered a new permanent XSS (Cross Site Scripting) bug in eBay that may be used by malicious users to trick gullible users; serve client-side exploits and even hijack genuine eBay traffic.

Shubham Upadhyay, sent in the permanent XSS that affects products listings on eBay.com to XSSed.com and has revealed that users would need a seller account to exploit the XSS bug. “I've found a critical persistent xss bug on ebay. for that you need a seller account "Once you login to your seller account on eBay, create a listing for sale" notes Upadhyay.

EBay has been notified but, the vulnerability still remains. Firefox users may avoid the XSS script by using the NoScript addon notes ZDNet.

XSSed has noted that the injected script has been seen to execute in Google Chrome on another subdomain with an iframe. Upadhyay has claimed that the script also executes in cgi.ebay.com when the user is logged in using his / her seller account.

Read 674 times
Published in Security
Tagged under

Latest from Ravi Mandalia

Related items

More in this category: « Critical Vulnerabilities found in Call of Duty:MW3, CryEngine 3 Israeli Websites Attacked 44 Million Times, Government Claims Only One Successful »
back to top

Parity Media Private Limited. All rights reserved. 2013

Top Desktop version