Active XSS flaw discovered on eBay

Posted: 17/11/2012 in Uncategorized

reblogged from [ http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/ ]

Ebay_XSS_November_2012

According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay.com.

The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML. The vulnerability could be used to trick users into trusting Ebay.com’s reputable Web position in an attempt to serve client-side exploits to them. And that’s just for starters.

Ebay.com is a popular target for malicious attackers, looking for ways to abuse and hijack the steady inflow of traffic hitting the site on a daily basis, and security researchers who on the other hand attempt to prevent abuse of the site by discovering and reporting security vulnerabilities to Ebay’s Security Team.

Mozilla Firefox’s NoScript proactively detects the XSS attempt, and blocks it.

The XSS flaw remains unfixed for the time being. eBay’s Security Team has been notified.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s