Tuesday, June 4, 2013

XSS in Ebay Labs

I got 2 non persistent XSS bugs in ebay labs website. Below are the details,

URL: http://labs.ebay.com

Alert Box:

1st one- http://labs.ebay.com/erl/demoto/to- add=lp&origtitle=Mr.&qy=%27%20onmouseover%3dprompt %281337%29%20bad%3d%27&skipk=20&sq=pop&title=Mr.

2nd one- http://labs.ebay.com/publications/-wpa-paged=2&wpa- sort=%22%20onmouseover%3dprompt%281337%29%20bad%3d%22

Attack Details:URL encoded GET input qy was set to ' onmouseover=prompt(1337) bad='

The input is reflected inside a tag parameter between single quotes.

Affected items: /erl/demoto/to & /publications/

The impact of this vulnerability: Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

How to fix this vulnerability: Your script should filter metacharacters from user input.

This bug is reported to ebay and resolved now.


Post a Comment