Friday, August 30, 2013

Multiple Adobe Bugs by Me

Open Redirector:

if a user is logged in adobe..and clicks the link, he'll be automatically redirected to thus an attacker can put an encoded malicious link to harm users of adobe.

Directory Listing:

and so on....

Open FCKEeditors-

Open FIle uploads-

Persistent XSS in Ebay - One of the best '12 discoveries

I found this bug, last year and this was my first bug and the most precious one.

In order to exploit the vulnerability, attacked would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.

Here was the page where I injected the code: 

The mirror is available here: 

In news for this great discover: