Friday, August 30, 2013

Persistent XSS in Ebay - One of the best '12 discoveries

I found this bug, last year and this was my first bug and the most precious one.

In order to exploit the vulnerability, attacked would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.

Here was the page where I injected the code: 

The mirror is available here: 

In news for this great discover:


Post a Comment