Friday, August 30, 2013

Persistent XSS in Ebay - One of the best '12 discoveries

I found this bug, last year and this was my first bug and the most precious one.

In order to exploit the vulnerability, attacked would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.




Here was the page where I injected the code: http://www.ebay.com/itm/181023275832?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649 

The mirror is available here: http://www.xssed.com/mirror/79254/ 

In news for this great discover: https://www.google.co.in/search?q=ebay+persistent+xss&oq=ebay+persistent+xss&aqs=chrome.0.69i57j69i62.3702j0&sourceid=chrome&ie=UTF-8

0 comments:

Post a Comment