Advertisements

 Another Ebay permanent XSS

Written by KF

Tuesday, 13 November 2012

The Indian security researcher Shubham Upadhyay aka Cyb3R_Shubh4M, sent us a new permanent XSS affecting the products listings on Ebay.com.

He explained to us how to reproduce it:

I've found a critical persistent xss bug on ebay. for that you need a seller account "Once you login to your seller account on eBay, create a listing for sale". Now in edit HTML put the xss code: '"--></style></script><script>alert("XSSed by Cyb3R_Shubh4M")</script> and then preview your listing and b00m ! 

Here is the page where he injected his code:

http://www.ebay.com/itm/181023275832?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649

The mirror is available here:

http://www.xssed.com/mirror/79254/

It sometimes gets executed in another subdomain with an iframe (in Google Chrome), but we could test it successfully on Firefox with the javascript code being executed on the www.ebay.com domain. Also, after clicking on "print", we get a temporarily link like this one: 

http://www.ebay.com/itm/ws/eBayISAPI.dll?ViewItem&rt=nc&item=181023275832&si=gGZ3pf0PeJXSxz0i4IMd7G4Xu2Q%3D&print=all&category=172602

Which interprets the code in the www.ebay.com domain on all browsers. Mirror: http://www.xssed.com/mirror/79259/

According to the researcher, it also gets executed in the cgi.ebay.com domain when logged in the seller account!

Thanks for sharing this interesting finding!


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.