New XSS flaws within eBay sites

Written by DP

Tuesday, 27 May 2008

Updated: 27/05 - 17:58
eBay is again XSSed! Scammers can take advantage of these new critical cross-site scripting issues.

They can inject JavaScript code to redirect users to eBay phishing scam pages and to display fake auctions. Victims who click on what appears to be a genuine eBay search results link, are also vulnerable to malware infection.

The affected domains are the following (and possibly more): [Mirror] [Mirror] [Mirror] [Mirror]

The XSS issues were submitted by Genosite, and Uber0n.

eBay has been XSSed multiple times in the past:

We hope that all eBay XSS issues get fixed quickly for the sake of their user's privacy and security.

Quoting from a PC World news article titled "How To Avoid Falling Into The Phishing Hole" :
"eBay says it now prevents JavaScript on its site from forwarding visitors to third-party sites automatically. However, experts say, hackers can easily modify JavaScript code to once again trigger the same behavior."

This vector works:
<SCRIPT>if (top == window)location.href = ''</SCRIPT>
eBay lied... :-/

Related News:
"eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole" - Roger Anton & Steven, 31-03-05
"How To Avoid Falling Into The Phishing Hole" - Tom Spring, PC World, 09-04-07

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.