Critical XSS and directory traversal flaws on Ebay.co.uk website
Written by DP
Friday, 3 April 2009
A security researcher who goes by the nickname "methodman", today reported a few critical security vulnerabilities affecting Ebay.co.uk. Earlier, he alerted Ebay staff about the issue, but didn't get any response...
For example, this attack vector would work:
<SCRIPT>if (top == window)location.href = 'http://www.xssed.com'</SCRIPT>
Ebay XSS mirror:
Also, due to insufficient security validation / sanitization of user-supplied input, an attacker can exploit a directory traversal vulnerability to execute arbitrary commands (View screenshot 1 & 2 of the directory traversal bugs).
#1 Screenshot of the Ebay XSS flaw:
#2 Screenshot of the Ebay XSS flaw:
#1 Screenshot of the Ebay directory traversal flaw:
#2 Screenshot of the Ebay directory traversal flaw:
Thanks to methodman for reporting these critical security issues!!! We hope that Ebay fixes them quickly!