Remote Code Execution vulnerability in Ebay website

Sponsored Links
David Vieira-Kurz, a Security researcher from Germany, has discovered an interesting Remote Code execution vulnerability in the eBay website.

The 'q' parameter in the 'search' page of South Asian Ebay domain (sea.ebay.com/search/?q=david&catidd=1) is found to be vulnerable to remote code execution.

The researcher cleverly managed to pass the 'q' parameter as array with a command that successfully got executed.

Proof of concept provided by the researcher prints the information about the PHP running on the server:
  sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1

An attacker could have exploited this vulnerability to run OS commands and managed to compromise the entire server.  However, David reported about this vulnerability to eBay security team, the vulnerability has been fixed now.

He also discovered a SQL Injection vulnerability in the same domain last year.

The full technical details is available here.
Category: / / / / /

Share this with Your friends: