Search This Blog

[unfixed] Persistent XSS Vulnerability in Ebay

The Indian security researcher, Shubham Upadhyay with online handle Cyb3R_Shubh4M, has discovered a persistent cross site scripting vulnerability in eBay site.

In an email sent to Xssed.com, researcher explained the details of vulnerability. In order to exploit the vulnerability, attackers would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.


At the time of writing , the vulnerability is unfixed . Here is the page where he injected his code:

http://www.ebay.com/itm/181023275832?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649

The mirror is available here:

http://www.xssed.com/mirror/79254/

According to the researcher, it also gets executed in the cgi.ebay.com domain when logged in the seller acco
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability