Forgot your password?
typodupeerror
Businesses Security

Severe Vulnerability At eBay's Website 60

Posted by timothy
from the going-once-going-twice dept.
New submitter Golem.de (3664475) writes with another security problem at eBay: "The German security expert Micheal E. discovered the persistent cross-site scripting vulnerability on eBay's website about two months ago and said he reported it to Ebay immediately. Ebay ceased to answer his emails, after writing that they considered it a mostly harmless error. Micheal E. sent Golem.de a PoC demonstrating that the error that has not yet been fixed. An attacker can manipulate an official auctioning web page and insert Javascript code. By visiting the malicious web page the code is executed by the victim and could potentially be used by the attacker to to execute arbitrary actions in the victim's Ebay account and gain full control over it. There is probably no connection to the huge database theft reported a few days ago. The XSS flaw can only be used to attack one victim at a time."
This discussion has been archived. No new comments can be posted.

Severe Vulnerability At eBay's Website

Comments Filter:
  • by Anonymous Coward on Saturday May 24, 2014 @09:58AM (#47082741)

    ...but run by excellent salespeople.

    Capitalism is 90% salesmanship.

  • Fuck ePay (Score:5, Informative)

    by ArchieBunker (132337) on Saturday May 24, 2014 @10:21AM (#47082807) Homepage

    ePay is so hostile for anyone selling casually its no longer worth your time. Paypal now holds onto your funds for weeks if you haven't sold anything recently and your feedback score or number of auctions makes no difference. No matter what small item is sold everyone complains. As a seller you'll automatically lose any complaint filed against you. People overpay for items and then complain something is wrong and then pick arbitrary partial refund values. The auction fees themselves have gotten ridiculous, over 10% on small items. As a buyer you won't find any auction deals. That time has long past. Now its mostly a marketplace for Chinese storefronts.

    Why can't someone come up with an alternative? Google has a payment system up and running so why can't they make a competitor?

Anyone can do any amount of work provided it isn't the work he is supposed to be doing at the moment. -- Robert Benchley

Working...