Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Severe vulnerability at eBay's website (golem.de)

Golem.de writes: The German security expert Micheal E. discovered the persistent cross-site scripting vulnerability on eBay's website about two months ago and said he reported it to Ebay immediately. Ebay ceased to answer his emails, after writing that they considered it a mostly harmless error. Micheal E. sent Golem.de a PoC demonstrating that the error that has not yet been fixed. An attacker can manipulate an official auctioning web page and insert Javascript code. By visiting the malicious web page the code is executed by the victim and could potentially be used by the attacker to to execute arbitrary actions in the victim's Ebay account and gain full control over it. There is probably no connection to the huge database theft reported a few days ago. The XSS flaw can only be used to attack one victim at a time.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Severe vulnerability at eBay's website

Comments Filter:

Nothing will ever be attempted if all possible objections must be first overcome. -- Dr. Johnson