Friday, August 27, 2010

Ebay XSS


Ebay sites still vulnerable to cross-site scripting,html injection and redirect

all proof of concept still works fine,so be carefull!



POC:

http://donations.ebay.com/charity/charity.jsp?NP_ID=40219&name=XSS

http://worldofgood.ebay.com/Handmade-Jewelry-Earrings-Necklaces-Rings/47/list?XSS

http://worldofgood.ebay.com/list?HTML Injection

http://sea.ebay.com/searchAnnoucement.php?time=XSS

http://applications.ebay.com/selling?EAppsByCategory&sType=2&cId=4&cName=XSS














See also RafalLos article : eBay's Sub-Domains Vulnerable to XSS ...again

1 comment:

blaza said...

I Like the ebay and marketing
ebay