The Indian security researcher, Shubham Upadhyay with online handle Cyb3R_Shubh4M, has discovered a persistent cross site scripting vulnerability in eBay site.
In an email sent to Xssed.com, researcher explained the details of vulnerability. In order to exploit the vulnerability, attackers would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.
At the time of writing , the vulnerability is unfixed . Here is the page where he injected his code:
http://www.ebay.com/itm/181023275832?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649
The mirror is available here:
http://www.xssed.com/mirror/79254/
According to the researcher, it also gets executed in the cgi.ebay.com domain when logged in the seller acco
In an email sent to Xssed.com, researcher explained the details of vulnerability. In order to exploit the vulnerability, attackers would need a seller account.Once login to seller account on eBay, the attacker would create a listing for sale where he put the XSS exploit code.
At the time of writing , the vulnerability is unfixed . Here is the page where he injected his code:
http://www.ebay.com/itm/181023275832?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649
The mirror is available here:
http://www.xssed.com/mirror/79254/
According to the researcher, it also gets executed in the cgi.ebay.com domain when logged in the seller acco
