Expert Finds XSS Flaw on eBay After Bypassing “Filtering Mechanisms”

The company has listed researcher Rafay Baloch in its "hall of fame"

By Eduard Kovacs on September 28th, 2012 10:53 GMT

eBay listed security researcher Rafay Baloch in its hall of fame after the expert managed to identify a “very unusual” non-persistent cross-site scripting (XSS) vulnerability.

“There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and was able to run my html code and JavaScript,” the expert explained on his blog.

To demonstrate his findings, he has published a proof-of-concept (PoC) video in which he details how he has managed to bypass the filter.

The video is a great way for security enthusiasts to learn a few things about the ever-present XSS vulnerabilities. On the other hand, this situation once again highlights the importance of responsible disclosure.

Baloch claims that he has also identified high-risk vulnerabilities on websites owned by Adobe and Apple. The POCs for these particular security holes will be released as soon as the companies address the problems.
Expert Finds XSS Flaw on eBay After Bypassing “Filtering Mechanisms”
Click to play video
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

3 Comments