Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Security Blog

September 28th, 2012, 10:53 GMT · By

BLOG

Expert Finds XSS Flaw on eBay After Bypassing “Filtering Mechanisms”

SHARE:

Adjust text size:


eBay listed security researcher Rafay Baloch in its hall of fame after the expert managed to identify a “very unusual” non-persistent cross-site scripting (XSS) vulnerability.

“There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and was able to run my html code and JavaScript,” the expert explained on his blog.

To demonstrate his findings, he has published a proof-of-concept (PoC) video in which he details how he has managed to bypass the filter.

The video is a great way for security enthusiasts to learn a few things about the ever-present XSS vulnerabilities. On the other hand, this situation once again highlights the importance of responsible disclosure.

Baloch claims that he has also identified high-risk vulnerabilities on websites owned by Adobe and Apple. The POCs for these particular security holes will be released as soon as the companies address the problems.
FILED UNDER:
XSS
eBay
vulnerability

TELL US WHAT YOU THINK:

1,867 hits · 3 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Microsoft Addresses XSS and HTML Injection Flaws on Websites [Video POC]
RevolutionTT Administrators: Site Was Not Hacked, Your Account Is Secure
Symantec Fixes XSS Flaws on Three Subdomains After Being Alerted by Researcher
XSS Vulnerabilities Addressed by Microsoft’s September 2012 Updates
Researchers Find Flaws in Army-Approved FortiGate Appliances

READER COMMENTS:


Comment #1 by: Adam on 28 Sep 2012, 20:17 UTC reply to this comment

Very unusual was the fact, that standard Acunetix test worked on eBay. Another unusual fact was the "researcher", able to run Acunetix, created whole screencast showing how he got to the Acunetix scan result.

Comment #1.1 by: Musarat Baloch on 11 Nov 2012, 23:41 GMT

@adam, How many vulnerabilties did you find in Ebay?


Comment #2 by: dr musrat on 01 Oct 2012, 10:05 UTC reply to this comment

ebay should consider and get help from rafay baloch,

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use