eBay listed security researcher Rafay Baloch in its hall of fame after the expert managed to identify a “very unusual” non-persistent cross-site scripting (XSS) vulnerability.
To demonstrate his findings, he has published a proof-of-concept (PoC) video in which he details how he has managed to bypass the filter.
The video is a great way for security enthusiasts to learn a few things about the ever-present XSS vulnerabilities. On the other hand, this situation once again highlights the importance of responsible disclosure.
Baloch claims that he has also identified high-risk vulnerabilities on websites owned by Adobe and Apple. The POCs for these particular security holes will be released as soon as the companies address the problems.