Ebay sites still vulnerable to cross-site scripting,html injection and redirect
all proof of concept still works fine,so be carefull!
POC:
http://donations.ebay.com/charity/charity.jsp?NP_ID=40219&name=XSS
http://worldofgood.ebay.com/Handmade-Jewelry-Earrings-Necklaces-Rings/47/list?XSS
http://worldofgood.ebay.com/list?HTML Injection
http://sea.ebay.com/searchAnnoucement.php?time=XSS
http://applications.ebay.com/selling?EAppsByCategory&sType=2&cId=4&cName=XSS
See also RafalLos article : eBay's Sub-Domains Vulnerable to XSS ...again
No response to “Ebay XSS”
Leave a reply