[Vulnerability Report] Non-Persistent XSS on eBay.com



The following is my report on a serious vulnerability which i had discovered on eBay .com, for which i was also awarded a place at eBay Hall of Fame.

---Following is the email which i had sent to eBay Security Team---



Vulnerability Type: Non Persistent XSS 



Vulnerability Reproduction Steps(POC): 

1. Visit the Scope URL as mentioned above. 

2. Enter the following payload in the search field: "]};; <script>alert("XSS-By-Ak" )</script>

3. After the search our URL becomes the same as POC URL which delivers the XSS alert payload "XSS-By-Ak" 

System Details: Firefox 41 on windows 8.1 

Let me know if you require any other information, i will be happy to assist. 

Regards 
Amit Kumar(Ak) 
-------------------------------------End of eMail------------------------------------- 

Acknowledgement:


Amit Sangra

Author & Editor

Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.

0 comments:

Post a Comment

 
biz.