website statistics

A security researcher recently discovered a remote code execution vulnerability in eBay's site.
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading...

White-hat hackers are often accredited with finding serious flaws in online sites and services. David Vieira-Kurz is such a hacker who recently discovered a remote code execution vulnerability in eBay‘s site.


eBay

eBay is one of the largest e-retail giants and has a huge online presence. The site is responsible for countless financial transactions every day, being a marketplace of sorts. In view of this, one would expect that its website is highly secure.

However, German security researcher Kurz recently discovered that the site contains a remote code execution vulnerability. The vulnerability essentially allows a hacker to execute a potentially malicious code of his own on eBay’s server, a loophole which allows for a whole range of nefarious activities.

Kurz went on to tinker with the site and inject an arbitrary code of his own in which he was successful. He apparently modified a legitimate URL

‘https://sea.ebay.com/search/?q=david&catidd=1’

to

‘https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1’

Using the above method, many different forms of payloads can be injected into eBay’s server. Essentially, the problem with the eBay server was that it was filtering certain user-supplied strings but neglected appropriate filteration of user-supplied arrays. The result was that anyone could supply a malicious array and breach the server’s security.

Kurz then furnished a video demo of the hack which is posted above. However, before doing so, he also notified the eBay team which, thankfully, was quick to respond. The vulnerability has been patched on the official site by now.

Source: SecAlert

Courtesy: The Hacker News

Buy Cheapest Related Product From Amazon.com


Video Shows How Quickly London’s Heathrow Airport Can Spread A Global Pandemic

Apple Makes Huge Changes To App Store Search Rankings For iOS Apps
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , ,

  On December 15, 2013(2 years, 5 months ago.)

You May Also Like:

What Do You Think?

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

Just read this tutorial by yourself and from now on, we will show you, how you can make your iOS device read text loudly for you.
If you're still struggling to take selfie on iPhone then check it out to know how to take photos from far using iPhone's headset as a remote.
Even if your iPhone is locked, people can reply from the lock screen. Check out, how to turn off the quick reply message from locked screen.
Have you forgot Apple ID password or having trouble signing in? Check out this tutorial to reset the password.
Even if iPhone is muted, still Siri's voice is loudly chime. Now you can change the setting to silence Siri using your iPhone's mute switch.
Check out how to teach Siri about nicknames and relationships of the important people in your life in order to make your life easier.
Has your iPhone suddenly turned black & white? Check out this tutorial to know possible reasons & how to fix iPhone screen with few taps.
Check out this tutorial to download FREE movies and TV Shows streaming Showbox app and install it on your Android smartphone or tablet.
Parental Controls allows you to put restrictions on apps or content that can or can not be used by anyone else on your Apple iPhone or iPad.
If you want to print from iPhone without using any computer, check this out to connect and print wirelessly right from the Apple device.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook