A security researcher recently discovered a remote code execution vulnerability in eBay's site.

What are you thinking?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading...Loading...

White-hat hackers are often accredited with finding serious flaws in online sites and services. David Vieira-Kurz is such a hacker who recently discovered a remote code execution vulnerability in eBay‘s site.


eBay

eBay is one of the largest e-retail giants and has a huge online presence. The site is responsible for countless financial transactions every day, being a marketplace of sorts. In view of this, one would expect that its website is highly secure.

However, German security researcher Kurz recently discovered that the site contains a remote code execution vulnerability. The vulnerability essentially allows a hacker to execute a potentially malicious code of his own on eBay’s server, a loophole which allows for a whole range of nefarious activities.

Kurz went on to tinker with the site and inject an arbitrary code of his own in which he was successful. He apparently modified a legitimate URL

‘https://sea.ebay.com/search/?q=david&catidd=1′

to

‘https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1′

Using the above method, many different forms of payloads can be injected into eBay’s server. Essentially, the problem with the eBay server was that it was filtering certain user-supplied strings but neglected appropriate filteration of user-supplied arrays. The result was that anyone could supply a malicious array and breach the server’s security.

Kurz then furnished a video demo of the hack which is posted above. However, before doing so, he also notified the eBay team which, thankfully, was quick to respond. The vulnerability has been patched on the official site by now.

Source: SecAlert

Courtesy: The Hacker News

Buy Cheapest Related Product From Amazon.com


Video Shows How Quickly London’s Heathrow Airport Can Spread A Global Pandemic

Apple Makes Huge Changes To App Store Search Rankings For iOS Apps
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , ,

  On December 15, 2013(10 months, 12 days ago.)

Recent Products

Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Buy Now | Compare  
Compare  

What Do You Think?

Loading Disqus Comments ...
Loading Facebook Comments ...

Recent Search

Recent Tutorials

Do you know that you can turn a shoe box into a phone projector? Don't believe this? See for yourself inside.
Apple has published a new guide detailing how Android users will be able to switch their contents from Android to iPhone.
The trick will let you to check your Facebook messages in the original app without downloading Messenger and it works with both iPhone or Android phone.
Want to block all disgusting ads from your android device? Read the tutorial to know how you can block ads on your Android and save data.
Want to repair your memory card? It's very easy to fix corrupted or damaged memory card. In fact you can fix it by yourself.
Are you the one who is frustrated because of the speed of your Android device? No worries, the article will help you increase the speed of that device.
Lately, Google has updated its Google Docs. Now users can crop, rotate, and add borders to images in a document without leaving Google Docs.
Adobe CS products are not free, but the good news is you can now download Photoshop CS2 & all other CS2 product completely free and it's absolutely legal.
At the beginning level, many people don't know how to use Gmail properly. For them, a here's a helpful guideline.
Skype now allows you to call directly from your Outlook account. Find the step-by-step installation process from this tutorial.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook