website statistics
A security researcher recently discovered a remote code execution vulnerability in eBay's site.
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading...

White-hat hackers are often accredited with finding serious flaws in online sites and services. David Vieira-Kurz is such a hacker who recently discovered a remote code execution vulnerability in eBay‘s site.


eBay

eBay is one of the largest e-retail giants and has a huge online presence. The site is responsible for countless financial transactions every day, being a marketplace of sorts. In view of this, one would expect that its website is highly secure.

However, German security researcher Kurz recently discovered that the site contains a remote code execution vulnerability. The vulnerability essentially allows a hacker to execute a potentially malicious code of his own on eBay’s server, a loophole which allows for a whole range of nefarious activities.

Kurz went on to tinker with the site and inject an arbitrary code of his own in which he was successful. He apparently modified a legitimate URL

‘https://sea.ebay.com/search/?q=david&catidd=1’

to

‘https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1’

Using the above method, many different forms of payloads can be injected into eBay’s server. Essentially, the problem with the eBay server was that it was filtering certain user-supplied strings but neglected appropriate filteration of user-supplied arrays. The result was that anyone could supply a malicious array and breach the server’s security.

Kurz then furnished a video demo of the hack which is posted above. However, before doing so, he also notified the eBay team which, thankfully, was quick to respond. The vulnerability has been patched on the official site by now.

Source: SecAlert

Courtesy: The Hacker News

[ttjad keyword=”ipad”]


Video Shows How Quickly London’s Heathrow Airport Can Spread A Global Pandemic

Apple Makes Huge Changes To App Store Search Rankings For iOS Apps
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , ,

  On December 15, 2013(2 years, 4 months ago.)

You May Also Like:

What Do You Think?

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

Check out the quickest way to enable or disable the Google Chrome notifications for Desktop if you are finding it a bit challenging.
Learn how to find out Apple iPhone's IMEI and Serial number even if your phone is stolen or you don't have the device on your hand.
Now you can set custom ringtones to individual skype contacts on android. It's easy to setup. Take a look.
Now you can install Microsoft's Cortana on Android devices. It's pretty easy to install. Follow the steps below, check the screenshot.
Want to install Android lollipop 5.0.2 on pc? This post is for you. It's pretty easy to install and run. Just take a look.
With our partnership with Mode Media, we just got a jump start. Here is our first story of hand picked curated content on Android Tutorials.
Want to change theme on android ? We will show you how to change theme on android. It will makes your phone looks like new and smart.
You can record your screen on android very easily. No root Required. All you have to need a pc and USB cable. Let's find out.
A simple tutorial on how-to block a phone number on Android device, without an external app. Its pretty easy and straight-forward. Take a look.
Here we will show how to take Screenshot on your Apple Watch.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook