A security researcher recently discovered a remote code execution vulnerability in eBay's site.

What Specially You're Expecting From Apple In This WWDC?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading ... Loading ...

White-hat hackers are often accredited with finding serious flaws in online sites and services. David Vieira-Kurz is such a hacker who recently discovered a remote code execution vulnerability in eBay‘s site.


eBay

eBay is one of the largest e-retail giants and has a huge online presence. The site is responsible for countless financial transactions every day, being a marketplace of sorts. In view of this, one would expect that its website is highly secure.

However, German security researcher Kurz recently discovered that the site contains a remote code execution vulnerability. The vulnerability essentially allows a hacker to execute a potentially malicious code of his own on eBay’s server, a loophole which allows for a whole range of nefarious activities.

Kurz went on to tinker with the site and inject an arbitrary code of his own in which he was successful. He apparently modified a legitimate URL

‘https://sea.ebay.com/search/?q=david&catidd=1′

to

‘https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1′

Using the above method, many different forms of payloads can be injected into eBay’s server. Essentially, the problem with the eBay server was that it was filtering certain user-supplied strings but neglected appropriate filteration of user-supplied arrays. The result was that anyone could supply a malicious array and breach the server’s security.

Kurz then furnished a video demo of the hack which is posted above. However, before doing so, he also notified the eBay team which, thankfully, was quick to respond. The vulnerability has been patched on the official site by now.

Source: SecAlert

Courtesy: The Hacker News

Buy Cheapest Related Product From Amazon.com


Video Shows How Quickly London’s Heathrow Airport Can Spread A Global Pandemic

Apple Makes Huge Changes To App Store Search Rankings For iOS Apps
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , ,

  On December 15, 2013(7 months, 10 days ago.)

Recent Products

Compare  
Buy Now | Compare  

What Do You Think?

Loading Disqus Comments ...
Loading Facebook Comments ...

Recent Search

Recent Tutorials

Want to repair your memory card? It's very easy to fix corrupted or damaged memory card. In fact you can fix it by yourself.
Are you the one who is frustrated because of the speed of your Android device? No worries, the article will help you increase the speed of that device.
Lately, Google has updated its Google Docs. Now users can crop, rotate, and add borders to images in a document without leaving Google Docs.
Adobe CS products are not free, but the good news is you can now download Photoshop CS2 & all other CS2 product completely free and it's absolutely legal.
At the beginning level, many people don't know how to use Gmail properly. For them, a here's a helpful guideline.
Skype now allows you to call directly from your Outlook account. Find the step-by-step installation process from this tutorial.
This tutorial helps you quickly resolve four of the most common problems that occur with Windows XP.
After releasing Look Back, many people didn't like it. So Facebook planned to add an Edit tool to the feature and now you can edit your Facebook Look Back video.
Do you want to record Skype calls but don't know how to do that? Then this guide is absolutely for you. Get inside the article for details.
Do you know that many companies can track you on Facebook? Do you want to know who they are? Do you want to block them?
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook