website statistics

A security researcher recently discovered a remote code execution vulnerability in eBay's site.

What is the next Gadget you want?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading ... Loading ...

White-hat hackers are often accredited with finding serious flaws in online sites and services. David Vieira-Kurz is such a hacker who recently discovered a remote code execution vulnerability in eBay‘s site.


eBay

eBay is one of the largest e-retail giants and has a huge online presence. The site is responsible for countless financial transactions every day, being a marketplace of sorts. In view of this, one would expect that its website is highly secure.

However, German security researcher Kurz recently discovered that the site contains a remote code execution vulnerability. The vulnerability essentially allows a hacker to execute a potentially malicious code of his own on eBay’s server, a loophole which allows for a whole range of nefarious activities.

Kurz went on to tinker with the site and inject an arbitrary code of his own in which he was successful. He apparently modified a legitimate URL

‘https://sea.ebay.com/search/?q=david&catidd=1′

to

‘https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1′

Using the above method, many different forms of payloads can be injected into eBay’s server. Essentially, the problem with the eBay server was that it was filtering certain user-supplied strings but neglected appropriate filteration of user-supplied arrays. The result was that anyone could supply a malicious array and breach the server’s security.

Kurz then furnished a video demo of the hack which is posted above. However, before doing so, he also notified the eBay team which, thankfully, was quick to respond. The vulnerability has been patched on the official site by now.

Source: SecAlert

Courtesy: The Hacker News

Buy Cheapest Related Product From Amazon.com


Video Shows How Quickly London’s Heathrow Airport Can Spread A Global Pandemic

Apple Makes Huge Changes To App Store Search Rankings For iOS Apps
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , ,

  On December 15, 2013(4 months, 5 days ago.)

Recent Search

Recent Tutorials

At the beginning level, many people don't know how to use Gmail properly. For them, a here's a helpful guideline.
Skype now allows you to call directly from your Outlook account. Find the step-by-step installation process from this tutorial.
This tutorial helps you quickly resolve four of the most common problems that occur with Windows XP.
After releasing Look Back, many people didn't like it. So Facebook planned to add an Edit tool to the feature and now you can edit your Facebook Look Back video.
Do you want to record Skype calls but don't know how to do that? Then this guide is absolutely for you. Get inside the article for details.
Do you know that many companies can track you on Facebook? Do you want to know who they are? Do you want to block them?
So you've been planning on replacing your old hard drive with the new drive? This tutorial helps you with a few simple steps.
Bitcoin is a digital currency that has gained extraordinary momentum in the last few months. This tutorial helps you get started with the basics.
Android lockscreen can be secured in a number of ways, some of which are described in this brief tutorial.
This review of iSkysoft Video Converter tells you everything you want to know about this Win 8/7 compatible video/DVD tool. Check the below to learn more details.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook