Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eBay vulnerability with smartphones


  • Please log in to reply
1 reply to this topic

#1 Agentspade

Agentspade

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U S Of A
  • Local time:03:26 PM

Posted 03 February 2016 - 05:21 AM

Just got wind of this bit of bull crap today from checkpoint:

 

Check Point has discovered a severe vulnerability in eBay’s online sales platform. This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft.

An attacker could target eBay users by sending them a legitimate page that contains malicious code. Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.

After the flaw was discovered, Check Point disclosed details of the vulnerability to eBay on Dec 15, 2015. However, on January 16, 2016, eBay stated that they have no plans to fix the vulnerability. The exploit Demo is still live.

 

 

Read more here.

This is a serious security issue and a breach of trust for eBay and its users. If you are reading this spread this everywhere and demand eBay fix this crap!


Edited by Agentspade, 03 February 2016 - 05:22 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:26 PM

Posted 03 February 2016 - 08:09 AM

Our initial report was on December 15th, followed by a PoC (proof of concept) and a description of the vulnerability details.

Apparently, someone in eBay decided that this is not vulnerability, as they allow active content?

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users