Just got wind of this bit of bull crap today from checkpoint:
Check Point has discovered a severe vulnerability in eBay’s online sales platform. This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft.
An attacker could target eBay users by sending them a legitimate page that contains malicious code. Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.
After the flaw was discovered, Check Point disclosed details of the vulnerability to eBay on Dec 15, 2015. However, on January 16, 2016, eBay stated that they have no plans to fix the vulnerability. The exploit Demo is still live.
Read more here.
This is a serious security issue and a breach of trust for eBay and its users. If you are reading this spread this everywhere and demand eBay fix this crap!
Edited by Agentspade, 03 February 2016 - 05:22 AM.