ID PACKETSTORM:61584 Type packetstorm Reporter TEAMELITE Modified 2007-12-08T00:00:00
Description
`I am still Fugitif and now I want to show you how can work one vulnerable
XSS Alert Bug on Ebay.com.
To be more precise our link now is http://togo.ebay.com
Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/
[img]http://funkyimg.com/u/20862ebay_1JPG.jpg[/img]
I go to select one version and I crush above
[img]http://funkyimg.com/u/89922ebay_2JPG.jpg[/img]
and immediately later click "I WANT THIS ONE"
In the square where asks FOR "ID" I put some string like this
"><script>alert(document.cookie)</script>
( or nothing we go directly on the "Browse" )
[img]http://funkyimg.com/u/82647ebay_3JPG.jpg[/img]
and click "Browse"
[img]http://funkyimg.com/u/36366ebay_4JPG.jpg[/img]
Now we cannot do anything else other than to use the search with our magic
string
"><script>alert(document.cookie)</script>
Result ? !
[img]http://funkyimg.com/u/95003ebay_5JPG.jpg[/img]
That's all (sorry another time for the screen, coz only so I can have
shown)
/Fugitif t3am3lit3@gmail.com http://nemesis.te-home.net
`
{"hash": "4e8b0b1b411266ccef0bd00fcf9ba17774b138c90057e2306a5b6bc810f79499", "edition": 1, "references": [], "objectVersion": "1.2", "viewCount": 0, "type": "packetstorm", "description": "", "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/61584/ebay-xss.txt.html", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "7f7285c43218f20dac83f91f73ab8465"}, {"key": "modified", "hash": "3943d7280d4749025198c98ef353d074"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3943d7280d4749025198c98ef353d074"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "5f3496f19f5039c2aa72507b8b92d2f4"}, {"key": "sourceData", "hash": "8d8aea8140770095a3722485e8ffd828"}, {"key": "sourceHref", "hash": "5cb472574ce6fe617b19043c98009975"}, {"key": "title", "hash": "853cb1064e4b0610981c6f577f8a29a3"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "published": "2007-12-08T00:00:00", "modified": "2007-12-08T00:00:00", "title": "ebay-xss.txt", "cvelist": [], "sourceHref": "https://packetstormsecurity.com/files/download/61584/ebay-xss.txt", "history": [], "reporter": "TEAMELITE", "lastseen": "2016-11-03T10:29:14", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:29:14"}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:14"}, "vulnersScore": -0.4}, "sourceData": "`I am still Fugitif and now I want to show you how can work one vulnerable \nXSS Alert Bug on Ebay.com. \nTo be more precise our link now is http://togo.ebay.com \n \nOk..My XSS alert can be found here http://togo.ebay.com/affiliates/create/ \n \n[img]http://funkyimg.com/u/20862ebay_1JPG.jpg[/img] \n \nI go to select one version and I crush above \n \n[img]http://funkyimg.com/u/89922ebay_2JPG.jpg[/img] \n \nand immediately later click \"I WANT THIS ONE\" \n \n \nIn the square where asks FOR \"ID\" I put some string like this \n\"><script>alert(document.cookie)</script> \n \n( or nothing we go directly on the \"Browse\" ) \n \n[img]http://funkyimg.com/u/82647ebay_3JPG.jpg[/img] \n \nand click \"Browse\" \n \n[img]http://funkyimg.com/u/36366ebay_4JPG.jpg[/img] \n \n \nNow we cannot do anything else other than to use the search with our magic \nstring \n \n\"><script>alert(document.cookie)</script> \n \nResult ? ! \n \n[img]http://funkyimg.com/u/95003ebay_5JPG.jpg[/img] \n \n \nThat's all (sorry another time for the screen, coz only so I can have \nshown) \n \n \n/Fugitif t3am3lit3@gmail.com http://nemesis.te-home.net \n`\n", "id": "PACKETSTORM:61584"}
