Vulnerable XSS in eBay link allowing cookie retrieval exploit
`I am still Fugitif and now I want to show you how can work one vulnerable
XSS Alert Bug on Ebay.com.
To be more precise our link now is http://togo.ebay.com
Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/
[img]http://funkyimg.com/u/20862ebay_1JPG.jpg[/img]
I go to select one version and I crush above
[img]http://funkyimg.com/u/89922ebay_2JPG.jpg[/img]
and immediately later click "I WANT THIS ONE"
In the square where asks FOR "ID" I put some string like this
"><script>alert(document.cookie)</script>
( or nothing we go directly on the "Browse" )
[img]http://funkyimg.com/u/82647ebay_3JPG.jpg[/img]
and click "Browse"
[img]http://funkyimg.com/u/36366ebay_4JPG.jpg[/img]
Now we cannot do anything else other than to use the search with our magic
string
"><script>alert(document.cookie)</script>
Result ? !
[img]http://funkyimg.com/u/95003ebay_5JPG.jpg[/img]
That's all (sorry another time for the screen, coz only so I can have
shown)
/Fugitif [email protected] http://nemesis.te-home.net
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo