Lucene search

K

ebay-xss.txt

🗓️ 08 Dec 2007 00:00:00Reported by TEAMELITEType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 23 Views

Vulnerable XSS in eBay link allowing cookie retrieval exploit

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`I am still Fugitif and now I want to show you how can work one vulnerable  
XSS Alert Bug on Ebay.com.  
To be more precise our link now is http://togo.ebay.com  
  
Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/  
  
[img]http://funkyimg.com/u/20862ebay_1JPG.jpg[/img]  
  
I go to select one version and I crush above  
  
[img]http://funkyimg.com/u/89922ebay_2JPG.jpg[/img]  
  
and immediately later click "I WANT THIS ONE"  
  
  
In the square where asks FOR "ID" I put some string like this  
"><script>alert(document.cookie)</script>  
  
( or nothing we go directly on the "Browse" )  
  
[img]http://funkyimg.com/u/82647ebay_3JPG.jpg[/img]  
  
and click "Browse"  
  
[img]http://funkyimg.com/u/36366ebay_4JPG.jpg[/img]  
  
  
Now we cannot do anything else other than to use the search with our magic  
string  
  
"><script>alert(document.cookie)</script>  
  
Result ? !  
  
[img]http://funkyimg.com/u/95003ebay_5JPG.jpg[/img]  
  
  
That's all (sorry another time for the screen, coz only so I can have  
shown)  
  
  
/Fugitif [email protected] http://nemesis.te-home.net  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Dec 2007 00:00Current
7.4High risk
Vulners AI Score7.4
23
.json
Report