[XSS] *.ebay.com

[dancezar]

Exploit: XSS

Tip:Reflected

Author: Danyweb09

Target: ebay.com

Tested on: firefox,opera,ie(mai vechi)

http://s23.postimg.org/ec084w4i1/ebay_xss.png

Cineva care a mai raportat xss-uri la ebay imi spune si mie unde trebuie sa trimit email

//Raportat

//Mi-au zis ca a mai fost raportat de altcineva am mai raportat altul acum in domeniul principal

//Edit pana la urma am mai raportat unu si am primit HOF http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

Edited July 12, 2013 by danyweb09

[akkiliON]

Report a Security Vulnerability

Completezi formularul de mai jos !

Bafta ! Poate ne vedem amandoi in Hall of Fame

[dancezar]

Mersi mult .Sa speram..

[akkiliON]

Mersi mult .Sa speram..

O sa fiu adaugat mai unpic ! Mai trebuie sa astept pana mai raporteaza si altii si dupaia o sa ne adauge pe lista !

Hello,

your name will show up on the page in the next couple of days.

Best Regards,

eBay Security Research

Sa vedem ce iti spun ! O sa ai ceva de asteptat

// Apropo ! Puteai sa postezi la categoria Bug Bounty deoarece au Hall of Fame

Bravo !

Edited April 29, 2013 by akkiliON

[dancezar]

Mersi maestre.Acum cateva secunde am completat si trimis formularu de pe linkul acela.Daca am trimis la securitycenter pot sa postez si la Bug Bounty?

[akkiliON]

Pai roaga un moderator sa iti mute topic-ul la categoria Bug Bounty !

[chioara3]

Gj.

Ce ai primit ?

[dancezar]

deabea am raportat xss-u

[akkiliON]

# Se pare ca am fost adaugat in lista celor de la eBay

Security Researchers Acknowledgment

[dancezar]

Felicitari!

Eu deocamdata am primit un email de confirmare

The safety of our users is of utmost importance to us, so we thank you for your report and dedication to keeping our eBay community safe. We are now forwarding your report to our team of engineers and will let you know when this vulnerability has been resolved.

We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on which site has the vulnerability and what function is being exploited.

If the issue is something we are already aware of or is not considered a vulnerability, we will notify you and then close the ticket.

If the issue is considered a vulnerability to one of our eBay sites and hasn’t been reported yet, we will contact you to let you know when the vulnerability has been resolved and, if you’ve followed our Guidelines for Responsible Disclosure, we will ask for your name to add on the Acknowledgment page if you wish to be listed.

Please note: it is not our practice to give updates on the status of tickets until the vulnerability has been resolved.

Best Regards,

eBay Security Research

Din cate mi-ai spus tu o sa mai dureze pana cand ma adauga pe lista nu?

[akkiliON]

Pai o sa dureze cateva zile pana cred ca mai primesc si de la altii bug-uri si le fixeaza !

Hi,

your name will show up on the page in the next couple of days.

Best Regards,

eBay Security Research

Asa am primit ultimul mesaj de la ei si astazi am observat ca m-au adaugat in lista

[cross]

Bravo esti foarte bun

[timy123]

Salut am tot vazut ca sunt raportate anumite vulnerabilitati pe diverse saituri,poate cineva sa imi explice si mi-e de ex ce face aceasta vulnerabilitate? si cu ce le cauti cu un program ? sau manual gen SQL injection ?

[StoNe-]

Salut am tot vazut ca sunt raportate anumite vulnerabilitati pe diverse saituri,poate cineva sa imi explice si mi-e de ex ce face aceasta vulnerabilitate? si cu ce le cauti cu un program ? sau manual gen SQL injection ?

Cu ajutorul XSS-ului, în majoritatea cazurilor, se ob?in cookie-urile victimei. Sunt ?i câteva progr?mele, gen Acunetix, care fac un scurt scan asupra site-ului, dar sunt relativ degeaba. Research-urile f?cute manual sunt cele sfinte.

[babyface]

Ti-au trimis si ei cateva baterii de vin?