Jump to content
dancezar

[XSS] *.ebay.com

Recommended Posts

  • Active Members
Posted (edited)

Exploit: XSS

Tip:Reflected

Author: Danyweb09

Target: ebay.com

Tested on: firefox,opera,ie(mai vechi)

ebay_xss.png

http://s23.postimg.org/ec084w4i1/ebay_xss.png

Cineva care a mai raportat xss-uri la ebay imi spune si mie unde trebuie sa trimit email

//Raportat

//Mi-au zis ca a mai fost raportat de altcineva am mai raportat altul acum in domeniul principal

//Edit pana la urma am mai raportat unu si am primit HOF http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

Edited by danyweb09
  • Active Members
Posted (edited)
Mersi mult .Sa speram..

O sa fiu adaugat mai unpic ! Mai trebuie sa astept pana mai raporteaza si altii si dupaia o sa ne adauge pe lista ! :)

Hello,

your name will show up on the page in the next couple of days.

Best Regards,

eBay Security Research

Sa vedem ce iti spun ! O sa ai ceva de asteptat :)

// Apropo ! Puteai sa postezi la categoria Bug Bounty deoarece au Hall of Fame :)

Bravo !

Edited by akkiliON
  • Active Members
Posted

Mersi maestre.Acum cateva secunde am completat si trimis formularu de pe linkul acela.Daca am trimis la securitycenter pot sa postez si la Bug Bounty?

  • Active Members
Posted

Felicitari!

Eu deocamdata am primit un email de confirmare

The safety of our users is of utmost importance to us, so we thank you for your report and dedication to keeping our eBay community safe. We are now forwarding your report to our team of engineers and will let you know when this vulnerability has been resolved.

We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on which site has the vulnerability and what function is being exploited.

If the issue is something we are already aware of or is not considered a vulnerability, we will notify you and then close the ticket.

If the issue is considered a vulnerability to one of our eBay sites and hasn’t been reported yet, we will contact you to let you know when the vulnerability has been resolved and, if you’ve followed our Guidelines for Responsible Disclosure, we will ask for your name to add on the Acknowledgment page if you wish to be listed.

Please note: it is not our practice to give updates on the status of tickets until the vulnerability has been resolved.

Best Regards,

eBay Security Research

Din cate mi-ai spus tu o sa mai dureze pana cand ma adauga pe lista nu?

  • Active Members
Posted

Pai o sa dureze cateva zile pana cred ca mai primesc si de la altii bug-uri si le fixeaza !

Hi,

your name will show up on the page in the next couple of days.

Best Regards,

eBay Security Research

Asa am primit ultimul mesaj de la ei si astazi am observat ca m-au adaugat in lista :)

Posted

Salut am tot vazut ca sunt raportate anumite vulnerabilitati pe diverse saituri,poate cineva sa imi explice si mi-e de ex ce face aceasta vulnerabilitate? si cu ce le cauti cu un program ? sau manual gen SQL injection ?

Posted
Salut am tot vazut ca sunt raportate anumite vulnerabilitati pe diverse saituri,poate cineva sa imi explice si mi-e de ex ce face aceasta vulnerabilitate? si cu ce le cauti cu un program ? sau manual gen SQL injection ?

Cu ajutorul XSS-ului, în majoritatea cazurilor, se ob?in cookie-urile victimei. Sunt ?i câteva progr?mele, gen Acunetix, care fac un scurt scan asupra site-ului, dar sunt relativ degeaba. Research-urile f?cute manual sunt cele sfinte.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...