The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

eBay bug lets hackers install malicious code into pages

2016-02-05 03:12 by
Tags:

 

Security researchers from Check Point have discovered a vulnerability in eBay's website, which could allow hackers to remotely install malicious code in the page and distribute phishing and malware campaigns on eBay users.

Despite a filter that is used in eBay's website to stop sellers from doing anything other than adding basic HTML on a page to highlight text, using the so-called JSF**K technique allows attackers to bypass the limitations.

Check Point notified eBay about the issue on Dec. 15 last year.

"As we demonstrated to the eBay security team in the proof of concept, we were able to bypass their security policies and insert a malicious code to our seller page without any difficulty or restriction," the firm writes.

eBay responded to the security company two weeks ago, claiming it had no plans to fix the issue.

"eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident," a spokesperson with the company said.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About