Home / exploitsPDF  

ebay-xss.txt

Posted on 08 December 2007

I am still Fugitif and now I want to show you how can work one vulnerable XSS Alert Bug on Ebay.com. To be more precise our link now is http://togo.ebay.com Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/ [img]http://funkyimg.com/u/20862ebay_1JPG.jpg[/img] I go to select one version and I crush above [img]http://funkyimg.com/u/89922ebay_2JPG.jpg[/img] and immediately later click "I WANT THIS ONE" In the square where asks FOR "ID" I put some string like this "><script>alert(document.cookie)</script> ( or nothing we go directly on the "Browse" ) [img]http://funkyimg.com/u/82647ebay_3JPG.jpg[/img] and click "Browse" [img]http://funkyimg.com/u/36366ebay_4JPG.jpg[/img] Now we cannot do anything else other than to use the search with our magic string "><script>alert(document.cookie)</script> Result ? ! [img]http://funkyimg.com/u/95003ebay_5JPG.jpg[/img] That's all (sorry another time for the screen, coz only so I can have shown) /Fugitif t3am3lit3@gmail.com http://nemesis.te-home.net

 

TOP