Jump to content

Has a second eBay zero day security flaw been discovered?

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
Has a second eBay zero day security flaw been discovered?

After last's week massive security alert, eBay may well have been hit by a second flaw, one which was discovered by a 19-year old British student.

Jordan Lee Jones, who hails from Stockton-on-Tees, told PCWorld that he reported the vulnerability to eBay on Friday and decided to make it public on Monday.

The vulnerability Jones found is a cross-site scripting (XSS) flaw where code can be executed remotely from one site can be injected into another.

Jones uploaded a screen capture (above) showing that he was able to create a pop up box on eBay's labs webpage using this technique.

Password changing time?

Hackers would also be able to collect cookies - small disposable files that contain personal data - from eBay users; these can subsequently be used to access websites or as means of authentication.

The discovery of the flaw came 24 hours after eBay's defenses were breached and an estimated 145 million user accounts were compromised.

A sample of the database was posted online - and apparently available on sale - but eBay stated that they were not genuine.

Jones' eBay cross-site scripting code can be found on his website. Unlike the one discovered on Thursday, this vulnerablity is not scalable and changing your login details would make no difference.

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.imgxr0gyJJZ7As
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept