Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43432
  • Total Topics: 16527
  • Online today: 3001
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2998
Total: 3000









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: mashed
« on: 06. April 2009., 19:13:02 »

damn thats not good, hopefully ebay sort it out quickly!
Posted by: Amker
« on: 04. April 2009., 17:19:12 »



A self-proclaimed ethical hacker has disclosed multiple bugs affecting the eBay UK website. On their own, or combined, these flaws can facilitate different attacks such as phishing, session cookie hijacking or expose secure information.

Screenshots of several proof-of-concept attacks against ebay.co.uk have been published by a white-hat hacker, going by the online handle of Methodman. He also previously reported cross-site scripting weaknesses in other high profile websites belonging to the likes of Kaspersky, ESET (NOD32), Avira or Intel.

Methodman is a member of a group of programmers and security enthusiasts calling themselves ]['€AM€LiT€ (Team Elite). The outfit runs a chat network utilizing the IRC and Direct Connect protocols. Additionally, they develop various software such as mods and plug-ins for NMDC (NeoModus Direct Connect).

According to the provided evidence, several bugs are being exploited to instrument different attacks. The first is a cross-site scripting weakness, resulting from poor input validation that can be used to inject rogue code into the page.

"Malicious people can inject JavaScript code to redirect users to eBay scam pages (phishing attacks)," advises Methodman. Additionally, stealing session cookies, serving malware through a hidden IFrame or hijacking user mouse clicks for malicious purposes (clickjacking), is also possible by exploiting this flaw.

A second vulnerability allows for unauthorized directory traversal and local file inclusion attacks on the Web server. "Attackers use directory traversal attacks to read arbitrary files on web servers, such as SSL private keys and password files," explains the hacker, who provided screenshots with content from the /etc/hosts and /etc/passwd files, as examples.

link:softpedia

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023