Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3080
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3031
Total: 3033









Author Topic: eBay.co.uk Vulnerable to Multiple Attacks  (Read 2966 times)

0 Members and 2 Guests are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
    • SCforum.info
eBay.co.uk Vulnerable to Multiple Attacks
« on: 04. April 2009., 17:19:12 »


A self-proclaimed ethical hacker has disclosed multiple bugs affecting the eBay UK website. On their own, or combined, these flaws can facilitate different attacks such as phishing, session cookie hijacking or expose secure information.

Screenshots of several proof-of-concept attacks against ebay.co.uk have been published by a white-hat hacker, going by the online handle of Methodman. He also previously reported cross-site scripting weaknesses in other high profile websites belonging to the likes of Kaspersky, ESET (NOD32), Avira or Intel.

Methodman is a member of a group of programmers and security enthusiasts calling themselves ]['€AM€LiT€ (Team Elite). The outfit runs a chat network utilizing the IRC and Direct Connect protocols. Additionally, they develop various software such as mods and plug-ins for NMDC (NeoModus Direct Connect).

According to the provided evidence, several bugs are being exploited to instrument different attacks. The first is a cross-site scripting weakness, resulting from poor input validation that can be used to inject rogue code into the page.

"Malicious people can inject JavaScript code to redirect users to eBay scam pages (phishing attacks)," advises Methodman. Additionally, stealing session cookies, serving malware through a hidden IFrame or hijacking user mouse clicks for malicious purposes (clickjacking), is also possible by exploiting this flaw.

A second vulnerability allows for unauthorized directory traversal and local file inclusion attacks on the Web server. "Attackers use directory traversal attacks to read arbitrary files on web servers, such as SSL private keys and password files," explains the hacker, who provided screenshots with content from the /etc/hosts and /etc/passwd files, as examples.

link:softpedia
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

eBay.co.uk Vulnerable to Multiple Attacks
« on: 04. April 2009., 17:19:12 »

mashed

  • SCF Member
  • **
  • Posts: 63
  • KARMA: 10
  • Gender: Male
    • Stressed
Re: eBay.co.uk Vulnerable to Multiple Attacks
« Reply #1 on: 06. April 2009., 19:13:02 »
damn thats not good, hopefully ebay sort it out quickly!

Samker's Computer Forum - SCforum.info

Re: eBay.co.uk Vulnerable to Multiple Attacks
« Reply #1 on: 06. April 2009., 19:13:02 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023