While testing on website of Ebay ,I found security vulnerability/bug on website www.ebay.com. This website provides Hall of Fame for Bug Hunters or security researchers to report the vulnerability.So when I tested this website , I found XSS vulnerability on this website.
Vulnerable Link: http://developer.ebay.com/ search/default.aspx
Payload used: ></script>">'><script>alert(/ XSS-TESTED-BY-YOGESH-PRASAD/)< /script>
Status: Reported and Patched
Reproduction step:In the "Search For" box field use the above payload(make sure there shuld not b any space in prompt(/XSS-TESTED-BY-YOGESH- PRASAD/ ).
Press enter and u will get the "popup box" generated by XSS.
Proof:
Vulnerability Type: XSS
Vulnerable Link: http://developer.ebay.com/
Payload used: ></script>">'><script>alert(/
Status: Reported and Patched
Reproduction step:
Press enter and u will get the "popup box" generated by XSS.
Proof: