Kartier Pohs

Wednesday, November 18, 2015

Cross Site Scripting Vulnerability in Ebay.

While testing on website of Ebay ,I found security vulnerability/bug on website www.ebay.com. This website provides Hall of Fame for Bug Hunters or security researchers to report the vulnerability.So when I  tested this website , I found XSS vulnerability on this website.

Vulnerability Type: XSS

Vulnerable Link: http://developer.ebay.com/search/default.aspx 

Payload used:  ></script>">'><script>alert(/XSS-TESTED-BY-YOGESH-PRASAD/)</script>

Status: Reported and Patched
 
Reproduction step:
In the "Search For" box  field use the above payload(make sure there shuld not b any space in prompt(/­XSS-TESTED-BY-YOGESH-PRASAD/ ).
Press enter and u will get the "popup box" generated by XSS.

Proof:
Cross Site Scripting Vulnerability in Ebay.

No comments:

Post a Comment

Copyright 2015 @ Yogesh Prasad