Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Interesting eBay script
Posted by: trev
Date: March 07, 2008 01:06PM

This script is used for eBay's banners. Interestingly, it will take just any text as a callback function:

http://srx.de.ebayrtm.com/rtm?RtmCmd&a=json&cb=%3Chtml%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E%3C/html%3E

The parameter a accepts the values "text" and "xml" as well but the output is always JavaScript which prevents the browser from processing the HTML code. It isn't running on the ebay.com domain so even if you could get JavaScript executed, there isn't much to be gained. Still interesting.

Options: ReplyQuote
Re: Interesting eBay script
Posted by: trev
Date: March 07, 2008 01:14PM

And a similar one, this time on the ebay.com domain but the code still doesn't get executed:

http://promo.ebay.de/ws/eBayISAPI.dll?MerchPlacement&svcid=MERCH_PLACEMENT&request=nada&cb=%3Chtml%3E%3Cscript%3Ealert('xss')%3C/script%3E%3C/html%3E

Options: ReplyQuote
Re: Interesting eBay script
Posted by: Malkav
Date: March 07, 2008 04:17PM

ouch. painful. really.

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: Interesting eBay script
Posted by: trev
Date: March 10, 2008 02:37PM

And another one: http://search.ebay.de/ws/search/SaleSearchService?_safmen=1&_sajscallback=%3Chtml%3E%3Cscript%3Ealert('xss')%3C/script%3E%3C/html%3E&saved=1

Options: ReplyQuote


Sorry, only registered users may post in this forum.