Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Multiple Bugs On EBAY.CO.UK Website
Posted by: Fugitif
Date: April 03, 2009 04:51PM

xss ,redirect,local file inclusion

more about: http://nemesis.te-home.net/News/20090403_Multiple_Bugs_On_EBAY_CO_UK_Website.html




Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: thrill
Date: April 03, 2009 06:06PM

heh.. nice..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: id
Date: April 06, 2009 05:44PM

eBay runs on windows, and there is no way they would run nagios/arpwatch, etc on their production servers. I'm gonna go ahead and call BS.

-id

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: thrill
Date: April 06, 2009 06:12PM

shenanigans?

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: rvdh
Date: April 06, 2009 07:05PM

Curious, it seems the canonicalization scope of /etc runs up to 10 paths, I've only seen it mount to a depth of about max 5. It could be that they run shares though, but it's scope is very uncanny to say the least.

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: Spyware
Date: April 07, 2009 02:05AM

How was the threadstarter able to click the Imageshack button in Opera while the Javascript box was active [second image]?

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: Fugitif
Date: April 07, 2009 07:18AM

ctrl+stamp

Quote

An eBay representative has responded to our request for comment and has acknowledged the flaws. "eBay can confirm that one of its micro-project sites had some limited vulnerabilities to malicious hacking attempts. Since discovery last week, eBay can also confirm that we have since plugged these known vulnerabilities," he said.

The spokesperson also explained that the vulnerable pages were not connected to any sensitive data. "The sites in question were developed in the rapid iteration and deployment methodology we prefer for our micro-projects. Because we anticipate having an occasional vulnerability on these sites due to the speed with which they are developed and rolled out, they are never exposed to our full production servers and data until we are able to thoroughly and rigorously test their ability to comply with eBay’s stringent security standards. Because of our abundance of caution in approaching security, eBay can also confirm that NO customer data was compromised," he stressed.

Options: ReplyQuote
Re: Multiple Bugs On EBAY.CO.UK Website
Posted by: Kyo
Date: April 08, 2009 08:04AM

So basically they do shitty security and then look for holes in it later? That sounds like a strategy that is doomed to fail

Options: ReplyQuote


Sorry, only registered users may post in this forum.