Acknowledged By Ebay
Friends, It is my great pleasure to inform you that Ebay has listed me into it's Hall of fame for security researchers who have reported high risk vulnerabilities to Ebay. I found a non persistant cross site scripting vulnerability inside Ebay, I reported it to Ebay and it was identified as a high risk vulnerability, hence Ebay fixed it without wasting any time and provided me an acknowledgement.
It was a very unusual xss vulnerability and it was really difficult to identify, further moer, there was a WAF/IPS in place which was filtering out the html and javascripts being embedded into the page. I managed to bypass the filtering mechanism of Ebay and was able to run my html code and javascipt. The video below explains how I bypassed security mechanisms of ebay.
The following video explains how the attack was carried out:
So what's Next?
I have also found high risk vulnerabilities in Apple and Adobe website, I would receive an acknowledgement very soon, Details would be made public, once they fix the vulnerabilities.
Nice Bro Keep up Good work
ReplyDeleteDude Do you know how to find rel vulnerabilities instead of shit like XSS?
ReplyDelete@John Jocob
ReplyDeleteSo according to you XSS is a fake vulnerability?
@rafay .. what is the impact of XSS on the website?
ReplyDeleteWell, the question is precise but the answer is really long as XSS can be used for wide variety of attacks such as Phishing, Cookie Stealing, Hijacking a browser and even hijacking a computer. There are lots of white papers available on this topic. Therefore, i would recommend you read them.
ReplyDeletehey your video not workign
ReplyDeletekabi hama time b aayega :(
ReplyDeletehey bro! could i guest on ur website?
ReplyDeleteMY PREMIUM TRICKS
Technononimous!