Garage4hackers Forum - EBay Persistent Cross Site Scripting (Filter Bypass)

Menu
G4H Tutorial and Papers

G4H Tools and Scripts

G4H Exploits

CTF & Meet Writeups

Google Hall of Fame

Teensy

Bug Bounty Listing

Web Application Security

Exploitation Techniques

RWS Webcast Recording

Blogs

EBay Persistent Cross Site Scripting (Filter Bypass)
by
fb1h2s

View Profile

View Forum Posts

Private Message

View Blog Entries

Visit Homepage

View Articles
Rate this article

Excellent

Good

Average

Bad

Terrible
Published on 08-18-2011 10:29 AM Number of Views: 11834

1 Comment
POC Code to Steel Cookies:

Vulnerability Effects:
1) User cookies could be retrieved and misused.
2) Users could be redirected to fake login pages where passwords could be stolen
3) The possibility of an XSS worm would be there.
4) Unwanted transactions could be done in context of logged in user.
Fixing:
1) Strong XSS filters should be deployed if html is allowed, make sure the XSS filter is updated on continues basis considering the update of HTML 5 tags.
2) In case of no HTML, htmlencode all the response.write requests.
3) Many more filter bypassing tags were discovered for current application and is included along with this report.
Note: Many more filter bypass could be found.

Other Filter Bypassing Tags:

_{This article was originally published in forum thread:

EBay Persistent Cross Site Scripting (Filter Bypass)
started by
fb1h2s} _{View original post}
1 Comment
H@CK3R_ADI - 06-19-2012, 12:36 PM

Reply

nice p0st but many doesn't w0rk
vBulletin Message

Cancel Changes

All times are GMT +5.5. The time now is 01:53 PM.

Powered by vBulletin® Version 4.2.1
Copyright © 2023 vBulletin Solutions, Inc. All rights reserved.

Copyright 2010 - 2017, Garage4Hackers