• EBay Persistent Cross Site Scripting (Filter Bypass)

    POC Code to Steel Cookies:




    Vulnerability Effects:
    1) User cookies could be retrieved and misused.
    2) Users could be redirected to fake login pages where passwords could be stolen
    3) The possibility of an XSS worm would be there.
    4) Unwanted transactions could be done in context of logged in user.
    Fixing:
    1) Strong XSS filters should be deployed if html is allowed, make sure the XSS filter is updated on continues basis considering the update of HTML 5 tags.
    2) In case of no HTML, htmlencode all the response.write requests.
    3) Many more filter bypassing tags were discovered for current application and is included along with this report.
    Note: Many more filter bypass could be found.

    Other Filter Bypassing Tags:


    This article was originally published in forum thread: EBay Persistent Cross Site Scripting (Filter Bypass) started by fb1h2s View original post
    Comments 1 Comment
    1. H@CK3R_ADI's Avatar
      H@CK3R_ADI -
      nice p0st but many doesn't w0rk
  • G4H Facebook

  • G4H Twitter