Persistent XSS bug discovered on eBay

Written by DP

Wednesday, 6 October 2010

Security researcher " Side3ffects " has contacted us regarding a critical persistent XSS that he discovered on eBay

"Once you login to your account on eBay, edit the option "About me".

Now go to :

http://members.ebay.com/ws/eBayISAPI.dll?EditUserPageHTMLSource and edit with HTML enabled.

Demo URL (My profile):

It is also vulnerable to redirection with the following XSS attack vector:

'"--><script>alert(/Xss2ro07 aKa Side3ffects)</script>

<script>document.onload=location.href='http://www.xssed.com</script>"

One of the possible exploitation scenarios is malicious people stealing cleartext credentials from registered users by injecting an iframe tag that retrieves another rogue eBay login page from a remote server.

Screenshot:

Other reported XSS bugs affecting eBay domains include (all still pending a fix):