Expert Finds XSS Flaw On eBay After Bypassing ‘Filtering Mechanisms’

September 28, 2012 By The Vigilant Application Owner

Softpedia – (International) Expert finds XSS flaw on eBay after bypassing ‘filtering mechanisms’. eBay listed a security researcher in its hall of fame after the expert managed to identify a very unusual non-persistent cross-site scripting (XSS) vulnerability. ―There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and was able to run my html code and JavaScript, the expert explained. To demonstrate his findings, he published a proof-of-concept (PoC) video in which he details how he managed to bypass the filter. The researcher claims he also identified high-risk vulnerabilities on Web sites owned by Adobe and Apple. The PoCs for these particular security holes will be released as soon as the companies address the problems.