Expert Finds XSS Flaw On eBay After Bypassing 'Filtering Mechanisms'

September 28, 2012 By Ali Loney

1 minute read time

Softpedia – (International) Expert finds XSS flaw on eBay after bypassing ‘filtering mechanisms’. eBay listed a security researcher in its hall of fame after the expert managed to identify a very unusual non-persistent cross-site scripting (XSS) vulnerability. ―There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and was able to run my html code and JavaScript, the expert explained. To demonstrate his findings, he published a proof-of-concept (PoC) video in which he details how he managed to bypass the filter. The researcher claims he also identified high-risk vulnerabilities on Web sites owned by Adobe and Apple. The PoCs for these particular security holes will be released as soon as the companies address the problems.

Source: http://news.softpedia.com/news/Expert-Finds-XSS-Flaw-on-eBay-After-Bypassing-Filtering-Mechanisms-295397.shtml

Tags: News, security, AppSec Spotlight

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.