Hello all, Description: Persistent DOM based Cross Site Scripting on ebay.com domain. Disclosed to Ebay: January 2015 Fixed: February 2016 Vulnerability location: Every listing Who are able to create: Sellers Same origin policy bypass via postMessage Write-up: http://ift.tt/1Qn0Bc4 Proof of Concept: this code is inserted to the listing to pop-up alert on ebay.com domain.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment