Latest YouTube Video

Thursday, February 18, 2016

[FD] EBAY Bugbounty: Persistent DOM Based XSS on ebay.com

Hello all, Description: Persistent DOM based Cross Site Scripting on ebay.com domain. Disclosed to Ebay: January 2015 Fixed: February 2016 Vulnerability location: Every listing Who are able to create: Sellers Same origin policy bypass via postMessage Write-up: http://ift.tt/1Qn0Bc4 Proof of Concept: this code is inserted to the listing to pop-up alert on ebay.com domain.

Source: Gmail -> IFTTT-> Blogger

No comments: