eBay Security Vulnerabilities Found by Researcher

Last Updated on Friday, 19 February 2010 03:00 Written by a2e Friday, 19 February 2010 03:00

eBay is working to patch a cross-site request forgery vulnerability recently uncovered by a security researcher. The Avnet researcher also discovered cross-site scripting and blind SQL injection bugs in eBay’s online auction site, which eBay has fixed.

eBay is working on a fix for a cross-site request forgery problem that could allow an attacker to change a user’s password and get access to that user’s account.

The vulnerability is one of several affecting eBay that were recently uncovered and shared with eWEEK by Nir Goldshlager, a researcher with Avnet Information Security Consulting. Among the vulnerabilities are cross-site scripting bugs in the eBay Live Help support page and eBay To Go, which the company fixed by validating user input. In addition, Goldshlager uncovered a blind SQL injection problem in the eBay donations Website.

more.. link to news article
Go to Source

get-fans-468x60

Tags: , , ,

This entry was posted on Friday, February 19th, 2010 at 15:00 and is filed under Auction News. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply