Hacker, Researcher and Author.

Acknowledged By Ebay


Friends, It is my great pleasure to inform you that Ebay has listed me into it's Hall of fame for security researchers who have reported high risk vulnerabilities to Ebay. I found a non persistant cross site scripting vulnerability inside Ebay, I reported it to Ebay and it was identified as a high risk vulnerability, hence Ebay fixed it without wasting any time and provided me an acknowledgement.


It was a very unusual xss vulnerability and it was really difficult to identify, further moer, there was a WAF/IPS in place which was filtering out the html and javascripts being embedded into the page. I managed to bypass the filtering mechanism of Ebay and was able to run my html code and javascipt. The video below explains how I bypassed security mechanisms of ebay.

You can find my name listed in Ebay Security researchers Hall of Fame here.

The following video explains how the attack was carried out:



So what's Next?

I have also found high risk vulnerabilities in Apple and Adobe website, I would receive an acknowledgement very soon, Details would be made public, once they fix the vulnerabilities. 

8 comments:

  1. Nice Bro Keep up Good work

    ReplyDelete
  2. Dude Do you know how to find rel vulnerabilities instead of shit like XSS?

    ReplyDelete
  3. @John Jocob

    So according to you XSS is a fake vulnerability?

    ReplyDelete
  4. @rafay .. what is the impact of XSS on the website?

    ReplyDelete
  5. Well, the question is precise but the answer is really long as XSS can be used for wide variety of attacks such as Phishing, Cookie Stealing, Hijacking a browser and even hijacking a computer. There are lots of white papers available on this topic. Therefore, i would recommend you read them.

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.