Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

WHID 2009-33: eBay Fraud Abuses Zero Day XSS

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents
Author Message
trihub
Sergeant


Joined: 04 Dec 2006
Posts: 180

PostPosted: Thu Aug 27, 2009 1:50 pm    Post subject: WHID 2009-33: eBay Fraud Abuses Zero Day XSS Reply with quote
Source: http://www.xiom.com/whid/blog

A zero day XSS vector enables hackers to include in an eBay offer an arbitrary code which is executed by both FireFox and IE. As a result they were able to spoof the content of the offer, so that the user saw different information than the details known to eBay.

A very detailed technical explanation of the vulnerability is included in a FireFox community discussions on whether the issue is a browser or a web site issue. As usual, the truth is somewhere in the middle. The FireFox team selected to correct the issue discovered in FireFox. Microsoft claimed that the issue exploited in IE, which is reported to be a CSS expression issue, is not feature and not a bug and the vulnerable web site should be fixed.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group