ExTS Admin Starbuck Posted February 3, 2016 ExTS Admin Posted February 3, 2016 The e-commerce giant confirmed it would not fix the flaw, which could allow an attacker to remotely run code in a user's browser. http://img.photobucket.com/albums/v708/starbuck50/ebay-piclarge_zpseqk038wy.jpg eBay will not fix a flaw in its website that could allow an attacker to serve malware to unsuspecting site users. Israeli security firm and firewall maker Check Point disclosed a "severe" vulnerability that would allow an attacker to bypass eBay's code validation and remotely executive malicious code on the e-commerce site's users. Because of the nature of the vulnerability, an attacker can execute remote code that steals local data, injects code into unencrypted sites that could trick a user into turning over usernames and passwords, or even initiate malware or ransomware downloads. An attacker would have to use non-standard programming code to embed malicious content on their own online store, because the platform prevents scripts and IFRAMES (which can host third-party site content) from loading. Check Point researchers were able to bypass some of these script-preventing measures by using just six different characters. After Check Point privately reported the vulnerability on December 15, eBay said a month later that it has no plans to fix the flaw. eBay, which serves more than 162 million across 30 countries based on its fiscal fourth-quarter earnings, said that it has "not found any fraudulent activity stemming from this incident." The spokesperson added that "while not fully patched," the e-commerce giant has "implemented various security filters based on his findings," but did not provide additional details. Source: http://www.zdnet.com/article/ebay-refuses-to-patch-website-flaw-that-allows-hackers-to-serve-up-malware/#ftag=RSSbaffb68 Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.