eBay bug allows hackers to embed malicious code: report

04 Feb 2016

1

Security firm Check Point Software has identified an eBay vulnerability that allows attackers to use the website to phish unsuspecting users or to infect their devices. Attackers using a programming technique, known as JSFUCK, could bypass a key restriction keeps people from embedding JavaScript codes into auction pages.

Those codes run with the opening of the page on either a mobile or a desktop browser. Some users had received an eBay link and were then prompted to install a malware masquerading as a "discount app" upon viewing the item's details.

Check Point Software said in a blog post, that eBay had been notified about the flaw back in December, the company, however, said it did not have plans to fix the vulnerability. eBay told Ars Technica, however, that it had been in touch with Check Point Software and that it had "implemented various security filters" on the basis of its findings. eBay further added that it had not detected any fraudulent activity that took advantage of the bug yet.

''Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace.

Business History Videos

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more