- Jun 9, 2013
- 6,720
- Content source
- https://thehackernews.com/2016/01/ebay-hacking.html
An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users' password and harvest credentials from millions of its users.
The researchers, nicknamed MLT, said anyone could have exploited the vulnerability to target eBay users in order to take over their accounts or harvest thousands, or even millions, of eBay customers credentials by sending phishing emails to them.
MLT published a blog post about the eBay flaw on Monday, demonstrating how easy it is to exploit the flaw like this and steal customers' passwords.
Here's How ebay Hack Works
The flaw actually resided in the URL parameter that allowed the hacker to inject his iFrame on the legitimate eBay website.
This is a common web bug, technically known as a Cross-Site Scripting (XSS) vulnerability, in which attackers can exploit the vulnerability to inject malicious lines of code into a legitimate website.
Full article. Simple Yet Effective eBay Bug Allows Hackers to Steal Passwords - The Hacker News
The researchers, nicknamed MLT, said anyone could have exploited the vulnerability to target eBay users in order to take over their accounts or harvest thousands, or even millions, of eBay customers credentials by sending phishing emails to them.
MLT published a blog post about the eBay flaw on Monday, demonstrating how easy it is to exploit the flaw like this and steal customers' passwords.
Here's How ebay Hack Works
The flaw actually resided in the URL parameter that allowed the hacker to inject his iFrame on the legitimate eBay website.
This is a common web bug, technically known as a Cross-Site Scripting (XSS) vulnerability, in which attackers can exploit the vulnerability to inject malicious lines of code into a legitimate website.
Full article. Simple Yet Effective eBay Bug Allows Hackers to Steal Passwords - The Hacker News