Jump to content

eBay XSS Flaw: How Websites Might Help Criminals Phish Customers’ Passwords

style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 2147 days.

If you need to add something to this thread then


Please click the "Report " link


at the bottom of one of the posts.


If you want to post a new story then


Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 



Recommended Posts

By Graham Cluley on Jan 13, 2016 | 1 Comment



It’s 2016, and it would be nice to think that after several years of doing business online, companies have got a better handle on how to protect their websites from attacks.


I’m afraid I have depressing news for you. Many sites are continuing to make big mistakes.


Well-known threats like cross-site scripting (XSS) attacks continue to challenge many websites, including household names.


Take eBay, for instance.


As Motherboard reports, a security researcher going by the name of MLT discovered a critical XSS flaw on eBay’s website in early December, which could allow malicious hackers to create fraudulent login pages and steal passwords.


As far as the user is concerned, they have clicked on a link to the main ebay.com site and are being asked by eBay to enter their password. Even sceptical users who check the browser bar will probably be reassured that the password request is legitimate because they see ebay.com as the domain they are visiting.


MLT has even produced a YouTube video demonstrating the XSS attack against eBay for non-believers, showing how simple it would be to trick users into handing over their passwords to hackers.





Full article

Link to post
Share on other sites


  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?

  • Create New...