Completely no one is ever protected. Vulnerabilities on eBayToday
No one can ever guarantee 100% that there are no holes or loopholes in his service. And if they can - you do not need to believe these people, they are not competent in such matters.
Even on such large projects as Yandex.Money, there were holes . So what can we say about a small service for shopping abroad - eBayToday.ru .
It was in the evening, I had nothing to do, as they say ... and then I decided to look purely for the sake of interest - are there any holes on the site through which I made so many purchases? Maybe one day I’ll order a brand new iPad 3 , and in a day I’ll come in and find out that my account has been stolen, my address has been changed, and indeed the iPad has long been in the wrong hands ...
I’ll say right away that all the holes are already patched . Support answered me a day later and said that "our experts have fixed everything, here is a nice bonus in the form of $ 10 for the vulnerabilities found."
I'll start with the sweetest, with sqli. This is an injection on an inconspicuous page http : // ebaytoday. com / user / addressbook? archive = . With the help of it, it was possible to dump the entire database, except for one: there were no users, no orders, no payment details :) Admins were so good fellows that the campaign took all this archive information to a separate database, which I could not access :)
I checked them with the banal line '"> <scrip t> al ert (' a '); </ scri pt> - and found a bunch of all sorts of XSS with which you can use cookies to at least all users of the service. It horrified me and just the same for the sake of this, I decided to continue looking for holes in order to promptly notify the administration.The
worst hole I found was a ticket hole: http: // eba ytoday.r u / tickets the subject field is not filtered, the message field is not it’s filtered, and it turns out that? Correctly, it turns out that you can steal cookies at least the admins themselves and look at their service from the inside. and I decided not to watch (barely kept his curiosity).
Next is a list with regular XSS, which are interesting, but not like the previous ones :)
http: // ebaytoday. com / ca talog / search? total_query = phone & minprice = & maxprice =
The minprice and maxprice parameters are not filtered.
http: // ebaytoday. com / catalog / search? query = phone & category =
The category parameter is not filtered, active XSS.
http: // ebaytoday.ru / forgot /? email =
parameter email is not filtered.
http: / /ebaytoday.r u / peoplesa y? located = 0 & with_photo =
Parameterwith_photo is not filtered, active XSS
Hooked up the holes on the 24th, so I hope that after so much time they managed to independently find out what else I missed.
If you decide to look for holes - please do not use them . After all, the service is used by the same ordinary people as you and I, it’s better to notify the administration and do not steal other people's cookies, then you yourself can get into such a mess :(
Even on such large projects as Yandex.Money, there were holes . So what can we say about a small service for shopping abroad - eBayToday.ru .
It was in the evening, I had nothing to do, as they say ... and then I decided to look purely for the sake of interest - are there any holes on the site through which I made so many purchases? Maybe one day I’ll order a brand new iPad 3 , and in a day I’ll come in and find out that my account has been stolen, my address has been changed, and indeed the iPad has long been in the wrong hands ...
I’ll say right away that all the holes are already patched . Support answered me a day later and said that "our experts have fixed everything, here is a nice bonus in the form of $ 10 for the vulnerabilities found."
SQL inj
I'll start with the sweetest, with sqli. This is an injection on an inconspicuous page http : // ebaytoday. com / user / addressbook? archive = . With the help of it, it was possible to dump the entire database, except for one: there were no users, no orders, no payment details :) Admins were so good fellows that the campaign took all this archive information to a separate database, which I could not access :)
Xss
I checked them with the banal line '"> <scrip t> al ert (' a '); </ scri pt> - and found a bunch of all sorts of XSS with which you can use cookies to at least all users of the service. It horrified me and just the same for the sake of this, I decided to continue looking for holes in order to promptly notify the administration.The
worst hole I found was a ticket hole: http: // eba ytoday.r u / tickets the subject field is not filtered, the message field is not it’s filtered, and it turns out that? Correctly, it turns out that you can steal cookies at least the admins themselves and look at their service from the inside. and I decided not to watch (barely kept his curiosity).
Next is a list with regular XSS, which are interesting, but not like the previous ones :)
http: // ebaytoday. com / ca talog / search? total_query = phone & minprice = & maxprice =
The minprice and maxprice parameters are not filtered.
http: // ebaytoday. com / catalog / search? query = phone & category =
The category parameter is not filtered, active XSS.
http: // ebaytoday.ru / forgot /? email =
parameter email is not filtered.
http: / /ebaytoday.r u / peoplesa y? located = 0 & with_photo =
Parameterwith_photo is not filtered, active XSS
Hooked up the holes on the 24th, so I hope that after so much time they managed to independently find out what else I missed.
If you decide to look for holes - please do not use them . After all, the service is used by the same ordinary people as you and I, it’s better to notify the administration and do not steal other people's cookies, then you yourself can get into such a mess :(