Security firm Check Point Software has discovered an eBay vulnerability that gives attackers a way to use the website to phish unsuspecting users or to infect their devices. So long as attackers use a programming technique known as JSFUCK, they can bypass a key restriction that prevents people from embedding JavaScript codes into auction pages. Those codes will run when the page is opened on either a mobile or a desktop browser. In the video below, for instance, someone sent an eBay link to a mobile user, who was then prompted to install a malware masquerading as a “discount app” upon viewing the item’s details.
According to Check Point Software’s blog post, the firm notified eBay of the flaw back in December, but the company said it didn’t have plans to fix the vulnerability. eBay told Ars Technica, however, that it’s been in touch with Check Point Software and that it has “implemented various security filters” based on its findings. The marketplace also added that it hasn’t detected any fraudulent activity that takes advantage of the bug yet For the full article click here
from hacker samurai http://ift.tt/1TG6z7c
via IFTTT
No comments:
Post a Comment