Wednesday, 3 February 2016
In mid-December, researchers at security firm Check Point Software reported a security vulnerability to EBay. This vulnerability is an appropriately-named (JSFUCK) exploit that bypasses restrictions by eBay on how it handles hosted JavaScript within its listings. Using JSFUCK, attackers can bypass this safeguard and run malicious code that targets eBay’s users. According to Check Point: To exploit this vulnerability, all an attacker needs to do is create an online eBay store. In his store details, he posts a maliciously crafted item description. eBay prevents users from including scripts or iFrames by filtering out those HTML tags. However, by using JSF**k, the…
This story continues at The Next Web
