eBay is working on a fix for a cross-site request forgery problem that could
allow an attacker to change a user’s password and get access to that user’s
account.

The vulnerability is one of several affecting eBay that were recently
uncovered and shared with eWEEK by Nir Goldshlager, a researcher with Avnet
Information Security Consulting. Among the vulnerabilities are cross-site
scripting bugs in the eBay Live Help support page and eBay To Go, which the
company fixed by validating user input. In addition, Goldshlager uncovered a
blind SQL injection problem in the eBay donations Website.

Теги:

Оставить мнение

Check Also

Эксплоиты в десятку. Обзор самых интересных докладов с мировых ИБ-конференций

В последние годы мы отучились воспринимать Windows как нечто невероятно дырявое. Эта опера…