Can you leave feedback for yourself on ebay by changing the URL???? possible loophole/code problem

alkemyst · Jan 9, 2004

http://cgi2.ebay.com/aw-cgi/eBayISAPI.dll?LeaveFeedbackShow&useridto=THEIR USERNAME&useridfrom=MY USERNAME&item=the item number

I reversed the two usernames (mine and theirs) to send a link for their feedback to be left....I hit enter by mistake and the form came up for THEM to leave ME feedback...I didn't submit as I am not trying to forge feedback, but does it verify the credentials on the submit?

Something to report to ebay if it doesn't

Å

Shawn · Jan 9, 2004

hmm..... dunno

Eli · Jan 9, 2004

Damn...

They need to fix that if its the case.

emmpee · Jan 9, 2004

i find it hard to believe that it wouldn't authenticate the user via password, but until someone tries it, who knows

blurredvision · Jan 9, 2004

I would think this would've already been found out, as it is a simple error to make. In eBay's great history, I doubt something this simple has been overlooked for so long.

edro · Jan 9, 2004

Nope, I just tried it and it left him the feedback that I entered in to give myself. It must automatically know and assume it goes to the opposite person.

alkemyst · Jan 9, 2004

I am doubting it's possible, hence why I am not running screaming to ebay

....

Do not underestimate the easy hacks, there used to be tons of those.

Edit: thanks for non-confirming (is that a word?) it.

Å

edro · Jan 9, 2004

Wait, I just left a normal feedback the first time. I tried it again on another auction, but got this message:

Invalid Target User ID

Sorry, you cannot leave feedback for yourself. Please go back and enter a different target User ID for your feedback comment.

alkemyst · Jan 9, 2004

Are you absolutely sure you had the URL structured properly?

Å

Flyermax2k3 · Jan 9, 2004

Originally posted by: alkemyst
I am doubting it's possible, hence why I am not running screaming to ebay ....

Do not underestimate the easy hacks, there used to be tons of those.

Edit: thanks for non-confirming (is that a word?) it.

Å

why not try it? You won't find out any other way..

edro · Jan 9, 2004

Originally posted by: alkemyst
Are you absolutely sure you had the URL structured properly?

Å

Yes. The first time I had it set to the way you posted and it just left a normal feedback

I then noticed that I had it the correct way, so I left another feedback (prematurely

) for another auction and switched the 2, that's when I got that message.

alkemyst · Jan 9, 2004

Originally posted by: edro13

Originally posted by: alkemyst
Are you absolutely sure you had the URL structured properly?

Å

Click to expand...

Yes. The first time I had it set to the way you posted and it just left a normal feedback I then noticed that I had it the correct way, so I left another feedback (prematurely ) for another auction and switched the 2, that's when I got that message.

prematurely as in it didn't end yet or what....

RE: F2M I am not about to risk my own account 'checking' something. I don't have alternate accounts on ebay to perform shenanigans from.

Å

RossMAN · Jan 10, 2004

Originally posted by: alkemyst
Are you absolutely sure you had the URL structured properly?

Å

I've already discovered this and tried using it on a troll who never paid. It does NOT work, it does authenticate with password/cookies/something.

However it is a useful tool. Most eBayers are idiots, so after a transactions I edit the URL so they can simply click it and leave me feedback for a particular auction.

Jan 10, 2004

it does a user session login confirmation on the action page

Search

Can you leave feedback for yourself on ebay by changing the URL???? possible loophole/code problem

alkemyst

No Lifer

Shawn

Lifer

Eli

Super Moderator | Elite Member

emmpee

Golden Member

blurredvision

Lifer

edro

Lifer

alkemyst

No Lifer

edro

Lifer

alkemyst

No Lifer

Flyermax2k3

Diamond Member

edro

Lifer

alkemyst

No Lifer

RossMAN

Grand Nagus

TRENDING THREADS