Acknowledged By Ebay

Friends, It is my great pleasure to inform you that Ebay has listed me into it's Hall of fame for security researchers who have reported high risk vulnerabilities to Ebay. I found a non persistant cross site scripting vulnerability inside Ebay, I reported it to Ebay and it was identified as a high risk vulnerability, hence Ebay fixed it without wasting any time and provided me an acknowledgement.


It was a very unusual xss vulnerability and it was really difficult to identify, further moer, there was a WAF/IPS in place which was filtering out the html and javascripts being embedded into the page. I managed to bypass the filtering mechanism of Ebay and was able to run my html code and javascipt. The video below explains how I bypassed security mechanisms of ebay.

You can find my name listed in Ebay Security researchers Hall of Fame here.

The following video explains how the attack was carried out:

So what's Next?

I have also found high risk vulnerabilities in Apple and Adobe website, I would receive an acknowledgement very soon, Details would be made public, once they fix the vulnerabilities.