Completely no one is ever protected. Vulnerabilities on eBayToday
No one can ever 100% guarantee that there are no holes or any loopholes in his service. And if they can - do not need to believe these people, they are not competent in such matters.
Even on such large projects as Yandex. Money and then there were holes . So what can we say about a small service for purchases abroad - eBayToday.ru .
It was a matter of the evening, to do, as they say, I had nothing ... and then I decided purely for the sake of interest to see - are there any holes on the site through which I made so many purchases? Maybe one day I will order a brand new iPad 3 for myself, and in a day I will come in and find out that my account has been stolen, the address has been changed, and indeed the iPad has long been in someone else’s hands ...
Immediately I will say that all the holes have already been patched . Support answered me within a day and said that “our specialists have fixed everything, here's a nice bonus of $ 10 for the vulnerabilities found.”
I'll start with the sweetest, with sqli. This is an injection on the inconspicuous page http : // ebaytoday. ru / user / addressbook? archive = . With the help of it, it was possible to dump the entire database, with the exception of one: there were no users, no orders, no payment details :) Admins were so great for the campaign that they carried all this archival information into a separate database, which I could not access :)
')
I checked them with the banal string '"> <scrip t> al ert (' a '); </ scri pt> - and found a bunch of any XSS with which you can hook up all the users of the service. It terrified me and For this, I decided to continue to look for holes in order to notify the administration as soon as possible.
The most terrible hole that I found is a hole in tickets: http: // eba ytoday.r u / tickets the subject field is not filtered, the message field is not filtered and what happens? That's right, it turns out that you can steal cookies from the admins themselves and look at their service from the inside. I didn’t become impudent and decided not to look at anything (I barely restrained curiosity).
The following is a list with the usual XSS, which are interesting, but not like the previous ones :)
http: // ebaytoday. ru / ca talog / search? total_query = phone & minprice = & maxprice =
The minprice and maxprice parameters are not filtered.
http: // ebaytoday. ru / catalog / search? query = phone & category =
The category parameter is not filtered, active XSS.
http: // ebaytoday.ru / forgot /? email =
The email parameter is not filtered.
http: / /ebaytoday.r u / peoplesa y? located = 0 & with_photo =
With_photo parameter is not filtered, active XSS
The holes were filled with 24 more numbers, so, I hope, after so much time, they managed to find for themselves what else I missed.
If you decide to look for holes, please do not use them . After all, the service is used by the same ordinary people, like us, it is better to notify the administration and do not steal other people's cookies, then you yourself can get into such a mess: (
Even on such large projects as Yandex. Money and then there were holes . So what can we say about a small service for purchases abroad - eBayToday.ru .
It was a matter of the evening, to do, as they say, I had nothing ... and then I decided purely for the sake of interest to see - are there any holes on the site through which I made so many purchases? Maybe one day I will order a brand new iPad 3 for myself, and in a day I will come in and find out that my account has been stolen, the address has been changed, and indeed the iPad has long been in someone else’s hands ...
Immediately I will say that all the holes have already been patched . Support answered me within a day and said that “our specialists have fixed everything, here's a nice bonus of $ 10 for the vulnerabilities found.”
SQL-inj
I'll start with the sweetest, with sqli. This is an injection on the inconspicuous page http : // ebaytoday. ru / user / addressbook? archive = . With the help of it, it was possible to dump the entire database, with the exception of one: there were no users, no orders, no payment details :) Admins were so great for the campaign that they carried all this archival information into a separate database, which I could not access :)
')
Xss
I checked them with the banal string '"> <scrip t> al ert (' a '); </ scri pt> - and found a bunch of any XSS with which you can hook up all the users of the service. It terrified me and For this, I decided to continue to look for holes in order to notify the administration as soon as possible.
The most terrible hole that I found is a hole in tickets: http: // eba ytoday.r u / tickets the subject field is not filtered, the message field is not filtered and what happens? That's right, it turns out that you can steal cookies from the admins themselves and look at their service from the inside. I didn’t become impudent and decided not to look at anything (I barely restrained curiosity).
The following is a list with the usual XSS, which are interesting, but not like the previous ones :)
http: // ebaytoday. ru / ca talog / search? total_query = phone & minprice = & maxprice =
The minprice and maxprice parameters are not filtered.
http: // ebaytoday. ru / catalog / search? query = phone & category =
The category parameter is not filtered, active XSS.
http: // ebaytoday.ru / forgot /? email =
The email parameter is not filtered.
http: / /ebaytoday.r u / peoplesa y? located = 0 & with_photo =
With_photo parameter is not filtered, active XSS
The holes were filled with 24 more numbers, so, I hope, after so much time, they managed to find for themselves what else I missed.
If you decide to look for holes, please do not use them . After all, the service is used by the same ordinary people, like us, it is better to notify the administration and do not steal other people's cookies, then you yourself can get into such a mess: (
Source: https://habr.com/ru/post/138770/
All Articles