Email This Post Email This Post

eBay Fixes Security Vulnerabilities

Spokesperson Ryan Moore confirmed eBay has fixed a pair of security vulnerabilities described in ThreatPost. Moore told EcommerceBytes on Tuesday they’d been addressed and fixed.

Security software firm Kaspersky Lab publishes ThreatPost, which has a reporters covering security issues. The editor communicated with Aditya Sood, a researcher who had discovered the vulnerabilities along with Rohit Bansal.

The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by users.

The second bug was the result of eBay’s server returning a message with the exact file path after a user uploaded a file successfully. Sood told ThreatPost, “The attacker can upload malicious exe file camouflaged as image files and then use the URL in drive by download attacks.”

More details about how the vulnerabilities were exploitable are found on ThreatPost.

Sponsored Link
Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner
Ina Steiner
Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.