Email This Post Email This Post

eBay Fixes Security Vulnerabilities

Spokesperson Ryan Moore confirmed eBay has fixed a pair of security vulnerabilities described in ThreatPost. Moore told EcommerceBytes on Tuesday they’d been addressed and fixed.

Security software firm Kaspersky Lab publishes ThreatPost, which has a reporters covering security issues. The editor communicated with Aditya Sood, a researcher who had discovered the vulnerabilities along with Rohit Bansal.

The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by users.

Sponsored Link

The second bug was the result of eBay’s server returning a message with the exact file path after a user uploaded a file successfully. Sood told ThreatPost, “The attacker can upload malicious exe file camouflaged as image files and then use the URL in drive by download attacks.”

More details about how the vulnerabilities were exploitable are found on ThreatPost.

Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. Send news tips to ina@ecommercebytes.com.


Leave a Reply