eBay: Security exposé ^ this blog deals with the xsrf flaw which has gone uncorrected 3 years now. (also the perennial cookie handling flaw) Ebay has failed to respond the issue (reborn/resurfaced for 3 full months plus,) but as always, the comedy act of ebay's bungling buffoons shines through......
XSS allowed on eBay members pages Hey everyone. Today I would like to disclose an XSS vulnerability present on members.ebay.com which the security engineering team at eBay.com do not classify as a security issue. If you wish to test the PoC, you must have an eBay account. This is the logic behind the v...