Members Login
    Remember Me  
Post Info TOPIC: EbaY HACKED LIVE! XSS FLAW Redirect Scam JavaScript Hack

Top Poster

Status: Offline
Posts: 3757
EbaY HACKED LIVE! XSS FLAW Redirect Scam JavaScript Hack

Double Feature!

Now That's Entertainment!!!

EbaY HACKED LIVE! XSS FLAW Redirect Scam JavaScript Hack

Here we have an example of the extremely dangerous javascript "XSS" or "Cross Scripting" exploit which the hackers are using on ebay.
Normally, this type of hacking has a hardcore pornography image instead of what you see there now. Those are also found in the Toddler's clothing section oftentimes as well as ebaY Motors, but they can be found anywhere on the site, including video game sections, sporting goods areas, stamps category, you name IT.
Meet the Sell/Victim:
kciwk (29)
Member since Feb-08-04 in United States
Feedback Score: 29
Positive Feedback: 100%
HACKED Listing:
2007 Chevrolet Corvette
2007 Corvette Super
Item number: 29013158597X (was not able to get complete # due to redirect)

The hackers email address? Well, I never got that far, as you see. I have yet to see a redirect scam listing which contained one, since the scam is to get you to sign into the phishing pharming phake sign-in page..

Please google US-CERT Vulnerability Note VU#808921 for a little more info.

This exploit has been uncorrected for at least one whole year, possible as long as OVER 2 years. Rather than fix it, ebay would rather spend IT's time and effort censoring IT's forums, and bullying any website, and suspending any members who dares speak the TRUTH. (or even ask the question.)

In fact, I believe ebay may have even been *deliberately untruthful* back on March 2, 2007, when they reported the issue had been corrected, as seen in the "Register" article entitled "eBay plugs hole in sign-on page" by Dan Goodin in San Francisco,
Published Friday 2nd March 2007 20:35 GMT
Viewers may wish to google "eBay's phishy old problem" to see what the Security Experts Robert Schifreen and Nigel Stanley have to say regarding eBay's allowance of the use of active coding, or javascript in the user provided content of the site.
Please visit these sites before you consider using, or continuing to use ebaY

You may also visit my channel page and follow links from there to my blogs, or google my youtube username cappnonymous

Note: This audio/visual /digital document was created using the new and improved ZDSoft Screen Recorder 2.6.2, & "Super C v2007, Build .22, March 14 2007", on June 21st, 2007, at approximately 13:08:12 PDT.

I am using firefox 2.004 browser, with adblock plus, noscript, super drag n go, Image Zoom 0.3, and slim search extensions, and my "bumped" SpoofStick 1.06, among others. The small magnified window is a function of microsoft wireless intellimouse explorer 2.0
Dedicating this one to all who made IT possible!
Enjoy! biggrin.gif


Exposing the sleazery of ebaY and PayPal


Top Poster

Status: Offline
Posts: 3757

Just a lttle follow-up here, with a brief screencap of the hijacked listings.

Seller: kciwk (29)
Member since Feb-08-04 in United States
Feedback Score:      29
Positive Feedback:     100%

Free Image Hosting at

  Just another thought here, rather than harrassing and banning people who tell the truth for the benefit of the community/consumers, why don't you IDIOTS fix that blivet of a hacked POS has-been website.

Maybe you need to SHUT IT DOWN!


IT will never EVER get fixed the way IT is now, much the same as you could not bail water fast enough from the Titanic

Hey, I just thought of a new name for "IT" biggrin.gif


  Whomever "manages", works there, or supports them, you must have a very hard time looking at yourselves in the mirror.

 Not only are you harming untold numbers of consumers, you are supporting crime and corruption. (PLUS, you SUCK at IT)


Exposing the sleazery of ebaY and PayPal


Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to

Create your own FREE Forum
Report Abuse
Powered by ActiveBoard