This poster on eBay’s Motors Forums claimed he was redirected to www.bestatvstore.com after clicking on an eBay internal link. That sounds like another eBay XSS Redirect that has been uncorrected for many years.
Hey John Bodine.. Why don’t you post in one of your eBay forums “we heard you and have fixed that redirect vulnerability.” Watch that post go Poof! LOL!!
Actually today a Google Safe Browsing look up on eBay.com showed 74 Scripting Exploits, and 3 Trojans. And this US-Cert Vulnerability Note VU#808921 warns of this scripting vulnerability: eBay contains a cross-site scripting vulnerability.
From the US-CERT about eBay: “An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.”
And as far as www.bestatvstore.com goes.. It just wreaks of Fraud! No Phone Number listed and Payment by Bank Wire Transfer Only! I wouldn’t even consider buying an ATV from that website!
Beware Of Vehicle Fraud Everyone! SCAMMERS ARE EVERYWHERE! 😉
Google Safe Browsing Report On eBay.com As Of 10/23/2011
US-CERT VU#808921 Vulnerability Note About eBay.com