Doc's eBay Motors Sucks Blog

BestAtvStore.com XSS Cross Site Scripting Fraud

This poster on eBay’s Motors Forums claimed he was redirected to www.bestatvstore.com after clicking on an eBay internal link. That sounds like another eBay XSS Redirect that has been uncorrected for many years.

Hey John Bodine.. Why don’t you post in one of your eBay forums “we heard you and have fixed that redirect vulnerability.” Watch that post go Poof! LOL!!

Actually today a Google Safe Browsing look up on eBay.com showed 74 Scripting Exploits, and 3 Trojans. And this US-Cert Vulnerability Note VU#808921 warns of this scripting vulnerability: eBay contains a cross-site scripting vulnerability.

From the US-CERT about eBay: “An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.”

And as far as www.bestatvstore.com goes.. It just wreaks of Fraud! No Phone Number listed and Payment by Bank Wire Transfer Only! I wouldn’t even consider buying an ATV from that website!

Google Maps Look up On 9145 S Federal Way Boise, ID 83716

Beware Of Vehicle Fraud Everyone! SCAMMERS ARE EVERYWHERE! 😉

Google Safe Browsing Report On eBay.com As Of 10/23/2011

Google Safe Browsing Report On eBay.com As Of 10/23/2011

US-CERT VU#808921 Vulnerability Note About eBay.com

US-CERT VU#808921 Vulnerability Note About eBay.com