Doc's eBay Motors Sucks Blog

JavaScript XSS Cross Site Scripting Redirect Caught On Screen Video

Watch as this scam listing and 2 others uses an uncorrected XSS Cross Site Scripting Vulnerability and whisks me off to a hacked website. Phishing Fraud and Identity Theft can then occur!

eBay Motors UK XSS Redirect Scam 01/20/2014Fraudsters hack a website and create a directory just above it’s public root. They then upload their scripts and images etc. Then plant their sucker bait and wait for a victim to swallow the hook.

I know we have been reporting this kind of phishing fraud for more years than i can count.

In our archives there are several other cross site scripting redirects. Here is one that even authenticated your credentials. And the horny-housewife redirects. There are many more where those came from. This XSS Cross Site Scripting Redirect Scam is really really old.

eBay claimed they fixed this cross site scripting vulnerbility. They fed Ina Steiner of then auctionbytes.com this canned response but apparently the vulnerability was never fixed.

eBay Motors is constantly and proactively monitoring the site to prevent and address possible fraudulent behavior. As part of this monitoring, eBay Motors has identified recent redirect issues and has implemented specific safety measures, including updating our detection systems with a filter to identify this particular behavior. These additional protections should supplement smart shopping habits, including reviewing seller ratings, communicating with sellers and confirming transaction details through My eBay before making a purchase, and never paying for a vehicle via instant cash-transfer methods. eBay Motors also offers free vehicle history reports and a Vehicle Purchase Protection program for transactions that occur on the site, to help ensure the 10 million visitors coming to the site each month interact in a safe, trusted marketplace.

I feel that a company should be responsible for the safety of their shoppers. Don’t matter if your shopping online or in a brick and mortar store. Apparently eBay does not see it that way. Maybe some form of government regulation might help.

In my opinion eBay has no motivation to keep their shoppers safe. eBay is NOT Legally Responsible if you wind up getting redirected off their website and get phished!

Here is a video where Doc used Mozilla’s Firefox browser with an extension called NoScript to stop the redirect and view and capture it’s source code.

WATCH your Web Browser’s URL Window to see what website you are on!

Former eBay Motors PowerSeller and retired licensed Florida used car dealer with over 40 years experience in the business blogs about eBay, and shares helpful advice for motor vehicle buyers and sellers. Have questions or need help? Ask Doc!

1 Comment

  1. Ray

    Just like Grady Seasons told Tom Cruise in the movie Color of Money, “It’s like a nightmare, isn’t it? It just keeps getting worse and worse.”

    Reply

Leave a Comment

Your email address will not be published.