Car Hacking: More likely to be done by a mechanic than by a hacker
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
infosec

Sri Lanka: Blocks access to social media

The government of Sri Lanka has temporarily blocked access to various social media services following deadly explosions that erupted ...
Read More
infosec tweaks

How to hack networks with Wi-Fi passwords

Probably you have a Wi-Fi network in your home or stay close to one (or more) that appears in ...
Read More
infosec tweaks

What is Social Engineering, what are its techniques and how to protect yourself?

Social Engineering is the term used for a wide range of malicious activities that are accomplished through human interactions. Uses the ...
Read More
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
Latest Posts

Serious vulnerability on eBay! Beware of phishing!

Researchers from Check Point discovered a flaw that affects the Ebay platform that allows hackers to do phishing attacks against visitors.

tips-for-selling-on-ebay

Visitors can be fooled by opening a page on their site eBay which can expose them to attacks Phishing. This is possible because intruders could bypass code validation and run malicious JavaScript users via their browser or mobile app.

The attack scenario is very simple. Hackers can target eBay users by sending them a legitimate page containing malicious code. Using social engineering, users can crawl and open the page and enable code execution, and this will lead to multiple attack scenarios from phishing to binary download.

If this defect detected by Check Point is not repaired, eBay customers will continue to be exposed and possible phishing attacks will lead to data theft.

Invaders should use JSFuck, a non-standard technique. Researchers have discovered that although the platform forbids users from using scripts and iFrames in their descriptions, the validation mechanism fails to detect the JSFuck code!

What is JSFuck?b93c86f5f4c27dc2e6a4aa3e7c6396adb926e3567c84ca70ba2af8b4cd2017a3_-original

JSFuck is an internal and educational programming style based on individual parts of JavaScript and uses only 6 characters, [] ()! + To write and execute code. EBay does not filter it by allowing attackers to bypass the validation mechanism.

[button type = »link» link = »https://secnews.gr/100909/wordpress-%CE%B5%cf%80%ce%af%ce%b8%ce%b5%cf%83%ce%b7 -% b1% cf% 80% cf% 8c-whack-a-mole-ad-scam-malware / »size =» btn-great »WordPress: malware ad-scam [/ button]

The bad news is that the researchers reported the problem on the 15 platform in December and 2 weeks ago the company said it did not intend to correct it!

Watch videos that show the vulnerability of the platform:

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *