Researchers from Check Point discovered a flaw that affects the Ebay platform that allows hackers to do phishing attacks against visitors.
The attack scenario is very simple. Hackers can target eBay users by sending them a legitimate page containing malicious code. Using social engineering, users can crawl and open the page and enable code execution, and this will lead to multiple attack scenarios from phishing to binary download.
If this defect detected by Check Point is not repaired, eBay customers will continue to be exposed and possible phishing attacks will lead to data theft.
Invaders should use JSFuck, a non-standard technique. Researchers have discovered that although the platform forbids users from using scripts and iFrames in their descriptions, the validation mechanism fails to detect the JSFuck code!
What is JSFuck?
[button type = »link» link = »https://secnews.gr/100909/wordpress-%CE%B5%cf%80%ce%af%ce%b8%ce%b5%cf%83%ce%b7 -% b1% cf% 80% cf% 8c-whack-a-mole-ad-scam-malware / »size =» btn-great »WordPress: malware ad-scam [/ button]
The bad news is that the researchers reported the problem on the 15 platform in December and 2 weeks ago the company said it did not intend to correct it!
Watch videos that show the vulnerability of the platform: