David Vieira-Kurz, a Security researcher from Germany, has discovered an interesting Remote Code execution vulnerability in the eBay website. This time researcher found a controller which was prone to remote-code-execution due to a type-cast issue in combination with complex curly syntax.
The vulnerable subdomain was the same where I found an exploitable SQL injection last year which is located at http://sea.ebay.com.The 'q' parameter in the 'search' page of South Asian Ebay domain is found to be vulnerable to remote code execution.
The researcher passed the 'q' parameter as array with a command that successfully got executed. they are provided a proof prints the information about the PHP running on the server
sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1
According to david "my point of view that was enough to prove the existence of this vulnerabilty to ebay security team and I don’t wanted to cause any harm. What could an evil hacker have done? He could for example investigate further and also try things like {${`ls -al`}} or other OS commands and would have managed to compromise the whole webserver."
Mr. David was released a proof of video regarding this Vulnerability(remote-code-execution)
The vulnerable subdomain was the same where I found an exploitable SQL injection last year which is located at http://sea.ebay.com.The 'q' parameter in the 'search' page of South Asian Ebay domain is found to be vulnerable to remote code execution.
The researcher passed the 'q' parameter as array with a command that successfully got executed. they are provided a proof prints the information about the PHP running on the server
sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1
According to david "my point of view that was enough to prove the existence of this vulnerabilty to ebay security team and I don’t wanted to cause any harm. What could an evil hacker have done? He could for example investigate further and also try things like {${`ls -al`}} or other OS commands and would have managed to compromise the whole webserver."
Mr. David was released a proof of video regarding this Vulnerability(remote-code-execution)
However, David reported about this vulnerability to eBay security team, the vulnerability has been fixed now.
No comments:
Post a Comment