430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

POC – Hacking any eBay Account

THN disclosed details of a critical flaw discovered by the Egyptian researcher ‘Yasser H. Ali’ four months ago, which could be used to hack any eBay account. The Egyptian security researcher ‘Yasser H. Ali’ four months ago reported to the team of the The Hacker News portal a critical vulnerability in eBay system which could be used by […]

POC – Hacking any eBay Account

THN disclosed details of a critical flaw discovered by the Egyptian researcher ‘Yasser H. Ali’ four months ago, which could be used to hack any eBay account.

The Egyptian security researcher ‘Yasser H. Ali’ four months ago reported to the team of the The Hacker News portal a critical vulnerability in eBay system which could be used by threat actors to hit its users.

The researchers demonstrated to the colleagues at THN the existence of the flaw, but avoided to disclose the process to exploit it for obvious reasons. In May, eBay suffered a major data breach and in the same period security experts discovered three other critical flaws which impacted eBay users.

eBay admitted that the cyber attack has impacted nearly 145 million registered users worldwide due to the violation of company database, in response eBay immediately requested its customers to change their passwords.

Once fixed the flaw, as promised, THN has shared the details of the process explained by Yasser H. Ali and today disclosed it. The flaw discovered by Yasser found could allow hackers to Reset Password of any eBay user account without any user interaction. Ali explained that a potential attacker have to know only the login email ID or username of the victim to compromise its account.

 

eBay hack

 

Password reset procedure starts with the redirection of the used to a “password reset” page, where eBay page first generates a random code value as HTML form parameter “reqinput”, which is visible to the attacker as well using Browser’s inspect element tool.

Once the user provides his username and clicks the submit button, eBay generates a second random code, which is known only by the user, and sends the code along with a password reset link to the eBay user with the registered email address.

The user then clicks on the password reset link received via email and will be redirected to an eBay page which asks to the user to submit a new password and its confirmation in order to complete the password reset procedure for his eBay account.

Yasser discovered that instead of using the secret code, the new password HTTP request sends the same respective “reqinput” value that has been generated by eBay when the user clicked on reset password. But the attacker already knows this value an using it could compromise the victim’s account, as demonstrated in a video POC.

eBay hack 2

eBay hack 3

In the video is visible that Ali targets a THN temporary account with email address info@thehackernews.com, he started the “password reset” procedure taking note for the ‘reqinput’ value from the inspect element.

Once captured the ‘reqinput’ the researcher redirected a new HTTP request to the eBay server at the password reset form action crafted with the “reqinput” value, the new password, the confirm password and password strength parameters.
The vulnerability discovered could be exploited for automated attacks on a large scale, it is just necessary to know valid ebay IDs that could be retrieved obtained from database of accounts breached in May.

Pierluigi Paganini

(Security Affairs – eBay, hacking)