A severe vulnerability, found in eBay online sale platform, could let attackers launch the Phishing Attack against visitors. Spreading across 30 countries and serving around 150 million active users, eBay has earned the crown of kings in the e-commerce platform. As a successful company, it is no surprise that it has been the target of many attackers. It is discovered that an eBay visitor can be tricked easily by bypassing eBay’s code validation and execute malicious Java script code on target eBay users.
How a visitor can be Tricked: It is very simple to trick visitors through this vulnerability. An Attacker can send a legitimate page that contains malicious code to the target users, and users can be tricked into opening the malicious page. That page triggers the code execution that leads to various attacks starting from Phishing to binary download.
This vulnerability is exposed by a security researcher of Check Point who states “This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft.”
This flaw provides cyber criminals an easiest way to exploit the users sending a link to an attractive product to execute the attack. The attack aims to spread the malware and steal the private information of users. In addition, an attacker could create an alternate login option pop up via Gmail or Facebook and take over the user’s account.
If you scroll down only ten pages, you will find hundred of cyber threats happening every day, especially, e-commerce companies face these problems due to various known or unknown vulnerabilities. Do scan your websites to know the vulnerability and patch it as soon as possible to avoid the cyber threats.