EbaY HACKED LIVE! XSS JavaScript Redirect Exploit Flaw Hack
Added to Youtube: June 21, 2007, 01:40 PM
Raw File: 20070621_130812.AVI

This is a replacement for a video which was pulled by the long arm of corporate fascism on November 2, 2007.
This video is 1 minute long and silent.

 Funny how this flaw has gone unrepaired for at least one and a half years or so, snagging untold numbers of victims, and costing unknown amounts of money, undue stress, and financial ruin, yet in that time, sleazebay has done NOTHING to correct it, but they do not mind playing the part of the big bully to have this important consumer safety awareness information made unavailable to users and the public.

Please remember that ebay offers NO GUARANTEE of your safety, (they offer NO guarantee period) and the facts clearly show that the ebay website is verrrry unsafe.

I guess the funny part is knowing how much money ebay must have lost, all because they prefer to lie, cheat, and steal, than to simply do the right thing and FIX the site and quit freeloading off the "community" they reciprocatively abuse and mistreat, IMO.

I am laughing my @$$ off at those loser-clowns.
They have to stoop soooo low, but yet they do not mind robbing & cheating everyone they can. Then blaming the victim, & covering IT all up.
Only one of many reasons why they rightfully call IT sleazebay

Remember, IT is not this video that ebay is trying to make disappear, IT is your safety, your RIGHT to know.

They are operating a VERY dangerous website, which they KNOW that is the case, REFUSE to correct the flaw, cast BLAME onto the VICTIMS, and do everything in their power to make these FACTS disappear.


I would be willing to bet they get hacked again, and more videos will be made.
Wouldn't that be funny, eh?

The original location of the video was:
http://www.youtube.com/watch?v=UJfyk5yRxhA


For anyone just now tuning in, this is the 3rd video which has been deleted.
The first is here.
That is the one which showed the massive hack attack and data dump on the T & S bd at ebay on 09-25-2007. That video was pulled on 9-26-2007
The other one, also removed on November 2, 2007 is here

Here is a screencapture of the comments, followed by the original video description:

Tags:       XSS "cross scripting flaw" redirect scam ID theft Boycott
irresponsible disclosure Vladuz

Views: 10,182
Comments: 11
Rating:
40 ratings
Added: June 21, 2007, 01:40 PM

Please read this text accompaniment
Here we have an example of the extremely dangerous javascript "XSS" or "Cross Scripting" exploit which the hackers are using on ebay.
----------
Normally, this type of hacking has a hardcore pornography image instead of what you see there now. Those are also found in the Toddler's clothing section oftentimes as well as ebaY Motors, but they can be found anywhere on the site, including video game sections, sporting goods areas, stamps category, you name IT.
----------
Meet the Sell/Victim:
kciwk (29)
Member since Feb-08-04 in United States
Feedback Score:   29
Positive Feedback:  100%
----------
HACKED Listing:
2007 Chevrolet Corvette
2007 Corvette Super
Item number: 29013158597X (was not able to get complete # due to redirect)

---------------
The hackers email address? Well, I never got that far, as you see. I have yet to see a redirect scam listing which contained one, since the scam is to get you to sign into the phishing pharming phake sign-in page..

Please google US-CERT Vulnerability Note VU#808921 for a little more info.

This exploit has been uncorrected for at least one whole year, possible as long as OVER 2 years. Rather than fix it, ebay would rather spend IT's time and effort censoring IT's forums, and bullying any website, and suspending any members who dares speak the TRUTH. (or even ask the question.)

In fact, I believe ebay may have even been *deliberately untruthful* back on March 2, 2007, when they reported the issue had been corrected, as seen in the "Register" article entitled "eBay plugs hole in sign-on page" by  Dan Goodin in San Francisco,
Published Friday 2nd March 2007 20:35 GMT
-------------
Viewers may wish to google "eBay's phishy old problem" to see what the Security Experts Robert Schifreen and Nigel Stanley have to say regarding eBay's allowance of the use of active coding, or javascript in the user provided content of the site.
---------
Please visit these sites before you consider using, or continuing to use ebaY
firemeg.com
companyexposed.com
nekkidtruth.blogspot
theauctionguild.com
pheebay.com
ebaymotorssucks.com

You may also visit my channel page and follow links from there to my blogs, or google my youtube username cappnonymous

Note: This audio/visual /digital document was created using the new and improved ZDSoft Screen Recorder 2.6.2, & "SUPER © v2007, Build .22, March 14 2007", on June 21st, 2007, at approximately 13:08:12 PDT.

I am using firefox 2.004 browser, with adblock plus, noscript, super drag n go, Image Zoom 0.3, and slim search extensions, and my "bumped" SpoofStick 1.06, among others. The small magnified window is a function of microsoft wireless intellimouse explorer 2.0

http://budmalcolm.bravejournal.com/entry/24628

There are no comments to this entry.