German security engineer David Vieira-Kurz has identified a vulnerability on the Southeast Asia subdomain of eBay (sea.ebay.com). The security hole, caused by a type-cast issue in combination with complex curly syntax, could have been exploited by a remote attacker to execute arbitrary code.
The expert says he has only exploited the vulnerability to the point where he could prove its existence to eBays security team. However, he believes cybercriminals might h…
Comments are closed.
