News and Notes from the Makers of Nexus | Sonatype Blog

eBay Closes Critical Security Holes

Written by Ali Loney | November 25, 2012

The H – (International) eBay closes critical security holes. The online auction house eBay has fixed two vulnerabilities in its U.S. Web site. One of the vulnerabilities was a critical SQL injection hole in the site’s selling area that gave potential attackers unauthorized read and write access to one of the company’s databases. The hole was discovered by a security researcher, who confidentially reported the security issue to eBay. The researcher said that the company responded quite quickly and closed the hole after 20 days. The other hole was a cross-site scripting (XSS) vulnerability that enabled attackers to inject JavaScript code into the eBay server for execution via a specific URL. The vulnerability could have been exploited to steal other eBay users’ access credentials. The company told The Register November 22 that the hole had been fixed.

Source: http://www.h-online.com/security/news/item/eBay-closes-critical-security-holes-1756422.html