eBay has a backdoor

By Derek Sooman on February 28, 2005, 12:19 PM
Some avid readers of The Register who also happen to be knowledgeable in the area of web server exploits, have found a vulnerability in redirection scripts on eBay's site that can be used as a backdoor to aid in phishing capers. Apparently, phishers are already exploiting the redirection script to make fraudulent emails look more convincing.

"I can host my eBay-alike phishing page anywhere I like, and use the above script to get users to click on it. The link is very definitely pointing to eBay, it's just that eBay will redirect to my phishing net. Very slick." - Register Reader.

Apparently, the Reg have notified eBay of the problem several times since Wednesday (23 February), but have not heard back from the company. Ouch.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.