Ebay Remote Code Execution Vulnerability

01/01/2014 - 05:00 PM

  • Ebay Remote Code Execution Vulnerability
- + Text size
Print

1st December 2013

At the beginning of December David Vieira-Kurz, a German researcher, published a video showing a vulnerability on the website of Ebay , the world's largest virtual store. The researcher's video shows a remote code execution , which would allow code execution by any hackers on the EBay web server. This is possible via a simple http GET request, as the one shown in the video. In the example the author has used the phpinfo () function, which shows some information on the installation of PHP, but the string could be replaced by any other malicious code able to perform actions that could compromise the server. At the moment the company has already been informed of the problem and has resolved the vulnerability issue.