The H – (International) eBay closes critical security holes. The online auction house eBay has fixed two vulnerabilities in its U.S. website. One of the vulnerabilities was a critical SQL injection hole in the site's selling area that gave potential attackers unauthorized read and write access to one of the company's databases. The hole was discovered by a security researcher, who confidentially reported the security issue to eBay. The researcher said that the company responded quite quickly and closed the hole after 20 days. The other hole was a cross-site scripting (XSS) vulnerability that enabled attackers to inject JavaScript code into the eBay server for execution via a specific URL. The vulnerability could have been exploited to steal other eBay users' access credentials. The company told The Register November 22 that the hole had been fixed.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali Loney
Discover a Better Way to SCA
Forrester evaluated 10 SCA providers and recognized Sonatype with the highest possible scores. Learn why Sonatype was named a leader in Forrester Wave™ for SCA.