Resources Blog eBay Closes Critical Security Holes

eBay Closes Critical Security Holes

The H – (International) eBay closes critical security holes. The online auction house eBay has fixed two vulnerabilities in its U.S. Web site. One of the vulnerabilities was a critical SQL injection hole in the site’s selling area that gave potential attackers unauthorized read and write access to one of the company’s databases. The hole was discovered by a security researcher, who confidentially reported the security issue to eBay. The researcher said that the company responded quite quickly and closed the hole after 20 days. The other hole was a cross-site scripting (XSS) vulnerability that enabled attackers to inject JavaScript code into the eBay server for execution via a specific URL. The vulnerability could have been exploited to steal other eBay users’ access credentials. The company told The Register November 22 that the hole had been fixed.


Picture of Ali Loney

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.