Ebay snuffs malware upload bug
Flaw let crims sling drive-by-downloads
Hacker Aditya Sood has disclosed two vulnerabilities in eBay that allow hackers to upload files for drive-by-download attacks.
Once uploaded to eBay, malware can be sent to victims using direct links.
“The eBay server fails to implement secure header checks on the image files being uploaded on the server," Sood who found the flaws with colleague Rohit Bansal told the Kaspersky threat service.
"It basically verifies the image extensions. As a result, it is possible to upload a camouflaged malicious file with image file extension.
“The attacker can upload malicious exe file camouflaged as image files and then use the URL in drive by download attacks."
eBay had failed to check uploaded image file headers meaning attackers can hide malware in the picture files.
“[Or], the attacker can also hide malicious executable in the image file which can be be executed on the end-user system when image file is opened.”
It was unknown if eBay paid out a cash reward under its PayPal bug bounty which appears to be offline at the time of writing.
The web payments giant in December paid US$10,000 for a nasty cross-site request forgery flaw that exposed every account to hijacking if victims clicked a crafted link. ®