![under fire hack 2015 under fire hack 2015](https://www.boston.com/wp-content/uploads/2015/09/maeda_05MIT_met1.jpg)
![under fire hack 2015 under fire hack 2015](https://flowingdata.com/wp-content/uploads/2015/08/p-hacking-1090x924.png)
#Under fire hack 2015 code
“EBay appears to have been vulnerable to a variant of cross-site scripting that allowed malicious code to be delivered to its users without any interaction between the attacker and the victim required, which is arguably the most severe form of this vulnerability,” he said in emailed comment. “But, worse than that, why did it require the BBC to investigate before action was taken?”Ĭhris Oakley, principal security consultant at Nettitude, added that XSS has been a known attack vector for years and sits at number three in the OWASP Top Ten. “EBay clearly dropped the ball by allowing the malicious script to find its way into auction entries – it’s the kind of code which should be stripped out of its pages, so there’s no possibility of any harm being done,” he added in a blog post. Security expert Graham Cluley warned users to exercise caution when buying second-hand items, especially if they appear too good to be true.
![under fire hack 2015 under fire hack 2015](https://media.mg.co.za/wp-media/2019/02/77250f40-00-fire-sale-cybercrimes-are-real.jpeg)
However, the US giant appeared only to take action after the BBC got in touch to check on the progress of the complaint. The incident was first spotted by Paul Kerr, an IT worker from Alloa, who told the BBC that after contacting eBay he was assured the matter would be reported “to the highest level of security” to be resolved. However, on further inspection the page is actually hosted elsewhere and has been designed to harvest user log-ins for the hackers. Once a user clicked on these they were taken to what appeared to be an eBay log-in page. The hackers had apparently exploited the common vulnerability to inject malicious Javascript into several listings for cheap iPhones.
![under fire hack 2015 under fire hack 2015](https://cdn.wccftech.com/wp-content/uploads/2015/08/20150929_2015gamescom_KUF2_screenshot_012-740x416.jpg)
Auction site eBay has come in for criticism after appearing to drag its heels over fixing a cross-site scripting (XSS) vulnerability which allowed attackers to booby trap links redirecting users to a phishing page.