Skip to main content

eBay closes critical security holes

posted onNovember 26, 2012
by l33tdawg

The online auction house eBay has fixed two vulnerabilities in its US web site. One of the vulnerabilities was a critical SQL injection hole in the site's selling area that gave potential attackers unauthorised read and write access to one of the company's databases. SQL injection holes allow attackers to inject database commands by exploiting inadequately filtered HTTP parameters.

The hole was discovered by security researcher David Vieira-Kurz, who confidentially reported the security issue to eBay. The researcher said that the company responded quite quickly and closed the hole after 20 days. Talking to The H's associates in Germany, heise Security, Vieira-Kurz said that he didn't verify whether the hole allowed potential intruders to access other eBay users' data.

Source

Tags

eBay Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th