Remote Code Execution vulnerability on eBays website

A German Security researcher has demonstrated a critical vulnerability on Ebay website, world's biggest eStore.

According to David Vieira-Kurz discovered Remote code execution flaw "due to a type-cast issue in combination with complex curly syntax", that allows an attacker to execute arbitrary code on the EBay's web server.

In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo() PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog, he noticed a legitimate URL on EBay:

https://sea.ebay.com/search/?q=david&catidd=1

..and modified the URL to pass any array values including a payload:

https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1

PenTester's Original Article: <a href="http://secalert.net/2013/12/13/ebay-remote-code-execution/">Here

Submitted By: <a href="https://www.hellboundhackers.org/user/Vandal.html">Vandal