eBay Administration is not going to fix a dangerous bug

Researchers from Check Point recently discovered a serious vulnerability in the eBay online platform. The technique used by the bug got the name JSF ** k. It allows attackers to circumvent eBay filters. It means that an attacker can open his or her own shop on eBay, add malicious JavaScript into the item description, and then reap the rewards.

Moreover, on January 16th eBay representatives said that they do not plan to fix this vulnerability.
The problem is that cybercriminals can now cheat eBay filters, which are responsible for detection of malicious code. So, they can create supposedly legitimate pages stores on eBay, plant malicious code into them using JSF ** k, and when a visitor opens such a page, it leads to very unpleasant consequences.

In fact, hackers are limited only by their imagination. After visiting a malware-laden page, a person can become a victim of phishing attack or identity theft. For example, on infected eBay page, he or she is likely to be prompted to download eBay mobile application for a special price. Everything looks legitimate and safe, but if the victim confirms the download, malware is loaded to the device.

Since eBay representatives officially stated that they don’t consider the possibility of such an attack a vulnerability, Check Point experts can only hope that the company will change its mind.