XSS Cross Site Scripting Fraud

This poster on eBay’s Motors Forums claimed he was redirected to after clicking on an eBay internal link. That sounds like another eBay XSS Redirect that has been uncorrected for many years.

Hey John Bodine.. Why don’t you post in one of your eBay forums “we heard you and have fixed that redirect vulnerability.” Watch that post go Poof! LOL!!

Actually today a Google Safe Browsing look up on showed 74 Scripting Exploits, and 3 Trojans. And this US-Cert Vulnerability Note VU#808921 warns of this scripting vulnerability: eBay contains a cross-site scripting vulnerability.

From the US-CERT about eBay: “An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.”

And as far as goes.. It just wreaks of Fraud! No Phone Number listed and Payment by Bank Wire Transfer Only! I wouldn’t even consider buying an ATV from that website!

Google Maps Look up On 9145 S Federal Way Boise, ID 83716

Beware Of Vehicle Fraud Everyone! SCAMMERS ARE EVERYWHERE! 😉

Google Safe Browsing Report On As Of 10/23/2011
Google Safe Browsing Report On As Of 10/23/2011
US-CERT VU#808921 Vulnerability Note About
US-CERT VU#808921 Vulnerability Note About

5 Thoughts to “ XSS Cross Site Scripting Fraud”

  1. Oh I’m over it. I Oh I’m over it. I just don’t like video responses motiavted by envy or jealousy, which is all this is. Why trash a video about a group of guys who are simply following their dreams and living life to the fullest? They’re not being egotistical or saying they’re better than anyone else, they’re just doing what they love and sharing it with others. The people who made Wet Dream Result will probably be sitting around when they’re 80 years old and think Damn, we never did anything with our lives.

    1. Doc

      Geez Rahul, You approve of Scammers stealing money from innocent people?

  2. Ron

    I had dealings with this (to good to be true) ATV store I called the Cummins trk store (just down the road in Idaho) they said there was no ATV shop @ the given address ! then the ATV store directed me to send $$ via Western Union to a FL address (for quicker delivery)@ that point I called the Sheriff in ID & reported them 🙂

  3. lazersnark

    I’ve been keeping an eye on the google safe browsing report page for ebay since I saw it mentioned at

    It’s been showing infections found nearly every single day.
    I’m just wondering why that hasn’t gotten any attention from more ebay blogs, or on ebay forums or announcement boards? Seems suspect.

    For anyone reading this, don’t use ebay. I’ll say it again. Do NOT use eBay! Tell anyone you care about not to either. It’s an ID theft AIDS repository and a claptrap. Your ‘stuff’ will turn green and fall off, your ID will get stolen.

    Ebay will blame you even though everything wrong and/or bad on that site is 100% their fault.

  4. Doc

    Hmmmm.. has apparently been shut down by Yahoo!

    I guess if it walks like a duck, quacks like a duck, It MUST be a Duck! But it will be back under another domain name attempting to scam someone!

    Hopefully nobody fell victim to it. If you sent your money better report it to the FBI at http://www.IC3.GOV

    Nameserver trace for

    Looking for who is responsible for root zone and followed
    Looking for who is responsible for com and followed
    Looking for who is responsible for and followed

    Nameservers for returned (NORECORDS) returned (NORECORDS)

Leave a Reply