Web Application Security
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Ebay, Inc Bug Bounty - GoStoreGo Administrative Authentication Bypass to all online stores Feb 12 2014 08:36PM
Mark Litchfield (mark securatary com)
This attack allowed for a cross store (so essentially unauthenticated,
as we have not authenticated to our target store) privilege escalation
attack creating an administrative user on any *.gostorego.com store.

As indicated by their own website, there are over 200,000 active
stores.This attack a...

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus