U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA06-117A)

Scripts in eBay Postings May Enable Phishing Attacks

Original release date: April 27, 2006

Systems Affected

The eBay web site may contain pages that affect various web browsers.

Overview

A vulnerability in the eBay web site may allow an attacker to steal personal information from eBay customers.

Solution

Verify the legitimacy of eBay web pages

Attackers may use the vulnerability to perform a phishing attack. Make sure that the URL is accurate, and check the web site certificate to make sure that you are visiting an authentic eBay web page.

Description

eBay allows users to incorporate a type of code, also known as scripting, into the auction descriptions on its web site. An attacker can use this code to modify pages on eBay's web site or redirect you to a malicious web page. These may appear to be legitimate eBay web pages that request personal information. Using these techniques, an attacker may be able to collect your passwords, credit card numbers, or other personal information.

Please see US-CERT Vulnerability note VU#808921 for details and additional workarounds.


References


Feedback can be directed to the

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top