What follows is the communication between the EBay security team and myself. I've identified the vulnerability, YET... They refuse to fix it -- To be honest, I don't believe they took the time to actually read it based on their response -- If they did, then they should fire whoever reviewed my concern, they obviously have NO clue about what it is they do.
My only recourse is to go public in hopes the community can pressure them to fix it.
more here.......http://pastebin.com/9kvgprpf
and updated video on Session Hijacking of EBay here....https://www.youtube.com/watch?v=NXdHT6TpeFk#t=1394
My only recourse is to go public in hopes the community can pressure them to fix it.
more here.......http://pastebin.com/9kvgprpf
and updated video on Session Hijacking of EBay here....https://www.youtube.com/watch?v=NXdHT6TpeFk#t=1394