EbaY HACKED! Floating Javascript ~ Exodus
Loading...
Uploaded by cappnonymous on May 15, 2007
Please read this text accompaniment
Here we have an example of the floating javascript exploit which the hackers are using on ebay.
address markuspowell2005@gmail.com is used to hijack the account of ebay seller 123fimi (9)
We look into the item Sharp Aquos LC52D92U 52" LCD HDTV
Item number: 250115382002
Starting time: May-14-07 06:55:13 PDT
Starting bid: US $100.00
Duration: 3-day listing
Note the address also visible in the location area of the listing, at 3:21 into the video,
allenvince0@gmail.com, shows on a google search as a KNOWN hijacker's address. (use the pause feature, as the floating box quickly obscures it.)
Moving on, using FireFox extension "NoScipt", I allow scripts to run from both ebay, and ebay static. Note when I do that, the floating form follows the scrolling.
Ebay allows this dangerous coding to be used in all it's auction listings, and this is only one of the many exploits possible using JS. Others include the redirection scripts, of which there are several variants, where the unsuspecting user is asked to re-sign in to view a listing, or an "about me" page, or any other number of methods. That, IMO, is similar to running a grocery store or a flea market where thieves and pickpockets are waiting in every isle and checkout lane, all while the owner denies they exist, even blaming the victim.
Why doesn't ebaY stop them? Because they cannot? Because of HUBRIS? Because they are making profit at the expense of the consumers? It has been suggested that since ebay profits greatly from the scams, that they, themselves have perpetrated the hijackings, and used Vladuz as a scapegoat.
Another valid question, Why is ebaY not informing and alerting the consumers? Both buyers and sellers are at grave risk! IMO, it is tantamount to allowing passengers to remain on a sinking ship, not lowering lifeboats or distributing life jackets, and denying that they are taking water at a ever increasing rate.
We also take a brief look at some of my recent past consumer awareness efforts. Please view them to get an idea of the entire situation.
Ebay has done everything possible to suppress this information, including threats, harrassment and intimidation. Go read The Auction Guild Articles "ebaY Tries Intimidation" "ebaY Holding Smoking Gun?" and "ebaY Debases Fraud Reports"and
Further, go to US CERT site, read Vulnerability Note VU#808921
That exploit has been uncorrected for at least one whole year, possible as long as OVER 2 years. Rather than fix it, ebay would rather spend IT's time and effort censoring IT's forums, and bullying any website, and suspending any members who dares speak the TRUTH. (or even ask the question.)
Back in mid February, über-hacker Vladuz deeply penetrated ebaY's systems, and was able to post on the community forums in both Germany and the USA, on multiple occasions. Vladuz was supposed to give a TV interview with CNN on The Ides of March, March 15th. That interview was mysteriously canceled.
Ever since back then, ebaY has been in complete SHAMBLES. Go view the Medved auction count charts to see some examples. Recent examples are 04-28-07, & 05-03-07 daily charts. Those Cartesian "curves" tell the story.
Lastly, we visit the so-called "Trust and Safety forum on ebaY USA, to see a thread which basically tells the ebay users that no fraud is to be discussed, and no keywords, item numbers etc, which may help to stop the fraud may be posted.
Plenty of ebaY members have reported being "NARUd" (suspended) for as little as the mere mention of hacking. This is documented at a digg article. entitled "Proof that eBay does censor its discussion board postings" as well as many other reports.
Please visit these sites before you consider using, or continuing to use ebaY
suspendedfromebay.com
firemeg.com
companyexposed.com
nekkidtruth.blogspot
theauctionguild.com
pheebay.com
ebaymotorssucks.com
screw-paypal.com
------------------
You may also visit my channel page and follow links from there to my blogs, or google my youtube username cappnonymous
Note: This audio/visual /digital document was created using the new and improved ZDSoft Screenrecorder 2.6.2, & "Super C v2007, March 14 2007".
I am using firefox 2.003 browser, with adblock plus, noscript, super drag n go, Image Zoom 0.3, and slim search extensions, and my "bumped" SpoofStick 1.06, among others.
OOPs, did I forget to mention these listings are LIVE as I finish editing this text? The Sharp Aquos LC52D92U 52" LCD HDTV
Item number: 250115382002 shows 2d 01h 42m remaining.
So much for Rob Chesnut and his glorious anti-fraud policies, eh?
Edit: 05-15-07 I see ebay is hard act work burying the fraud again, as the marcuspowell2005 address and the item # have both now disappeared from searches.
I have a sneaky hunch we will see more about that.
Link to this comment:
Uploader Comments (cappnonymous)
Top Comments
-
one time i was on ebay and one of the ads had a browser exploit and it made it look like i was still on ebay but really i was on a different site, I could have lost my credit card number right there
3 years ago 18
-
if you want prrof, defraud the scammers, and watch how ebay will fight against that. Crooked bastards, so incompetent, they are lossing theri asses.
3 years ago 11
All Comments (29)
-
why do i feel this is just entered into the url.
-
@cappnonymous I did a search for you blog and found some stuff, but I'm not sure if it was the right one.
Can you send me the address or link to the recent video you mention.
Thanks !! To bad they don't put this shit in the papers, people need to know how dangerous eBay and PayPal are. and as far as eBay Motors....C'mon. Who is stupid enough to buy a car over the internet, unless you are so effing rich you don't care about being ripped off.
-
#OMG GET IT OF ME, GET IT OF ME!!!! #LOL
-
Fascinating!
Suddenly when hackers become profitable for ebay, they're not so bad...
And this dnb track is wicked - who is it?
2 years ago 2
-
hahaha this si amazin, dude u should make money outta this..
3 years ago 2
-
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3
)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3) *y4+y5}R++ }setInterval('A()',5); void(0);
- 1:46ebay hack 2011by MrMixer44555,486 views
- 1:50cool javascript (hacking codes)by jeffire199041,557 views
- 0:15Amazon.com JavaScript hackby whybonus8,634 views
- 2:05how to edit google (no javascript codes and mor...by cooledit29,682 views
- 1:05EDIT ANY WEBSITE WITH JAVA SCRIPT!by xXPH4Z3Xx4,573 views
- 3:20Java Script Code Hack!by DEMONUNIT134,305 views
- 7:36EbaY Hacked XSS Flash Redirect Exploit Strikes ...by cappnonymous6,900 views
- 4:47JavaScript codesby zandrico99917,477 views
- 1:06Javascript hack - Floating imagesby liamlawson172,396 views
- 0:51Basic examples of JavaScript by Scraf23by Scrafmsn432 views
- 2:31FREE eBay Items Advertised BUMP STYLE Auctions/...by askdanna838 views
- 6:35Air Mouseby dreburch12,680 views
- 4:40HACKED!?by fiveawesomeguys136,924 views
- 1:13How to Edit Sites With JavaScriptby SexyCompProductions117 views
- 4:59Got your eBay Account Suspended or Paypal Limit...by autotradingsolution9,744 views
- 2:47JavaScript Tutorial 1: Functionsby FishThatDrown187,240 views
- 4:55Legendary Hacker Vladuz Hacks ebaY Pink snoyceby cappnonymous12,394 views
- 3:30eBay VJET -- Java and JavaScript Language Equiv...by ebaydeveloper716 views
- 3:25ebay is HACKED! eBay Under Botnet Attack! Brea...by cappnonymous18,979 views
- 3:46Feb 18-25th 2008: Worldwide Ebay Strikeby MaddieRay000213,520 views
Damn, its wose than I though. I have been anti eBay-PayPal for years now but I wasn't aware of the hacker issue. I'm lucky I never was scammed since I only bought vinyl records, but not to say that is safe, nothing is on their sites.
Most Corrupt Company I can think of at the moment, next thing we know they will gain status as a church and become tax exempt. or are they already?
I am seriously asking that last question, anyone know?? thanks for the list of websites also!
BeavisNacho 1 year ago 2
@BeavisNacho
Hello. This is really nothing in comparison to some of the other things being discovered about our good friends. Go to auctionbytes & look for article about ebay & paypal accounts for sale. View my Cappnonymous blog at wordpress (regarding same subject) to see paypal employee state that 75% of their clients are registered with fake info.
Also. I have a recent vid proving eb operated now for over 11 yrs w ID Theft allowing critical safety xss flaws, w full knowledge thereof
cappnonymous 1 year ago
bombkitten, please expand & read the description, read the rest of the comments, maybe follow up a bit.
Yes, ebay is hacked!
Ebay has been under massive attack since at least Feb 2007.
Latest threats include the Bayrob.trojan, & the complex botnet discovered by Aladdin Knowledge Systems, along with the long uncorrected ID stealing xss flaws(s) & flash redirects etc.
And of course the NON stop phishing attempts against users.
Thanks for asking.
cappnonymous 4 years ago