Indian Security Researcher finds vulnerability in eBay that allow to purchase anything for just 1 rupee

Indian security researcher named ishwar prasad bhat found a bug in Ebay India(A Largest online Shopping website) which allowed him to buy any products for just 1 rupee(0.01 dollar).

CSRF ebay

While explaining the bug, Ishwar told THP that using this bug anybody can buy anything worth millions of rupees products for just 1 rupee by just applying a fake coupon code. The value of the code is hidden in the page itself. After 3 wrong attempts, the web page asks for a verification code which can be obtained from the Gift String in the source code. By just modifying the value for the coupon code to testtes123, You can buy anything from ebay.

The bug was reported on Aug 6 and yesterday researcher got conformation that the issue is patched.As eBay doesn’t have bug bounty program as Facebook so they have added his name to the acknowledgement list.

ebay acknowledgement

For now, the vulnerability in ebay is patched.

email