Hello all,
Description: Persistent DOM based Cross Site Scripting on ebay.com domain.
Disclosed to Ebay: January 2015
Fixed: February 2016
Vulnerability location: Every listing
Who are able to create: Sellers
Same origin policy bypass via postMessage
Write-up:
http://www.korznikov.com/2016/02/pe
Network Access Control systems.
Alexander Korznikov & Viktor Minin
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Terminal Services / Console Session Hijacking can lead to Privilege
Escalation.
Vulnerability Details.
A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user's session,
without any knowledge about his credentials.
Terminal Servi
