Serious security bug

John Avis by | November 13, 2007 | eBay and PayPal Computers & Internet

I found what I would consider a serious bug in eBay recently. I tried to tell eBay about it but after about 5 email attempts that all came back giving me advice on how I can help myself I eventually gave up.

Do you ever wonder whether you are ever communicating to a real person when you send messages to eBay? I do.

Anyway here is the bug in case anyone from eBay reads this and actually wishes to try it for themselves rather than just telling me to try erasing temporary internet files, and all the other valuable advice I received.

Step 1. Sign in under your account and list an item for sale.

Step 2. Sign out of your account.

Step 3. Sign in under another account and list an item for sale.

The item you just listed gets listed under your account, not the account that was actually signed into at the time.

The problem happened to me when I listed some items for sale, then my girlfriend signed in to her account and listed her items, but they all showed under my account. Strangely, it showed her account at the top of the window ("G'day x") but in the item preview it showed my account. I have replicated this problem several times.

I use IE7, not sure if it happens with other browsers.

If I close the browser before signing into the other account then there is no problem.

I would consider this a serious bug, wouldn't you?

Related Posts

Computers & Internet Web Development Website Hosting

500 Internal Server Error after migrating from IIS 7.5 to IIS 10

by John Avis | November 4, 2019

As support ends for Microsoft Windows Server 2008 I have recently gone through migrating some websites to a new server running Windows Server 2016 and IIS 10 but some of the websites did not work.


Computers & Internet

How to send an Instagram DM on a Windows desktop PC

by John Avis | September 4, 2019

Am I right? Is it not possible to send an Instagram DM (Direct Message) on a desktop? Here's how to do it though.


eBay and PayPal Computers & Internet

eBay Australia FAIL - Get $0 Off (BLOOM) special offer 15 May 2019

by John Avis | May 13, 2019

Sometimes you get special offers that seem too good to be true... But not this time.

Comments

John Avis

by John Avis | December 10, 2008

I can't believe eBay have not fixed this problem in the last 12 months. I have tried to let them know again with the following message through their contact us system:


I have found a serious problem with eBay security - could you please pass this message on to your security or development department.

The problem is if you sign in to your account and sell an item then sign out of your account, then sign in to another account and sell an item the item will be listed under the first account rather than the account you last signed in to.

To reproduce this do the following:

1. Sign in under your account and list an item for sale.

2. Sign out of your account.

3. Sign in under another account and list an item for sale.

The item you just listed gets listed under your account, not the account that was actually signed into at the time.

I have managed to reproduce this problem on various different computers and on Explorer and Firefox.

The problem does not happen if you close all browser windows before signing into the second account.

Thank you.

Reply

John Avis

by John Avis | December 11, 2008

eBay replied with the following:


Hello,

Thank you for writing to eBay's Customer Support. This is [name removed] and I am pleased to have the opportunity to assist you with your concern.

I apologise for the confusion this matter may have caused you. However, please let me assure you that the issue you have referenced is not a security issue. Instead a browser concern.

Given the circumstances, I suggest that you clear out your web browser'scache and cookies. Most websites use cookies so that each time you visitthe site, it will 'remember' you, and remember your preferences, user name etc. eBay uses cookies, but sometimes too many outdated eBay cookies on your computer can cause you to have problems viewing our site.

Your cache is the local storage where copies of images and web pages arekept on your computer's hard disk (or in its memory), so the next time your browser needs an image or web page, it can get it from your cache, which is much faster than downloading a new copy each time. When your cache gets full it can cause pages to load slowly or not at all.

Below are some instructions on how to clear your cookies and cache. Thisshould help correct the problems you're experiencing:

1. Open Firefox. Click on the Tools menu of your browser and select Options.
2. Click the Privacy icon at the top.
3. Click on the Cookies tab.
4. Click on the button Clear Cookies Now.
5. Click Ok button.

If, even after following the steps, the problem still persists, or if there are any error message you received, please contact us. We will be more than happy to assist you further.

Warm regards,
[name removed]
eBay Customer Support Team

Reply

John Avis

by John Avis | December 11, 2008

I replied with:


Hello. Thank you for your reply. I am a professional web developer and believe that there is an issue with security as described in my original email. Could you please forward my message to the relevant department so that they can test for themselves using the procedure outlined in my original message. Thank you.

Reply

John Avis

by John Avis | December 12, 2008

I received another reply from eBay (copy below). I think at this point I give up again as I don't see any point communicating via live help.


Hello,

Thank you for writing to eBay. I understand that you have an account
security concern.

I understand that you wish your concern to be forwarded to a department
that specialises in security issues. Kindly understand that you'll need
to initiate communication with them as help members via chat.

Please contact our Account Security Live Help team at:

http://pages.ebay.com.au/live_help.html

My colleagues at Account Security Live Help are looking forward to
hearing from you.

I appreciate your patience and understanding in this matter. If you have
further questions please do not hesitate to contact us again.

Best regards,

[name removed]
eBay Customer Support Team

Reply

John Avis

by John Avis | December 12, 2008

I have now posted on eBay's forums to see if I can alert to them of the problem this way.

http://forums.ebay.com.au/thread.jspa?threadID=600108183

Reply

Leave a Comment

Tags

About me

...random postings about web development and programming, Internet, computers, electronics and automotive topics.

Subscribe

Get the latest posts delivered to your inbox.