Serious security bug

John Avis by | November 13, 2007 | eBay and PayPal

I found what I would consider a serious bug in eBay recently. I tried to tell eBay about it but after about 5 email attempts that all came back giving me advice on how I can help myself I eventually gave up.

Do you ever wonder whether you are ever communicating to a real person when you send messages to eBay? I do.

Anyway here is the bug in case anyone from eBay reads this and actually wishes to try it for themselves rather than just telling me to try erasing temporary internet files, and all the other valuable advice I received.

Step 1. Sign in under your account and list an item for sale.

Step 2. Sign out of your account.

Step 3. Sign in under another account and list an item for sale.

The item you just listed gets listed under your account, not the account that was actually signed into at the time.

The problem happened to me when I listed some items for sale, then my girlfriend signed in to her account and listed her items, but they all showed under my account. Strangely, it showed her account at the top of the window ("G'day x") but in the item preview it showed my account. I have replicated this problem several times.

I use IE7, not sure if it happens with other browsers.

If I close the browser before signing into the other account then there is no problem.

I would consider this a serious bug, wouldn't you?

Related Posts

eBay and PayPal

Three tips to pay as little as possible when shopping on eBay Australia

by John Avis | June 6, 2018

There's plenty of cheap items on eBay Australia but sometimes you can pay even less with a little bit of work.


eBay and PayPal

Getting annoyed with sellers taking advantage of eBay's multiple variations listing option

by John Avis | June 19, 2015

It's been a while since I posted one of my rants about eBay but there has been something annoying me for some time now. eBay have a feature where sellers can list multiple variations of an item, each with a different price.


eBay and PayPal

eBay Tip: How to find what best offers have been accepted

by John Avis | September 10, 2011

Have you ever been interested in buying an item on eBay that is available as "Best Offer", where there is multiple quantities on offer and some already sold, and you want to see what the other people have paid?

Comments

John Avis

by John Avis | December 10, 2008

I can't believe eBay have not fixed this problem in the last 12 months. I have tried to let them know again with the following message through their contact us system:


I have found a serious problem with eBay security - could you please pass this message on to your security or development department.

The problem is if you sign in to your account and sell an item then sign out of your account, then sign in to another account and sell an item the item will be listed under the first account rather than the account you last signed in to.

To reproduce this do the following:

1. Sign in under your account and list an item for sale.

2. Sign out of your account.

3. Sign in under another account and list an item for sale.

The item you just listed gets listed under your account, not the account that was actually signed into at the time.

I have managed to reproduce this problem on various different computers and on Explorer and Firefox.

The problem does not happen if you close all browser windows before signing into the second account.

Thank you.

Reply

John Avis

by John Avis | December 11, 2008

eBay replied with the following:


Hello,

Thank you for writing to eBay's Customer Support. This is [name removed] and I am pleased to have the opportunity to assist you with your concern.

I apologise for the confusion this matter may have caused you. However, please let me assure you that the issue you have referenced is not a security issue. Instead a browser concern.

Given the circumstances, I suggest that you clear out your web browser'scache and cookies. Most websites use cookies so that each time you visitthe site, it will 'remember' you, and remember your preferences, user name etc. eBay uses cookies, but sometimes too many outdated eBay cookies on your computer can cause you to have problems viewing our site.

Your cache is the local storage where copies of images and web pages arekept on your computer's hard disk (or in its memory), so the next time your browser needs an image or web page, it can get it from your cache, which is much faster than downloading a new copy each time. When your cache gets full it can cause pages to load slowly or not at all.

Below are some instructions on how to clear your cookies and cache. Thisshould help correct the problems you're experiencing:

1. Open Firefox. Click on the Tools menu of your browser and select Options.
2. Click the Privacy icon at the top.
3. Click on the Cookies tab.
4. Click on the button Clear Cookies Now.
5. Click Ok button.

If, even after following the steps, the problem still persists, or if there are any error message you received, please contact us. We will be more than happy to assist you further.

Warm regards,
[name removed]
eBay Customer Support Team

Reply

John Avis

by John Avis | December 11, 2008

I replied with:


Hello. Thank you for your reply. I am a professional web developer and believe that there is an issue with security as described in my original email. Could you please forward my message to the relevant department so that they can test for themselves using the procedure outlined in my original message. Thank you.

Reply

John Avis

by John Avis | December 12, 2008

I received another reply from eBay (copy below). I think at this point I give up again as I don't see any point communicating via live help.


Hello,

Thank you for writing to eBay. I understand that you have an account
security concern.

I understand that you wish your concern to be forwarded to a department
that specialises in security issues. Kindly understand that you'll need
to initiate communication with them as help members via chat.

Please contact our Account Security Live Help team at:

http://pages.ebay.com.au/live_help.html

My colleagues at Account Security Live Help are looking forward to
hearing from you.

I appreciate your patience and understanding in this matter. If you have
further questions please do not hesitate to contact us again.

Best regards,

[name removed]
eBay Customer Support Team

Reply

John Avis

by John Avis | December 12, 2008

I have now posted on eBay's forums to see if I can alert to them of the problem this way.

http://forums.ebay.com.au/thread.jspa?threadID=600108183

Reply

Leave a Comment
Tags
ASP.NET Html Forms ASP.NET MVC ASP.NET Web Forms ASP.NET Web Pages Bootstrap C# Classic ASP Cool Websites Databases eBay and PayPal Electrical Repairs General Hardware HTML/CSS Jquery/Javascript Media Center Mobile Phones Responsive Web Design SEO and Social Networking Web Design Web Development Web Security web+db Website Hosting Windows XP Youtube

About me

...mostly about web development and programming, with a little bit of anything else related to the Internet, computers and technology.

Subscribe

Get the latest posts delivered to your inbox.