Tweet
I think I know how and where my ID was hijacked a while back:
Someone here posted a link to an Ebay auction, and when I clicked the link to view it, I was greeted with the EBay Sign In page. I was already signed in (or so I thought) and it didn't really dawn on me until recently that I've never ever had to sign in to view a listing, but I entered my Ebay ID and password anyway.
I can't remember who posted the link, when it was posted, or what it was about [img]/images/graemlins/frown.gif[/img]
I know there's an HTML line that you put in a page to email you the information that is typed into a text box on a web page, or to post it in a Guestbook, but I can't remember what it is.
If I can find a way to stick this HTML function into an Ebay listing, I'm pretty sure it will throw up a Sign In page. Of course this will immediately be reported to Ebay as a security risk once I test it (using fake ID and passwords, obviously - just to see if it will mail the info to me and still proceed to the listing)
I've seen it done with CGI and such, but I'm more interested in the HTML version, as a CGI version would most likely require the use of Ebay's CGI-BIN, unless you can specify an outside URL for a cgi or java script?
The lines for the Ebay Sign In function (edited to not screw up here) are:
eBay User ID<br><input type="text" name="userid" maxlength="64" tabindex="1" value="" size="27"><br>Password<br><input type="password" name="pass" maxlength="64" value="" tabindex="2" size="27"><br>
<input type="submit" tabindex="3" value="Sign In Securely >">
Anyone know how to rig this to email you the submitted info?
Someone here posted a link to an Ebay auction, and when I clicked the link to view it, I was greeted with the EBay Sign In page. I was already signed in (or so I thought) and it didn't really dawn on me until recently that I've never ever had to sign in to view a listing, but I entered my Ebay ID and password anyway.
I can't remember who posted the link, when it was posted, or what it was about [img]/images/graemlins/frown.gif[/img]
I know there's an HTML line that you put in a page to email you the information that is typed into a text box on a web page, or to post it in a Guestbook, but I can't remember what it is.
If I can find a way to stick this HTML function into an Ebay listing, I'm pretty sure it will throw up a Sign In page. Of course this will immediately be reported to Ebay as a security risk once I test it (using fake ID and passwords, obviously - just to see if it will mail the info to me and still proceed to the listing)
I've seen it done with CGI and such, but I'm more interested in the HTML version, as a CGI version would most likely require the use of Ebay's CGI-BIN, unless you can specify an outside URL for a cgi or java script?
The lines for the Ebay Sign In function (edited to not screw up here) are:
eBay User ID<br><input type="text" name="userid" maxlength="64" tabindex="1" value="" size="27"><br>Password<br><input type="password" name="pass" maxlength="64" value="" tabindex="2" size="27"><br>
<input type="submit" tabindex="3" value="Sign In Securely >">
Anyone know how to rig this to email you the submitted info?
Comment