A German Security researcher has demonstrated a critical vulnerability on Ebay website, world’s biggest eStore. David Vieira-Kurz discovered Remote code execution flaw “due to a type-cast issue in combination with complex curly syntax”, that allows an attacker to execute arbitrary code on the EBay’s web server. He managed to display output of PHP function on the web page, just by modifying the URL and injecting code in that. He has already reported the flaw responsibly to the Ebay Security Team and they have patched it early this week.
Source: https://thehackernews.com/2013/12/hacker-demonstrated-remote-code.html