Safetech Blog - Security Tips and Tricks

by Ionut Cernica

eBay Authentication Bypass

On 18 January 2014 I reported to eBay a security problem about an authentication bypass on one of their websites ->

To login to, I was first sent to the eBay website, where you must complete a form with your ebay username and password, after that you are redirected to jp with a token.

The generated token is used by server to extract the username and email address of ebay account that generated it.

If the authentication was for the first time on, then a request was made for registering a new user.

Registration request had the following important parameters:

username= eBayUsername
password= eBayUsername+salt The salt was the worst password used for 2013 (salt = 123456)

After registration, an authentication process took place:


The salt was a static one for all users. So all you have to do was to find random usernames which could be found by visiting the profile of the userId=1 (admin), the URL is something like:…../profile?uid=1.

For more details about how I did this you can check out the video I made on youtube:



  1. Reply

  2. By WhiteSec


  3. By davinal12


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>