An Indian security researcher named ‘Ishwar Prasad Bhatfound a Vulnerability in eBay (A Largest online Shopping website) which allowed him to purchase any product on eBay in just (1 Rupee=$0.02).

We were also shocked at that time, when we heard about the vulnerability-if we talk more about the vulnerability, so you could buy a thousand dollars item in just $0.02 (we converted 1 rupee into dollar here).

According to Ishwar, by just applying a fake coupon code, a user can buy any of the items from eBay in just 1 rupee, he told “the value of the code is hidden in the page itself. After 3 wrong attempts the web page asks for a verification code which can be obtained from the Gift String in the source code and by just modifying the value for the coupon code you can buy anything in just 1 Rupee”

Ishwar also shows us a screenshot in which he applied a custom coupon ‘testtes123’ and was ready to purchase the item in 1 rupee:

Ishwar also shared a POC video:

Ishwar reported this vulnerability to eBay on Aug-6-2013 and asked them for his reward but, eBay refused and replied:

Right now, the vulnerability has been patched by eBay.



This site uses Akismet to reduce spam. Learn how your comment data is processed.